Lines Matching +full:1 +full:v
65 struct dm_verity *v; member
76 * it can be changed to 1 and it is never reset to 0 again.
80 * and write 1 to hash_verified simultaneously.
100 static sector_t verity_map_sector(struct dm_verity *v, sector_t bi_sector) in verity_map_sector() argument
102 return dm_target_offset(v->ti, bi_sector); in verity_map_sector()
111 static sector_t verity_position_at_level(struct dm_verity *v, sector_t block, in verity_position_at_level() argument
114 return block >> (level * v->hash_per_block_bits); in verity_position_at_level()
117 int verity_hash(struct dm_verity *v, struct dm_verity_io *io, in verity_hash() argument
123 desc->tfm = v->shash_tfm; in verity_hash()
124 if (unlikely(v->initial_hashstate == NULL)) { in verity_hash()
128 crypto_shash_update(desc, v->salt, v->salt_size) ?: in verity_hash()
131 /* Version 1: salt at beginning */ in verity_hash()
132 r = crypto_shash_import(desc, v->initial_hashstate) ?: in verity_hash()
140 static void verity_hash_at_level(struct dm_verity *v, sector_t block, int level, in verity_hash_at_level() argument
143 sector_t position = verity_position_at_level(v, block, level); in verity_hash_at_level()
146 *hash_block = v->hash_level_block[level] + (position >> v->hash_per_block_bits); in verity_hash_at_level()
151 idx = position & ((1 << v->hash_per_block_bits) - 1); in verity_hash_at_level()
152 if (!v->version) in verity_hash_at_level()
153 *offset = idx * v->digest_size; in verity_hash_at_level()
155 *offset = idx << (v->hash_dev_block_bits - v->hash_per_block_bits); in verity_hash_at_level()
161 static int verity_handle_err(struct dm_verity *v, enum verity_block_type type, in verity_handle_err() argument
167 struct mapped_device *md = dm_table_get_md(v->ti->table); in verity_handle_err()
170 v->hash_failed = true; in verity_handle_err()
172 if (v->corrupted_errs >= DM_VERITY_MAX_CORRUPTED_ERRS) in verity_handle_err()
175 v->corrupted_errs++; in verity_handle_err()
188 DMERR_LIMIT("%s: %s block %llu is corrupted", v->data_dev->name, in verity_handle_err()
191 if (v->corrupted_errs == DM_VERITY_MAX_CORRUPTED_ERRS) { in verity_handle_err()
192 DMERR("%s: reached maximum errors", v->data_dev->name); in verity_handle_err()
193 dm_audit_log_target(DM_MSG_PREFIX, "max-corrupted-errors", v->ti, 0); in verity_handle_err()
202 if (v->mode == DM_VERITY_MODE_LOGGING) in verity_handle_err()
205 if (v->mode == DM_VERITY_MODE_RESTART) in verity_handle_err()
208 if (v->mode == DM_VERITY_MODE_PANIC) in verity_handle_err()
211 return 1; in verity_handle_err()
218 * On successful return, verity_io_want_digest(v, io) contains the hash value
221 * If "skip_unverified" is true, unverified buffer is skipped and 1 is returned.
223 * against current value of verity_io_want_digest(v, io).
