Lines Matching +full:0 +full:v
56 0 // IOPRIO_CLASS_IDLE
65 struct dm_verity *v; member
75 * The variable hash_verified is set to 0 when allocating the buffer, then
76 * it can be changed to 1 and it is never reset to 0 again.
94 aux->hash_verified = 0; in dm_bufio_alloc_callback()
100 static sector_t verity_map_sector(struct dm_verity *v, sector_t bi_sector) in verity_map_sector() argument
102 return dm_target_offset(v->ti, bi_sector); in verity_map_sector()
107 * (0 is the lowest level).
111 static sector_t verity_position_at_level(struct dm_verity *v, sector_t block, in verity_position_at_level() argument
114 return block >> (level * v->hash_per_block_bits); in verity_position_at_level()
117 int verity_hash(struct dm_verity *v, struct dm_verity_io *io, in verity_hash() argument
123 if (likely(v->use_sha256_lib)) { in verity_hash()
130 *ctx = *v->initial_hashstate.sha256; in verity_hash()
133 return 0; in verity_hash()
137 desc->tfm = v->shash_tfm; in verity_hash()
138 if (unlikely(v->initial_hashstate.shash == NULL)) { in verity_hash()
139 /* Version 0: salt at end */ in verity_hash()
142 crypto_shash_update(desc, v->salt, v->salt_size) ?: in verity_hash()
146 r = crypto_shash_import(desc, v->initial_hashstate.shash) ?: in verity_hash()
154 static void verity_hash_at_level(struct dm_verity *v, sector_t block, int level, in verity_hash_at_level() argument
157 sector_t position = verity_position_at_level(v, block, level); in verity_hash_at_level()
160 *hash_block = v->hash_level_block[level] + (position >> v->hash_per_block_bits); in verity_hash_at_level()
165 idx = position & ((1 << v->hash_per_block_bits) - 1); in verity_hash_at_level()
166 if (!v->version) in verity_hash_at_level()
167 *offset = idx * v->digest_size; in verity_hash_at_level()
169 *offset = idx << (v->hash_dev_block_bits - v->hash_per_block_bits); in verity_hash_at_level()
175 static int verity_handle_err(struct dm_verity *v, enum verity_block_type type, in verity_handle_err() argument
181 struct mapped_device *md = dm_table_get_md(v->ti->table); in verity_handle_err()
184 v->hash_failed = true; in verity_handle_err()
186 if (v->corrupted_errs >= DM_VERITY_MAX_CORRUPTED_ERRS) in verity_handle_err()
189 v->corrupted_errs++; in verity_handle_err()
202 DMERR_LIMIT("%s: %s block %llu is corrupted", v->data_dev->name, in verity_handle_err()
205 if (v->corrupted_errs == DM_VERITY_MAX_CORRUPTED_ERRS) { in verity_handle_err()
206 DMERR("%s: reached maximum errors", v->data_dev->name); in verity_handle_err()
207 dm_audit_log_target(DM_MSG_PREFIX, "max-corrupted-errors", v->ti, 0); in verity_handle_err()
216 if (v->mode == DM_VERITY_MODE_LOGGING) in verity_handle_err()
217 return 0; in verity_handle_err()
219 if (v->mode == DM_VERITY_MODE_RESTART) in verity_handle_err()
222 if (v->mode == DM_VERITY_MODE_PANIC) in verity_handle_err()
239 static int verity_verify_level(struct dm_verity *v, struct dm_verity_io *io, in verity_verify_level() argument
249 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_verify_level()
251 verity_hash_at_level(v, block, level, &hash_block, &offset); in verity_verify_level()
254 data = dm_bufio_get(v->bufio, hash_block, &buf); in verity_verify_level()
264 data = dm_bufio_read_with_ioprio(v->bufio, hash_block, in verity_verify_level()
272 data = dm_bufio_new(v->bufio, hash_block, &buf); in verity_verify_level()
275 if (verity_fec_decode(v, io, DM_VERITY_BLOCK_TYPE_METADATA, in verity_verify_level()
276 want_digest, hash_block, data) == 0) { in verity_verify_level()
