1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (C) 2015 Google, Inc.
4 *
5 * Author: Sami Tolvanen <samitolvanen@google.com>
6 */
7
8 #include "dm-verity-fec.h"
9 #include <linux/math64.h>
10
11 #define DM_MSG_PREFIX "verity-fec"
12
13 /*
14 * When correcting a data block, the FEC code performs optimally when it can
15 * collect all the associated RS blocks at the same time. As each byte is part
16 * of a different RS block, there are '1 << data_dev_block_bits' RS blocks.
17 * There are '1 << DM_VERITY_FEC_BUF_RS_BITS' RS blocks per buffer, so that
18 * gives '1 << (data_dev_block_bits - DM_VERITY_FEC_BUF_RS_BITS)' buffers.
19 */
fec_max_nbufs(struct dm_verity * v)20 static inline unsigned int fec_max_nbufs(struct dm_verity *v)
21 {
22 return 1 << (v->data_dev_block_bits - DM_VERITY_FEC_BUF_RS_BITS);
23 }
24
25 /*
26 * Return an interleaved offset for a byte in RS block.
27 */
fec_interleave(struct dm_verity * v,u64 offset)28 static inline u64 fec_interleave(struct dm_verity *v, u64 offset)
29 {
30 u32 mod;
31
32 mod = do_div(offset, v->fec->rsn);
33 return offset + mod * (v->fec->rounds << v->data_dev_block_bits);
34 }
35
36 /*
37 * Read error-correcting codes for the requested RS block. Returns a pointer
38 * to the data block. Caller is responsible for releasing buf.
39 */
fec_read_parity(struct dm_verity * v,u64 rsb,int index,unsigned int * offset,unsigned int par_buf_offset,struct dm_buffer ** buf,unsigned short ioprio)40 static u8 *fec_read_parity(struct dm_verity *v, u64 rsb, int index,
41 unsigned int *offset, unsigned int par_buf_offset,
42 struct dm_buffer **buf, unsigned short ioprio)
43 {
44 u64 position, block, rem;
45 u8 *res;
46
47 /* We have already part of parity bytes read, skip to the next block */
48 if (par_buf_offset)
49 index++;
50
51 position = (index + rsb) * v->fec->roots;
52 block = div64_u64_rem(position, v->fec->io_size, &rem);
53 *offset = par_buf_offset ? 0 : (unsigned int)rem;
54
55 res = dm_bufio_read_with_ioprio(v->fec->bufio, block, buf, ioprio);
56 if (IS_ERR(res)) {
57 DMERR("%s: FEC %llu: parity read failed (block %llu): %ld",
58 v->data_dev->name, (unsigned long long)rsb,
59 (unsigned long long)block, PTR_ERR(res));
60 *buf = NULL;
61 }
62
63 return res;
64 }
65
66 /* Loop over each allocated buffer. */
67 #define fec_for_each_buffer(io, __i) \
68 for (__i = 0; __i < (io)->nbufs; __i++)
69
70 /* Loop over each RS block in each allocated buffer. */
71 #define fec_for_each_buffer_rs_block(io, __i, __j) \
72 fec_for_each_buffer(io, __i) \
73 for (__j = 0; __j < 1 << DM_VERITY_FEC_BUF_RS_BITS; __j++)
74
75 /*
76 * Return a pointer to the current RS block when called inside
77 * fec_for_each_buffer_rs_block.
78 */
fec_buffer_rs_block(struct dm_verity * v,struct dm_verity_fec_io * fio,unsigned int i,unsigned int j)79 static inline u8 *fec_buffer_rs_block(struct dm_verity *v,
80 struct dm_verity_fec_io *fio,
81 unsigned int i, unsigned int j)
82 {
83 return &fio->bufs[i][j * v->fec->rsn];
84 }
85
86 /*
87 * Return an index to the current RS block when called inside
88 * fec_for_each_buffer_rs_block.