225 static int verity_verify_level(struct dm_verity *v, struct dm_verity_io *io, in verity_verify_level() argument
235 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_verify_level()
237 verity_hash_at_level(v, block, level, &hash_block, &offset); in verity_verify_level()
240 data = dm_bufio_get(v->bufio, hash_block, &buf); in verity_verify_level()
250 data = dm_bufio_read_with_ioprio(v->bufio, hash_block, in verity_verify_level()
256 return 1; in verity_verify_level()
258 data = dm_bufio_new(v->bufio, hash_block, &buf); in verity_verify_level()
261 if (verity_fec_decode(v, io, DM_VERITY_BLOCK_TYPE_METADATA, in verity_verify_level()
264 aux->hash_verified = 1; in verity_verify_level()
268 dm_bufio_forget(v->bufio, hash_block); in verity_verify_level()
277 r = 1; in verity_verify_level()
281 r = verity_hash(v, io, data, 1 << v->hash_dev_block_bits, in verity_verify_level()
282 verity_io_real_digest(v, io)); in verity_verify_level()
286 if (likely(memcmp(verity_io_real_digest(v, io), want_digest, in verity_verify_level()
287 v->digest_size) == 0)) in verity_verify_level()
288 aux->hash_verified = 1; in verity_verify_level()
296 } else if (verity_fec_decode(v, io, DM_VERITY_BLOCK_TYPE_METADATA, in verity_verify_level()
298 aux->hash_verified = 1; in verity_verify_level()
299 else if (verity_handle_err(v, in verity_verify_level()
304 bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_verify_level()
314 memcpy(want_digest, data, v->digest_size); in verity_verify_level()
326 int verity_hash_for_block(struct dm_verity *v, struct dm_verity_io *io, in verity_hash_for_block() argument
331 if (likely(v->levels)) { in verity_hash_for_block()
336 * function returns 1 and we fall back to whole in verity_hash_for_block()
339 r = verity_verify_level(v, io, block, 0, true, digest); in verity_hash_for_block()
344 memcpy(digest, v->root_digest, v->digest_size); in verity_hash_for_block()
346 for (i = v->levels - 1; i >= 0; i--) { in verity_hash_for_block()
347 r = verity_verify_level(v, io, block, i, false, digest); in verity_hash_for_block()
352 if (!r && v->zero_digest) in verity_hash_for_block()
353 *is_zero = !memcmp(v->zero_digest, digest, v->digest_size); in verity_hash_for_block()
360 static noinline int verity_recheck(struct dm_verity *v, struct dm_verity_io *io, in verity_recheck() argument
369 page = mempool_alloc(&v->recheck_pool, GFP_NOIO); in verity_recheck()
376 io_req.client = v->io; in verity_recheck()
377 io_loc.bdev = v->data_dev->bdev; in verity_recheck()
378 io_loc.sector = cur_block << (v->data_dev_block_bits - SECTOR_SHIFT); in verity_recheck()
379 io_loc.count = 1 << (v->data_dev_block_bits - SECTOR_SHIFT); in verity_recheck()
380 r = dm_io(&io_req, 1, &io_loc, NULL, IOPRIO_DEFAULT); in verity_recheck()
384 r = verity_hash(v, io, buffer, 1 << v->data_dev_block_bits, in verity_recheck()
385 verity_io_real_digest(v, io)); in verity_recheck()
389 if (memcmp(verity_io_real_digest(v, io), in verity_recheck()
390 verity_io_want_digest(v, io), v->digest_size)) { in verity_recheck()
395 memcpy(dest, buffer, 1 << v->data_dev_block_bits); in verity_recheck()
398 mempool_free(page, &v->recheck_pool); in verity_recheck()
403 static int verity_handle_data_hash_mismatch(struct dm_verity *v, in verity_handle_data_hash_mismatch() argument
415 if (verity_recheck(v, io, blkno, data) == 0) { in verity_handle_data_hash_mismatch()
416 if (v->validated_blocks) in verity_handle_data_hash_mismatch()
417 set_bit(blkno, v->validated_blocks); in verity_handle_data_hash_mismatch()