282 dm_bufio_forget(v->bufio, hash_block); in verity_verify_level()
295 r = verity_hash(v, io, data, 1 << v->hash_dev_block_bits, in verity_verify_level()
297 if (unlikely(r < 0)) in verity_verify_level()
301 v->digest_size) == 0)) in verity_verify_level()
310 } else if (verity_fec_decode(v, io, DM_VERITY_BLOCK_TYPE_METADATA, in verity_verify_level()
311 want_digest, hash_block, data) == 0) in verity_verify_level()
313 else if (verity_handle_err(v, in verity_verify_level()
318 bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_verify_level()
320 block, 0); in verity_verify_level()
328 memcpy(want_digest, data, v->digest_size); in verity_verify_level()
329 r = 0; in verity_verify_level()
340 int verity_hash_for_block(struct dm_verity *v, struct dm_verity_io *io, in verity_hash_for_block() argument
343 int r = 0, i; in verity_hash_for_block()
345 if (likely(v->levels)) { in verity_hash_for_block()
353 r = verity_verify_level(v, io, block, 0, true, digest); in verity_hash_for_block()
354 if (likely(r <= 0)) in verity_hash_for_block()
358 memcpy(digest, v->root_digest, v->digest_size); in verity_hash_for_block()
360 for (i = v->levels - 1; i >= 0; i--) { in verity_hash_for_block()
361 r = verity_verify_level(v, io, block, i, false, digest); in verity_hash_for_block()
366 if (!r && v->zero_digest) in verity_hash_for_block()
367 *is_zero = !memcmp(v->zero_digest, digest, v->digest_size); in verity_hash_for_block()
374 static noinline int verity_recheck(struct dm_verity *v, struct dm_verity_io *io, in verity_recheck() argument
384 page = mempool_alloc(&v->recheck_pool, GFP_NOIO); in verity_recheck()
391 io_req.client = v->io; in verity_recheck()
392 io_loc.bdev = v->data_dev->bdev; in verity_recheck()
393 io_loc.sector = cur_block << (v->data_dev_block_bits - SECTOR_SHIFT); in verity_recheck()
394 io_loc.count = 1 << (v->data_dev_block_bits - SECTOR_SHIFT); in verity_recheck()
399 r = verity_hash(v, io, buffer, 1 << v->data_dev_block_bits, in verity_recheck()
404 if (memcmp(io->tmp_digest, want_digest, v->digest_size)) { in verity_recheck()
409 memcpy(dest, buffer, 1 << v->data_dev_block_bits); in verity_recheck()
410 r = 0; in verity_recheck()
412 mempool_free(page, &v->recheck_pool); in verity_recheck()
417 static int verity_handle_data_hash_mismatch(struct dm_verity *v, in verity_handle_data_hash_mismatch() argument
433 if (verity_recheck(v, io, want_digest, blkno, data) == 0) { in verity_handle_data_hash_mismatch()
434 if (v->validated_blocks) in verity_handle_data_hash_mismatch()
435 set_bit(blkno, v->validated_blocks); in verity_handle_data_hash_mismatch()
436 return 0; in verity_handle_data_hash_mismatch()
439 if (verity_fec_decode(v, io, DM_VERITY_BLOCK_TYPE_DATA, want_digest, in verity_handle_data_hash_mismatch()
440 blkno, data) == 0) in verity_handle_data_hash_mismatch()
441 return 0; in verity_handle_data_hash_mismatch()
446 if (verity_handle_err(v, DM_VERITY_BLOCK_TYPE_DATA, blkno)) { in verity_handle_data_hash_mismatch()
448 dm_audit_log_bio(DM_MSG_PREFIX, "verify-data", bio, blkno, 0); in verity_handle_data_hash_mismatch()
451 return 0; in verity_handle_data_hash_mismatch()
458 for (i = io->num_pending - 1; i >= 0; i--) { in verity_clear_pending_blocks()
462 io->num_pending = 0; in verity_clear_pending_blocks()
465 static int verity_verify_pending_blocks(struct dm_verity *v, in verity_verify_pending_blocks() argument
469 const unsigned int block_size = 1 << v->data_dev_block_bits; in verity_verify_pending_blocks()
