1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2012 Red Hat, Inc. 4 * 5 * Author: Mikulas Patocka <mpatocka@redhat.com> 6 * 7 * Based on Chromium dm-verity driver (C) 2011 The Chromium OS Authors 8 * 9 * In the file "/sys/module/dm_verity/parameters/prefetch_cluster" you can set 10 * default prefetch value. Data are read in "prefetch_cluster" chunks from the 11 * hash device. Setting this greatly improves performance when data and hash 12 * are on the same disk on different partitions on devices with poor random 13 * access behavior. 14 */ 15 16 #include "dm-verity.h" 17 #include "dm-verity-fec.h" 18 19 #include <linux/module.h> 20 #include <linux/reboot.h> 21 22 #define DM_MSG_PREFIX "verity" 23 24 #define DM_VERITY_ENV_LENGTH 42 25 #define DM_VERITY_ENV_VAR_NAME "DM_VERITY_ERR_BLOCK_NR" 26 27 #define DM_VERITY_DEFAULT_PREFETCH_SIZE 262144 28 29 #define DM_VERITY_MAX_CORRUPTED_ERRS 100 30 31 #define DM_VERITY_OPT_LOGGING "ignore_corruption" 32 #define DM_VERITY_OPT_RESTART "restart_on_corruption" 33 #define DM_VERITY_OPT_IGN_ZEROES "ignore_zero_blocks" 34 #define DM_VERITY_OPT_AT_MOST_ONCE "check_at_most_once" 35 36 #define DM_VERITY_OPTS_MAX (2 + DM_VERITY_OPTS_FEC) 37 38 static unsigned dm_verity_prefetch_cluster = DM_VERITY_DEFAULT_PREFETCH_SIZE; 39 40 module_param_named(prefetch_cluster, dm_verity_prefetch_cluster, uint, S_IRUGO | S_IWUSR); 41 42 struct dm_verity_prefetch_work { 43 struct work_struct work; 44 struct dm_verity *v; 45 sector_t block; 46 unsigned n_blocks; 47 }; 48 49 /* 50 * Auxiliary structure appended to each dm-bufio buffer. If the value 51 * hash_verified is nonzero, hash of the block has been verified. 52 * 53 * The variable hash_verified is set to 0 when allocating the buffer, then 54 * it can be changed to 1 and it is never reset to 0 again. 55 * 56 * There is no lock around this value, a race condition can at worst cause 57 * that multiple processes verify the hash of the same buffer simultaneously 58 * and write 1 to hash_verified simultaneously. 59 * This condition is harmless, so we don't need locking. 60 */ 61 struct buffer_aux { 62 int hash_verified; 63 }; 64 65 /* 66 * Initialize struct buffer_aux for a freshly created buffer. 67 */ 68 static void dm_bufio_alloc_callback(struct dm_buffer *buf) 69 { 70 struct buffer_aux *aux = dm_bufio_get_aux_data(buf); 71 72 aux->hash_verified = 0; 73 } 74 75 /* 76 * Translate input sector number to the sector number on the target device. 77 */ 78 static sector_t verity_map_sector(struct dm_verity *v, sector_t bi_sector) 79 { 80 return v->data_start + dm_target_offset(v->ti, bi_sector); 81 } 82 83 /* 84 * Return hash position of a specified block at a specified tree level 85 * (0 is the lowest level). 86 * The lowest "hash_per_block_bits"-bits of the result denote hash position 87 * inside a hash block. The remaining bits denote location of the hash block. 88 */ 89 static sector_t verity_position_at_level(struct dm_verity *v, sector_t block, 90 int level) 91 { 92 return block >> (level * v->hash_per_block_bits); 93 } 94 95 static int verity_hash_update(struct dm_verity *v, struct ahash_request *req, 96 const u8 *data, size_t len, 97 struct crypto_wait *wait) 98 { 99 struct scatterlist sg; 100 101 if (likely(!is_vmalloc_addr(data))) { 102 sg_init_one(&sg, data, len); 103 ahash_request_set_crypt(req, &sg, NULL, len); 104 return crypto_wait_req(crypto_ahash_update(req), wait); 105 } else { 106 do { 107 int r; 108 size_t this_step = min_t(size_t, len, PAGE_SIZE - offset_in_page(data)); 109 flush_kernel_vmap_range((void *)data, this_step); 110 sg_init_table(&sg, 1); 111 sg_set_page(&sg, vmalloc_to_page(data), this_step, offset_in_page(data)); 112 ahash_request_set_crypt(req, &sg, NULL, this_step); 113 r = crypto_wait_req(crypto_ahash_update(req), wait); 114 if (unlikely(r)) 115 return r; 116 data += this_step; 117 len -= this_step; 118 } while (len); 119 return 0; 120 } 121 } 122 123 /* 124 * Wrapper for crypto_ahash_init, which handles verity salting. 