dm verity: switch to using asynchronous hash crypto API

Use of the synchronous digest API limits dm-verity to using pure CPU based algorithm providers and rules out the use of off CPU algorithm providers which are normally asynchronous by nature, potentially freeing CPU cycles. This can reduce performance per Watt in situations such as during boot time when a lot of concurrent file accesses are made to the protected volume. Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> CC: Eric Biggers <ebiggers3@gmail.com> CC: Ondrej Mosnáček <omosnacek+linux-crypto@gmail.com> Tested-by: Milan Broz <gmazyland@gmail.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com>
author: Gilad Ben-Yossef <gilad@benyossef.com> 2017-02-19 07:46:07 -0500
committer: Mike Snitzer <snitzer@redhat.com> 2017-04-24 15:37:04 -0400
commit: d1ac3ff008fb9a48f91fc15920b4c8db24c0f03e (patch)
tree: 564a6181d22925a9dfc25eb7c69af735a0f6c399
parent: a1b89132dc4f61071bdeaab92ea958e0953380a1 (diff)
3 files changed, 157 insertions, 71 deletions
diff --git a/drivers/md/dm-verity-fec.c b/drivers/md/dm-verity-fec.c
index 0f0eb8a3d922..dab98fee0754 100644
--- a/drivers/md/dm-verity-fec.c
+++ b/drivers/md/dm-verity-fec.c
@@ -188,7 +188,7 @@ error:
 static int fec_is_erasure(struct dm_verity *v, struct dm_verity_io *io,
                          u8 *want_digest, u8 *data)
 {
-        if (unlikely(verity_hash(v, verity_io_hash_desc(v, io),
+        if (unlikely(verity_hash(v, verity_io_hash_req(v, io),
                                 data, 1 << v->data_dev_block_bits,
                                 verity_io_real_digest(v, io))))
                return 0;
@@ -397,7 +397,7 @@ static int fec_decode_rsb(struct dm_verity *v, struct dm_verity_io *io,
        }
        /* Always re-validate the corrected block against the expected hash */
-        r = verity_hash(v, verity_io_hash_desc(v, io), fio->output,
+        r = verity_hash(v, verity_io_hash_req(v, io), fio->output,
                        1 << v->data_dev_block_bits,
                        verity_io_real_digest(v, io));
        if (unlikely(r < 0))
diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c
index 7335d8a3fc47..97de961a3bfc 100644
--- a/drivers/md/dm-verity-target.c
+++ b/drivers/md/dm-verity-target.c
@@ -93,81 +93,123 @@ static sector_t verity_position_at_level(struct dm_verity *v, sector_t block,
 }
 /*
- * Wrapper for crypto_shash_init, which handles verity salting.
+ * Callback function for asynchrnous crypto API completion notification
 */
-static int verity_hash_init(struct dm_verity *v, struct shash_desc *desc)
+static void verity_op_done(struct crypto_async_request *base, int err)
 {
-        int r;
+        struct verity_result *res = (struct verity_result *)base->data;
-        desc->tfm = v->tfm;
+        if (err == -EINPROGRESS)
-        desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
+                return;
-        r = crypto_shash_init(desc);
+        res->err = err;
+        complete(&res->completion);
+}
-        if (unlikely(r < 0)) {
+/*
-                DMERR("crypto_shash_init failed: %d", r);
+ * Wait for async crypto API callback
-                return r;
+ */
-        }
+static inline int verity_complete_op(struct verity_result *res, int ret)
+{
+        switch (ret) {
+        case 0:
+                break;
-        if (likely(v->version >= 1)) {
+        case -EINPROGRESS:
-                r = crypto_shash_update(desc, v->salt, v->salt_size);
+        case -EBUSY:
+                ret = wait_for_completion_interruptible(&res->completion);
+                if (!ret)
+                        ret = res->err;
+                reinit_completion(&res->completion);
+                break;
-                if (unlikely(r < 0)) {
+        default:
-                        DMERR("crypto_shash_update failed: %d", r);
+                DMERR("verity_wait_hash: crypto op submission failed: %d", ret);
-                        return r;
-                }
        }
-        return 0;
+        if (unlikely(ret < 0))
+                DMERR("verity_wait_hash: crypto op failed: %d", ret);
+        return ret;
 }
-static int verity_hash_update(struct dm_verity *v, struct shash_desc *desc,
+static int verity_hash_update(struct dm_verity *v, struct ahash_request *req,
-                              const u8 *data, size_t len)
+                                const u8 *data, size_t len,
+                                struct verity_result *res)
 {
-        int r = crypto_shash_update(desc, data, len);
+        struct scatterlist sg;
-        if (unlikely(r < 0))
+        sg_init_one(&sg, data, len);
-                DMERR("crypto_shash_update failed: %d", r);
+        ahash_request_set_crypt(req, &sg, NULL, len);
+        return verity_complete_op(res, crypto_ahash_update(req));
+}
+/*
+ * Wrapper for crypto_ahash_init, which handles verity salting.