474 sha256_finup_2x(v->initial_hashstate.sha256, in verity_verify_pending_blocks()
475 io->pending_blocks[0].data, in verity_verify_pending_blocks()
477 io->pending_blocks[0].real_digest, in verity_verify_pending_blocks()
480 for (i = 0; i < io->num_pending; i++) { in verity_verify_pending_blocks()
481 r = verity_hash(v, io, io->pending_blocks[i].data, in verity_verify_pending_blocks()
489 for (i = 0; i < io->num_pending; i++) { in verity_verify_pending_blocks()
493 v->digest_size) == 0)) { in verity_verify_pending_blocks()
494 if (v->validated_blocks) in verity_verify_pending_blocks()
495 set_bit(block->blkno, v->validated_blocks); in verity_verify_pending_blocks()
497 r = verity_handle_data_hash_mismatch(v, io, bio, block); in verity_verify_pending_blocks()
503 return 0; in verity_verify_pending_blocks()
511 struct dm_verity *v = io->v; in verity_verify_io() local
512 const unsigned int block_size = 1 << v->data_dev_block_bits; in verity_verify_io()
513 const int max_pending = v->use_sha256_finup_2x ? 2 : 1; in verity_verify_io()
516 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_verify_io()
520 io->num_pending = 0; in verity_verify_io()
532 for (b = 0; b < io->n_blocks; in verity_verify_io()
540 if (v->validated_blocks && bio->bi_status == BLK_STS_OK && in verity_verify_io()
541 likely(test_bit(blkno, v->validated_blocks))) in verity_verify_io()
546 r = verity_hash_for_block(v, io, blkno, block->want_digest, in verity_verify_io()
548 if (unlikely(r < 0)) in verity_verify_io()
571 memset(data, 0, block_size); in verity_verify_io()
578 r = verity_verify_pending_blocks(v, io, bio); in verity_verify_io()
585 r = verity_verify_pending_blocks(v, io, bio); in verity_verify_io()
590 return 0; in verity_verify_io()
616 struct dm_verity *v = io->v; in verity_finish_io() local
617 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_finish_io()
629 if (v->error_mode == DM_VERITY_MODE_PANIC) { in verity_finish_io()
632 if (v->error_mode == DM_VERITY_MODE_RESTART) { in verity_finish_io()
634 queue_work(v->verify_wq, &restart_work); in verity_finish_io()
665 queue_work(io->v->verify_wq, &io->work); in verity_bh_work()
683 unsigned int bytes = io->n_blocks << io->v->data_dev_block_bits; in verity_end_io()
686 (!verity_fec_is_enabled(io->v) || in verity_end_io()
693 if (static_branch_unlikely(&use_bh_wq_enabled) && io->v->use_bh_wq && in verity_end_io()
703 queue_work(io->v->verify_wq, &io->work); in verity_end_io()
716 struct dm_verity *v = pw->v; in verity_prefetch_io() local
719 for (i = v->levels - 2; i >= 0; i--) { in verity_prefetch_io()
723 verity_hash_at_level(v, pw->block, i, &hash_block_start, NULL); in verity_prefetch_io()
724 verity_hash_at_level(v, pw->block + pw->n_blocks - 1, i, &hash_block_end, NULL); in verity_prefetch_io()
729 cluster >>= v->data_dev_block_bits; in verity_prefetch_io()
738 if (unlikely(hash_block_end >= v->hash_blocks)) in verity_prefetch_io()
739 hash_block_end = v->hash_blocks - 1; in verity_prefetch_io()
742 dm_bufio_prefetch_with_ioprio(v->bufio, hash_block_start, in verity_prefetch_io()
750 static void verity_submit_prefetch(struct dm_verity *v, struct dm_verity_io *io, in verity_submit_prefetch() argument
757 if (v->validated_blocks) { in verity_submit_prefetch()
758 while (n_blocks && test_bit(block, v->validated_blocks)) { in verity_submit_prefetch()
763 v->validated_blocks)) in verity_submit_prefetch()
776 pw->v = v; in verity_submit_prefetch()
780 queue_work(v->verify_wq, &pw->work); in verity_submit_prefetch()