125 */ 126 static int verity_hash_init(struct dm_verity *v, struct ahash_request *req, 127 struct crypto_wait *wait) 128 { 129 int r; 130 131 ahash_request_set_tfm(req, v->tfm); 132 ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP | 133 CRYPTO_TFM_REQ_MAY_BACKLOG, 134 crypto_req_done, (void *)wait); 135 crypto_init_wait(wait); 136 137 r = crypto_wait_req(crypto_ahash_init(req), wait); 138 139 if (unlikely(r < 0)) { 140 DMERR("crypto_ahash_init failed: %d", r); 141 return r; 142 } 143 144 if (likely(v->salt_size && (v->version >= 1))) 145 r = verity_hash_update(v, req, v->salt, v->salt_size, wait); 146 147 return r; 148 } 149 150 static int verity_hash_final(struct dm_verity *v, struct ahash_request *req, 151 u8 *digest, struct crypto_wait *wait) 152 { 153 int r; 154 155 if (unlikely(v->salt_size && (!v->version))) { 156 r = verity_hash_update(v, req, v->salt, v->salt_size, wait); 157 158 if (r < 0) { 159 DMERR("verity_hash_final failed updating salt: %d", r); 160 goto out; 161 } 162 } 163 164 ahash_request_set_crypt(req, NULL, digest, 0); 165 r = crypto_wait_req(crypto_ahash_final(req), wait); 166 out: 167 return r; 168 } 169 170 int verity_hash(struct dm_verity *v, struct ahash_request *req, 171 const u8 *data, size_t len, u8 *digest) 172 { 173 int r; 174 struct crypto_wait wait; 175 176 r = verity_hash_init(v, req, &wait); 177 if (unlikely(r < 0)) 178 goto out; 179 180 r = verity_hash_update(v, req, data, len, &wait); 181 if (unlikely(r < 0)) 182 goto out; 183 184 r = verity_hash_final(v, req, digest, &wait); 185 186 out: 187 return r; 188 } 189 190 static void verity_hash_at_level(struct dm_verity *v, sector_t block, int level, 191 sector_t *hash_block, unsigned *offset) 192 { 193 sector_t position = verity_position_at_level(v, block, level); 194 unsigned idx; 195 196 *hash_block = v->hash_level_block[level] + (position >> v->hash_per_block_bits); 197 198 if (!offset) 199 return; 200 201 idx = position & ((1 << v->hash_per_block_bits) - 1); 202 if (!v->version) 203 *offset = idx * v->digest_size; 204 else 205 *offset = idx << (v->hash_dev_block_bits - v->hash_per_block_bits); 206 } 207 208 /* 209 * Handle verification errors. 210 */ 211 static int verity_handle_err(struct dm_verity *v, enum verity_block_type type, 212 unsigned long long block) 213 { 214 char verity_env[DM_VERITY_ENV_LENGTH]; 215 char *envp[] = { verity_env, NULL }; 216 const char *type_str = ""; 217 struct mapped_device *md = dm_table_get_md(v->ti->table); 218 219 /* Corruption should be visible in device status in all modes */ 220 v->hash_failed = 1; 221 222 if (v->corrupted_errs >= DM_VERITY_MAX_CORRUPTED_ERRS) 223 goto out; 224 225 v->corrupted_errs++; 226 227 switch (type) { 228 case DM_VERITY_BLOCK_TYPE_DATA: 229 type_str = "data"; 230 break; 231 case DM_VERITY_BLOCK_TYPE_METADATA: 232 type_str = "metadata"; 233 break; 234 default: 235 BUG(); 236 } 237 238 DMERR("%s: %s block %llu is corrupted", v->data_dev->name, type_str, 239 block); 240 241 if (v->corrupted_errs == DM_VERITY_MAX_CORRUPTED_ERRS) 242 DMERR("%s: reached maximum errors", v->data_dev->name); 243 244 snprintf(verity_env, DM_VERITY_ENV_LENGTH, "%s=%d,%llu", 245 DM_VERITY_ENV_VAR_NAME, type, block); 246 247 kobject_uevent_env(&disk_to_dev(dm_disk(md))->kobj, KOBJ_CHANGE, envp); 248 249 out: 250 if (v->mode == DM_VERITY_MODE_LOGGING) 251 return 0; 252 253 if (v->mode == DM_VERITY_MODE_RESTART) 254 kernel_restart("dm-verity device corrupted"); 255 256 return 1; 257 } 258 259 /* 260 * Verify hash of a metadata block pertaining to the specified data block 261 * ("block" argument) at a specified level ("level" argument). 262 * 263 * On successful return, verity_io_want_digest(v, io) contains the hash value 264 * for a lower tree level or for the data block (if we're at the lowest level). 265 * 266 * If "skip_unverified" is true, unverified buffer is skipped and 1 is returned. 267 * If "skip_unverified" is false, unverified buffer is hashed and verified 268 * against current value of verity_io_want_digest(v, io). 