Re: [PATCH] dm: remake of the verity target

From: Will Drewry
Date: Wed Mar 14 2012 - 17:13:28 EST


Hi Mikulas,

This is a nice rewrite and takes advantage of your dm-bufio layer. I
wish it'd existed (and or we wrote it :) in 2009 when we started this
work! Some comments below:

On Tue, Mar 13, 2012 at 5:20 PM, Mikulas Patocka <mpatocka@xxxxxxxxxx> wrote:
> Hi
>
>> Hi Mikulus,
>>
>> This is some nice work. I like that you've been able to abstract a lot
>> of the hash buffer management with dm-bufio. You got rid of the I/O queue.
>> I've been meaning to do that for a while. The prefetch is also nice.
>> We planned to do this but I decided to not do it now in order to get the
>> base functionality in:
>>
>> http://crosbug.com/25441
>>
>> However, there are some things that I don't like. I don't like comments
>> either but you have none. You also removed our documentation. You are
>
> I added some comments. As for documentation, it's OK to use documentation
> from your patch because the on-disk format and the target arguments are
> the same (with an enhancement that my code supports different data and
> metadata bock size and it has variable-length salt).

Sounds good.

>> allocated a complete shash_desc per I/O. We only allocate one per CPU.
>
> The hash of 4k block takes 174000 cycles. So trying to optimize
> memory latency that is about 250 cycles doesn't make much sense.
>
> I actually observed better performance using verity on ramdisk with
> workqueue unbound to specific CPUs. The reason is that the ramdisk bio
> completion routine is always run on the same CPU (that one that submitted
> the request), so with bound workqueue, everything was executing on one
> CPU. With unbound workqueue, I got parallelism.
>
>> We short-circuit the hash at any level. Your implementation can only
>> shirt circuit at the lowest level.
>
> It short-circuits hash at all levels. If the function
> "verity_verify_level" finds out that "aux->hash_verified" is non-zero, it
> doesn't do any hashing, it just copies the hash for the lower level. My
> implementation walks the tree from the top to the bottom, but it doesn't
> do hash verification if the same block has been verified before.
>
> All this tree-walking from the root to the bottom is 50-times faster than
> the actual hashing of the data block (I measured that), so there's not
> much point in trying to optimize it. I did a simple optimization (don't
> walk the tree if the lowest block is already verified) and I don't need to
> do anything complicated given the fact that it can't improve more than by
> 2%.

All we'd done was reverse the walk (we've had it both ways now :),
nothing complicated, but I don't think it's a problem.

>> I'd like to propose that we get the version we sent upstream and then work
>> together on adding some of your enhancements incrementally.
>
> If you add dm-bufio support, you end up deleting majority of the original
> code anyway. That's why I wrote it from scratch and that's why I didn't
> attempt to morph your code.
>
> It's simpler to write the code from scratch and it is also less bug-prone.
>
>> Other than
>> the changes we've made to cleanup for upstreaming, the version I
>> submitted is the code we are using in production.
>>
>> I'm happy to add prefetch now if that is required for merging.
>>
>> What do you think?
>>
>> Regards,
>> Mandeep
>
> This is the version with comments added:
>
> Mikulas
>
> ----
>
> Remake of the google dm-verity patch.
>
> Signed-off-by: Mikulas Patocka <mpatocka@xxxxxxxxxx>
>
> ---
>  drivers/md/Kconfig     |   17
>  drivers/md/Makefile    |    1
>  drivers/md/dm-verity.c |  851 +++++++++++++++++++++++++++++++++++++++++++++++++
>  3 files changed, 869 insertions(+)
>
> Index: linux-3.3-rc6-fast/drivers/md/Kconfig
> ===================================================================
> --- linux-3.3-rc6-fast.orig/drivers/md/Kconfig  2012-03-13 21:46:03.000000000 +0100
> +++ linux-3.3-rc6-fast/drivers/md/Kconfig       2012-03-13 21:46:05.000000000 +0100
> @@ -404,4 +404,21 @@ config DM_VERITY2
>
>           If unsure, say N.
>
> +config DM_VERITY
> +       tristate "Verity target support"
> +       depends on BLK_DEV_DM
> +       select CRYPTO
> +       select CRYPTO_HASH
> +       select DM_BUFIO
> +       ---help---
> +         This device-mapper target allows you to create a device that
> +         transparently integrity checks the data on it. You'll need to
> +         activate the digests you're going to use in the cryptoapi
> +         configuration.
> +
> +         To compile this code as a module, choose M here: the module will
> +         be called dm-verity.
> +
> +         If unsure, say N.
> +
>  endif # MD
> Index: linux-3.3-rc6-fast/drivers/md/Makefile
> ===================================================================
> --- linux-3.3-rc6-fast.orig/drivers/md/Makefile 2012-03-13 21:46:03.000000000 +0100
> +++ linux-3.3-rc6-fast/drivers/md/Makefile      2012-03-13 21:46:05.000000000 +0100
> @@ -29,6 +29,7 @@ obj-$(CONFIG_MD_FAULTY)               += faulty.o
>  obj-$(CONFIG_BLK_DEV_MD)       += md-mod.o
>  obj-$(CONFIG_BLK_DEV_DM)       += dm-mod.o
>  obj-$(CONFIG_DM_BUFIO)         += dm-bufio.o
> +obj-$(CONFIG_DM_VERITY)                += dm-verity.o
>  obj-$(CONFIG_DM_CRYPT)         += dm-crypt.o
>  obj-$(CONFIG_DM_DELAY)         += dm-delay.o
>  obj-$(CONFIG_DM_FLAKEY)                += dm-flakey.o
> Index: linux-3.3-rc6-fast/drivers/md/dm-verity.c
> ===================================================================
> --- /dev/null   1970-01-01 00:00:00.000000000 +0000
> +++ linux-3.3-rc6-fast/drivers/md/dm-verity.c   2012-03-13 22:02:05.000000000 +0100
> @@ -0,0 +1,851 @@
> +/*
> + * Copyright (C) 2012 Red Hat, Inc.
> + *
> + * Author: Mikulas Patocka <mpatocka@xxxxxxxxxx>
> + *
> + * Based on Chromium dm-verity driver (C) 2011 The Chromium OS Authors
> + *
> + * This file is released under the GPLv2.
> + *
> + * Device mapper target parameters:
> + *     <version>       0
> + *     <data device>
> + *     <hash device>
> + *     <hash start>    (typically 0)
> + *     <block size>    (typically 4096)
> + *     <algorithm>
> + *     <digest>
> + *     optional parameters:
> + *             <salt> (should have 32 bytes for compatibility with Google code)
> + *             <hash block size> (by default it is the same as data block size)
> + *
> + * In the file "/sys/module/dm_verity/parameters/prefetch_cluster" you can set
> + * default prefetch value. Data are read in "prefetch_cluster" chunks from the
> + * hash device. Prefetch cluster greatly improves performance when data and hash
> + * are on the same disk on different partitions.

