1 /* 2 * Copyright (C) 2016-2017 Red Hat, Inc. All rights reserved. 3 * Copyright (C) 2016-2017 Milan Broz 4 * Copyright (C) 2016-2017 Mikulas Patocka 5 * 6 * This file is released under the GPL. 7 */ 8 9 #include "dm-bio-record.h" 10 11 #include <linux/compiler.h> 12 #include <linux/module.h> 13 #include <linux/device-mapper.h> 14 #include <linux/dm-io.h> 15 #include <linux/vmalloc.h> 16 #include <linux/sort.h> 17 #include <linux/rbtree.h> 18 #include <linux/delay.h> 19 #include <linux/random.h> 20 #include <linux/reboot.h> 21 #include <crypto/hash.h> 22 #include <crypto/skcipher.h> 23 #include <linux/async_tx.h> 24 #include <linux/dm-bufio.h> 25 26 #define DM_MSG_PREFIX "integrity" 27 28 #define DEFAULT_INTERLEAVE_SECTORS 32768 29 #define DEFAULT_JOURNAL_SIZE_FACTOR 7 30 #define DEFAULT_SECTORS_PER_BITMAP_BIT 32768 31 #define DEFAULT_BUFFER_SECTORS 128 32 #define DEFAULT_JOURNAL_WATERMARK 50 33 #define DEFAULT_SYNC_MSEC 10000 34 #define DEFAULT_MAX_JOURNAL_SECTORS 131072 35 #define MIN_LOG2_INTERLEAVE_SECTORS 3 36 #define MAX_LOG2_INTERLEAVE_SECTORS 31 37 #define METADATA_WORKQUEUE_MAX_ACTIVE 16 38 #define RECALC_SECTORS 8192 39 #define RECALC_WRITE_SUPER 16 40 #define BITMAP_BLOCK_SIZE 4096 /* don't change it */ 41 #define BITMAP_FLUSH_INTERVAL (10 * HZ) 42 #define DISCARD_FILLER 0xf6 43 #define SALT_SIZE 16 44 45 /* 46 * Warning - DEBUG_PRINT prints security-sensitive data to the log, 47 * so it should not be enabled in the official kernel 48 */ 49 //#define DEBUG_PRINT 50 //#define INTERNAL_VERIFY 51 52 /* 53 * On disk structures 54 */ 55 56 #define SB_MAGIC "integrt" 57 #define SB_VERSION_1 1 58 #define SB_VERSION_2 2 59 #define SB_VERSION_3 3 60 #define SB_VERSION_4 4 61 #define SB_VERSION_5 5 62 #define SB_SECTORS 8 63 #define MAX_SECTORS_PER_BLOCK 8 64 65 struct superblock { 66 __u8 magic[8]; 67 __u8 version; 68 __u8 log2_interleave_sectors; 69 __u16 integrity_tag_size; 70 __u32 journal_sections; 71 __u64 provided_data_sectors; /* userspace uses this value */ 72 __u32 flags; 73 __u8 log2_sectors_per_block; 74 __u8 log2_blocks_per_bitmap_bit; 75 __u8 pad[2]; 76 __u64 recalc_sector; 77 __u8 pad2[8]; 78 __u8 salt[SALT_SIZE]; 79 }; 80 81 #define SB_FLAG_HAVE_JOURNAL_MAC 0x1 82 #define SB_FLAG_RECALCULATING 0x2 83 #define SB_FLAG_DIRTY_BITMAP 0x4 84 #define SB_FLAG_FIXED_PADDING 0x8 85 #define SB_FLAG_FIXED_HMAC 0x10 86 87 #define JOURNAL_ENTRY_ROUNDUP 8 88 89 typedef __u64 commit_id_t; 90 #define JOURNAL_MAC_PER_SECTOR 8 91 92 struct journal_entry { 93 union { 94 struct { 95 __u32 sector_lo; 96 __u32 sector_hi; 97 } s; 98 __u64 sector; 99 } u; 100 commit_id_t last_bytes[]; 101 /* __u8 tag[0]; */ 102 }; 103 104 #define journal_entry_tag(ic, je) ((__u8 *)&(je)->last_bytes[(ic)->sectors_per_block]) 105 106 #if BITS_PER_LONG == 64 107 #define journal_entry_set_sector(je, x) do { smp_wmb(); WRITE_ONCE((je)->u.sector, cpu_to_le64(x)); } while (0) 108 #else 109 #define journal_entry_set_sector(je, x) do { (je)->u.s.sector_lo = cpu_to_le32(x); smp_wmb(); WRITE_ONCE((je)->u.s.sector_hi, cpu_to_le32((x) >> 32)); } while (0) 110 #endif 111 #define journal_entry_get_sector(je) le64_to_cpu((je)->u.sector) 112 #define journal_entry_is_unused(je) ((je)->u.s.sector_hi == cpu_to_le32(-1)) 113 #define journal_entry_set_unused(je) do { ((je)->u.s.sector_hi = cpu_to_le32(-1)); } while (0) 114 #define journal_entry_is_inprogress(je) ((je)->u.s.sector_hi == cpu_to_le32(-2)) 115 #define journal_entry_set_inprogress(je) do { ((je)->u.s.sector_hi = cpu_to_le32(-2)); } while (0) 116 117 #define JOURNAL_BLOCK_SECTORS 8 118 #define JOURNAL_SECTOR_DATA ((1 << SECTOR_SHIFT) - sizeof(commit_id_t)) 119 #define JOURNAL_MAC_SIZE (JOURNAL_MAC_PER_SECTOR * JOURNAL_BLOCK_SECTORS) 120 121 struct journal_sector { 122 __u8 entries[JOURNAL_SECTOR_DATA - JOURNAL_MAC_PER_SECTOR]; 123 __u8 mac[JOURNAL_MAC_PER_SECTOR]; 124 commit_id_t commit_id; 125 }; 126 127 #define MAX_TAG_SIZE (JOURNAL_SECTOR_DATA - JOURNAL_MAC_PER_SECTOR - offsetof(struct journal_entry, last_bytes[MAX_SECTORS_PER_BLOCK])) 128 129 #define METADATA_PADDING_SECTORS 8 130 131 #define N_COMMIT_IDS 4 132 133 static unsigned char prev_commit_seq(unsigned char seq) 134 { 135 return (seq + N_COMMIT_IDS - 1) % N_COMMIT_IDS; 136 } 137 138 static unsigned char next_commit_seq(unsigned char seq) 139 { 140 return (seq + 1) % N_COMMIT_IDS; 141 } 142 143 /* 144 * In-memory structures 145 */ 146 147 struct journal_node { 148 struct rb_node node; 149 sector_t sector; 150 }; 151 152 struct alg_spec { 153 char *alg_string; 154 char *key_string; 155 __u8 *key; 156 unsigned key_size; 157 }; 158 159 struct dm_integrity_c { 160 struct dm_dev *dev; 161 struct dm_dev *meta_dev; 162 unsigned tag_size; 163 __s8 log2_tag_size; 164 sector_t start; 165 mempool_t journal_io_mempool; 166 struct dm_io_client *io; 167 struct dm_bufio_client *bufio; 168 struct workqueue_struct *metadata_wq; 169 struct superblock *sb; 170 unsigned journal_pages; 171 unsigned n_bitmap_blocks; 172 173 struct page_list *journal; 174 struct page_list *journal_io; 175 struct page_list *journal_xor; 176 struct page_list *recalc_bitmap; 177 struct page_list *may_write_bitmap; 178 struct bitmap_block_status *bbs; 179 unsigned bitmap_flush_interval; 180 int synchronous_mode; 181 struct bio_list synchronous_bios; 182 struct delayed_work bitmap_flush_work; 183 184 struct crypto_skcipher *journal_crypt; 185 struct scatterlist **journal_scatterlist; 186 struct scatterlist **journal_io_scatterlist; 187 struct skcipher_request **sk_requests; 188 189 struct crypto_shash *journal_mac; 190 191 struct journal_node *journal_tree; 192 struct rb_root journal_tree_root; 193 194 sector_t provided_data_sectors; 195 196 unsigned short journal_entry_size; 197 unsigned char journal_entries_per_sector; 198 unsigned char journal_section_entries; 199 unsigned short journal_section_sectors; 200 unsigned journal_sections; 201 unsigned journal_entries; 202 sector_t data_device_sectors; 203 sector_t meta_device_sectors; 204 unsigned initial_sectors; 205 unsigned metadata_run; 206 __s8 log2_metadata_run; 207 __u8 log2_buffer_sectors; 208 __u8 sectors_per_block; 209 __u8 log2_blocks_per_bitmap_bit; 210 211 unsigned char mode; 212 213 int failed; 214 215 struct crypto_shash *internal_hash; 216 217 struct dm_target *ti; 218 219 /* these variables are locked with endio_wait.lock */ 220 struct rb_root in_progress; 221 struct list_head wait_list; 222 wait_queue_head_t endio_wait; 223 struct workqueue_struct *wait_wq; 224 struct workqueue_struct *offload_wq; 225 226 unsigned char commit_seq; 227 commit_id_t commit_ids[N_COMMIT_IDS]; 228 229 unsigned committed_section; 230 unsigned n_committed_sections; 231 232 unsigned uncommitted_section; 233 unsigned n_uncommitted_sections; 234 235 unsigned free_section; 236 unsigned char free_section_entry; 237 unsigned free_sectors; 238 239 unsigned free_sectors_threshold; 240 241 struct workqueue_struct *commit_wq; 242 struct work_struct commit_work; 243 244 struct workqueue_struct *writer_wq; 245 struct work_struct writer_work; 246 247 struct workqueue_struct *recalc_wq; 248 struct work_struct recalc_work; 249 u8 *recalc_buffer; 250 u8 *recalc_tags; 251 252 struct bio_list flush_bio_list; 253 254 unsigned long autocommit_jiffies; 255 struct timer_list autocommit_timer; 256 unsigned autocommit_msec; 257 258 wait_queue_head_t copy_to_journal_wait; 259 260 struct completion crypto_backoff; 261 262 bool journal_uptodate; 263 bool just_formatted; 264 bool recalculate_flag; 265 bool discard; 266 bool fix_padding; 267 bool fix_hmac; 268 bool legacy_recalculate; 269 270 struct alg_spec internal_hash_alg; 271 struct alg_spec journal_crypt_alg; 272 struct alg_spec journal_mac_alg; 273 274 atomic64_t number_of_mismatches; 275 276 struct notifier_block reboot_notifier; 277 }; 278 279 struct dm_integrity_range { 280 sector_t logical_sector; 281 sector_t n_sectors; 282 bool waiting; 283 union { 284 struct rb_node node; 285 struct { 286 struct task_struct *task; 287 struct list_head wait_entry; 288 }; 289 }; 290 }; 291 292 struct dm_integrity_io { 293 struct work_struct work; 294 295 struct dm_integrity_c *ic; 296 enum req_opf op; 297 bool fua; 298 299 struct dm_integrity_range range; 300 301 sector_t metadata_block; 302 unsigned metadata_offset; 303 304 atomic_t in_flight; 305 blk_status_t bi_status; 306 307 struct completion *completion; 308 309 struct dm_bio_details bio_details; 310 }; 311 312 struct journal_completion { 313 struct dm_integrity_c *ic; 314 atomic_t in_flight; 315 struct completion comp; 316 }; 317 318 struct journal_io { 319 struct dm_integrity_range range; 320 struct journal_completion *comp; 321 }; 322 323 struct bitmap_block_status { 324 struct work_struct work; 325 struct dm_integrity_c *ic; 326 unsigned idx; 327 unsigned long *bitmap; 328 struct bio_list bio_queue; 329 spinlock_t bio_queue_lock; 330 331 }; 332 333 static struct kmem_cache *journal_io_cache; 334 335 #define JOURNAL_IO_MEMPOOL 32 336 337 #ifdef DEBUG_PRINT 338 #define DEBUG_print(x, ...) printk(KERN_DEBUG x, ##__VA_ARGS__) 339 static void __DEBUG_bytes(__u8 *bytes, size_t len, const char *msg, ...) 340 { 341 va_list args; 342 va_start(args, msg); 343 vprintk(msg, args); 344 va_end(args); 345 if (len) 346 pr_cont(":"); 347 while (len) { 348 pr_cont(" %02x", *bytes); 349 bytes++; 350 len--; 351 } 352 pr_cont("\n"); 353 } 354 #define DEBUG_bytes(bytes, len, msg, ...) __DEBUG_bytes(bytes, len, KERN_DEBUG msg, ##__VA_ARGS__) 355 #else 356 #define DEBUG_print(x, ...) do { } while (0) 357 #define DEBUG_bytes(bytes, len, msg, ...) do { } while (0) 358 #endif 359 360 static void dm_integrity_prepare(struct request *rq) 361 { 362 } 363 364 static void dm_integrity_complete(struct request *rq, unsigned int nr_bytes) 365 { 366 } 367 368 /* 369 * DM Integrity profile, protection is performed layer above (dm-crypt) 370 */ 371 static const struct blk_integrity_profile dm_integrity_profile = { 372 .name = "DM-DIF-EXT-TAG", 373 .generate_fn = NULL, 374 .verify_fn = NULL, 375 .prepare_fn = dm_integrity_prepare, 376 .complete_fn = dm_integrity_complete, 377 }; 378 379 static void dm_integrity_map_continue(struct dm_integrity_io *dio, bool from_map); 380 static void integrity_bio_wait(struct work_struct *w); 381 static void dm_integrity_dtr(struct dm_target *ti); 382 383 static void dm_integrity_io_error(struct dm_integrity_c *ic, const char *msg, int err) 384 { 385 if (err == -EILSEQ) 386 atomic64_inc(&ic->number_of_mismatches); 387 if (!cmpxchg(&ic->failed, 0, err)) 388 DMERR("Error on %s: %d", msg, err); 389 } 390 391 static int dm_integrity_failed(struct dm_integrity_c *ic) 392 { 393 return READ_ONCE(ic->failed); 394 } 395 396 static bool dm_integrity_disable_recalculate(struct dm_integrity_c *ic) 397 { 398 if (ic->legacy_recalculate) 399 return false; 400 if (!(ic->sb->flags & cpu_to_le32(SB_FLAG_FIXED_HMAC)) ? 401 ic->internal_hash_alg.key || ic->journal_mac_alg.key : 402 ic->internal_hash_alg.key && !ic->journal_mac_alg.key) 403 return true; 404 return false; 405 } 406 407 static commit_id_t dm_integrity_commit_id(struct dm_integrity_c *ic, unsigned i, 408 unsigned j, unsigned char seq) 409 { 410 /* 411 * Xor the number with section and sector, so that if a piece of 412 * journal is written at wrong place, it is detected. 413 */ 414 return ic->commit_ids[seq] ^ cpu_to_le64(((__u64)i << 32) ^ j); 415 } 416 417 static void get_area_and_offset(struct dm_integrity_c *ic, sector_t data_sector, 418 sector_t *area, sector_t *offset) 419 { 420 if (!ic->meta_dev) { 421 __u8 log2_interleave_sectors = ic->sb->log2_interleave_sectors; 422 *area = data_sector >> log2_interleave_sectors; 423 *offset = (unsigned)data_sector & ((1U << log2_interleave_sectors) - 1); 424 } else { 425 *area = 0; 426 *offset = data_sector; 427 } 428 } 429 430 #define sector_to_block(ic, n) \ 431 do { \ 432 BUG_ON((n) & (unsigned)((ic)->sectors_per_block - 1)); \ 433 (n) >>= (ic)->sb->log2_sectors_per_block; \ 434 } while (0) 435 436 static __u64 get_metadata_sector_and_offset(struct dm_integrity_c *ic, sector_t area, 437 sector_t offset, unsigned *metadata_offset) 438 { 439 __u64 ms; 440 unsigned mo; 441 442 ms = area << ic->sb->log2_interleave_sectors; 443 if (likely(ic->log2_metadata_run >= 0)) 444 ms += area << ic->log2_metadata_run; 445 else 446 ms += area * ic->metadata_run; 447 ms >>= ic->log2_buffer_sectors; 448 449 sector_to_block(ic, offset); 450 451 if (likely(ic->log2_tag_size >= 0)) { 452 ms += offset >> (SECTOR_SHIFT + ic->log2_buffer_sectors - ic->log2_tag_size); 453 mo = (offset << ic->log2_tag_size) & ((1U << SECTOR_SHIFT << ic->log2_buffer_sectors) - 1); 454 } else { 455 ms += (__u64)offset * ic->tag_size >> (SECTOR_SHIFT + ic->log2_buffer_sectors); 456 mo = (offset * ic->tag_size) & ((1U << SECTOR_SHIFT << ic->log2_buffer_sectors) - 1); 457 } 458 *metadata_offset = mo; 459 return ms; 460 } 461 462 static sector_t get_data_sector(struct dm_integrity_c *ic, sector_t area, sector_t offset) 463 { 464 sector_t result; 465 466 if (ic->meta_dev) 467 return offset; 468 469 result = area << ic->sb->log2_interleave_sectors; 470 if (likely(ic->log2_metadata_run >= 0)) 471 result += (area + 1) << ic->log2_metadata_run; 472 else 473 result += (area + 1) * ic->metadata_run; 474 475 result += (sector_t)ic->initial_sectors + offset; 476 result += ic->start; 477 478 return result; 479 } 480 481 static void wraparound_section(struct dm_integrity_c *ic, unsigned *sec_ptr) 482 { 483 if (unlikely(*sec_ptr >= ic->journal_sections)) 484 *sec_ptr -= ic->journal_sections; 485 } 486 487 static void sb_set_version(struct dm_integrity_c *ic) 488 { 489 if (ic->sb->flags & cpu_to_le32(SB_FLAG_FIXED_HMAC)) 490 ic->sb->version = SB_VERSION_5; 491 else if (ic->sb->flags & cpu_to_le32(SB_FLAG_FIXED_PADDING)) 492 ic->sb->version = SB_VERSION_4; 493 else if (ic->mode == 'B' || ic->sb->flags & cpu_to_le32(SB_FLAG_DIRTY_BITMAP)) 494 ic->sb->version = SB_VERSION_3; 495 else if (ic->meta_dev || ic->sb->flags & cpu_to_le32(SB_FLAG_RECALCULATING)) 496 ic->sb->version = SB_VERSION_2; 497 else 498 ic->sb->version = SB_VERSION_1; 499 } 500 501 static int sb_mac(struct dm_integrity_c *ic, bool wr) 502 { 503 SHASH_DESC_ON_STACK(desc, ic->journal_mac); 504 int r; 505 unsigned size = crypto_shash_digestsize(ic->journal_mac); 506 507 if (sizeof(struct superblock) + size > 1 << SECTOR_SHIFT) { 508 dm_integrity_io_error(ic, "digest is too long", -EINVAL); 509 return -EINVAL; 510 } 511 512 desc->tfm = ic->journal_mac; 513 514 r = crypto_shash_init(desc); 515 if (unlikely(r < 0)) { 516 dm_integrity_io_error(ic, "crypto_shash_init", r); 517 return r; 518 } 519 520 r = crypto_shash_update(desc, (__u8 *)ic->sb, (1 << SECTOR_SHIFT) - size); 521 if (unlikely(r < 0)) { 522 dm_integrity_io_error(ic, "crypto_shash_update", r); 523 return r; 524 } 525 526 if (likely(wr)) { 527 r = crypto_shash_final(desc, (__u8 *)ic->sb + (1 << SECTOR_SHIFT) - size); 528 if (unlikely(r < 0)) { 529 dm_integrity_io_error(ic, "crypto_shash_final", r); 530 return r; 531 } 532 } else { 533 __u8 result[HASH_MAX_DIGESTSIZE]; 534 r = crypto_shash_final(desc, result); 535 if (unlikely(r < 0)) { 536 dm_integrity_io_error(ic, "crypto_shash_final", r); 537 return r; 538 } 539 if (memcmp((__u8 *)ic->sb + (1 << SECTOR_SHIFT) - size, result, size)) { 540 dm_integrity_io_error(ic, "superblock mac", -EILSEQ); 541 return -EILSEQ; 542 } 543 } 544 545 return 0; 546 } 547 548 static int sync_rw_sb(struct dm_integrity_c *ic, int op, int op_flags) 549 { 550 struct dm_io_request io_req; 551 struct dm_io_region io_loc; 552 int r; 553 554 io_req.bi_op = op; 555 io_req.bi_op_flags = op_flags; 556 io_req.mem.type = DM_IO_KMEM; 557 io_req.mem.ptr.addr = ic->sb; 558 io_req.notify.fn = NULL; 559 io_req.client = ic->io; 560 io_loc.bdev = ic->meta_dev ? ic->meta_dev->bdev : ic->dev->bdev; 561 io_loc.sector = ic->start; 562 io_loc.count = SB_SECTORS; 563 564 if (op == REQ_OP_WRITE) { 565 sb_set_version(ic); 566 if (ic->journal_mac && ic->sb->flags & cpu_to_le32(SB_FLAG_FIXED_HMAC)) { 567 r = sb_mac(ic, true); 568 if (unlikely(r)) 569 return r; 570 } 571 } 572 573 r = dm_io(&io_req, 1, &io_loc, NULL); 574 if (unlikely(r)) 575 return r; 576 577 if (op == REQ_OP_READ) { 578 if (ic->mode != 'R' && ic->journal_mac && ic->sb->flags & cpu_to_le32(SB_FLAG_FIXED_HMAC)) { 579 r = sb_mac(ic, false); 580 if (unlikely(r)) 581 return r; 582 } 583 } 584 585 return 0; 586 } 587 588 #define BITMAP_OP_TEST_ALL_SET 0 589 #define BITMAP_OP_TEST_ALL_CLEAR 1 590 #define BITMAP_OP_SET 2 591 #define BITMAP_OP_CLEAR 3 592 593 static bool block_bitmap_op(struct dm_integrity_c *ic, struct page_list *bitmap, 594 sector_t sector, sector_t n_sectors, int mode) 595 { 596 unsigned long bit, end_bit, this_end_bit, page, end_page; 597 unsigned long *data; 598 599 if (unlikely(((sector | n_sectors) & ((1 << ic->sb->log2_sectors_per_block) - 1)) != 0)) { 600 DMCRIT("invalid bitmap access (%llx,%llx,%d,%d,%d)", 601 sector, 602 n_sectors, 603 ic->sb->log2_sectors_per_block, 604 ic->log2_blocks_per_bitmap_bit, 605 mode); 606 BUG(); 607 } 608 609 if (unlikely(!n_sectors)) 610 return true; 611 612 bit = sector >> (ic->sb->log2_sectors_per_block + ic->log2_blocks_per_bitmap_bit); 613 end_bit = (sector + n_sectors - 1) >> 614 (ic->sb->log2_sectors_per_block + ic->log2_blocks_per_bitmap_bit); 615 616 page = bit / (PAGE_SIZE * 8); 617 bit %= PAGE_SIZE * 8; 618 619 end_page = end_bit / (PAGE_SIZE * 8); 620 end_bit %= PAGE_SIZE * 8; 621 622 repeat: 623 if (page < end_page) { 624 this_end_bit = PAGE_SIZE * 8 - 1; 625 } else { 626 this_end_bit = end_bit; 627 } 628 629 data = lowmem_page_address(bitmap[page].page); 630 631 if (mode == BITMAP_OP_TEST_ALL_SET) { 632 while (bit <= this_end_bit) { 633 if (!(bit % BITS_PER_LONG) && this_end_bit >= bit + BITS_PER_LONG - 1) { 634 do { 635 if (data[bit / BITS_PER_LONG] != -1) 636 return false; 637 bit += BITS_PER_LONG; 638 } while (this_end_bit >= bit + BITS_PER_LONG - 1); 639 continue; 640 } 641 if (!test_bit(bit, data)) 642 return false; 643 bit++; 644 } 645 } else if (mode == BITMAP_OP_TEST_ALL_CLEAR) { 646 while (bit <= this_end_bit) { 647 if (!(bit % BITS_PER_LONG) && this_end_bit >= bit + BITS_PER_LONG - 1) { 648 do { 649 if (data[bit / BITS_PER_LONG] != 0) 650 return false; 651 bit += BITS_PER_LONG; 652 } while (this_end_bit >= bit + BITS_PER_LONG - 1); 653 continue; 654 } 655 if (test_bit(bit, data)) 656 return false; 657 bit++; 658 } 659 } else if (mode == BITMAP_OP_SET) { 660 while (bit <= this_end_bit) { 661 if (!