789 struct dm_verity *v = ti->private; in verity_map() local
792 bio_set_dev(bio, v->data_dev->bdev); in verity_map()
793 bio->bi_iter.bi_sector = verity_map_sector(v, bio->bi_iter.bi_sector); in verity_map()
796 ((1 << (v->data_dev_block_bits - SECTOR_SHIFT)) - 1)) { in verity_map()
802 (v->data_dev_block_bits - SECTOR_SHIFT) > v->data_blocks) { in verity_map()
811 io->v = v; in verity_map()
813 io->block = bio->bi_iter.bi_sector >> (v->data_dev_block_bits - SECTOR_SHIFT); in verity_map()
814 io->n_blocks = bio->bi_iter.bi_size >> v->data_dev_block_bits; in verity_map()
823 verity_submit_prefetch(v, io, bio->bi_ioprio); in verity_map()
832 struct dm_verity *v = ti->private; in verity_postsuspend() local
833 flush_workqueue(v->verify_wq); in verity_postsuspend()
834 dm_bufio_client_reset(v->bufio); in verity_postsuspend()
838 * Status: V (valid) or C (corruption found)
843 struct dm_verity *v = ti->private; in verity_status() local
844 unsigned int args = 0; in verity_status()
845 unsigned int sz = 0; in verity_status()
850 DMEMIT("%c", v->hash_failed ? 'C' : 'V'); in verity_status()
851 if (verity_fec_is_enabled(v)) in verity_status()
852 DMEMIT(" %lld", atomic64_read(&v->fec->corrected)); in verity_status()
858 v->version, in verity_status()
859 v->data_dev->name, in verity_status()
860 v->hash_dev->name, in verity_status()
861 1 << v->data_dev_block_bits, in verity_status()
862 1 << v->hash_dev_block_bits, in verity_status()
863 (unsigned long long)v->data_blocks, in verity_status()
864 (unsigned long long)v->hash_start, in verity_status()
865 v->alg_name in verity_status()
867 for (x = 0; x < v->digest_size; x++) in verity_status()
868 DMEMIT("%02x", v->root_digest[x]); in verity_status()
870 if (!v->salt_size) in verity_status()
873 for (x = 0; x < v->salt_size; x++) in verity_status()
874 DMEMIT("%02x", v->salt[x]); in verity_status()
875 if (v->mode != DM_VERITY_MODE_EIO) in verity_status()
877 if (v->error_mode != DM_VERITY_MODE_EIO) in verity_status()
879 if (verity_fec_is_enabled(v)) in verity_status()
881 if (v->zero_digest) in verity_status()
883 if (v->validated_blocks) in verity_status()
885 if (v->use_bh_wq) in verity_status()
887 if (v->signature_key_desc) in verity_status()
892 if (v->mode != DM_VERITY_MODE_EIO) { in verity_status()
894 switch (v->mode) { in verity_status()
908 if (v->error_mode != DM_VERITY_MODE_EIO) { in verity_status()
910 switch (v->error_mode) { in verity_status()
921 if (v->zero_digest) in verity_status()
923 if (v->validated_blocks) in verity_status()
925 if (v->use_bh_wq) in verity_status()
927 sz = verity_fec_status_table(v, sz, result, maxlen); in verity_status()
928 if (v->signature_key_desc) in verity_status()
930 " %s", v->signature_key_desc); in verity_status()
935 DMEMIT(",hash_failed=%c", v->hash_failed ? 'C' : 'V'); in verity_status()
936 DMEMIT(",verity_version=%u", v->version); in verity_status()
937 DMEMIT(",data_device_name=%s", v->data_dev->name); in verity_status()
938 DMEMIT(",hash_device_name=%s", v->hash_dev->name); in verity_status()
939 DMEMIT(",verity_algorithm=%s", v->alg_name); in verity_status()
942 for (x = 0; x < v->digest_size; x++) in verity_status()
943 DMEMIT("%02x", v->root_digest[x]); in verity_status()
946 if (!v->salt_size) in verity_status()
949 for (x = 0; x < v->salt_size; x++) in verity_status()
950 DMEMIT("%02x", v->salt[x]); in verity_status()
952 DMEMIT(",ignore_zero_blocks=%c", v->zero_digest ? 'y' : 'n'); in verity_status()
953 DMEMIT(",check_at_most_once=%c", v->validated_blocks ? 'y' : 'n'); in verity_status()