89 */
fec_buffer_rs_index(unsigned int i,unsigned int j)90 static inline unsigned int fec_buffer_rs_index(unsigned int i, unsigned int j)
91 {
92 return (i << DM_VERITY_FEC_BUF_RS_BITS) + j;
93 }
94
95 /*
96 * Decode all RS blocks from buffers and copy corrected bytes into fio->output
97 * starting from block_offset.
98 */
fec_decode_bufs(struct dm_verity * v,struct dm_verity_io * io,struct dm_verity_fec_io * fio,u64 rsb,int byte_index,unsigned int block_offset,int neras)99 static int fec_decode_bufs(struct dm_verity *v, struct dm_verity_io *io,
100 struct dm_verity_fec_io *fio, u64 rsb, int byte_index,
101 unsigned int block_offset, int neras)
102 {
103 int r, corrected = 0, res;
104 struct dm_buffer *buf;
105 unsigned int n, i, j, offset, par_buf_offset = 0;
106 uint16_t par_buf[DM_VERITY_FEC_RSM - DM_VERITY_FEC_MIN_RSN];
107 u8 *par, *block;
108 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size);
109
110 par = fec_read_parity(v, rsb, block_offset, &offset,
111 par_buf_offset, &buf, bio->bi_ioprio);
112 if (IS_ERR(par))
113 return PTR_ERR(par);
114
115 /*
116 * Decode the RS blocks we have in bufs. Each RS block results in
117 * one corrected target byte and consumes fec->roots parity bytes.
118 */
119 fec_for_each_buffer_rs_block(fio, n, i) {
120 block = fec_buffer_rs_block(v, fio, n, i);
121 for (j = 0; j < v->fec->roots - par_buf_offset; j++)
122 par_buf[par_buf_offset + j] = par[offset + j];
123 /* Decode an RS block using Reed-Solomon */
124 res = decode_rs8(fio->rs, block, par_buf, v->fec->rsn,
125 NULL, neras, fio->erasures, 0, NULL);
126 if (res < 0) {
127 r = res;
128 goto error;
129 }
130
131 corrected += res;
132 fio->output[block_offset] = block[byte_index];
133
134 block_offset++;
135 if (block_offset >= 1 << v->data_dev_block_bits)
136 goto done;
137
138 /* Read the next block when we run out of parity bytes */
139 offset += (v->fec->roots - par_buf_offset);
140 /* Check if parity bytes are split between blocks */
141 if (offset < v->fec->io_size && (offset + v->fec->roots) > v->fec->io_size) {
142 par_buf_offset = v->fec->io_size - offset;
143 for (j = 0; j < par_buf_offset; j++)
144 par_buf[j] = par[offset + j];
145 offset += par_buf_offset;
146 } else
147 par_buf_offset = 0;
148
149 if (offset >= v->fec->io_size) {
150 dm_bufio_release(buf);
151
152 par = fec_read_parity(v, rsb, block_offset, &offset,
153 par_buf_offset, &buf, bio->bi_ioprio);
154 if (IS_ERR(par))
155 return PTR_ERR(par);
156 }
157 }
158 done:
159 r = corrected;
160 error:
161 dm_bufio_release(buf);
162
163 if (r < 0 && neras)
164 DMERR_LIMIT("%s: FEC %llu: failed to correct: %d",
165 v->data_dev->name, (unsigned long long)rsb, r);
166 else if (r > 0) {
167 DMWARN_LIMIT("%s: FEC %llu: corrected %d errors",
168 v->data_dev->name, (unsigned long long)rsb, r);
169 atomic64_inc(&v->fec->corrected);
170 }
171
172 return r;
173 }
174
175 /*
176 * Locate data block erasures using verity hashes.