(bit % BITS_PER_LONG) && this_end_bit >= bit + BITS_PER_LONG - 1) { 662 do { 663 data[bit / BITS_PER_LONG] = -1; 664 bit += BITS_PER_LONG; 665 } while (this_end_bit >= bit + BITS_PER_LONG - 1); 666 continue; 667 } 668 __set_bit(bit, data); 669 bit++; 670 } 671 } else if (mode == BITMAP_OP_CLEAR) { 672 if (!bit && this_end_bit == PAGE_SIZE * 8 - 1) 673 clear_page(data); 674 else while (bit <= this_end_bit) { 675 if (!(bit % BITS_PER_LONG) && this_end_bit >= bit + BITS_PER_LONG - 1) { 676 do { 677 data[bit / BITS_PER_LONG] = 0; 678 bit += BITS_PER_LONG; 679 } while (this_end_bit >= bit + BITS_PER_LONG - 1); 680 continue; 681 } 682 __clear_bit(bit, data); 683 bit++; 684 } 685 } else { 686 BUG(); 687 } 688 689 if (unlikely(page < end_page)) { 690 bit = 0; 691 page++; 692 goto repeat; 693 } 694 695 return true; 696 } 697 698 static void block_bitmap_copy(struct dm_integrity_c *ic, struct page_list *dst, struct page_list *src) 699 { 700 unsigned n_bitmap_pages = DIV_ROUND_UP(ic->n_bitmap_blocks, PAGE_SIZE / BITMAP_BLOCK_SIZE); 701 unsigned i; 702 703 for (i = 0; i < n_bitmap_pages; i++) { 704 unsigned long *dst_data = lowmem_page_address(dst[i].page); 705 unsigned long *src_data = lowmem_page_address(src[i].page); 706 copy_page(dst_data, src_data); 707 } 708 } 709 710 static struct bitmap_block_status *sector_to_bitmap_block(struct dm_integrity_c *ic, sector_t sector) 711 { 712 unsigned bit = sector >> (ic->sb->log2_sectors_per_block + ic->log2_blocks_per_bitmap_bit); 713 unsigned bitmap_block = bit / (BITMAP_BLOCK_SIZE * 8); 714 715 BUG_ON(bitmap_block >= ic->n_bitmap_blocks); 716 return &ic->bbs[bitmap_block]; 717 } 718 719 static void access_journal_check(struct dm_integrity_c *ic, unsigned section, unsigned offset, 720 bool e, const char *function) 721 { 722 #if defined(CONFIG_DM_DEBUG) || defined(INTERNAL_VERIFY) 723 unsigned limit = e ? ic->journal_section_entries : ic->journal_section_sectors; 724 725 if (unlikely(section >= ic->journal_sections) || 726 unlikely(offset >= limit)) { 727 DMCRIT("%s: invalid access at (%u,%u), limit (%u,%u)", 728 function, section, offset, ic->journal_sections, limit); 729 BUG(); 730 } 731 #endif 732 } 733 734 static void page_list_location(struct dm_integrity_c *ic, unsigned section, unsigned offset, 735 unsigned *pl_index, unsigned *pl_offset) 736 { 737 unsigned sector; 738 739 access_journal_check(ic, section, offset, false, "page_list_location"); 740 741 sector = section * ic->journal_section_sectors + offset; 742 743 *pl_index = sector >> (PAGE_SHIFT - SECTOR_SHIFT); 744 *pl_offset = (sector << SECTOR_SHIFT) & (PAGE_SIZE - 1); 745 } 746 747 static struct journal_sector *access_page_list(struct dm_integrity_c *ic, struct page_list *pl, 748 unsigned section, unsigned offset, unsigned *n_sectors) 749 { 750 unsigned pl_index, pl_offset; 751 char *va; 752 753 page_list_location(ic, section, offset, &pl_index, &pl_offset); 754 755 if (n_sectors) 756 *n_sectors = (PAGE_SIZE - pl_offset) >> SECTOR_SHIFT; 757 758 va = lowmem_page_address(pl[pl_index].page); 759 760 return (struct journal_sector *)(va + pl_offset); 761 } 762 763 static struct journal_sector *access_journal(struct dm_integrity_c *ic, unsigned section, unsigned offset) 764 { 765 return access_page_list(ic, ic->journal, section, offset, NULL); 766 } 767 768 static struct journal_entry *access_journal_entry(struct dm_integrity_c *ic, unsigned section, unsigned n) 769 { 770 unsigned rel_sector, offset; 771 struct journal_sector *js; 772 773 access_journal_check(ic, section, n, true, "access_journal_entry"); 774 775 rel_sector = n % JOURNAL_BLOCK_SECTORS; 776 offset = n / JOURNAL_BLOCK_SECTORS; 777 778 js = access_journal(ic, section, rel_sector); 779 return (struct journal_entry *)((char *)js + offset * ic->journal_entry_size); 780 } 781 782 static struct journal_sector *access_journal_data(struct dm_integrity_c *ic, unsigned section, unsigned n) 783 { 784 n <<= ic->sb->log2_sectors_per_block; 785 786 n += JOURNAL_BLOCK_SECTORS; 787 788 access_journal_check(ic, section, n, false, "access_journal_data"); 789 790 return access_journal(ic, section, n); 791 } 792 793 static void section_mac(struct dm_integrity_c *ic, unsigned section, __u8 result[JOURNAL_MAC_SIZE]) 794 { 795 SHASH_DESC_ON_STACK(desc, ic->journal_mac); 796 int r; 797 unsigned j, size; 798 799 desc->tfm = ic->journal_mac; 800 801 r = crypto_shash_init(desc); 802 if (unlikely(r < 0)) { 803 dm_integrity_io_error(ic, "crypto_shash_init", r); 804 goto err; 805 } 806 807 if (ic->sb->flags & cpu_to_le32(SB_FLAG_FIXED_HMAC)) { 808 uint64_t section_le; 809 810 r = crypto_shash_update(desc, (__u8 *)&ic->sb->salt, SALT_SIZE); 811 if (unlikely(r < 0)) { 812 dm_integrity_io_error(ic, "crypto_shash_update", r); 813 goto err; 814 } 815 816 section_le = cpu_to_le64(section); 817 r = crypto_shash_update(desc, (__u8 *)§ion_le, sizeof section_le); 818 if (unlikely(r < 0)) { 819 dm_integrity_io_error(ic, "crypto_shash_update", r); 820 goto err; 821 } 822 } 823 824 for (j = 0; j < ic->journal_section_entries; j++) { 825 struct journal_entry *je = access_journal_entry(ic, section, j); 826 r = crypto_shash_update(desc, (__u8 *)&je->u.sector, sizeof je->u.sector); 827 if (unlikely(r < 0)) { 828 dm_integrity_io_error(ic, "crypto_shash_update", r); 829 goto err; 830 } 831 } 832 833 size = crypto_shash_digestsize(ic->journal_mac); 834 835 if (likely(size <= JOURNAL_MAC_SIZE)) { 836 r = crypto_shash_final(desc, result); 837 if (unlikely(r < 0)) { 838 dm_integrity_io_error(ic, "crypto_shash_final", r); 839 goto err; 840 } 841 memset(result + size, 0, JOURNAL_MAC_SIZE - size); 842 } else { 843 __u8 digest[HASH_MAX_DIGESTSIZE]; 844 845 if (WARN_ON(size > sizeof(digest))) { 846 dm_integrity_io_error(ic, "digest_size", -EINVAL); 847 goto err; 848 } 849 r = crypto_shash_final(desc, digest); 850 if (unlikely(r < 0)) { 851 dm_integrity_io_error(ic, "crypto_shash_final", r); 852 goto err; 853 } 854 memcpy(result, digest, JOURNAL_MAC_SIZE); 855 } 856 857 return; 858 err: 859 memset(result, 0, JOURNAL_MAC_SIZE); 860 } 861 862 static void rw_section_mac(struct dm_integrity_c *ic, unsigned section, bool wr) 863 { 864 __u8 result[JOURNAL_MAC_SIZE]; 865 unsigned j; 866 867 if (!ic->journal_mac) 868 return; 869 870 section_mac(ic, section, result); 871 872 for (j = 0; j < JOURNAL_BLOCK_SECTORS; j++) { 873 struct journal_sector *js = access_journal(ic, section, j); 874 875 if (likely(wr)) 876 memcpy(&js->mac, result + (j * JOURNAL_MAC_PER_SECTOR), JOURNAL_MAC_PER_SECTOR); 877 else { 878 if (memcmp(&js->mac, result + (j * JOURNAL_MAC_PER_SECTOR), JOURNAL_MAC_PER_SECTOR)) 879 dm_integrity_io_error(ic, "journal mac", -EILSEQ); 880 } 881 } 882 } 883 884 static void complete_journal_op(void *context) 885 { 886 struct journal_completion *comp = context; 887 BUG_ON(!atomic_read(&comp->in_flight)); 888 if (likely(atomic_dec_and_test(&comp->in_flight))) 889 complete(&comp->comp); 890 } 891 892 static void xor_journal(struct dm_integrity_c *ic, bool encrypt, unsigned section, 893 unsigned n_sections, struct journal_completion *comp) 894 { 895 struct async_submit_ctl submit; 896 size_t n_bytes = (size_t)(n_sections * ic->journal_section_sectors) << SECTOR_SHIFT; 897 unsigned pl_index, pl_offset, section_index; 898 struct page_list *source_pl, *target_pl; 899 900 if (likely(encrypt)) { 901 source_pl = ic->journal; 902 target_pl = ic->journal_io; 903 } else { 904 source_pl = ic->journal_io; 905 target_pl = ic->journal; 906 } 907 908 page_list_location(ic, section, 0, &pl_index, &pl_offset); 909 910 atomic_add(roundup(pl_offset + n_bytes, PAGE_SIZE) >> PAGE_SHIFT, &comp->in_flight); 911 912 init_async_submit(&submit, ASYNC_TX_XOR_ZERO_DST, NULL, complete_journal_op, comp, NULL); 913 914 section_index = pl_index; 915 916 do { 917 size_t this_step; 918 struct page *src_pages[2]; 919 struct page *dst_page; 920 921 while (unlikely(pl_index == section_index)) { 922 unsigned dummy; 923 if (likely(encrypt)) 924 rw_section_mac(ic, section, true); 925 section++; 926 n_sections--; 927 if (!n_sections) 928 break; 929 page_list_location(ic, section, 0, §ion_index, &dummy); 930 } 931 932 this_step = min(n_bytes, (size_t)PAGE_SIZE - pl_offset); 933 dst_page = target_pl[pl_index].page; 934 src_pages[0] = source_pl[pl_index].page; 935 src_pages[1] = ic->journal_xor[pl_index].page; 936 937 async_xor(dst_page, src_pages, pl_offset, 2, this_step, &submit); 938 939 pl_index++; 940 pl_offset = 0; 941 n_bytes -= this_step; 942 } while (n_bytes); 943 944 BUG_ON(n_sections); 945 946 async_tx_issue_pending_all(); 947 } 948 949 static void complete_journal_encrypt(struct crypto_async_request *req, int err) 950 { 951 struct journal_completion *comp = req->data; 952 if (unlikely(err)) { 953 if (likely(err == -EINPROGRESS)) { 954 complete(&comp->ic->crypto_backoff); 955 return; 956 } 957 dm_integrity_io_error(comp->ic, "asynchronous encrypt", err); 958 } 959 complete_journal_op(comp); 960 } 961 962 static bool do_crypt(bool encrypt, struct skcipher_request *req, struct journal_completion *comp) 963 { 964 int r; 965 skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 966 complete_journal_encrypt, comp); 967 if (likely(encrypt)) 968 r = crypto_skcipher_encrypt(req); 969 else 970 r = crypto_skcipher_decrypt(req); 971 if (likely(!r)) 972 return false; 973 if (likely(r == -EINPROGRESS)) 974 return true; 975 if (likely(r == -EBUSY)) { 976 wait_for_completion(&comp->ic->crypto_backoff); 977 reinit_completion(&comp->ic->crypto_backoff); 978 return true; 979 } 980 dm_integrity_io_error(comp->ic, "encrypt", r); 981 return false; 982 } 983 984 static void crypt_journal(struct dm_integrity_c *ic, bool encrypt, unsigned section, 985 unsigned n_sections, struct journal_completion *comp) 986 { 987 struct scatterlist **source_sg; 988 struct scatterlist **target_sg; 989 990 atomic_add(2, &comp->in_flight); 991 992 if (likely(encrypt)) { 993 source_sg = ic->journal_scatterlist; 994 target_sg = ic->journal_io_scatterlist; 995 } else { 996 source_sg = ic->journal_io_scatterlist; 997 target_sg = ic->journal_scatterlist; 998 } 999 1000 do { 1001 struct skcipher_request *req; 1002 unsigned ivsize; 1003 char *iv; 1004 1005 if (likely(encrypt)) 1006 rw_section_mac(ic, section, true); 1007 1008 req = ic->sk_requests[section]; 1009 ivsize = crypto_skcipher_ivsize(ic->journal_crypt); 1010 iv = req->iv; 1011 1012 memcpy(iv, iv + ivsize, ivsize); 1013 1014 req->src = source_sg[section]; 1015 req->dst = target_sg[section]; 1016 1017 if (unlikely(do_crypt(encrypt, req, comp))) 1018 atomic_inc(&comp->in_flight); 1019 1020 section++; 1021 n_sections--; 1022 } while (n_sections); 1023 1024 atomic_dec(&comp->in_flight); 1025 complete_journal_op(comp); 1026 } 1027 1028 static void encrypt_journal(struct dm_integrity_c *ic, bool encrypt, unsigned section, 1029 unsigned n_sections, struct journal_completion *comp) 1030 { 1031 if (ic->journal_xor) 1032 return xor_journal(ic, encrypt, section, n_sections, comp); 1033 else 1034 return crypt_journal(ic, encrypt, section, n_sections, comp); 1035 } 1036 1037 static void complete_journal_io(unsigned long error, void *context) 1038 { 1039 struct journal_completion *comp = context; 1040 if (unlikely(error != 0)) 1041 dm_integrity_io_error(comp->ic, "writing journal", -EIO); 1042 complete_journal_op(comp); 1043 } 1044 1045 static void rw_journal_sectors(struct dm_integrity_c *ic, int op, int op_flags, 1046 unsigned sector, unsigned n_sectors, struct journal_completion *comp) 1047 { 1048 struct dm_io_request io_req; 1049 struct dm_io_region io_loc; 1050 unsigned pl_index, pl_offset; 1051 int r; 1052 1053 if (unlikely(dm_integrity_failed(ic))) { 1054 if (comp) 1055 complete_journal_io(-1UL, comp); 1056 return; 1057 } 1058 1059 pl_index = sector >> (PAGE_SHIFT - SECTOR_SHIFT); 1060 pl_offset = (sector << SECTOR_SHIFT) & (PAGE_SIZE - 1); 1061 1062 io_req.bi_op = op; 1063 io_req.bi_op_flags = op_flags; 1064 io_req.mem.type = DM_IO_PAGE_LIST; 1065 if (ic->journal_io) 1066 io_req.mem.ptr.pl = &ic->journal_io[pl_index]; 1067 else 1068 io_req.mem.ptr.pl = &ic->journal[pl_index]; 1069 io_req.mem.offset = pl_offset; 1070 if (likely(comp != NULL)) { 1071 io_req.notify.fn = complete_journal_io; 1072 io_req.notify.context = comp; 1073 } else { 1074 io_req.notify.fn = NULL; 1075 } 1076 io_req.client = ic->io; 1077 io_loc.bdev = ic->meta_dev ? ic->meta_dev->bdev : ic->dev->bdev; 1078 io_loc.sector = ic->start + SB_SECTORS + sector; 1079 io_loc.count = n_sectors; 1080 1081 r = dm_io(&io_req, 1, &io_loc, NULL); 1082 if (unlikely(r)) { 1083 dm_integrity_io_error(ic, op == REQ_OP_READ ? "reading journal" : "writing journal", r); 1084 if (comp) { 1085 WARN_ONCE(1, "asynchronous dm_io failed: %d", r); 1086 complete_journal_io(-1UL, comp); 1087 } 1088 } 1089 } 1090 1091 static void rw_journal(struct dm_integrity_c *ic, int op, int op_flags, unsigned section, 1092 unsigned n_sections, struct journal_completion *comp) 1093 { 1094 unsigned sector, n_sectors; 1095 1096 sector = section * ic->journal_section_sectors; 1097 n_sectors = n_sections * ic->journal_section_sectors; 1098 1099 rw_journal_sectors(ic, op, op_flags, sector, n_sectors, comp); 1100 } 1101 1102 static void write_journal(struct dm_integrity_c *ic, unsigned commit_start, unsigned commit_sections) 1103 { 1104 struct journal_completion io_comp; 1105 struct journal_completion crypt_comp_1; 1106 struct journal_completion crypt_comp_2; 1107 unsigned i; 1108 1109 io_comp.ic = ic; 1110 init_completion(&io_comp.comp); 1111 1112 if (commit_start + commit_sections <= ic->journal_sections) { 1113 io_comp.in_flight = (atomic_t)ATOMIC_INIT(1); 1114 if (ic->journal_io) { 1115 crypt_comp_1.ic = ic; 1116 init_completion(&crypt_comp_1.comp); 1117 crypt_comp_1.in_flight = (atomic_t)ATOMIC_INIT(0); 1118 encrypt_journal(ic, true, commit_start, commit_sections, &crypt_comp_1); 1119 wait_for_completion_io(&crypt_comp_1.comp); 1120 } else { 1121 for (i = 0; i < commit_sections; i++) 1122 rw_section_mac(ic, commit_start + i, true); 1123 } 1124 rw_journal(ic, REQ_OP_WRITE, REQ_FUA | REQ_SYNC, commit_start, 1125 commit_sections, &io_comp); 1126 } else { 1127 unsigned to_end; 1128 io_comp.in_flight = (atomic_t)ATOMIC_INIT(2); 1129 to_end = ic->journal_sections - commit_start; 1130 if (ic->journal_io) { 1131 crypt_comp_1.ic = ic; 1132 init_completion(&crypt_comp_1.comp); 1133 crypt_comp_1.in_flight = (atomic_t)ATOMIC_INIT(0); 1134 encrypt_journal(ic, true, commit_start, to_end, &crypt_comp_1); 1135 if (try_wait_for_completion(&crypt_comp_1.comp)) { 1136 rw_journal(ic, REQ_OP_WRITE, REQ_FUA, commit_start, to_end, &io_comp); 1137 reinit_completion(&crypt_comp_1.comp); 1138 crypt_comp_1.in_flight = (atomic_t)ATOMIC_INIT(0); 1139 encrypt_journal(ic, true, 0, commit_sections - to_end, &crypt_comp_1); 1140 wait_for_completion_io(&crypt_comp_1.comp); 1141 } else { 1142 crypt_comp_2.ic = ic; 1143 init_completion(&crypt_comp_2.comp); 1144 crypt_comp_2.in_flight = (atomic_t)ATOMIC_INIT(0); 1145 encrypt_journal(ic, true, 0, commit_sections - to_end, &crypt_comp_2); 1146 wait_for_completion_io(&crypt_comp_1.comp); 1147 rw_journal(ic, REQ_OP_WRITE, REQ_FUA, commit_start, to_end, &io_comp); 1148 wait_for_completion_io(&crypt_comp_2.comp); 1149 } 1150 } else { 1151 for (i = 0; i < to_end; i++) 1152 rw_section_mac(ic, commit_start + i, true); 1153 rw_journal(ic, REQ_OP_WRITE, REQ_FUA, commit_start, to_end, &io_comp); 1154 for (i = 0; i < commit_sections - to_end; i++) 1155 rw_section_mac(ic, i, true); 1156 } 1157 rw_journal(ic, REQ_OP_WRITE, REQ_FUA, 0, commit_sections - to_end, &io_comp); 1158 } 1159 1160 wait_for_completion_io(&io_comp.comp); 1161 } 1162 1163 static void copy_from_journal(struct dm_integrity_c *ic, unsigned section, unsigned offset, 1164 unsigned n_sectors, sector_t target, io_notify_fn fn, void *data) 1165 { 1166 struct dm_io_request io_req; 1167 struct dm_io_region io_loc; 1168 int r; 1169 unsigned sector, pl_index, pl_offset; 1170 1171 BUG_ON((target | n_sectors | offset) & (unsigned)(ic->sectors_per_block - 1)); 1172 1173 if (unlikely(dm_integrity_failed(ic))) { 1174 fn(-1UL, data); 1175 return; 1176 } 1177 1178 sector = section * ic->journal_section_sectors + JOURNAL_BLOCK_SECTORS + offset; 1179 1180 pl_index = sector >> (PAGE_SHIFT - SECTOR_SHIFT); 1181 pl_offset = (sector << SECTOR_SHIFT) & (PAGE_SIZE - 1); 1182 1183 io_req.bi_op = REQ_OP_WRITE; 1184 io_req.bi_op_flags = 0; 1185 io_req.mem.type = DM_IO_PAGE_LIST; 1186 io_req.mem.ptr.pl = &ic->journal[pl_index]; 1187 io_req.mem.offset = pl_offset; 1188 io_req.notify.fn = fn; 1189 io_req.notify.context = data; 1190 io_req.client = ic->io; 1191 io_loc.bdev = ic->dev->bdev; 1192 io_loc.sector = target; 1193 io_loc.count = n_sectors; 1194 1195 r = dm_io(&io_req, 1, &io_loc, NULL); 1196 if (unlikely(r)) { 1197 WARN_ONCE(1, "asynchronous dm_io failed: %d", r); 1198 fn(-1UL, data); 1199 } 1200 } 1201 1202 static bool ranges_overlap(struct dm_integrity_range *range1, struct dm_integrity_range *range2) 1203 { 1204 return range1->logical_sector < range2->logical_sector + range2->n_sectors && 1205 range1->logical_sector + range1->n_sectors > range2->logical_sector; 1206 } 1207 1208 static bool add_new_range(struct dm_integrity_c *ic, struct dm_integrity_range *new_range, bool check_waiting) 1209 { 1210 struct rb_node **n = &ic->in_progress.rb_node; 1211 struct rb_node *parent; 1212 1213 BUG_ON((new_range->logical_sector | new_range->n_sectors) & (unsigned)(ic->sectors_per_block - 1)); 1214 1215 if (likely(check_waiting)) { 1216 struct dm_integrity_range *range; 1217 list_for_each_entry(range, &ic->wait_list, wait_entry) { 1218 if (unlikely(ranges_overlap(range, new_range))) 1219 return false; 1220 } 1221 } 1222 1223 parent = NULL; 1224 1225 while (*n) { 1226 struct dm_integrity_range *range = container_of(*n, struct dm_integrity_range, node); 1227 1228 parent = *n; 1229 if (new_range->logical_sector + new_range->n_sectors <= range->logical_sector) { 1230 n = &range->node.rb_left; 1231 } else if (new_range->logical_sector >= range->logical_sector + range->n_sectors) { 1232 n = &range->node.rb_right; 1233 } else { 1234 return false; 1235 } 1236 } 1237 1238 rb_link_node(&new_range->node, parent, n); 1239 rb_insert_color(&new_range->node, &ic->in_progress); 1240 1241 return true; 1242 } 1243 1244 static void remove_range_unlocked(struct dm_integrity_c *ic, struct dm_integrity_range *range) 1245 { 1246 rb_erase(&range->node, &ic->in_progress); 1247 while (unlikely(!list_empty(&ic->wait_list))) { 1248 struct dm_integrity_range *last_range = 1249 list_first_entry(&ic->wait_list, struct dm_integrity_range, wait_entry); 1250 struct task_struct *last_range_task; 1251 last_range_task = last_range->task; 1252 list_del(&last_range->wait_entry); 1253 if (!add_new_range(ic, last_range, false)) { 1254 last_range->task = last_range_task; 1255 list_add(&last_range->wait_entry, &ic->wait_list); 1256 break; 1257 } 1258 last_range->waiting = false; 1259 wake_up_process(last_range_task); 1260 } 1261 } 1262 1263 static void remove_range(struct dm_integrity_c *ic, struct dm_integrity_range *range) 1264 { 1265 unsigned long flags; 1266 1267 spin_lock_irqsave(&ic->endio_wait.lock, flags); 1268 remove_range_unlocked(ic, range); 1269 spin_unlock_irqrestore(&ic->endio_wait.lock, flags); 1270 } 1271 1272 static void wait_and_add_new_range(struct dm_integrity_c *ic, struct dm_integrity_range *new_range) 1273 { 1274 new_range->waiting = true; 1275 list_add_tail(&new_range->wait_entry, &ic->wait_list); 1276 new_range->task = current; 1277 do { 1278 __set_current_state(TASK_UNINTERRUPTIBLE); 1279 spin_unlock_irq(&ic->endio_wait.lock); 1280 io_schedule(); 1281 spin_lock_irq(&ic->endio_wait.lock); 1282 } while (unlikely(new_range->waiting)); 1283 } 1284 1285 static void add_new_range_and_wait(struct dm_integrity_c *ic, struct dm_integrity_range *new_range) 1286 { 1287 if (unlikely(!add_new_range(ic, new_range, true))) 1288 wait_and_add_new_range(ic, new_range); 1289 } 1290 1291 static void init_journal_node(struct journal_node *node) 1292 { 1293 RB_CLEAR_NODE(&node->node); 1294 node->sector = (sector_t)-1; 1295 } 1296 1297 static void add_journal_node(struct dm_integrity_c *ic, struct journal_node *node, sector_t sector) 1298 { 1299 struct rb_node **link; 1300 struct rb_node *parent; 1301 1302 node->sector = sector; 1303 BUG_ON(!RB_EMPTY_NODE(&node->node)); 1304 1305 link = &ic->journal_tree_root.rb_node; 1306 parent = NULL; 1307 1308 while (*link) { 1309 struct journal_node *j; 1310 parent = *link; 1311 j = container_of(parent, struct journal_node, node); 1312 if (sector < j->sector) 1313 link = &j->node.rb_left; 1314 else 1315 link = &j->node.rb_right; 1316 } 1317 1318 rb_link_node(&node->node, parent, link); 1319 rb_insert_color(&node->node, &ic->journal_tree_root); 1320 } 1321 1322 static void remove_journal_node(struct dm_integrity_c *ic, struct journal_node *node) 1323 { 1324 BUG_ON(RB_EMPTY_NODE(&node->node)); 1325 rb_erase(&node->node, &ic->journal_tree_root); 1326 init_journal_node(node); 1327 } 1328 1329 #define NOT_FOUND (-1U) 1330 1331 static unsigned find_journal_node(struct dm_integrity_c *ic, sector_t sector, sector_t *next_sector) 1332 { 1333 struct rb_node *n = ic->journal_tree_root.rb_node; 1334 unsigned found = NOT_FOUND; 1335 *next_sector = (sector_t)-1; 1336 while (n) { 1337 struct journal_node *j = container_of(n, struct journal_node, node); 1338 if (sector == j->sector) { 1339 found = j - ic->journal_tree; 1340 } 1341 if (sector < j->sector) { 1342 *next_sector = j->sector; 1343 n = j->node.rb_left; 1344 } else { 1345 n = j->node.rb_right; 1346 } 1347 } 1348 1349 return found; 1350 } 1351 1352 static bool test_journal_node(struct dm_integrity_c *ic, unsigned pos, sector_t sector) 1353 { 1354 struct journal_node *node, *next_node; 1355 struct rb_node *next; 1356 1357 if (unlikely(pos >= ic->journal_entries)) 1358 return false; 1359 node = &ic->journal_tree[pos]; 1360 if (unlikely(RB_EMPTY_NODE(&node->node))) 1361 return false; 1362 if (unlikely(node->sector != sector)) 1363 return false; 1364 1365 next = rb_next(&node->node); 1366 if (unlikely(!next)) 1367 return true; 1368 1369 next_node = container_of(next, struct journal_node, node); 1370 return next_node->sector != sector; 1371 } 1372 1373 static bool find_newer_committed_node(struct dm_integrity_c *ic, struct journal_node *node) 1374 { 1375 struct rb_node *next; 1376 struct journal_node *next_node; 1377 unsigned next_section; 1378 1379 BUG_ON(RB_EMPTY_NODE(&node->node)); 1380 1381 next = rb_next(&node->node); 1382 if (unlikely(!next)) 1383 return false; 1384 1385 next_node = container_of(next, struct journal_node, node); 1386 1387 if (next_node->sector != node->sector) 1388 return false; 1389 1390 next_section = (unsigned)(next_node - ic->journal_tree) / ic->journal_section_entries; 1391 if (next_section >= ic->committed_section && 1392 next_section < ic->committed_section + ic->n_committed_sections) 1393 return true; 1394 if (next_section + ic->journal_sections < ic->committed_section + ic->n_committed_sections) 1395 return true; 1396 1397 return false; 1398 } 1399 1400 #define TAG_READ 0 1401 #define TAG_WRITE 1 1402 #define TAG_CMP 2 1403 1404 static int dm_integrity_rw_tag(struct dm_integrity_c *ic, unsigned char *tag, sector_t *metadata_block, 1405 unsigned *metadata_offset, unsigned total_size, int op) 1406 { 1407 #define MAY_BE_FILLER 1 1408 #define MAY_BE_HASH 2 1409 unsigned hash_offset = 0; 1410 unsigned may_be = MAY_BE_HASH | (ic->discard ? MAY_BE_FILLER : 0); 1411 1412 do { 1413 unsigned char *data, *dp; 1414 struct dm_buffer *b; 1415 unsigned to_copy; 1416 int r; 1417 1418 r = dm_integrity_failed(ic); 1419 if (unlikely(r)) 1420 return r; 1421 1422 data = dm_bufio_read(ic->bufio, *metadata_block, &b); 1423 if (IS_ERR(data)) 1424 return PTR_ERR(data); 1425 1426 to_copy = min((1U << SECTOR_SHIFT << ic->log2_buffer_sectors) - *metadata_offset, total_size); 1427 dp = data + *metadata_offset; 1428 if (op == TAG_READ) { 1429 memcpy(tag, dp, to_copy); 1430 } else if (op == TAG_WRITE) { 1431 memcpy(dp, tag, to_copy); 1432 dm_bufio_mark_partial_buffer_dirty(b, *metadata_offset, *metadata_offset + to_copy); 1433 } else { 1434 /* e.g.: op == TAG_CMP */ 1435 1436 if (likely(is_power_of_2(ic->tag_size))) { 1437 if (unlikely(memcmp(dp, tag, to_copy))) 1438 if (unlikely(!ic->discard) || 1439 unlikely(memchr_inv(dp, DISCARD_FILLER, to_copy) != NULL)) { 1440 goto thorough_test; 1441 } 1442 } else { 1443 unsigned i, ts; 1444 thorough_test: 1445 ts = total_size; 1446 1447 for (i = 0; i < to_copy; i++, ts--) { 1448 if (unlikely(dp[i] != tag[i])) 1449 may_be &= ~MAY_BE_HASH; 1450 if (likely(dp[i] != DISCARD_FILLER)) 1451 may_be &= ~MAY_BE_FILLER; 1452 hash_offset++; 1453 if (unlikely(hash_offset == ic->tag_size)) { 1454 if (unlikely(!may_be)) { 1455 dm_bufio_release(b); 1456 return ts; 1457 } 1458 hash_offset = 0; 1459 may_be = MAY_BE_HASH | (ic->discard ? MAY_BE_FILLER : 0); 1460 } 1461 } 1462 } 1463 } 1464 dm_bufio_release(b); 1465 1466 tag += to_copy; 1467 *metadata_offset += to_copy; 1468 if (unlikely(*metadata_offset == 1U << SECTOR_SHIFT << ic->log2_buffer_sectors)) { 1469 (*metadata_block)++; 1470 *metadata_offset = 0; 1471 } 1472 1473 if (unlikely(!is_power_of_2(ic->tag_size))) { 1474 hash_offset = (hash_offset + to_copy) % ic->tag_size; 1475 } 1476 1477 total_size -= to_copy; 1478 } while (unlikely(total_size)); 1479 1480 return 0; 1481 #undef MAY_BE_FILLER 1482 #undef MAY_BE_HASH 1483 } 1484 1485 struct flush_request { 1486 struct dm_io_request io_req; 1487 struct dm_io_region io_reg; 1488 struct dm_integrity_c *ic; 1489 struct completion comp; 1490 }; 1491 1492 static void flush_notify(unsigned long error, void *fr_) 1493 { 1494 struct flush_request *fr = fr_; 1495 if (unlikely(error != 0)) 1496 dm_integrity_io_error(fr->ic, "flushing disk cache", -EIO); 1497 complete(&fr->comp); 1498 } 1499 1500 static void dm_integrity_flush_buffers(struct dm_integrity_c *ic, bool flush_data) 1501 { 1502 int r; 1503 1504 struct flush_request fr; 1505 1506 if (!ic->meta_dev) 1507 flush_data = false; 1508 if (flush_data) { 1509 fr.io_req.bi_op = REQ_OP_WRITE, 1510 fr.io_req.bi_op_flags = REQ_PREFLUSH | REQ_SYNC, 1511 fr.io_req.mem.type = DM_IO_KMEM, 1512 fr.io_req.mem.ptr.addr = NULL, 1513 fr.io_req.notify.fn = flush_notify, 1514 fr.io_req.notify.context = &fr; 1515 fr.io_req.client = dm_bufio_get_dm_io_client(ic->bufio), 1516 fr.io_reg.bdev = ic->dev->bdev, 1517 fr.io_reg.sector = 0, 1518 fr.io_reg.count = 0, 1519 fr.ic = ic; 1520 init_completion(&fr.comp); 1521 r = dm_io(&fr.io_req, 1, &fr.io_reg, NULL); 1522 BUG_ON(r); 1523 } 1524 1525 r = dm_bufio_write_dirty_buffers(ic->bufio); 1526 if (unlikely(r)) 1527 dm_integrity_io_error(ic, "writing tags", r); 1528 1529 if (flush_data) 1530 wait_for_completion(&fr.comp); 1531 } 1532 1533 static void sleep_on_endio_wait(struct dm_integrity_c *ic) 1534 { 1535 DECLARE_WAITQUEUE(wait, current); 1536 __add_wait_queue(&ic->endio_wait, &wait); 1537 __set_current_state(TASK_UNINTERRUPTIBLE); 1538 spin_unlock_irq(&ic->endio_wait.lock); 1539 io_schedule(); 1540 spin_lock_irq(&ic->endio_wait.lock); 1541 __remove_wait_queue(&ic->endio_wait, &wait); 1542 } 1543 1544 static void autocommit_fn(struct timer_list *t) 1545 { 1546 struct dm_integrity_c *ic = from_timer(ic, t, autocommit_timer); 1547 1548 if (likely(!dm_integrity_failed(ic))) 1549 queue_work(ic->commit_wq, &ic->commit_work); 1550 } 1551 1552 static void schedule_autocommit(struct dm_integrity_c *ic) 1553 { 1554 if (!timer_pending(&ic->autocommit_timer)) 1555 mod_timer(&ic->autocommit_timer, jiffies + ic->autocommit_jiffies); 1556 } 1557 1558 static void submit_flush_bio(struct dm_integrity_c *ic, struct dm_integrity_io *dio) 1559 { 1560 struct bio *bio; 1561 unsigned long flags; 1562 1563 spin_lock_irqsave(&ic->endio_wait.lock, flags); 1564 bio = dm_bio_from_per_bio_data(dio, sizeof(struct dm_integrity_io)); 1565 bio_list_add(&ic->flush_bio_list, bio); 1566 spin_unlock_irqrestore(&ic->endio_wait.lock, flags); 1567 1568 queue_work(ic->commit_wq, &ic->commit_work); 1569 } 1570 1571 static void do_endio(struct dm_integrity_c *ic, struct bio *bio) 1572 { 1573 int r = dm_integrity_failed(ic); 1574 if (unlikely(r) && !bio->bi_status) 1575 bio->bi_status = errno_to_blk_status(r); 1576 if (unlikely(ic->synchronous_mode) && bio_op(bio) == REQ_OP_WRITE) { 1577 unsigned long flags; 1578 spin_lock_irqsave(&ic->endio_wait.lock, flags); 1579 bio_list_add(&ic->synchronous_bios, bio); 1580 queue_delayed_work(ic->commit_wq, &ic->bitmap_flush_work, 0); 1581 spin_unlock_irqrestore(&ic->endio_wait.lock, flags); 1582 return; 1583 } 1584 bio_endio(bio); 1585 } 1586 1587 static void do_endio_flush(struct dm_integrity_c *ic, struct dm_integrity_io *dio) 1588 { 1589 struct bio *bio = dm_bio_from_per_bio_data(dio, sizeof(struct dm_integrity_io)); 1590 1591 if (unlikely(dio->fua) && likely(!bio->bi_status) && likely(!dm_integrity_failed(ic))) 1592 submit_flush_bio(ic, dio); 1593 else 1594 do_endio(ic, bio); 1595 } 1596 1597 static void dec_in_flight(struct dm_integrity_io *dio) 1598 { 1599 if (atomic_dec_and_test(&dio->in_flight)) { 1600 struct dm_integrity_c *ic = dio->ic; 1601 struct bio *bio; 1602 1603 remove_range(ic, &dio->range); 1604 1605 if (dio->op == REQ_OP_WRITE || unlikely(dio->op == REQ_OP_DISCARD)) 1606 schedule_autocommit(ic); 1607 1608 bio = dm_bio_from_per_bio_data(dio, sizeof(struct dm_integrity_io)); 1609 1610 if (unlikely(dio->bi_status) && !bio->bi_status) 1611 bio->bi_status = dio->bi_status; 1612 if (likely(!bio->bi_status) && unlikely(bio_sectors(bio) != dio->range.n_sectors)) { 1613 dio->range.logical_sector += dio->range.n_sectors; 1614 bio_advance(bio, dio->range.n_sectors << SECTOR_SHIFT); 1615 INIT_WORK(&dio->work, integrity_bio_wait); 1616 queue_work(ic->offload_wq, &dio->work); 1617 return; 1618 } 1619 do_endio_flush(ic, dio); 1620 } 1621 } 1622 1623 static void integrity_end_io(struct bio *bio) 1624 { 1625 struct dm_integrity_io *dio = dm_per_bio_data(bio, sizeof(struct dm_integrity_io)); 1626 1627 dm_bio_restore(&dio->bio_details, bio); 1628 if (bio->bi_integrity) 1629 bio->bi_opf |= REQ_INTEGRITY; 1630 1631 if (dio->completion) 1632 complete(dio->completion); 1633 1634 dec_in_flight(dio); 1635 } 1636 1637 static void integrity_sector_checksum(struct dm_integrity_c *ic, sector_t sector, 1638 const char *data, char *result) 1639 { 1640 __u64 sector_le = cpu_to_le64(sector); 1641 SHASH_DESC_ON_STACK(req, ic->internal_hash); 1642 int r; 1643 unsigned digest_size; 1644 1645 req->tfm = ic->internal_hash; 1646 1647 r = crypto_shash_init(req); 1648 if (unlikely(r < 0)) { 1649 dm_integrity_io_error(ic, "crypto_shash_init", r); 1650 goto failed; 1651 } 1652 1653 if (ic->sb->flags & cpu_to_le32(SB_FLAG_FIXED_HMAC)) { 1654 r = crypto_shash_update(req, (__u8 *)&ic->sb->salt, SALT_SIZE); 1655 if (unlikely(r < 0)) { 1656 dm_integrity_io_error(ic, "crypto_shash_update", r); 1657 goto failed; 1658 } 1659 } 1660 1661 r = crypto_shash_update(req, (const __u8 *)§or_le, sizeof sector_le); 1662 if (unlikely(r < 0)) { 1663 dm_integrity_io_error(ic, "crypto_shash_update", r); 1664 goto failed; 1665 } 1666 1667 r = crypto_shash_update(req, data, ic->sectors_per_block << SECTOR_SHIFT); 1668 if (unlikely(r < 0)) { 1669 dm_integrity_io_error(ic, "crypto_shash_update", r); 1670 goto failed; 1671 } 1672 1673 r = crypto_shash_final(req, result); 1674 if (unlikely(r < 0)) { 1675 dm_integrity_io_error(ic, "crypto_shash_final", r); 1676 goto failed; 1677 } 1678 1679 digest_size = crypto_shash_digestsize(ic->internal_hash); 1680 if (unlikely(digest_size < ic->tag_size)) 1681 memset(result + digest_size, 0, ic->tag_size - digest_size); 1682 1683 return; 1684 1685 failed: 1686 /* this shouldn't happen anyway, the hash functions have no reason to fail */ 1687 get_random_bytes(result, ic->tag_size); 1688 } 1689 1690 static void integrity_metadata(struct work_struct *w) 1691 { 1692 struct dm_integrity_io *dio = container_of(w, struct dm_integrity_io, work); 1693 struct dm_integrity_c *ic = dio->ic; 1694 1695 int r; 1696 1697 if (ic->internal_hash) { 1698 struct bvec_iter iter; 1699 struct bio_vec bv; 1700 unsigned digest_size = crypto_shash_digestsize(ic->internal_hash); 1701 struct bio *bio = dm_bio_from_per_bio_data(dio, sizeof(struct dm_integrity_io)); 1702 char *checksums; 1703 unsigned extra_space = unlikely(digest_size > ic->tag_size) ? digest_size - ic->tag_size : 0; 1704 char checksums_onstack[max((size_t)HASH_MAX_DIGESTSIZE, MAX_TAG_SIZE)]; 1705 sector_t sector; 1706 unsigned sectors_to_process; 1707 1708 if (unlikely(ic->mode == 'R')) 1709 goto skip_io; 1710 1711 if (likely(dio->op != REQ_OP_DISCARD)) 1712 checksums = kmalloc((PAGE_SIZE >> SECTOR_SHIFT >> ic->sb->log2_sectors_per_block) * ic->tag_size + extra_space, 1713 GFP_NOIO | __GFP_NORETRY | __GFP_NOWARN); 1714 else 1715 checksums = kmalloc(PAGE_SIZE, GFP_NOIO | __GFP_NORETRY | __GFP_NOWARN); 1716 if (!checksums) { 1717 checksums = checksums_onstack; 1718 if (WARN_ON(extra_space && 1719 digest_size > sizeof(checksums_onstack))) { 1720 r = -EINVAL; 1721 goto error; 1722 } 1723 } 1724 1725 if (unlikely(dio->op == REQ_OP_DISCARD)) { 1726 sector_t bi_sector = dio->bio_details.bi_iter.bi_sector; 1727 unsigned bi_size = dio->bio_details.bi_iter.bi_size; 1728 unsigned max_size = likely(checksums != checksums_onstack) ? PAGE_SIZE : HASH_MAX_DIGESTSIZE; 1729 unsigned max_blocks = max_size / ic->tag_size; 1730 memset(checksums, DISCARD_FILLER, max_size); 1731 1732 while (bi_size) { 1733 unsigned this_step_blocks = bi_size >> (SECTOR_SHIFT + ic->sb->log2_sectors_per_block); 1734 this_step_blocks = min(this_step_blocks, max_blocks); 1735 r = dm_integrity_rw_tag(ic, checksums, &dio->metadata_block, &dio->metadata_offset, 1736 this_step_blocks * ic->tag_size, TAG_WRITE); 1737 if (unlikely(r)) { 1738 if (likely(checksums != checksums_onstack)) 1739 kfree(checksums); 1740 goto error; 1741 } 1742 1743 /*if (bi_size < this_step_blocks << (SECTOR_SHIFT + ic->sb->log2_sectors_per_block)) { 1744 printk("BUGG: bi_sector: %llx, bi_size: %u\n", bi_sector, bi_size); 1745 printk("BUGG: this_step_blocks: %u\n", this_step_blocks); 1746 BUG(); 1747 }*/ 1748 bi_size -= this_step_blocks << (SECTOR_SHIFT + ic->sb->log2_sectors_per_block); 1749 bi_sector += this_step_blocks << ic->sb->log2_sectors_per_block; 1750 } 1751 1752 if (likely(checksums != checksums_onstack)) 1753 kfree(checksums); 1754 goto skip_io; 1755 } 1756 1757 sector = dio->range.logical_sector; 1758 sectors_to_process = dio->range.n_sectors; 1759 1760 __bio_for_each_segment(bv, bio, iter, dio->bio_details.bi_iter) { 1761 unsigned pos; 1762 char *mem, *checksums_ptr; 1763 1764 again: 1765 mem = (char *)kmap_atomic(bv.bv_page) + bv.bv_offset; 1766 pos = 0; 1767 checksums_ptr = checksums; 1768 do { 1769 integrity_sector_checksum(ic, sector, mem + pos, checksums_ptr); 1770 checksums_ptr += ic->tag_size; 1771 sectors_to_process -= ic->sectors_per_block; 1772 pos += ic->sectors_per_block << SECTOR_SHIFT; 1773 sector += ic->sectors_per_block; 1774 } while (pos < bv.bv_len && sectors_to_process && checksums != checksums_onstack); 1775 kunmap_atomic(mem); 1776 1777 r = dm_integrity_rw_tag(ic, checksums, &dio->metadata_block, &dio->metadata_offset, 1778 checksums_ptr - checksums, dio->op == REQ_OP_READ ? TAG_CMP : TAG_WRITE); 1779 if (unlikely(r)) { 1780 if (r > 0) { 1781 char b[BDEVNAME_SIZE]; 1782 DMERR_LIMIT("%s: Checksum failed at sector 0x%llx", bio_devname(bio, b), 1783 (sector - ((r + ic->tag_size - 1) / ic->tag_size))); 1784 r = -EILSEQ; 1785 atomic64_inc(&ic->number_of_mismatches); 1786 } 1787 if (likely(checksums != checksums_onstack)) 1788 kfree(checksums); 1789 goto error; 1790 } 1791 1792 if (!sectors_to_process) 1793 break; 1794 1795 if (unlikely(pos < bv.bv_len)) { 1796 bv.bv_offset += pos; 1797 bv.bv_len -= pos; 1798 goto again; 1799 } 1800 } 1801 1802 if (likely(checksums != checksums_onstack)) 1803 kfree(checksums); 1804 } else { 1805 struct bio_integrity_payload *bip = dio->bio_details.bi_integrity; 1806 1807 if (bip) { 1808 struct bio_vec biv; 1809 struct bvec_iter iter; 1810 unsigned data_to_process = dio->range.n_sectors; 1811 sector_to_block(ic, data_to_process); 1812 data_to_process *= ic->tag_size; 1813 1814 bip_for_each_vec(biv, bip, iter) { 1815 unsigned char *tag; 1816 unsigned this_len; 1817 1818 BUG_ON(PageHighMem(biv.bv_page)); 1819 tag = lowmem_page_address(biv.bv_page) + biv.bv_offset; 1820 this_len = min(biv.bv_len, data_to_process); 1821 r = dm_integrity_rw_tag(ic, tag, &dio->metadata_block, &dio->metadata_offset, 1822 this_len, dio->op == REQ_OP_READ ? TAG_READ : TAG_WRITE); 1823 if (unlikely(r)) 1824 goto error; 1825 data_to_process -= this_len; 1826 if (!data_to_process) 1827 break; 1828 } 1829 } 1830 } 1831 skip_io: 1832 dec_in_flight(dio); 1833 return; 1834 error: 1835 dio->bi_status = errno_to_blk_status(r); 1836 dec_in_flight(dio); 1837 } 1838 1839 static int dm_integrity_map(struct dm_target *ti, struct bio *bio) 1840 { 1841 struct dm_integrity_c *ic = ti->private; 1842 struct dm_integrity_io *dio = dm_per_bio_data(bio, sizeof(struct dm_integrity_io)); 1843 struct bio_integrity_payload *bip; 1844 1845 sector_t area, offset; 1846 1847 dio->ic = ic; 1848 dio->bi_status = 0; 1849 dio->op = bio_op(bio); 1850 1851 if (unlikely(dio->op == REQ_OP_DISCARD)) { 1852 if (ti->max_io_len) { 1853 sector_t sec = dm_target_offset(ti, bio->bi_iter.bi_sector); 1854 unsigned log2_max_io_len = __fls(ti->max_io_len); 1855 sector_t start_boundary = sec >> log2_max_io_len; 1856 sector_t end_boundary = (sec + bio_sectors(bio) - 1) >> log2_max_io_len; 1857 if (start_boundary < end_boundary) { 1858 sector_t len = ti->max_io_len - (sec & (ti->max_io_len - 1)); 1859 dm_accept_partial_bio(bio, len); 1860 } 1861 } 1862 } 1863 1864 if (unlikely(bio->bi_opf & REQ_PREFLUSH)) { 1865 submit_flush_bio(ic, dio); 1866 return DM_MAPIO_SUBMITTED; 1867 } 1868 1869 dio->range.logical_sector = dm_target_offset(ti, bio->bi_iter.bi_sector); 1870 dio->fua = dio->op == REQ_OP_WRITE && bio->bi_opf & REQ_FUA; 1871 if (unlikely(dio->fua)) { 1872 /* 1873 * Don't pass down the FUA flag because we have to flush 1874 * disk cache anyway. 