首頁 探索 說明
登入
GfA
/
linux_kernel
5
0
複刻 0
Files 問題管理 0 合併請求 0 Wiki
瀏覽代碼

dm crypt: fix large block integrity support

Previously, dm-crypt could use blocks composed of multiple 512b sectors
but it created integrity profile for each 512b sector (it padded it with
zeroes).  Fix dm-crypt so that the integrity profile is sent for each
block not each sector.

The user must use the same block size in the DM crypt and integrity
targets.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Mikulas Patocka 8 年之前
父節點
9d609f85b7
當前提交
583fe7474c
共有 1 個文件被更改,包括 12 次插入6 次删除
分割檢視 顯示文件統計
  1. 12 6
      drivers/md/dm-crypt.c

+ 12 - 6
drivers/md/dm-crypt.c
查看文件 

@@ -938,10 +938,15 @@ static int crypt_integrity_ctr(struct crypt_config *cc, struct dm_target *ti)
 
 		return -EINVAL;
 
 	}
 
 
-	if (bi->tag_size != cc->on_disk_tag_size) {
 
+	if (bi->tag_size != cc->on_disk_tag_size ||
 
+	    bi->tuple_size != cc->on_disk_tag_size) {
 
 		ti->error = "Integrity profile tag size mismatch.";
 
 		return -EINVAL;
 
 	}
 
+	if (1 << bi->interval_exp != cc->sector_size) {
 
+		ti->error = "Integrity profile sector size mismatch.";
 
+		return -EINVAL;
 
+	}
 
 
 	if (crypt_integrity_aead(cc)) {
 
 		cc->integrity_tag_size = cc->on_disk_tag_size - cc->integrity_iv_size;
 
@@ -1322,7 +1327,7 @@ static int crypt_convert(struct crypt_config *cc,
 
 		case -EINPROGRESS:
 
 			ctx->r.req = NULL;
 
 			ctx->cc_sector += sector_step;
 
-			tag_offset += sector_step;
 
+			tag_offset++;
 
 			continue;
 
 		/*
 
 		 * The request was already processed (synchronously).
 
@@ -1330,7 +1335,7 @@ static int crypt_convert(struct crypt_config *cc,
 
 		case 0:
 
 			atomic_dec(&ctx->cc_pending);
 
 			ctx->cc_sector += sector_step;
 
-			tag_offset += sector_step;
 
+			tag_offset++;
 
 			cond_resched();
 
 			continue;
 
 		/*
 
@@ -2735,6 +2740,8 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv)
 
 			ti->error = "Cannot allocate integrity tags mempool";
 
 			goto bad;
 
 		}
 
+
 
+		cc->tag_pool_max_sectors <<= cc->sector_shift;
 
 	}
 
 
 	ret = -ENOMEM;
 
@@ -2816,16 +2823,15 @@ static int crypt_map(struct dm_target *ti, struct bio *bio)
 
 	crypt_io_init(io, cc, bio, dm_target_offset(ti, bio->bi_iter.bi_sector));
 
 
 	if (cc->on_disk_tag_size) {
 
-		unsigned tag_len = cc->on_disk_tag_size * bio_sectors(bio);
 
+		unsigned tag_len = cc->on_disk_tag_size * (bio_sectors(bio) >> cc->sector_shift);
 
 
 		if (unlikely(tag_len > KMALLOC_MAX_SIZE) ||
 
-		    unlikely(!(io->integrity_metadata = kzalloc(tag_len,
 
+		    unlikely(!(io->integrity_metadata = kmalloc(tag_len,
 
 				GFP_NOIO | __GFP_NORETRY | __GFP_NOMEMALLOC | __GFP_NOWARN)))) {
 
 			if (bio_sectors(bio) > cc->tag_pool_max_sectors)
 
 				dm_accept_partial_bio(bio, cc->tag_pool_max_sectors);
 
 			io->integrity_metadata = mempool_alloc(cc->tag_pool, GFP_NOIO);
 
 			io->integrity_metadata_from_pool = true;
 
-			memset(io->integrity_metadata, 0, cc->tag_pool_max_sectors * (1 << SECTOR_SHIFT));
 
 		}
 
 	}