421 if (verity_fec_decode(v, io, DM_VERITY_BLOCK_TYPE_DATA, blkno, in verity_handle_data_hash_mismatch()
428 if (verity_handle_err(v, DM_VERITY_BLOCK_TYPE_DATA, blkno)) { in verity_handle_data_hash_mismatch()
441 struct dm_verity *v = io->v; in verity_verify_io() local
442 const unsigned int block_size = 1 << v->data_dev_block_bits; in verity_verify_io()
445 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_verify_io()
466 if (v->validated_blocks && bio->bi_status == BLK_STS_OK && in verity_verify_io()
467 likely(test_bit(cur_block, v->validated_blocks))) in verity_verify_io()
470 r = verity_hash_for_block(v, io, cur_block, in verity_verify_io()
471 verity_io_want_digest(v, io), in verity_verify_io()
481 * size minus 1, and dm-verity also doesn't allow the in verity_verify_io()
500 r = verity_hash(v, io, data, block_size, in verity_verify_io()
501 verity_io_real_digest(v, io)); in verity_verify_io()
507 if (likely(memcmp(verity_io_real_digest(v, io), in verity_verify_io()
508 verity_io_want_digest(v, io), v->digest_size) == 0)) { in verity_verify_io()
509 if (v->validated_blocks) in verity_verify_io()
510 set_bit(cur_block, v->validated_blocks); in verity_verify_io()
514 r = verity_handle_data_hash_mismatch(v, io, bio, cur_block, in verity_verify_io()
543 struct dm_verity *v = io->v; in verity_finish_io() local
544 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); in verity_finish_io()
556 if (v->error_mode == DM_VERITY_MODE_PANIC) { in verity_finish_io()
559 if (v->error_mode == DM_VERITY_MODE_RESTART) { in verity_finish_io()
561 queue_work(v->verify_wq, &restart_work); in verity_finish_io()
592 queue_work(io->v->verify_wq, &io->work); in verity_bh_work()
610 unsigned int bytes = io->n_blocks << io->v->data_dev_block_bits; in verity_end_io()
613 (!verity_fec_is_enabled(io->v) || in verity_end_io()
620 if (static_branch_unlikely(&use_bh_wq_enabled) && io->v->use_bh_wq && in verity_end_io()
630 queue_work(io->v->verify_wq, &io->work); in verity_end_io()
643 struct dm_verity *v = pw->v; in verity_prefetch_io() local
646 for (i = v->levels - 2; i >= 0; i--) { in verity_prefetch_io()
650 verity_hash_at_level(v, pw->block, i, &hash_block_start, NULL); in verity_prefetch_io()
651 verity_hash_at_level(v, pw->block + pw->n_blocks - 1, i, &hash_block_end, NULL); in verity_prefetch_io()
656 cluster >>= v->data_dev_block_bits; in verity_prefetch_io()
660 if (unlikely(cluster & (cluster - 1))) in verity_prefetch_io()
661 cluster = 1 << __fls(cluster); in verity_prefetch_io()
663 hash_block_start &= ~(sector_t)(cluster - 1); in verity_prefetch_io()
664 hash_block_end |= cluster - 1; in verity_prefetch_io()
665 if (unlikely(hash_block_end >= v->hash_blocks)) in verity_prefetch_io()
666 hash_block_end = v->hash_blocks - 1; in verity_prefetch_io()
669 dm_bufio_prefetch_with_ioprio(v->bufio, hash_block_start, in verity_prefetch_io()
670 hash_block_end - hash_block_start + 1, in verity_prefetch_io()
677 static void verity_submit_prefetch(struct dm_verity *v, struct dm_verity_io *io, in verity_submit_prefetch() argument
684 if (v->validated_blocks) { in verity_submit_prefetch()
685 while (n_blocks && test_bit(block, v->validated_blocks)) { in verity_submit_prefetch()
689 while (n_blocks && test_bit(block + n_blocks - 1, in verity_submit_prefetch()
690 v->validated_blocks)) in verity_submit_prefetch()
703 pw->v = v; in verity_submit_prefetch()
707 queue_work(v->verify_wq, &pw->work); in verity_submit_prefetch()
716 struct dm_verity *v = ti->private; in verity_map() local