+ */
+static int verity_hash_init(struct dm_verity *v, struct ahash_request *req,
+                                struct verity_result *res)
+{
+        int r;
+        ahash_request_set_tfm(req, v->tfm);
+        ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP |
+                                        CRYPTO_TFM_REQ_MAY_BACKLOG,
+                                        verity_op_done, (void *)res);
+        init_completion(&res->completion);
+        r = verity_complete_op(res, crypto_ahash_init(req));
+        if (unlikely(r < 0)) {
+                DMERR("crypto_ahash_init failed: %d", r);
+                return r;
+        }
+        if (likely(v->version >= 1))
+                r = verity_hash_update(v, req, v->salt, v->salt_size, res);
        return r;
 }
-static int verity_hash_final(struct dm_verity *v, struct shash_desc *desc,
+static int verity_hash_final(struct dm_verity *v, struct ahash_request *req,
-                             u8 *digest)
+                             u8 *digest, struct verity_result *res)
 {
        int r;
        if (unlikely(!v->version)) {
-                r = crypto_shash_update(desc, v->salt, v->salt_size);
+                r = verity_hash_update(v, req, v->salt, v->salt_size, res);
                if (r < 0) {
-                        DMERR("crypto_shash_update failed: %d", r);
+                        DMERR("verity_hash_final failed updating salt: %d", r);
-                        return r;
+                        goto out;
                }
        }
-        r = crypto_shash_final(desc, digest);
+        ahash_request_set_crypt(req, NULL, digest, 0);
+        r = verity_complete_op(res, crypto_ahash_final(req));
-        if (unlikely(r < 0))
+out:
-                DMERR("crypto_shash_final failed: %d", r);
        return r;
 }
-int verity_hash(struct dm_verity *v, struct shash_desc *desc,
+int verity_hash(struct dm_verity *v, struct ahash_request *req,
                const u8 *data, size_t len, u8 *digest)
 {
        int r;
+        struct verity_result res;
-        r = verity_hash_init(v, desc);
+        r = verity_hash_init(v, req, &res);
        if (unlikely(r < 0))
-                return r;
+                goto out;
-        r = verity_hash_update(v, desc, data, len);
+        r = verity_hash_update(v, req, data, len, &res);
        if (unlikely(r < 0))
-                return r;
+                goto out;
+        r = verity_hash_final(v, req, digest, &res);
-        return verity_hash_final(v, desc, digest);
+out:
+        return r;
 }
 static void verity_hash_at_level(struct dm_verity *v, sector_t block, int level,
@@ -275,7 +317,7 @@ static int verity_verify_level(struct dm_verity *v, struct dm_verity_io *io,
                        goto release_ret_r;
                }
-                r = verity_hash(v, verity_io_hash_desc(v, io),
+                r = verity_hash(v, verity_io_hash_req(v, io),
                                data, 1 << v->hash_dev_block_bits,
                                verity_io_real_digest(v, io));
                if (unlikely(r < 0))
@@ -344,6 +386,49 @@ out:
 }
 /*
+ * Calculates the digest for the given bio
+ */
+int verity_for_io_block(struct dm_verity *v, struct dm_verity_io *io,
+                        struct bvec_iter *iter, struct verity_result *res)
+{
+        unsigned int todo = 1 << v->data_dev_block_bits;
+        struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size);
+        struct scatterlist sg;
+        struct ahash_request *req = verity_io_hash_req(v, io);
+        do {
+                int r;
+                unsigned int len;
+                struct bio_vec bv = bio_iter_iovec(bio, *iter);
+                sg_init_table(&sg, 1);
+                len = bv.bv_len;
+                if (likely(len >= todo))
+                        len = todo;
+                /*
+                 * Operating on a single page at a time looks suboptimal
+                 * until you consider the typical block size is 4,096B.
+                 * Going through this loops twice should be very rare.
+                 */
+                sg_set_page(&sg, bv.bv_page, len, bv.bv_offset);
+                ahash_request_set_crypt(req, &sg, NULL, len);
+                r = verity_complete_op(res, crypto_ahash_update(req));
+                if (unlikely(r < 0)) {
+                        DMERR("verity_for_io_block crypto op failed: %d", r);
+                        return r;
+                }
+                bio_advance_iter(bio, iter, len);
+                todo -= len;
+        } while (todo);
+        return 0;
+}
+/*
 * Calls function process for 1 << v->data_dev_block_bits bytes in the bio_vec
 * starting from iter.