... on different partitions on devices with poor random access behavior.

> + */
> +
> +#include <linux/module.h>
> +#include <linux/device-mapper.h>
> +#include <crypto/hash.h>
> +#include "dm-bufio.h"
> +
> +#define DM_MSG_PREFIX                  "verity"
> +
> +#define DM_VERITY_IO_VEC_INLINE                16
> +#define DM_VERITY_MEMPOOL_SIZE         4
> +#define DM_VERITY_DEFAULT_PREFETCH_SIZE        262144
> +
> +#define DM_VERITY_MAX_LEVELS           63
> +
> +static unsigned prefetch_cluster = DM_VERITY_DEFAULT_PREFETCH_SIZE;
> +
> +module_param_named(prefetch_cluster, prefetch_cluster, uint, S_IRUGO | S_IWUSR);
> +
> +struct dm_verity {
> +       struct dm_dev *data_dev;
> +       struct dm_dev *hash_dev;
> +       struct dm_target *ti;
> +       struct dm_bufio_client *bufio;
> +       char *alg_name;
> +       struct crypto_shash *tfm;
> +       u8 *root_digest;        /* digest of the root block */
> +       u8 *salt;               /* salt, its size is salt_size */
> +       unsigned salt_size;
> +       sector_t data_start;    /* data offset in 512-byte sectors */
> +       sector_t hash_start;    /* hash start in blocks */
> +       sector_t data_blocks;   /* the number of data blocks */
> +       sector_t hash_blocks;   /* the number of hash blocks */
> +       unsigned char data_dev_block_bits;      /* log2(data blocksize) */
> +       unsigned char hash_dev_block_bits;      /* log2(hash blocksize) */
> +       unsigned char hash_per_block_bits;      /* log2(hashes in hash block) */
> +       unsigned char levels;   /* the number of tree levels */
> +       unsigned digest_size;   /* digest size for the current hash algorithm */
> +       unsigned shash_descsize;/* the size of temporary space for crypto */
> +
> +       mempool_t *io_mempool;  /* mempool of struct dm_verity_io */
> +       mempool_t *vec_mempool; /* mempool of bio vector */
> +
> +       struct workqueue_struct *verify_wq;
> +
> +       /* starting blocks for each tree level. 0 is the lowest level. */
> +       sector_t hash_level_block[DM_VERITY_MAX_LEVELS];
> +};
> +
> +struct dm_verity_io {
> +       struct dm_verity *v;
> +       struct bio *bio;
> +
> +       /* original values of bio->bi_end_io and bio->bi_private */
> +       bio_end_io_t *orig_bi_end_io;
> +       void *orig_bi_private;
> +
> +       sector_t block;
> +       unsigned n_blocks;
> +
> +       /* saved bio vector */
> +       struct bio_vec *io_vec;
> +       unsigned io_vec_size;
> +
> +       struct work_struct work;
> +
> +       /* a space for short vectors; longer vectors are allocated separately */
> +       struct bio_vec io_vec_inline[DM_VERITY_IO_VEC_INLINE];
> +
> +       /* variable-size fields, accessible with functions
> +               io_hash_desc, io_real_digest, io_want_digest */
> +       /* u8 hash_desc[crypto_shash_descsize(v->tfm)]; */
> +       /* u8 real_digest[v->digest_size]; */
> +       /* u8 want_digest[v->digest_size]; */
> +};
> +
> +static struct shash_desc *io_hash_desc(struct dm_verity *v, struct dm_verity_io *io)
> +{
> +       return (struct shash_desc *)(io + 1);
> +}
> +
> +static u8 *io_real_digest(struct dm_verity *v, struct dm_verity_io *io)
> +{
> +       return (u8 *)(io + 1) + v->shash_descsize;
> +}
> +
> +static u8 *io_want_digest(struct dm_verity *v, struct dm_verity_io *io)
> +{
> +       return (u8 *)(io + 1) + v->shash_descsize + v->digest_size;
> +}
> +
> +/*
> + * Auxiliary structure appended to each dm-bufio buffer. If the value
> + * hash_verified is nonzero, hash of the block has been verified.
> + *
> + * There is no lock around this value, a race condition can at worst cause
> + * that multiple processes verify the hash of the same buffer simultaneously.
> + * This condition is harmless, so we don't need locking.
> + */

