Lines Matching refs:v
52 struct dm_verity *v; member
86 static sector_t verity_map_sector(struct dm_verity *v, sector_t bi_sector) in verity_map_sector() argument
88 return v->data_start + dm_target_offset(v->ti, bi_sector); in verity_map_sector()
97 static sector_t verity_position_at_level(struct dm_verity *v, sector_t block, in verity_position_at_level() argument
100 return block >> (level * v->hash_per_block_bits); in verity_position_at_level()
103 static int verity_hash_update(struct dm_verity *v, struct ahash_request *req, in verity_hash_update() argument
136 static int verity_hash_init(struct dm_verity *v, struct ahash_request *req, in verity_hash_init() argument
141 ahash_request_set_tfm(req, v->tfm); in verity_hash_init()
154 if (likely(v->salt_size && (v->version >= 1))) in verity_hash_init()
155 r = verity_hash_update(v, req, v->salt, v->salt_size, wait); in verity_hash_init()
160 static int verity_hash_final(struct dm_verity *v, struct ahash_request *req, in verity_hash_final() argument
165 if (unlikely(v->salt_size && (!v->version))) { in verity_hash_final()
166 r = verity_hash_update(v, req, v->salt, v->salt_size, wait); in verity_hash_final()
180 int verity_hash(struct dm_verity *v, struct ahash_request *req, in verity_hash() argument
186 r = verity_hash_init(v, req, &wait); in verity_hash()
190 r = verity_hash_update(v, req, data, len, &wait); in verity_hash()
194 r = verity_hash_final(v, req, digest, &wait); in verity_hash()
200 static void verity_hash_at_level(struct dm_verity *v, sector_t block, int level, in verity_hash_at_level() argument
203 sector_t position = verity_position_at_level(v, block, level); in verity_hash_at_level()
206 *hash_block = v->hash_level_block[level] + (position >> v->hash_per_block_bits); in verity_hash_at_level()
211 idx = position & ((1 << v->hash_per_block_bits) - 1); in verity_hash_at_level()
212 if (!v->version) in verity_hash_at_level()
213 *offset = idx * v->digest_size; in verity_hash_at_level()
215 *offset = idx << (v->hash_dev_block_bits - v->hash_per_block_bits); in verity_hash_at_level()
221 static int verity_handle_err(struct dm_verity *v, enum verity_block_type type, in verity_handle_err() argument
227 struct mapped_device *md = dm_table_get_md(v->ti->table); in verity_handle_err()
230 v->hash_failed = true; in verity_handle_err()
232 if (v->corrupted_errs >= DM_VERITY_MAX_CORRUPTED_ERRS) in verity_handle_err()
235 v->corrupted_errs++; in verity_handle_err()
248 DMERR_LIMIT("%s: %s block %llu is corrupted", v->data_dev->name, in verity_handle_err()
251 if (v->corrupted_errs == DM_VERITY_MAX_CORRUPTED_ERRS) in verity_handle_err()
252 DMERR("%s: reached maximum errors", v->data_dev->name); in verity_handle_err()
260 if (v->mode == DM_VERITY_MODE_LOGGING) in verity_handle_err()
263 if (v->mode == DM_VERITY_MODE_RESTART) in verity_handle_err()
266 if (v->mode == DM_VERITY_MODE_PANIC) in verity_handle_err()
283 static int verity_verify_level(struct dm_verity *v, struct dm_verity_io *io, in verity_verify_level() argument
294 verity_hash_at_level(v, block, level, &hash_block, &offset); in verity_verify_level()
297 data = dm_bufio_get(v->bufio, hash_block, &buf); in verity_verify_level()
307 data = dm_bufio_read(v->bufio, hash_block, &buf); in verity_verify_level()