177 */
fec_is_erasure(struct dm_verity * v,struct dm_verity_io * io,const u8 * want_digest,const u8 * data)178 static int fec_is_erasure(struct dm_verity *v, struct dm_verity_io *io,
179 const u8 *want_digest, const u8 *data)
180 {
181 if (unlikely(verity_hash(v, io, data, 1 << v->data_dev_block_bits,
182 io->tmp_digest)))
183 return 0;
184
185 return memcmp(io->tmp_digest, want_digest, v->digest_size) != 0;
186 }
187
188 /*
189 * Read data blocks that are part of the RS block and deinterleave as much as
190 * fits into buffers. Check for erasure locations if @neras is non-NULL.
191 */
fec_read_bufs(struct dm_verity * v,struct dm_verity_io * io,u64 rsb,u64 target,unsigned int block_offset,int * neras)192 static int fec_read_bufs(struct dm_verity *v, struct dm_verity_io *io,
193 u64 rsb, u64 target, unsigned int block_offset,
194 int *neras)
195 {
196 bool is_zero;
197 int i, j, target_index = -1;
198 struct dm_buffer *buf;
199 struct dm_bufio_client *bufio;
200 struct dm_verity_fec_io *fio = io->fec_io;
201 u64 block, ileaved;
202 u8 *bbuf, *rs_block;
203 u8 want_digest[HASH_MAX_DIGESTSIZE];
204 unsigned int n, k;
205 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size);
206
207 if (neras)
208 *neras = 0;
209
210 if (WARN_ON(v->digest_size > sizeof(want_digest)))
211 return -EINVAL;
212
213 /*
214 * read each of the rsn data blocks that are part of the RS block, and
215 * interleave contents to available bufs
216 */
217 for (i = 0; i < v->fec->rsn; i++) {
218 ileaved = fec_interleave(v, rsb * v->fec->rsn + i);
219
220 /*
221 * target is the data block we want to correct, target_index is
222 * the index of this block within the rsn RS blocks
223 */
224 if (ileaved == target)
225 target_index = i;
226
227 block = ileaved >> v->data_dev_block_bits;
228 bufio = v->fec->data_bufio;
229
230 if (block >= v->data_blocks) {
231 block -= v->data_blocks;
232
233 /*
234 * blocks outside the area were assumed to contain
235 * zeros when encoding data was generated
236 */
237 if (unlikely(block >= v->fec->hash_blocks))
238 continue;
239
240 block += v->hash_start;
241 bufio = v->bufio;
242 }
243
244 bbuf = dm_bufio_read_with_ioprio(bufio, block, &buf, bio->bi_ioprio);
245 if (IS_ERR(bbuf)) {
246 DMWARN_LIMIT("%s: FEC %llu: read failed (%llu): %ld",
247 v->data_dev->name,
248 (unsigned long long)rsb,
249 (unsigned long long)block, PTR_ERR(bbuf));
250
251 /* assume the block is corrupted */
252 if (neras && *neras <= v->fec->roots)
253 fio->erasures[(*neras)++] = i;
254
255 continue;
256 }
257
258 /* locate erasures if the block is on the data device */
259 if (bufio == v->fec->data_bufio &&
260 verity_hash_for_block(v, io, block, want_digest,
261 &is_zero) == 0) {
262 /* skip known zero blocks entirely */
263 if (is_zero)
264 goto done;
265
266 /*
267 * skip if we have already found the theoretical
268 * maximum number (i.e. fec->roots) of erasures
269 */
270 if (neras && *neras <= v->fec->roots &&
271 fec_is_erasure(v, io, want_digest, bbuf))
272 fio->erasures[(*neras)++] = i;
273 }
274
275 /*
276 * deinterleave and copy the bytes that fit into bufs,
277 * starting from block_offset
278 */
279 fec_for_each_buffer_rs_block(fio, n, j) {
280 k = fec_buffer_rs_index(n, j) + block_offset;
281
282 if (k >= 1 << v->data_dev_block_bits)
283 goto done;
284
285 rs_block = fec_buffer_rs_block(v, fio, n, j);
286 rs_block[i] = bbuf[k];
287 }
288 done:
289 dm_bufio_release(buf);
290 }
291
292 return target_index;
293 }
294
295 /*
296 * Allocate and initialize a struct dm_verity_fec_io to use for FEC for a bio.