269 */ 270 static int verity_verify_level(struct dm_verity *v, struct dm_verity_io *io, 271 sector_t block, int level, bool skip_unverified, 272 u8 *want_digest) 273 { 274 struct dm_buffer *buf; 275 struct buffer_aux *aux; 276 u8 *data; 277 int r; 278 sector_t hash_block; 279 unsigned offset; 280 281 verity_hash_at_level(v, block, level, &hash_block, &offset); 282 283 data = dm_bufio_read(v->bufio, hash_block, &buf); 284 if (IS_ERR(data)) 285 return PTR_ERR(data); 286 287 aux = dm_bufio_get_aux_data(buf); 288 289 if (!aux->hash_verified) { 290 if (skip_unverified) { 291 r = 1; 292 goto release_ret_r; 293 } 294 295 r = verity_hash(v, verity_io_hash_req(v, io), 296 data, 1 << v->hash_dev_block_bits, 297 verity_io_real_digest(v, io)); 298 if (unlikely(r < 0)) 299 goto release_ret_r; 300 301 if (likely(memcmp(verity_io_real_digest(v, io), want_digest, 302 v->digest_size) == 0)) 303 aux->hash_verified = 1; 304 else if (verity_fec_decode(v, io, 305 DM_VERITY_BLOCK_TYPE_METADATA, 306 hash_block, data, NULL) == 0) 307 aux->hash_verified = 1; 308 else if (verity_handle_err(v, 309 DM_VERITY_BLOCK_TYPE_METADATA, 310 hash_block)) { 311 r = -EIO; 312 goto release_ret_r; 313 } 314 } 315 316 data += offset; 317 memcpy(want_digest, data, v->digest_size); 318 r = 0; 319 320 release_ret_r: 321 dm_bufio_release(buf); 322 return r; 323 } 324 325 /* 326 * Find a hash for a given block, write it to digest and verify the integrity 327 * of the hash tree if necessary. 328 */ 329 int verity_hash_for_block(struct dm_verity *v, struct dm_verity_io *io, 330 sector_t block, u8 *digest, bool *is_zero) 331 { 332 int r = 0, i; 333 334 if (likely(v->levels)) { 335 /* 336 * First, we try to get the requested hash for 337 * the current block. If the hash block itself is 338 * verified, zero is returned. If it isn't, this 339 * function returns 1 and we fall back to whole 340 * chain verification. 341 */ 342 r = verity_verify_level(v, io, block, 0, true, digest); 343 if (likely(r <= 0)) 344 goto out; 345 } 346 347 memcpy(digest, v->root_digest, v->digest_size); 348 349 for (i = v->levels - 1; i >= 0; i--) { 350 r = verity_verify_level(v, io, block, i, false, digest); 351 if (unlikely(r)) 352 goto out; 353 } 354 out: 355 if (!r && v->zero_digest) 356 *is_zero = !memcmp(v->zero_digest, digest, v->digest_size); 357 else 358 *is_zero = false; 359 360 return r; 361 } 362 363 /* 364 * Calculates the digest for the given bio 365 */ 366 static int verity_for_io_block(struct dm_verity *v, struct dm_verity_io *io, 367 struct bvec_iter *iter, struct crypto_wait *wait) 368 { 369 unsigned int todo = 1 << v->data_dev_block_bits; 370 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); 371 struct scatterlist sg; 372 struct ahash_request *req = verity_io_hash_req(v, io); 373 374 do { 375 int r; 376 unsigned int len; 377 struct bio_vec bv = bio_iter_iovec(bio, *iter); 378 379 sg_init_table(&sg, 1); 380 381 len = bv.bv_len; 382 383 if (likely(len >= todo)) 384 len = todo; 385 /* 386 * Operating on a single page at a time looks suboptimal 387 * until you consider the typical block size is 4,096B. 388 * Going through this loops twice should be very rare. 389 */ 390 sg_set_page(&sg, bv.bv_page, len, bv.bv_offset); 391 ahash_request_set_crypt(req, &sg, NULL, len); 392 r = crypto_wait_req(crypto_ahash_update(req), wait); 393 394 if (unlikely(r < 0)) { 395 DMERR("verity_for_io_block crypto op failed: %d", r); 396 return r; 397 } 398 399 bio_advance_iter(bio, iter, len); 400 todo -= len; 401 } while (todo); 402 403 return 0; 404 } 405 406 /* 407 * Calls function process for 1 << v->data_dev_block_bits bytes in the bio_vec 408 * starting from iter. 409 */ 410 int verity_for_bv_block(struct dm_verity *v, struct dm_verity_io *io, 411 struct bvec_iter *iter, 412 int (*process)(struct dm_verity *v, 413 struct dm_verity_io *io, u8 *data, 414 size_t len)) 415 { 416 unsigned todo = 1 << v->data_dev_block_bits; 417 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); 418 419 do { 420 int r; 421 u8 *page; 422 unsigned len; 423 struct bio_vec bv = bio_iter_iovec(bio, *iter); 424 425 page = kmap_atomic(bv.bv_page); 426 len = bv.bv_len; 427 428 if (likely(len >= todo)) 429 len = todo; 430 431 r = process(v, io, page + bv.bv_offset, len); 432 kunmap_atomic(page); 433 434 if (r < 0) 435 return r; 436 437 bio_advance_iter(bio, iter, len); 438 todo -= len; 439 } while (todo); 440 441 return 0; 442 } 443 444 static int verity_bv_zero(struct dm_verity *v, struct dm_verity_io *io, 445 u8 *data, size_t len) 446 { 447 memset(data, 0, len); 448 return 0; 449 } 450 451 /* 452 * Moves the bio iter one data block forward. 