LXR linux/drivers/md/dm-verity.c

   1/*
   2 * Copyright (C) 2012 Red Hat, Inc.
   3 *
   4 * Author: Mikulas Patocka <mpatocka@redhat.com>
   5 *
   6 * Based on Chromium dm-verity driver (C) 2011 The Chromium OS Authors
   7 *
   8 * This file is released under the GPLv2.
   9 *
  10 * In the file "/sys/module/dm_verity/parameters/prefetch_cluster" you can set
  11 * default prefetch value. Data are read in "prefetch_cluster" chunks from the
  12 * hash device. Setting this greatly improves performance when data and hash
  13 * are on the same disk on different partitions on devices with poor random
  14 * access behavior.
  15 */
  16
  17#include "dm-bufio.h"
  18
  19#include <linux/module.h>
  20#include <linux/device-mapper.h>
  21#include <crypto/hash.h>
  22
  23#define DM_MSG_PREFIX                   "verity"
  24
  25#define DM_VERITY_IO_VEC_INLINE         16
  26#define DM_VERITY_MEMPOOL_SIZE          4
  27#define DM_VERITY_DEFAULT_PREFETCH_SIZE 262144
  28
  29#define DM_VERITY_MAX_LEVELS            63
  30
  31static unsigned dm_verity_prefetch_cluster = DM_VERITY_DEFAULT_PREFETCH_SIZE;
  32
  33module_param_named(prefetch_cluster, dm_verity_prefetch_cluster, uint, S_IRUGO | S_IWUSR);
  34
  35struct dm_verity {
  36        struct dm_dev *data_dev;
  37        struct dm_dev *hash_dev;
  38        struct dm_target *ti;
  39        struct dm_bufio_client *bufio;
  40        char *alg_name;
  41        struct crypto_shash *tfm;
  42        u8 *root_digest;        /* digest of the root block */
  43        u8 *salt;               /* salt: its size is salt_size */
  44        unsigned salt_size;
  45        sector_t data_start;    /* data offset in 512-byte sectors */
  46        sector_t hash_start;    /* hash start in blocks */
  47        sector_t data_blocks;   /* the number of data blocks */
  48        sector_t hash_blocks;   /* the number of hash blocks */
  49        unsigned char data_dev_block_bits;      /* log2(data blocksize) */
  50        unsigned char hash_dev_block_bits;      /* log2(hash blocksize) */
  51        unsigned char hash_per_block_bits;      /* log2(hashes in hash block) */
  52        unsigned char levels;   /* the number of tree levels */
  53        unsigned char version;
  54        unsigned digest_size;   /* digest size for the current hash algorithm */
  55        unsigned shash_descsize;/* the size of temporary space for crypto */
  56        int hash_failed;        /* set to 1 if hash of any block failed */
  57
  58        mempool_t *vec_mempool; /* mempool of bio vector */
  59
  60        struct workqueue_struct *verify_wq;
  61
  62        /* starting blocks for each tree level. 0 is the lowest level. */
  63        sector_t hash_level_block[DM_VERITY_MAX_LEVELS];
  64};
  65
  66struct dm_verity_io {
  67        struct dm_verity *v;
  68
  69        /* original values of bio->bi_end_io and bio->bi_private */
  70        bio_end_io_t *orig_bi_end_io;
  71        void *orig_bi_private;
  72
  73        sector_t block;
  74        unsigned n_blocks;
  75
  76        struct bvec_iter iter;
  77
  78        struct work_struct work;
  79
  80        /*
  81         * Three variably-size fields follow this struct:
  82         *
  83         * u8 hash_desc[v->shash_descsize];
  84         * u8 real_digest[v->digest_size];
  85         * u8 want_digest[v->digest_size];
  86         *
  87         * To access them use: io_hash_desc(), io_real_digest() and io_want_digest().
  88         */
  89};
  90
  91struct dm_verity_prefetch_work {
  92        struct work_struct work;
  93        struct dm_verity *v;
  94        sector_t block;
  95        unsigned n_blocks;
  96};
  97
  98static struct shash_desc *io_hash_desc(struct dm_verity *v, struct dm_verity_io *io)
  99{
 100        return (struct shash_desc *)(io + 1);
 101}
 102
 103static u8 *io_real_digest(struct dm_verity *v, struct dm_verity_io *io)
 104{
 105        return (u8 *)(io + 1) + v->shash_descsize;
 106}
 107
 108static u8 *io_want_digest(struct dm_verity *v, struct dm_verity_io *io)
 109{
 110        return (u8 *)(io + 1) + v->shash_descsize + v->digest_size;
 111}
 112
 113/*
 114 * Auxiliary structure appended to each dm-bufio buffer. If the value
 115 * hash_verified is nonzero, hash of the block has been verified.