297 * This runs the first time a block needs to be corrected for a bio. In the
298 * common case where no block needs to be corrected, this code never runs.
299 *
300 * This always succeeds, as all required allocations are done from mempools.
301 * Additional buffers are also allocated opportunistically to improve error
302 * correction performance, but these aren't required to succeed.
303 */
fec_alloc_and_init_io(struct dm_verity * v)304 static struct dm_verity_fec_io *fec_alloc_and_init_io(struct dm_verity *v)
305 {
306 const unsigned int max_nbufs = fec_max_nbufs(v);
307 struct dm_verity_fec *f = v->fec;
308 struct dm_verity_fec_io *fio;
309 unsigned int n;
310
311 fio = mempool_alloc(&f->fio_pool, GFP_NOIO);
312 fio->rs = mempool_alloc(&f->rs_pool, GFP_NOIO);
313
314 fio->bufs[0] = mempool_alloc(&f->prealloc_pool, GFP_NOIO);
315
316 /* try to allocate the maximum number of buffers */
317 for (n = 1; n < max_nbufs; n++) {
318 fio->bufs[n] = kmem_cache_alloc(f->cache, GFP_NOWAIT);
319 /* we can manage with even one buffer if necessary */
320 if (unlikely(!fio->bufs[n]))
321 break;
322 }
323 fio->nbufs = n;
324
325 fio->output = mempool_alloc(&f->output_pool, GFP_NOIO);
326 fio->level = 0;
327 return fio;
328 }
329
330 /*
331 * Initialize buffers and clear erasures. fec_read_bufs() assumes buffers are
332 * zeroed before deinterleaving.
333 */
fec_init_bufs(struct dm_verity * v,struct dm_verity_fec_io * fio)334 static void fec_init_bufs(struct dm_verity *v, struct dm_verity_fec_io *fio)
335 {
336 unsigned int n;
337
338 fec_for_each_buffer(fio, n)
339 memset(fio->bufs[n], 0, v->fec->rsn << DM_VERITY_FEC_BUF_RS_BITS);
340
341 memset(fio->erasures, 0, sizeof(fio->erasures));
342 }
343
344 /*
345 * Decode all RS blocks in a single data block and return the target block
346 * (indicated by @offset) in fio->output. If @use_erasures is non-zero, uses
347 * hashes to locate erasures.
348 */
fec_decode_rsb(struct dm_verity * v,struct dm_verity_io * io,struct dm_verity_fec_io * fio,u64 rsb,u64 offset,const u8 * want_digest,bool use_erasures)349 static int fec_decode_rsb(struct dm_verity *v, struct dm_verity_io *io,
350 struct dm_verity_fec_io *fio, u64 rsb, u64 offset,
351 const u8 *want_digest, bool use_erasures)
352 {
353 int r, neras = 0;
354 unsigned int pos;
355
356 for (pos = 0; pos < 1 << v->data_dev_block_bits; ) {
357 fec_init_bufs(v, fio);
358
359 r = fec_read_bufs(v, io, rsb, offset, pos,
360 use_erasures ? &neras : NULL);
361 if (unlikely(r < 0))
362 return r;
363
364 r = fec_decode_bufs(v, io, fio, rsb, r, pos, neras);
365 if (r < 0)
366 return r;
367
368 pos += fio->nbufs << DM_VERITY_FEC_BUF_RS_BITS;
369 }
370
371 /* Always re-validate the corrected block against the expected hash */
372 r = verity_hash(v, io, fio->output, 1 << v->data_dev_block_bits,
373 io->tmp_digest);
374 if (unlikely(r < 0))
375 return r;
