Lines Matching +full:0 +full:v

59 	struct dm_verity *v;  member
69 * The variable hash_verified is set to 0 when allocating the buffer, then
70 * it can be changed to 1 and it is never reset to 0 again.
88 aux->hash_verified = 0; in dm_bufio_alloc_callback()
94 static sector_t verity_map_sector(struct dm_verity *v, sector_t bi_sector) in verity_map_sector() argument
96 return v->data_start + dm_target_offset(v->ti, bi_sector); in verity_map_sector()
101 * (0 is the lowest level).
105 static sector_t verity_position_at_level(struct dm_verity *v, sector_t block, in verity_position_at_level() argument
108 return block >> (level * v->hash_per_block_bits); in verity_position_at_level()
111 static int verity_ahash_update(struct dm_verity *v, struct ahash_request *req, in verity_ahash_update() argument
138 return 0; in verity_ahash_update()
144 static int verity_ahash_init(struct dm_verity *v, struct ahash_request *req, in verity_ahash_init() argument
149 ahash_request_set_tfm(req, v->ahash_tfm); in verity_ahash_init()
151 may_sleep ? CRYPTO_TFM_REQ_MAY_SLEEP | CRYPTO_TFM_REQ_MAY_BACKLOG : 0, in verity_ahash_init()
157 if (unlikely(r < 0)) { in verity_ahash_init()
163 if (likely(v->salt_size && (v->version >= 1))) in verity_ahash_init()
164 r = verity_ahash_update(v, req, v->salt, v->salt_size, wait); in verity_ahash_init()
169 static int verity_ahash_final(struct dm_verity *v, struct ahash_request *req, in verity_ahash_final() argument
174 if (unlikely(v->salt_size && (!v->version))) { in verity_ahash_final()
175 r = verity_ahash_update(v, req, v->salt, v->salt_size, wait); in verity_ahash_final()
177 if (r < 0) { in verity_ahash_final()
183 ahash_request_set_crypt(req, NULL, digest, 0); in verity_ahash_final()
189 int verity_hash(struct dm_verity *v, struct dm_verity_io *io, in verity_hash() argument
194 if (static_branch_unlikely(&ahash_enabled) && !v->shash_tfm) { in verity_hash()
195 struct ahash_request *req = verity_io_hash_req(v, io); in verity_hash()
198 r = verity_ahash_init(v, req, &wait, may_sleep) ?: in verity_hash()
199 verity_ahash_update(v, req, data, len, &wait) ?: in verity_hash()
200 verity_ahash_final(v, req, digest, &wait); in verity_hash()
202 struct shash_desc *desc = verity_io_hash_req(v, io); in verity_hash()
204 desc->tfm = v->shash_tfm; in verity_hash()
205 r = crypto_shash_import(desc, v->initial_hashstate) ?: in verity_hash()
213 static void verity_hash_at_level(struct dm_verity *v, sector_t block, int level, in verity_hash_at_level() argument
216 sector_t position = verity_position_at_level(v, block, level); in verity_hash_at_level()
219 *hash_block = v->hash_level_block[level] + (position >> v->hash_per_block_bits); in verity_hash_at_level()
224 idx = position & ((1 << v->hash_per_block_bits) - 1); in verity_hash_at_level()
225 if (!v->version) in verity_hash_at_level()
226 *offset = idx * v->digest_size; in verity_hash_at_level()
228 *offset = idx << (v->hash_dev_block_bits - v->hash_per_block_bits); in verity_hash_at_level()
234 static int verity_handle_err(struct dm_verity *v, enum verity_block_type type, in verity_handle_err() argument
240 struct mapped_device *md = dm_table_get_md(v->ti->table); in verity_handle_err()
243 v->hash_failed = true; in verity_handle_err()
245 if (v->corrupted_errs >= DM_VERITY_MAX_CORRUPTED_ERRS) in verity_handle_err()
248 v->corrupted_errs++; in verity_handle_err()
261 DMERR_LIMIT("%s: %s block %llu is corrupted", v->data_dev->name, in verity_handle_err()
264 if (v->corrupted_errs == DM_VERITY_MAX_CORRUPTED_ERRS) { in verity_handle_err()
265 DMERR("%s: reached maximum errors", v->data_dev->name); in verity_handle_err()
266 dm_audit_log_target(DM_MSG_PREFIX, "max-corrupted-errors", v->ti, 0); in verity_handle_err()
275 if (v->mode == DM_VERITY_MODE_LOGGING) in verity_handle_err()
276 return 0; in verity_handle_err()
278 if (v->mode == DM_VERITY_MODE_RESTART) in verity_handle_err()
281 if (v->mode == DM_VERITY_MODE_PANIC) in verity_handle_err()
291 * On successful return, verity_io_want_digest(v, io) contains the hash value
296 * against current value of verity_io_want_digest(v, io).