954 if (v->signature_key_desc) in verity_status()
955 DMEMIT(",root_hash_sig_key_desc=%s", v->signature_key_desc); in verity_status()
957 if (v->mode != DM_VERITY_MODE_EIO) { in verity_status()
959 switch (v->mode) { in verity_status()
973 if (v->error_mode != DM_VERITY_MODE_EIO) { in verity_status()
975 switch (v->error_mode) { in verity_status()
995 struct dm_verity *v = ti->private; in verity_prepare_ioctl() local
997 *bdev = v->data_dev->bdev; in verity_prepare_ioctl()
999 if (ti->len != bdev_nr_sectors(v->data_dev->bdev)) in verity_prepare_ioctl()
1001 return 0; in verity_prepare_ioctl()
1007 struct dm_verity *v = ti->private; in verity_iterate_devices() local
1009 return fn(ti, v->data_dev, 0, ti->len, data); in verity_iterate_devices()
1014 struct dm_verity *v = ti->private; in verity_io_hints() local
1016 if (limits->logical_block_size < 1 << v->data_dev_block_bits) in verity_io_hints()
1017 limits->logical_block_size = 1 << v->data_dev_block_bits; in verity_io_hints()
1019 if (limits->physical_block_size < 1 << v->data_dev_block_bits) in verity_io_hints()
1020 limits->physical_block_size = 1 << v->data_dev_block_bits; in verity_io_hints()
1035 static int verity_init_sig(struct dm_verity *v, const void *sig, in verity_init_sig() argument
1038 v->sig_size = sig_size; in verity_init_sig()
1041 v->root_digest_sig = kmemdup(sig, v->sig_size, GFP_KERNEL); in verity_init_sig()
1042 if (!v->root_digest_sig) in verity_init_sig()
1046 return 0; in verity_init_sig()
1049 static void verity_free_sig(struct dm_verity *v) in verity_free_sig() argument
1051 kfree(v->root_digest_sig); in verity_free_sig()
1056 static inline int verity_init_sig(struct dm_verity *v, const void *sig, in verity_init_sig() argument
1059 return 0; in verity_init_sig()
1062 static inline void verity_free_sig(struct dm_verity *v) in verity_free_sig() argument
1070 struct dm_verity *v = ti->private; in verity_dtr() local
1072 if (v->verify_wq) in verity_dtr()
1073 destroy_workqueue(v->verify_wq); in verity_dtr()
1075 mempool_exit(&v->recheck_pool); in verity_dtr()
1076 if (v->io) in verity_dtr()
1077 dm_io_client_destroy(v->io); in verity_dtr()
1079 if (v->bufio) in verity_dtr()
1080 dm_bufio_client_destroy(v->bufio); in verity_dtr()
1082 kvfree(v->validated_blocks); in verity_dtr()
1083 kfree(v->salt); in verity_dtr()
1084 kfree(v->initial_hashstate.shash); in verity_dtr()
1085 kfree(v->root_digest); in verity_dtr()
1086 kfree(v->zero_digest); in verity_dtr()
1087 verity_free_sig(v); in verity_dtr()
1089 crypto_free_shash(v->shash_tfm); in verity_dtr()
1091 kfree(v->alg_name); in verity_dtr()
1093 if (v->hash_dev) in verity_dtr()
1094 dm_put_device(ti, v->hash_dev); in verity_dtr()
1096 if (v->data_dev) in verity_dtr()
1097 dm_put_device(ti, v->data_dev); in verity_dtr()
1099 verity_fec_dtr(v); in verity_dtr()
1101 kfree(v->signature_key_desc); in verity_dtr()
1103 if (v->use_bh_wq) in verity_dtr()
1106 kfree(v); in verity_dtr()
1111 static int verity_alloc_most_once(struct dm_verity *v) in verity_alloc_most_once() argument
1113 struct dm_target *ti = v->ti; in verity_alloc_most_once()
1115 if (v->validated_blocks) in verity_alloc_most_once()
1116 return 0; in verity_alloc_most_once()
1119 if (v->data_blocks > INT_MAX) { in verity_alloc_most_once()
1124 v->validated_blocks = kvcalloc(BITS_TO_LONGS(v->data_blocks), in verity_alloc_most_once()
1127 if (!v->validated_blocks) { in verity_alloc_most_once()
1132 return 0; in verity_alloc_most_once()