Might be worth clarifying that no consumer will ever write a 0 value
to the hash_verified field after dm_bufio_alloc_callback, as that is
the critical constraint. It's what makes lockless/atomic-less access
acceptable. As you say, the worst case you over verify or you
over-write.

bufio is nice for this use since it encapsulates the need for the
atomic state transitions we were using in our module to stay
lock-free.

> +struct buffer_aux {
> +       int hash_verified;
> +};
> +
> +/*
> + * Initialize struct buffer_aux for a freshly created buffer.
> + */
> +static void dm_bufio_alloc_callback(struct dm_buffer *buf)
> +{
> +       struct buffer_aux *aux = dm_bufio_get_aux_data(buf);
> +       aux->hash_verified = 0;
> +}
> +
> +/*
> + * Translate input sector number to the sector number on the target device.
> + */
> +static sector_t verity_map_sector(struct dm_verity *v, sector_t bi_sector)
> +{
> +       return v->data_start + dm_target_offset(v->ti, bi_sector);
> +}
> +
> +/*
> + * Return hash position of a specified block at a specified tree level
> + * (0 is the lowest level).
> + * The lowest "hash_per_block_bits"-bits of the result denote hash position
> + * inside a hash block. The remaining bits denode location of the hash block.

s/denode/denote/

> + */
> +static sector_t verity_position_at_level(struct dm_verity *v, sector_t block,
> +                                        int level)
> +{
> +       return block >> (level * v->hash_per_block_bits);
> +}
> +
> +static void verity_hash_at_level(struct dm_verity *v, sector_t block, int level,
> +                                sector_t *hash_block, unsigned *offset)
> +{
> +       sector_t position = verity_position_at_level(v, block, level);
> +
> +       *hash_block = v->hash_level_block[level] + (position >> v->hash_per_block_bits);
> +       if (offset)
> +               *offset = v->digest_size * (position & ((1 << v->hash_per_block_bits) - 1));
> +}
> +
> +/*
> + * Verify hash of a metadata block pertaining to the specified data block
> + * ("block" argument) at a specified level ("level" argument).
> + *
> + * On successful return, io_want_digest(v, io) contains the hash value for
> + * a lower tree level or for the data block (if we're at the lowest leve).
> + *
> + * If "skip_unverified" is true, unverified buffer is skipped an 1 is returned.
> + * If "skip_unverified" is false, unverified buffer is hashed and verified
> + * against current value of io_want_digest(v, io).
> + */
> +static int verity_verify_level(struct dm_verity_io *io, sector_t block,
> +                              int level, bool skip_unverified)
> +{
> +       struct dm_verity *v = io->v;
> +       struct dm_buffer *buf;
> +       struct buffer_aux *aux;
> +       u8 *data;
> +       int r;
> +       sector_t hash_block;
> +       unsigned offset;
> +
> +       verity_hash_at_level(v, block, level, &hash_block, &offset);
> +
> +       data = dm_bufio_read(v->bufio, hash_block, &buf);
> +       if (unlikely(IS_ERR(data)))
> +               return PTR_ERR(data);
> +
> +       aux = dm_bufio_get_aux_data(buf);
> +
> +       if (!aux->hash_verified) {
> +               struct shash_desc *desc;
> +               u8 *result;
> +
> +               if (skip_unverified) {
> +                       r = 1;
> +                       goto release_ret_r;
> +               }
> +
> +               desc = io_hash_desc(v, io);
> +               desc->tfm = v->tfm;
> +               desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
> +               r = crypto_shash_init(desc);
> +               if (r < 0) {
> +                       DMERR("crypto_shash_init failed: %d", r);
> +                       goto release_ret_r;
> +               }
> +
> +               r = crypto_shash_update(desc, data, 1 << v->hash_dev_block_bits);
> +               if (r < 0) {
> +                       DMERR("crypto_shash_update failed: %d", r);
> +                       goto release_ret_r;
> +               }
> +
> +               r = crypto_shash_update(desc, v->salt, v->salt_size);
> +               if (r < 0) {
> +                       DMERR("crypto_shash_update failed: %d", r);
> +                       goto release_ret_r;
> +               }
> +
> +               result = io_real_digest(v, io);
> +               r = crypto_shash_final(desc, result);
> +               if (r < 0) {
> +                       DMERR("crypto_shash_final failed: %d", r);
> +                       goto release_ret_r;
> +               }
> +               if (unlikely(memcmp(result, io_want_digest(v, io), v->digest_size))) {
> +                       DMERR_LIMIT("metadata block %llu is corrupted",
> +                               (unsigned long long)hash_block);
> +                       r = -EIO;
> +                       goto release_ret_r;
> +               } else
> +                       aux->hash_verified = 1;
> +       }
> +
> +       data += offset;
> +
> +       memcpy(io_want_digest(v, io), data, v->digest_size);
> +
> +       dm_bufio_release(buf);
> +       return 0;
> +
> +release_ret_r:
> +       dm_bufio_release(buf);
> +       return r;
> +}
> +
> +/*
> + * Verify one "dm_verity_io" structure.
> + */
> +static int verity_verify_io(struct dm_verity_io *io)
> +{
> +       struct dm_verity *v = io->v;
> +       unsigned b;
> +       int i;
> +       unsigned vector = 0, offset = 0;
> +       for (b = 0; b < io->n_blocks; b++) {
> +               struct shash_desc *desc;
> +               u8 *result;