298 static int verity_verify_level(struct dm_verity *v, struct dm_verity_io *io, in verity_verify_level() argument
308 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_verify_level()
310 verity_hash_at_level(v, block, level, &hash_block, &offset); in verity_verify_level()
313 data = dm_bufio_get(v->bufio, hash_block, &buf); in verity_verify_level()
323 data = dm_bufio_read_with_ioprio(v->bufio, hash_block, in verity_verify_level()
338 r = verity_hash(v, io, data, 1 << v->hash_dev_block_bits, in verity_verify_level()
339 verity_io_real_digest(v, io), !io->in_bh); in verity_verify_level()
340 if (unlikely(r < 0)) in verity_verify_level()
343 if (likely(memcmp(verity_io_real_digest(v, io), want_digest, in verity_verify_level()
344 v->digest_size) == 0)) in verity_verify_level()
353 } else if (verity_fec_decode(v, io, DM_VERITY_BLOCK_TYPE_METADATA, in verity_verify_level()
354 hash_block, data) == 0) in verity_verify_level()
356 else if (verity_handle_err(v, in verity_verify_level()
361 bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_verify_level()
363 block, 0); in verity_verify_level()
370 memcpy(want_digest, data, v->digest_size); in verity_verify_level()
371 r = 0; in verity_verify_level()
382 int verity_hash_for_block(struct dm_verity *v, struct dm_verity_io *io, in verity_hash_for_block() argument
385 int r = 0, i; in verity_hash_for_block()
387 if (likely(v->levels)) { in verity_hash_for_block()
395 r = verity_verify_level(v, io, block, 0, true, digest); in verity_hash_for_block()
396 if (likely(r <= 0)) in verity_hash_for_block()
400 memcpy(digest, v->root_digest, v->digest_size); in verity_hash_for_block()
402 for (i = v->levels - 1; i >= 0; i--) { in verity_hash_for_block()
403 r = verity_verify_level(v, io, block, i, false, digest); in verity_hash_for_block()
408 if (!r && v->zero_digest) in verity_hash_for_block()
409 *is_zero = !memcmp(v->zero_digest, digest, v->digest_size); in verity_hash_for_block()
416 static noinline int verity_recheck(struct dm_verity *v, struct dm_verity_io *io, in verity_recheck() argument
425 page = mempool_alloc(&v->recheck_pool, GFP_NOIO); in verity_recheck()
432 io_req.client = v->io; in verity_recheck()
433 io_loc.bdev = v->data_dev->bdev; in verity_recheck()
434 io_loc.sector = cur_block << (v->data_dev_block_bits - SECTOR_SHIFT); in verity_recheck()
435 io_loc.count = 1 << (v->data_dev_block_bits - SECTOR_SHIFT); in verity_recheck()
440 r = verity_hash(v, io, buffer, 1 << v->data_dev_block_bits, in verity_recheck()
441 verity_io_real_digest(v, io), true); in verity_recheck()
445 if (memcmp(verity_io_real_digest(v, io), in verity_recheck()
446 verity_io_want_digest(v, io), v->digest_size)) { in verity_recheck()
451 memcpy(dest, buffer, 1 << v->data_dev_block_bits); in verity_recheck()
452 r = 0; in verity_recheck()
454 mempool_free(page, &v->recheck_pool); in verity_recheck()
459 static int verity_handle_data_hash_mismatch(struct dm_verity *v, in verity_handle_data_hash_mismatch() argument
471 if (verity_recheck(v, io, blkno, data) == 0) { in verity_handle_data_hash_mismatch()
472 if (v->validated_blocks) in verity_handle_data_hash_mismatch()
473 set_bit(blkno, v->validated_blocks); in verity_handle_data_hash_mismatch()
474 return 0; in verity_handle_data_hash_mismatch()
477 if (verity_fec_decode(v, io, DM_VERITY_BLOCK_TYPE_DATA, blkno, in verity_handle_data_hash_mismatch()
478 data) == 0) in verity_handle_data_hash_mismatch()
479 return 0; in verity_handle_data_hash_mismatch()
484 if (verity_handle_err(v, DM_VERITY_BLOCK_TYPE_DATA, blkno)) { in verity_handle_data_hash_mismatch()
486 dm_audit_log_bio(DM_MSG_PREFIX, "verify-data", bio, blkno, 0); in verity_handle_data_hash_mismatch()