1875 */ 1876 bio->bi_opf &= ~REQ_FUA; 1877 } 1878 if (unlikely(dio->range.logical_sector + bio_sectors(bio) > ic->provided_data_sectors)) { 1879 DMERR("Too big sector number: 0x%llx + 0x%x > 0x%llx", 1880 dio->range.logical_sector, bio_sectors(bio), 1881 ic->provided_data_sectors); 1882 return DM_MAPIO_KILL; 1883 } 1884 if (unlikely((dio->range.logical_sector | bio_sectors(bio)) & (unsigned)(ic->sectors_per_block - 1))) { 1885 DMERR("Bio not aligned on %u sectors: 0x%llx, 0x%x", 1886 ic->sectors_per_block, 1887 dio->range.logical_sector, bio_sectors(bio)); 1888 return DM_MAPIO_KILL; 1889 } 1890 1891 if (ic->sectors_per_block > 1 && likely(dio->op != REQ_OP_DISCARD)) { 1892 struct bvec_iter iter; 1893 struct bio_vec bv; 1894 bio_for_each_segment(bv, bio, iter) { 1895 if (unlikely(bv.bv_len & ((ic->sectors_per_block << SECTOR_SHIFT) - 1))) { 1896 DMERR("Bio vector (%u,%u) is not aligned on %u-sector boundary", 1897 bv.bv_offset, bv.bv_len, ic->sectors_per_block); 1898 return DM_MAPIO_KILL; 1899 } 1900 } 1901 } 1902 1903 bip = bio_integrity(bio); 1904 if (!ic->internal_hash) { 1905 if (bip) { 1906 unsigned wanted_tag_size = bio_sectors(bio) >> ic->sb->log2_sectors_per_block; 1907 if (ic->log2_tag_size >= 0) 1908 wanted_tag_size <<= ic->log2_tag_size; 1909 else 1910 wanted_tag_size *= ic->tag_size; 1911 if (unlikely(wanted_tag_size != bip->bip_iter.bi_size)) { 1912 DMERR("Invalid integrity data size %u, expected %u", 1913 bip->bip_iter.bi_size, wanted_tag_size); 1914 return DM_MAPIO_KILL; 1915 } 1916 } 1917 } else { 1918 if (unlikely(bip != NULL)) { 1919 DMERR("Unexpected integrity data when using internal hash"); 1920 return DM_MAPIO_KILL; 1921 } 1922 } 1923 1924 if (unlikely(ic->mode == 'R') && unlikely(dio->op != REQ_OP_READ)) 1925 return DM_MAPIO_KILL; 1926 1927 get_area_and_offset(ic, dio->range.logical_sector, &area, &offset); 1928 dio->metadata_block = get_metadata_sector_and_offset(ic, area, offset, &dio->metadata_offset); 1929 bio->bi_iter.bi_sector = get_data_sector(ic, area, offset); 1930 1931 dm_integrity_map_continue(dio, true); 1932 return DM_MAPIO_SUBMITTED; 1933 } 1934 1935 static bool __journal_read_write(struct dm_integrity_io *dio, struct bio *bio, 1936 unsigned journal_section, unsigned journal_entry) 1937 { 1938 struct dm_integrity_c *ic = dio->ic; 1939 sector_t logical_sector; 1940 unsigned n_sectors; 1941 1942 logical_sector = dio->range.logical_sector; 1943 n_sectors = dio->range.n_sectors; 1944 do { 1945 struct bio_vec bv = bio_iovec(bio); 1946 char *mem; 1947 1948 if (unlikely(bv.bv_len >> SECTOR_SHIFT > n_sectors)) 1949 bv.bv_len = n_sectors << SECTOR_SHIFT; 1950 n_sectors -= bv.bv_len >> SECTOR_SHIFT; 1951 bio_advance_iter(bio, &bio->bi_iter, bv.bv_len); 1952 retry_kmap: 1953 mem = kmap_atomic(bv.bv_page); 1954 if (likely(dio->op == REQ_OP_WRITE)) 1955 flush_dcache_page(bv.bv_page); 1956 1957 do { 1958 struct journal_entry *je = access_journal_entry(ic, journal_section, journal_entry); 1959 1960 if (unlikely(dio->op == REQ_OP_READ)) { 1961 struct journal_sector *js; 1962 char *mem_ptr; 1963 unsigned s; 1964 1965 if (unlikely(journal_entry_is_inprogress(je))) { 1966 flush_dcache_page(bv.bv_page); 1967 kunmap_atomic(mem); 1968 1969 __io_wait_event(ic->copy_to_journal_wait, !journal_entry_is_inprogress(je)); 1970 goto retry_kmap; 1971 } 1972 smp_rmb(); 1973 BUG_ON(journal_entry_get_sector(je) != logical_sector); 1974 js = access_journal_data(ic, journal_section, journal_entry); 1975 mem_ptr = mem + bv.bv_offset; 1976 s = 0; 1977 do { 1978 memcpy(mem_ptr, js, JOURNAL_SECTOR_DATA); 1979 *(commit_id_t *)(mem_ptr + JOURNAL_SECTOR_DATA) = je->last_bytes[s]; 1980 js++; 1981 mem_ptr += 1 << SECTOR_SHIFT; 1982 } while (++s < ic->sectors_per_block); 1983 #ifdef INTERNAL_VERIFY 1984 if (ic->internal_hash) { 1985 char checksums_onstack[max((size_t)HASH_MAX_DIGESTSIZE, MAX_TAG_SIZE)]; 1986 1987 integrity_sector_checksum(ic, logical_sector, mem + bv.bv_offset, checksums_onstack); 1988 if (unlikely(memcmp(checksums_onstack, journal_entry_tag(ic, je), ic->tag_size))) { 1989 DMERR_LIMIT("Checksum failed when reading from journal, at sector 0x%llx", 1990 logical_sector); 1991 } 1992 } 1993 #endif 1994 } 1995 1996 if (!ic->internal_hash) { 1997 struct bio_integrity_payload *bip = bio_integrity(bio); 1998 unsigned tag_todo = ic->tag_size; 1999 char *tag_ptr = journal_entry_tag(ic, je); 2000 2001 if (bip) do { 2002 struct bio_vec biv = bvec_iter_bvec(bip->bip_vec, bip->bip_iter); 2003 unsigned tag_now = min(biv.bv_len, tag_todo); 2004 char *tag_addr; 2005 BUG_ON(PageHighMem(biv.bv_page)); 2006 tag_addr = lowmem_page_address(biv.bv_page) + biv.bv_offset; 2007 if (likely(dio->op == REQ_OP_WRITE)) 2008 memcpy(tag_ptr, tag_addr, tag_now); 2009 else 2010 memcpy(tag_addr, tag_ptr, tag_now); 2011 bvec_iter_advance(bip->bip_vec, &bip->bip_iter, tag_now); 2012 tag_ptr += tag_now; 2013 tag_todo -= tag_now; 2014 } while (unlikely(tag_todo)); else { 2015 if (likely(dio->op == REQ_OP_WRITE)) 2016 memset(tag_ptr, 0, tag_todo); 2017 } 2018 } 2019 2020 if (likely(dio->op == REQ_OP_WRITE)) { 2021 struct journal_sector *js; 2022 unsigned s; 2023 2024 js = access_journal_data(ic, journal_section, journal_entry); 2025 memcpy(js, mem + bv.bv_offset, ic->sectors_per_block << SECTOR_SHIFT); 2026 2027 s = 0; 2028 do { 2029 je->last_bytes[s] = js[s].commit_id; 2030 } while (++s < ic->sectors_per_block); 2031 2032 if (ic->internal_hash) { 2033 unsigned digest_size = crypto_shash_digestsize(ic->internal_hash); 2034 if (unlikely(digest_size > ic->tag_size)) { 2035 char checksums_onstack[HASH_MAX_DIGESTSIZE]; 2036 integrity_sector_checksum(ic, logical_sector, (char *)js, checksums_onstack); 2037 memcpy(journal_entry_tag(ic, je), checksums_onstack, ic->tag_size); 2038 } else 2039 integrity_sector_checksum(ic, logical_sector, (char *)js, journal_entry_tag(ic, je)); 2040 } 2041 2042 journal_entry_set_sector(je, logical_sector); 2043 } 2044 logical_sector += ic->sectors_per_block; 2045 2046 journal_entry++; 2047 if (unlikely(journal_entry == ic->journal_section_entries)) { 2048 journal_entry = 0; 2049 journal_section++; 2050 wraparound_section(ic, &journal_section); 2051 } 2052 2053 bv.bv_offset += ic->sectors_per_block << SECTOR_SHIFT; 2054 } while (bv.bv_len -= ic->sectors_per_block << SECTOR_SHIFT); 2055 2056 if (unlikely(dio->op == REQ_OP_READ)) 2057 flush_dcache_page(bv.bv_page); 2058 kunmap_atomic(mem); 2059 } while (n_sectors); 2060 2061 if (likely(dio->op == REQ_OP_WRITE)) { 2062 smp_mb(); 2063 if (unlikely(waitqueue_active(&ic->copy_to_journal_wait))) 2064 wake_up(&ic->copy_to_journal_wait); 2065 if (READ_ONCE(ic->free_sectors) <= ic->free_sectors_threshold) { 2066 queue_work(ic->commit_wq, &ic->commit_work); 2067 } else { 2068 schedule_autocommit(ic); 2069 } 2070 } else { 2071 remove_range(ic, &dio->range); 2072 } 2073 2074 if (unlikely(bio->bi_iter.bi_size)) { 2075 sector_t area, offset; 2076 2077 dio->range.logical_sector = logical_sector; 2078 get_area_and_offset(ic, dio->range.logical_sector, &area, &offset); 2079 dio->metadata_block = get_metadata_sector_and_offset(ic, area, offset, &dio->metadata_offset); 2080 return true; 2081 } 2082 2083 return false; 2084 } 2085 2086 static void dm_integrity_map_continue(struct dm_integrity_io *dio, bool from_map) 2087 { 2088 struct dm_integrity_c *ic = dio->ic; 2089 struct bio *bio = dm_bio_from_per_bio_data(dio, sizeof(struct dm_integrity_io)); 2090 unsigned journal_section, journal_entry; 2091 unsigned journal_read_pos; 2092 struct completion read_comp; 2093 bool discard_retried = false; 2094 bool need_sync_io = ic->internal_hash && dio->op == REQ_OP_READ; 2095 if (unlikely(dio->op == REQ_OP_DISCARD) && ic->mode != 'D') 2096 need_sync_io = true; 2097 2098 if (need_sync_io && from_map) { 2099 INIT_WORK(&dio->work, integrity_bio_wait); 2100 queue_work(ic->offload_wq, &dio->work); 2101 return; 2102 } 2103 2104 lock_retry: 2105 spin_lock_irq(&ic->endio_wait.lock); 2106 retry: 2107 if (unlikely(dm_integrity_failed(ic))) { 2108 spin_unlock_irq(&ic->endio_wait.lock); 2109 do_endio(ic, bio); 2110 return; 2111 } 2112 dio->range.n_sectors = bio_sectors(bio); 2113 journal_read_pos = NOT_FOUND; 2114 if (ic->mode == 'J' && likely(dio->op != REQ_OP_DISCARD)) { 2115 if (dio->op == REQ_OP_WRITE) { 2116 unsigned next_entry, i, pos; 2117 unsigned ws, we, range_sectors; 2118 2119 dio->range.n_sectors = min(dio->range.n_sectors, 2120 (sector_t)ic->free_sectors << ic->sb->log2_sectors_per_block); 2121 if (unlikely(!dio->range.n_sectors)) { 2122 if (from_map) 2123 goto offload_to_thread; 2124 sleep_on_endio_wait(ic); 2125 goto retry; 2126 } 2127 range_sectors = dio->range.n_sectors >> ic->sb->log2_sectors_per_block; 2128 ic->free_sectors -= range_sectors; 2129 journal_section = ic->free_section; 2130 journal_entry = ic->free_section_entry; 2131 2132 next_entry = ic->free_section_entry + range_sectors; 2133 ic->free_section_entry = next_entry % ic->journal_section_entries; 2134 ic->free_section += next_entry / ic->journal_section_entries; 2135 ic->n_uncommitted_sections += next_entry / ic->journal_section_entries; 2136 wraparound_section(ic, &ic->free_section); 2137 2138 pos = journal_section * ic->journal_section_entries + journal_entry; 2139 ws = journal_section; 2140 we = journal_entry; 2141 i = 0; 2142 do { 2143 struct journal_entry *je; 2144 2145 add_journal_node(ic, &ic->journal_tree[pos], dio->range.logical_sector + i); 2146 pos++; 2147 if (unlikely(pos >= ic->journal_entries)) 2148 pos = 0; 2149 2150 je = access_journal_entry(ic, ws, we); 2151 BUG_ON(!journal_entry_is_unused(je)); 2152 journal_entry_set_inprogress(je); 2153 we++; 2154 if (unlikely(we == ic->journal_section_entries)) { 2155 we = 0; 2156 ws++; 2157 wraparound_section(ic, &ws); 2158 } 2159 } while ((i += ic->sectors_per_block) < dio->range.n_sectors); 2160 2161 spin_unlock_irq(&ic->endio_wait.lock); 2162 goto journal_read_write; 2163 } else { 2164 sector_t next_sector; 2165 journal_read_pos = find_journal_node(ic, dio->range.logical_sector, &next_sector); 2166 if (likely(journal_read_pos == NOT_FOUND)) { 2167 if (unlikely(dio->range.n_sectors > next_sector - dio->range.logical_sector)) 2168 dio->range.n_sectors = next_sector - dio->range.logical_sector; 2169 } else { 2170 unsigned i; 2171 unsigned jp = journal_read_pos + 1; 2172 for (i = ic->sectors_per_block; i < dio->range.n_sectors; i += ic->sectors_per_block, jp++) { 2173 if (!test_journal_node(ic, jp, dio->range.logical_sector + i)) 2174 break; 2175 } 2176 dio->range.n_sectors = i; 2177 } 2178 } 2179 } 2180 if (unlikely(!add_new_range(ic, &dio->range, true))) { 2181 /* 2182 * We must not sleep in the request routine because it could 2183 * stall bios on current->bio_list. 2184 * So, we offload the bio to a workqueue if we have to sleep. 2185 */ 2186 if (from_map) { 2187 offload_to_thread: 2188 spin_unlock_irq(&ic->endio_wait.lock); 2189 INIT_WORK(&dio->work, integrity_bio_wait); 2190 queue_work(ic->wait_wq, &dio->work); 2191 return; 2192 } 2193 if (journal_read_pos != NOT_FOUND) 2194 dio->range.n_sectors = ic->sectors_per_block; 2195 wait_and_add_new_range(ic, &dio->range); 2196 /* 2197 * wait_and_add_new_range drops the spinlock, so the journal 2198 * may have been changed arbitrarily. We need to recheck. 2199 * To simplify the code, we restrict I/O size to just one block. 2200 */ 2201 if (journal_read_pos != NOT_FOUND) { 2202 sector_t next_sector; 2203 unsigned new_pos = find_journal_node(ic, dio->range.logical_sector, &next_sector); 2204 if (unlikely(new_pos != journal_read_pos)) { 2205 remove_range_unlocked(ic, &dio->range); 2206 goto retry; 2207 } 2208 } 2209 } 2210 if (ic->mode == 'J' && likely(dio->op == REQ_OP_DISCARD) && !discard_retried) { 2211 sector_t next_sector; 2212 unsigned new_pos = find_journal_node(ic, dio->range.logical_sector, &next_sector); 2213 if (unlikely(new_pos != NOT_FOUND) || 2214 unlikely(next_sector < dio->range.logical_sector - dio->range.n_sectors)) { 2215 remove_range_unlocked(ic, &dio->range); 2216 spin_unlock_irq(&ic->endio_wait.lock); 2217 queue_work(ic->commit_wq, &ic->commit_work); 2218 flush_workqueue(ic->commit_wq); 2219 queue_work(ic->writer_wq, &ic->writer_work); 2220 flush_workqueue(ic->writer_wq); 2221 discard_retried = true; 2222 goto lock_retry; 2223 } 2224 } 2225 spin_unlock_irq(&ic->endio_wait.lock); 2226 2227 if (unlikely(journal_read_pos != NOT_FOUND)) { 2228 journal_section = journal_read_pos / ic->journal_section_entries; 2229 journal_entry = journal_read_pos % ic->journal_section_entries; 2230 goto journal_read_write; 2231 } 2232 2233 if (ic->mode == 'B' && (dio->op == REQ_OP_WRITE || unlikely(dio->op == REQ_OP_DISCARD))) { 2234 if (!block_bitmap_op(ic, ic->may_write_bitmap, dio->range.logical_sector, 2235 dio->range.n_sectors, BITMAP_OP_TEST_ALL_SET)) { 2236 struct bitmap_block_status *bbs; 2237 2238 bbs = sector_to_bitmap_block(ic, dio->range.logical_sector); 2239 spin_lock(&bbs->bio_queue_lock); 2240 bio_list_add(&bbs->bio_queue, bio); 2241 spin_unlock(&bbs->bio_queue_lock); 2242 queue_work(ic->writer_wq, &bbs->work); 2243 return; 2244 } 2245 } 2246 2247 dio->in_flight = (atomic_t)ATOMIC_INIT(2); 2248 2249 if (need_sync_io) { 2250 init_completion(&read_comp); 2251 dio->completion = &read_comp; 2252 } else 2253 dio->completion = NULL; 2254 2255 dm_bio_record(&dio->bio_details, bio); 2256 bio_set_dev(bio, ic->dev->bdev); 2257 bio->bi_integrity = NULL; 2258 bio->bi_opf &= ~REQ_INTEGRITY; 2259 bio->bi_end_io = integrity_end_io; 2260 bio->bi_iter.bi_size = dio->range.n_sectors << SECTOR_SHIFT; 2261 2262 if (unlikely(dio->op == REQ_OP_DISCARD) && likely(ic->mode != 'D')) { 2263 integrity_metadata(&dio->work); 2264 dm_integrity_flush_buffers(ic, false); 2265 2266 dio->in_flight = (atomic_t)ATOMIC_INIT(1); 2267 dio->completion = NULL; 2268 2269 submit_bio_noacct(bio); 2270 2271 return; 2272 } 2273 2274 submit_bio_noacct(bio); 2275 2276 if (need_sync_io) { 2277 wait_for_completion_io(&read_comp); 2278 if (ic->sb->flags & cpu_to_le32(SB_FLAG_RECALCULATING) && 2279 dio->range.logical_sector + dio->range.n_sectors > le64_to_cpu(ic->sb->recalc_sector)) 2280 goto skip_check; 2281 if (ic->mode == 'B') { 2282 if (!block_bitmap_op(ic, ic->recalc_bitmap, dio->range.logical_sector, 2283 dio->range.n_sectors, BITMAP_OP_TEST_ALL_CLEAR)) 2284 goto skip_check; 2285 } 2286 2287 if (likely(!bio->bi_status)) 2288 integrity_metadata(&dio->work); 2289 else 2290 skip_check: 2291 dec_in_flight(dio); 2292 2293 } else { 2294 INIT_WORK(&dio->work, integrity_metadata); 2295 queue_work(ic->metadata_wq, &dio->work); 2296 } 2297 2298 return; 2299 2300 journal_read_write: 2301 if (unlikely(__journal_read_write(dio, bio, journal_section, journal_entry))) 2302 goto lock_retry; 2303 2304 do_endio_flush(ic, dio); 2305 } 2306 2307 2308 static void integrity_bio_wait(struct work_struct *w) 2309 { 2310 struct dm_integrity_io *dio = container_of(w, struct dm_integrity_io, work); 2311 2312 dm_integrity_map_continue(dio, false); 2313 } 2314 2315 static void pad_uncommitted(struct dm_integrity_c *ic) 2316 { 2317 if (ic->free_section_entry) { 2318 ic->free_sectors -= ic->journal_section_entries - ic->free_section_entry; 2319 ic->free_section_entry = 0; 2320 ic->free_section++; 2321 wraparound_section(ic, &ic->free_section); 2322 ic->n_uncommitted_sections++; 2323 } 2324 if (WARN_ON(ic->journal_sections * ic->journal_section_entries != 2325 (ic->n_uncommitted_sections + ic->n_committed_sections) * 2326 ic->journal_section_entries + ic->free_sectors)) { 2327 DMCRIT("journal_sections %u, journal_section_entries %u, " 2328 "n_uncommitted_sections %u, n_committed_sections %u, " 2329 "journal_section_entries %u, free_sectors %u", 2330 ic->journal_sections, ic->journal_section_entries, 2331 ic->n_uncommitted_sections, ic->n_committed_sections, 2332 ic->journal_section_entries, ic->free_sectors); 2333 } 2334 } 2335 2336 static void integrity_commit(struct work_struct *w) 2337 { 2338 struct dm_integrity_c *ic = container_of(w, struct dm_integrity_c, commit_work); 2339 unsigned commit_start, commit_sections; 2340 unsigned i, j, n; 2341 struct bio *flushes; 2342 2343 del_timer(&ic->autocommit_timer); 2344 2345 spin_lock_irq(&ic->endio_wait.lock); 2346 flushes = bio_list_get(&ic->flush_bio_list); 2347 if (unlikely(ic->mode != 'J')) { 2348 spin_unlock_irq(&ic->endio_wait.lock); 2349 dm_integrity_flush_buffers(ic, true); 2350 goto release_flush_bios; 2351 } 2352 2353 pad_uncommitted(ic); 2354 commit_start = ic->uncommitted_section; 2355 commit_sections = ic->n_uncommitted_sections; 2356 spin_unlock_irq(&ic->endio_wait.lock); 2357 2358 if (!commit_sections) 2359 goto release_flush_bios; 2360 2361 i = commit_start; 2362 for (n = 0; n < commit_sections; n++) { 2363 for (j = 0; j < ic->journal_section_entries; j++) { 2364 struct journal_entry *je; 2365 je = access_journal_entry(ic, i, j); 2366 io_wait_event(ic->copy_to_journal_wait, !journal_entry_is_inprogress(je)); 2367 } 2368 for (j = 0; j < ic->journal_section_sectors; j++) { 2369 struct journal_sector *js; 2370 js = access_journal(ic, i, j); 2371 js->commit_id = dm_integrity_commit_id(ic, i, j, ic->commit_seq); 2372 } 2373 i++; 2374 if (unlikely(i >= ic->journal_sections)) 2375 ic->commit_seq = next_commit_seq(ic->commit_seq); 2376 wraparound_section(ic, &i); 2377 } 2378 smp_rmb(); 2379 2380 write_journal(ic, commit_start, commit_sections); 2381 2382 spin_lock_irq(&ic->endio_wait.lock); 2383 ic->uncommitted_section += commit_sections; 2384 wraparound_section(ic, &ic->uncommitted_section); 2385 ic->n_uncommitted_sections -= commit_sections; 2386 ic->n_committed_sections += commit_sections; 2387 spin_unlock_irq(&ic->endio_wait.lock); 2388 2389 if (READ_ONCE(ic->free_sectors) <= ic->free_sectors_threshold) 2390 queue_work(ic->writer_wq, &ic->writer_work); 2391 2392 release_flush_bios: 