 116 *
 117 * The variable hash_verified is set to 0 when allocating the buffer, then
 118 * it can be changed to 1 and it is never reset to 0 again.
 119 *
 120 * There is no lock around this value, a race condition can at worst cause
 121 * that multiple processes verify the hash of the same buffer simultaneously
 122 * and write 1 to hash_verified simultaneously.
 123 * This condition is harmless, so we don't need locking.
 124 */
 125struct buffer_aux {
 126        int hash_verified;
 127};
 128
 129/*
 130 * Initialize struct buffer_aux for a freshly created buffer.
 131 */
 132static void dm_bufio_alloc_callback(struct dm_buffer *buf)
 133{
 134        struct buffer_aux *aux = dm_bufio_get_aux_data(buf);
 135
 136        aux->hash_verified = 0;
 137}
 138
 139/*
 140 * Translate input sector number to the sector number on the target device.
 141 */
 142static sector_t verity_map_sector(struct dm_verity *v, sector_t bi_sector)
 143{
 144        return v->data_start + dm_target_offset(v->ti, bi_sector);
 145}
 146
 147/*
 148 * Return hash position of a specified block at a specified tree level
 149 * (0 is the lowest level).
 150 * The lowest "hash_per_block_bits"-bits of the result denote hash position
 151 * inside a hash block. The remaining bits denote location of the hash block.
 152 */
 153static sector_t verity_position_at_level(struct dm_verity *v, sector_t block,
 154                                         int level)
 155{
 156        return block >> (level * v->hash_per_block_bits);
 157}
 158
 159static void verity_hash_at_level(struct dm_verity *v, sector_t block, int level,
 160                                 sector_t *hash_block, unsigned *offset)
 161{
 162        sector_t position = verity_position_at_level(v, block, level);
 163        unsigned idx;
 164
 165        *hash_block = v->hash_level_block[level] + (position >> v->hash_per_block_bits);
 166
 167        if (!offset)
 168                return;
 169
 170        idx = position & ((1 << v->hash_per_block_bits) - 1);
 171        if (!v->version)
 172                *offset = idx * v->digest_size;
 173        else
 174                *offset = idx << (v->hash_dev_block_bits - v->hash_per_block_bits);
 175}
 176
 177/*
 178 * Verify hash of a metadata block pertaining to the specified data block
 179 * ("block" argument) at a specified level ("level" argument).
 180 *
 181 * On successful return, io_want_digest(v, io) contains the hash value for
 182 * a lower tree level or for the data block (if we're at the lowest leve).
 183 *
 184 * If "skip_unverified" is true, unverified buffer is skipped and 1 is returned.
 185 * If "skip_unverified" is false, unverified buffer is hashed and verified
 186 * against current value of io_want_digest(v, io).
