#include "dm-verity.h"
#include "dm-verity-fec.h"
#include "dm-verity-verify-sig.h"
#include "dm-audit.h"
#include <linux/module.h>
#include <linux/reboot.h>
#include <linux/scatterlist.h>
#include <linux/string.h>
#include <linux/jump_label.h>
#include <linux/security.h>
#define DM_MSG_PREFIX …
#define DM_VERITY_ENV_LENGTH …
#define DM_VERITY_ENV_VAR_NAME …
#define DM_VERITY_DEFAULT_PREFETCH_SIZE …
#define DM_VERITY_MAX_CORRUPTED_ERRS …
#define DM_VERITY_OPT_LOGGING …
#define DM_VERITY_OPT_RESTART …
#define DM_VERITY_OPT_PANIC …
#define DM_VERITY_OPT_ERROR_RESTART …
#define DM_VERITY_OPT_ERROR_PANIC …
#define DM_VERITY_OPT_IGN_ZEROES …
#define DM_VERITY_OPT_AT_MOST_ONCE …
#define DM_VERITY_OPT_TASKLET_VERIFY …
#define DM_VERITY_OPTS_MAX …
static unsigned int dm_verity_prefetch_cluster = …;
module_param_named(prefetch_cluster, dm_verity_prefetch_cluster, uint, 0644);
static DEFINE_STATIC_KEY_FALSE(use_bh_wq_enabled);
static DEFINE_STATIC_KEY_FALSE(ahash_enabled);
struct dm_verity_prefetch_work { … };
struct buffer_aux { … };
static void dm_bufio_alloc_callback(struct dm_buffer *buf)
{ … }
static sector_t verity_map_sector(struct dm_verity *v, sector_t bi_sector)
{ … }
static sector_t verity_position_at_level(struct dm_verity *v, sector_t block,
int level)
{ … }
static int verity_ahash_update(struct dm_verity *v, struct ahash_request *req,
const u8 *data, size_t len,
struct crypto_wait *wait)
{ … }
static int verity_ahash_init(struct dm_verity *v, struct ahash_request *req,
struct crypto_wait *wait, bool may_sleep)
{ … }
static int verity_ahash_final(struct dm_verity *v, struct ahash_request *req,
u8 *digest, struct crypto_wait *wait)
{ … }
int verity_hash(struct dm_verity *v, struct dm_verity_io *io,
const u8 *data, size_t len, u8 *digest, bool may_sleep)
{ … }
static void verity_hash_at_level(struct dm_verity *v, sector_t block, int level,
sector_t *hash_block, unsigned int *offset)
{ … }
static int verity_handle_err(struct dm_verity *v, enum verity_block_type type,
unsigned long long block)
{ … }
static int verity_verify_level(struct dm_verity *v, struct dm_verity_io *io,
sector_t block, int level, bool skip_unverified,
u8 *want_digest)
{ … }
int verity_hash_for_block(struct dm_verity *v, struct dm_verity_io *io,
sector_t block, u8 *digest, bool *is_zero)
{ … }
static noinline int verity_recheck(struct dm_verity *v, struct dm_verity_io *io,
sector_t cur_block, u8 *dest)
{ … }
static int verity_handle_data_hash_mismatch(struct dm_verity *v,
struct dm_verity_io *io,
struct bio *bio, sector_t blkno,
u8 *data)
{ … }
static int verity_verify_io(struct dm_verity_io *io)
{ … }
static inline bool verity_is_system_shutting_down(void)
{ … }
static void restart_io_error(struct work_struct *w)
{ … }
static void verity_finish_io(struct dm_verity_io *io, blk_status_t status)
{ … }
static void verity_work(struct work_struct *w)
{ … }
static void verity_bh_work(struct work_struct *w)
{ … }
static void verity_end_io(struct bio *bio)
{ … }
static void verity_prefetch_io(struct work_struct *work)
{ … }
static void verity_submit_prefetch(struct dm_verity *v, struct dm_verity_io *io,
unsigned short ioprio)
{ … }
static int verity_map(struct dm_target *ti, struct bio *bio)
{ … }
static void verity_status(struct dm_target *ti, status_type_t type,
unsigned int status_flags, char *result, unsigned int maxlen)
{ … }
static int verity_prepare_ioctl(struct dm_target *ti, struct block_device **bdev)
{ … }
static int verity_iterate_devices(struct dm_target *ti,
iterate_devices_callout_fn fn, void *data)
{ … }
static void verity_io_hints(struct dm_target *ti, struct queue_limits *limits)
{ … }
#ifdef CONFIG_SECURITY
static int verity_init_sig(struct dm_verity *v, const void *sig,
size_t sig_size)
{ … }
static void verity_free_sig(struct dm_verity *v)
{ … }
#else
static inline int verity_init_sig(struct dm_verity *v, const void *sig,
size_t sig_size)
{
return 0;
}
static inline void verity_free_sig(struct dm_verity *v)
{
}
#endif
static void verity_dtr(struct dm_target *ti)
{ … }
static int verity_alloc_most_once(struct dm_verity *v)
{ … }
static int verity_alloc_zero_digest(struct dm_verity *v)
{ … }
static inline bool verity_is_verity_mode(const char *arg_name)
{ … }
static int verity_parse_verity_mode(struct dm_verity *v, const char *arg_name)
{ … }
static inline bool verity_is_verity_error_mode(const char *arg_name)
{ … }
static int verity_parse_verity_error_mode(struct dm_verity *v, const char *arg_name)
{ … }
static int verity_parse_opt_args(struct dm_arg_set *as, struct dm_verity *v,
struct dm_verity_sig_opts *verify_args,
bool only_modifier_opts)
{ … }
static int verity_setup_hash_alg(struct dm_verity *v, const char *alg_name)
{ … }
static int verity_setup_salt_and_hashstate(struct dm_verity *v, const char *arg)
{ … }
static int verity_ctr(struct dm_target *ti, unsigned int argc, char **argv)
{ … }
int dm_verity_get_mode(struct dm_target *ti)
{ … }
int dm_verity_get_root_digest(struct dm_target *ti, u8 **root_digest, unsigned int *digest_size)
{ … }
#ifdef CONFIG_SECURITY
#ifdef CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
static int verity_security_set_signature(struct block_device *bdev,
struct dm_verity *v)
{ … }
#else
static inline int verity_security_set_signature(struct block_device *bdev,
struct dm_verity *v)
{
return 0;
}
#endif
static int verity_preresume(struct dm_target *ti)
{ … }
#endif
static struct target_type verity_target = …;
module_dm(verity);
bool dm_is_verity_target(struct dm_target *ti)
{ … }
MODULE_AUTHOR(…) …;
MODULE_AUTHOR(…) …;
MODULE_AUTHOR(…) …;
MODULE_DESCRIPTION(…) …;
MODULE_LICENSE(…) …;