2393 while (flushes) { 2394 struct bio *next = flushes->bi_next; 2395 flushes->bi_next = NULL; 2396 do_endio(ic, flushes); 2397 flushes = next; 2398 } 2399 } 2400 2401 static void complete_copy_from_journal(unsigned long error, void *context) 2402 { 2403 struct journal_io *io = context; 2404 struct journal_completion *comp = io->comp; 2405 struct dm_integrity_c *ic = comp->ic; 2406 remove_range(ic, &io->range); 2407 mempool_free(io, &ic->journal_io_mempool); 2408 if (unlikely(error != 0)) 2409 dm_integrity_io_error(ic, "copying from journal", -EIO); 2410 complete_journal_op(comp); 2411 } 2412 2413 static void restore_last_bytes(struct dm_integrity_c *ic, struct journal_sector *js, 2414 struct journal_entry *je) 2415 { 2416 unsigned s = 0; 2417 do { 2418 js->commit_id = je->last_bytes[s]; 2419 js++; 2420 } while (++s < ic->sectors_per_block); 2421 } 2422 2423 static void do_journal_write(struct dm_integrity_c *ic, unsigned write_start, 2424 unsigned write_sections, bool from_replay) 2425 { 2426 unsigned i, j, n; 2427 struct journal_completion comp; 2428 struct blk_plug plug; 2429 2430 blk_start_plug(&plug); 2431 2432 comp.ic = ic; 2433 comp.in_flight = (atomic_t)ATOMIC_INIT(1); 2434 init_completion(&comp.comp); 2435 2436 i = write_start; 2437 for (n = 0; n < write_sections; n++, i++, wraparound_section(ic, &i)) { 2438 #ifndef INTERNAL_VERIFY 2439 if (unlikely(from_replay)) 2440 #endif 2441 rw_section_mac(ic, i, false); 2442 for (j = 0; j < ic->journal_section_entries; j++) { 2443 struct journal_entry *je = access_journal_entry(ic, i, j); 2444 sector_t sec, area, offset; 2445 unsigned k, l, next_loop; 2446 sector_t metadata_block; 2447 unsigned metadata_offset; 2448 struct journal_io *io; 2449 2450 if (journal_entry_is_unused(je)) 2451 continue; 2452 BUG_ON(unlikely(journal_entry_is_inprogress(je)) && !from_replay); 2453 sec = journal_entry_get_sector(je); 2454 if (unlikely(from_replay)) { 2455 if (unlikely(sec & (unsigned)(ic->sectors_per_block - 1))) { 2456 dm_integrity_io_error(ic, "invalid sector in journal", -EIO); 2457 sec &= ~(sector_t)(ic->sectors_per_block - 1); 2458 } 2459 } 2460 if (unlikely(sec >= ic->provided_data_sectors)) 2461 continue; 2462 get_area_and_offset(ic, sec, &area, &offset); 2463 restore_last_bytes(ic, access_journal_data(ic, i, j), je); 2464 for (k = j + 1; k < ic->journal_section_entries; k++) { 2465 struct journal_entry *je2 = access_journal_entry(ic, i, k); 2466 sector_t sec2, area2, offset2; 2467 if (journal_entry_is_unused(je2)) 2468 break; 2469 BUG_ON(unlikely(journal_entry_is_inprogress(je2)) && !from_replay); 2470 sec2 = journal_entry_get_sector(je2); 2471 if (unlikely(sec2 >= ic->provided_data_sectors)) 2472 break; 2473 get_area_and_offset(ic, sec2, &area2, &offset2); 2474 if (area2 != area || offset2 != offset + ((k - j) << ic->sb->log2_sectors_per_block)) 2475 break; 2476 restore_last_bytes(ic, access_journal_data(ic, i, k), je2); 2477 } 2478 next_loop = k - 1; 2479 2480 io = mempool_alloc(&ic->journal_io_mempool, GFP_NOIO); 2481 io->comp = ∁ 2482 io->range.logical_sector = sec; 2483 io->range.n_sectors = (k - j) << ic->sb->log2_sectors_per_block; 2484 2485 spin_lock_irq(&ic->endio_wait.lock); 2486 add_new_range_and_wait(ic, &io->range); 2487 2488 if (likely(!from_replay)) { 2489 struct journal_node *section_node = &ic->journal_tree[i * ic->journal_section_entries]; 2490 2491 /* don't write if there is newer committed sector */ 2492 while (j < k && find_newer_committed_node(ic, §ion_node[j])) { 2493 struct journal_entry *je2 = access_journal_entry(ic, i, j); 2494 2495 journal_entry_set_unused(je2); 2496 remove_journal_node(ic, §ion_node[j]); 2497 j++; 2498 sec += ic->sectors_per_block; 2499 offset += ic->sectors_per_block; 2500 } 2501 while (j < k && find_newer_committed_node(ic, §ion_node[k - 1])) { 2502 struct journal_entry *je2 = access_journal_entry(ic, i, k - 1); 2503 2504 journal_entry_set_unused(je2); 2505 remove_journal_node(ic, §ion_node[k - 1]); 2506 k--; 2507 } 2508 if (j == k) { 2509 remove_range_unlocked(ic, &io->range); 2510 spin_unlock_irq(&ic->endio_wait.lock); 2511 mempool_free(io, &ic->journal_io_mempool); 2512 goto skip_io; 2513 } 2514 for (l = j; l < k; l++) { 2515 remove_journal_node(ic, §ion_node[l]); 2516 } 2517 } 2518 spin_unlock_irq(&ic->endio_wait.lock); 2519 2520 metadata_block = get_metadata_sector_and_offset(ic, area, offset, &metadata_offset); 2521 for (l = j; l < k; l++) { 2522 int r; 2523 struct journal_entry *je2 = access_journal_entry(ic, i, l); 2524 2525 if ( 2526 #ifndef INTERNAL_VERIFY 2527 unlikely(from_replay) && 2528 #endif 2529 ic->internal_hash) { 2530 char test_tag[max_t(size_t, HASH_MAX_DIGESTSIZE, MAX_TAG_SIZE)]; 2531 2532 integrity_sector_checksum(ic, sec + ((l - j) << ic->sb->log2_sectors_per_block), 2533 (char *)access_journal_data(ic, i, l), test_tag); 2534 if (unlikely(memcmp(test_tag, journal_entry_tag(ic, je2), ic->tag_size))) 2535 dm_integrity_io_error(ic, "tag mismatch when replaying journal", -EILSEQ); 2536 } 2537 2538 journal_entry_set_unused(je2); 2539 r = dm_integrity_rw_tag(ic, journal_entry_tag(ic, je2), &metadata_block, &metadata_offset, 2540 ic->tag_size, TAG_WRITE); 2541 if (unlikely(r)) { 2542 dm_integrity_io_error(ic, "reading tags", r); 2543 } 2544 } 2545 2546 atomic_inc(&comp.in_flight); 2547 copy_from_journal(ic, i, j << ic->sb->log2_sectors_per_block, 2548 (k - j) << ic->sb->log2_sectors_per_block, 2549 get_data_sector(ic, area, offset), 2550 complete_copy_from_journal, io); 2551 skip_io: 2552 j = next_loop; 2553 } 2554 } 2555 2556 dm_bufio_write_dirty_buffers_async(ic->bufio); 2557 2558 blk_finish_plug(&plug); 2559 2560 complete_journal_op(&comp); 2561 wait_for_completion_io(&comp.comp); 2562 2563 dm_integrity_flush_buffers(ic, true); 2564 } 2565 2566 static void integrity_writer(struct work_struct *w) 2567 { 2568 struct dm_integrity_c *ic = container_of(w, struct dm_integrity_c, writer_work); 2569 unsigned write_start, write_sections; 2570 2571 unsigned prev_free_sectors; 2572 2573 /* the following test is not needed, but it tests the replay code */ 2574 if (unlikely(dm_post_suspending(ic->ti)) && !ic->meta_dev) 2575 return; 2576 2577 spin_lock_irq(&ic->endio_wait.lock); 2578 write_start = ic->committed_section; 2579 write_sections = ic->n_committed_sections; 2580 spin_unlock_irq(&ic->endio_wait.lock); 2581 2582 if (!write_sections) 2583 return; 2584 2585 do_journal_write(ic, write_start, write_sections, false); 2586 2587 spin_lock_irq(&ic->endio_wait.lock); 2588 2589 ic->committed_section += write_sections; 2590 wraparound_section(ic, &ic->committed_section); 2591 ic->n_committed_sections -= write_sections; 2592 2593 prev_free_sectors = ic->free_sectors; 2594 ic->free_sectors += write_sections * ic->journal_section_entries; 2595 if (unlikely(!prev_free_sectors)) 2596 wake_up_locked(&ic->endio_wait); 2597 2598 spin_unlock_irq(&ic->endio_wait.lock); 2599 } 2600 2601 static void recalc_write_super(struct dm_integrity_c *ic) 2602 { 2603 int r; 2604 2605 dm_integrity_flush_buffers(ic, false); 2606 if (dm_integrity_failed(ic)) 2607 return; 2608 2609 r = sync_rw_sb(ic, REQ_OP_WRITE, 0); 2610 if (unlikely(r)) 2611 dm_integrity_io_error(ic, "writing superblock", r); 2612 } 2613 2614 static void integrity_recalc(struct work_struct *w) 2615 { 2616 struct dm_integrity_c *ic = container_of(w, struct dm_integrity_c, recalc_work); 2617 struct dm_integrity_range range; 2618 struct dm_io_request io_req; 2619 struct dm_io_region io_loc; 2620 sector_t area, offset; 2621 sector_t metadata_block; 2622 unsigned metadata_offset; 2623 sector_t logical_sector, n_sectors; 2624 __u8 *t; 2625 unsigned i; 2626 int r; 2627 unsigned super_counter = 0; 2628 2629 DEBUG_print("start recalculation... (position %llx)\n", le64_to_cpu(ic->sb->recalc_sector)); 2630 2631 spin_lock_irq(&ic->endio_wait.lock); 2632 2633 next_chunk: 2634 2635 if (unlikely(dm_post_suspending(ic->ti))) 2636 goto unlock_ret; 2637 2638 range.logical_sector = le64_to_cpu(ic->sb->recalc_sector); 2639 if (unlikely(range.logical_sector >= ic->provided_data_sectors)) { 2640 if (ic->mode == 'B') { 2641 block_bitmap_op(ic, ic->recalc_bitmap, 0, ic->provided_data_sectors, BITMAP_OP_CLEAR); 2642 DEBUG_print("queue_delayed_work: bitmap_flush_work\n"); 2643 queue_delayed_work(ic->commit_wq, &ic->bitmap_flush_work, 0); 2644 } 2645 goto unlock_ret; 2646 } 2647 2648 get_area_and_offset(ic, range.logical_sector, &area, &offset); 2649 range.n_sectors = min((sector_t)RECALC_SECTORS, ic->provided_data_sectors - range.logical_sector); 2650 if (!ic->meta_dev) 2651 range.n_sectors = min(range.n_sectors, ((sector_t)1U << ic->sb->log2_interleave_sectors) - (unsigned)offset); 2652 2653 add_new_range_and_wait(ic, &range); 2654 spin_unlock_irq(&ic->endio_wait.lock); 2655 logical_sector = range.logical_sector; 2656 n_sectors = range.n_sectors; 2657 2658 if (ic->mode == 'B') { 2659 if (block_bitmap_op(ic, ic->recalc_bitmap, logical_sector, n_sectors, BITMAP_OP_TEST_ALL_CLEAR)) { 2660 goto advance_and_next; 2661 } 2662 while (block_bitmap_op(ic, ic->recalc_bitmap, logical_sector, 2663 ic->sectors_per_block, BITMAP_OP_TEST_ALL_CLEAR)) { 2664 logical_sector += ic->sectors_per_block; 2665 n_sectors -= ic->sectors_per_block; 2666 cond_resched(); 2667 } 2668 while (block_bitmap_op(ic, ic->recalc_bitmap, logical_sector + n_sectors - ic->sectors_per_block, 2669 ic->sectors_per_block, BITMAP_OP_TEST_ALL_CLEAR)) { 2670 n_sectors -= ic->sectors_per_block; 2671 cond_resched(); 2672 } 2673 get_area_and_offset(ic, logical_sector, &area, &offset); 2674 } 2675 2676 DEBUG_print("recalculating: %llx, %llx\n", logical_sector, n_sectors); 2677 2678 if (unlikely(++super_counter == RECALC_WRITE_SUPER)) { 2679 recalc_write_super(ic); 2680 if (ic->mode == 'B') { 2681 queue_delayed_work(ic->commit_wq, &ic->bitmap_flush_work, ic->bitmap_flush_interval); 2682 } 2683 super_counter = 0; 2684 } 2685 2686 if (unlikely(dm_integrity_failed(ic))) 2687 goto err; 2688 2689 io_req.bi_op = REQ_OP_READ; 2690 io_req.bi_op_flags = 0; 2691 io_req.mem.type = DM_IO_VMA; 2692 io_req.mem.ptr.addr = ic->recalc_buffer; 2693 io_req.notify.fn = NULL; 2694 io_req.client = ic->io; 2695 io_loc.bdev = ic->dev->bdev; 2696 io_loc.sector = get_data_sector(ic, area, offset); 2697 io_loc.count = n_sectors; 2698 2699 r = dm_io(&io_req, 1, &io_loc, NULL); 2700 if (unlikely(r)) { 2701 dm_integrity_io_error(ic, "reading data", r); 2702 goto err; 2703 } 2704 2705 t = ic->recalc_tags; 2706 for (i = 0; i < n_sectors; i += ic->sectors_per_block) { 2707 integrity_sector_checksum(ic, logical_sector + i, ic->recalc_buffer + (i << SECTOR_SHIFT), t); 2708 t += ic->tag_size; 2709 } 2710 2711 metadata_block = get_metadata_sector_and_offset(ic, area, offset, &metadata_offset); 2712 2713 r = dm_integrity_rw_tag(ic, ic->recalc_tags, &metadata_block, &metadata_offset, t - ic->recalc_tags, TAG_WRITE); 2714 if (unlikely(r)) { 2715 dm_integrity_io_error(ic, "writing tags", r); 2716 goto err; 2717 } 2718 2719 if (ic->mode == 'B') { 2720 sector_t start, end; 2721 start = (range.logical_sector >> 2722 (ic->sb->log2_sectors_per_block + ic->log2_blocks_per_bitmap_bit)) << 2723 (ic->sb->log2_sectors_per_block + ic->log2_blocks_per_bitmap_bit); 2724 end = ((range.logical_sector + range.n_sectors) >> 2725 (ic->sb->log2_sectors_per_block + ic->log2_blocks_per_bitmap_bit)) << 2726 (ic->sb->log2_sectors_per_block + ic->log2_blocks_per_bitmap_bit); 2727 block_bitmap_op(ic, ic->recalc_bitmap, start, end - start, BITMAP_OP_CLEAR); 2728 } 2729 2730 advance_and_next: 2731 cond_resched(); 2732 2733 spin_lock_irq(&ic->endio_wait.lock); 2734 remove_range_unlocked(ic, &range); 2735 ic->sb->recalc_sector = cpu_to_le64(range.logical_sector + range.n_sectors); 2736 goto next_chunk; 2737 2738 err: 2739 remove_range(ic, &range); 2740 return; 2741 2742 unlock_ret: 2743 spin_unlock_irq(&ic->endio_wait.lock); 2744 2745 recalc_write_super(ic); 2746 } 2747 2748 static void bitmap_block_work(struct work_struct *w) 2749 { 2750 struct bitmap_block_status *bbs = container_of(w, struct bitmap_block_status, work); 2751 struct dm_integrity_c *ic = bbs->ic; 2752 struct bio *bio; 2753 struct bio_list bio_queue; 2754 struct bio_list waiting; 2755 2756 bio_list_init(&waiting); 2757 2758 spin_lock(&bbs->bio_queue_lock); 2759 bio_queue = bbs->bio_queue; 2760 bio_list_init(&bbs->bio_queue); 2761 spin_unlock(&bbs->bio_queue_lock); 2762 2763 while ((bio = bio_list_pop(&bio_queue))) { 2764 struct dm_integrity_io *dio; 2765 2766 dio = dm_per_bio_data(bio, sizeof(struct dm_integrity_io)); 2767 2768 if (block_bitmap_op(ic, ic->may_write_bitmap, dio->range.logical_sector, 2769 dio->range.n_sectors, BITMAP_OP_TEST_ALL_SET)) { 2770 remove_range(ic, &dio->range); 2771 INIT_WORK(&dio->work, integrity_bio_wait); 2772 queue_work(ic->offload_wq, &dio->work); 2773 } else { 2774 block_bitmap_op(ic, ic->journal, dio->range.logical_sector, 2775 dio->range.n_sectors, BITMAP_OP_SET); 2776 bio_list_add(&waiting, bio); 2777 } 2778 } 2779 2780 if (bio_list_empty(&waiting)) 2781 return; 2782 2783 rw_journal_sectors(ic, REQ_OP_WRITE, REQ_FUA | REQ_SYNC, 2784 bbs->idx * (BITMAP_BLOCK_SIZE >> SECTOR_SHIFT), 2785 BITMAP_BLOCK_SIZE >> SECTOR_SHIFT, NULL); 2786 2787 while ((bio = bio_list_pop(&waiting))) { 2788 struct dm_integrity_io *dio = dm_per_bio_data(bio, sizeof(struct dm_integrity_io)); 2789 2790 block_bitmap_op(ic, ic->may_write_bitmap, dio->range.logical_sector, 2791 dio->range.n_sectors, BITMAP_OP_SET); 2792 2793 remove_range(ic, &dio->range); 2794 INIT_WORK(&dio->work, integrity_bio_wait); 2795 queue_work(ic->offload_wq, &dio->work); 2796 } 2797 2798 queue_delayed_work(ic->commit_wq, &ic->bitmap_flush_work, ic->bitmap_flush_interval); 2799 } 2800 2801 static void bitmap_flush_work(struct work_struct *work) 2802 { 2803 struct dm_integrity_c *ic = container_of(work, struct dm_integrity_c, bitmap_flush_work.work); 2804 struct dm_integrity_range range; 2805 unsigned long limit; 2806 struct bio *bio; 2807 2808 dm_integrity_flush_buffers(ic, false); 2809 2810 range.logical_sector = 0; 2811 range.n_sectors = ic->provided_data_sectors; 2812 2813 spin_lock_irq(&ic->endio_wait.lock); 2814 add_new_range_and_wait(ic, &range); 2815 spin_unlock_irq(&ic->endio_wait.lock); 2816 2817 dm_integrity_flush_buffers(ic, true); 2818 2819 limit = ic->provided_data_sectors; 2820 if (ic->sb->flags & cpu_to_le32(SB_FLAG_RECALCULATING)) { 2821 limit = le64_to_cpu(ic->sb->recalc_sector) 2822 >> (ic->sb->log2_sectors_per_block + ic->log2_blocks_per_bitmap_bit) 2823 << (ic->sb->log2_sectors_per_block + ic->log2_blocks_per_bitmap_bit); 2824 } 2825 /*DEBUG_print("zeroing journal\n");*/ 2826 block_bitmap_op(ic, ic->journal, 0, limit, BITMAP_OP_CLEAR); 2827 block_bitmap_op(ic, ic->may_write_bitmap, 0, limit, BITMAP_OP_CLEAR); 2828 2829 rw_journal_sectors(ic, REQ_OP_WRITE, REQ_FUA | REQ_SYNC, 0, 2830 ic->n_bitmap_blocks * (BITMAP_BLOCK_SIZE >> SECTOR_SHIFT), NULL); 2831 2832 spin_lock_irq(&ic->endio_wait.lock); 2833 remove_range_unlocked(ic, &range); 2834 while (unlikely((bio = bio_list_pop(&ic->synchronous_bios)) != NULL)) { 2835 bio_endio(bio); 2836 spin_unlock_irq(&ic->endio_wait.lock); 2837 spin_lock_irq(&ic->endio_wait.lock); 2838 } 2839 spin_unlock_irq(&ic->endio_wait.lock); 2840 } 2841 2842 2843 static void init_journal(struct dm_integrity_c *ic, unsigned start_section, 2844 unsigned n_sections, unsigned char commit_seq) 2845 { 2846 unsigned i, j, n; 2847 2848 if (!n_sections) 2849 return; 2850 2851 for (n = 0; n < n_sections; n++) { 2852 i = start_section + n; 2853 wraparound_section(ic, &i); 2854 for (j = 0; j < ic->journal_section_sectors; j++) { 2855 struct journal_sector *js = access_journal(ic, i, j); 2856 memset(&js->entries, 0, JOURNAL_SECTOR_DATA); 2857 js->commit_id = dm_integrity_commit_id(ic, i, j, commit_seq); 2858 } 2859 for (j = 0; j < ic->journal_section_entries; j++) { 2860 struct journal_entry *je = access_journal_entry(ic, i, j); 2861 journal_entry_set_unused(je); 2862 } 2863 } 2864 2865 write_journal(ic, start_section, n_sections); 2866 } 2867 2868 static int find_commit_seq(struct dm_integrity_c *ic, unsigned i, unsigned j, commit_id_t id) 2869 { 2870 unsigned char k; 2871 for (k = 0; k < N_COMMIT_IDS; k++) { 2872 if (dm_integrity_commit_id(ic, i, j, k) == id) 2873 return k; 2874 } 2875 dm_integrity_io_error(ic, "journal commit id", -EIO); 2876 return -EIO; 2877 } 2878 2879 static void replay_journal(struct dm_integrity_c *ic) 2880 { 2881 unsigned i, j; 2882 bool used_commit_ids[N_COMMIT_IDS]; 2883 unsigned max_commit_id_sections[N_COMMIT_IDS]; 2884 unsigned write_start, write_sections; 2885 unsigned continue_section; 2886 bool journal_empty; 2887 unsigned char unused, last_used, want_commit_seq; 2888 2889 if (ic->mode == 'R') 2890 return; 2891 2892 if (ic->journal_uptodate) 2893 return; 2894 2895 last_used = 0; 2896 write_start = 0; 2897 2898 if (!ic->just_formatted) { 2899 DEBUG_print("reading journal\n"); 2900 rw_journal(ic, REQ_OP_READ, 0, 0, ic->journal_sections, NULL); 2901 if (ic->journal_io) 2902 DEBUG_bytes(lowmem_page_address(ic->journal_io[0].page), 64, "read journal"); 2903 if (ic->journal_io) { 2904 struct journal_completion crypt_comp; 2905 crypt_comp.ic = ic; 2906 init_completion(&crypt_comp.comp); 2907 crypt_comp.in_flight = (atomic_t)ATOMIC_INIT(0); 2908 encrypt_journal(ic, false, 0, ic->journal_sections, &crypt_comp); 2909 wait_for_completion(&crypt_comp.comp); 2910 } 2911 DEBUG_bytes(lowmem_page_address(ic->journal[0].page), 64, "decrypted journal"); 2912 } 2913 2914 if (dm_integrity_failed(ic)) 2915 goto clear_journal; 2916 2917 journal_empty = true; 2918 memset(used_commit_ids, 0, sizeof used_commit_ids); 2919 memset(max_commit_id_sections, 0, sizeof max_commit_id_sections); 2920 for (i = 0; i < ic->journal_sections; i++) { 2921 for (j = 0; j < ic->journal_section_sectors; j++) { 2922 int k; 2923 struct journal_sector *js = access_journal(ic, i, j); 2924 k = find_commit_seq(ic, i, j, js->commit_id); 2925 if (k < 0) 2926 goto clear_journal; 2927 used_commit_ids[k] = true; 2928 max_commit_id_sections[k] = i; 2929 } 2930 if (journal_empty) { 2931 for (j = 0; j < ic->journal_section_entries; j++) { 2932 struct journal_entry *je = access_journal_entry(ic, i, j); 2933 if (!journal_entry_is_unused(je)) { 2934 journal_empty = false; 2935 break; 2936 } 2937 } 2938 } 2939 } 2940 2941 if (!used_commit_ids[N_COMMIT_IDS - 1]) { 2942 unused = N_COMMIT_IDS - 1; 2943 while (unused && !used_commit_ids[unused - 1]) 2944 unused--; 2945 } else { 2946 for (unused = 0; unused < N_COMMIT_IDS; unused++) 2947 if (!used_commit_ids[unused]) 2948 break; 2949 if (unused == N_COMMIT_IDS) { 2950 dm_integrity_io_error(ic, "journal commit ids", -EIO); 2951 goto clear_journal; 2952 } 2953 } 2954 DEBUG_print("first unused commit seq %d [%d,%d,%d,%d]\n", 2955 unused, used_commit_ids[0], used_commit_ids[1], 2956 used_commit_ids[2], used_commit_ids[3]); 2957 2958 last_used = prev_commit_seq(unused); 2959 want_commit_seq = prev_commit_seq(last_used); 2960 2961 if (!used_commit_ids[want_commit_seq] && used_commit_ids[prev_commit_seq(want_commit_seq)]) 2962 journal_empty = true; 2963 2964 write_start = max_commit_id_sections[last_used] + 1; 2965 if (unlikely(write_start >= ic->journal_sections)) 2966 want_commit_seq = next_commit_seq(want_commit_seq); 2967 wraparound_section(ic, &write_start); 2968 2969 i = write_start; 2970 for (write_sections = 0; write_sections < ic->journal_sections; write_sections++) { 2971 for (j = 0; j < ic->journal_section_sectors; j++) { 2972 struct journal_sector *js = access_journal(ic, i, j); 2973 2974 if (js->commit_id != dm_integrity_commit_id(ic, i, j, want_commit_seq)) { 2975 /* 2976 * This could be caused by crash during writing. 