 187 */
 188static int verity_verify_level(struct dm_verity_io *io, sector_t block,
 189                               int level, bool skip_unverified)
 190{
 191        struct dm_verity *v = io->v;
 192        struct dm_buffer *buf;
 193        struct buffer_aux *aux;
 194        u8 *data;
 195        int r;
 196        sector_t hash_block;
 197        unsigned offset;
 198
 199        verity_hash_at_level(v, block, level, &hash_block, &offset);
 200
 201        data = dm_bufio_read(v->bufio, hash_block, &buf);
 202        if (unlikely(IS_ERR(data)))
 203                return PTR_ERR(data);
 204
 205        aux = dm_bufio_get_aux_data(buf);
 206
 207        if (!aux->hash_verified) {
 208                struct shash_desc *desc;
 209                u8 *result;
 210
 211                if (skip_unverified) {
 212                        r = 1;
 213                        goto release_ret_r;
 214                }
 215
 216                desc = io_hash_desc(v, io);
 217                desc->tfm = v->tfm;
 218                desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
 219                r = crypto_shash_init(desc);
 220                if (r < 0) {
 221                        DMERR("crypto_shash_init failed: %d", r);
 222                        goto release_ret_r;
 223                }
 224
 225                if (likely(v->version >= 1)) {
 226                        r = crypto_shash_update(desc, v->salt, v->salt_size);
 227                        if (r < 0) {
 228                                DMERR("crypto_shash_update failed: %d", r);
 229                                goto release_ret_r;
 230                        }
 231                }
 232
 233                r = crypto_shash_update(desc, data, 1 << v->hash_dev_block_bits);
 234                if (r < 0) {
 235                        DMERR("crypto_shash_update failed: %d", r);
 236                        goto release_ret_r;
 237                }
 238
 239                if (!v->version) {
 240                        r = crypto_shash_update(desc, v->salt, v->salt_size);
 241                        if (r < 0) {
 242                                DMERR("crypto_shash_update failed: %d", r);
 243                                goto release_ret_r;
 244                        }
 245                }
 246
 247                result = io_real_digest(v, io);
 248                r = crypto_shash_final(desc, result);
 249                if (r < 0) {
 250                        DMERR("crypto_shash_final failed: %d", r);
 251                        goto release_ret_r;
 252                }
 253                if (unlikely(memcmp(result, io_want_digest(v, io), v->digest_size))) {
 254                        DMERR_LIMIT("metadata block %llu is corrupted",
 255                                (unsigned long long)hash_block);
 256                        v->hash_failed = 1;
 257                        r = -EIO;
 258                        goto release_ret_r;
 259                } else
 260                        aux->hash_verified = 1;
 261        }
 262
 263        data += offset;
 264
 265        memcpy(io_want_digest(v, io), data, v->digest_size);
 266
 267        dm_bufio_release(buf);
 268        return 0;
 269
 270release_ret_r:
 271        dm_bufio_release(buf);
 272
 273        return r;
 274}
 275
 276/*
 277 * Verify one "dm_verity_io" structure.
 278 */
 279static int verity_verify_io(struct dm_verity_io *io)
 280{
 281        struct dm_verity *v = io->v;
 282        struct bio *bio = dm_bio_from_per_bio_data(io,
 283                                                   v->ti->per_bio_data_size);
 284        unsigned b;
 285        int i;
 286
 287        for (b = 0; b < io->n_blocks; b++) {
 288                struct shash_desc *desc;
 289                u8 *result;
 290                int r;
 291                unsigned todo;
 292
 293                if (likely(v->levels)) {
 294                        /*
 295                         * First, we try to get the requested hash for
 296                         * the current block. If the hash block itself is
 297                         * verified, zero is returned. If it isn't, this
 298                         * function returns 0 and we fall back to whole
 299                         * chain verification.
 300                         */
 301                        int r = verity_verify_level(io, io->block + b, 0, true);
 302                        if (likely(!r))
 303                                goto test_block_hash;
 304                        if (r < 0)
 305                                return r;
 306                }
 307
 308                memcpy(io_want_digest(v, io), v->root_digest, v->digest_size);
 309
 310                for (i = v->levels - 1; i >= 0; i--) {
 311                        int r = verity_verify_level(io, io->block + b, i, false);
 312                        if (unlikely(r))
 313                                return r;
 314                }
 315
 316test_block_hash:
 317                desc = io_hash_desc(v, io);
 318                desc->tfm = v->tfm;
 319                desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
 320                r = crypto_shash_init(desc);
 321                if (r < 0) {
 322                        DMERR("crypto_shash_init failed: %d", r);
 323                        return r;
 324                }
 325
 326                if (likely(v->version >= 1)) {
 327                        r = crypto_shash_update(desc, v->salt, v->salt_size);
 328                        if (r < 0) {
 329                                DMERR("crypto_shash_update failed: %d", r);
 330                                return r;
 331                        }
 332                }
 333                todo = 1 << v->data_dev_block_bits;
 334                do {
 335                        u8 *page;
 336                        unsigned len;
 337                        struct bio_vec bv = bio_iter_iovec(bio, io->iter);
 338
 339                        page = kmap_atomic(bv.bv_page);
 340                        len = bv.bv_len;
 341                        if (likely(len >= todo))
 342                                len = todo;
 343                        r = crypto_shash_update(desc, page + bv.bv_offset, len);
 344                        kunmap_atomic(page);
 345
 346                        if (r < 0) {
 347                                DMERR("crypto_shash_update failed: %d", r);
 348                                return r;
 349                        }
 350
 351                        bio_advance_iter(bio, &io->iter, len);
 352                        todo -= len;
 353                } while (todo);
 354
 355                if (!v->version) {
 356                        r = crypto_shash_update(desc, v->salt, v->salt_size);
 357                        if (r < 0) {
 358                                DMERR("crypto_shash_update failed: %d", r);
 359                                return r;
 360                        }
 361                }
 362
 363                result = io_real_digest(v, io);
 364                r = crypto_shash_final(desc, result);
 365                if (r < 0) {
 366                        DMERR("crypto_shash_final failed: %d", r);
 367                        return r;
 368                }
 369                if (unlikely(memcmp(result, io_want_digest(v, io), v->digest_size))) {
 370                        DMERR_LIMIT("data block %llu is corrupted",
 371                                (unsigned long long)(io->block + b));
 372                        v->hash_failed = 1;
 373                        return -EIO;
 374                }
 375        }
 376
 377        return 0;
 378}
 379
 380/*
 381 * End one "io" structure with a given error.