1135 static int verity_alloc_zero_digest(struct dm_verity *v) in verity_alloc_zero_digest() argument
1141 if (v->zero_digest) in verity_alloc_zero_digest()
1142 return 0; in verity_alloc_zero_digest()
1144 v->zero_digest = kmalloc(v->digest_size, GFP_KERNEL); in verity_alloc_zero_digest()
1146 if (!v->zero_digest) in verity_alloc_zero_digest()
1149 io = kmalloc(v->ti->per_io_data_size, GFP_KERNEL); in verity_alloc_zero_digest()
1154 zero_data = kzalloc(1 << v->data_dev_block_bits, GFP_KERNEL); in verity_alloc_zero_digest()
1159 r = verity_hash(v, io, zero_data, 1 << v->data_dev_block_bits, in verity_alloc_zero_digest()
1160 v->zero_digest); in verity_alloc_zero_digest()
1176 static int verity_parse_verity_mode(struct dm_verity *v, const char *arg_name) in verity_parse_verity_mode() argument
1178 if (v->mode) in verity_parse_verity_mode()
1182 v->mode = DM_VERITY_MODE_LOGGING; in verity_parse_verity_mode()
1184 v->mode = DM_VERITY_MODE_RESTART; in verity_parse_verity_mode()
1186 v->mode = DM_VERITY_MODE_PANIC; in verity_parse_verity_mode()
1188 return 0; in verity_parse_verity_mode()
1197 static int verity_parse_verity_error_mode(struct dm_verity *v, const char *arg_name) in verity_parse_verity_error_mode() argument
1199 if (v->error_mode) in verity_parse_verity_error_mode()
1203 v->error_mode = DM_VERITY_MODE_RESTART; in verity_parse_verity_error_mode()
1205 v->error_mode = DM_VERITY_MODE_PANIC; in verity_parse_verity_error_mode()
1207 return 0; in verity_parse_verity_error_mode()
1210 static int verity_parse_opt_args(struct dm_arg_set *as, struct dm_verity *v, in verity_parse_opt_args() argument
1214 int r = 0; in verity_parse_opt_args()
1216 struct dm_target *ti = v->ti; in verity_parse_opt_args()
1220 {0, DM_VERITY_OPTS_MAX, "Invalid number of feature args"}, in verity_parse_opt_args()
1228 return 0; in verity_parse_opt_args()
1237 r = verity_parse_verity_mode(v, arg_name); in verity_parse_opt_args()
1247 r = verity_parse_verity_error_mode(v, arg_name); in verity_parse_opt_args()
1257 r = verity_alloc_zero_digest(v); in verity_parse_opt_args()
1267 r = verity_alloc_most_once(v); in verity_parse_opt_args()
1273 v->use_bh_wq = true; in verity_parse_opt_args()
1280 r = verity_fec_parse_opt_args(as, v, &argc, arg_name); in verity_parse_opt_args()
1288 r = verity_verify_sig_parse_opt_args(as, v, in verity_parse_opt_args()
1313 static int verity_setup_hash_alg(struct dm_verity *v, const char *alg_name) in verity_setup_hash_alg() argument
1315 struct dm_target *ti = v->ti; in verity_setup_hash_alg()
1318 v->alg_name = kstrdup(alg_name, GFP_KERNEL); in verity_setup_hash_alg()
1319 if (!v->alg_name) { in verity_setup_hash_alg()
1324 shash = crypto_alloc_shash(alg_name, 0, 0); in verity_setup_hash_alg()
1329 v->shash_tfm = shash; in verity_setup_hash_alg()
1330 v->digest_size = crypto_shash_digestsize(shash); in verity_setup_hash_alg()
1331 if ((1 << v->hash_dev_block_bits) < v->digest_size * 2) { in verity_setup_hash_alg()
1335 if (likely(v->version && strcmp(alg_name, "sha256") == 0)) { in verity_setup_hash_alg()
1340 v->use_sha256_lib = true; in verity_setup_hash_alg()
1342 v->use_sha256_finup_2x = true; in verity_setup_hash_alg()
1351 return 0; in verity_setup_hash_alg()
1354 static int verity_setup_salt_and_hashstate(struct dm_verity *v, const char *arg) in verity_setup_salt_and_hashstate() argument
1356 struct dm_target *ti = v->ti; in verity_setup_salt_and_hashstate()
1358 if (strcmp(arg, "-") != 0) { in verity_setup_salt_and_hashstate()