2977 * We won't replay the inconsistent part of the 2978 * journal. 2979 */ 2980 DEBUG_print("commit id mismatch at position (%u, %u): %d != %d\n", 2981 i, j, find_commit_seq(ic, i, j, js->commit_id), want_commit_seq); 2982 goto brk; 2983 } 2984 } 2985 i++; 2986 if (unlikely(i >= ic->journal_sections)) 2987 want_commit_seq = next_commit_seq(want_commit_seq); 2988 wraparound_section(ic, &i); 2989 } 2990 brk: 2991 2992 if (!journal_empty) { 2993 DEBUG_print("replaying %u sections, starting at %u, commit seq %d\n", 2994 write_sections, write_start, want_commit_seq); 2995 do_journal_write(ic, write_start, write_sections, true); 2996 } 2997 2998 if (write_sections == ic->journal_sections && (ic->mode == 'J' || journal_empty)) { 2999 continue_section = write_start; 3000 ic->commit_seq = want_commit_seq; 3001 DEBUG_print("continuing from section %u, commit seq %d\n", write_start, ic->commit_seq); 3002 } else { 3003 unsigned s; 3004 unsigned char erase_seq; 3005 clear_journal: 3006 DEBUG_print("clearing journal\n"); 3007 3008 erase_seq = prev_commit_seq(prev_commit_seq(last_used)); 3009 s = write_start; 3010 init_journal(ic, s, 1, erase_seq); 3011 s++; 3012 wraparound_section(ic, &s); 3013 if (ic->journal_sections >= 2) { 3014 init_journal(ic, s, ic->journal_sections - 2, erase_seq); 3015 s += ic->journal_sections - 2; 3016 wraparound_section(ic, &s); 3017 init_journal(ic, s, 1, erase_seq); 3018 } 3019 3020 continue_section = 0; 3021 ic->commit_seq = next_commit_seq(erase_seq); 3022 } 3023 3024 ic->committed_section = continue_section; 3025 ic->n_committed_sections = 0; 3026 3027 ic->uncommitted_section = continue_section; 3028 ic->n_uncommitted_sections = 0; 3029 3030 ic->free_section = continue_section; 3031 ic->free_section_entry = 0; 3032 ic->free_sectors = ic->journal_entries; 3033 3034 ic->journal_tree_root = RB_ROOT; 3035 for (i = 0; i < ic->journal_entries; i++) 3036 init_journal_node(&ic->journal_tree[i]); 3037 } 3038 3039 static void dm_integrity_enter_synchronous_mode(struct dm_integrity_c *ic) 3040 { 3041 DEBUG_print("dm_integrity_enter_synchronous_mode\n"); 3042 3043 if (ic->mode == 'B') { 3044 ic->bitmap_flush_interval = msecs_to_jiffies(10) + 1; 3045 ic->synchronous_mode = 1; 3046 3047 cancel_delayed_work_sync(&ic->bitmap_flush_work); 3048 queue_delayed_work(ic->commit_wq, &ic->bitmap_flush_work, 0); 3049 flush_workqueue(ic->commit_wq); 3050 } 3051 } 3052 3053 static int dm_integrity_reboot(struct notifier_block *n, unsigned long code, void *x) 3054 { 3055 struct dm_integrity_c *ic = container_of(n, struct dm_integrity_c, reboot_notifier); 3056 3057 DEBUG_print("dm_integrity_reboot\n"); 3058 3059 dm_integrity_enter_synchronous_mode(ic); 3060 3061 return NOTIFY_DONE; 3062 } 3063 3064 static void dm_integrity_postsuspend(struct dm_target *ti) 3065 { 3066 struct dm_integrity_c *ic = (struct dm_integrity_c *)ti->private; 3067 int r; 3068 3069 WARN_ON(unregister_reboot_notifier(&ic->reboot_notifier)); 3070 3071 del_timer_sync(&ic->autocommit_timer); 3072 3073 if (ic->recalc_wq) 3074 drain_workqueue(ic->recalc_wq); 3075 3076 if (ic->mode == 'B') 3077 cancel_delayed_work_sync(&ic->bitmap_flush_work); 3078 3079 queue_work(ic->commit_wq, &ic->commit_work); 3080 drain_workqueue(ic->commit_wq); 3081 3082 if (ic->mode == 'J') { 3083 if (ic->meta_dev) 3084 queue_work(ic->writer_wq, &ic->writer_work); 3085 drain_workqueue(ic->writer_wq); 3086 dm_integrity_flush_buffers(ic, true); 3087 } 3088 3089 if (ic->mode == 'B') { 3090 dm_integrity_flush_buffers(ic, true); 3091 #if 1 3092 /* set to 0 to test bitmap replay code */ 3093 init_journal(ic, 0, ic->journal_sections, 0); 3094 ic->sb->flags &= ~cpu_to_le32(SB_FLAG_DIRTY_BITMAP); 3095 r = sync_rw_sb(ic, REQ_OP_WRITE, REQ_FUA); 3096 if (unlikely(r)) 3097 dm_integrity_io_error(ic, "writing superblock", r); 3098 #endif 3099 } 3100 3101 BUG_ON(!RB_EMPTY_ROOT(&ic->in_progress)); 3102 3103 ic->journal_uptodate = true; 3104 } 3105 3106 static void dm_integrity_resume(struct dm_target *ti) 3107 { 3108 struct dm_integrity_c *ic = (struct dm_integrity_c *)ti->private; 3109 __u64 old_provided_data_sectors = le64_to_cpu(ic->sb->provided_data_sectors); 3110 int r; 3111 3112 DEBUG_print("resume\n"); 3113 3114 if (ic->provided_data_sectors != old_provided_data_sectors) { 3115 if (ic->provided_data_sectors > old_provided_data_sectors && 3116 ic->mode == 'B' && 3117 ic->sb->log2_blocks_per_bitmap_bit == ic->log2_blocks_per_bitmap_bit) { 3118 rw_journal_sectors(ic, REQ_OP_READ, 0, 0, 3119 ic->n_bitmap_blocks * (BITMAP_BLOCK_SIZE >> SECTOR_SHIFT), NULL); 3120 block_bitmap_op(ic, ic->journal, old_provided_data_sectors, 3121 ic->provided_data_sectors - old_provided_data_sectors, BITMAP_OP_SET); 3122 rw_journal_sectors(ic, REQ_OP_WRITE, REQ_FUA | REQ_SYNC, 0, 3123 ic->n_bitmap_blocks * (BITMAP_BLOCK_SIZE >> SECTOR_SHIFT), NULL); 3124 } 3125 3126 ic->sb->provided_data_sectors = cpu_to_le64(ic->provided_data_sectors); 3127 r = sync_rw_sb(ic, REQ_OP_WRITE, REQ_FUA); 3128 if (unlikely(r)) 3129 dm_integrity_io_error(ic, "writing superblock", r); 3130 } 3131 3132 if (ic->sb->flags & cpu_to_le32(SB_FLAG_DIRTY_BITMAP)) { 3133 DEBUG_print("resume dirty_bitmap\n"); 3134 rw_journal_sectors(ic, REQ_OP_READ, 0, 0, 3135 ic->n_bitmap_blocks * (BITMAP_BLOCK_SIZE >> SECTOR_SHIFT), NULL); 3136 if (ic->mode == 'B') { 3137 if (ic->sb->log2_blocks_per_bitmap_bit == ic->log2_blocks_per_bitmap_bit) { 3138 block_bitmap_copy(ic, ic->recalc_bitmap, ic->journal); 3139 block_bitmap_copy(ic, ic->may_write_bitmap, ic->journal); 3140 if (!block_bitmap_op(ic, ic->journal, 0, ic->provided_data_sectors, 3141 BITMAP_OP_TEST_ALL_CLEAR)) { 3142 ic->sb->flags |= cpu_to_le32(SB_FLAG_RECALCULATING); 3143 ic->sb->recalc_sector = cpu_to_le64(0); 3144 } 3145 } else { 3146 DEBUG_print("non-matching blocks_per_bitmap_bit: %u, %u\n", 3147 ic->sb->log2_blocks_per_bitmap_bit, ic->log2_blocks_per_bitmap_bit); 3148 ic->sb->log2_blocks_per_bitmap_bit = ic->log2_blocks_per_bitmap_bit; 3149 block_bitmap_op(ic, ic->recalc_bitmap, 0, ic->provided_data_sectors, BITMAP_OP_SET); 3150 block_bitmap_op(ic, ic->may_write_bitmap, 0, ic->provided_data_sectors, BITMAP_OP_SET); 3151 block_bitmap_op(ic, ic->journal, 0, ic->provided_data_sectors, BITMAP_OP_SET); 3152 rw_journal_sectors(ic, REQ_OP_WRITE, REQ_FUA | REQ_SYNC, 0, 3153 ic->n_bitmap_blocks * (BITMAP_BLOCK_SIZE >> SECTOR_SHIFT), NULL); 3154 ic->sb->flags |= cpu_to_le32(SB_FLAG_RECALCULATING); 3155 ic->sb->recalc_sector = cpu_to_le64(0); 3156 } 3157 } else { 3158 if (!(ic->sb->log2_blocks_per_bitmap_bit == ic->log2_blocks_per_bitmap_bit && 3159 block_bitmap_op(ic, ic->journal, 0, ic->provided_data_sectors, BITMAP_OP_TEST_ALL_CLEAR))) { 3160 ic->sb->flags |= cpu_to_le32(SB_FLAG_RECALCULATING); 3161 ic->sb->recalc_sector = cpu_to_le64(0); 3162 } 3163 init_journal(ic, 0, ic->journal_sections, 0); 3164 replay_journal(ic); 3165 ic->sb->flags &= ~cpu_to_le32(SB_FLAG_DIRTY_BITMAP); 3166 } 3167 r = sync_rw_sb(ic, REQ_OP_WRITE, REQ_FUA); 3168 if (unlikely(r)) 3169 dm_integrity_io_error(ic, "writing superblock", r); 3170 } else { 3171 replay_journal(ic); 3172 if (ic->mode == 'B') { 3173 ic->sb->flags |= cpu_to_le32(SB_FLAG_DIRTY_BITMAP); 3174 ic->sb->log2_blocks_per_bitmap_bit = ic->log2_blocks_per_bitmap_bit; 3175 r = sync_rw_sb(ic, REQ_OP_WRITE, REQ_FUA); 3176 if (unlikely(r)) 3177 dm_integrity_io_error(ic, "writing superblock", r); 3178 3179 block_bitmap_op(ic, ic->journal, 0, ic->provided_data_sectors, BITMAP_OP_CLEAR); 3180 block_bitmap_op(ic, ic->recalc_bitmap, 0, ic->provided_data_sectors, BITMAP_OP_CLEAR); 3181 block_bitmap_op(ic, ic->may_write_bitmap, 0, ic->provided_data_sectors, BITMAP_OP_CLEAR); 3182 if (ic->sb->flags & cpu_to_le32(SB_FLAG_RECALCULATING) && 3183 le64_to_cpu(ic->sb->recalc_sector) < ic->provided_data_sectors) { 3184 block_bitmap_op(ic, ic->journal, le64_to_cpu(ic->sb->recalc_sector), 3185 ic->provided_data_sectors - le64_to_cpu(ic->sb->recalc_sector), BITMAP_OP_SET); 3186 block_bitmap_op(ic, ic->recalc_bitmap, le64_to_cpu(ic->sb->recalc_sector), 3187 ic->provided_data_sectors - le64_to_cpu(ic->sb->recalc_sector), BITMAP_OP_SET); 3188 block_bitmap_op(ic, ic->may_write_bitmap, le64_to_cpu(ic->sb->recalc_sector), 3189 ic->provided_data_sectors - le64_to_cpu(ic->sb->recalc_sector), BITMAP_OP_SET); 3190 } 3191 rw_journal_sectors(ic, REQ_OP_WRITE, REQ_FUA | REQ_SYNC, 0, 3192 ic->n_bitmap_blocks * (BITMAP_BLOCK_SIZE >> SECTOR_SHIFT), NULL); 3193 } 3194 } 3195 3196 DEBUG_print("testing recalc: %x\n", ic->sb->flags); 3197 if (ic->sb->flags & cpu_to_le32(SB_FLAG_RECALCULATING)) { 3198 __u64 recalc_pos = le64_to_cpu(ic->sb->recalc_sector); 3199 DEBUG_print("recalc pos: %llx / %llx\n", recalc_pos, ic->provided_data_sectors); 3200 if (recalc_pos < ic->provided_data_sectors) { 3201 queue_work(ic->recalc_wq, &ic->recalc_work); 3202 } else if (recalc_pos > ic->provided_data_sectors) { 3203 ic->sb->recalc_sector = cpu_to_le64(ic->provided_data_sectors); 3204 recalc_write_super(ic); 3205 } 3206 } 3207 3208 ic->reboot_notifier.notifier_call = dm_integrity_reboot; 3209 ic->reboot_notifier.next = NULL; 3210 ic->reboot_notifier.priority = INT_MAX - 1; /* be notified after md and before hardware drivers */ 3211 WARN_ON(register_reboot_notifier(&ic->reboot_notifier)); 3212 3213 #if 0 3214 /* set to 1 to stress test synchronous mode */ 3215 dm_integrity_enter_synchronous_mode(ic); 3216 #endif 3217 } 3218 3219 static void dm_integrity_status(struct dm_target *ti, status_type_t type, 3220 unsigned status_flags, char *result, unsigned maxlen) 3221 { 3222 struct dm_integrity_c *ic = (struct dm_integrity_c *)ti->private; 3223 unsigned arg_count; 3224 size_t sz = 0; 3225 3226 switch (type) { 3227 case STATUSTYPE_INFO: 3228 DMEMIT("%llu %llu", 3229 (unsigned long long)atomic64_read(&ic->number_of_mismatches), 3230 ic->provided_data_sectors); 3231 if (ic->sb->flags & cpu_to_le32(SB_FLAG_RECALCULATING)) 3232 DMEMIT(" %llu", le64_to_cpu(ic->sb->recalc_sector)); 3233 else 3234 DMEMIT(" -"); 3235 break; 3236 3237 case STATUSTYPE_TABLE: { 3238 __u64 watermark_percentage = (__u64)(ic->journal_entries - ic->free_sectors_threshold) * 100; 3239 watermark_percentage += ic->journal_entries / 2; 3240 do_div(watermark_percentage, ic->journal_entries); 3241 arg_count = 3; 3242 arg_count += !!ic->meta_dev; 3243 arg_count += ic->sectors_per_block != 1; 3244 arg_count += !!(ic->sb->flags & cpu_to_le32(SB_FLAG_RECALCULATING)); 3245 arg_count += ic->discard; 3246 arg_count += ic->mode == 'J'; 3247 arg_count += ic->mode == 'J'; 3248 arg_count += ic->mode == 'B'; 3249 arg_count += ic->mode == 'B'; 3250 arg_count += !!ic->internal_hash_alg.alg_string; 3251 arg_count += !!ic->journal_crypt_alg.alg_string; 3252 arg_count += !!ic->journal_mac_alg.alg_string; 3253 arg_count += (ic->sb->flags & cpu_to_le32(SB_FLAG_FIXED_PADDING)) != 0; 3254 arg_count += (ic->sb->flags & cpu_to_le32(SB_FLAG_FIXED_HMAC)) != 0; 3255 arg_count += ic->legacy_recalculate; 3256 DMEMIT("%s %llu %u %c %u", ic->dev->name, ic->start, 3257 ic->tag_size, ic->mode, arg_count); 3258 if (ic->meta_dev) 3259 DMEMIT(" meta_device:%s", ic->meta_dev->name); 3260 if (ic->sectors_per_block != 1) 3261 DMEMIT(" block_size:%u", ic->sectors_per_block << SECTOR_SHIFT); 3262 if (ic->sb->flags & cpu_to_le32(SB_FLAG_RECALCULATING)) 3263 DMEMIT(" recalculate"); 3264 if (ic->discard) 3265 DMEMIT(" allow_discards"); 3266 DMEMIT(" journal_sectors:%u", ic->initial_sectors - SB_SECTORS); 3267 DMEMIT(" interleave_sectors:%u", 1U << ic->sb->log2_interleave_sectors); 3268 DMEMIT(" buffer_sectors:%u", 1U << ic->log2_buffer_sectors); 3269 if (ic->mode == 'J') { 3270 DMEMIT(" journal_watermark:%u", (unsigned)watermark_percentage); 3271 DMEMIT(" commit_time:%u", ic->autocommit_msec); 3272 } 3273 if (ic->mode == 'B') { 3274 DMEMIT(" sectors_per_bit:%llu", (sector_t)ic->sectors_per_block << ic->log2_blocks_per_bitmap_bit); 3275 DMEMIT(" bitmap_flush_interval:%u", jiffies_to_msecs(ic->bitmap_flush_interval)); 3276 } 3277 if ((ic->sb->flags & cpu_to_le32(SB_FLAG_FIXED_PADDING)) != 0) 3278 DMEMIT(" fix_padding"); 3279 if ((ic->sb->flags & cpu_to_le32(SB_FLAG_FIXED_HMAC)) != 0) 3280 DMEMIT(" fix_hmac"); 3281 if (ic->legacy_recalculate) 3282 DMEMIT(" legacy_recalculate"); 3283 3284 #define EMIT_ALG(a, n) \ 3285 do { \ 3286 if (ic->a.alg_string) { \ 3287 DMEMIT(" %s:%s", n, ic->a.alg_string); \ 3288 if (ic->a.key_string) \ 3289 DMEMIT(":%s", ic->a.key_string);\ 3290 } \ 3291 } while (0) 3292 EMIT_ALG(internal_hash_alg, "internal_hash"); 3293 EMIT_ALG(journal_crypt_alg, "journal_crypt"); 3294 EMIT_ALG(journal_mac_alg, "journal_mac"); 3295 break; 3296 } 3297 } 3298 } 3299 3300 static int dm_integrity_iterate_devices(struct dm_target *ti, 3301 iterate_devices_callout_fn fn, void *data) 3302 { 3303 struct dm_integrity_c *ic = ti->private; 3304 3305 if (!ic->meta_dev) 3306 return fn(ti, ic->dev, ic->start + ic->initial_sectors + ic->metadata_run, ti->len, data); 3307 else 3308 return fn(ti, ic->dev, 0, ti->len, data); 3309 } 3310 3311 static void dm_integrity_io_hints(struct dm_target *ti, struct queue_limits *limits) 3312 { 3313 struct dm_integrity_c *ic = ti->private; 3314 3315 if (ic->sectors_per_block > 1) { 3316 limits->logical_block_size = ic->sectors_per_block << SECTOR_SHIFT; 3317 limits->physical_block_size = ic->sectors_per_block << SECTOR_SHIFT; 3318 blk_limits_io_min(limits, ic->sectors_per_block << SECTOR_SHIFT); 3319 } 3320 } 3321 3322 static void calculate_journal_section_size(struct dm_integrity_c *ic) 3323 { 3324 unsigned sector_space = JOURNAL_SECTOR_DATA; 3325 3326 ic->journal_sections = le32_to_cpu(ic->sb->journal_sections); 3327 ic->journal_entry_size = roundup(offsetof(struct journal_entry, last_bytes[ic->sectors_per_block]) + ic->tag_size, 3328 JOURNAL_ENTRY_ROUNDUP); 3329 3330 if (ic->sb->flags & cpu_to_le32(SB_FLAG_HAVE_JOURNAL_MAC)) 3331 sector_space -= JOURNAL_MAC_PER_SECTOR; 3332 ic->journal_entries_per_sector = sector_space / ic->journal_entry_size; 3333 ic->journal_section_entries = ic->journal_entries_per_sector * JOURNAL_BLOCK_SECTORS; 3334 ic->journal_section_sectors = (ic->journal_section_entries << ic->sb->log2_sectors_per_block) + JOURNAL_BLOCK_SECTORS; 3335 ic->journal_entries = ic->journal_section_entries * ic->journal_sections; 3336 } 3337 3338 static int calculate_device_limits(struct dm_integrity_c *ic) 3339 { 3340 __u64 initial_sectors; 3341 3342 calculate_journal_section_size(ic); 3343 initial_sectors = SB_SECTORS + (__u64)ic->journal_section_sectors * ic->journal_sections; 3344 if (initial_sectors + METADATA_PADDING_SECTORS >= ic->meta_device_sectors || initial_sectors > UINT_MAX) 3345 return -EINVAL; 3346 ic->initial_sectors = initial_sectors; 3347 3348 if (!ic->meta_dev) { 3349 sector_t last_sector, last_area, last_offset; 3350 3351 /* we have to maintain excessive padding for compatibility with existing volumes */ 3352 __u64 metadata_run_padding = 3353 ic->sb->flags & cpu_to_le32(SB_FLAG_FIXED_PADDING) ? 3354 (__u64)(METADATA_PADDING_SECTORS << SECTOR_SHIFT) : 3355 (__u64)(1 << SECTOR_SHIFT << METADATA_PADDING_SECTORS); 3356 3357 ic->metadata_run = round_up((__u64)ic->tag_size << (ic->sb->log2_interleave_sectors - ic->sb->log2_sectors_per_block), 3358 metadata_run_padding) >> SECTOR_SHIFT; 3359 if (!