376
377 if (memcmp(io->tmp_digest, want_digest, v->digest_size)) {
378 DMERR_LIMIT("%s: FEC %llu: failed to correct (%d erasures)",
379 v->data_dev->name, (unsigned long long)rsb, neras);
380 return -EILSEQ;
381 }
382
383 return 0;
384 }
385
386 /* Correct errors in a block. Copies corrected block to dest. */
verity_fec_decode(struct dm_verity * v,struct dm_verity_io * io,enum verity_block_type type,const u8 * want_digest,sector_t block,u8 * dest)387 int verity_fec_decode(struct dm_verity *v, struct dm_verity_io *io,
388 enum verity_block_type type, const u8 *want_digest,
389 sector_t block, u8 *dest)
390 {
391 int r;
392 struct dm_verity_fec_io *fio;
393 u64 offset, res, rsb;
394
395 if (!verity_fec_is_enabled(v))
396 return -EOPNOTSUPP;
397
398 fio = io->fec_io;
399 if (!fio)
400 fio = io->fec_io = fec_alloc_and_init_io(v);
401
402 if (fio->level)
403 return -EIO;
404
405 fio->level++;
406
407 if (type == DM_VERITY_BLOCK_TYPE_METADATA)
408 block = block - v->hash_start + v->data_blocks;
409
410 /*
411 * For RS(M, N), the continuous FEC data is divided into blocks of N
412 * bytes. Since block size may not be divisible by N, the last block
413 * is zero padded when decoding.
414 *
415 * Each byte of the block is covered by a different RS(M, N) code,
416 * and each code is interleaved over N blocks to make it less likely
417 * that bursty corruption will leave us in unrecoverable state.
418 */
419
420 offset = block << v->data_dev_block_bits;
421 res = div64_u64(offset, v->fec->rounds << v->data_dev_block_bits);
422
423 /*
424 * The base RS block we can feed to the interleaver to find out all
425 * blocks required for decoding.
426 */
427 rsb = offset - res * (v->fec->rounds << v->data_dev_block_bits);
428
429 /*
430 * Locating erasures is slow, so attempt to recover the block without
431 * them first. Do a second attempt with erasures if the corruption is
432 * bad enough.
433 */
434 r = fec_decode_rsb(v, io, fio, rsb, offset, want_digest, false);
435 if (r < 0) {
436 r = fec_decode_rsb(v, io, fio, rsb, offset, want_digest, true);
437 if (r < 0)
438 goto done;
439 }
440
441 memcpy(dest, fio->output, 1 << v->data_dev_block_bits);
442
443 done:
444 fio->level--;
445 return r;
446 }
447
448 /*
449 * Clean up per-bio data.
450 */
__verity_fec_finish_io(struct dm_verity_io * io)451 void __verity_fec_finish_io(struct dm_verity_io *io)
452 {
453 unsigned int n;
454 struct dm_verity_fec *f = io->v->fec;
455 struct dm_verity_fec_io *fio = io->fec_io;
456
457 mempool_free(fio->rs, &f->rs_pool);
458
459 mempool_free(fio->bufs[0], &f->prealloc_pool);
460
461 for (n = 1; n < fio->nbufs; n++)
462 kmem_cache_free(f->cache, fio->bufs[n]);
463
464 mempool_free(fio->output, &f->output_pool);
465
466 mempool_free(fio, &f->fio_pool);
467 io->fec_io = NULL;
468 }
469
470 /*
471 * Append feature arguments and values to the status table.