719 bio_set_dev(bio, v->data_dev->bdev); in verity_map()
720 bio->bi_iter.bi_sector = verity_map_sector(v, bio->bi_iter.bi_sector); in verity_map()
723 ((1 << (v->data_dev_block_bits - SECTOR_SHIFT)) - 1)) { in verity_map()
729 (v->data_dev_block_bits - SECTOR_SHIFT) > v->data_blocks) { in verity_map()
738 io->v = v; in verity_map()
740 io->block = bio->bi_iter.bi_sector >> (v->data_dev_block_bits - SECTOR_SHIFT); in verity_map()
741 io->n_blocks = bio->bi_iter.bi_size >> v->data_dev_block_bits; in verity_map()
750 verity_submit_prefetch(v, io, bio->bi_ioprio); in verity_map()
759 struct dm_verity *v = ti->private; in verity_postsuspend() local
760 flush_workqueue(v->verify_wq); in verity_postsuspend()
761 dm_bufio_client_reset(v->bufio); in verity_postsuspend()
765 * Status: V (valid) or C (corruption found)
770 struct dm_verity *v = ti->private; in verity_status() local
777 DMEMIT("%c", v->hash_failed ? 'C' : 'V'); in verity_status()
781 v->version, in verity_status()
782 v->data_dev->name, in verity_status()
783 v->hash_dev->name, in verity_status()
784 1 << v->data_dev_block_bits, in verity_status()
785 1 << v->hash_dev_block_bits, in verity_status()
786 (unsigned long long)v->data_blocks, in verity_status()
787 (unsigned long long)v->hash_start, in verity_status()
788 v->alg_name in verity_status()
790 for (x = 0; x < v->digest_size; x++) in verity_status()
791 DMEMIT("%02x", v->root_digest[x]); in verity_status()
793 if (!v->salt_size) in verity_status()
796 for (x = 0; x < v->salt_size; x++) in verity_status()
797 DMEMIT("%02x", v->salt[x]); in verity_status()
798 if (v->mode != DM_VERITY_MODE_EIO) in verity_status()
800 if (v->error_mode != DM_VERITY_MODE_EIO) in verity_status()
802 if (verity_fec_is_enabled(v)) in verity_status()
804 if (v->zero_digest) in verity_status()
806 if (v->validated_blocks) in verity_status()
808 if (v->use_bh_wq) in verity_status()
810 if (v->signature_key_desc) in verity_status()
815 if (v->mode != DM_VERITY_MODE_EIO) { in verity_status()
817 switch (v->mode) { in verity_status()
831 if (v->error_mode != DM_VERITY_MODE_EIO) { in verity_status()
833 switch (v->error_mode) { in verity_status()
844 if (v->zero_digest) in verity_status()
846 if (v->validated_blocks) in verity_status()
848 if (v->use_bh_wq) in verity_status()
850 sz = verity_fec_status_table(v, sz, result, maxlen); in verity_status()
851 if (v->signature_key_desc) in verity_status()
853 " %s", v->signature_key_desc); in verity_status()
858 DMEMIT(",hash_failed=%c", v->hash_failed ? 'C' : 'V'); in verity_status()
859 DMEMIT(",verity_version=%u", v->version); in verity_status()
860 DMEMIT(",data_device_name=%s", v->data_dev->name); in verity_status()
861 DMEMIT(",hash_device_name=%s", v->hash_dev->name); in verity_status()
862 DMEMIT(",verity_algorithm=%s", v->alg_name); in verity_status()
865 for (x = 0; x < v->digest_size; x++) in verity_status()
866 DMEMIT("%02x", v->root_digest[x]); in verity_status()
869 if (!v->salt_size) in verity_status()
872 for (x = 0; x < v->salt_size; x++) in verity_status()
873 DMEMIT("%02x", v->salt[x]); in verity_status()
875 DMEMIT(",ignore_zero_blocks=%c", v->zero_digest ? 'y' : 'n'); in verity_status()
876 DMEMIT(",check_at_most_once=%c", v->validated_blocks ? 'y' : 'n'); in verity_status()
877 if (v->signature_key_desc) in verity_status()
878 DMEMIT(",root_hash_sig_key_desc=%s", v->signature_key_desc); in verity_status()
880 if (v->mode != DM_VERITY_MODE_EIO) { in verity_status()
882 switch (v->mode) { in verity_status()