(ic->metadata_run & (ic->metadata_run - 1))) 3360 ic->log2_metadata_run = __ffs(ic->metadata_run); 3361 else 3362 ic->log2_metadata_run = -1; 3363 3364 get_area_and_offset(ic, ic->provided_data_sectors - 1, &last_area, &last_offset); 3365 last_sector = get_data_sector(ic, last_area, last_offset); 3366 if (last_sector < ic->start || last_sector >= ic->meta_device_sectors) 3367 return -EINVAL; 3368 } else { 3369 __u64 meta_size = (ic->provided_data_sectors >> ic->sb->log2_sectors_per_block) * ic->tag_size; 3370 meta_size = (meta_size + ((1U << (ic->log2_buffer_sectors + SECTOR_SHIFT)) - 1)) 3371 >> (ic->log2_buffer_sectors + SECTOR_SHIFT); 3372 meta_size <<= ic->log2_buffer_sectors; 3373 if (ic->initial_sectors + meta_size < ic->initial_sectors || 3374 ic->initial_sectors + meta_size > ic->meta_device_sectors) 3375 return -EINVAL; 3376 ic->metadata_run = 1; 3377 ic->log2_metadata_run = 0; 3378 } 3379 3380 return 0; 3381 } 3382 3383 static void get_provided_data_sectors(struct dm_integrity_c *ic) 3384 { 3385 if (!ic->meta_dev) { 3386 int test_bit; 3387 ic->provided_data_sectors = 0; 3388 for (test_bit = fls64(ic->meta_device_sectors) - 1; test_bit >= 3; test_bit--) { 3389 __u64 prev_data_sectors = ic->provided_data_sectors; 3390 3391 ic->provided_data_sectors |= (sector_t)1 << test_bit; 3392 if (calculate_device_limits(ic)) 3393 ic->provided_data_sectors = prev_data_sectors; 3394 } 3395 } else { 3396 ic->provided_data_sectors = ic->data_device_sectors; 3397 ic->provided_data_sectors &= ~(sector_t)(ic->sectors_per_block - 1); 3398 } 3399 } 3400 3401 static int initialize_superblock(struct dm_integrity_c *ic, unsigned journal_sectors, unsigned interleave_sectors) 3402 { 3403 unsigned journal_sections; 3404 int test_bit; 3405 3406 memset(ic->sb, 0, SB_SECTORS << SECTOR_SHIFT); 3407 memcpy(ic->sb->magic, SB_MAGIC, 8); 3408 ic->sb->integrity_tag_size = cpu_to_le16(ic->tag_size); 3409 ic->sb->log2_sectors_per_block = __ffs(ic->sectors_per_block); 3410 if (ic->journal_mac_alg.alg_string) 3411 ic->sb->flags |= cpu_to_le32(SB_FLAG_HAVE_JOURNAL_MAC); 3412 3413 calculate_journal_section_size(ic); 3414 journal_sections = journal_sectors / ic->journal_section_sectors; 3415 if (!journal_sections) 3416 journal_sections = 1; 3417 3418 if (ic->fix_hmac && (ic->internal_hash_alg.alg_string || ic->journal_mac_alg.alg_string)) { 3419 ic->sb->flags |= cpu_to_le32(SB_FLAG_FIXED_HMAC); 3420 get_random_bytes(ic->sb->salt, SALT_SIZE); 3421 } 3422 3423 if (!ic->meta_dev) { 3424 if (ic->fix_padding) 3425 ic->sb->flags |= cpu_to_le32(SB_FLAG_FIXED_PADDING); 3426 ic->sb->journal_sections = cpu_to_le32(journal_sections); 3427 if (!interleave_sectors) 3428 interleave_sectors = DEFAULT_INTERLEAVE_SECTORS; 3429 ic->sb->log2_interleave_sectors = __fls(interleave_sectors); 3430 ic->sb->log2_interleave_sectors = max((__u8)MIN_LOG2_INTERLEAVE_SECTORS, ic->sb->log2_interleave_sectors); 3431 ic->sb->log2_interleave_sectors = min((__u8)MAX_LOG2_INTERLEAVE_SECTORS, ic->sb->log2_interleave_sectors); 3432 3433 get_provided_data_sectors(ic); 3434 if (!ic->provided_data_sectors) 3435 return -EINVAL; 3436 } else { 3437 ic->sb->log2_interleave_sectors = 0; 3438 3439 get_provided_data_sectors(ic); 3440 if (!ic->provided_data_sectors) 3441 return -EINVAL; 3442 3443 try_smaller_buffer: 3444 ic->sb->journal_sections = cpu_to_le32(0); 3445 for (test_bit = fls(journal_sections) - 1; test_bit >= 0; test_bit--) { 3446 __u32 prev_journal_sections = le32_to_cpu(ic->sb->journal_sections); 3447 __u32 test_journal_sections = prev_journal_sections | (1U << test_bit); 3448 if (test_journal_sections > journal_sections) 3449 continue; 3450 ic->sb->journal_sections = cpu_to_le32(test_journal_sections); 3451 if (calculate_device_limits(ic)) 3452 ic->sb->journal_sections = cpu_to_le32(prev_journal_sections); 3453 3454 } 3455 if (!le32_to_cpu(ic->sb->journal_sections)) { 3456 if (ic->log2_buffer_sectors > 3) { 3457 ic->log2_buffer_sectors--; 3458 goto try_smaller_buffer; 3459 } 3460 return -EINVAL; 3461 } 3462 } 3463 3464 ic->sb->provided_data_sectors = cpu_to_le64(ic->provided_data_sectors); 3465 3466 sb_set_version(ic); 3467 3468 return 0; 3469 } 3470 3471 static void dm_integrity_set(struct dm_target *ti, struct dm_integrity_c *ic) 3472 { 3473 struct gendisk *disk = dm_disk(dm_table_get_md(ti->table)); 3474 struct blk_integrity bi; 3475 3476 memset(&bi, 0, sizeof(bi)); 3477 bi.profile = &dm_integrity_profile; 3478 bi.tuple_size = ic->tag_size; 3479 bi.tag_size = bi.tuple_size; 3480 bi.interval_exp = ic->sb->log2_sectors_per_block + SECTOR_SHIFT; 3481 3482 blk_integrity_register(disk, &bi); 3483 blk_queue_max_integrity_segments(disk->queue, UINT_MAX); 3484 } 3485 3486 static void dm_integrity_free_page_list(struct page_list *pl) 3487 { 3488 unsigned i; 3489 3490 if (!pl) 3491 return; 3492 for (i = 0; pl[i].page; i++) 3493 __free_page(pl[i].page); 3494 kvfree(pl); 3495 } 3496 3497 static struct page_list *dm_integrity_alloc_page_list(unsigned n_pages) 3498 { 3499 struct page_list *pl; 3500 unsigned i; 3501 3502 pl = kvmalloc_array(n_pages + 1, sizeof(struct page_list), GFP_KERNEL | __GFP_ZERO); 3503 if (!pl) 3504 return NULL; 3505 3506 for (i = 0; i < n_pages; i++) { 3507 pl[i].page = alloc_page(GFP_KERNEL); 3508 if (!pl[i].page) { 3509 dm_integrity_free_page_list(pl); 3510 return NULL; 3511 } 3512 if (i) 3513 pl[i - 1].next = &pl[i]; 3514 } 3515 pl[i].page = NULL; 3516 pl[i].next = NULL; 3517 3518 return pl; 3519 } 3520 3521 static void dm_integrity_free_journal_scatterlist(struct dm_integrity_c *ic, struct scatterlist **sl) 3522 { 3523 unsigned i; 3524 for (i = 0; i < ic->journal_sections; i++) 3525 kvfree(sl[i]); 3526 kvfree(sl); 3527 } 3528 3529 static struct scatterlist **dm_integrity_alloc_journal_scatterlist(struct dm_integrity_c *ic, 3530 struct page_list *pl) 3531 { 3532 struct scatterlist **sl; 3533 unsigned i; 3534 3535 sl = kvmalloc_array(ic->journal_sections, 3536 sizeof(struct scatterlist *), 3537 GFP_KERNEL | __GFP_ZERO); 3538 if (!sl) 3539 return NULL; 3540 3541 for (i = 0; i < ic->journal_sections; i++) { 3542 struct scatterlist *s; 3543 unsigned start_index, start_offset; 3544 unsigned end_index, end_offset; 3545 unsigned n_pages; 3546 unsigned idx; 3547 3548 page_list_location(ic, i, 0, &start_index, &start_offset); 3549 page_list_location(ic, i, ic->journal_section_sectors - 1, 3550 &end_index, &end_offset); 3551 3552 n_pages = (end_index - start_index + 1); 3553 3554 s = kvmalloc_array(n_pages, sizeof(struct scatterlist), 3555 GFP_KERNEL); 3556 if (!s) { 3557 dm_integrity_free_journal_scatterlist(ic, sl); 3558 return NULL; 3559 } 3560 3561 sg_init_table(s, n_pages); 3562 for (idx = start_index; idx <= end_index; idx++) { 3563 char *va = lowmem_page_address(pl[idx].page); 3564 unsigned start = 0, end = PAGE_SIZE; 3565 if (idx == start_index) 3566 start = start_offset; 3567 if (idx == end_index) 3568 end = end_offset + (1 << SECTOR_SHIFT); 3569 sg_set_buf(&s[idx - start_index], va + start, end - start); 3570 } 3571 3572 sl[i] = s; 3573 } 3574 3575 return sl; 3576 } 3577 3578 static void free_alg(struct alg_spec *a) 3579 { 3580 kfree_sensitive(a->alg_string); 3581 kfree_sensitive(a->key); 3582 memset(a, 0, sizeof *a); 3583 } 3584 3585 static int get_alg_and_key(const char *arg, struct alg_spec *a, char **error, char *error_inval) 3586 { 3587 char *k; 3588 3589 free_alg(a); 3590 3591 a->alg_string = kstrdup(strchr(arg, ':') + 1, GFP_KERNEL); 3592 if (!a->alg_string) 3593 goto nomem; 3594 3595 k = strchr(a->alg_string, ':'); 3596 if (k) { 3597 *k = 0; 3598 a->key_string = k + 1; 3599 if (strlen(a->key_string) & 1) 3600 goto inval; 3601 3602 a->key_size = strlen(a->key_string) / 2; 3603 a->key = kmalloc(a->key_size, GFP_KERNEL); 3604 if (!a->key) 3605 goto nomem; 3606 if (hex2bin(a->key, a->key_string, a->key_size)) 3607 goto inval; 3608 } 3609 3610 return 0; 3611 inval: 3612 *error = error_inval; 3613 return -EINVAL; 3614 nomem: 3615 *error = "Out of memory for an argument"; 3616 return -ENOMEM; 3617 } 3618 3619 static int get_mac(struct crypto_shash **hash, struct alg_spec *a, char **error, 3620 char *error_alg, char *error_key) 3621 { 3622 int r; 3623 3624 if (a->alg_string) { 3625 *hash = crypto_alloc_shash(a->alg_string, 0, CRYPTO_ALG_ALLOCATES_MEMORY); 3626 if (IS_ERR(*hash)) { 3627 *error = error_alg; 3628 r = PTR_ERR(*hash); 3629 *hash = NULL; 3630 return r; 3631 } 3632 3633 if (a->key) { 3634 r = crypto_shash_setkey(*hash, a->key, a->key_size); 3635 if (r) { 3636 *error = error_key; 3637 return r; 3638 } 3639 } else if (crypto_shash_get_flags(*hash) & CRYPTO_TFM_NEED_KEY) { 3640 *error = error_key; 3641 return -ENOKEY; 3642 } 3643 } 3644 3645 return 0; 3646 } 3647 3648 static int create_journal(struct dm_integrity_c *ic, char **error) 3649 { 3650 int r = 0; 3651 unsigned i; 3652 __u64 journal_pages, journal_desc_size, journal_tree_size; 3653 unsigned char *crypt_data = NULL, *crypt_iv = NULL; 3654 struct skcipher_request *req = NULL; 3655 3656 ic->commit_ids[0] = cpu_to_le64(0x1111111111111111ULL); 3657 ic->commit_ids[1] = cpu_to_le64(0x2222222222222222ULL); 3658 ic->commit_ids[2] = cpu_to_le64(0x3333333333333333ULL); 3659 ic->commit_ids[3] = cpu_to_le64(0x4444444444444444ULL); 3660 3661 journal_pages = roundup((__u64)ic->journal_sections * ic->journal_section_sectors, 3662 PAGE_SIZE >> SECTOR_SHIFT) >> (PAGE_SHIFT - SECTOR_SHIFT); 3663 journal_desc_size = journal_pages * sizeof(struct page_list); 3664 if (journal_pages >= totalram_pages() - totalhigh_pages() || journal_desc_size > ULONG_MAX) { 3665 *error = "Journal doesn't fit into memory"; 3666 r = -ENOMEM; 3667 goto bad; 3668 } 3669 ic->journal_pages = journal_pages; 3670 3671 ic->journal = dm_integrity_alloc_page_list(ic->journal_pages); 3672 if (!ic->journal) { 3673 *error = "Could not allocate memory for journal"; 3674 r = -ENOMEM; 3675 goto bad; 3676 } 3677 if (ic->journal_crypt_alg.alg_string) { 3678 unsigned ivsize, blocksize; 3679 struct journal_completion comp; 3680 3681 comp.ic = ic; 3682 ic->journal_crypt = crypto_alloc_skcipher(ic->journal_crypt_alg.alg_string, 0, CRYPTO_ALG_ALLOCATES_MEMORY); 3683 if (IS_ERR(ic->journal_crypt)) { 3684 *error = "Invalid journal cipher"; 3685 r = PTR_ERR(ic->journal_crypt); 3686 ic->journal_crypt = NULL; 3687 goto bad; 3688 } 3689 ivsize = crypto_skcipher_ivsize(ic->journal_crypt); 3690 blocksize = crypto_skcipher_blocksize(ic->journal_crypt); 3691 3692 if (ic->journal_crypt_alg.key) { 3693 r = crypto_skcipher_setkey(ic->journal_crypt, ic->journal_crypt_alg.key, 3694 ic->journal_crypt_alg.key_size); 3695 if (r) { 3696 *error = "Error setting encryption key"; 3697 goto bad; 3698 } 3699 } 3700 DEBUG_print("cipher %s, block size %u iv size %u\n", 3701 ic->journal_crypt_alg.alg_string, blocksize, ivsize); 3702 3703 ic->journal_io = dm_integrity_alloc_page_list(ic->journal_pages); 3704 if (!ic->journal_io) { 3705 *error = "Could not allocate memory for journal io"; 3706 r = -ENOMEM; 3707 goto bad; 3708 } 3709 3710 if (blocksize == 1) { 3711 struct scatterlist *sg; 3712 3713 req = skcipher_request_alloc(ic->journal_crypt, GFP_KERNEL); 3714 if (!req) { 3715 *error = "Could not allocate crypt request"; 3716 r = -ENOMEM; 3717 goto bad; 3718 } 3719 3720 crypt_iv = kzalloc(ivsize, GFP_KERNEL); 3721 if (!crypt_iv) { 3722 *error = "Could not allocate iv"; 3723 r = -ENOMEM; 3724 goto bad; 3725 } 3726 3727 ic->journal_xor = dm_integrity_alloc_page_list(ic->journal_pages); 3728 if (!ic->journal_xor) { 3729 *error = "Could not allocate memory for journal xor"; 3730 r = -ENOMEM; 3731 goto bad; 3732 } 3733 3734 sg = kvmalloc_array(ic->journal_pages + 1, 3735 sizeof(struct scatterlist), 3736 GFP_KERNEL); 3737 if (!sg) { 3738 *error = "Unable to allocate sg list"; 3739 r = -ENOMEM; 3740 goto bad; 3741 } 3742 sg_init_table(sg, ic->journal_pages + 1); 3743 for (i = 0; i < ic->journal_pages; i++) { 3744 char *va = lowmem_page_address(ic->journal_xor[i].page); 3745 clear_page(va); 3746 sg_set_buf(&sg[i], va, PAGE_SIZE); 3747 } 3748 sg_set_buf(&sg[i], &ic->commit_ids, sizeof ic->commit_ids); 3749 3750 skcipher_request_set_crypt(req, sg, sg, 3751 PAGE_SIZE * ic->journal_pages + sizeof ic->commit_ids, crypt_iv); 3752 init_completion(&comp.comp); 3753 comp.in_flight = (atomic_t)ATOMIC_INIT(1); 3754 if (do_crypt(true, req, &comp)) 3755 wait_for_completion(&comp.comp); 3756 kvfree(sg); 3757 r = dm_integrity_failed(ic); 3758 if (r) { 3759 *error = "Unable to encrypt journal"; 3760 goto bad; 3761 } 3762 DEBUG_bytes(lowmem_page_address(ic->journal_xor[0].page), 64, "xor data"); 3763 3764 crypto_free_skcipher(ic->journal_crypt); 3765 ic->journal_crypt = NULL; 3766 } else { 3767 unsigned crypt_len = roundup(ivsize, blocksize); 3768 3769 req = skcipher_request_alloc(ic->journal_crypt, GFP_KERNEL); 3770 if (!req) { 3771 *error = "Could not allocate crypt request"; 3772 r = -ENOMEM; 3773 goto bad; 3774 } 3775 3776 crypt_iv = kmalloc(ivsize, GFP_KERNEL); 3777 if (!crypt_iv) { 3778 *error = "Could not allocate iv"; 3779 r = -ENOMEM; 3780 goto bad; 3781 } 3782 3783 crypt_data = kmalloc(crypt_len, GFP_KERNEL); 3784 if (!crypt_data) { 3785 *error = "Unable to allocate crypt data"; 3786 r = -ENOMEM; 3787 goto bad; 3788 } 3789 3790 ic->journal_scatterlist = dm_integrity_alloc_journal_scatterlist(ic, ic->journal); 3791 if (!ic->journal_scatterlist) { 3792 *error = "Unable to allocate sg list"; 3793 r = -ENOMEM; 3794 goto bad; 3795 } 3796 ic->journal_io_scatterlist = dm_integrity_alloc_journal_scatterlist(ic, ic->journal_io); 3797 if (!ic->journal_io_scatterlist) { 3798 *error = "Unable to allocate sg list"; 3799 r = -ENOMEM; 3800 goto bad; 3801 } 3802 ic->sk_requests = kvmalloc_array(ic->journal_sections, 3803 sizeof(struct skcipher_request *), 3804 GFP_KERNEL | __GFP_ZERO); 3805 if (!ic->sk_requests) { 3806 *error = "Unable to allocate sk requests"; 3807 r = -ENOMEM; 3808 goto bad; 3809 } 3810 for (i = 0; i < ic->journal_sections; i++) { 3811 struct scatterlist sg; 3812 struct skcipher_request *section_req; 3813 __u32 section_le = cpu_to_le32(i); 3814 3815 memset(crypt_iv, 0x00, ivsize); 3816 memset(crypt_data, 0x00, crypt_len); 3817 memcpy(crypt_data, §ion_le, min((size_t)crypt_len, sizeof(section_le))); 3818 3819 sg_init_one(&sg, crypt_data, crypt_len); 3820 skcipher_request_set_crypt(req, &sg, &sg, crypt_len, crypt_iv); 3821 init_completion(&comp.comp); 3822 comp.in_flight = (atomic_t)ATOMIC_INIT(1); 3823 if (do_crypt(true, req, &comp)) 3824 wait_for_completion(&comp.comp); 3825 3826 r = dm_integrity_failed(ic); 3827 if (r) { 3828 *error = "Unable to generate iv"; 3829 goto bad; 3830 } 3831 3832 section_req = skcipher_request_alloc(ic->journal_crypt, GFP_KERNEL); 3833 if (!section_req) { 3834 *error = "Unable to allocate crypt request"; 3835 r = -ENOMEM; 3836 goto bad; 3837 } 3838 section_req->iv = kmalloc_array(ivsize, 2, 3839 GFP_KERNEL); 3840 if (!section_req->iv) { 3841 skcipher_request_free(section_req); 3842 *error = "Unable to allocate iv"; 3843 r = -ENOMEM; 3844 goto bad; 3845 } 3846 memcpy(section_req->iv + ivsize, crypt_data, ivsize); 3847 section_req->cryptlen = (size_t)ic->journal_section_sectors << SECTOR_SHIFT; 3848 ic->sk_requests[i] = section_req; 3849 DEBUG_bytes(crypt_data, ivsize, "iv(%u)", i); 3850 } 3851 } 3852 } 3853 3854 for (i = 0; i < N_COMMIT_IDS; i++) { 3855 unsigned j; 3856 retest_commit_id: 3857 for (j = 0; j < i; j++) { 3858 if (ic->commit_ids[j] == ic->commit_ids[i]) { 3859 ic->commit_ids[i] = cpu_to_le64(le64_to_cpu(ic->commit_ids[i]) + 1); 3860 goto retest_commit_id; 3861 } 3862 } 3863 DEBUG_print("commit id %u: %016llx\n", i, ic->commit_ids[i]); 3864 } 3865 3866 journal_tree_size = (__u64)ic->journal_entries * sizeof(struct journal_node); 3867 if (journal_tree_size > ULONG_MAX) { 3868 *error = "Journal doesn't fit into memory"; 3869 r = -ENOMEM; 3870 goto bad; 3871 } 3872 ic->journal_tree = kvmalloc(journal_tree_size, GFP_KERNEL); 3873 if (!ic->journal_tree) { 3874 *error = "Could not allocate memory for journal tree"; 3875 r = -ENOMEM; 3876 } 3877 bad: 3878 kfree(crypt_data); 3879 kfree(crypt_iv); 3880 skcipher_request_free(req); 3881 3882 return r; 3883 } 3884 3885 /* 3886 * Construct a integrity mapping 3887 * 3888 * Arguments: 3889 * device 3890 * offset from the start of the device 3891 * tag size 3892 * D - direct writes, J - journal writes, B - bitmap mode, R - recovery mode 3893 * number of optional arguments 3894 * optional arguments: 3895 * journal_sectors 3896 * interleave_sectors 3897 * buffer_sectors 3898 * journal_watermark 3899 * commit_time 3900 * meta_device 3901 * block_size 3902 * sectors_per_bit 3903 * bitmap_flush_interval 3904 * internal_hash 3905 * journal_crypt 3906 * journal_mac 3907 * recalculate 3908 */ 3909 static int dm_integrity_ctr(struct dm_target *ti, unsigned argc, char **argv) 3910 { 3911 struct dm_integrity_c *ic; 3912 char dummy; 3913 int r; 3914 unsigned extra_args; 3915 struct dm_arg_set as; 3916 static const struct dm_arg _args[] = { 3917 {0, 17, "Invalid number of feature args"}, 3918 }; 3919 unsigned journal_sectors, interleave_sectors, buffer_sectors, journal_watermark, sync_msec; 3920 bool should_write_sb; 3921 __u64 threshold; 3922 unsigned long long start; 3923 __s8 log2_sectors_per_bitmap_bit = -1; 3924 __s8 log2_blocks_per_bitmap_bit; 3925 __u64 bits_in_journal; 3926 __u64 n_bitmap_bits; 3927 3928 #define DIRECT_ARGUMENTS 4 3929 3930 if (argc <= DIRECT_ARGUMENTS) { 3931 ti->error = "Invalid argument count"; 3932 return -EINVAL; 3933 } 3934 3935 ic = kzalloc(sizeof(struct dm_integrity_c), GFP_KERNEL); 3936 if (!ic) { 3937 ti->error = "Cannot allocate integrity context"; 3938 return -ENOMEM; 3939 } 3940 ti->private = ic; 3941 ti->per_io_data_size = sizeof(struct dm_integrity_io); 3942 ic->ti = ti; 3943 3944 ic->in_progress = RB_ROOT; 3945 INIT_LIST_HEAD(&ic->wait_list); 3946 init_waitqueue_head(&ic->endio_wait); 3947 bio_list_init(&ic->flush_bio_list); 3948 init_waitqueue_head(&ic->copy_to_journal_wait); 3949 init_completion(&ic->crypto_backoff); 3950 atomic64_set(&ic->number_of_mismatches, 0); 3951 ic->bitmap_flush_interval = BITMAP_FLUSH_INTERVAL; 3952 3953 r = dm_get_device(ti, argv[0], dm_table_get_mode(ti->table), &ic->dev); 3954 if (r) { 3955 ti->error = "Device lookup failed"; 3956 goto bad; 3957 } 3958 3959 if (sscanf(argv[1], "%llu%c", &start, &dummy) != 1 || start != (sector_t)start) { 3960 ti->error = "Invalid starting offset"; 3961 r = -EINVAL; 3962 goto bad; 3963 } 3964 ic->start = start; 3965 3966 if (strcmp(argv[2], "-")) { 3967 if (sscanf(argv[2], "%u%c", &ic->tag_size, &dummy) != 1 || !ic->tag_size) { 3968 ti->error = "Invalid tag size"; 3969 r = -EINVAL; 3970 goto bad; 3971 } 3972 } 3973 3974 if (!strcmp(argv[3], "J") || !strcmp(argv[3], "B") || 3975 !strcmp(argv[3], "D") || !strcmp(argv[3], "R")) { 3976 ic->mode = argv[3][0]; 3977 } else { 3978 ti->error = "Invalid mode (expecting J, B, D, R)"; 3979 r = -EINVAL; 3980 goto bad; 3981 } 3982 3983 journal_sectors = 0; 3984 interleave_sectors = DEFAULT_INTERLEAVE_SECTORS; 3985 buffer_sectors = DEFAULT_BUFFER_SECTORS; 3986 journal_watermark = DEFAULT_JOURNAL_WATERMARK; 3987 sync_msec = DEFAULT_SYNC_MSEC; 3988 ic->sectors_per_block = 1; 3989 3990 as.argc = argc - DIRECT_ARGUMENTS; 3991 as.argv = argv + DIRECT_ARGUMENTS; 3992 r = dm_read_arg_group(_args, &as, &extra_args, &ti->error); 3993 if (r) 3994 goto bad; 3995 3996 while (extra_args--) { 3997 const char *opt_string; 3998 unsigned val; 3999 unsigned long long llval; 4000 opt_string = dm_shift_arg(&as); 4001 if (!opt_string) { 4002 r = -EINVAL; 4003 ti->error = "Not enough feature arguments"; 4004 goto bad; 4005 } 4006 if (sscanf(opt_string, "journal_sectors:%u%c", &val, &dummy) == 1) 4007 journal_sectors = val ? val : 1; 4008 else if (sscanf(opt_string, "interleave_sectors:%u%c", &val, &dummy) == 1) 4009 interleave_sectors = val; 4010 else if (sscanf(opt_string, "buffer_sectors:%u%c", &val, &dummy) == 1) 4011 buffer_sectors = val; 4012 else if (sscanf(opt_string, "journal_watermark:%u%c", &val, &dummy) == 1 && val <= 100) 4013 journal_watermark = val; 4014 else if (sscanf(opt_string, "commit_time:%u%c", &val, &dummy) == 1) 4015 sync_msec = val; 4016 else if (!strncmp(opt_string, "meta_device:", strlen("meta_device:"))) { 4017 if (ic->meta_dev) { 4018 dm_put_device(ti, ic->meta_dev); 4019 ic->meta_dev = NULL; 4020 } 4021 r = dm_get_device(ti, strchr(opt_string, ':') + 1, 4022 dm_table_get_mode(ti->table), &ic->meta_dev); 4023 if (r) { 4024 ti->error = "Device lookup failed"; 4025 goto bad; 4026 } 4027 } else if (sscanf(opt_string, "block_size:%u%c", &val, &dummy) == 1) { 4028 if (val < 1 << SECTOR_SHIFT || 4029 val > MAX_SECTORS_PER_BLOCK << SECTOR_SHIFT || 4030 (val & (val -1))) { 4031 r = -EINVAL; 4032 ti->error = "Invalid block_size argument"; 4033 goto bad; 4034 } 4035 ic->sectors_per_block = val >> SECTOR_SHIFT; 4036 } else if (sscanf(opt_string, "sectors_per_bit:%llu%c", &llval, &dummy) == 1) { 4037 log2_sectors_per_bitmap_bit = !llval ? 