 */
@@ -381,12 +466,6 @@ int verity_for_bv_block(struct dm_verity *v, struct dm_verity_io *io,
        return 0;
 }
-static int verity_bv_hash_update(struct dm_verity *v, struct dm_verity_io *io,
-                                 u8 *data, size_t len)
-{
-        return verity_hash_update(v, verity_io_hash_desc(v, io), data, len);
-}
 static int verity_bv_zero(struct dm_verity *v, struct dm_verity_io *io,
                          u8 *data, size_t len)
 {
@@ -403,10 +482,11 @@ static int verity_verify_io(struct dm_verity_io *io)
        struct dm_verity *v = io->v;
        struct bvec_iter start;
        unsigned b;
+        struct verity_result res;
        for (b = 0; b < io->n_blocks; b++) {
                int r;
-                struct shash_desc *desc = verity_io_hash_desc(v, io);
+                struct ahash_request *req = verity_io_hash_req(v, io);
                r = verity_hash_for_block(v, io, io->block + b,
                                          verity_io_want_digest(v, io),
@@ -427,16 +507,17 @@ static int verity_verify_io(struct dm_verity_io *io)
                        continue;
                }
-                r = verity_hash_init(v, desc);
+                r = verity_hash_init(v, req, &res);
                if (unlikely(r < 0))
                        return r;
                start = io->iter;
-                r = verity_for_bv_block(v, io, &io->iter, verity_bv_hash_update);
+                r = verity_for_io_block(v, io, &io->iter, &res);
                if (unlikely(r < 0))
                        return r;
-                r = verity_hash_final(v, desc, verity_io_real_digest(v, io));
+                r = verity_hash_final(v, req, verity_io_real_digest(v, io),
+                                        &res);
                if (unlikely(r < 0))
                        return r;
@@ -705,7 +786,7 @@ static void verity_dtr(struct dm_target *ti)
        kfree(v->zero_digest);
        if (v->tfm)
-                crypto_free_shash(v->tfm);
+                crypto_free_ahash(v->tfm);
        kfree(v->alg_name);
@@ -723,7 +804,7 @@ static void verity_dtr(struct dm_target *ti)
 static int verity_alloc_zero_digest(struct dm_verity *v)
 {
        int r = -ENOMEM;
-        struct shash_desc *desc;
+        struct ahash_request *req;
        u8 *zero_data;
        v->zero_digest = kmalloc(v->digest_size, GFP_KERNEL);
@@ -731,9 +812,9 @@ static int verity_alloc_zero_digest(struct dm_verity *v)
        if (!v->zero_digest)
                return r;
-        desc = kmalloc(v->shash_descsize, GFP_KERNEL);
+        req = kmalloc(v->ahash_reqsize, GFP_KERNEL);
-        if (!desc)
+        if (!req)
                return r; /* verity_dtr will free zero_digest */
        zero_data = kzalloc(1 << v->data_dev_block_bits, GFP_KERNEL);
@@ -741,11 +822,11 @@ static int verity_alloc_zero_digest(struct dm_verity *v)
        if (!zero_data)
                goto out;
-        r = verity_hash(v, desc, zero_data, 1 << v->data_dev_block_bits,
+        r = verity_hash(v, req, zero_data, 1 << v->data_dev_block_bits,
                        v->zero_digest);
 out:
-        kfree(desc);
+        kfree(req);
        kfree(zero_data);
        return r;
@@ -923,21 +1004,21 @@ static int verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
                goto bad;
        }
-        v->tfm = crypto_alloc_shash(v->alg_name, 0, 0);
+        v->tfm = crypto_alloc_ahash(v->alg_name, 0, 0);
        if (IS_ERR(v->tfm)) {
                ti->error = "Cannot initialize hash function";
                r = PTR_ERR(v->tfm);
                v->tfm = NULL;
                goto bad;
        }
-        v->digest_size = crypto_shash_digestsize(v->tfm);
+        v->digest_size = crypto_ahash_digestsize(v->tfm);
        if ((1 << v->hash_dev_block_bits) < v->digest_size * 2) {
                ti->error = "Digest size too big";
                r = -EINVAL;
                goto bad;
        }
-        v->shash_descsize =
+        v->ahash_reqsize = sizeof(struct ahash_request) +
-                sizeof(struct shash_desc) + crypto_shash_descsize(v->tfm);
+                crypto_ahash_reqsize(v->tfm);
        v->root_digest = kmalloc(v->digest_size, GFP_KERNEL);
        if (!v->root_digest) {
@@ -1037,7 +1118,7 @@ static int verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
        }
        ti->per_io_data_size = sizeof(struct dm_verity_io) +
-                                v->shash_descsize + v->digest_size * 2;
+                                v->ahash_reqsize + v->digest_size * 2;
        r = verity_fec_ctr(v);
        if (r)
diff --git a/drivers/md/dm-verity.h b/drivers/md/dm-verity.h
index fb419f422d73..a59e0ada6fd3 100644
--- a/drivers/md/dm-verity.h
+++ b/drivers/md/dm-verity.h
@@ -37,7 +37,7 @@ struct dm_verity {
        struct dm_target *ti;
        struct dm_bufio_client *bufio;
        char *alg_name;
-        struct crypto_shash *tfm;
+        struct crypto_ahash *tfm;
        u8 *root_digest;        /* digest of the root block */
        u8 *salt;               /* salt: its size is salt_size */
        u8 *zero_digest;        /* digest for a zero block */
@@ -52,7 +52,7 @@ struct dm_verity {
        unsigned char levels;   /* the number of tree levels */
        unsigned char version;
        unsigned digest_size;   /* digest size for the current hash algorithm */
-        unsigned shash_descsize;/* the size of temporary space for crypto */
+        unsigned int ahash_reqsize;/* the size of temporary space for crypto */
        int hash_failed;        /* set to 1 if hash of any block failed */
        enum verity_mode mode;  /* mode for handling verification errors */
        unsigned corrupted_errs;/* Number of errors for corrupted blocks */
@@ -81,31 +81,36 @@ struct dm_verity_io {
        /*
         * Three variably-size fields follow this struct:
         *
-         * u8 hash_desc[v->shash_descsize];
+         * u8 hash_req[v->ahash_reqsize];
         * u8 real_digest[v->digest_size];
         * u8 want_digest[v->digest_size];
         *
-         * To access them use: verity_io_hash_desc(), verity_io_real_digest()
+         * To access them use: verity_io_hash_req(), verity_io_real_digest()
         * and verity_io_want_digest().