320 r = verity_hash(v, verity_io_hash_req(v, io), in verity_verify_level()
321 data, 1 << v->hash_dev_block_bits, in verity_verify_level()
322 verity_io_real_digest(v, io)); in verity_verify_level()
326 if (likely(memcmp(verity_io_real_digest(v, io), want_digest, in verity_verify_level()
327 v->digest_size) == 0)) in verity_verify_level()
337 } else if (verity_fec_decode(v, io, DM_VERITY_BLOCK_TYPE_METADATA, in verity_verify_level()
340 else if (verity_handle_err(v, in verity_verify_level()
349 memcpy(want_digest, data, v->digest_size); in verity_verify_level()
361 int verity_hash_for_block(struct dm_verity *v, struct dm_verity_io *io, in verity_hash_for_block() argument
366 if (likely(v->levels)) { in verity_hash_for_block()
374 r = verity_verify_level(v, io, block, 0, true, digest); in verity_hash_for_block()
379 memcpy(digest, v->root_digest, v->digest_size); in verity_hash_for_block()
381 for (i = v->levels - 1; i >= 0; i--) { in verity_hash_for_block()
382 r = verity_verify_level(v, io, block, i, false, digest); in verity_hash_for_block()
387 if (!r && v->zero_digest) in verity_hash_for_block()
388 *is_zero = !memcmp(v->zero_digest, digest, v->digest_size); in verity_hash_for_block()
398 static int verity_for_io_block(struct dm_verity *v, struct dm_verity_io *io, in verity_for_io_block() argument
401 unsigned int todo = 1 << v->data_dev_block_bits; in verity_for_io_block()
402 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_for_io_block()
404 struct ahash_request *req = verity_io_hash_req(v, io); in verity_for_io_block()
442 int verity_for_bv_block(struct dm_verity *v, struct dm_verity_io *io, in verity_for_bv_block() argument
444 int (*process)(struct dm_verity *v, in verity_for_bv_block() argument
448 unsigned int todo = 1 << v->data_dev_block_bits; in verity_for_bv_block()
449 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_for_bv_block()
463 r = process(v, io, page, len); in verity_for_bv_block()
476 static int verity_bv_zero(struct dm_verity *v, struct dm_verity_io *io, in verity_bv_zero() argument
486 static inline void verity_bv_skip_block(struct dm_verity *v, in verity_bv_skip_block() argument
490 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_bv_skip_block()
492 bio_advance_iter(bio, iter, 1 << v->data_dev_block_bits); in verity_bv_skip_block()
501 struct dm_verity *v = io->v; in verity_verify_io() local
508 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_verify_io()
524 struct ahash_request *req = verity_io_hash_req(v, io); in verity_verify_io()
526 if (v->validated_blocks && in verity_verify_io()
527 likely(test_bit(cur_block, v->validated_blocks))) { in verity_verify_io()
528 verity_bv_skip_block(v, io, iter); in verity_verify_io()
532 r = verity_hash_for_block(v, io, cur_block, in verity_verify_io()
533 verity_io_want_digest(v, io), in verity_verify_io()
543 r = verity_for_bv_block(v, io, iter, in verity_verify_io()
551 r = verity_hash_init(v, req, &wait); in verity_verify_io()
556 if (verity_fec_is_enabled(v)) in verity_verify_io()
559 r = verity_for_io_block(v, io, iter, &wait); in verity_verify_io()
563 r = verity_hash_final(v, req, verity_io_real_digest(v, io), in verity_verify_io()
568 if (likely(memcmp(verity_io_real_digest(v, io), in verity_verify_io()
569 verity_io_want_digest(v, io), v->digest_size) == 0)) { in verity_verify_io()