 382 */
 383static void verity_finish_io(struct dm_verity_io *io, int error)
 384{
 385        struct dm_verity *v = io->v;
 386        struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_bio_data_size);
 387
 388        bio->bi_end_io = io->orig_bi_end_io;
 389        bio->bi_private = io->orig_bi_private;
 390
 391        bio_endio_nodec(bio, error);
 392}
 393
 394static void verity_work(struct work_struct *w)
 395{
 396        struct dm_verity_io *io = container_of(w, struct dm_verity_io, work);
 397
 398        verity_finish_io(io, verity_verify_io(io));
 399}
 400
 401static void verity_end_io(struct bio *bio, int error)
 402{
 403        struct dm_verity_io *io = bio->bi_private;
 404
 405        if (error) {
 406                verity_finish_io(io, error);
 407                return;
 408        }
 409
 410        INIT_WORK(&io->work, verity_work);
 411        queue_work(io->v->verify_wq, &io->work);
 412}
 413
 414/*
 415 * Prefetch buffers for the specified io.
 416 * The root buffer is not prefetched, it is assumed that it will be cached
 417 * all the time.
 418 */
 419static void verity_prefetch_io(struct work_struct *work)
 420{
 421        struct dm_verity_prefetch_work *pw =
 422                container_of(work, struct dm_verity_prefetch_work, work);
 423        struct dm_verity *v = pw->v;
 424        int i;
 425
 426        for (i = v->levels - 2; i >= 0; i--) {
 427                sector_t hash_block_start;
 428                sector_t hash_block_end;
 429                verity_hash_at_level(v, pw->block, i, &hash_block_start, NULL);
 430                verity_hash_at_level(v, pw->block + pw->n_blocks - 1, i, &hash_block_end, NULL);
 431                if (!i) {
 432                        unsigned cluster = ACCESS_ONCE(dm_verity_prefetch_cluster);
 433
 434                        cluster >>= v->data_dev_block_bits;
 435                        if (unlikely(!cluster))
 436                                goto no_prefetch_cluster;
 437
 438                        if (unlikely(cluster & (cluster - 1)))
 439                                cluster = 1 << __fls(cluster);
 440
 441                        hash_block_start &= ~(sector_t)(cluster - 1);
 442                        hash_block_end |= cluster - 1;
 443                        if (unlikely(hash_block_end >= v->hash_blocks))
 444                                hash_block_end = v->hash_blocks - 1;
 445                }
 446no_prefetch_cluster:
 447                dm_bufio_prefetch(v->bufio, hash_block_start,
 448                                  hash_block_end - hash_block_start + 1);
 449        }
 450
 451        kfree(pw);
 452}
 453
 454static void verity_submit_prefetch(struct dm_verity *v, struct dm_verity_io *io)
 455{
 456        struct dm_verity_prefetch_work *pw;
 457
 458        pw = kmalloc(sizeof(struct dm_verity_prefetch_work),
 459                GFP_NOIO | __GFP_NORETRY | __GFP_NOMEMALLOC | __GFP_NOWARN);
 460
 461        if (!pw)
 462                return;
 463
 464        INIT_WORK(&pw->work, verity_prefetch_io);
 465        pw->v = v;
 466        pw->block = io->block;
 467        pw->n_blocks = io->n_blocks;
 468        queue_work(v->verify_wq, &pw->work);
 469}
 470
 471/*
 472 * Bio map function. It allocates dm_verity_io structure and bio vector and
 473 * fills them. Then it issues prefetches and the I/O.