896 if (v->error_mode != DM_VERITY_MODE_EIO) { in verity_status()
898 switch (v->error_mode) { in verity_status()
918 struct dm_verity *v = ti->private; in verity_prepare_ioctl() local
920 *bdev = v->data_dev->bdev; in verity_prepare_ioctl()
922 if (ti->len != bdev_nr_sectors(v->data_dev->bdev)) in verity_prepare_ioctl()
923 return 1; in verity_prepare_ioctl()
930 struct dm_verity *v = ti->private; in verity_iterate_devices() local
932 return fn(ti, v->data_dev, 0, ti->len, data); in verity_iterate_devices()
937 struct dm_verity *v = ti->private; in verity_io_hints() local
939 if (limits->logical_block_size < 1 << v->data_dev_block_bits) in verity_io_hints()
940 limits->logical_block_size = 1 << v->data_dev_block_bits; in verity_io_hints()
942 if (limits->physical_block_size < 1 << v->data_dev_block_bits) in verity_io_hints()
943 limits->physical_block_size = 1 << v->data_dev_block_bits; in verity_io_hints()
953 limits->dma_alignment = limits->logical_block_size - 1; in verity_io_hints()
958 static int verity_init_sig(struct dm_verity *v, const void *sig, in verity_init_sig() argument
961 v->sig_size = sig_size; in verity_init_sig()
964 v->root_digest_sig = kmemdup(sig, v->sig_size, GFP_KERNEL); in verity_init_sig()
965 if (!v->root_digest_sig) in verity_init_sig()
972 static void verity_free_sig(struct dm_verity *v) in verity_free_sig() argument
974 kfree(v->root_digest_sig); in verity_free_sig()
979 static inline int verity_init_sig(struct dm_verity *v, const void *sig, in verity_init_sig() argument
985 static inline void verity_free_sig(struct dm_verity *v) in verity_free_sig() argument
993 struct dm_verity *v = ti->private; in verity_dtr() local
995 if (v->verify_wq) in verity_dtr()
996 destroy_workqueue(v->verify_wq); in verity_dtr()
998 mempool_exit(&v->recheck_pool); in verity_dtr()
999 if (v->io) in verity_dtr()
1000 dm_io_client_destroy(v->io); in verity_dtr()
1002 if (v->bufio) in verity_dtr()
1003 dm_bufio_client_destroy(v->bufio); in verity_dtr()
1005 kvfree(v->validated_blocks); in verity_dtr()
1006 kfree(v->salt); in verity_dtr()
1007 kfree(v->initial_hashstate); in verity_dtr()
1008 kfree(v->root_digest); in verity_dtr()
1009 kfree(v->zero_digest); in verity_dtr()
1010 verity_free_sig(v); in verity_dtr()
1012 crypto_free_shash(v->shash_tfm); in verity_dtr()
1014 kfree(v->alg_name); in verity_dtr()
1016 if (v->hash_dev) in verity_dtr()
1017 dm_put_device(ti, v->hash_dev); in verity_dtr()
1019 if (v->data_dev) in verity_dtr()
1020 dm_put_device(ti, v->data_dev); in verity_dtr()
1022 verity_fec_dtr(v); in verity_dtr()
1024 kfree(v->signature_key_desc); in verity_dtr()
1026 if (v->use_bh_wq) in verity_dtr()
1029 kfree(v); in verity_dtr()
1031 dm_audit_log_dtr(DM_MSG_PREFIX, ti, 1); in verity_dtr()
1034 static int verity_alloc_most_once(struct dm_verity *v) in verity_alloc_most_once() argument
1036 struct dm_target *ti = v->ti; in verity_alloc_most_once()
1038 if (v->validated_blocks) in verity_alloc_most_once()
1042 if (v->data_blocks > INT_MAX) { in verity_alloc_most_once()
1047 v->validated_blocks = kvcalloc(BITS_TO_LONGS(v->data_blocks), in verity_alloc_most_once()
1050 if (!v->validated_blocks) { in verity_alloc_most_once()
1058 static int verity_alloc_zero_digest(struct dm_verity *v) in verity_alloc_zero_digest() argument
1064 if (v->zero_digest) in verity_alloc_zero_digest()
1067 v->zero_digest = kmalloc(v->digest_size, GFP_KERNEL); in verity_alloc_zero_digest()
1069 if (!v->zero_digest) in verity_alloc_zero_digest()
1072 io = kmalloc(sizeof(*io) + crypto_shash_descsize(v->shash_tfm), in verity_alloc_zero_digest()