> +               int r;
> +               unsigned todo;
> +
> +               if (likely(v->levels)) {
> +                       /*
> +                        * First, we try to get the requested hash for
> +                        * the current block. If the hash block itself is
> +                        * verified, zero is returned. If it isn't, this
> +                        * function returns 0 and we fall back to whole
> +                        * chain verification.
> +                        */
> +                       int r = verity_verify_level(io, io->block + b, 0, true);
> +                       if (likely(!r))
> +                               goto test_block_hash;
> +                       if (r < 0)
> +                               return r;
> +               }
> +
> +               memcpy(io_want_digest(v, io), v->root_digest, v->digest_size);
> +
> +               for (i = v->levels - 1; i >= 0; i--) {
> +                       int r = verity_verify_level(io, io->block + b, i, false);
> +                       if (unlikely(r))
> +                               return r;
> +               }
> +
> +test_block_hash:
> +               desc = io_hash_desc(v, io);
> +               desc->tfm = v->tfm;
> +               desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
> +               r = crypto_shash_init(desc);
> +               if (r < 0) {
> +                       DMERR("crypto_shash_init failed: %d", r);
> +                       return r;
> +               }
> +
> +               todo = 1 << v->data_dev_block_bits;
> +               do {
> +                       struct bio_vec *bv;
> +                       u8 *page;
> +                       unsigned len;
> +
> +                       BUG_ON(vector >= io->io_vec_size);
> +                       bv = &io->io_vec[vector];
> +                       page = kmap_atomic(bv->bv_page, KM_USER0);
> +                       len = bv->bv_len - offset;
> +                       if (likely(len >= todo))
> +                               len = todo;
> +                       r = crypto_shash_update(desc,
> +                                       page + bv->bv_offset + offset, len);
> +                       kunmap_atomic(page, KM_USER0);
> +                       if (r < 0) {
> +                               DMERR("crypto_shash_update failed: %d", r);
> +                               return r;
> +                       }
> +                       offset += len;
> +                       if (likely(offset == bv->bv_len)) {
> +                               offset = 0;
> +                               vector++;
> +                       }
> +                       todo -= len;
> +               } while (todo);
> +
> +               r = crypto_shash_update(desc, v->salt, v->salt_size);
> +               if (r < 0) {
> +                       DMERR("crypto_shash_update failed: %d", r);
> +                       return r;
> +               }
> +
> +               result = io_real_digest(v, io);
> +               r = crypto_shash_final(desc, result);
> +               if (r < 0) {
> +                       DMERR("crypto_shash_final failed: %d", r);
> +                       return r;
> +               }
> +               if (unlikely(memcmp(result, io_want_digest(v, io), v->digest_size))) {
> +                       DMERR_LIMIT("data block %llu is corrupted",
> +                               (unsigned long long)(io->block + b));
> +                       return -EIO;
> +               }
> +       }
> +       BUG_ON(vector != io->io_vec_size);
> +       BUG_ON(offset);
> +       return 0;
> +}
> +
> +/*
> + * End one "io" structure with a given error.
> + */
> +static void verity_finish_io(struct dm_verity_io *io, int error)
> +{
> +       struct bio *bio = io->bio;
> +       struct dm_verity *v = io->v;
> +
> +       bio->bi_end_io = io->orig_bi_end_io;
> +       bio->bi_private = io->orig_bi_private;
> +
> +       if (io->io_vec != io->io_vec_inline)
> +               mempool_free(io->io_vec, v->vec_mempool);
> +       mempool_free(io, v->io_mempool);
> +
> +       bio_endio(bio, error);
> +}
> +
> +static void verity_work(struct work_struct *w)
> +{
> +       struct dm_verity_io *io = container_of(w, struct dm_verity_io, work);
> +
> +       verity_finish_io(io, verity_verify_io(io));
> +}
> +
> +static void verity_end_io(struct bio *bio, int error)
> +{
> +       struct dm_verity_io *io = bio->bi_private;
> +       if (error) {
> +               verity_finish_io(io, error);
> +               return;
> +       }
> +
> +       INIT_WORK(&io->work, verity_work);
> +       queue_work(io->v->verify_wq, &io->work);
> +}
> +
> +/*
> + * Prefetch buffers for the specified io.
> + * The root buffer is not prefetched, it is assumed that it will be cached
> + * all the time.
> + */
> +static void verity_prefetch_io(struct dm_verity *v, struct dm_verity_io *io)
> +{
> +       int i;
> +       for (i = v->levels - 2; i >= 0; i--) {
> +               sector_t hash_block_start;
> +               sector_t hash_block_end;
> +               verity_hash_at_level(v, io->block, i, &hash_block_start, NULL);
> +               verity_hash_at_level(v, io->block + io->n_blocks - 1, i, &hash_block_end, NULL);
> +               if (!i) {
> +                       unsigned cluster = prefetch_cluster;
> +        /* barrier to stop GCC from re-reading prefetch_cluster again */
> +                       barrier();
> +                       cluster >>= v->data_dev_block_bits;