453 */ 454 static inline void verity_bv_skip_block(struct dm_verity *v, 455 struct dm_verity_io *io, 456 struct bvec_iter *iter) 457 { 458 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); 459 460 bio_advance_iter(bio, iter, 1 << v->data_dev_block_bits); 461 } 462 463 /* 464 * Verify one "dm_verity_io" structure. 465 */ 466 static int verity_verify_io(struct dm_verity_io *io) 467 { 468 bool is_zero; 469 struct dm_verity *v = io->v; 470 struct bvec_iter start; 471 unsigned b; 472 struct crypto_wait wait; 473 474 for (b = 0; b < io->n_blocks; b++) { 475 int r; 476 sector_t cur_block = io->block + b; 477 struct ahash_request *req = verity_io_hash_req(v, io); 478 479 if (v->validated_blocks && 480 likely(test_bit(cur_block, v->validated_blocks))) { 481 verity_bv_skip_block(v, io, &io->iter); 482 continue; 483 } 484 485 r = verity_hash_for_block(v, io, cur_block, 486 verity_io_want_digest(v, io), 487 &is_zero); 488 if (unlikely(r < 0)) 489 return r; 490 491 if (is_zero) { 492 /* 493 * If we expect a zero block, don't validate, just 494 * return zeros. 495 */ 496 r = verity_for_bv_block(v, io, &io->iter, 497 verity_bv_zero); 498 if (unlikely(r < 0)) 499 return r; 500 501 continue; 502 } 503 504 r = verity_hash_init(v, req, &wait); 505 if (unlikely(r < 0)) 506 return r; 507 508 start = io->iter; 509 r = verity_for_io_block(v, io, &io->iter, &wait); 510 if (unlikely(r < 0)) 511 return r; 512 513 r = verity_hash_final(v, req, verity_io_real_digest(v, io), 514 &wait); 515 if (unlikely(r < 0)) 516 return r; 517 518 if (likely(memcmp(verity_io_real_digest(v, io), 519 verity_io_want_digest(v, io), v->digest_size) == 0)) { 520 if (v->validated_blocks) 521 set_bit(cur_block, v->validated_blocks); 522 continue; 523 } 524 else if (verity_fec_decode(v, io, DM_VERITY_BLOCK_TYPE_DATA, 525 cur_block, NULL, &start) == 0) 526 continue; 527 else if (verity_handle_err(v, DM_VERITY_BLOCK_TYPE_DATA, 528 cur_block)) 529 return -EIO; 530 } 531 532 return 0; 533 } 534 535 /* 536 * End one "io" structure with a given error. 537 */ 538 static void verity_finish_io(struct dm_verity_io *io, blk_status_t status) 539 { 540 struct dm_verity *v = io->v; 541 struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size); 542 543 bio->bi_end_io = io->orig_bi_end_io; 544 bio->bi_status = status; 545 546 verity_fec_finish_io(io); 547 548 bio_endio(bio); 549 } 550 551 static void verity_work(struct work_struct *w) 552 { 553 struct dm_verity_io *io = container_of(w, struct dm_verity_io, work); 554 555 verity_finish_io(io, errno_to_blk_status(verity_verify_io(io))); 556 } 557 558 static void verity_end_io(struct bio *bio) 559 { 560 struct dm_verity_io *io = bio->bi_private; 561 562 if (bio->bi_status && !verity_fec_is_enabled(io->v)) { 563 verity_finish_io(io, bio->bi_status); 564 return; 565 } 566 567 INIT_WORK(&io->work, verity_work); 568 queue_work(io->v->verify_wq, &io->work); 569 } 570 571 /* 572 * Prefetch buffers for the specified io. 573 * The root buffer is not prefetched, it is assumed that it will be cached 574 * all the time. 575 */ 576 static void verity_prefetch_io(struct work_struct *work) 577 { 578 struct dm_verity_prefetch_work *pw = 579 container_of(work, struct dm_verity_prefetch_work, work); 580 struct dm_verity *v = pw->v; 581 int i; 582 583 for (i = v->levels - 2; i >= 0; i--) { 584 sector_t hash_block_start; 585 sector_t hash_block_end; 586 verity_hash_at_level(v, pw->block, i, &hash_block_start, NULL); 587 verity_hash_at_level(v, pw->block + pw->n_blocks - 1, i, &hash_block_end, NULL); 588 if (!i) { 