From 49ccafe38ab02ea3392f9db11977fbbc59d5d767 Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Sun, 16 Feb 2025 22:46:18 +0100
Subject: [PATCH] integrity: Add inline flag to API

Process new dm-integrity flag (hw inline mode).
---
 lib/libcryptsetup.h |  2 ++
 lib/libdevmapper.c  | 19 +++++++++++++++++--
 lib/utils_dm.h      |  1 +
 tests/api_test.h    |  1 +
 tests/test_utils.c  |  3 +++
 5 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/lib/libcryptsetup.h b/lib/libcryptsetup.h
index 9d276400..3379bca8 100644
--- a/lib/libcryptsetup.h
+++ b/lib/libcryptsetup.h
@@ -1512,6 +1512,8 @@ int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot);
 #define CRYPT_ACTIVATE_HIGH_PRIORITY (UINT32_C(1) << 28)
 /** dm-verity: also restart/panic on error, use with RESTART_ON_CORRUPTION or PANIC_ON_CORRUPTION */
 #define CRYPT_ACTIVATE_ERROR_AS_CORRUPTION (UINT32_C(1) << 29)
+/** dm-integrity: inline mode for compatible hardware profile */
+#define CRYPT_ACTIVATE_INLINE_MODE (UINT32_C(1) << 30)
 
 /**
  * Active device runtime attributes
diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c
index 56e406ee..f2a9a007 100644
--- a/lib/libdevmapper.c
+++ b/lib/libdevmapper.c
@@ -238,6 +238,9 @@ static void _dm_set_integrity_compat(struct crypt_device *cd,
 	if (_dm_satisfies_version(1, 8, 0, integrity_maj, integrity_min, integrity_patch))
 		_dm_flags |= DM_INTEGRITY_RESET_RECALC_SUPPORTED;
 
+	if (_dm_satisfies_version(1, 12, 0, integrity_maj, integrity_min, integrity_patch))
+		_dm_flags |= DM_INTEGRITY_INLINE_MODE_SUPPORTED;
+
 	_dm_integrity_checked = true;
 }
 
@@ -903,7 +906,9 @@ static char *get_dm_integrity_params(const struct dm_target *tgt, uint32_t flags
 	if (r < 0 || r >= max_size)
 		goto out;
 
-	if (flags & CRYPT_ACTIVATE_NO_JOURNAL_BITMAP)
+	if (flags & CRYPT_ACTIVATE_INLINE_MODE)
+		mode = 'I';
+	else if (flags & CRYPT_ACTIVATE_NO_JOURNAL_BITMAP)
 		mode = 'B';
 	else if (flags & CRYPT_ACTIVATE_RECOVERY)
 		mode = 'R';
@@ -1803,6 +1808,12 @@ int dm_create_device(struct crypt_device *cd, const char *name,
 		log_err(cd, _("Requested dm-integrity bitmap mode is not supported."));
 		r = -EINVAL;
 	}
+
+	if (dmd->segment.type == DM_INTEGRITY && (dmd->flags & CRYPT_ACTIVATE_INLINE_MODE) &&
+	    !(dmt_flags & DM_INTEGRITY_INLINE_MODE_SUPPORTED)) {
+		log_err(cd, _("Requested dm-integrity inline mode is not supported."));
+		r = -EINVAL;
+	}
 out:
 	/*
 	 * Print warning if activating dm-crypt cipher_null device unless it's reencryption helper or
@@ -2502,7 +2513,7 @@ static int _dm_target_query_integrity(struct crypt_device *cd,
 