570 if (v->validated_blocks) in verity_verify_io()
571 set_bit(cur_block, v->validated_blocks); in verity_verify_io()
581 } else if (verity_fec_decode(v, io, DM_VERITY_BLOCK_TYPE_DATA, in verity_verify_io()
592 if (verity_handle_err(v, DM_VERITY_BLOCK_TYPE_DATA, in verity_verify_io()
615 struct dm_verity *v = io->v; in verity_finish_io() local
616 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_finish_io()
647 queue_work(io->v->verify_wq, &io->work); in verity_tasklet()
659 (!verity_fec_is_enabled(io->v) || verity_is_system_shutting_down())) { in verity_end_io()
664 if (static_branch_unlikely(&use_tasklet_enabled) && io->v->use_tasklet) { in verity_end_io()
669 queue_work(io->v->verify_wq, &io->work); in verity_end_io()
682 struct dm_verity *v = pw->v; in verity_prefetch_io() local
685 for (i = v->levels - 2; i >= 0; i--) { in verity_prefetch_io()
689 verity_hash_at_level(v, pw->block, i, &hash_block_start, NULL); in verity_prefetch_io()
690 verity_hash_at_level(v, pw->block + pw->n_blocks - 1, i, &hash_block_end, NULL); in verity_prefetch_io()
695 cluster >>= v->data_dev_block_bits; in verity_prefetch_io()
704 if (unlikely(hash_block_end >= v->hash_blocks)) in verity_prefetch_io()
705 hash_block_end = v->hash_blocks - 1; in verity_prefetch_io()
708 dm_bufio_prefetch(v->bufio, hash_block_start, in verity_prefetch_io()
715 static void verity_submit_prefetch(struct dm_verity *v, struct dm_verity_io *io) in verity_submit_prefetch() argument
721 if (v->validated_blocks) { in verity_submit_prefetch()
722 while (n_blocks && test_bit(block, v->validated_blocks)) { in verity_submit_prefetch()
727 v->validated_blocks)) in verity_submit_prefetch()
740 pw->v = v; in verity_submit_prefetch()
743 queue_work(v->verify_wq, &pw->work); in verity_submit_prefetch()
752 struct dm_verity *v = ti->private; in verity_map() local
755 bio_set_dev(bio, v->data_dev->bdev); in verity_map()
756 bio->bi_iter.bi_sector = verity_map_sector(v, bio->bi_iter.bi_sector); in verity_map()
759 ((1 << (v->data_dev_block_bits - SECTOR_SHIFT)) - 1)) { in verity_map()
765 (v->data_dev_block_bits - SECTOR_SHIFT) > v->data_blocks) { in verity_map()
774 io->v = v; in verity_map()
776 io->block = bio->bi_iter.bi_sector >> (v->data_dev_block_bits - SECTOR_SHIFT); in verity_map()
777 io->n_blocks = bio->bi_iter.bi_size >> v->data_dev_block_bits; in verity_map()
783 verity_submit_prefetch(v, io); in verity_map()
796 struct dm_verity *v = ti->private; in verity_status() local
803 DMEMIT("%c", v->hash_failed ? 'C' : 'V'); in verity_status()
807 v->version, in verity_status()
808 v->data_dev->name, in verity_status()
809 v->hash_dev->name, in verity_status()
810 1 << v->data_dev_block_bits, in verity_status()
811 1 << v->hash_dev_block_bits, in verity_status()
812 (unsigned long long)v->data_blocks, in verity_status()
813 (unsigned long long)v->hash_start, in verity_status()
814 v->alg_name in verity_status()
816 for (x = 0; x < v->digest_size; x++) in verity_status()
817 DMEMIT("%02x", v->root_digest[x]); in verity_status()
819 if (!v->salt_size) in verity_status()
822 for (x = 0; x < v->salt_size; x++) in verity_status()
823 DMEMIT("%02x", v->salt[x]); in verity_status()
824 if (v->mode != DM_VERITY_MODE_EIO) in verity_status()