 474 */
 475static int verity_map(struct dm_target *ti, struct bio *bio)
 476{
 477        struct dm_verity *v = ti->private;
 478        struct dm_verity_io *io;
 479
 480        bio->bi_bdev = v->data_dev->bdev;
 481        bio->bi_iter.bi_sector = verity_map_sector(v, bio->bi_iter.bi_sector);
 482
 483        if (((unsigned)bio->bi_iter.bi_sector | bio_sectors(bio)) &
 484            ((1 << (v->data_dev_block_bits - SECTOR_SHIFT)) - 1)) {
 485                DMERR_LIMIT("unaligned io");
 486                return -EIO;
 487        }
 488
 489        if (bio_end_sector(bio) >>
 490            (v->data_dev_block_bits - SECTOR_SHIFT) > v->data_blocks) {
 491                DMERR_LIMIT("io out of range");
 492                return -EIO;
 493        }
 494
 495        if (bio_data_dir(bio) == WRITE)
 496                return -EIO;
 497
 498        io = dm_per_bio_data(bio, ti->per_bio_data_size);
 499        io->v = v;
 500        io->orig_bi_end_io = bio->bi_end_io;
 501        io->orig_bi_private = bio->bi_private;
 502        io->block = bio->bi_iter.bi_sector >> (v->data_dev_block_bits - SECTOR_SHIFT);
 503        io->n_blocks = bio->bi_iter.bi_size >> v->data_dev_block_bits;
 504
 505        bio->bi_end_io = verity_end_io;
 506        bio->bi_private = io;
 507        io->iter = bio->bi_iter;
 508
 509        verity_submit_prefetch(v, io);
 510
 511        generic_make_request(bio);
 512
 513        return DM_MAPIO_SUBMITTED;
 514}
 515
 516/*
 517 * Status: V (valid) or C (corruption found)
 518 */
 519static void verity_status(struct dm_target *ti, status_type_t type,
 520                          unsigned status_flags, char *result, unsigned maxlen)
 521{
 522        struct dm_verity *v = ti->private;
 523        unsigned sz = 0;
 524        unsigned x;
 525
 526        switch (type) {
 527        case STATUSTYPE_INFO:
 528                DMEMIT("%c", v->hash_failed ? 'C' : 'V');
 529                break;
 530        case STATUSTYPE_TABLE:
 531                DMEMIT("%u %s %s %u %u %llu %llu %s ",
 532                        v->version,
 533                        v->data_dev->name,
 534                        v->hash_dev->name,
 535                        1 << v->data_dev_block_bits,
 536                        1 << v->hash_dev_block_bits,
 537                        (unsigned long long)v->data_blocks,
 538                        (unsigned long long)v->hash_start,
 539                        v->alg_name
 540                        );
 541                for (x = 0; x < v->digest_size; x++)
 542                        DMEMIT("%02x", v->root_digest[x]);
 543                DMEMIT(" ");
 544                if (!v->salt_size)
 545                        DMEMIT("-");
 546                else
 547                        for (x = 0; x < v->salt_size; x++)
 548                                DMEMIT("%02x", v->salt[x]);
 549                break;
 550        }
 551}
 552
 553static int verity_ioctl(struct dm_target *ti, unsigned cmd,
 554                        unsigned long arg)
 555{
 556        struct dm_verity *v = ti->private;
 557        int r = 0;
 558
 559        if (v->data_start ||
 560            ti->len != i_size_read(v->data_dev->bdev->bd_inode) >> SECTOR_SHIFT)
 561                r = scsi_verify_blk_ioctl(NULL, cmd);
 562
 563        return r ? : __blkdev_driver_ioctl(v->data_dev->bdev, v->data_dev->mode,
 564                                     cmd, arg);
 565}
 566
 567static int verity_merge(struct dm_target *ti, struct bvec_merge_data *bvm,
 568                        struct bio_vec *biovec, int max_size)
 569{
 570        struct dm_verity *v = ti->private;
 571        struct request_queue *q = bdev_get_queue(v->data_dev->bdev);
 572
 573        if (!q->merge_bvec_fn)
 574                return max_size;
 575
 576        bvm->bi_bdev = v->data_dev->bdev;
 577        bvm->bi_sector = verity_map_sector(v, bvm->bi_sector);
 578