         */
 };
-static inline struct shash_desc *verity_io_hash_desc(struct dm_verity *v,
+struct verity_result {
+        struct completion completion;
+        int err;
+};
+static inline struct ahash_request *verity_io_hash_req(struct dm_verity *v,
                                                     struct dm_verity_io *io)
 {
-        return (struct shash_desc *)(io + 1);
+        return (struct ahash_request *)(io + 1);
 }
 static inline u8 *verity_io_real_digest(struct dm_verity *v,
                                        struct dm_verity_io *io)
 {
-        return (u8 *)(io + 1) + v->shash_descsize;
+        return (u8 *)(io + 1) + v->ahash_reqsize;
 }
 static inline u8 *verity_io_want_digest(struct dm_verity *v,
                                        struct dm_verity_io *io)
 {
-        return (u8 *)(io + 1) + v->shash_descsize + v->digest_size;
+        return (u8 *)(io + 1) + v->ahash_reqsize + v->digest_size;
 }
 static inline u8 *verity_io_digest_end(struct dm_verity *v,
@@ -120,7 +125,7 @@ extern int verity_for_bv_block(struct dm_verity *v, struct dm_verity_io *io,
                                              struct dm_verity_io *io,
                                              u8 *data, size_t len));
-extern int verity_hash(struct dm_verity *v, struct shash_desc *desc,
+extern int verity_hash(struct dm_verity *v, struct ahash_request *req,
                       const u8 *data, size_t len, u8 *digest);
 extern int verity_hash_for_block(struct dm_verity *v, struct dm_verity_io *io,
author	Gilad Ben-Yossef <gilad@benyossef.com>	2017-02-19 07:46:07 -0500
committer	Mike Snitzer <snitzer@redhat.com>	2017-04-24 15:37:04 -0400
commit	d1ac3ff008fb9a48f91fc15920b4c8db24c0f03e (patch)
tree	564a6181d22925a9dfc25eb7c69af735a0f6c399
parent	a1b89132dc4f61071bdeaab92ea958e0953380a1 (diff)

diff --git a/drivers/md/dm-verity-fec.c b/drivers/md/dm-verity-fec.c index 0f0eb8a3d922..dab98fee0754 100644 --- a/drivers/md/dm-verity-fec.c +++ b/drivers/md/dm-verity-fec.c
@@ -188,7 +188,7 @@ error:
188	static int fec_is_erasure(struct dm_verity v, struct dm_verity_io io,	188	static int fec_is_erasure(struct dm_verity v, struct dm_verity_io io,
189	u8 want_digest, u8 data)	189	u8 want_digest, u8 data)
190	{	190	{
191	if (unlikely(verity_hash(v, verity_io_hash_desc(v, io),	191	if (unlikely(verity_hash(v, verity_io_hash_req(v, io),
192	data, 1 << v->data_dev_block_bits,	192	data, 1 << v->data_dev_block_bits,
193	verity_io_real_digest(v, io))))	193	verity_io_real_digest(v, io))))
194	return 0;	194	return 0;
@@ -397,7 +397,7 @@ static int fec_decode_rsb(struct dm_verity v, struct dm_verity_io io,
397	}	397	}
398		398
399	/* Always re-validate the corrected block against the expected hash */	399	/* Always re-validate the corrected block against the expected hash */
400	r = verity_hash(v, verity_io_hash_desc(v, io), fio->output,	400	r = verity_hash(v, verity_io_hash_req(v, io), fio->output,
401	1 << v->data_dev_block_bits,	401	1 << v->data_dev_block_bits,
402	verity_io_real_digest(v, io));	402	verity_io_real_digest(v, io));
403	if (unlikely(r < 0))	403	if (unlikely(r < 0))


diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c index 7335d8a3fc47..97de961a3bfc 100644 --- a/drivers/md/dm-verity-target.c +++ b/drivers/md/dm-verity-target.c
@@ -93,81 +93,123 @@ static sector_t verity_position_at_level(struct dm_verity *v, sector_t block,
93	}	93	}
94		94
95	/*	95	/*
96	* Wrapper for crypto_shash_init, which handles verity salting.	96	* Callback function for asynchrnous crypto API completion notification
97	*/	97	*/
98	static int verity_hash_init(struct dm_verity v, struct shash_desc desc)	98	static void verity_op_done(struct crypto_async_request *base, int err)
99	{	99	{
100	int r;	100	struct verity_result res = (struct verity_result )base->data;
101		101
102	desc->tfm = v->tfm;	102	if (err == -EINPROGRESS)
103	desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;	103	return;
104		104