1078 zero_data = kzalloc(1 << v->data_dev_block_bits, GFP_KERNEL); in verity_alloc_zero_digest()
1083 r = verity_hash(v, io, zero_data, 1 << v->data_dev_block_bits, in verity_alloc_zero_digest()
1084 v->zero_digest); in verity_alloc_zero_digest()
1100 static int verity_parse_verity_mode(struct dm_verity *v, const char *arg_name) in verity_parse_verity_mode() argument
1102 if (v->mode) in verity_parse_verity_mode()
1106 v->mode = DM_VERITY_MODE_LOGGING; in verity_parse_verity_mode()
1108 v->mode = DM_VERITY_MODE_RESTART; in verity_parse_verity_mode()
1110 v->mode = DM_VERITY_MODE_PANIC; in verity_parse_verity_mode()
1121 static int verity_parse_verity_error_mode(struct dm_verity *v, const char *arg_name) in verity_parse_verity_error_mode() argument
1123 if (v->error_mode) in verity_parse_verity_error_mode()
1127 v->error_mode = DM_VERITY_MODE_RESTART; in verity_parse_verity_error_mode()
1129 v->error_mode = DM_VERITY_MODE_PANIC; in verity_parse_verity_error_mode()
1134 static int verity_parse_opt_args(struct dm_arg_set *as, struct dm_verity *v, in verity_parse_opt_args() argument
1140 struct dm_target *ti = v->ti; in verity_parse_opt_args()
1161 r = verity_parse_verity_mode(v, arg_name); in verity_parse_opt_args()
1171 r = verity_parse_verity_error_mode(v, arg_name); in verity_parse_opt_args()
1181 r = verity_alloc_zero_digest(v); in verity_parse_opt_args()
1191 r = verity_alloc_most_once(v); in verity_parse_opt_args()
1197 v->use_bh_wq = true; in verity_parse_opt_args()
1204 r = verity_fec_parse_opt_args(as, v, &argc, arg_name); in verity_parse_opt_args()
1212 r = verity_verify_sig_parse_opt_args(as, v, in verity_parse_opt_args()
1237 static int verity_setup_hash_alg(struct dm_verity *v, const char *alg_name) in verity_setup_hash_alg() argument
1239 struct dm_target *ti = v->ti; in verity_setup_hash_alg()
1242 v->alg_name = kstrdup(alg_name, GFP_KERNEL); in verity_setup_hash_alg()
1243 if (!v->alg_name) { in verity_setup_hash_alg()
1253 v->shash_tfm = shash; in verity_setup_hash_alg()
1254 v->digest_size = crypto_shash_digestsize(shash); in verity_setup_hash_alg()
1256 if ((1 << v->hash_dev_block_bits) < v->digest_size * 2) { in verity_setup_hash_alg()
1263 static int verity_setup_salt_and_hashstate(struct dm_verity *v, const char *arg) in verity_setup_salt_and_hashstate() argument
1265 struct dm_target *ti = v->ti; in verity_setup_salt_and_hashstate()
1268 v->salt_size = strlen(arg) / 2; in verity_setup_salt_and_hashstate()
1269 v->salt = kmalloc(v->salt_size, GFP_KERNEL); in verity_setup_salt_and_hashstate()
1270 if (!v->salt) { in verity_setup_salt_and_hashstate()
1274 if (strlen(arg) != v->salt_size * 2 || in verity_setup_salt_and_hashstate()
1275 hex2bin(v->salt, arg, v->salt_size)) { in verity_setup_salt_and_hashstate()
1280 if (v->version) { /* Version 1: salt at beginning */ in verity_setup_salt_and_hashstate()
1281 SHASH_DESC_ON_STACK(desc, v->shash_tfm); in verity_setup_salt_and_hashstate()
1288 v->initial_hashstate = kmalloc( in verity_setup_salt_and_hashstate()
1289 crypto_shash_statesize(v->shash_tfm), GFP_KERNEL); in verity_setup_salt_and_hashstate()
1290 if (!v->initial_hashstate) { in verity_setup_salt_and_hashstate()
1294 desc->tfm = v->shash_tfm; in verity_setup_salt_and_hashstate()
1296 crypto_shash_update(desc, v->salt, v->salt_size) ?: in verity_setup_salt_and_hashstate()
1297 crypto_shash_export(desc, v->initial_hashstate); in verity_setup_salt_and_hashstate()
1308 * <version> The current format is version 1.