Would:
unsigned cluster = prefetch_cluster >> v->data_dev_block_bits;
not have similar behavior without a barrier? (Yeah yeah I could
compile and see, but I was curious if you already had.)

Since the max iterations here is 61 in a worst-case, I don't think
it's a big deal to barrier() each time, just thought I'd ask.

> +                       if (unlikely(!cluster))
> +                               goto no_prefetch_cluster;
> +                       if (unlikely(cluster & (cluster - 1)))
> +                               cluster = 1 << (fls(cluster) - 1);
> +
> +                       hash_block_start &= ~(sector_t)(cluster - 1);
> +                       hash_block_end |= cluster - 1;
> +                       if (unlikely(hash_block_end >= v->hash_blocks))
> +                               hash_block_end = v->hash_blocks - 1;
> +               }
> +no_prefetch_cluster:
> +               dm_bufio_prefetch(v->bufio, hash_block_start,
> +                                       hash_block_end - hash_block_start + 1);
> +       }
> +}
> +
> +/*
> + * Bio map function. It allocates dm_verity_io structure and bio vector and
> + * fills them. Then it issues prefetches and the I/O.
> + */
> +static int verity_map(struct dm_target *ti, struct bio *bio,
> +                     union map_info *map_context)
> +{
> +       struct dm_verity *v = ti->private;
> +       struct dm_verity_io *io;
> +
> +       if (((unsigned)bio->bi_sector | bio_sectors(bio)) &
> +           ((1 << (v->data_dev_block_bits - SECTOR_SHIFT)) - 1)) {
> +               DMERR_LIMIT("unaligned io");
> +               return -EIO;
> +       }
> +
> +       if ((bio->bi_sector + bio_sectors(bio)) >>
> +           (v->data_dev_block_bits - SECTOR_SHIFT) > v->data_blocks) {
> +               DMERR_LIMIT("io out of range");
> +               return -EIO;
> +       }
> +
> +       if (bio_data_dir(bio) == WRITE)
> +               return -EIO;
> +
> +       io = mempool_alloc(v->io_mempool, GFP_NOIO);
> +       io->v = v;
> +       io->bio = bio;
> +       io->orig_bi_end_io = bio->bi_end_io;
> +       io->orig_bi_private = bio->bi_private;
> +       io->block = bio->bi_sector >> (v->data_dev_block_bits - SECTOR_SHIFT);
> +       io->n_blocks = bio->bi_size >> v->data_dev_block_bits;
> +
> +       bio->bi_end_io = verity_end_io;
> +       bio->bi_private = io;
> +       bio->bi_bdev = v->data_dev->bdev;
> +       bio->bi_sector = verity_map_sector(v, bio->bi_sector);
> +
> +       io->io_vec_size = bio->bi_vcnt - bio->bi_idx;
> +       if (io->io_vec_size < DM_VERITY_IO_VEC_INLINE)
> +               io->io_vec = io->io_vec_inline;
> +       else
> +               io->io_vec = mempool_alloc(v->vec_mempool, GFP_NOIO);
> +       memcpy(io->io_vec, bio_iovec(bio),
> +              io->io_vec_size * sizeof(struct bio_vec));
> +
> +       verity_prefetch_io(v, io);
> +
> +       generic_make_request(bio);
> +
> +       return DM_MAPIO_SUBMITTED;
> +}
> +
> +static int verity_status(struct dm_target *ti, status_type_t type,
> +                        char *result, unsigned maxlen)
> +{
> +       struct dm_verity *v = ti->private;
> +       unsigned sz = 0;
> +       unsigned x;
> +
> +       switch (type) {
> +       case STATUSTYPE_INFO:
> +               result[0] = 0;
> +               break;
> +       case STATUSTYPE_TABLE:
> +               DMEMIT("%u %s %s %llu %u %s ",
> +                       0,
> +                       v->data_dev->name,
> +                       v->hash_dev->name,

I understand the new approach is to use major:minor instead of the
device name. I don't care which, but I believe agk@ requested that.