589 unsigned cluster = READ_ONCE(dm_verity_prefetch_cluster); 590 591 cluster >>= v->data_dev_block_bits; 592 if (unlikely(!cluster)) 593 goto no_prefetch_cluster; 594 595 if (unlikely(cluster & (cluster - 1))) 596 cluster = 1 << __fls(cluster); 597 598 hash_block_start &= ~(sector_t)(cluster - 1); 599 hash_block_end |= cluster - 1; 600 if (unlikely(hash_block_end >= v->hash_blocks)) 601 hash_block_end = v->hash_blocks - 1; 602 } 603 no_prefetch_cluster: 604 dm_bufio_prefetch(v->bufio, hash_block_start, 605 hash_block_end - hash_block_start + 1); 606 } 607 608 kfree(pw); 609 } 610 611 static void verity_submit_prefetch(struct dm_verity *v, struct dm_verity_io *io) 612 { 613 struct dm_verity_prefetch_work *pw; 614 615 pw = kmalloc(sizeof(struct dm_verity_prefetch_work), 616 GFP_NOIO | __GFP_NORETRY | __GFP_NOMEMALLOC | __GFP_NOWARN); 617 618 if (!pw) 619 return; 620 621 INIT_WORK(&pw->work, verity_prefetch_io); 622 pw->v = v; 623 pw->block = io->block; 624 pw->n_blocks = io->n_blocks; 625 queue_work(v->verify_wq, &pw->work); 626 } 627 628 /* 629 * Bio map function. It allocates dm_verity_io structure and bio vector and 630 * fills them. Then it issues prefetches and the I/O. 631 */ 632 static int verity_map(struct dm_target *ti, struct bio *bio) 633 { 634 struct dm_verity *v = ti->private; 635 struct dm_verity_io *io; 636 637 bio_set_dev(bio, v->data_dev->bdev); 638 bio->bi_iter.bi_sector = verity_map_sector(v, bio->bi_iter.bi_sector); 639 640 if (((unsigned)bio->bi_iter.bi_sector | bio_sectors(bio)) & 641 ((1 << (v->data_dev_block_bits - SECTOR_SHIFT)) - 1)) { 642 DMERR_LIMIT("unaligned io"); 643 return DM_MAPIO_KILL; 644 } 645 646 if (bio_end_sector(bio) >> 647 (v->data_dev_block_bits - SECTOR_SHIFT) > v->data_blocks) { 648 DMERR_LIMIT("io out of range"); 649 return DM_MAPIO_KILL; 650 } 651 652 if (bio_data_dir(bio) == WRITE) 653 return DM_MAPIO_KILL; 654 655 io = dm_per_bio_data(bio, ti->per_io_data_size); 656 io->v = v; 657 io->orig_bi_end_io = bio->bi_end_io; 658 io->block = bio->bi_iter.bi_sector >> (v->data_dev_block_bits - SECTOR_SHIFT); 659 io->n_blocks = bio->bi_iter.bi_size >> v->data_dev_block_bits; 660 661 bio->bi_end_io = verity_end_io; 662 bio->bi_private = io; 663 io->iter = bio->bi_iter; 664 665 verity_fec_init_io(io); 666 667 verity_submit_prefetch(v, io); 668 669 generic_make_request(bio); 670 671 return DM_MAPIO_SUBMITTED; 672 } 673 674 /* 675 * Status: V (valid) or C (corruption found) 676 */ 677 static void verity_status(struct dm_target *ti, status_type_t type, 678 unsigned status_flags, char *result, unsigned maxlen) 679 { 680 struct dm_verity *v = ti->private; 681 unsigned args = 0; 682 unsigned sz = 0; 683 unsigned x; 684 685 switch (type) { 686 case STATUSTYPE_INFO: 687 DMEMIT("%c", v->hash_failed ? 'C' : 'V'); 688 break; 689 case STATUSTYPE_TABLE: 690 DMEMIT("%u %s %s %u %u %llu %llu %s ", 691 v->version, 692 v->data_dev->name, 693 v->hash_dev->name, 694 1 << v->data_dev_block_bits, 695 1 << v->hash_dev_block_bits, 696 (unsigned long long)v->data_blocks, 697 (unsigned long long)v->hash_start, 698 v->alg_name 699 ); 700 for (x = 0; x < v->digest_size; x++) 701 DMEMIT("%02x", v->root_digest[x]); 702 DMEMIT(" "); 703 if (!v->salt_size) 704 DMEMIT("-"); 705 else 706 for (x = 0; x < v->salt_size; x++) 707 DMEMIT("%02x", v->salt[x]); 708 if (v->mode != DM_VERITY_MODE_EIO) 709 args++; 710 if (verity_fec_is_enabled(v)) 711 args += DM_VERITY_OPTS_FEC; 712 if (v->zero_digest) 713 args++; 714 if (v->validated_blocks) 715 args++; 716 if (!args) 717 return; 718 DMEMIT(" %u", args); 719 if (v->mode != DM_VERITY_MODE_EIO) { 720 DMEMIT(" "); 721 switch (v->mode) { 722 case DM_VERITY_MODE_LOGGING: 723 DMEMIT(DM_VERITY_OPT_LOGGING); 724 break; 725 case DM_VERITY_MODE_RESTART: 726 DMEMIT(DM_VERITY_OPT_RESTART); 727 break; 728 default: 729 BUG(); 730 } 731 } 732 if (v->zero_digest) 733 DMEMIT(" " DM_VERITY_OPT_IGN_ZEROES); 734 if (v->validated_blocks) 735 DMEMIT(" " DM_VERITY_OPT_AT_MOST_ONCE); 736 sz = verity_fec_status_table(v, sz, result, maxlen); 737 break; 738 } 