472 */
verity_fec_status_table(struct dm_verity * v,unsigned int sz,char * result,unsigned int maxlen)473 unsigned int verity_fec_status_table(struct dm_verity *v, unsigned int sz,
474 char *result, unsigned int maxlen)
475 {
476 if (!verity_fec_is_enabled(v))
477 return sz;
478
479 DMEMIT(" " DM_VERITY_OPT_FEC_DEV " %s "
480 DM_VERITY_OPT_FEC_BLOCKS " %llu "
481 DM_VERITY_OPT_FEC_START " %llu "
482 DM_VERITY_OPT_FEC_ROOTS " %d",
483 v->fec->dev->name,
484 (unsigned long long)v->fec->blocks,
485 (unsigned long long)v->fec->start,
486 v->fec->roots);
487
488 return sz;
489 }
490
verity_fec_dtr(struct dm_verity * v)491 void verity_fec_dtr(struct dm_verity *v)
492 {
493 struct dm_verity_fec *f = v->fec;
494
495 if (!verity_fec_is_enabled(v))
496 goto out;
497
498 mempool_exit(&f->fio_pool);
499 mempool_exit(&f->rs_pool);
500 mempool_exit(&f->prealloc_pool);
501 mempool_exit(&f->output_pool);
502 kmem_cache_destroy(f->cache);
503
504 if (!IS_ERR_OR_NULL(f->data_bufio))
505 dm_bufio_client_destroy(f->data_bufio);
506 if (!IS_ERR_OR_NULL(f->bufio))
507 dm_bufio_client_destroy(f->bufio);
508
509 if (f->dev)
510 dm_put_device(v->ti, f->dev);
511 out:
512 kfree(f);
513 v->fec = NULL;
514 }
515
fec_rs_alloc(gfp_t gfp_mask,void * pool_data)516 static void *fec_rs_alloc(gfp_t gfp_mask, void *pool_data)
517 {
518 struct dm_verity *v = pool_data;
519
520 return init_rs_gfp(8, 0x11d, 0, 1, v->fec->roots, gfp_mask);
521 }
522
fec_rs_free(void * element,void * pool_data)523 static void fec_rs_free(void *element, void *pool_data)
524 {
525 struct rs_control *rs = element;
526
527 if (rs)
528 free_rs(rs);
529 }
530
verity_is_fec_opt_arg(const char * arg_name)531 bool verity_is_fec_opt_arg(const char *arg_name)
532 {
533 return (!strcasecmp(arg_name, DM_VERITY_OPT_FEC_DEV) ||
534 !strcasecmp(arg_name, DM_VERITY_OPT_FEC_BLOCKS) ||
535 !strcasecmp(arg_name, DM_VERITY_OPT_FEC_START) ||
536 !strcasecmp(arg_name, DM_VERITY_OPT_FEC_ROOTS));
537 }
538
verity_fec_parse_opt_args(struct dm_arg_set * as,struct dm_verity * v,unsigned int * argc,const char * arg_name)539 int verity_fec_parse_opt_args(struct dm_arg_set *as, struct dm_verity *v,
540 unsigned int *argc, const char *arg_name)
541 {
542 int r;
543 struct dm_target *ti = v->ti;
544 const char *arg_value;
545 unsigned long long num_ll;
546 unsigned char num_c;
547 char dummy;
548
549 if (!*argc) {
550 ti->error = "FEC feature arguments require a value";
551 return -EINVAL;
552 }
553
554 arg_value = dm_shift_arg(as);
555 (*argc)--;
556
557 if (!strcasecmp(arg_name, DM_VERITY_OPT_FEC_DEV)) {
558 if (v->fec->dev) {
559 ti->error = "FEC device already specified";
560 return -EINVAL;
561 }
562 r = dm_get_device(ti, arg_value, BLK_OPEN_READ, &v->fec->dev);
563 if (r) {
564 ti->error = "FEC device lookup failed";
565 return r;
566 }
567
568 } else if (!strcasecmp(arg_name, DM_VERITY_OPT_FEC_BLOCKS)) {
569 if (sscanf(arg_value, "%llu%c", &num_ll, &dummy) != 1 ||
570 ((sector_t)(num_ll << (v->data_dev_block_bits - SECTOR_SHIFT))
571 >> (v->data_dev_block_bits - SECTOR_SHIFT) != num_ll)) {