> +                       (unsigned long long)v->hash_start << (v->hash_dev_block_bits - SECTOR_SHIFT),
> +                       1 << v->data_dev_block_bits,
> +                       v->alg_name
> +                       );
> +               for (x = 0; x < v->digest_size; x++)
> +                       DMEMIT("%02x", v->root_digest[x]);
> +               DMEMIT(" ");
> +               if (!v->salt_size)
> +                       DMEMIT("-");
> +               else
> +                       for (x = 0; x < v->salt_size; x++)
> +                               DMEMIT("%02x", v->salt[x]);
> +               if (v->data_dev_block_bits != v->hash_dev_block_bits)
> +                       DMEMIT(" %u", 1 << v->hash_dev_block_bits);
> +               break;
> +       }
> +       return 0;
> +}
> +
> +static int verity_ioctl(struct dm_target *ti, unsigned cmd,
> +                       unsigned long arg)
> +{
> +       struct dm_verity *v = ti->private;
> +       int r = 0;
> +
> +       if (v->data_start ||
> +           ti->len != i_size_read(v->data_dev->bdev->bd_inode) >> SECTOR_SHIFT)
> +               r = scsi_verify_blk_ioctl(NULL, cmd);
> +

Is it worth supporting ioctl at all given these hoops? Nothing stops
a privileged user from directly running the ioctl on the underlying
device/devices, it's just very inconvenient :)

> +       return r ? : __blkdev_driver_ioctl(v->data_dev->bdev, v->data_dev->mode,
> +                                    cmd, arg);
> +}
> +
> +static int verity_merge(struct dm_target *ti, struct bvec_merge_data *bvm,
> +                       struct bio_vec *biovec, int max_size)
> +{
> +       struct dm_verity *v = ti->private;
> +       struct request_queue *q = bdev_get_queue(v->data_dev->bdev);
> +
> +       if (!q->merge_bvec_fn)
> +               return max_size;
> +
> +       bvm->bi_bdev = v->data_dev->bdev;
> +       bvm->bi_sector = verity_map_sector(v, bvm->bi_sector);
> +
> +       return min(max_size, q->merge_bvec_fn(q, bvm, biovec));
> +}
> +
> +static int verity_iterate_devices(struct dm_target *ti,
> +                                 iterate_devices_callout_fn fn, void *data)
> +{
> +       struct dm_verity *v = ti->private;
> +       return fn(ti, v->data_dev, v->data_start, ti->len, data);
> +}
> +
> +static void verity_io_hints(struct dm_target *ti, struct queue_limits *limits)
> +{
> +       struct dm_verity *v = ti->private;
> +
> +       if (limits->logical_block_size < 1 << v->data_dev_block_bits)
> +               limits->logical_block_size = 1 << v->data_dev_block_bits;
> +       if (limits->physical_block_size < 1 << v->data_dev_block_bits)
> +               limits->physical_block_size = 1 << v->data_dev_block_bits;
> +       blk_limits_io_min(limits, limits->logical_block_size);
> +}
> +
> +static void verity_dtr(struct dm_target *ti);
> +
> +static int verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
> +{
> +       struct dm_verity *v;
> +       unsigned num;
> +       unsigned long long hs;
> +       int r;
> +       int i;
> +       sector_t hash_position;
> +       char dummy;
> +
> +       v = kzalloc(sizeof(struct dm_verity), GFP_KERNEL);
> +       if (!v) {
> +               ti->error = "Cannot allocate verity structure";
> +               return -ENOMEM;
> +       }
> +       ti->private = v;
> +       v->ti = ti;
> +
> +       if ((dm_table_get_mode(ti->table) & ~FMODE_READ) != 0) {
> +               ti->error = "Device must be readonly";
> +               r = -EINVAL;
> +               goto bad;
> +       }
> +
> +       if (argc < 7) {
> +               ti->error = "Not enough arguments";
> +               r = -EINVAL;
> +               goto bad;
> +       }
> +
> +       if (sscanf(argv[0], "%d%c", &num, &dummy) != 1 ||
> +           num != 0) {
> +               ti->error = "Invalid version";
> +               r = -EINVAL;
> +               goto bad;
> +       }
> +
