From patchwork Wed Nov 13 11:57:12 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikulas Patocka X-Patchwork-Id: 11241771 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1A9861515 for ; Wed, 13 Nov 2019 11:57:26 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C9B04222CD for ; Wed, 13 Nov 2019 11:57:25 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="M1h5LUiH" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C9B04222CD Authentication-Results: mail.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=dm-devel-bounces@redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1573646244; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=EWWYrdxwTryjjO/lvWGPMNPRjSOkp8Zziiz/3Ca68kQ=; b=M1h5LUiHjzbV9x8jhxsdMXKN73kH2H6ohrTCqwMJ98vaHb9bN5T2RSZk5eej1BimV2LgBn 6BoCsD99Ed/Av1w+cBojkVDVD/NG6l6MC6ZbL+/aTYxNfy0ZpNv+CXZqL9fsLYL5yWSV33 TExh3y/u0ga+FEROXg2ptbI7czSarVo= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-102-cOg3shPFOdq3oXySkQZIFQ-1; Wed, 13 Nov 2019 06:57:23 -0500 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 182161005509; Wed, 13 Nov 2019 11:57:19 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E64ED608CC; Wed, 13 Nov 2019 11:57:18 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id A23771808855; Wed, 13 Nov 2019 11:57:18 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id xADBvGgP002454 for ; Wed, 13 Nov 2019 06:57:16 -0500 Received: by smtp.corp.redhat.com (Postfix) id 664CA5DF2B; Wed, 13 Nov 2019 11:57:16 +0000 (UTC) Delivered-To: dm-devel@redhat.com Received: from file01.intranet.prod.int.rdu2.redhat.com (file01.intranet.prod.int.rdu2.redhat.com [10.11.5.7]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 122045DE7A; Wed, 13 Nov 2019 11:57:13 +0000 (UTC) Received: from file01.intranet.prod.int.rdu2.redhat.com (localhost [127.0.0.1]) by file01.intranet.prod.int.rdu2.redhat.com (8.14.4/8.14.4) with ESMTP id xADBvCwo026045; Wed, 13 Nov 2019 06:57:12 -0500 Received: from localhost (mpatocka@localhost) by file01.intranet.prod.int.rdu2.redhat.com (8.14.4/8.14.4/Submit) with ESMTP id xADBvCuj026042; Wed, 13 Nov 2019 06:57:12 -0500 X-Authentication-Warning: file01.intranet.prod.int.rdu2.redhat.com: mpatocka owned process doing -bs Date: Wed, 13 Nov 2019 06:57:12 -0500 (EST) From: Mikulas Patocka X-X-Sender: mpatocka@file01.intranet.prod.int.rdu2.redhat.com To: Milan Broz , Mike Snitzer Message-ID: User-Agent: Alpine 2.02 (LRH 1266 2009-07-14) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: dm-devel@redhat.com Cc: dm-crypt@saout.de, dm-devel@redhat.com Subject: [dm-devel] [PATCH] cryptsetup: add support for the "fix_padding" option X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: dm-devel-bounces@redhat.com Errors-To: dm-devel-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-MC-Unique: cOg3shPFOdq3oXySkQZIFQ-1 X-Mimecast-Spam-Score: 0 This patch adds support for fixed padding to cryptsetup. * Cryptsetup will accept superblocks version 4. * If the dm-integrity target version is greater than 1.4, cryptsetup will add a flag "fix_padding" to the dm-integrity target arguments. There is still one quirk: if we have an old libdm without DM_DEVICE_GET_TARGET_VERSION and if dm-integrity module is not loaded, cryptsetup will not detect that it can use the "fix_padding" option. Signed-off-by: Mikulas Patocka --- lib/integrity/integrity.c | 7 +++---- lib/integrity/integrity.h | 2 ++ lib/libdevmapper.c | 20 +++++++++++++++++++- lib/utils_dm.h | 6 +++++- 4 files changed, 29 insertions(+), 6 deletions(-) -- dm-devel mailing list dm-devel@redhat.com https://www.redhat.com/mailman/listinfo/dm-devel Index: cryptsetup/lib/integrity/integrity.c =================================================================== --- cryptsetup.orig/lib/integrity/integrity.c 2019-11-12 20:09:30.000000000 +0100 +++ cryptsetup/lib/integrity/integrity.c 2019-11-12 21:09:05.000000000 +0100 @@ -41,8 +41,7 @@ static int INTEGRITY_read_superblock(str if (read_lseek_blockwise(devfd, device_block_size(cd, device), device_alignment(device), sb, sizeof(*sb), offset) != sizeof(*sb) || memcmp(sb->magic, SB_MAGIC, sizeof(sb->magic)) || - (sb->version != SB_VERSION_1 && sb->version != SB_VERSION_2 && - sb->version != SB_VERSION_3)) { + sb->version < SB_VERSION_1 || sb->version > SB_VERSION_4) { log_std(cd, "No integrity superblock detected on %s.\n", device_path(device)); r = -EINVAL; @@ -203,7 +202,7 @@ int INTEGRITY_create_dmd_device(struct c if (r < 0) return r; - return dm_integrity_target_set(&dmd->segment, 0, dmd->size, + return dm_integrity_target_set(cd, &dmd->segment, 0, dmd->size, crypt_metadata_device(cd), crypt_data_device(cd), crypt_get_integrity_tag_size(cd), crypt_get_data_offset(cd), crypt_get_sector_size(cd), vk, journal_crypt_key, @@ -289,7 +288,7 @@ int INTEGRITY_format(struct crypt_device if (params && params->integrity_key_size) vk = crypt_alloc_volume_key(params->integrity_key_size, NULL); - r = dm_integrity_target_set(tgt, 0, dmdi.size, crypt_metadata_device(cd), + r = dm_integrity_target_set(cd, tgt, 0, dmdi.size, crypt_metadata_device(cd), crypt_data_device(cd), crypt_get_integrity_tag_size(cd), crypt_get_data_offset(cd), crypt_get_sector_size(cd), vk, journal_crypt_key, journal_mac_key, params); Index: cryptsetup/lib/integrity/integrity.h =================================================================== --- cryptsetup.orig/lib/integrity/integrity.h 2019-11-12 20:09:30.000000000 +0100 +++ cryptsetup/lib/integrity/integrity.h 2019-11-12 20:12:54.000000000 +0100 @@ -34,10 +34,12 @@ struct crypt_dm_active_device; #define SB_VERSION_1 1 #define SB_VERSION_2 2 #define SB_VERSION_3 3 +#define SB_VERSION_4 4 #define SB_FLAG_HAVE_JOURNAL_MAC (1 << 0) #define SB_FLAG_RECALCULATING (1 << 1) /* V2 only */ #define SB_FLAG_DIRTY_BITMAP (1 << 2) /* V3 only */ +#define SB_FLAG_FIXED_PADDING (1 << 3) /* V4 only */ struct superblock { uint8_t magic[8]; Index: cryptsetup/lib/libdevmapper.c =================================================================== --- cryptsetup.orig/lib/libdevmapper.c 2019-11-12 20:09:30.000000000 +0100 +++ cryptsetup/lib/libdevmapper.c 2019-11-13 12:42:39.000000000 +0100 @@ -218,6 +218,9 @@ static void _dm_set_integrity_compat(str if (_dm_satisfies_version(1, 3, 0, integrity_maj, integrity_min, integrity_patch)) _dm_flags |= DM_INTEGRITY_BITMAP_SUPPORTED; + if (_dm_satisfies_version(1, 4, 0, integrity_maj, integrity_min, integrity_patch)) + _dm_flags |= DM_INTEGRITY_FIX_PADDING_SUPPORTED; + _dm_integrity_checked = true; } @@ -866,6 +869,11 @@ static char *get_dm_integrity_params(con strncat(features, feature, sizeof(features) - strlen(features) - 1); crypt_safe_free(hexkey); } + if (tgt->u.integrity.fix_padding) { + num_options++; + snprintf(feature, sizeof(feature), "fix_padding "); + strncat(features, feature, sizeof(features) - strlen(features) - 1); + } if (flags & CRYPT_ACTIVATE_RECALCULATE) { num_options++; @@ -2334,6 +2342,8 @@ static int _dm_target_query_integrity(st } } else if (!strcmp(arg, "recalculate")) { *act_flags |= CRYPT_ACTIVATE_RECALCULATE; + } else if (!strcmp(arg, "fix_padding")) { + tgt->u.integrity.fix_padding = true; } else /* unknown option */ goto err; } @@ -2865,16 +2875,21 @@ int dm_verity_target_set(struct dm_targe return 0; } -int dm_integrity_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size, +int dm_integrity_target_set(struct crypt_device *cd, + struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size, struct device *meta_device, struct device *data_device, uint64_t tag_size, uint64_t offset, uint32_t sector_size, struct volume_key *vk, struct volume_key *journal_crypt_key, struct volume_key *journal_mac_key, const struct crypt_params_integrity *ip) { + uint32_t dmi_flags; + if (!data_device) return -EINVAL; + _dm_check_versions(cd, DM_INTEGRITY); + tgt->type = DM_INTEGRITY; tgt->direction = TARGET_SET; tgt->offset = seg_offset; @@ -2890,6 +2905,9 @@ int dm_integrity_target_set(struct dm_ta tgt->u.integrity.journal_crypt_key = journal_crypt_key; tgt->u.integrity.journal_integrity_key = journal_mac_key; + if (!dm_flags(cd, DM_INTEGRITY, &dmi_flags) && dmi_flags & DM_INTEGRITY_FIX_PADDING_SUPPORTED) + tgt->u.integrity.fix_padding = true; + if (ip) { tgt->u.integrity.journal_size = ip->journal_size; tgt->u.integrity.journal_watermark = ip->journal_watermark; Index: cryptsetup/lib/utils_dm.h =================================================================== --- cryptsetup.orig/lib/utils_dm.h 2019-11-12 20:09:30.000000000 +0100 +++ cryptsetup/lib/utils_dm.h 2019-11-12 21:09:25.000000000 +0100 @@ -64,6 +64,7 @@ static inline uint32_t act2dmflags(uint3 #define DM_INTEGRITY_RECALC_SUPPORTED (1 << 16) /* dm-integrity automatic recalculation supported */ #define DM_INTEGRITY_BITMAP_SUPPORTED (1 << 17) /* dm-integrity bitmap mode supported */ #define DM_GET_TARGET_VERSION_SUPPORTED (1 << 18) /* dm DM_GET_TARGET version ioctl supported */ +#define DM_INTEGRITY_FIX_PADDING_SUPPORTED (1 << 19) /* supports the parameter fix_padding that fixes a bug that caused excessive padding */ typedef enum { DM_CRYPT = 0, DM_VERITY, DM_INTEGRITY, DM_LINEAR, DM_ERROR, DM_UNKNOWN } dm_target_type; enum tdirection { TARGET_SET = 1, TARGET_QUERY }; @@ -138,6 +139,8 @@ struct dm_target { struct volume_key *journal_crypt_key; struct device *meta_device; + + bool fix_padding; } integrity; struct { uint64_t offset; @@ -177,7 +180,8 @@ int dm_verity_target_set(struct dm_targe struct device *data_device, struct device *hash_device, struct device *fec_device, const char *root_hash, uint32_t root_hash_size, uint64_t hash_offset_block, uint64_t hash_blocks, struct crypt_params_verity *vp); -int dm_integrity_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size, +int dm_integrity_target_set(struct crypt_device *cd, + struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size, struct device *meta_device, struct device *data_device, uint64_t tag_size, uint64_t offset, uint32_t sector_size, struct volume_key *vk,