105	r = crypto_shash_init(desc);	105	res->err = err;
		106	complete(&res->completion);
		107	}
106		108
107	if (unlikely(r < 0)) {	109	/*
108	DMERR("crypto_shash_init failed: %d", r);	110	* Wait for async crypto API callback
109	return r;	111	*/
110	}	112	static inline int verity_complete_op(struct verity_result *res, int ret)
		113	{
		114	switch (ret) {
		115	case 0:
		116	break;
111		117
112	if (likely(v->version >= 1)) {	118	case -EINPROGRESS:
113	r = crypto_shash_update(desc, v->salt, v->salt_size);	119	case -EBUSY:
		120	ret = wait_for_completion_interruptible(&res->completion);
		121	if (!ret)
		122	ret = res->err;
		123	reinit_completion(&res->completion);
		124	break;
114		125
115	if (unlikely(r < 0)) {	126	default:
116	DMERR("crypto_shash_update failed: %d", r);	127	DMERR("verity_wait_hash: crypto op submission failed: %d", ret);
117	return r;
118	}
119	}	128	}
120		129
121	return 0;	130	if (unlikely(ret < 0))
		131	DMERR("verity_wait_hash: crypto op failed: %d", ret);
		132
		133	return ret;
122	}	134	}
123		135
124	static int verity_hash_update(struct dm_verity v, struct shash_desc desc,	136	static int verity_hash_update(struct dm_verity v, struct ahash_request req,
125	const u8 *data, size_t len)	137	const u8 *data, size_t len,
		138	struct verity_result *res)
126	{	139	{
127	int r = crypto_shash_update(desc, data, len);	140	struct scatterlist sg;
128		141
129	if (unlikely(r < 0))	142	sg_init_one(&sg, data, len);
130	DMERR("crypto_shash_update failed: %d", r);	143	ahash_request_set_crypt(req, &sg, NULL, len);
		144
		145	return verity_complete_op(res, crypto_ahash_update(req));
		146	}
		147
		148	/*
		149	* Wrapper for crypto_ahash_init, which handles verity salting.
		150	*/
		151	static int verity_hash_init(struct dm_verity v, struct ahash_request req,
		152	struct verity_result *res)
		153	{
		154	int r;
		155
		156	ahash_request_set_tfm(req, v->tfm);
		157	ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP \|
		158	CRYPTO_TFM_REQ_MAY_BACKLOG,
		159	verity_op_done, (void *)res);
		160	init_completion(&res->completion);
		161
		162	r = verity_complete_op(res, crypto_ahash_init(req));
		163
		164	if (unlikely(r < 0)) {
		165	DMERR("crypto_ahash_init failed: %d", r);
		166	return r;
		167	}
		168
		169	if (likely(v->version >= 1))
		170	r = verity_hash_update(v, req, v->salt, v->salt_size, res);
131		171
132	return r;	172	return r;
133	}	173	}
134		174
135	static int verity_hash_final(struct dm_verity v, struct shash_desc desc,	175	static int verity_hash_final(struct dm_verity v, struct ahash_request req,
136	u8 *digest)	176	u8 digest, struct verity_result res)
137	{	177	{
138	int r;	178	int r;
139		179
140	if (unlikely(!v->version)) {	180	if (unlikely(!v->version)) {
141	r = crypto_shash_update(desc, v->salt, v->salt_size);	181	r = verity_hash_update(v, req, v->salt, v->salt_size, res);
142		182
143	if (r < 0) {	183	if (r < 0) {
144	DMERR("crypto_shash_update failed: %d", r);	184	DMERR("verity_hash_final failed updating salt: %d", r);
145	return r;	185	goto out;
146	}	186	}
147	}	187	}
148		188
149	r = crypto_shash_final(desc, digest);	189	ahash_request_set_crypt(req, NULL, digest, 0);
150		190	r = verity_complete_op(res, crypto_ahash_final(req));
151	if (unlikely(r < 0))	191	out:
152	DMERR("crypto_shash_final failed: %d", r);
153
154	return r;	192	return r;
155	}	193	}
156		194
157	int verity_hash(struct dm_verity v, struct shash_desc desc,	195	int verity_hash(struct dm_verity v, struct ahash_request req,
158	const u8 data, size_t len, u8 digest)	196	const u8 data, size_t len, u8 digest)
159	{	197	{
160	int r;	198	int r;
		199	struct verity_result res;
161		200
162	r = verity_hash_init(v, desc);	201	r = verity_hash_init(v, req, &res);
163	if (unlikely(r < 0))	202	if (unlikely(r < 0))
164	return r;	203	goto out;
165		204
166	r = verity_hash_update(v, desc, data, len);	205	r = verity_hash_update(v, req, data, len, &res);
167	if (unlikely(r < 0))	206	if (unlikely(r < 0))