489 return 0; in verity_handle_data_hash_mismatch()
497 struct dm_verity *v = io->v; in verity_verify_io() local
498 const unsigned int block_size = 1 << v->data_dev_block_bits; in verity_verify_io()
501 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_verify_io()
514 for (b = 0; b < io->n_blocks; in verity_verify_io()
522 if (v->validated_blocks && bio->bi_status == BLK_STS_OK && in verity_verify_io()
523 likely(test_bit(cur_block, v->validated_blocks))) in verity_verify_io()
526 r = verity_hash_for_block(v, io, cur_block, in verity_verify_io()
527 verity_io_want_digest(v, io), in verity_verify_io()
529 if (unlikely(r < 0)) in verity_verify_io()
551 memset(data, 0, block_size); in verity_verify_io()
556 r = verity_hash(v, io, data, block_size, in verity_verify_io()
557 verity_io_real_digest(v, io), !io->in_bh); in verity_verify_io()
558 if (unlikely(r < 0)) { in verity_verify_io()
563 if (likely(memcmp(verity_io_real_digest(v, io), in verity_verify_io()
564 verity_io_want_digest(v, io), v->digest_size) == 0)) { in verity_verify_io()
565 if (v->validated_blocks) in verity_verify_io()
566 set_bit(cur_block, v->validated_blocks); in verity_verify_io()
570 r = verity_handle_data_hash_mismatch(v, io, bio, cur_block, in verity_verify_io()
577 return 0; in verity_verify_io()
599 struct dm_verity *v = io->v; in verity_finish_io() local
600 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_finish_io()
612 if (v->error_mode == DM_VERITY_MODE_PANIC) { in verity_finish_io()
615 if (v->error_mode == DM_VERITY_MODE_RESTART) { in verity_finish_io()
617 queue_work(v->verify_wq, &restart_work); in verity_finish_io()
648 queue_work(io->v->verify_wq, &io->work); in verity_bh_work()
660 (!verity_fec_is_enabled(io->v) || in verity_end_io()
667 if (static_branch_unlikely(&use_bh_wq_enabled) && io->v->use_bh_wq) { in verity_end_io()
672 queue_work(io->v->verify_wq, &io->work); in verity_end_io()
685 struct dm_verity *v = pw->v; in verity_prefetch_io() local
688 for (i = v->levels - 2; i >= 0; i--) { in verity_prefetch_io()
692 verity_hash_at_level(v, pw->block, i, &hash_block_start, NULL); in verity_prefetch_io()
693 verity_hash_at_level(v, pw->block + pw->n_blocks - 1, i, &hash_block_end, NULL); in verity_prefetch_io()
698 cluster >>= v->data_dev_block_bits; in verity_prefetch_io()
707 if (unlikely(hash_block_end >= v->hash_blocks)) in verity_prefetch_io()
708 hash_block_end = v->hash_blocks - 1; in verity_prefetch_io()
711 dm_bufio_prefetch_with_ioprio(v->bufio, hash_block_start, in verity_prefetch_io()
719 static void verity_submit_prefetch(struct dm_verity *v, struct dm_verity_io *io, in verity_submit_prefetch() argument
726 if (v->validated_blocks) { in verity_submit_prefetch()
727 while (n_blocks && test_bit(block, v->validated_blocks)) { in verity_submit_prefetch()
732 v->validated_blocks)) in verity_submit_prefetch()
745 pw->v = v; in verity_submit_prefetch()
749 queue_work(v->verify_wq, &pw->work); in verity_submit_prefetch()
758 struct dm_verity *v = ti->private; in verity_map() local
761 bio_set_dev(bio, v->data_dev->bdev); in verity_map()
762 bio->bi_iter.bi_sector = verity_map_sector(v, bio->bi_iter.bi_sector); in verity_map()
765 ((1 << (v->data_dev_block_bits - SECTOR_SHIFT)) - 1)) { in verity_map()
771 (v->data_dev_block_bits - SECTOR_SHIFT) > v->data_blocks) { in verity_map()
780 io->v = v; in verity_map()
782 io->block = bio->bi_iter.bi_sector >> (v->data_dev_block_bits - SECTOR_SHIFT); in verity_map()
783 io->n_blocks = bio->bi_iter.bi_size >> v->data_dev_block_bits; in verity_map()
792 verity_submit_prefetch(v, io, bio_prio(bio)); in verity_map()