739 } 740 741 static int verity_prepare_ioctl(struct dm_target *ti, struct block_device **bdev) 742 { 743 struct dm_verity *v = ti->private; 744 745 *bdev = v->data_dev->bdev; 746 747 if (v->data_start || 748 ti->len != i_size_read(v->data_dev->bdev->bd_inode) >> SECTOR_SHIFT) 749 return 1; 750 return 0; 751 } 752 753 static int verity_iterate_devices(struct dm_target *ti, 754 iterate_devices_callout_fn fn, void *data) 755 { 756 struct dm_verity *v = ti->private; 757 758 return fn(ti, v->data_dev, v->data_start, ti->len, data); 759 } 760 761 static void verity_io_hints(struct dm_target *ti, struct queue_limits *limits) 762 { 763 struct dm_verity *v = ti->private; 764 765 if (limits->logical_block_size < 1 << v->data_dev_block_bits) 766 limits->logical_block_size = 1 << v->data_dev_block_bits; 767 768 if (limits->physical_block_size < 1 << v->data_dev_block_bits) 769 limits->physical_block_size = 1 << v->data_dev_block_bits; 770 771 blk_limits_io_min(limits, limits->logical_block_size); 772 } 773 774 static void verity_dtr(struct dm_target *ti) 775 { 776 struct dm_verity *v = ti->private; 777 778 if (v->verify_wq) 779 destroy_workqueue(v->verify_wq); 780 781 if (v->bufio) 782 dm_bufio_client_destroy(v->bufio); 783 784 kvfree(v->validated_blocks); 785 kfree(v->salt); 786 kfree(v->root_digest); 787 kfree(v->zero_digest); 788 789 if (v->tfm) 790 crypto_free_ahash(v->tfm); 791 792 kfree(v->alg_name); 793 794 if (v->hash_dev) 795 dm_put_device(ti, v->hash_dev); 796 797 if (v->data_dev) 798 dm_put_device(ti, v->data_dev); 799 800 verity_fec_dtr(v); 801 802 kfree(v); 803 } 804 805 static int verity_alloc_most_once(struct dm_verity *v) 806 { 807 struct dm_target *ti = v->ti; 808 809 /* the bitset can only handle INT_MAX blocks */ 810 if (v->data_blocks > INT_MAX) { 811 ti->error = "device too large to use check_at_most_once"; 812 return -E2BIG; 813 } 814 815 v->validated_blocks = kvcalloc(BITS_TO_LONGS(v->data_blocks), 816 sizeof(unsigned long), 817 GFP_KERNEL); 818 if (!v->validated_blocks) { 819 ti->error = "failed to allocate bitset for check_at_most_once"; 820 return -ENOMEM; 821 } 822 823 return 0; 824 } 825 826 static int verity_alloc_zero_digest(struct dm_verity *v) 827 { 828 int r = -ENOMEM; 829 struct ahash_request *req; 830 u8 *zero_data; 831 832 v->zero_digest = kmalloc(v->digest_size, GFP_KERNEL); 833 834 if (!v->zero_digest) 835 return r; 836 837 req = kmalloc(v->ahash_reqsize, GFP_KERNEL); 838 839 if (!req) 840 return r; /* verity_dtr will free zero_digest */ 841 842 zero_data = kzalloc(1 << v->data_dev_block_bits, GFP_KERNEL); 843 844 if (!zero_data) 845 goto out; 846 847 r = verity_hash(v, req, zero_data, 1 << v->data_dev_block_bits, 848 v->zero_digest); 849 850 out: 851 kfree(req); 852 kfree(zero_data); 853 854 return r; 855 } 856 857 static int verity_parse_opt_args(struct dm_arg_set *as, struct dm_verity *v) 858 { 859 int r; 860 unsigned argc; 861 struct dm_target *ti = v->ti; 862 const char *arg_name; 863 864 static const struct dm_arg _args[] = { 865 {0, DM_VERITY_OPTS_MAX, "Invalid number of feature args"}, 866 }; 867 868 r = dm_read_arg_group(_args, as, &argc, &ti->error); 869 if (r) 870 return -EINVAL; 871 872 if (!argc) 873 return 0; 874 875 do { 876 arg_name = dm_shift_arg(as); 877 argc--; 878 879 if (!strcasecmp(arg_name, DM_VERITY_OPT_LOGGING)) { 880 v->mode = DM_VERITY_MODE_LOGGING; 881 continue; 882 883 } else if (!strcasecmp(arg_name, DM_VERITY_OPT_RESTART)) { 884 v->mode = DM_VERITY_MODE_RESTART; 885 continue; 886 887 } else if (!strcasecmp(arg_name, DM_VERITY_OPT_IGN_ZEROES)) { 888 r = verity_alloc_zero_digest(v); 889 if (r) { 890 ti->error = "Cannot allocate zero digest"; 891 return r; 892 } 893 continue; 894 895 } else if (!strcasecmp(arg_name, DM_VERITY_OPT_AT_MOST_ONCE)) { 896 r = verity_alloc_most_once(v); 897 if (r) 898 return r; 899 continue; 900 901 } else if (verity_is_fec_opt_arg(arg_name)) { 902 r = verity_fec_parse_opt_args(as, v, &argc, arg_name); 903 if (r) 904 return r; 905 continue; 906 } 907 908 ti->error = "Unrecognized verity feature request"; 909 return -EINVAL; 910 } while (argc && !r); 911 912 return r; 913 } 914 915 /* 916 * Target parameters: 917 * <version> The current format is version 1. 