1322 struct dm_verity *v; in verity_ctr() local
1333 v = kzalloc(sizeof(struct dm_verity), GFP_KERNEL); in verity_ctr()
1334 if (!v) { in verity_ctr()
1338 ti->private = v; in verity_ctr()
1339 v->ti = ti; in verity_ctr()
1341 r = verity_fec_ctr_alloc(v); in verity_ctr()
1361 r = verity_parse_opt_args(&as, v, &verify_args, true); in verity_ctr()
1366 if (sscanf(argv[0], "%u%c", &num, &dummy) != 1 || in verity_ctr()
1367 num > 1) { in verity_ctr()
1372 v->version = num; in verity_ctr()
1374 r = dm_get_device(ti, argv[1], BLK_OPEN_READ, &v->data_dev); in verity_ctr()
1380 r = dm_get_device(ti, argv[2], BLK_OPEN_READ, &v->hash_dev); in verity_ctr()
1386 if (sscanf(argv[3], "%u%c", &num, &dummy) != 1 || in verity_ctr()
1387 !num || (num & (num - 1)) || in verity_ctr()
1388 num < bdev_logical_block_size(v->data_dev->bdev) || in verity_ctr()
1394 v->data_dev_block_bits = __ffs(num); in verity_ctr()
1396 if (sscanf(argv[4], "%u%c", &num, &dummy) != 1 || in verity_ctr()
1397 !num || (num & (num - 1)) || in verity_ctr()
1398 num < bdev_logical_block_size(v->hash_dev->bdev) || in verity_ctr()
1404 v->hash_dev_block_bits = __ffs(num); in verity_ctr()
1406 if (sscanf(argv[5], "%llu%c", &num_ll, &dummy) != 1 || in verity_ctr()
1407 (sector_t)(num_ll << (v->data_dev_block_bits - SECTOR_SHIFT)) in verity_ctr()
1408 >> (v->data_dev_block_bits - SECTOR_SHIFT) != num_ll) { in verity_ctr()
1413 v->data_blocks = num_ll; in verity_ctr()
1415 if (ti->len > (v->data_blocks << (v->data_dev_block_bits - SECTOR_SHIFT))) { in verity_ctr()
1421 if (sscanf(argv[6], "%llu%c", &num_ll, &dummy) != 1 || in verity_ctr()
1422 (sector_t)(num_ll << (v->hash_dev_block_bits - SECTOR_SHIFT)) in verity_ctr()
1423 >> (v->hash_dev_block_bits - SECTOR_SHIFT) != num_ll) { in verity_ctr()
1428 v->hash_start = num_ll; in verity_ctr()
1430 r = verity_setup_hash_alg(v, argv[7]); in verity_ctr()
1434 v->root_digest = kmalloc(v->digest_size, GFP_KERNEL); in verity_ctr()
1435 if (!v->root_digest) { in verity_ctr()
1440 if (strlen(argv[8]) != v->digest_size * 2 || in verity_ctr()
1441 hex2bin(v->root_digest, argv[8], v->digest_size)) { in verity_ctr()
1448 r = verity_setup_salt_and_hashstate(v, argv[9]); in verity_ctr()
1459 r = verity_parse_opt_args(&as, v, &verify_args, false); in verity_ctr()
1474 r = verity_init_sig(v, verify_args.sig, verify_args.sig_size); in verity_ctr()
1480 v->hash_per_block_bits = in verity_ctr()
1481 __fls((1 << v->hash_dev_block_bits) / v->digest_size); in verity_ctr()
1483 v->levels = 0; in verity_ctr()
1484 if (v->data_blocks) in verity_ctr()
1485 while (v->hash_per_block_bits * v->levels < 64 && in verity_ctr()
1486 (unsigned long long)(v->data_blocks - 1) >> in verity_ctr()