> +       r = dm_get_device(ti, argv[1], FMODE_READ, &v->data_dev);
> +       if (r) {
> +               ti->error = "Data device lookup failed";
> +               goto bad;
> +       }
> +
> +       r = dm_get_device(ti, argv[2], FMODE_READ, &v->hash_dev);
> +       if (r) {
> +               ti->error = "Data device lookup failed";
> +               goto bad;
> +       }
> +
> +       if (sscanf(argv[3], "%llu%c", &hs, &dummy) != 1 ||
> +           hs != (sector_t)hs) {
> +               ti->error = "Invalid hash start";
> +               r = -EINVAL;
> +               goto bad;
> +       }
> +
> +       if (sscanf(argv[4], "%u%c", &num, &dummy) != 1 ||
> +           !num || (num & (num - 1)) ||
> +           num < bdev_logical_block_size(v->data_dev->bdev) ||
> +           num > PAGE_SIZE) {
> +               ti->error = "Invalid data device block size";
> +               r = -EINVAL;
> +               goto bad;
> +       }
> +       v->data_dev_block_bits = ffs(num) - 1;
> +       v->hash_dev_block_bits = ffs(num) - 1;
> +
> +       v->alg_name = kstrdup(argv[5], GFP_KERNEL);
> +       if (!v->alg_name) {
> +               ti->error = "Cannot allocate algorithm name";
> +               r = -ENOMEM;
> +               goto bad;
> +       }
> +
> +       v->tfm = crypto_alloc_shash(v->alg_name, 0, 0);
> +       if (IS_ERR(v->tfm)) {
> +               ti->error = "Cannot initialize hash function";
> +               r = PTR_ERR(v->tfm);
> +               v->tfm = NULL;
> +               goto bad;
> +       }
> +       v->digest_size = crypto_shash_digestsize(v->tfm);
> +       if ((1 << v->hash_dev_block_bits) < v->digest_size * 2) {
> +               ti->error = "Digest size too big";
> +               r = -EINVAL;
> +               goto bad;
> +       }
> +       v->shash_descsize =
> +               sizeof(struct shash_desc) + crypto_shash_descsize(v->tfm);
> +
> +       v->root_digest = kmalloc(v->digest_size, GFP_KERNEL);
> +       if (!v->root_digest) {
> +               ti->error = "Cannot allocate root digest";
> +               r = -ENOMEM;
> +               goto bad;
> +       }
> +       if (strlen(argv[6]) != v->digest_size * 2 ||
> +           hex2bin(v->root_digest, argv[6], v->digest_size)) {
> +               ti->error = "Invalid root digest";
> +               r = -EINVAL;
> +               goto bad;
> +       }
> +
> +       if (argc > 7 && strcmp(argv[7], "-")) {
> +               v->salt_size = strlen(argv[7]) / 2;
> +               v->salt = kmalloc(v->salt_size, GFP_KERNEL);
> +               if (!v->salt) {
> +                       ti->error = "Cannot allocate salt";
> +                       r = -ENOMEM;
> +                       goto bad;
> +               }
> +               if (strlen(argv[7]) != v->salt_size * 2 ||
> +                   hex2bin(v->salt, argv[7], v->salt_size)) {
> +                       ti->error = "Invalid salt";
> +                       r = -EINVAL;
> +                       goto bad;
> +               }
> +       }
> +
> +       if (argc > 8) {
> +               if (sscanf(argv[8], "%u%c", &num, &dummy) != 1 ||
> +                   !num || (num & (num - 1)) ||
> +                   num < bdev_logical_block_size(v->hash_dev->bdev) ||
> +                   num > INT_MAX) {
> +                       ti->error = "Invalid hash device block size";
> +                       r = -EINVAL;
> +                       goto bad;
> +               }
> +               v->hash_dev_block_bits = ffs(num) - 1;
> +       }
> +
> +       if (hs & ((1 << (v->hash_dev_block_bits - SECTOR_SHIFT)) - 1)) {
> +               ti->error = "Hash start not aligned on block boundary";
> +               r = -EINVAL;
> +               goto bad;
> +       }
> +       v->hash_start = hs >> (v->hash_dev_block_bits - SECTOR_SHIFT);
> +
> +       if (ti->len > i_size_read(v->data_dev->bdev->bd_inode) >> SECTOR_SHIFT) {
> +               ti->error = "Data device si too small";