918 * Vsn 0 is compatible with original Chromium OS releases. 919 * <data device> 920 * <hash device> 921 * <data block size> 922 * <hash block size> 923 * <the number of data blocks> 924 * <hash start block> 925 * <algorithm> 926 * <digest> 927 * <salt> Hex string or "-" if no salt. 928 */ 929 static int verity_ctr(struct dm_target *ti, unsigned argc, char **argv) 930 { 931 struct dm_verity *v; 932 struct dm_arg_set as; 933 unsigned int num; 934 unsigned long long num_ll; 935 int r; 936 int i; 937 sector_t hash_position; 938 char dummy; 939 940 v = kzalloc(sizeof(struct dm_verity), GFP_KERNEL); 941 if (!v) { 942 ti->error = "Cannot allocate verity structure"; 943 return -ENOMEM; 944 } 945 ti->private = v; 946 v->ti = ti; 947 948 r = verity_fec_ctr_alloc(v); 949 if (r) 950 goto bad; 951 952 if ((dm_table_get_mode(ti->table) & ~FMODE_READ)) { 953 ti->error = "Device must be readonly"; 954 r = -EINVAL; 955 goto bad; 956 } 957 958 if (argc < 10) { 959 ti->error = "Not enough arguments"; 960 r = -EINVAL; 961 goto bad; 962 } 963 964 if (sscanf(argv[0], "%u%c", &num, &dummy) != 1 || 965 num > 1) { 966 ti->error = "Invalid version"; 967 r = -EINVAL; 968 goto bad; 969 } 970 v->version = num; 971 972 r = dm_get_device(ti, argv[1], FMODE_READ, &v->data_dev); 973 if (r) { 974 ti->error = "Data device lookup failed"; 975 goto bad; 976 } 977 978 r = dm_get_device(ti, argv[2], FMODE_READ, &v->hash_dev); 979 if (r) { 980 ti->error = "Hash device lookup failed"; 981 goto bad; 982 } 983 984 if (sscanf(argv[3], "%u%c", &num, &dummy) != 1 || 985 !num || (num & (num - 1)) || 986 num < bdev_logical_block_size(v->data_dev->bdev) || 987 num > PAGE_SIZE) { 988 ti->error = "Invalid data device block size"; 989 r = -EINVAL; 990 goto bad; 991 } 992 v->data_dev_block_bits = __ffs(num); 993 994 if (sscanf(argv[4], "%u%c", &num, &dummy) != 1 || 995 !num || (num & (num - 1)) || 996 num < bdev_logical_block_size(v->hash_dev->bdev) || 997 num > INT_MAX) { 998 ti->error = "Invalid hash device block size"; 999 r = -EINVAL; 1000 goto bad; 1001 } 1002 v->hash_dev_block_bits = __ffs(num); 1003 1004 if (sscanf(argv[5], "%llu%c", &num_ll, &dummy) != 1 || 1005 (sector_t)(num_ll << (v->data_dev_block_bits - SECTOR_SHIFT)) 1006 >> (v->data_dev_block_bits - SECTOR_SHIFT) != num_ll) { 1007 ti->error = "Invalid data blocks"; 1008 r = -EINVAL; 1009 goto bad; 1010 } 1011 v->data_blocks = num_ll; 1012 1013 if (ti->len > (v->data_blocks << (v->data_dev_block_bits - SECTOR_SHIFT))) { 1014 ti->error = "Data device is too small"; 1015 r = -EINVAL; 1016 goto bad; 1017 } 1018 1019 if (sscanf(argv[6], "%llu%c", &num_ll, &dummy) != 1 || 1020 (sector_t)(num_ll << (v->hash_dev_block_bits - SECTOR_SHIFT)) 1021 >> (v->hash_dev_block_bits - SECTOR_SHIFT) != num_ll) { 1022 ti->error = "Invalid hash start"; 1023 r = -EINVAL; 1024 goto bad; 1025 } 1026 v->hash_start = num_ll; 1027 1028 v->alg_name = kstrdup(argv[7], GFP_KERNEL); 1029 if (!v->alg_name) { 1030 ti->error = "Cannot allocate algorithm name"; 1031 r = -ENOMEM; 1032 goto bad; 1033 } 1034 1035 v->tfm = crypto_alloc_ahash(v->alg_name, 0, 0); 1036 if (IS_ERR(v->tfm)) { 1037 ti->error = "Cannot initialize hash function"; 1038 r = PTR_ERR(v->tfm); 1039 v->tfm = NULL; 1040 goto bad; 1041 } 1042 1043 /* 1044 * dm-verity performance can vary greatly depending on which hash 1045 * algorithm implementation is used. Help people debug performance 1046 * problems by logging the ->cra_driver_name. 1047 */ 1048 DMINFO("%s using implementation \"%s\"", v->alg_name, 1049 crypto_hash_alg_common(v->tfm)->base.cra_driver_name); 1050 1051 v->digest_size = crypto_ahash_digestsize(v->tfm); 1052 if ((1 << v->hash_dev_block_bits) < v->digest_size * 2) { 1053 ti->error = "Digest size too big"; 1054 r = -EINVAL; 1055 goto bad; 1056 } 1057 v->ahash_reqsize = sizeof(struct ahash_request) + 1058 crypto_ahash_reqsize(v->tfm); 1059 1060 v->root_digest = kmalloc(v->digest_size, GFP_KERNEL); 1061 if (!v->root_digest) { 1062 ti->error = "Cannot allocate root digest"; 1063 r = -ENOMEM; 1064 goto bad; 1065 } 1066 if (strlen(argv[8]) != v->digest_size * 2 || 1067 hex2bin(v->root_digest, argv[8], v->digest_size)) { 1068 ti->error = "Invalid root digest"; 1069 r = -EINVAL; 1070 goto bad; 1071 } 1072 1073 if (strcmp(argv[9], "-")) { 1074 v->salt_size = strlen(argv[9]) / 2; 1075 v->salt = kmalloc(v->salt_size, GFP_KERNEL); 1076 if (!v->salt) { 1077 ti->error = "Cannot allocate salt"; 1078 r = -ENOMEM; 1079 goto bad; 1080 } 1081 if (strlen(argv[9]) != v->salt_size * 2 || 1082 hex2bin(v->salt, argv[9], v->salt_size)) { 1083 ti->error = "Invalid salt"; 1084 r = -EINVAL; 1085 goto bad; 1086 } 1087 } 1088 1089 argv += 10; 1090 argc -= 10; 1091 1092 /* Optional parameters */ 1093 if (argc) { 1094 as.argc = argc; 1095 as.argv = argv; 1096 1097 r = verity_parse_opt_args(&as, v); 1098 if (r < 0) 1099 goto bad; 1100 } 1101 1102 v->hash_per_block_bits = 1103 __fls((1 << v->hash_dev_block_bits) / v->digest_size); 1104 1105 v->levels = 0; 1106 if (v->data_blocks) 1107 while (v->hash_per_block_bits * v->levels < 64 && 1108 (unsigned long long)(v->data_blocks - 1) >> 1109 (v->hash_per_block_bits * v->levels)) 1110 v->levels++; 1111 1112 if (v->levels > DM_VERITY_MAX_LEVELS) { 1113 ti->error = "Too many tree levels"; 1114 r = -E2BIG; 1115 goto bad; 1116 } 1117 1118 hash_position = v->hash_start; 1119 for (i = v->levels - 1; i >= 0; i--) { 1120 sector_t s; 1121 v->hash_level_block[i] = hash_position; 1122 s = (v->data_blocks + ((sector_t)1 << ((i + 1) * v->hash_per_block_bits)) - 1) 1123 >> ((i + 1) * v->hash_per_block_bits); 1124 if (hash_position + s < hash_position) { 1125 ti->error = "Hash device offset overflow"; 1126 r = -E2BIG; 1127 goto bad; 1128 } 1129 hash_position += s; 1130 } 1131 v->hash_blocks = hash_position; 1132 1133 v->bufio = dm_bufio_client_create(v->hash_dev->bdev, 1134 1 << v->hash_dev_block_bits, 1, sizeof(struct buffer_aux), 1135 dm_bufio_alloc_callback, NULL); 1136 if (IS_ERR(v->bufio)) { 1137 ti->error = "Cannot initialize dm-bufio"; 1138 r = PTR_ERR(v->bufio); 1139 v->bufio = NULL; 1140 goto bad; 1141 } 1142 1143 if (dm_bufio_get_device_size(v->bufio) < v->hash_blocks) { 1144 ti->error = "Hash device is too small"; 1145 r = -E2BIG; 1146 goto bad; 1147 } 1148 1149 /* WQ_UNBOUND greatly improves performance when running on ramdisk */ 1150 v->verify_wq = alloc_workqueue("kverityd", WQ_CPU_INTENSIVE | WQ_MEM_RECLAIM | WQ_UNBOUND, num_online_cpus()); 1151 if (!v->verify_wq) { 1152 ti->error = "Cannot allocate workqueue"; 1153 r = -ENOMEM; 1154 goto bad; 1155 } 1156 1157 ti->per_io_data_size = sizeof(struct dm_verity_io) + 1158 v->ahash_reqsize + v->digest_size * 2; 1159 1160 r = verity_fec_ctr(v); 1161 if (r) 1162 goto bad; 1163 1164 ti->per_io_data_size = roundup(ti->per_io_data_size, 1165 __alignof__(struct dm_verity_io)); 1166 1167 return 0; 1168 1169 bad: 1170 verity_dtr(ti); 1171 1172 return r; 1173 } 1174 1175 static struct target_type verity_target = { 1176 .name = "verity", 1177 .version = {1, 4, 0}, 1178 .module = THIS_MODULE, 1179 .ctr = verity_ctr, 1180 .dtr = verity_dtr, 1181 .map = verity_map, 1182 .status = verity_status, 1183 .prepare_ioctl = verity_prepare_ioctl, 1184 .iterate_devices = verity_iterate_devices, 1185 .io_hints = verity_io_hints, 1186 }; 1187 1188 static int __init dm_verity_init(void) 1189 { 1190 int r; 1191 1192 r = dm_register_target(&verity_target); 1193 if (r < 0) 1194 DMERR("register failed %d", r); 1195 1196 return r; 1197 } 1198 1199 static void __exit dm_verity_exit(void) 1200 { 1201 dm_unregister_target(&verity_target); 1202 } 1203 1204 module_init(dm_verity_init); 1205 module_exit(dm_verity_exit); 1206 1207 MODULE_AUTHOR("Mikulas Patocka <mpatocka@redhat.com>"); 1208 MODULE_AUTHOR("Mandeep Baines <msb@chromium.org>"); 1209 MODULE_AUTHOR("Will Drewry <wad@chromium.org>"); 1210 MODULE_DESCRIPTION(DM_NAME " target for transparent disk integrity checking"); 1211 MODULE_LICENSE("GPL"); 1212