826 if (verity_fec_is_enabled(v)) in verity_status()
828 if (v->zero_digest) in verity_status()
830 if (v->validated_blocks) in verity_status()
832 if (v->use_tasklet) in verity_status()
834 if (v->signature_key_desc) in verity_status()
839 if (v->mode != DM_VERITY_MODE_EIO) { in verity_status()
841 switch (v->mode) { in verity_status()
855 if (v->zero_digest) in verity_status()
857 if (v->validated_blocks) in verity_status()
859 if (v->use_tasklet) in verity_status()
861 sz = verity_fec_status_table(v, sz, result, maxlen); in verity_status()
862 if (v->signature_key_desc) in verity_status()
864 " %s", v->signature_key_desc); in verity_status()
869 DMEMIT(",hash_failed=%c", v->hash_failed ? 'C' : 'V'); in verity_status()
870 DMEMIT(",verity_version=%u", v->version); in verity_status()
871 DMEMIT(",data_device_name=%s", v->data_dev->name); in verity_status()
872 DMEMIT(",hash_device_name=%s", v->hash_dev->name); in verity_status()
873 DMEMIT(",verity_algorithm=%s", v->alg_name); in verity_status()
876 for (x = 0; x < v->digest_size; x++) in verity_status()
877 DMEMIT("%02x", v->root_digest[x]); in verity_status()
880 if (!v->salt_size) in verity_status()
883 for (x = 0; x < v->salt_size; x++) in verity_status()
884 DMEMIT("%02x", v->salt[x]); in verity_status()
886 DMEMIT(",ignore_zero_blocks=%c", v->zero_digest ? 'y' : 'n'); in verity_status()
887 DMEMIT(",check_at_most_once=%c", v->validated_blocks ? 'y' : 'n'); in verity_status()
888 if (v->signature_key_desc) in verity_status()
889 DMEMIT(",root_hash_sig_key_desc=%s", v->signature_key_desc); in verity_status()
891 if (v->mode != DM_VERITY_MODE_EIO) { in verity_status()
893 switch (v->mode) { in verity_status()
914 struct dm_verity *v = ti->private; in verity_prepare_ioctl() local
916 *bdev = v->data_dev->bdev; in verity_prepare_ioctl()
918 if (v->data_start || ti->len != bdev_nr_sectors(v->data_dev->bdev)) in verity_prepare_ioctl()
926 struct dm_verity *v = ti->private; in verity_iterate_devices() local
928 return fn(ti, v->data_dev, v->data_start, ti->len, data); in verity_iterate_devices()
933 struct dm_verity *v = ti->private; in verity_io_hints() local
935 if (limits->logical_block_size < 1 << v->data_dev_block_bits) in verity_io_hints()
936 limits->logical_block_size = 1 << v->data_dev_block_bits; in verity_io_hints()
938 if (limits->physical_block_size < 1 << v->data_dev_block_bits) in verity_io_hints()
939 limits->physical_block_size = 1 << v->data_dev_block_bits; in verity_io_hints()
946 struct dm_verity *v = ti->private; in verity_dtr() local
948 if (v->verify_wq) in verity_dtr()
949 destroy_workqueue(v->verify_wq); in verity_dtr()
951 if (v->bufio) in verity_dtr()
952 dm_bufio_client_destroy(v->bufio); in verity_dtr()
954 kvfree(v->validated_blocks); in verity_dtr()
955 kfree(v->salt); in verity_dtr()
956 kfree(v->root_digest); in verity_dtr()
957 kfree(v->zero_digest); in verity_dtr()
959 if (v->tfm) in verity_dtr()
960 crypto_free_ahash(v->tfm); in verity_dtr()
962 kfree(v->alg_name); in verity_dtr()
964 if (v->hash_dev) in verity_dtr()
965 dm_put_device(ti, v->hash_dev); in verity_dtr()
967 if (v->data_dev) in verity_dtr()
968 dm_put_device(ti, v->data_dev); in verity_dtr()
970 verity_fec_dtr(v); in verity_dtr()
972 kfree(v->signature_key_desc); in verity_dtr()
974 if (v->use_tasklet) in verity_dtr()