 579        return min(max_size, q->merge_bvec_fn(q, bvm, biovec));
 580}
 581
 582static int verity_iterate_devices(struct dm_target *ti,
 583                                  iterate_devices_callout_fn fn, void *data)
 584{
 585        struct dm_verity *v = ti->private;
 586
 587        return fn(ti, v->data_dev, v->data_start, ti->len, data);
 588}
 589
 590static void verity_io_hints(struct dm_target *ti, struct queue_limits *limits)
 591{
 592        struct dm_verity *v = ti->private;
 593
 594        if (limits->logical_block_size < 1 << v->data_dev_block_bits)
 595                limits->logical_block_size = 1 << v->data_dev_block_bits;
 596
 597        if (limits->physical_block_size < 1 << v->data_dev_block_bits)
 598                limits->physical_block_size = 1 << v->data_dev_block_bits;
 599
 600        blk_limits_io_min(limits, limits->logical_block_size);
 601}
 602
 603static void verity_dtr(struct dm_target *ti)
 604{
 605        struct dm_verity *v = ti->private;
 606
 607        if (v->verify_wq)
 608                destroy_workqueue(v->verify_wq);
 609
 610        if (v->vec_mempool)
 611                mempool_destroy(v->vec_mempool);
 612
 613        if (v->bufio)
 614                dm_bufio_client_destroy(v->bufio);
 615
 616        kfree(v->salt);
 617        kfree(v->root_digest);
 618
 619        if (v->tfm)
 620                crypto_free_shash(v->tfm);
 621
 622        kfree(v->alg_name);
 623
 624        if (v->hash_dev)
 625                dm_put_device(ti, v->hash_dev);
 626
 627        if (v->data_dev)
 628                dm_put_device(ti, v->data_dev);
 629
 630        kfree(v);
 631}
 632
 633/*
 634 * Target parameters:
 635 *      <version>       The current format is version 1.
 636 *                      Vsn 0 is compatible with original Chromium OS releases.
 637 *      <data device>
 638 *      <hash device>
 639 *      <data block size>
 640 *      <hash block size>
 641 *      <the number of data blocks>
 642 *      <hash start block>
 643 *      <algorithm>
 644 *      <digest>
 645 *      <salt>          Hex string or "-" if no salt.
 646 */
 647static int verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
 648{
 649        struct dm_verity *v;
 650        unsigned num;
 651        unsigned long long num_ll;
 652        int r;
 653        int i;
 654        sector_t hash_position;
 655        char dummy;
 656
 657        v = kzalloc(sizeof(struct dm_verity), GFP_KERNEL);
 658        if (!v) {
 659                ti->error = "Cannot allocate verity structure";
 660                return -ENOMEM;
 661        }
 662        ti->private = v;
 663        v->ti = ti;
 664
 665        if ((dm_table_get_mode(ti->table) & ~FMODE_READ)) {
 666                ti->error = "Device must be readonly";
 667                r = -EINVAL;
 668                goto bad;
 669        }
 670
 671        if (argc != 10) {
 672                ti->error = "Invalid argument count: exactly 10 arguments required";
 673                r = -EINVAL;
 674                goto bad;
 675        }
 676
 677        if (sscanf(argv[0], "%u%c", &num, &dummy) != 1 ||
 678            num > 1) {
 679                ti->error = "Invalid version";
 680                r = -EINVAL;
 681                goto bad;
 682        }
 683        v->version = num;
 684
 685        r = dm_get_device(ti, argv[1], FMODE_READ, &v->data_dev);
 686        if (r) {
 687                ti->error = "Data device lookup failed";
 688                goto bad;
 689        }
 690
 691        r = dm_get_device(ti, argv[2], FMODE_READ, &v->hash_dev);
 692        if (r) {
 693                ti->error = "Data device lookup failed";
 694                goto bad;
 695        }
 696
 697        if (sscanf(argv[3], "%u%c", &num, &dummy) != 1 ||
 698            !num || (num & (num - 1)) ||
 699            num < bdev_logical_block_size(v->data_dev->bdev) ||
 700            num > PAGE_SIZE) {