800 * Status: V (valid) or C (corruption found)
805 struct dm_verity *v = ti->private; in verity_status() local
806 unsigned int args = 0; in verity_status()
807 unsigned int sz = 0; in verity_status()
812 DMEMIT("%c", v->hash_failed ? 'C' : 'V'); in verity_status()
816 v->version, in verity_status()
817 v->data_dev->name, in verity_status()
818 v->hash_dev->name, in verity_status()
819 1 << v->data_dev_block_bits, in verity_status()
820 1 << v->hash_dev_block_bits, in verity_status()
821 (unsigned long long)v->data_blocks, in verity_status()
822 (unsigned long long)v->hash_start, in verity_status()
823 v->alg_name in verity_status()
825 for (x = 0; x < v->digest_size; x++) in verity_status()
826 DMEMIT("%02x", v->root_digest[x]); in verity_status()
828 if (!v->salt_size) in verity_status()
831 for (x = 0; x < v->salt_size; x++) in verity_status()
832 DMEMIT("%02x", v->salt[x]); in verity_status()
833 if (v->mode != DM_VERITY_MODE_EIO) in verity_status()
835 if (v->error_mode != DM_VERITY_MODE_EIO) in verity_status()
837 if (verity_fec_is_enabled(v)) in verity_status()
839 if (v->zero_digest) in verity_status()
841 if (v->validated_blocks) in verity_status()
843 if (v->use_bh_wq) in verity_status()
845 if (v->signature_key_desc) in verity_status()
850 if (v->mode != DM_VERITY_MODE_EIO) { in verity_status()
852 switch (v->mode) { in verity_status()
866 if (v->error_mode != DM_VERITY_MODE_EIO) { in verity_status()
868 switch (v->error_mode) { in verity_status()
879 if (v->zero_digest) in verity_status()
881 if (v->validated_blocks) in verity_status()
883 if (v->use_bh_wq) in verity_status()
885 sz = verity_fec_status_table(v, sz, result, maxlen); in verity_status()
886 if (v->signature_key_desc) in verity_status()
888 " %s", v->signature_key_desc); in verity_status()
893 DMEMIT(",hash_failed=%c", v->hash_failed ? 'C' : 'V'); in verity_status()
894 DMEMIT(",verity_version=%u", v->version); in verity_status()
895 DMEMIT(",data_device_name=%s", v->data_dev->name); in verity_status()
896 DMEMIT(",hash_device_name=%s", v->hash_dev->name); in verity_status()
897 DMEMIT(",verity_algorithm=%s", v->alg_name); in verity_status()
900 for (x = 0; x < v->digest_size; x++) in verity_status()
901 DMEMIT("%02x", v->root_digest[x]); in verity_status()
904 if (!v->salt_size) in verity_status()
907 for (x = 0; x < v->salt_size; x++) in verity_status()
908 DMEMIT("%02x", v->salt[x]); in verity_status()
910 DMEMIT(",ignore_zero_blocks=%c", v->zero_digest ? 'y' : 'n'); in verity_status()
911 DMEMIT(",check_at_most_once=%c", v->validated_blocks ? 'y' : 'n'); in verity_status()
912 if (v->signature_key_desc) in verity_status()
913 DMEMIT(",root_hash_sig_key_desc=%s", v->signature_key_desc); in verity_status()
915 if (v->mode != DM_VERITY_MODE_EIO) { in verity_status()
917 switch (v->mode) { in verity_status()
931 if (v->error_mode != DM_VERITY_MODE_EIO) { in verity_status()
933 switch (v->error_mode) { in verity_status()
951 struct dm_verity *v = ti->private; in verity_prepare_ioctl() local
953 *bdev = v->data_dev->bdev; in verity_prepare_ioctl()
955 if (v->data_start || ti->len != bdev_nr_sectors(v->data_dev->bdev)) in verity_prepare_ioctl()
957 return 0; in verity_prepare_ioctl()
963 struct dm_verity *v = ti->private; in verity_iterate_devices() local
965 return fn(ti, v->data_dev, v->data_start, ti->len, data); in verity_iterate_devices()
970 struct dm_verity *v = ti->private; in verity_io_hints() local
972 if (limits->logical_block_size < 1 << v->data_dev_block_bits) in verity_io_hints()
973 limits->logical_block_size = 1 << v->data_dev_block_bits; in verity_io_hints()
975 if (limits->physical_block_size < 1 << v->data_dev_block_bits) in verity_io_hints()