168	return r;	207	goto out;
		208
		209	r = verity_hash_final(v, req, digest, &res);
169		210
170	return verity_hash_final(v, desc, digest);	211	out:
		212	return r;
171	}	213	}
172		214
173	static void verity_hash_at_level(struct dm_verity *v, sector_t block, int level,	215	static void verity_hash_at_level(struct dm_verity *v, sector_t block, int level,
@@ -275,7 +317,7 @@ static int verity_verify_level(struct dm_verity v, struct dm_verity_io io,
275	goto release_ret_r;	317	goto release_ret_r;
276	}	318	}
277		319
278	r = verity_hash(v, verity_io_hash_desc(v, io),	320	r = verity_hash(v, verity_io_hash_req(v, io),
279	data, 1 << v->hash_dev_block_bits,	321	data, 1 << v->hash_dev_block_bits,
280	verity_io_real_digest(v, io));	322	verity_io_real_digest(v, io));
281	if (unlikely(r < 0))	323	if (unlikely(r < 0))
@@ -344,6 +386,49 @@ out:
344	}	386	}
345		387
346	/*	388	/*
		389	* Calculates the digest for the given bio
		390	*/
		391	int verity_for_io_block(struct dm_verity v, struct dm_verity_io io,
		392	struct bvec_iter iter, struct verity_result res)
		393	{
		394	unsigned int todo = 1 << v->data_dev_block_bits;
		395	struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size);
		396	struct scatterlist sg;
		397	struct ahash_request *req = verity_io_hash_req(v, io);
		398
		399	do {
		400	int r;
		401	unsigned int len;
		402	struct bio_vec bv = bio_iter_iovec(bio, *iter);
		403
		404	sg_init_table(&sg, 1);
		405
		406	len = bv.bv_len;
		407
		408	if (likely(len >= todo))
		409	len = todo;
		410	/*
		411	* Operating on a single page at a time looks suboptimal
		412	* until you consider the typical block size is 4,096B.
		413	* Going through this loops twice should be very rare.
		414	*/
		415	sg_set_page(&sg, bv.bv_page, len, bv.bv_offset);
		416	ahash_request_set_crypt(req, &sg, NULL, len);
		417	r = verity_complete_op(res, crypto_ahash_update(req));
		418
		419	if (unlikely(r < 0)) {
		420	DMERR("verity_for_io_block crypto op failed: %d", r);
		421	return r;
		422	}
		423
		424	bio_advance_iter(bio, iter, len);
		425	todo -= len;
		426	} while (todo);
		427
		428	return 0;
		429	}
		430
		431	/*
347	* Calls function process for 1 << v->data_dev_block_bits bytes in the bio_vec	432	* Calls function process for 1 << v->data_dev_block_bits bytes in the bio_vec
348	* starting from iter.	433	* starting from iter.
349	*/	434	*/
@@ -381,12 +466,6 @@ int verity_for_bv_block(struct dm_verity v, struct dm_verity_io io,
381	return 0;	466	return 0;
382	}	467	}
383		468
384	static int verity_bv_hash_update(struct dm_verity v, struct dm_verity_io io,
385	u8 *data, size_t len)
386	{
387	return verity_hash_update(v, verity_io_hash_desc(v, io), data, len);
388	}
389
390	static int verity_bv_zero(struct dm_verity v, struct dm_verity_io io,	469	static int verity_bv_zero(struct dm_verity v, struct dm_verity_io io,
391	u8 *data, size_t len)	470	u8 *data, size_t len)
392	{	471	{
@@ -403,10 +482,11 @@ static int verity_verify_io(struct dm_verity_io *io)
403	struct dm_verity *v = io->v;	482	struct dm_verity *v = io->v;
404	struct bvec_iter start;	483	struct bvec_iter start;
405	unsigned b;	484	unsigned b;
		485	struct verity_result res;
406		486
407	for (b = 0; b < io->n_blocks; b++) {	487	for (b = 0; b < io->n_blocks; b++) {
408	int r;	488	int r;
409	struct shash_desc *desc = verity_io_hash_desc(v, io);	489	struct ahash_request *req = verity_io_hash_req(v, io);
410		490
411	r = verity_hash_for_block(v, io, io->block + b,	491	r = verity_hash_for_block(v, io, io->block + b,
412	verity_io_want_digest(v, io),	492	verity_io_want_digest(v, io),
@@ -427,16 +507,17 @@ static int verity_verify_io(struct dm_verity_io *io)
427	continue;	507	continue;
428	}	508	}
429		509
430	r = verity_hash_init(v, desc);	510	r = verity_hash_init(v, req, &res);
431	if (unlikely(r < 0))	511	if (unlikely(r < 0))
432	return r;	512	return r;
433		513
434	start = io->iter;	514	start = io->iter;