1359 v->salt_size = strlen(arg) / 2; in verity_setup_salt_and_hashstate()
1360 v->salt = kmalloc(v->salt_size, GFP_KERNEL); in verity_setup_salt_and_hashstate()
1361 if (!v->salt) { in verity_setup_salt_and_hashstate()
1365 if (strlen(arg) != v->salt_size * 2 || in verity_setup_salt_and_hashstate()
1366 hex2bin(v->salt, arg, v->salt_size)) { in verity_setup_salt_and_hashstate()
1371 if (likely(v->use_sha256_lib)) { in verity_setup_salt_and_hashstate()
1373 v->initial_hashstate.sha256 = in verity_setup_salt_and_hashstate()
1375 if (!v->initial_hashstate.sha256) { in verity_setup_salt_and_hashstate()
1379 sha256_init(v->initial_hashstate.sha256); in verity_setup_salt_and_hashstate()
1380 sha256_update(v->initial_hashstate.sha256, in verity_setup_salt_and_hashstate()
1381 v->salt, v->salt_size); in verity_setup_salt_and_hashstate()
1382 } else if (v->version) { /* Version 1: salt at beginning */ in verity_setup_salt_and_hashstate()
1383 SHASH_DESC_ON_STACK(desc, v->shash_tfm); in verity_setup_salt_and_hashstate()
1390 v->initial_hashstate.shash = kmalloc( in verity_setup_salt_and_hashstate()
1391 crypto_shash_statesize(v->shash_tfm), GFP_KERNEL); in verity_setup_salt_and_hashstate()
1392 if (!v->initial_hashstate.shash) { in verity_setup_salt_and_hashstate()
1396 desc->tfm = v->shash_tfm; in verity_setup_salt_and_hashstate()
1398 crypto_shash_update(desc, v->salt, v->salt_size) ?: in verity_setup_salt_and_hashstate()
1399 crypto_shash_export(desc, v->initial_hashstate.shash); in verity_setup_salt_and_hashstate()
1405 return 0; in verity_setup_salt_and_hashstate()
1411 * Vsn 0 is compatible with original Chromium OS releases.
1424 struct dm_verity *v; in verity_ctr() local
1425 struct dm_verity_sig_opts verify_args = {0}; in verity_ctr()
1435 v = kzalloc(sizeof(struct dm_verity), GFP_KERNEL); in verity_ctr()
1436 if (!v) { in verity_ctr()
1440 ti->private = v; in verity_ctr()
1441 v->ti = ti; in verity_ctr()
1443 r = verity_fec_ctr_alloc(v); in verity_ctr()
1463 r = verity_parse_opt_args(&as, v, &verify_args, true); in verity_ctr()
1464 if (r < 0) in verity_ctr()
1468 if (sscanf(argv[0], "%u%c", &num, &dummy) != 1 || in verity_ctr()
1474 v->version = num; in verity_ctr()
1476 r = dm_get_device(ti, argv[1], BLK_OPEN_READ, &v->data_dev); in verity_ctr()
1482 r = dm_get_device(ti, argv[2], BLK_OPEN_READ, &v->hash_dev); in verity_ctr()
1490 num < bdev_logical_block_size(v->data_dev->bdev) || in verity_ctr()
1496 v->data_dev_block_bits = __ffs(num); in verity_ctr()
1500 num < bdev_logical_block_size(v->hash_dev->bdev) || in verity_ctr()
1506 v->hash_dev_block_bits = __ffs(num); in verity_ctr()
1509 (sector_t)(num_ll << (v->data_dev_block_bits - SECTOR_SHIFT)) in verity_ctr()
1510 >> (v->data_dev_block_bits - SECTOR_SHIFT) != num_ll) { in verity_ctr()
1515 v->data_blocks = num_ll; in verity_ctr()
1517 if (ti->len > (v->data_blocks << (v->data_dev_block_bits - SECTOR_SHIFT))) { in verity_ctr()
1524 (sector_t)(num_ll << (v->hash_dev_block_bits - SECTOR_SHIFT)) in verity_ctr()
1525 >> (v->hash_dev_block_bits - SECTOR_SHIFT) != num_ll) { in verity_ctr()
1530 v->hash_start = num_ll; in verity_ctr()
1532 r = verity_setup_hash_alg(v, argv[7]); in verity_ctr()
1536 v->root_digest = kmalloc(v->digest_size, GFP_KERNEL); in verity_ctr()
1537 if (!v->root_digest) { in verity_ctr()
1542 if (strlen(argv[8]) != v->digest_size * 2 || in verity_ctr()
1543 hex2bin(v->root_digest, argv[8], v->digest_size)) { in verity_ctr()
1550 r = verity_setup_salt_and_hashstate(v, argv[9]); in verity_ctr()