976 limits->physical_block_size = 1 << v->data_dev_block_bits; in verity_io_hints()
991 static int verity_init_sig(struct dm_verity *v, const void *sig, in verity_init_sig() argument
994 v->sig_size = sig_size; in verity_init_sig()
997 v->root_digest_sig = kmemdup(sig, v->sig_size, GFP_KERNEL); in verity_init_sig()
998 if (!v->root_digest_sig) in verity_init_sig()
1002 return 0; in verity_init_sig()
1005 static void verity_free_sig(struct dm_verity *v) in verity_free_sig() argument
1007 kfree(v->root_digest_sig); in verity_free_sig()
1012 static inline int verity_init_sig(struct dm_verity *v, const void *sig, in verity_init_sig() argument
1015 return 0; in verity_init_sig()
1018 static inline void verity_free_sig(struct dm_verity *v) in verity_free_sig() argument
1026 struct dm_verity *v = ti->private; in verity_dtr() local
1028 if (v->verify_wq) in verity_dtr()
1029 destroy_workqueue(v->verify_wq); in verity_dtr()
1031 mempool_exit(&v->recheck_pool); in verity_dtr()
1032 if (v->io) in verity_dtr()
1033 dm_io_client_destroy(v->io); in verity_dtr()
1035 if (v->bufio) in verity_dtr()
1036 dm_bufio_client_destroy(v->bufio); in verity_dtr()
1038 kvfree(v->validated_blocks); in verity_dtr()
1039 kfree(v->salt); in verity_dtr()
1040 kfree(v->initial_hashstate); in verity_dtr()
1041 kfree(v->root_digest); in verity_dtr()
1042 kfree(v->zero_digest); in verity_dtr()
1043 verity_free_sig(v); in verity_dtr()
1045 if (v->ahash_tfm) { in verity_dtr()
1047 crypto_free_ahash(v->ahash_tfm); in verity_dtr()
1049 crypto_free_shash(v->shash_tfm); in verity_dtr()
1052 kfree(v->alg_name); in verity_dtr()
1054 if (v->hash_dev) in verity_dtr()
1055 dm_put_device(ti, v->hash_dev); in verity_dtr()
1057 if (v->data_dev) in verity_dtr()
1058 dm_put_device(ti, v->data_dev); in verity_dtr()
1060 verity_fec_dtr(v); in verity_dtr()
1062 kfree(v->signature_key_desc); in verity_dtr()
1064 if (v->use_bh_wq) in verity_dtr()
1067 kfree(v); in verity_dtr()
1072 static int verity_alloc_most_once(struct dm_verity *v) in verity_alloc_most_once() argument
1074 struct dm_target *ti = v->ti; in verity_alloc_most_once()
1077 if (v->data_blocks > INT_MAX) { in verity_alloc_most_once()
1082 v->validated_blocks = kvcalloc(BITS_TO_LONGS(v->data_blocks), in verity_alloc_most_once()
1085 if (!v->validated_blocks) { in verity_alloc_most_once()
1090 return 0; in verity_alloc_most_once()
1093 static int verity_alloc_zero_digest(struct dm_verity *v) in verity_alloc_zero_digest() argument
1099 v->zero_digest = kmalloc(v->digest_size, GFP_KERNEL); in verity_alloc_zero_digest()
1101 if (!v->zero_digest) in verity_alloc_zero_digest()
1104 io = kmalloc(sizeof(*io) + v->hash_reqsize, GFP_KERNEL); in verity_alloc_zero_digest()
1109 zero_data = kzalloc(1 << v->data_dev_block_bits, GFP_KERNEL); in verity_alloc_zero_digest()
1114 r = verity_hash(v, io, zero_data, 1 << v->data_dev_block_bits, in verity_alloc_zero_digest()
1115 v->zero_digest, true); in verity_alloc_zero_digest()
1131 static int verity_parse_verity_mode(struct dm_verity *v, const char *arg_name) in verity_parse_verity_mode() argument
1133 if (v->mode) in verity_parse_verity_mode()
1137 v->mode = DM_VERITY_MODE_LOGGING; in verity_parse_verity_mode()
1139 v->mode = DM_VERITY_MODE_RESTART; in verity_parse_verity_mode()
1141 v->mode = DM_VERITY_MODE_PANIC; in verity_parse_verity_mode()
1143 return 0; in verity_parse_verity_mode()
1152 static int verity_parse_verity_error_mode(struct dm_verity *v, const char *arg_name) in verity_parse_verity_error_mode() argument
1154 if (v->error_mode) in verity_parse_verity_error_mode()
1158 v->error_mode = DM_VERITY_MODE_RESTART; in verity_parse_verity_error_mode()