572 ti->error = "Invalid " DM_VERITY_OPT_FEC_BLOCKS;
573 return -EINVAL;
574 }
575 v->fec->blocks = num_ll;
576
577 } else if (!strcasecmp(arg_name, DM_VERITY_OPT_FEC_START)) {
578 if (sscanf(arg_value, "%llu%c", &num_ll, &dummy) != 1 ||
579 ((sector_t)(num_ll << (v->data_dev_block_bits - SECTOR_SHIFT)) >>
580 (v->data_dev_block_bits - SECTOR_SHIFT) != num_ll)) {
581 ti->error = "Invalid " DM_VERITY_OPT_FEC_START;
582 return -EINVAL;
583 }
584 v->fec->start = num_ll;
585
586 } else if (!strcasecmp(arg_name, DM_VERITY_OPT_FEC_ROOTS)) {
587 if (sscanf(arg_value, "%hhu%c", &num_c, &dummy) != 1 || !num_c ||
588 num_c < (DM_VERITY_FEC_RSM - DM_VERITY_FEC_MAX_RSN) ||
589 num_c > (DM_VERITY_FEC_RSM - DM_VERITY_FEC_MIN_RSN)) {
590 ti->error = "Invalid " DM_VERITY_OPT_FEC_ROOTS;
591 return -EINVAL;
592 }
593 v->fec->roots = num_c;
594
595 } else {
596 ti->error = "Unrecognized verity FEC feature request";
597 return -EINVAL;
598 }
599
600 return 0;
601 }
602
603 /*
604 * Allocate dm_verity_fec for v->fec. Must be called before verity_fec_ctr.
605 */
verity_fec_ctr_alloc(struct dm_verity * v)606 int verity_fec_ctr_alloc(struct dm_verity *v)
607 {
608 struct dm_verity_fec *f;
609
610 f = kzalloc_obj(struct dm_verity_fec);
611 if (!f) {
612 v->ti->error = "Cannot allocate FEC structure";
613 return -ENOMEM;
614 }
615 v->fec = f;
616
617 return 0;
618 }
619
620 /*
621 * Validate arguments and preallocate memory. Must be called after arguments
622 * have been parsed using verity_fec_parse_opt_args.
623 */
verity_fec_ctr(struct dm_verity * v)624 int verity_fec_ctr(struct dm_verity *v)
625 {
626 struct dm_verity_fec *f = v->fec;
627 struct dm_target *ti = v->ti;
628 u64 hash_blocks, fec_blocks;
629 int ret;
630
631 if (!verity_fec_is_enabled(v)) {
632 verity_fec_dtr(v);
633 return 0;
634 }
635
636 /*
637 * FEC is computed over data blocks, possible metadata, and
638 * hash blocks. In other words, FEC covers total of fec_blocks
639 * blocks consisting of the following:
640 *
641 * data blocks | hash blocks | metadata (optional)
642 *
643 * We allow metadata after hash blocks to support a use case
644 * where all data is stored on the same device and FEC covers
645 * the entire area.
646 *
647 * If metadata is included, we require it to be available on the
648 * hash device after the hash blocks.
649 */
650
651 hash_blocks = v->hash_blocks - v->hash_start;
652
653 /*
654 * Require matching block sizes for data and hash devices for
655 * simplicity.
656 */
657 if (v->data_dev_block_bits != v->hash_dev_block_bits) {
658 ti->error = "Block sizes must match to use FEC";
659 return -EINVAL;
660 }
661
662 if (!f->roots) {
663 ti->error = "Missing " DM_VERITY_OPT_FEC_ROOTS;
664 return -EINVAL;
665 }
666 f->rsn = DM_VERITY_FEC_RSM - f->roots;
667
668 if (!f->blocks) {
669 ti->error = "Missing " DM_VERITY_OPT_FEC_BLOCKS;
670 return -EINVAL;
671 }
672
673 f->rounds = f->blocks;
674 if (sector_div(f->rounds, f->rsn))
675 f->rounds++;
676
677 /*
678 * Due to optional metadata, f->blocks can be larger than
679 * data_blocks and hash_blocks combined.