0 : __ilog2_u64(llval); 4038 } else if (sscanf(opt_string, "bitmap_flush_interval:%u%c", &val, &dummy) == 1) { 4039 if (val >= (uint64_t)UINT_MAX * 1000 / HZ) { 4040 r = -EINVAL; 4041 ti->error = "Invalid bitmap_flush_interval argument"; 4042 } 4043 ic->bitmap_flush_interval = msecs_to_jiffies(val); 4044 } else if (!strncmp(opt_string, "internal_hash:", strlen("internal_hash:"))) { 4045 r = get_alg_and_key(opt_string, &ic->internal_hash_alg, &ti->error, 4046 "Invalid internal_hash argument"); 4047 if (r) 4048 goto bad; 4049 } else if (!strncmp(opt_string, "journal_crypt:", strlen("journal_crypt:"))) { 4050 r = get_alg_and_key(opt_string, &ic->journal_crypt_alg, &ti->error, 4051 "Invalid journal_crypt argument"); 4052 if (r) 4053 goto bad; 4054 } else if (!strncmp(opt_string, "journal_mac:", strlen("journal_mac:"))) { 4055 r = get_alg_and_key(opt_string, &ic->journal_mac_alg, &ti->error, 4056 "Invalid journal_mac argument"); 4057 if (r) 4058 goto bad; 4059 } else if (!strcmp(opt_string, "recalculate")) { 4060 ic->recalculate_flag = true; 4061 } else if (!strcmp(opt_string, "allow_discards")) { 4062 ic->discard = true; 4063 } else if (!strcmp(opt_string, "fix_padding")) { 4064 ic->fix_padding = true; 4065 } else if (!strcmp(opt_string, "fix_hmac")) { 4066 ic->fix_hmac = true; 4067 } else if (!strcmp(opt_string, "legacy_recalculate")) { 4068 ic->legacy_recalculate = true; 4069 } else { 4070 r = -EINVAL; 4071 ti->error = "Invalid argument"; 4072 goto bad; 4073 } 4074 } 4075 4076 ic->data_device_sectors = i_size_read(ic->dev->bdev->bd_inode) >> SECTOR_SHIFT; 4077 if (!ic->meta_dev) 4078 ic->meta_device_sectors = ic->data_device_sectors; 4079 else 4080 ic->meta_device_sectors = i_size_read(ic->meta_dev->bdev->bd_inode) >> SECTOR_SHIFT; 4081 4082 if (!journal_sectors) { 4083 journal_sectors = min((sector_t)DEFAULT_MAX_JOURNAL_SECTORS, 4084 ic->data_device_sectors >> DEFAULT_JOURNAL_SIZE_FACTOR); 4085 } 4086 4087 if (!buffer_sectors) 4088 buffer_sectors = 1; 4089 ic->log2_buffer_sectors = min((int)__fls(buffer_sectors), 31 - SECTOR_SHIFT); 4090 4091 r = get_mac(&ic->internal_hash, &ic->internal_hash_alg, &ti->error, 4092 "Invalid internal hash", "Error setting internal hash key"); 4093 if (r) 4094 goto bad; 4095 4096 r = get_mac(&ic->journal_mac, &ic->journal_mac_alg, &ti->error, 4097 "Invalid journal mac", "Error setting journal mac key"); 4098 if (r) 4099 goto bad; 4100 4101 if (!ic->tag_size) { 4102 if (!ic->internal_hash) { 4103 ti->error = "Unknown tag size"; 4104 r = -EINVAL; 4105 goto bad; 4106 } 4107 ic->tag_size = crypto_shash_digestsize(ic->internal_hash); 4108 } 4109 if (ic->tag_size > MAX_TAG_SIZE) { 4110 ti->error = "Too big tag size"; 4111 r = -EINVAL; 4112 goto bad; 4113 } 4114 if (!(ic->tag_size & (ic->tag_size - 1))) 4115 ic->log2_tag_size = __ffs(ic->tag_size); 4116 else 4117 ic->log2_tag_size = -1; 4118 4119 if (ic->mode == 'B' && !ic->internal_hash) { 4120 r = -EINVAL; 4121 ti->error = "Bitmap mode can be only used with internal hash"; 4122 goto bad; 4123 } 4124 4125 if (ic->discard && !ic->internal_hash) { 4126 r = -EINVAL; 4127 ti->error = "Discard can be only used with internal hash"; 4128 goto bad; 4129 } 4130 4131 ic->autocommit_jiffies = msecs_to_jiffies(sync_msec); 4132 ic->autocommit_msec = sync_msec; 4133 timer_setup(&ic->autocommit_timer, autocommit_fn, 0); 4134 4135 ic->io = dm_io_client_create(); 4136 if (IS_ERR(ic->io)) { 4137 r = PTR_ERR(ic->io); 4138 ic->io = NULL; 4139 ti->error = "Cannot allocate dm io"; 4140 goto bad; 4141 } 4142 4143 r = mempool_init_slab_pool(&ic->journal_io_mempool, JOURNAL_IO_MEMPOOL, journal_io_cache); 4144 if (r) { 4145 ti->error = "Cannot allocate mempool"; 4146 goto bad; 4147 } 4148 4149 ic->metadata_wq = alloc_workqueue("dm-integrity-metadata", 4150 WQ_MEM_RECLAIM, METADATA_WORKQUEUE_MAX_ACTIVE); 4151 if (!ic->metadata_wq) { 4152 ti->error = "Cannot allocate workqueue"; 4153 r = -ENOMEM; 4154 goto bad; 4155 } 4156 4157 /* 4158 * If this workqueue were percpu, it would cause bio reordering 4159 * and reduced performance. 4160 */ 4161 ic->wait_wq = alloc_workqueue("dm-integrity-wait", WQ_MEM_RECLAIM | WQ_UNBOUND, 1); 4162 if (!ic->wait_wq) { 4163 ti->error = "Cannot allocate workqueue"; 4164 r = -ENOMEM; 4165 goto bad; 4166 } 4167 4168 ic->offload_wq = alloc_workqueue("dm-integrity-offload", WQ_MEM_RECLAIM, 4169 METADATA_WORKQUEUE_MAX_ACTIVE); 4170 if (!ic->offload_wq) { 4171 ti->error = "Cannot allocate workqueue"; 4172 r = -ENOMEM; 4173 goto bad; 4174 } 4175 4176 ic->commit_wq = alloc_workqueue("dm-integrity-commit", WQ_MEM_RECLAIM, 1); 4177 if (!ic->commit_wq) { 4178 ti->error = "Cannot allocate workqueue"; 4179 r = -ENOMEM; 4180 goto bad; 4181 } 4182 INIT_WORK(&ic->commit_work, integrity_commit); 4183 4184 if (ic->mode == 'J' || ic->mode == 'B') { 4185 ic->writer_wq = alloc_workqueue("dm-integrity-writer", WQ_MEM_RECLAIM, 1); 4186 if (!ic->writer_wq) { 4187 ti->error = "Cannot allocate workqueue"; 4188 r = -ENOMEM; 4189 goto bad; 4190 } 4191 INIT_WORK(&ic->writer_work, integrity_writer); 4192 } 4193 4194 ic->sb = alloc_pages_exact(SB_SECTORS << SECTOR_SHIFT, GFP_KERNEL); 4195 if (!ic->sb) { 4196 r = -ENOMEM; 4197 ti->error = "Cannot allocate superblock area"; 4198 goto bad; 4199 } 4200 4201 r = sync_rw_sb(ic, REQ_OP_READ, 0); 4202 if (r) { 4203 ti->error = "Error reading superblock"; 4204 goto bad; 4205 } 4206 should_write_sb = false; 4207 if (memcmp(ic->sb->magic, SB_MAGIC, 8)) { 4208 if (ic->mode != 'R') { 4209 if (memchr_inv(ic->sb, 0, SB_SECTORS << SECTOR_SHIFT)) { 4210 r = -EINVAL; 4211 ti->error = "The device is not initialized"; 4212 goto bad; 4213 } 4214 } 4215 4216 r = initialize_superblock(ic, journal_sectors, interleave_sectors); 4217 if (r) { 4218 ti->error = "Could not initialize superblock"; 4219 goto bad; 4220 } 4221 if (ic->mode != 'R') 4222 should_write_sb = true; 4223 } 4224 4225 if (!ic->sb->version || ic->sb->version > SB_VERSION_5) { 4226 r = -EINVAL; 4227 ti->error = "Unknown version"; 4228 goto bad; 4229 } 4230 if (le16_to_cpu(ic->sb->integrity_tag_size) != ic->tag_size) { 4231 r = -EINVAL; 4232 ti->error = "Tag size doesn't match the information in superblock"; 4233 goto bad; 4234 } 4235 if (ic->sb->log2_sectors_per_block != __ffs(ic->sectors_per_block)) { 4236 r = -EINVAL; 4237 ti->error = "Block size doesn't match the information in superblock"; 4238 goto bad; 4239 } 4240 if (!le32_to_cpu(ic->sb->journal_sections)) { 4241 r = -EINVAL; 4242 ti->error = "Corrupted superblock, journal_sections is 0"; 4243 goto bad; 4244 } 4245 /* make sure that ti->max_io_len doesn't overflow */ 4246 if (!ic->meta_dev) { 4247 if (ic->sb->log2_interleave_sectors < MIN_LOG2_INTERLEAVE_SECTORS || 4248 ic->sb->log2_interleave_sectors > MAX_LOG2_INTERLEAVE_SECTORS) { 4249 r = -EINVAL; 4250 ti->error = "Invalid interleave_sectors in the superblock"; 4251 goto bad; 4252 } 4253 } else { 4254 if (ic->sb->log2_interleave_sectors) { 4255 r = -EINVAL; 4256 ti->error = "Invalid interleave_sectors in the superblock"; 4257 goto bad; 4258 } 4259 } 4260 if (!!(ic->sb->flags & cpu_to_le32(SB_FLAG_HAVE_JOURNAL_MAC)) != !!ic->journal_mac_alg.alg_string) { 4261 r = -EINVAL; 4262 ti->error = "Journal mac mismatch"; 4263 goto bad; 4264 } 4265 4266 get_provided_data_sectors(ic); 4267 if (!ic->provided_data_sectors) { 4268 r = -EINVAL; 4269 ti->error = "The device is too small"; 4270 goto bad; 4271 } 4272 4273 try_smaller_buffer: 4274 r = calculate_device_limits(ic); 4275 if (r) { 4276 if (ic->meta_dev) { 4277 if (ic->log2_buffer_sectors > 3) { 4278 ic->log2_buffer_sectors--; 4279 goto try_smaller_buffer; 4280 } 4281 } 4282 ti->error = "The device is too small"; 4283 goto bad; 4284 } 4285 4286 if (log2_sectors_per_bitmap_bit < 0) 4287 log2_sectors_per_bitmap_bit = __fls(DEFAULT_SECTORS_PER_BITMAP_BIT); 4288 if (log2_sectors_per_bitmap_bit < ic->sb->log2_sectors_per_block) 4289 log2_sectors_per_bitmap_bit = ic->sb->log2_sectors_per_block; 4290 4291 bits_in_journal = ((__u64)ic->journal_section_sectors * ic->journal_sections) << (SECTOR_SHIFT + 3); 4292 if (bits_in_journal > UINT_MAX) 4293 bits_in_journal = UINT_MAX; 4294 while (bits_in_journal < (ic->provided_data_sectors + ((sector_t)1 << log2_sectors_per_bitmap_bit) - 1) >> log2_sectors_per_bitmap_bit) 4295 log2_sectors_per_bitmap_bit++; 4296 4297 log2_blocks_per_bitmap_bit = log2_sectors_per_bitmap_bit - ic->sb->log2_sectors_per_block; 4298 ic->log2_blocks_per_bitmap_bit = log2_blocks_per_bitmap_bit; 4299 if (should_write_sb) { 4300 ic->sb->log2_blocks_per_bitmap_bit = log2_blocks_per_bitmap_bit; 4301 } 4302 n_bitmap_bits = ((ic->provided_data_sectors >> ic->sb->log2_sectors_per_block) 4303 + (((sector_t)1 << log2_blocks_per_bitmap_bit) - 1)) >> log2_blocks_per_bitmap_bit; 4304 ic->n_bitmap_blocks = DIV_ROUND_UP(n_bitmap_bits, BITMAP_BLOCK_SIZE * 8); 4305 4306 if (!ic->meta_dev) 4307 ic->log2_buffer_sectors = min(ic->log2_buffer_sectors, (__u8)__ffs(ic->metadata_run)); 4308 4309 if (ti->len > ic->provided_data_sectors) { 4310 r = -EINVAL; 4311 ti->error = "Not enough provided sectors for requested mapping size"; 4312 goto bad; 4313 } 4314 4315 4316 threshold = (__u64)ic->journal_entries * (100 - journal_watermark); 4317 threshold += 50; 4318 do_div(threshold, 100); 4319 ic->free_sectors_threshold = threshold; 4320 4321 DEBUG_print("initialized:\n"); 4322 DEBUG_print(" integrity_tag_size %u\n", le16_to_cpu(ic->sb->integrity_tag_size)); 4323 DEBUG_print(" journal_entry_size %u\n", ic->journal_entry_size); 4324 DEBUG_print(" journal_entries_per_sector %u\n", ic->journal_entries_per_sector); 4325 DEBUG_print(" journal_section_entries %u\n", ic->journal_section_entries); 4326 DEBUG_print(" journal_section_sectors %u\n", ic->journal_section_sectors); 4327 DEBUG_print(" journal_sections %u\n", (unsigned)le32_to_cpu(ic->sb->journal_sections)); 4328 DEBUG_print(" journal_entries %u\n", ic->journal_entries); 4329 DEBUG_print(" log2_interleave_sectors %d\n", ic->sb->log2_interleave_sectors); 4330 DEBUG_print(" data_device_sectors 0x%llx\n", i_size_read(ic->dev->bdev->bd_inode) >> SECTOR_SHIFT); 4331 DEBUG_print(" initial_sectors 0x%x\n", ic->initial_sectors); 4332 DEBUG_print(" metadata_run 0x%x\n", ic->metadata_run); 4333 DEBUG_print(" log2_metadata_run %d\n", ic->log2_metadata_run); 4334 DEBUG_print(" provided_data_sectors 0x%llx (%llu)\n", ic->provided_data_sectors, ic->provided_data_sectors); 4335 DEBUG_print(" log2_buffer_sectors %u\n", ic->log2_buffer_sectors); 4336 DEBUG_print(" bits_in_journal %llu\n", bits_in_journal); 4337 4338 if (ic->recalculate_flag && !(ic->sb->flags & cpu_to_le32(SB_FLAG_RECALCULATING))) { 4339 ic->sb->flags |= cpu_to_le32(SB_FLAG_RECALCULATING); 4340 ic->sb->recalc_sector = cpu_to_le64(0); 4341 } 4342 4343 if (ic->internal_hash) { 4344 ic->recalc_wq = alloc_workqueue("dm-integrity-recalc", WQ_MEM_RECLAIM, 1); 4345 if (!ic->recalc_wq ) { 4346 ti->error = "Cannot allocate workqueue"; 4347 r = -ENOMEM; 4348 goto bad; 4349 } 4350 INIT_WORK(&ic->recalc_work, integrity_recalc); 4351 ic->recalc_buffer = vmalloc(RECALC_SECTORS << SECTOR_SHIFT); 4352 if (!ic->recalc_buffer) { 4353 ti->error = "Cannot allocate buffer for recalculating"; 4354 r = -ENOMEM; 4355 goto bad; 4356 } 4357 ic->recalc_tags = kvmalloc_array(RECALC_SECTORS >> ic->sb->log2_sectors_per_block, 4358 ic->tag_size, GFP_KERNEL); 4359 if (!ic->recalc_tags) { 4360 ti->error = "Cannot allocate tags for recalculating"; 4361 r = -ENOMEM; 4362 goto bad; 4363 } 4364 } else { 4365 if (ic->sb->flags & cpu_to_le32(SB_FLAG_RECALCULATING)) { 4366 ti->error = "Recalculate can only be specified with internal_hash"; 4367 r = -EINVAL; 4368 goto bad; 4369 } 4370 } 4371 4372 if (ic->sb->flags & cpu_to_le32(SB_FLAG_RECALCULATING) && 4373 le64_to_cpu(ic->sb->recalc_sector) < ic->provided_data_sectors && 4374 dm_integrity_disable_recalculate(ic)) { 4375 ti->error = "Recalculating with HMAC is disabled for security reasons - if you really need it, use the argument \"legacy_recalculate\""; 4376 r = -EOPNOTSUPP; 4377 goto bad; 4378 } 4379 4380 ic->bufio = dm_bufio_client_create(ic->meta_dev ? ic->meta_dev->bdev : ic->dev->bdev, 4381 1U << (SECTOR_SHIFT + ic->log2_buffer_sectors), 1, 0, NULL, NULL); 4382 if (IS_ERR(ic->bufio)) { 4383 r = PTR_ERR(ic->bufio); 4384 ti->error = "Cannot initialize dm-bufio"; 4385 ic->bufio = NULL; 4386 goto bad; 4387 } 4388 dm_bufio_set_sector_offset(ic->bufio, ic->start + ic->initial_sectors); 4389 4390 if (ic->mode != 'R') { 4391 r = create_journal(ic, &ti->error); 4392 if (r) 4393 goto bad; 4394 4395 } 4396 4397 if (ic->mode == 'B') { 4398 unsigned i; 4399 unsigned n_bitmap_pages = DIV_ROUND_UP(ic->n_bitmap_blocks, PAGE_SIZE / BITMAP_BLOCK_SIZE); 4400 4401 ic->recalc_bitmap = dm_integrity_alloc_page_list(n_bitmap_pages); 4402 if (!ic->recalc_bitmap) { 4403 r = -ENOMEM; 4404 goto bad; 4405 } 4406 ic->may_write_bitmap = dm_integrity_alloc_page_list(n_bitmap_pages); 4407 if (!ic->may_write_bitmap) { 4408 r = -ENOMEM; 4409 goto bad; 4410 } 4411 ic->bbs = kvmalloc_array(ic->n_bitmap_blocks, sizeof(struct bitmap_block_status), GFP_KERNEL); 4412 if (!ic->bbs) { 4413 r = -ENOMEM; 4414 goto bad; 4415 } 4416 INIT_DELAYED_WORK(&ic->bitmap_flush_work, bitmap_flush_work); 4417 for (i = 0; i < ic->n_bitmap_blocks; i++) { 4418 struct bitmap_block_status *bbs = &ic->bbs[i]; 4419 unsigned sector, pl_index, pl_offset; 4420 4421 INIT_WORK(&bbs->work, bitmap_block_work); 4422 bbs->ic = ic; 4423 bbs->idx = i; 4424 bio_list_init(&bbs->bio_queue); 4425 spin_lock_init(&bbs->bio_queue_lock); 4426 4427 sector = i * (BITMAP_BLOCK_SIZE >> SECTOR_SHIFT); 4428 pl_index = sector >> (PAGE_SHIFT - SECTOR_SHIFT); 4429 pl_offset = (sector << SECTOR_SHIFT) & (PAGE_SIZE - 1); 4430 4431 bbs->bitmap = lowmem_page_address(ic->journal[pl_index].page) + pl_offset; 4432 } 4433 } 4434 4435 if (should_write_sb) { 4436 int r; 4437 4438 init_journal(ic, 0, ic->journal_sections, 0); 4439 r = dm_integrity_failed(ic); 4440 if (unlikely(r)) { 4441 ti->error = "Error initializing journal"; 4442 goto bad; 4443 } 4444 r = sync_rw_sb(ic, REQ_OP_WRITE, REQ_FUA); 4445 if (r) { 4446 ti->error = "Error initializing superblock"; 4447 goto bad; 4448 } 4449 ic->just_formatted = true; 4450 } 4451 4452 if (!ic->meta_dev) { 4453 r = dm_set_target_max_io_len(ti, 1U << ic->sb->log2_interleave_sectors); 4454 if (r) 4455 goto bad; 4456 } 4457 if (ic->mode == 'B') { 4458 unsigned max_io_len = ((sector_t)ic->sectors_per_block << ic->log2_blocks_per_bitmap_bit) * (BITMAP_BLOCK_SIZE * 8); 4459 if (!max_io_len) 4460 max_io_len = 1U << 31; 4461 DEBUG_print("max_io_len: old %u, new %u\n", ti->max_io_len, max_io_len); 4462 if (!ti->max_io_len || ti->max_io_len > max_io_len) { 4463 r = dm_set_target_max_io_len(ti, max_io_len); 4464 if (r) 4465 goto bad; 4466 } 4467 } 4468 4469 if (!ic->internal_hash) 4470 dm_integrity_set(ti, ic); 4471 4472 ti->num_flush_bios = 1; 4473 ti->flush_supported = true; 4474 if (ic->discard) 4475 ti->num_discard_bios = 1; 4476 4477 return 0; 4478 4479 bad: 4480 dm_integrity_dtr(ti); 4481 return r; 4482 } 4483 4484 static void dm_integrity_dtr(struct dm_target *ti) 4485 { 4486 struct dm_integrity_c *ic = ti->private; 4487 4488 BUG_ON(!RB_EMPTY_ROOT(&ic->in_progress)); 4489 BUG_ON(!list_empty(&ic->wait_list)); 4490 4491 if (ic->metadata_wq) 4492 destroy_workqueue(ic->metadata_wq); 4493 if (ic->wait_wq) 4494 destroy_workqueue(ic->wait_wq); 4495 if (ic->offload_wq) 4496 destroy_workqueue(ic->offload_wq); 4497 if (ic->commit_wq) 4498 destroy_workqueue(ic->commit_wq); 4499 if (ic->writer_wq) 4500 destroy_workqueue(ic->writer_wq); 4501 if (ic->recalc_wq) 4502 destroy_workqueue(ic->recalc_wq); 4503 vfree(ic->recalc_buffer); 4504 kvfree(ic->recalc_tags); 4505 kvfree(ic->bbs); 4506 if (ic->bufio) 4507 dm_bufio_client_destroy(ic->bufio); 4508 mempool_exit(&ic->journal_io_mempool); 4509 if (ic->io) 4510 dm_io_client_destroy(ic->io); 4511 if (ic->dev) 4512 dm_put_device(ti, ic->dev); 4513 if (ic->meta_dev) 4514 dm_put_device(ti, ic->meta_dev); 4515 dm_integrity_free_page_list(ic->journal); 4516 dm_integrity_free_page_list(ic->journal_io); 4517 dm_integrity_free_page_list(ic->journal_xor); 4518 dm_integrity_free_page_list(ic->recalc_bitmap); 4519 dm_integrity_free_page_list(ic->may_write_bitmap); 4520 if (ic->journal_scatterlist) 4521 dm_integrity_free_journal_scatterlist(ic, ic->journal_scatterlist); 4522 if (ic->journal_io_scatterlist) 4523 dm_integrity_free_journal_scatterlist(ic, ic->journal_io_scatterlist); 4524 if (ic->sk_requests) { 4525 unsigned i; 4526 4527 for (i = 0; i < ic->journal_sections; i++) { 4528 struct skcipher_request *req = ic->sk_requests[i]; 4529 if (req) { 4530 kfree_sensitive(req->iv); 4531 skcipher_request_free(req); 4532 } 4533 } 4534 kvfree(ic->sk_requests); 4535 } 4536 kvfree(ic->journal_tree); 4537 if (ic->sb) 4538 free_pages_exact(ic->sb, SB_SECTORS << SECTOR_SHIFT); 4539 4540 if (ic->internal_hash) 4541 crypto_free_shash(ic->internal_hash); 4542 free_alg(&ic->internal_hash_alg); 4543 4544 if (ic->journal_crypt) 4545 crypto_free_skcipher(ic->journal_crypt); 4546 free_alg(&ic->journal_crypt_alg); 4547 4548 if (ic->journal_mac) 4549 crypto_free_shash(ic->journal_mac); 4550 free_alg(&ic->journal_mac_alg); 4551 4552 kfree(ic); 4553 } 4554 4555 static struct target_type integrity_target = { 4556 .name = "integrity", 4557 .version = {1, 7, 0}, 4558 .module = THIS_MODULE, 4559 .features = DM_TARGET_SINGLETON | DM_TARGET_INTEGRITY, 4560 .ctr = dm_integrity_ctr, 4561 .dtr = dm_integrity_dtr, 4562 .map = dm_integrity_map, 4563 .postsuspend = dm_integrity_postsuspend, 4564 .resume = dm_integrity_resume, 4565 .status = dm_integrity_status, 4566 .iterate_devices = dm_integrity_iterate_devices, 4567 .io_hints = dm_integrity_io_hints, 4568 }; 4569 4570 static int __init dm_integrity_init(void) 4571 { 4572 int r; 4573 4574 journal_io_cache = kmem_cache_create("integrity_journal_io", 4575 sizeof(struct journal_io), 0, 0, NULL); 4576 if (!journal_io_cache) { 4577 DMERR("can't allocate journal io cache"); 4578 return -ENOMEM; 4579 } 4580 4581 r = dm_register_target(&integrity_target); 4582 4583 if (r < 0) 4584 DMERR("register failed %d", r); 4585 4586 return r; 4587 } 4588 4589 static void __exit dm_integrity_exit(void) 4590 { 4591 dm_unregister_target(&integrity_target); 4592 kmem_cache_destroy(journal_io_cache); 4593 } 4594 4595 module_init(dm_integrity_init); 4596 module_exit(dm_integrity_exit); 4597 4598 MODULE_AUTHOR("Milan Broz"); 4599 MODULE_AUTHOR("Mikulas Patocka"); 4600 MODULE_DESCRIPTION(DM_NAME " target for integrity tags extension"); 4601 MODULE_LICENSE("GPL"); 4602