1160 v->error_mode = DM_VERITY_MODE_PANIC; in verity_parse_verity_error_mode()
1162 return 0; in verity_parse_verity_error_mode()
1165 static int verity_parse_opt_args(struct dm_arg_set *as, struct dm_verity *v, in verity_parse_opt_args() argument
1169 int r = 0; in verity_parse_opt_args()
1171 struct dm_target *ti = v->ti; in verity_parse_opt_args()
1175 {0, DM_VERITY_OPTS_MAX, "Invalid number of feature args"}, in verity_parse_opt_args()
1183 return 0; in verity_parse_opt_args()
1192 r = verity_parse_verity_mode(v, arg_name); in verity_parse_opt_args()
1202 r = verity_parse_verity_error_mode(v, arg_name); in verity_parse_opt_args()
1212 r = verity_alloc_zero_digest(v); in verity_parse_opt_args()
1222 r = verity_alloc_most_once(v); in verity_parse_opt_args()
1228 v->use_bh_wq = true; in verity_parse_opt_args()
1235 r = verity_fec_parse_opt_args(as, v, &argc, arg_name); in verity_parse_opt_args()
1243 r = verity_verify_sig_parse_opt_args(as, v, in verity_parse_opt_args()
1268 static int verity_setup_hash_alg(struct dm_verity *v, const char *alg_name) in verity_setup_hash_alg() argument
1270 struct dm_target *ti = v->ti; in verity_setup_hash_alg()
1275 v->alg_name = kstrdup(alg_name, GFP_KERNEL); in verity_setup_hash_alg()
1276 if (!v->alg_name) { in verity_setup_hash_alg()
1290 ahash = crypto_alloc_ahash(alg_name, 0, in verity_setup_hash_alg()
1291 v->use_bh_wq ? CRYPTO_ALG_ASYNC : 0); in verity_setup_hash_alg()
1297 if (v->version >= 1 /* salt prepended, not appended? */) { in verity_setup_hash_alg()
1298 shash = crypto_alloc_shash(alg_name, 0, 0); in verity_setup_hash_alg()
1300 strcmp(crypto_shash_driver_name(shash), driver_name) != 0) { in verity_setup_hash_alg()
1312 v->shash_tfm = shash; in verity_setup_hash_alg()
1313 v->digest_size = crypto_shash_digestsize(shash); in verity_setup_hash_alg()
1314 v->hash_reqsize = sizeof(struct shash_desc) + in verity_setup_hash_alg()
1318 v->ahash_tfm = ahash; in verity_setup_hash_alg()
1320 v->digest_size = crypto_ahash_digestsize(ahash); in verity_setup_hash_alg()
1321 v->hash_reqsize = sizeof(struct ahash_request) + in verity_setup_hash_alg()
1325 if ((1 << v->hash_dev_block_bits) < v->digest_size * 2) { in verity_setup_hash_alg()
1329 return 0; in verity_setup_hash_alg()
1332 static int verity_setup_salt_and_hashstate(struct dm_verity *v, const char *arg) in verity_setup_salt_and_hashstate() argument
1334 struct dm_target *ti = v->ti; in verity_setup_salt_and_hashstate()
1336 if (strcmp(arg, "-") != 0) { in verity_setup_salt_and_hashstate()
1337 v->salt_size = strlen(arg) / 2; in verity_setup_salt_and_hashstate()
1338 v->salt = kmalloc(v->salt_size, GFP_KERNEL); in verity_setup_salt_and_hashstate()
1339 if (!v->salt) { in verity_setup_salt_and_hashstate()
1343 if (strlen(arg) != v->salt_size * 2 || in verity_setup_salt_and_hashstate()
1344 hex2bin(v->salt, arg, v->salt_size)) { in verity_setup_salt_and_hashstate()
1349 if (v->shash_tfm) { in verity_setup_salt_and_hashstate()
1350 SHASH_DESC_ON_STACK(desc, v->shash_tfm); in verity_setup_salt_and_hashstate()
1357 v->initial_hashstate = kmalloc( in verity_setup_salt_and_hashstate()
1358 crypto_shash_statesize(v->shash_tfm), GFP_KERNEL); in verity_setup_salt_and_hashstate()
1359 if (!v->initial_hashstate) { in verity_setup_salt_and_hashstate()
1363 desc->tfm = v->shash_tfm; in verity_setup_salt_and_hashstate()
1365 crypto_shash_update(desc, v->salt, v->salt_size) ?: in verity_setup_salt_and_hashstate()
1366 crypto_shash_export(desc, v->initial_hashstate); in verity_setup_salt_and_hashstate()
1372 return 0; in verity_setup_salt_and_hashstate()
1378 * Vsn 0 is compatible with original Chromium OS releases.