435	r = verity_for_bv_block(v, io, &io->iter, verity_bv_hash_update);	515	r = verity_for_io_block(v, io, &io->iter, &res);
436	if (unlikely(r < 0))	516	if (unlikely(r < 0))
437	return r;	517	return r;
438		518
439	r = verity_hash_final(v, desc, verity_io_real_digest(v, io));	519	r = verity_hash_final(v, req, verity_io_real_digest(v, io),
		520	&res);
440	if (unlikely(r < 0))	521	if (unlikely(r < 0))
441	return r;	522	return r;
442		523
@@ -705,7 +786,7 @@ static void verity_dtr(struct dm_target *ti)
705	kfree(v->zero_digest);	786	kfree(v->zero_digest);
706		787
707	if (v->tfm)	788	if (v->tfm)
708	crypto_free_shash(v->tfm);	789	crypto_free_ahash(v->tfm);
709		790
710	kfree(v->alg_name);	791	kfree(v->alg_name);
711		792
@@ -723,7 +804,7 @@ static void verity_dtr(struct dm_target *ti)
723	static int verity_alloc_zero_digest(struct dm_verity *v)	804	static int verity_alloc_zero_digest(struct dm_verity *v)
724	{	805	{
725	int r = -ENOMEM;	806	int r = -ENOMEM;
726	struct shash_desc *desc;	807	struct ahash_request *req;
727	u8 *zero_data;	808	u8 *zero_data;
728		809
729	v->zero_digest = kmalloc(v->digest_size, GFP_KERNEL);	810	v->zero_digest = kmalloc(v->digest_size, GFP_KERNEL);
@@ -731,9 +812,9 @@ static int verity_alloc_zero_digest(struct dm_verity *v)
731	if (!v->zero_digest)	812	if (!v->zero_digest)
732	return r;	813	return r;
733		814
734	desc = kmalloc(v->shash_descsize, GFP_KERNEL);	815	req = kmalloc(v->ahash_reqsize, GFP_KERNEL);
735		816
736	if (!desc)	817	if (!req)
737	return r; /* verity_dtr will free zero_digest */	818	return r; /* verity_dtr will free zero_digest */
738		819
739	zero_data = kzalloc(1 << v->data_dev_block_bits, GFP_KERNEL);	820	zero_data = kzalloc(1 << v->data_dev_block_bits, GFP_KERNEL);
@@ -741,11 +822,11 @@ static int verity_alloc_zero_digest(struct dm_verity *v)
741	if (!zero_data)	822	if (!zero_data)
742	goto out;	823	goto out;
743		824
744	r = verity_hash(v, desc, zero_data, 1 << v->data_dev_block_bits,	825	r = verity_hash(v, req, zero_data, 1 << v->data_dev_block_bits,
745	v->zero_digest);	826	v->zero_digest);
746		827
747	out:	828	out:
748	kfree(desc);	829	kfree(req);
749	kfree(zero_data);	830	kfree(zero_data);
750		831
751	return r;	832	return r;
@@ -923,21 +1004,21 @@ static int verity_ctr(struct dm_target ti, unsigned argc, char *argv)
923	goto bad;	1004	goto bad;
924	}	1005	}
925		1006
926	v->tfm = crypto_alloc_shash(v->alg_name, 0, 0);	1007	v->tfm = crypto_alloc_ahash(v->alg_name, 0, 0);
927	if (IS_ERR(v->tfm)) {	1008	if (IS_ERR(v->tfm)) {
928	ti->error = "Cannot initialize hash function";	1009	ti->error = "Cannot initialize hash function";
929	r = PTR_ERR(v->tfm);	1010	r = PTR_ERR(v->tfm);
930	v->tfm = NULL;	1011	v->tfm = NULL;
931	goto bad;	1012	goto bad;
932	}	1013	}
933	v->digest_size = crypto_shash_digestsize(v->tfm);	1014	v->digest_size = crypto_ahash_digestsize(v->tfm);
934	if ((1 << v->hash_dev_block_bits) < v->digest_size * 2) {	1015	if ((1 << v->hash_dev_block_bits) < v->digest_size * 2) {
935	ti->error = "Digest size too big";	1016	ti->error = "Digest size too big";
936	r = -EINVAL;	1017	r = -EINVAL;
937	goto bad;	1018	goto bad;
938	}	1019	}
939	v->shash_descsize =	1020	v->ahash_reqsize = sizeof(struct ahash_request) +
940	sizeof(struct shash_desc) + crypto_shash_descsize(v->tfm);	1021	crypto_ahash_reqsize(v->tfm);
941		1022
942	v->root_digest = kmalloc(v->digest_size, GFP_KERNEL);	1023	v->root_digest = kmalloc(v->digest_size, GFP_KERNEL);
943	if (!v->root_digest) {	1024	if (!v->root_digest) {
@@ -1037,7 +1118,7 @@ static int verity_ctr(struct dm_target ti, unsigned argc, char *argv)
1037	}	1118	}
1038		1119
1039	ti->per_io_data_size = sizeof(struct dm_verity_io) +	1120	ti->per_io_data_size = sizeof(struct dm_verity_io) +
1040	v->shash_descsize + v->digest_size * 2;	1121	v->ahash_reqsize + v->digest_size * 2;
1041		1122
1042	r = verity_fec_ctr(v);	1123	r = verity_fec_ctr(v);
1043	if (r)	1124	if (r)


diff --git a/drivers/md/dm-verity.h b/drivers/md/dm-verity.h index fb419f422d73..a59e0ada6fd3 100644 --- a/drivers/md/dm-verity.h +++ b/drivers/md/dm-verity.h