1561 r = verity_parse_opt_args(&as, v, &verify_args, false); in verity_ctr()
1562 if (r < 0) in verity_ctr()
1571 if (r < 0) { in verity_ctr()
1576 r = verity_init_sig(v, verify_args.sig, verify_args.sig_size); in verity_ctr()
1577 if (r < 0) { in verity_ctr()
1582 v->hash_per_block_bits = in verity_ctr()
1583 __fls((1 << v->hash_dev_block_bits) / v->digest_size); in verity_ctr()
1585 v->levels = 0; in verity_ctr()
1586 if (v->data_blocks) in verity_ctr()
1587 while (v->hash_per_block_bits * v->levels < 64 && in verity_ctr()
1588 (unsigned long long)(v->data_blocks - 1) >> in verity_ctr()
1589 (v->hash_per_block_bits * v->levels)) in verity_ctr()
1590 v->levels++; in verity_ctr()
1592 if (v->levels > DM_VERITY_MAX_LEVELS) { in verity_ctr()
1598 hash_position = v->hash_start; in verity_ctr()
1599 for (i = v->levels - 1; i >= 0; i--) { in verity_ctr()
1602 v->hash_level_block[i] = hash_position; in verity_ctr()
1603 s = (v->data_blocks + ((sector_t)1 << ((i + 1) * v->hash_per_block_bits)) - 1) in verity_ctr()
1604 >> ((i + 1) * v->hash_per_block_bits); in verity_ctr()
1612 v->hash_blocks = hash_position; in verity_ctr()
1614 r = mempool_init_page_pool(&v->recheck_pool, 1, 0); in verity_ctr()
1620 v->io = dm_io_client_create(); in verity_ctr()
1621 if (IS_ERR(v->io)) { in verity_ctr()
1622 r = PTR_ERR(v->io); in verity_ctr()
1623 v->io = NULL; in verity_ctr()
1628 v->bufio = dm_bufio_client_create(v->hash_dev->bdev, in verity_ctr()
1629 1 << v->hash_dev_block_bits, 1, sizeof(struct buffer_aux), in verity_ctr()
1631 v->use_bh_wq ? DM_BUFIO_CLIENT_NO_SLEEP : 0); in verity_ctr()
1632 if (IS_ERR(v->bufio)) { in verity_ctr()
1634 r = PTR_ERR(v->bufio); in verity_ctr()
1635 v->bufio = NULL; in verity_ctr()
1639 if (dm_bufio_get_device_size(v->bufio) < v->hash_blocks) { in verity_ctr()
1654 v->verify_wq = alloc_workqueue("kverityd", WQ_MEM_RECLAIM | WQ_HIGHPRI, 0); in verity_ctr()
1655 if (!v->verify_wq) { in verity_ctr()
1661 r = verity_fec_ctr(v); in verity_ctr()
1672 return 0; in verity_ctr()
1677 dm_audit_log_ctr(DM_MSG_PREFIX, ti, 0); in verity_ctr()
1691 struct dm_verity *v = ti->private; in dm_verity_get_mode() local
1696 return v->mode; in dm_verity_get_mode()
1707 struct dm_verity *v = ti->private; in dm_verity_get_root_digest() local
1712 *root_digest = kmemdup(v->root_digest, v->digest_size, GFP_KERNEL); in dm_verity_get_root_digest()
1716 *digest_size = v->digest_size; in dm_verity_get_root_digest()
1718 return 0; in dm_verity_get_root_digest()
1726 struct dm_verity *v) in verity_security_set_signature() argument
1729 * if the dm-verity target is unsigned, v->root_digest_sig will in verity_security_set_signature()
1736 v->root_digest_sig, in verity_security_set_signature()
1737 v->sig_size); in verity_security_set_signature()
1743 struct dm_verity *v) in verity_security_set_signature() argument
1745 return 0; in verity_security_set_signature()
1753 * Returns 0 on success, or -ENOMEM if the system is out of memory.
1759 struct dm_verity *v; in verity_preresume() local
1762 v = ti->private; in verity_preresume()
1764 root_digest.digest = v->root_digest; in verity_preresume()
1765 root_digest.digest_len = v->digest_size; in verity_preresume()
1766 root_digest.alg = crypto_shash_alg_name(v->shash_tfm); in verity_preresume()
1773 r = verity_security_set_signature(bdev, v); in verity_preresume()
1777 return 0; in verity_preresume()
1781 security_bdev_setintegrity(bdev, LSM_INT_DMVERITY_ROOTHASH, NULL, 0); in verity_preresume()
1792 .version = {1, 13, 0},