680 */
681 if (f->blocks < v->data_blocks + hash_blocks || !f->rounds) {
682 ti->error = "Invalid " DM_VERITY_OPT_FEC_BLOCKS;
683 return -EINVAL;
684 }
685
686 /*
687 * Metadata is accessed through the hash device, so we require
688 * it to be large enough.
689 */
690 f->hash_blocks = f->blocks - v->data_blocks;
691 if (dm_bufio_get_device_size(v->bufio) < f->hash_blocks) {
692 ti->error = "Hash device is too small for "
693 DM_VERITY_OPT_FEC_BLOCKS;
694 return -E2BIG;
695 }
696
697 f->io_size = 1 << v->data_dev_block_bits;
698
699 f->bufio = dm_bufio_client_create(f->dev->bdev,
700 f->io_size,
701 1, 0, NULL, NULL, 0);
702 if (IS_ERR(f->bufio)) {
703 ti->error = "Cannot initialize FEC bufio client";
704 return PTR_ERR(f->bufio);
705 }
706
707 dm_bufio_set_sector_offset(f->bufio, f->start << (v->data_dev_block_bits - SECTOR_SHIFT));
708
709 fec_blocks = div64_u64(f->rounds * f->roots, v->fec->roots << SECTOR_SHIFT);
710 if (dm_bufio_get_device_size(f->bufio) < fec_blocks) {
711 ti->error = "FEC device is too small";
712 return -E2BIG;
713 }
714
715 f->data_bufio = dm_bufio_client_create(v->data_dev->bdev,
716 1 << v->data_dev_block_bits,
717 1, 0, NULL, NULL, 0);
718 if (IS_ERR(f->data_bufio)) {
719 ti->error = "Cannot initialize FEC data bufio client";
720 return PTR_ERR(f->data_bufio);
721 }
722
723 if (dm_bufio_get_device_size(f->data_bufio) < v->data_blocks) {
724 ti->error = "Data device is too small";
725 return -E2BIG;
726 }
727
728 /* Preallocate some dm_verity_fec_io structures */
729 ret = mempool_init_kmalloc_pool(&f->fio_pool, num_online_cpus(),
730 struct_size((struct dm_verity_fec_io *)0,
731 bufs, fec_max_nbufs(v)));
732 if (ret) {
733 ti->error = "Cannot allocate FEC IO pool";
734 return ret;
735 }
736
737 /* Preallocate an rs_control structure for each worker thread */
738 ret = mempool_init(&f->rs_pool, num_online_cpus(), fec_rs_alloc,
739 fec_rs_free, (void *) v);
740 if (ret) {
741 ti->error = "Cannot allocate RS pool";
742 return ret;
743 }
744
745 f->cache = kmem_cache_create("dm_verity_fec_buffers",
746 f->rsn << DM_VERITY_FEC_BUF_RS_BITS,
747 0, 0, NULL);
748 if (!f->cache) {
749 ti->error = "Cannot create FEC buffer cache";
750 return -ENOMEM;
751 }
752
753 /* Preallocate one buffer for each thread */
754 ret = mempool_init_slab_pool(&f->prealloc_pool, num_online_cpus(),
755 f->cache);
756 if (ret) {
757 ti->error = "Cannot allocate FEC buffer prealloc pool";
758 return ret;
759 }
760
761 /* Preallocate an output buffer for each thread */
762 ret = mempool_init_kmalloc_pool(&f->output_pool, num_online_cpus(),
763 1 << v->data_dev_block_bits);
764 if (ret) {
765 ti->error = "Cannot allocate FEC output pool";
766 return ret;
767 }
768
769 return 0;
770 }
771