1487 (v->hash_per_block_bits * v->levels)) in verity_ctr()
1488 v->levels++; in verity_ctr()
1490 if (v->levels > DM_VERITY_MAX_LEVELS) { in verity_ctr()
1496 hash_position = v->hash_start; in verity_ctr()
1497 for (i = v->levels - 1; i >= 0; i--) { in verity_ctr()
1500 v->hash_level_block[i] = hash_position; in verity_ctr()
1501 s = (v->data_blocks + ((sector_t)1 << ((i + 1) * v->hash_per_block_bits)) - 1) in verity_ctr()
1502 >> ((i + 1) * v->hash_per_block_bits); in verity_ctr()
1510 v->hash_blocks = hash_position; in verity_ctr()
1512 r = mempool_init_page_pool(&v->recheck_pool, 1, 0); in verity_ctr()
1518 v->io = dm_io_client_create(); in verity_ctr()
1519 if (IS_ERR(v->io)) { in verity_ctr()
1520 r = PTR_ERR(v->io); in verity_ctr()
1521 v->io = NULL; in verity_ctr()
1526 v->bufio = dm_bufio_client_create(v->hash_dev->bdev, in verity_ctr()
1527 1 << v->hash_dev_block_bits, 1, sizeof(struct buffer_aux), in verity_ctr()
1529 v->use_bh_wq ? DM_BUFIO_CLIENT_NO_SLEEP : 0); in verity_ctr()
1530 if (IS_ERR(v->bufio)) { in verity_ctr()
1532 r = PTR_ERR(v->bufio); in verity_ctr()
1533 v->bufio = NULL; in verity_ctr()
1537 if (dm_bufio_get_device_size(v->bufio) < v->hash_blocks) { in verity_ctr()
1552 v->verify_wq = alloc_workqueue("kverityd", WQ_MEM_RECLAIM | WQ_HIGHPRI, 0); in verity_ctr()
1553 if (!v->verify_wq) { in verity_ctr()
1560 crypto_shash_descsize(v->shash_tfm); in verity_ctr()
1562 r = verity_fec_ctr(v); in verity_ctr()
1571 dm_audit_log_ctr(DM_MSG_PREFIX, ti, 1); in verity_ctr()
1592 struct dm_verity *v = ti->private; in dm_verity_get_mode() local
1597 return v->mode; in dm_verity_get_mode()
1608 struct dm_verity *v = ti->private; in dm_verity_get_root_digest() local
1613 *root_digest = kmemdup(v->root_digest, v->digest_size, GFP_KERNEL); in dm_verity_get_root_digest()
1617 *digest_size = v->digest_size; in dm_verity_get_root_digest()
1627 struct dm_verity *v) in verity_security_set_signature() argument
1630 * if the dm-verity target is unsigned, v->root_digest_sig will in verity_security_set_signature()
1637 v->root_digest_sig, in verity_security_set_signature()
1638 v->sig_size); in verity_security_set_signature()
1644 struct dm_verity *v) in verity_security_set_signature() argument
1660 struct dm_verity *v; in verity_preresume() local
1663 v = ti->private; in verity_preresume()
1665 root_digest.digest = v->root_digest; in verity_preresume()
1666 root_digest.digest_len = v->digest_size; in verity_preresume()
1667 root_digest.alg = crypto_shash_alg_name(v->shash_tfm); in verity_preresume()
1674 r = verity_security_set_signature(bdev, v); in verity_preresume()
1693 .version = {1, 12, 0},