1391 struct dm_verity *v; in verity_ctr() local
1392 struct dm_verity_sig_opts verify_args = {0}; in verity_ctr()
1402 v = kzalloc(sizeof(struct dm_verity), GFP_KERNEL); in verity_ctr()
1403 if (!v) { in verity_ctr()
1407 ti->private = v; in verity_ctr()
1408 v->ti = ti; in verity_ctr()
1410 r = verity_fec_ctr_alloc(v); in verity_ctr()
1430 r = verity_parse_opt_args(&as, v, &verify_args, true); in verity_ctr()
1431 if (r < 0) in verity_ctr()
1435 if (sscanf(argv[0], "%u%c", &num, &dummy) != 1 || in verity_ctr()
1441 v->version = num; in verity_ctr()
1443 r = dm_get_device(ti, argv[1], BLK_OPEN_READ, &v->data_dev); in verity_ctr()
1449 r = dm_get_device(ti, argv[2], BLK_OPEN_READ, &v->hash_dev); in verity_ctr()
1457 num < bdev_logical_block_size(v->data_dev->bdev) || in verity_ctr()
1463 v->data_dev_block_bits = __ffs(num); in verity_ctr()
1467 num < bdev_logical_block_size(v->hash_dev->bdev) || in verity_ctr()
1473 v->hash_dev_block_bits = __ffs(num); in verity_ctr()
1476 (sector_t)(num_ll << (v->data_dev_block_bits - SECTOR_SHIFT)) in verity_ctr()
1477 >> (v->data_dev_block_bits - SECTOR_SHIFT) != num_ll) { in verity_ctr()
1482 v->data_blocks = num_ll; in verity_ctr()
1484 if (ti->len > (v->data_blocks << (v->data_dev_block_bits - SECTOR_SHIFT))) { in verity_ctr()
1491 (sector_t)(num_ll << (v->hash_dev_block_bits - SECTOR_SHIFT)) in verity_ctr()
1492 >> (v->hash_dev_block_bits - SECTOR_SHIFT) != num_ll) { in verity_ctr()
1497 v->hash_start = num_ll; in verity_ctr()
1499 r = verity_setup_hash_alg(v, argv[7]); in verity_ctr()
1503 v->root_digest = kmalloc(v->digest_size, GFP_KERNEL); in verity_ctr()
1504 if (!v->root_digest) { in verity_ctr()
1509 if (strlen(argv[8]) != v->digest_size * 2 || in verity_ctr()
1510 hex2bin(v->root_digest, argv[8], v->digest_size)) { in verity_ctr()
1517 r = verity_setup_salt_and_hashstate(v, argv[9]); in verity_ctr()
1528 r = verity_parse_opt_args(&as, v, &verify_args, false); in verity_ctr()
1529 if (r < 0) in verity_ctr()
1538 if (r < 0) { in verity_ctr()
1543 r = verity_init_sig(v, verify_args.sig, verify_args.sig_size); in verity_ctr()
1544 if (r < 0) { in verity_ctr()
1549 v->hash_per_block_bits = in verity_ctr()
1550 __fls((1 << v->hash_dev_block_bits) / v->digest_size); in verity_ctr()
1552 v->levels = 0; in verity_ctr()
1553 if (v->data_blocks) in verity_ctr()
1554 while (v->hash_per_block_bits * v->levels < 64 && in verity_ctr()
1555 (unsigned long long)(v->data_blocks - 1) >> in verity_ctr()
1556 (v->hash_per_block_bits * v->levels)) in verity_ctr()
1557 v->levels++; in verity_ctr()
1559 if (v->levels > DM_VERITY_MAX_LEVELS) { in verity_ctr()
1565 hash_position = v->hash_start; in verity_ctr()
1566 for (i = v->levels - 1; i >= 0; i--) { in verity_ctr()
1569 v->hash_level_block[i] = hash_position; in verity_ctr()