977 kfree(v); in verity_dtr()
980 static int verity_alloc_most_once(struct dm_verity *v) in verity_alloc_most_once() argument
982 struct dm_target *ti = v->ti; in verity_alloc_most_once()
985 if (v->data_blocks > INT_MAX) { in verity_alloc_most_once()
990 v->validated_blocks = kvcalloc(BITS_TO_LONGS(v->data_blocks), in verity_alloc_most_once()
993 if (!v->validated_blocks) { in verity_alloc_most_once()
1001 static int verity_alloc_zero_digest(struct dm_verity *v) in verity_alloc_zero_digest() argument
1007 v->zero_digest = kmalloc(v->digest_size, GFP_KERNEL); in verity_alloc_zero_digest()
1009 if (!v->zero_digest) in verity_alloc_zero_digest()
1012 req = kmalloc(v->ahash_reqsize, GFP_KERNEL); in verity_alloc_zero_digest()
1017 zero_data = kzalloc(1 << v->data_dev_block_bits, GFP_KERNEL); in verity_alloc_zero_digest()
1022 r = verity_hash(v, req, zero_data, 1 << v->data_dev_block_bits, in verity_alloc_zero_digest()
1023 v->zero_digest); in verity_alloc_zero_digest()
1039 static int verity_parse_verity_mode(struct dm_verity *v, const char *arg_name) in verity_parse_verity_mode() argument
1041 if (v->mode) in verity_parse_verity_mode()
1045 v->mode = DM_VERITY_MODE_LOGGING; in verity_parse_verity_mode()
1047 v->mode = DM_VERITY_MODE_RESTART; in verity_parse_verity_mode()
1049 v->mode = DM_VERITY_MODE_PANIC; in verity_parse_verity_mode()
1054 static int verity_parse_opt_args(struct dm_arg_set *as, struct dm_verity *v, in verity_parse_opt_args() argument
1060 struct dm_target *ti = v->ti; in verity_parse_opt_args()
1081 r = verity_parse_verity_mode(v, arg_name); in verity_parse_opt_args()
1091 r = verity_alloc_zero_digest(v); in verity_parse_opt_args()
1101 r = verity_alloc_most_once(v); in verity_parse_opt_args()
1107 v->use_tasklet = true; in verity_parse_opt_args()
1114 r = verity_fec_parse_opt_args(as, v, &argc, arg_name); in verity_parse_opt_args()
1122 r = verity_verify_sig_parse_opt_args(as, v, in verity_parse_opt_args()
1163 struct dm_verity *v; in verity_ctr() local
1174 v = kzalloc(sizeof(struct dm_verity), GFP_KERNEL); in verity_ctr()
1175 if (!v) { in verity_ctr()
1179 ti->private = v; in verity_ctr()
1180 v->ti = ti; in verity_ctr()
1182 r = verity_fec_ctr_alloc(v); in verity_ctr()
1202 r = verity_parse_opt_args(&as, v, &verify_args, true); in verity_ctr()
1213 v->version = num; in verity_ctr()
1215 r = dm_get_device(ti, argv[1], FMODE_READ, &v->data_dev); in verity_ctr()
1221 r = dm_get_device(ti, argv[2], FMODE_READ, &v->hash_dev); in verity_ctr()
1229 num < bdev_logical_block_size(v->data_dev->bdev) || in verity_ctr()
1235 v->data_dev_block_bits = __ffs(num); in verity_ctr()
1239 num < bdev_logical_block_size(v->hash_dev->bdev) || in verity_ctr()
1245 v->hash_dev_block_bits = __ffs(num); in verity_ctr()
1248 (sector_t)(num_ll << (v->data_dev_block_bits - SECTOR_SHIFT)) in verity_ctr()
1249 >> (v->data_dev_block_bits - SECTOR_SHIFT) != num_ll) { in verity_ctr()
1254 v->data_blocks = num_ll; in verity_ctr()
1256 if (ti->len > (v->data_blocks << (v->data_dev_block_bits - SECTOR_SHIFT))) { in verity_ctr()
1263 (sector_t)(num_ll << (v->hash_dev_block_bits - SECTOR_SHIFT)) in verity_ctr()
1264 >> (v->hash_dev_block_bits - SECTOR_SHIFT) != num_ll) { in verity_ctr()
1269 v->hash_start = num_ll; in verity_ctr()