 	/* journal */
 	c = toupper(*(++params));
-	if (!*params || *(++params) != ' ' || (c != 'D' && c != 'J' && c != 'R' && c != 'B'))
+	if (!*params || *(++params) != ' ' || (c != 'D' && c != 'J' && c != 'R' && c != 'B' && c != 'I'))
 		goto err;
 	if (c == 'D')
 		*act_flags |= CRYPT_ACTIVATE_NO_JOURNAL;
@@ -2512,6 +2523,10 @@ static int _dm_target_query_integrity(struct crypt_device *cd,
 		*act_flags |= CRYPT_ACTIVATE_NO_JOURNAL;
 		*act_flags |= CRYPT_ACTIVATE_NO_JOURNAL_BITMAP;
 	}
+	if (c == 'I') {
+		*act_flags |= CRYPT_ACTIVATE_NO_JOURNAL;
+		*act_flags |= CRYPT_ACTIVATE_INLINE_MODE;
+	}
 
 	tgt->u.integrity.sector_size = SECTOR_SIZE;
 
diff --git a/lib/utils_dm.h b/lib/utils_dm.h
index 345cf159..60fd0273 100644
--- a/lib/utils_dm.h
+++ b/lib/utils_dm.h
@@ -66,6 +66,7 @@ static inline uint64_t act2dmflags(uint64_t act_flags)
 #define DM_CRYPT_HIGH_PRIORITY_SUPPORTED (UINT64_C(1) << 29) /* dm-crypt high priority workqueue flag supported  */
 #define DM_CRYPT_INTEGRITY_KEY_SIZE_OPT_SUPPORTED (UINT64_C(1) << 30) /* dm-crypt support for integrity_key_size option */
 #define DM_VERITY_ERROR_AS_CORRUPTION_SUPPORTED (UINT64_C(1) << 31) /* dm-verity restart/panic on corruption supported */
+#define DM_INTEGRITY_INLINE_MODE_SUPPORTED (UINT64_C(1) << 32) /* dm-integrity inline mode supported */
 
 typedef enum { DM_CRYPT = 0, DM_VERITY, DM_INTEGRITY, DM_LINEAR, DM_ERROR, DM_ZERO, DM_UNKNOWN } dm_target_type;
 enum tdirection { TARGET_EMPTY = 0, TARGET_SET, TARGET_QUERY };
diff --git a/tests/api_test.h b/tests/api_test.h
index 1cabf2bf..ec6abd46 100644
--- a/tests/api_test.h
+++ b/tests/api_test.h
@@ -134,6 +134,7 @@ void xlog(const char *msg, const char *tst, const char *func, int line, const ch
 #define T_DM_CRYPT_HIGH_PRIORITY_SUPPORTED (UINT64_C(1) << 29) /* dm-crypt high priority workqueue flag supported  */
 #define T_DM_CRYPT_INTEGRITY_KEY_SIZE_OPT_SUPPORTED (UINT64_C(1) << 30) /* dm-crypt support for integrity_key_size option */
 #define T_DM_VERITY_ERROR_AS_CORRUPTION_SUPPORTED (UINT64_C(1) << 31) /* dm-verity restart/panic on corruption supported */
+#define T_DM_INTEGRITY_INLINE_MODE_SUPPORTED (UINT64_C(1) << 32) /* dm-integrity inline mode supported */
 
 /* loop helpers */
 int loop_device(const char *loop);
diff --git a/tests/test_utils.c b/tests/test_utils.c
index c64ff52c..ed3594b7 100644
--- a/tests/test_utils.c
+++ b/tests/test_utils.c
@@ -622,6 +622,9 @@ static void t_dm_set_integrity_compat(const char *dm_version __attribute__((unus
 
 	if (t_dm_satisfies_version(1, 8, 0, integrity_maj, integrity_min, integrity_patch))
 		t_dm_crypt_flags |= T_DM_INTEGRITY_RESET_RECALC_SUPPORTED;
+
+	if (t_dm_satisfies_version(1, 12, 0, integrity_maj, integrity_min, integrity_patch))
+		t_dm_crypt_flags |= T_DM_INTEGRITY_INLINE_MODE_SUPPORTED;
 }
 
 int t_dm_check_versions(void)