eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

integrity: Add inline flag to API

Browse Source 
Process new dm-integrity flag (hw inline mode).
This commit is contained in:
Milan Broz
2025-02-16 22:46:18 +01:00
parent 29fcd88d86
commit 49ccafe38a
5 changed files with 24 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/libcryptsetup.h
View File

@@ -1512,6 +1512,8 @@ int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot);
#define CRYPT_ACTIVATE_HIGH_PRIORITY (UINT32_C(1) << 28) #define CRYPT_ACTIVATE_HIGH_PRIORITY (UINT32_C(1) << 28)
/** dm-verity: also restart/panic on error, use with RESTART_ON_CORRUPTION or PANIC_ON_CORRUPTION */ /** dm-verity: also restart/panic on error, use with RESTART_ON_CORRUPTION or PANIC_ON_CORRUPTION */
#define CRYPT_ACTIVATE_ERROR_AS_CORRUPTION (UINT32_C(1) << 29) #define CRYPT_ACTIVATE_ERROR_AS_CORRUPTION (UINT32_C(1) << 29)
/** dm-integrity: inline mode for compatible hardware profile */
#define CRYPT_ACTIVATE_INLINE_MODE (UINT32_C(1) << 30)
/** /**
* Active device runtime attributes * Active device runtime attributes

19
lib/libdevmapper.c
View File

@@ -238,6 +238,9 @@ static void _dm_set_integrity_compat(struct crypt_device *cd,
if (_dm_satisfies_version(1, 8, 0, integrity_maj, integrity_min, integrity_patch)) if (_dm_satisfies_version(1, 8, 0, integrity_maj, integrity_min, integrity_patch))
_dm_flags |= DM_INTEGRITY_RESET_RECALC_SUPPORTED; _dm_flags |= DM_INTEGRITY_RESET_RECALC_SUPPORTED;
if (_dm_satisfies_version(1, 12, 0, integrity_maj, integrity_min, integrity_patch))
_dm_flags |= DM_INTEGRITY_INLINE_MODE_SUPPORTED;
_dm_integrity_checked = true; _dm_integrity_checked = true;
} }
@@ -903,7 +906,9 @@ static char *get_dm_integrity_params(const struct dm_target *tgt, uint32_t flags
if (r < 0 || r >= max_size) if (r < 0 || r >= max_size)
goto out; goto out;
if (flags & CRYPT_ACTIVATE_NO_JOURNAL_BITMAP) if (flags & CRYPT_ACTIVATE_INLINE_MODE)
mode = 'I';
else if (flags & CRYPT_ACTIVATE_NO_JOURNAL_BITMAP)
mode = 'B'; mode = 'B';
else if (flags & CRYPT_ACTIVATE_RECOVERY) else if (flags & CRYPT_ACTIVATE_RECOVERY)
mode = 'R'; mode = 'R';
@@ -1803,6 +1808,12 @@ int dm_create_device(struct crypt_device *cd, const char *name,
log_err(cd, _("Requested dm-integrity bitmap mode is not supported.")); log_err(cd, _("Requested dm-integrity bitmap mode is not supported."));
r = -EINVAL; r = -EINVAL;
} }
if (dmd->segment.type == DM_INTEGRITY && (dmd->flags & CRYPT_ACTIVATE_INLINE_MODE) &&
!(dmt_flags & DM_INTEGRITY_INLINE_MODE_SUPPORTED)) {
log_err(cd, _("Requested dm-integrity inline mode is not supported."));
r = -EINVAL;
}
out: out:
/* /*
* Print warning if activating dm-crypt cipher_null device unless it's reencryption helper or * Print warning if activating dm-crypt cipher_null device unless it's reencryption helper or
@@ -2502,7 +2513,7 @@ static int _dm_target_query_integrity(struct crypt_device *cd,
/* journal */ /* journal */
c = toupper(*(++params)); c = toupper(*(++params));
if (!*params || *(++params) != ' ' || (c != 'D' && c != 'J' && c != 'R' && c != 'B')) if (!*params || *(++params) != ' ' || (c != 'D' && c != 'J' && c != 'R' && c != 'B' && c != 'I'))
goto err; goto err;
if (c == 'D') if (c == 'D')
*act_flags |= CRYPT_ACTIVATE_NO_JOURNAL; *act_flags |= CRYPT_ACTIVATE_NO_JOURNAL;
@@ -2512,6 +2523,10 @@ static int _dm_target_query_integrity(struct crypt_device *cd,
*act_flags |= CRYPT_ACTIVATE_NO_JOURNAL; *act_flags |= CRYPT_ACTIVATE_NO_JOURNAL;
*act_flags |= CRYPT_ACTIVATE_NO_JOURNAL_BITMAP; *act_flags |= CRYPT_ACTIVATE_NO_JOURNAL_BITMAP;
} }
if (c == 'I') {
*act_flags |= CRYPT_ACTIVATE_NO_JOURNAL;
*act_flags |= CRYPT_ACTIVATE_INLINE_MODE;
}
tgt->u.integrity.sector_size = SECTOR_SIZE; tgt->u.integrity.sector_size = SECTOR_SIZE;