s/si/is

Should this also check ti->start + ti->len to ensure it isn't reading
off the end or do you just rely on the requests failing?

> +               r = -EINVAL;
> +               goto bad;
> +       }
> +
> +       if (ti->len & ((1 << (v->data_dev_block_bits - SECTOR_SHIFT)) - 1)) {
> +               ti->error = "Data device length is not aligned to block size";
> +               r = -EINVAL;
> +               goto bad;
> +       }
> +
> +       v->data_blocks = ti->len >> (v->data_dev_block_bits - SECTOR_SHIFT);
> +
> +       v->hash_per_block_bits =
> +               fls((1 << v->hash_dev_block_bits) / v->digest_size) - 1;
> +
> +       v->levels = 0;
> +       if (v->data_blocks)
> +               while (v->hash_per_block_bits * v->levels < 64 &&
> +                      (unsigned long long)(v->data_blocks - 1) >>
> +                      (v->hash_per_block_bits * v->levels))
> +                       v->levels++;
> +
> +       if (v->levels > DM_VERITY_MAX_LEVELS) {
> +               ti->error = "Too many tree levels";
> +               r = -E2BIG;
> +               goto bad;
> +       }
> +
> +       hash_position = v->hash_start;
> +       for (i = v->levels - 1; i >= 0; i--) {
> +               sector_t s;
> +               v->hash_level_block[i] = hash_position;
> +               s = verity_position_at_level(v, v->data_blocks, i);
> +               s = (s >> v->hash_per_block_bits) +
> +                   !!(s & ((1 << v->hash_per_block_bits) - 1));
> +               if (hash_position + s < hash_position) {
> +                       ti->error = "Hash device offset overflow";
> +                       r = -E2BIG;
> +                       goto bad;
> +               }
> +               hash_position += s;
> +       }
> +       v->hash_blocks = hash_position;
> +
> +       v->bufio = dm_bufio_client_create(v->hash_dev->bdev,
> +               1 << v->hash_dev_block_bits, 1, sizeof(struct buffer_aux),
> +               dm_bufio_alloc_callback, NULL);
> +       if (IS_ERR(v->bufio)) {
> +               ti->error = "Cannot initialize dm-bufio";
> +               r = PTR_ERR(v->bufio);
> +               v->bufio = NULL;
> +               goto bad;
> +       }
> +
> +       if (dm_bufio_get_device_size(v->bufio) < v->hash_blocks) {
> +               ti->error = "Hash device is too small";
> +               r = -E2BIG;
> +               goto bad;
> +       }
> +
> +       v->io_mempool = mempool_create_kmalloc_pool(DM_VERITY_MEMPOOL_SIZE,
> +         sizeof(struct dm_verity_io) + v->shash_descsize + v->digest_size * 2);
> +       if (!v->io_mempool) {
> +               ti->error = "Cannot allocate io mempool";
> +               r = -ENOMEM;
> +               goto bad;
> +       }
> +
> +       v->vec_mempool = mempool_create_kmalloc_pool(DM_VERITY_MEMPOOL_SIZE,
> +                                       BIO_MAX_PAGES * sizeof(struct bio_vec));
> +       if (!v->vec_mempool) {
> +               ti->error = "Cannot allocate vector mempool";
> +               r = -ENOMEM;
> +               goto bad;
> +       }
> +
> +       /*v->verify_wq = alloc_workqueue("verityd", WQ_CPU_INTENSIVE | WQ_MEM_RECLAIM, 1);*/
> +       /* WQ_UNBOUND greatly improves performance when running on ramdisk */
> +       v->verify_wq = alloc_workqueue("verityd", WQ_CPU_INTENSIVE | WQ_MEM_RECLAIM | WQ_UNBOUND, num_online_cpus());
> +       if (!v->verify_wq) {
> +               ti->error = "Cannot allocate workqueue";
> +               r = -ENOMEM;
> +               goto bad;
> +       }
> +
> +       return 0;
> +
> +bad:
> +       verity_dtr(ti);
> +       return r;
> +}
> +
> +static void verity_dtr(struct dm_target *ti)
> +{
> +       struct dm_verity *v = ti->private;
> +
> +       if (v->verify_wq)
> +               destroy_workqueue(v->verify_wq);
> +       if (v->vec_mempool)
> +               mempool_destroy(v->vec_mempool);
> +       if (v->io_mempool)
> +               mempool_destroy(v->io_mempool);
> +       if (v->bufio)
> +               dm_bufio_client_destroy(v->bufio);
> +       kfree(v->salt);
> +       kfree(v->root_digest);
> +       if (v->tfm)
> +               crypto_free_shash(v->tfm);
> +       kfree(v->alg_name);
> +       if (v->hash_dev)
> +               dm_put_device(ti, v->hash_dev);
> +       if (v->data_dev)
> +               dm_put_device(ti, v->data_dev);
> +       kfree(v);
> +}
> +
> +static struct target_type verity_target = {
> +       .name           = "verity",
> +       .version        = {1, 0, 0},
> +       .module         = THIS_MODULE,
> +       .ctr            = verity_ctr,
> +       .dtr            = verity_dtr,
> +       .map            = verity_map,
> +       .status         = verity_status,
> +       .ioctl          = verity_ioctl,
> +       .merge          = verity_merge,
> +       .iterate_devices = verity_iterate_devices,
> +       .io_hints       = verity_io_hints,
> +};
> +
> +static int __init dm_verity_init(void)
> +{
> +       int r;
> +       r = dm_register_target(&verity_target);
> +       if (r < 0)
> +               DMERR("register failed %d", r);
> +       return r;
> +}
> +
> +static void __exit dm_verity_exit(void)
> +{
> +       dm_unregister_target(&verity_target);
> +}
> +
> +module_init(dm_verity_init);
> +module_exit(dm_verity_exit);
> +
> +MODULE_AUTHOR("Mikulas Patocka <mpatocka@xxxxxxxxxx>");

As per linux/module.h, I'd welcome additional authors as per the
lkml/patch lineage:
MODULE_AUTHOR("Mandeep Baines <msb@xxxxxxxxxxxx>");
MODULE_AUTHOR("Will Drewry <wad@xxxxxxxxxxxx>");

Regardless, I'll just be happy to see this functionality merge.

> +MODULE_DESCRIPTION(DM_NAME " target for transparent disk integrity checking");
> +MODULE_LICENSE("GPL");
> +
> Index: linux-3.3-rc6-fast/drivers/md/dm-bufio.c

This should be in a separate patch I think.

> ===================================================================
> --- linux-3.3-rc6-fast.orig/drivers/md/dm-bufio.c       2012-03-12 22:43:23.000000000 +0100
> +++ linux-3.3-rc6-fast/drivers/md/dm-bufio.c    2012-03-13 15:41:02.000000000 +0100
[snip]
> @@ -882,6 +888,19 @@ static struct dm_buffer *__bufio_new(str
>
>        b = __find(c, block);
>        if (b) {
> +found_buffer:
> +               if (nf == NF_PREFETCH)
> +                       return NULL;
> +               /*
> +                * Note: it is essential that we don't wait for the buffer to be
> +                * read if dm_bufio_get function is used. Both dm_bufio_get and
> +                * dm_bufio_prefetch can be used in the driver request routine.
> +                * If the user called both dm_bufio_prefetch and dm_bufio_get on
> +                * the same buffer, it would deadlock if we waited.
> +                */
> +               if (nf == NF_GET && unlikely(test_bit(B_READING, &b->state)))
> +                       return NULL;
> +
>                b->hold_count++;

Are these hold_counts safe on architectures with weak memory models?
Should they be atomic_ts? I haven't looked at them in context, but
based on what I see here they make me a bit nervous.

Thanks for jumping in to the fray! None of my comments are blocking,
so I believe the following is appropriate (if not
s/Signed-off/Reviewed-by/).

Signed-off-by: Will Drewry <wad@xxxxxxxxxxxx>

cheers!
will
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/