 701                ti->error = "Invalid data device block size";
 702                r = -EINVAL;
 703                goto bad;
 704        }
 705        v->data_dev_block_bits = __ffs(num);
 706
 707        if (sscanf(argv[4], "%u%c", &num, &dummy) != 1 ||
 708            !num || (num & (num - 1)) ||
 709            num < bdev_logical_block_size(v->hash_dev->bdev) ||
 710            num > INT_MAX) {
 711                ti->error = "Invalid hash device block size";
 712                r = -EINVAL;
 713                goto bad;
 714        }
 715        v->hash_dev_block_bits = __ffs(num);
 716
 717        if (sscanf(argv[5], "%llu%c", &num_ll, &dummy) != 1 ||
 718            (sector_t)(num_ll << (v->data_dev_block_bits - SECTOR_SHIFT))
 719            >> (v->data_dev_block_bits - SECTOR_SHIFT) != num_ll) {
 720                ti->error = "Invalid data blocks";
 721                r = -EINVAL;
 722                goto bad;
 723        }
 724        v->data_blocks = num_ll;
 725
 726        if (ti->len > (v->data_blocks << (v->data_dev_block_bits - SECTOR_SHIFT))) {
 727                ti->error = "Data device is too small";
 728                r = -EINVAL;
 729                goto bad;
 730        }
 731
 732        if (sscanf(argv[6], "%llu%c", &num_ll, &dummy) != 1 ||
 733            (sector_t)(num_ll << (v->hash_dev_block_bits - SECTOR_SHIFT))
 734            >> (v->hash_dev_block_bits - SECTOR_SHIFT) != num_ll) {
 735                ti->error = "Invalid hash start";
 736                r = -EINVAL;
 737                goto bad;
 738        }
 739        v->hash_start = num_ll;
 740
 741        v->alg_name = kstrdup(argv[7], GFP_KERNEL);
 742        if (!v->alg_name) {
 743                ti->error = "Cannot allocate algorithm name";
 744                r = -ENOMEM;
 745                goto bad;
 746        }
 747
 748        v->tfm = crypto_alloc_shash(v->alg_name, 0, 0);
 749        if (IS_ERR(v->tfm)) {
 750                ti->error = "Cannot initialize hash function";
 751                r = PTR_ERR(v->tfm);
 752                v->tfm = NULL;
 753                goto bad;
 754        }
 755        v->digest_size = crypto_shash_digestsize(v->tfm);
 756        if ((1 << v->hash_dev_block_bits) < v->digest_size * 2) {
 757                ti->error = "Digest size too big";
 758                r = -EINVAL;
 759                goto bad;
 760        }
 761        v->shash_descsize =
 762                sizeof(struct shash_desc) + crypto_shash_descsize(v->tfm);
 763
 764        v->root_digest = kmalloc(v->digest_size, GFP_KERNEL);
 765        if (!v->root_digest) {
 766                ti->error = "Cannot allocate root digest";
 767                r = -ENOMEM;
 768                goto bad;
 769        }
 770        if (strlen(argv[8]) != v->digest_size * 2 ||
 771            hex2bin(v->root_digest, argv[8], v->digest_size)) {
 772                ti->error = "Invalid root digest";
 773                r = -EINVAL;
 774                goto bad;
 775        }
 776
 777        if (strcmp(argv[9], "-")) {
 778                v->salt_size = strlen(argv[9]) / 2;
 779                v->salt = kmalloc(v->salt_size, GFP_KERNEL);
 780                if (!v->salt) {
 781                        ti->error = "Cannot allocate salt";
 782                        r = -ENOMEM;
 783                        goto bad;
 784                }
 785                if (strlen(argv[9]) != v->salt_size * 2 ||
 786                    hex2bin(v->salt, argv[9], v->salt_size)) {
 787                        ti->error = "Invalid salt";
 788                        r = -EINVAL;
 789                        goto bad;
 790                }
 791        }
 792
 793        v->hash_per_block_bits =
 794                __fls((1 << v->hash_dev_block_bits) / v->digest_size);
 795
 796        v->levels = 0;
 797        if (v->data_blocks)
 798                while (v->hash_per_block_bits * v->levels < 64 &&