1271 v->alg_name = kstrdup(argv[7], GFP_KERNEL); in verity_ctr()
1272 if (!v->alg_name) { in verity_ctr()
1278 v->tfm = crypto_alloc_ahash(v->alg_name, 0, in verity_ctr()
1279 v->use_tasklet ? CRYPTO_ALG_ASYNC : 0); in verity_ctr()
1280 if (IS_ERR(v->tfm)) { in verity_ctr()
1282 r = PTR_ERR(v->tfm); in verity_ctr()
1283 v->tfm = NULL; in verity_ctr()
1292 DMINFO("%s using implementation \"%s\"", v->alg_name, in verity_ctr()
1293 crypto_hash_alg_common(v->tfm)->base.cra_driver_name); in verity_ctr()
1295 v->digest_size = crypto_ahash_digestsize(v->tfm); in verity_ctr()
1296 if ((1 << v->hash_dev_block_bits) < v->digest_size * 2) { in verity_ctr()
1301 v->ahash_reqsize = sizeof(struct ahash_request) + in verity_ctr()
1302 crypto_ahash_reqsize(v->tfm); in verity_ctr()
1304 v->root_digest = kmalloc(v->digest_size, GFP_KERNEL); in verity_ctr()
1305 if (!v->root_digest) { in verity_ctr()
1310 if (strlen(argv[8]) != v->digest_size * 2 || in verity_ctr()
1311 hex2bin(v->root_digest, argv[8], v->digest_size)) { in verity_ctr()
1319 v->salt_size = strlen(argv[9]) / 2; in verity_ctr()
1320 v->salt = kmalloc(v->salt_size, GFP_KERNEL); in verity_ctr()
1321 if (!v->salt) { in verity_ctr()
1326 if (strlen(argv[9]) != v->salt_size * 2 || in verity_ctr()
1327 hex2bin(v->salt, argv[9], v->salt_size)) { in verity_ctr()
1341 r = verity_parse_opt_args(&as, v, &verify_args, false); in verity_ctr()
1355 v->hash_per_block_bits = in verity_ctr()
1356 __fls((1 << v->hash_dev_block_bits) / v->digest_size); in verity_ctr()
1358 v->levels = 0; in verity_ctr()
1359 if (v->data_blocks) in verity_ctr()
1360 while (v->hash_per_block_bits * v->levels < 64 && in verity_ctr()
1361 (unsigned long long)(v->data_blocks - 1) >> in verity_ctr()
1362 (v->hash_per_block_bits * v->levels)) in verity_ctr()
1363 v->levels++; in verity_ctr()
1365 if (v->levels > DM_VERITY_MAX_LEVELS) { in verity_ctr()
1371 hash_position = v->hash_start; in verity_ctr()
1372 for (i = v->levels - 1; i >= 0; i--) { in verity_ctr()
1375 v->hash_level_block[i] = hash_position; in verity_ctr()
1376 s = (v->data_blocks + ((sector_t)1 << ((i + 1) * v->hash_per_block_bits)) - 1) in verity_ctr()
1377 >> ((i + 1) * v->hash_per_block_bits); in verity_ctr()
1385 v->hash_blocks = hash_position; in verity_ctr()
1387 v->bufio = dm_bufio_client_create(v->hash_dev->bdev, in verity_ctr()
1388 1 << v->hash_dev_block_bits, 1, sizeof(struct buffer_aux), in verity_ctr()
1390 v->use_tasklet ? DM_BUFIO_CLIENT_NO_SLEEP : 0); in verity_ctr()
1391 if (IS_ERR(v->bufio)) { in verity_ctr()
1393 r = PTR_ERR(v->bufio); in verity_ctr()
1394 v->bufio = NULL; in verity_ctr()
1398 if (dm_bufio_get_device_size(v->bufio) < v->hash_blocks) { in verity_ctr()
1413 v->verify_wq = alloc_workqueue("kverityd", WQ_MEM_RECLAIM | WQ_HIGHPRI, 0); in verity_ctr()
1414 if (!v->verify_wq) { in verity_ctr()
1421 v->ahash_reqsize + v->digest_size * 2; in verity_ctr()
1423 r = verity_fec_ctr(v); in verity_ctr()
1458 struct dm_verity *v = ti->private; in dm_verity_get_mode() local
1463 return v->mode; in dm_verity_get_mode()
1474 struct dm_verity *v = ti->private; in dm_verity_get_root_digest() local
1479 *root_digest = kmemdup(v->root_digest, v->digest_size, GFP_KERNEL); in dm_verity_get_root_digest()
1483 *digest_size = v->digest_size; in dm_verity_get_root_digest()