1
lib/utils_dm.h
View File

@@ -66,6 +66,7 @@ static inline uint64_t act2dmflags(uint64_t act_flags)
#define DM_CRYPT_HIGH_PRIORITY_SUPPORTED (UINT64_C(1) << 29) /* dm-crypt high priority workqueue flag supported */ #define DM_CRYPT_HIGH_PRIORITY_SUPPORTED (UINT64_C(1) << 29) /* dm-crypt high priority workqueue flag supported */
#define DM_CRYPT_INTEGRITY_KEY_SIZE_OPT_SUPPORTED (UINT64_C(1) << 30) /* dm-crypt support for integrity_key_size option */ #define DM_CRYPT_INTEGRITY_KEY_SIZE_OPT_SUPPORTED (UINT64_C(1) << 30) /* dm-crypt support for integrity_key_size option */
#define DM_VERITY_ERROR_AS_CORRUPTION_SUPPORTED (UINT64_C(1) << 31) /* dm-verity restart/panic on corruption supported */ #define DM_VERITY_ERROR_AS_CORRUPTION_SUPPORTED (UINT64_C(1) << 31) /* dm-verity restart/panic on corruption supported */
#define DM_INTEGRITY_INLINE_MODE_SUPPORTED (UINT64_C(1) << 32) /* dm-integrity inline mode supported */
typedef enum { DM_CRYPT = 0, DM_VERITY, DM_INTEGRITY, DM_LINEAR, DM_ERROR, DM_ZERO, DM_UNKNOWN } dm_target_type; typedef enum { DM_CRYPT = 0, DM_VERITY, DM_INTEGRITY, DM_LINEAR, DM_ERROR, DM_ZERO, DM_UNKNOWN } dm_target_type;
enum tdirection { TARGET_EMPTY = 0, TARGET_SET, TARGET_QUERY }; enum tdirection { TARGET_EMPTY = 0, TARGET_SET, TARGET_QUERY };

1
tests/api_test.h
View File

@@ -134,6 +134,7 @@ void xlog(const char *msg, const char *tst, const char *func, int line, const ch
#define T_DM_CRYPT_HIGH_PRIORITY_SUPPORTED (UINT64_C(1) << 29) /* dm-crypt high priority workqueue flag supported */ #define T_DM_CRYPT_HIGH_PRIORITY_SUPPORTED (UINT64_C(1) << 29) /* dm-crypt high priority workqueue flag supported */
#define T_DM_CRYPT_INTEGRITY_KEY_SIZE_OPT_SUPPORTED (UINT64_C(1) << 30) /* dm-crypt support for integrity_key_size option */ #define T_DM_CRYPT_INTEGRITY_KEY_SIZE_OPT_SUPPORTED (UINT64_C(1) << 30) /* dm-crypt support for integrity_key_size option */
#define T_DM_VERITY_ERROR_AS_CORRUPTION_SUPPORTED (UINT64_C(1) << 31) /* dm-verity restart/panic on corruption supported */ #define T_DM_VERITY_ERROR_AS_CORRUPTION_SUPPORTED (UINT64_C(1) << 31) /* dm-verity restart/panic on corruption supported */
#define T_DM_INTEGRITY_INLINE_MODE_SUPPORTED (UINT64_C(1) << 32) /* dm-integrity inline mode supported */
/* loop helpers */ /* loop helpers */
int loop_device(const char *loop); int loop_device(const char *loop);

3
tests/test_utils.c
View File

@@ -622,6 +622,9 @@ static void t_dm_set_integrity_compat(const char *dm_version __attribute__((unus
if (t_dm_satisfies_version(1, 8, 0, integrity_maj, integrity_min, integrity_patch)) if (t_dm_satisfies_version(1, 8, 0, integrity_maj, integrity_min, integrity_patch))
t_dm_crypt_flags |= T_DM_INTEGRITY_RESET_RECALC_SUPPORTED; t_dm_crypt_flags |= T_DM_INTEGRITY_RESET_RECALC_SUPPORTED;
if (t_dm_satisfies_version(1, 12, 0, integrity_maj, integrity_min, integrity_patch))
t_dm_crypt_flags |= T_DM_INTEGRITY_INLINE_MODE_SUPPORTED;
} }
int t_dm_check_versions(void) int t_dm_check_versions(void)