 799                       (unsigned long long)(v->data_blocks - 1) >>
 800                       (v->hash_per_block_bits * v->levels))
 801                        v->levels++;
 802
 803        if (v->levels > DM_VERITY_MAX_LEVELS) {
 804                ti->error = "Too many tree levels";
 805                r = -E2BIG;
 806                goto bad;
 807        }
 808
 809        hash_position = v->hash_start;
 810        for (i = v->levels - 1; i >= 0; i--) {
 811                sector_t s;
 812                v->hash_level_block[i] = hash_position;
 813                s = (v->data_blocks + ((sector_t)1 << ((i + 1) * v->hash_per_block_bits)) - 1)
 814                                        >> ((i + 1) * v->hash_per_block_bits);
 815                if (hash_position + s < hash_position) {
 816                        ti->error = "Hash device offset overflow";
 817                        r = -E2BIG;
 818                        goto bad;
 819                }
 820                hash_position += s;
 821        }
 822        v->hash_blocks = hash_position;
 823
 824        v->bufio = dm_bufio_client_create(v->hash_dev->bdev,
 825                1 << v->hash_dev_block_bits, 1, sizeof(struct buffer_aux),
 826                dm_bufio_alloc_callback, NULL);
 827        if (IS_ERR(v->bufio)) {
 828                ti->error = "Cannot initialize dm-bufio";
 829                r = PTR_ERR(v->bufio);
 830                v->bufio = NULL;
 831                goto bad;
 832        }
 833
 834        if (dm_bufio_get_device_size(v->bufio) < v->hash_blocks) {
 835                ti->error = "Hash device is too small";
 836                r = -E2BIG;
 837                goto bad;
 838        }
 839
 840        ti->per_bio_data_size = roundup(sizeof(struct dm_verity_io) + v->shash_descsize + v->digest_size * 2, __alignof__(struct dm_verity_io));
 841
 842        v->vec_mempool = mempool_create_kmalloc_pool(DM_VERITY_MEMPOOL_SIZE,
 843                                        BIO_MAX_PAGES * sizeof(struct bio_vec));
 844        if (!v->vec_mempool) {
 845                ti->error = "Cannot allocate vector mempool";
 846                r = -ENOMEM;
 847                goto bad;
 848        }
 849
 850        /* WQ_UNBOUND greatly improves performance when running on ramdisk */
 851        v->verify_wq = alloc_workqueue("kverityd", WQ_CPU_INTENSIVE | WQ_MEM_RECLAIM | WQ_UNBOUND, num_online_cpus());
 852        if (!v->verify_wq) {
 853                ti->error = "Cannot allocate workqueue";
 854                r = -ENOMEM;
 855                goto bad;
 856        }
 857
 858        return 0;
 859
 860bad:
 861        verity_dtr(ti);
 862
 863        return r;
 864}
 865
 866static struct target_type verity_target = {
 867        .name           = "verity",
 868        .version        = {1, 2, 0},
 869        .module         = THIS_MODULE,
 870        .ctr            = verity_ctr,
 871        .dtr            = verity_dtr,
 872        .map            = verity_map,
 873        .status         = verity_status,
 874        .ioctl          = verity_ioctl,
 875        .merge          = verity_merge,
 876        .iterate_devices = verity_iterate_devices,
 877        .io_hints       = verity_io_hints,
 878};
 879
 880static int __init dm_verity_init(void)
 881{
 882        int r;
 883
 884        r = dm_register_target(&verity_target);
 885        if (r < 0)
 886                DMERR("register failed %d", r);
 887
 888        return r;
 889}
 890
 891static void __exit dm_verity_exit(void)
 892{
 893        dm_unregister_target(&verity_target);
 894}
 895
 896module_init(dm_verity_init);
 897module_exit(dm_verity_exit);
 898
 899MODULE_AUTHOR("Mikulas Patocka <mpatocka@redhat.com>");
 900MODULE_AUTHOR("Mandeep Baines <msb@chromium.org>");
 901MODULE_AUTHOR("Will Drewry <wad@chromium.org>");
 902MODULE_DESCRIPTION(DM_NAME " target for transparent disk integrity checking");
 903MODULE_LICENSE("GPL");
 904