1570 s = (v->data_blocks + ((sector_t)1 << ((i + 1) * v->hash_per_block_bits)) - 1) in verity_ctr()
1571 >> ((i + 1) * v->hash_per_block_bits); in verity_ctr()
1579 v->hash_blocks = hash_position; in verity_ctr()
1581 r = mempool_init_page_pool(&v->recheck_pool, 1, 0); in verity_ctr()
1587 v->io = dm_io_client_create(); in verity_ctr()
1588 if (IS_ERR(v->io)) { in verity_ctr()
1589 r = PTR_ERR(v->io); in verity_ctr()
1590 v->io = NULL; in verity_ctr()
1595 v->bufio = dm_bufio_client_create(v->hash_dev->bdev, in verity_ctr()
1596 1 << v->hash_dev_block_bits, 1, sizeof(struct buffer_aux), in verity_ctr()
1598 v->use_bh_wq ? DM_BUFIO_CLIENT_NO_SLEEP : 0); in verity_ctr()
1599 if (IS_ERR(v->bufio)) { in verity_ctr()
1601 r = PTR_ERR(v->bufio); in verity_ctr()
1602 v->bufio = NULL; in verity_ctr()
1606 if (dm_bufio_get_device_size(v->bufio) < v->hash_blocks) { in verity_ctr()
1621 v->verify_wq = alloc_workqueue("kverityd", WQ_MEM_RECLAIM | WQ_HIGHPRI, 0); in verity_ctr()
1622 if (!v->verify_wq) { in verity_ctr()
1628 ti->per_io_data_size = sizeof(struct dm_verity_io) + v->hash_reqsize; in verity_ctr()
1630 r = verity_fec_ctr(v); in verity_ctr()
1641 return 0; in verity_ctr()
1646 dm_audit_log_ctr(DM_MSG_PREFIX, ti, 0); in verity_ctr()
1660 struct dm_verity *v = ti->private; in dm_verity_get_mode() local
1665 return v->mode; in dm_verity_get_mode()
1676 struct dm_verity *v = ti->private; in dm_verity_get_root_digest() local
1681 *root_digest = kmemdup(v->root_digest, v->digest_size, GFP_KERNEL); in dm_verity_get_root_digest()
1685 *digest_size = v->digest_size; in dm_verity_get_root_digest()
1687 return 0; in dm_verity_get_root_digest()
1695 struct dm_verity *v) in verity_security_set_signature() argument
1698 * if the dm-verity target is unsigned, v->root_digest_sig will in verity_security_set_signature()
1705 v->root_digest_sig, in verity_security_set_signature()
1706 v->sig_size); in verity_security_set_signature()
1712 struct dm_verity *v) in verity_security_set_signature() argument
1714 return 0; in verity_security_set_signature()
1722 * Returns 0 on success, or -ENOMEM if the system is out of memory.
1728 struct dm_verity *v; in verity_preresume() local
1731 v = ti->private; in verity_preresume()
1733 root_digest.digest = v->root_digest; in verity_preresume()
1734 root_digest.digest_len = v->digest_size; in verity_preresume()
1735 if (static_branch_unlikely(&ahash_enabled) && !v->shash_tfm) in verity_preresume()
1736 root_digest.alg = crypto_ahash_alg_name(v->ahash_tfm); in verity_preresume()
1738 root_digest.alg = crypto_shash_alg_name(v->shash_tfm); in verity_preresume()
1745 r = verity_security_set_signature(bdev, v); in verity_preresume()
1749 return 0; in verity_preresume()
1753 security_bdev_setintegrity(bdev, LSM_INT_DMVERITY_ROOTHASH, NULL, 0); in verity_preresume()
1764 .version = {1, 10, 0},