@@ -37,7 +37,7 @@ struct dm_verity {
37	struct dm_target *ti;	37	struct dm_target *ti;
38	struct dm_bufio_client *bufio;	38	struct dm_bufio_client *bufio;
39	char *alg_name;	39	char *alg_name;
40	struct crypto_shash *tfm;	40	struct crypto_ahash *tfm;
41	u8 root_digest; / digest of the root block */	41	u8 root_digest; / digest of the root block */
42	u8 salt; / salt: its size is salt_size */	42	u8 salt; / salt: its size is salt_size */
43	u8 zero_digest; / digest for a zero block */	43	u8 zero_digest; / digest for a zero block */
@@ -52,7 +52,7 @@ struct dm_verity {
52	unsigned char levels; /* the number of tree levels */	52	unsigned char levels; /* the number of tree levels */
53	unsigned char version;	53	unsigned char version;
54	unsigned digest_size; /* digest size for the current hash algorithm */	54	unsigned digest_size; /* digest size for the current hash algorithm */
55	unsigned shash_descsize;/* the size of temporary space for crypto */	55	unsigned int ahash_reqsize;/* the size of temporary space for crypto */
56	int hash_failed; /* set to 1 if hash of any block failed */	56	int hash_failed; /* set to 1 if hash of any block failed */
57	enum verity_mode mode; /* mode for handling verification errors */	57	enum verity_mode mode; /* mode for handling verification errors */
58	unsigned corrupted_errs;/* Number of errors for corrupted blocks */	58	unsigned corrupted_errs;/* Number of errors for corrupted blocks */
@@ -81,31 +81,36 @@ struct dm_verity_io {
81	/*	81	/*
82	* Three variably-size fields follow this struct:	82	* Three variably-size fields follow this struct:
83	*	83	*
84	* u8 hash_desc[v->shash_descsize];	84	* u8 hash_req[v->ahash_reqsize];
85	* u8 real_digest[v->digest_size];	85	* u8 real_digest[v->digest_size];
86	* u8 want_digest[v->digest_size];	86	* u8 want_digest[v->digest_size];
87	*	87	*
88	* To access them use: verity_io_hash_desc(), verity_io_real_digest()	88	* To access them use: verity_io_hash_req(), verity_io_real_digest()
89	* and verity_io_want_digest().	89	* and verity_io_want_digest().
90	*/	90	*/
91	};	91	};
92		92
93	static inline struct shash_desc verity_io_hash_desc(struct dm_verity v,	93	struct verity_result {
		94	struct completion completion;
		95	int err;
		96	};
		97
		98	static inline struct ahash_request verity_io_hash_req(struct dm_verity v,
94	struct dm_verity_io *io)	99	struct dm_verity_io *io)
95	{	100	{
96	return (struct shash_desc *)(io + 1);	101	return (struct ahash_request *)(io + 1);
97	}	102	}
98		103
99	static inline u8 verity_io_real_digest(struct dm_verity v,	104	static inline u8 verity_io_real_digest(struct dm_verity v,
100	struct dm_verity_io *io)	105	struct dm_verity_io *io)
101	{	106	{
102	return (u8 *)(io + 1) + v->shash_descsize;	107	return (u8 *)(io + 1) + v->ahash_reqsize;
103	}	108	}
104		109
105	static inline u8 verity_io_want_digest(struct dm_verity v,	110	static inline u8 verity_io_want_digest(struct dm_verity v,
106	struct dm_verity_io *io)	111	struct dm_verity_io *io)
107	{	112	{
108	return (u8 *)(io + 1) + v->shash_descsize + v->digest_size;	113	return (u8 *)(io + 1) + v->ahash_reqsize + v->digest_size;
109	}	114	}
110		115
111	static inline u8 verity_io_digest_end(struct dm_verity v,	116	static inline u8 verity_io_digest_end(struct dm_verity v,
@@ -120,7 +125,7 @@ extern int verity_for_bv_block(struct dm_verity v, struct dm_verity_io io,
120	struct dm_verity_io *io,	125	struct dm_verity_io *io,
121	u8 *data, size_t len));	126	u8 *data, size_t len));
122		127
123	extern int verity_hash(struct dm_verity v, struct shash_desc desc,	128	extern int verity_hash(struct dm_verity v, struct ahash_request req,
124	const u8 data, size_t len, u8 digest);	129	const u8 data, size_t len, u8 digest);
125		130
126	extern int verity_hash_for_block(struct dm_verity v, struct dm_verity_io io,	131	extern int verity_hash_for_block(struct dm_verity v, struct dm_verity_io io,