[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0066B4B7-B0FA-4C7F-99C4-0AABB577382C@netflix.com>
Date: Thu, 9 Aug 2012 00:40:22 +0000
From: Wesley Miaw <wmiaw@...flix.com>
To: Milan Broz <mbroz@...hat.com>
CC: Mikulas Patocka <mpatocka@...hat.com>,
device-mapper development <dm-devel@...hat.com>,
Alasdair Kergon <agk@...hat.com>,
"msb@...gle.com" <msb@...gle.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Will Drewry™ <w@...gle.com>
Subject: Re: [dm-devel] [PATCH v2 1/2] dm: verity support data device offset
(Linux 3.4.7)
On Aug 8, 2012, at 1:31 PM, Milan Broz wrote:
> On 08/08/2012 08:46 PM, Mikulas Patocka wrote:
>
>> The problem with the patch is that it changes interface to the userspace
>> tool. The userspace tool veritysetup already exists in recent cryptsetup
>> package, so we can't change the interface - you should change the patch so
>> that the starting data block is the last argument and the argument is
>> optional - so that it is compatible with the existing userspace too.
>
> yes. Please never change interface without at least increasing target version.
>
> I have to add userspace support as well to veritysetup and we need a way
> how to detect that option is supported by running kernel.
Apologies if the version increment is incorrect; I was not sure if the minor or patch number should be incremented. I assume the different version number is what would be used to detect if the data offset option is supported. Thanks.
From: Wesley Miaw <wmiaw@...flix.com>
Add data device start block index as optional dm-verity target parameters to
support verity targets where the data does not begin at sector 0 of the block
device.
Also fix the hash block index computations so they take into account any data
offset.
Signed-off-by: Wesley Miaw <wmiaw@...flix.com>
---
Documentation/device-mapper/verity.txt | 8 ++++++-
drivers/md/dm-verity.c | 24 ++++++++++++++++++-----
2 files changed, 26 insertions(+), 6 deletions(-)
--- a/drivers/md/dm-verity.c 2012-08-07 16:03:03.778759000 -0700
+++ b/drivers/md/dm-verity.c 2012-08-08 17:04:16.344682266 -0700
@@ -477,7 +477,7 @@ static int verity_map(struct dm_target *
return -EIO;
}
- if ((bio->bi_sector + bio_sectors(bio)) >>
+ if ((bio->bi_sector - v->data_start + bio_sectors(bio)) >>
(v->data_dev_block_bits - SECTOR_SHIFT) > v->data_blocks) {
DMERR_LIMIT("io out of range");
return -EIO;
@@ -491,7 +491,7 @@ static int verity_map(struct dm_target *
io->bio = bio;
io->orig_bi_end_io = bio->bi_end_io;
io->orig_bi_private = bio->bi_private;
- io->block = bio->bi_sector >> (v->data_dev_block_bits - SECTOR_SHIFT);
+ io->block = (bio->bi_sector - v->data_start) >> (v->data_dev_block_bits - SECTOR_SHIFT);
io->n_blocks = bio->bi_size >> v->data_dev_block_bits;
bio->bi_end_io = verity_end_io;
@@ -646,6 +646,7 @@ static void verity_dtr(struct dm_target
* <algorithm>
* <digest>
* <salt> Hex string or "-" if no salt.
+ * <data start block> Optional. The default is zero.
*/
static int verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
{
@@ -671,8 +672,8 @@ static int verity_ctr(struct dm_target *
goto bad;
}
- if (argc != 10) {
- ti->error = "Invalid argument count: exactly 10 arguments required";
+ if (argc != 10 && argc != 11) {
+ ti->error = "Invalid argument count: 10 or 11 arguments required";
r = -EINVAL;
goto bad;
}
@@ -793,6 +794,19 @@ static int verity_ctr(struct dm_target *
}
}
+ if (argc == 11) {
+ if (sscanf(argv[10], "%llu%c", &num_ll, &dummy) != 1 ||
+ num_ll << (v->data_dev_block_bits - SECTOR_SHIFT) !=
+ (sector_t)num_ll << (v->data_dev_block_bits - SECTOR_SHIFT)) {
+ ti->error = "Invalid data start";
+ r = -EINVAL;
+ goto bad;
+ }
+ v->data_start = num_ll << (v->data_dev_block_bits - SECTOR_SHIFT);
+ } else {
+ v->data_start = 0;
+ }
+
v->hash_per_block_bits =
fls((1 << v->hash_dev_block_bits) / v->digest_size) - 1;
@@ -875,7 +889,7 @@ bad:
static struct target_type verity_target = {
.name = "verity",
- .version = {1, 0, 0},
+ .version = {1, 1, 0},
.module = THIS_MODULE,
.ctr = verity_ctr,
.dtr = verity_dtr,
--- a/Documentation/device-mapper/verity.txt 2012-08-08 11:02:48.558883756 -0700
+++ b/Documentation/device-mapper/verity.txt 2012-08-08 16:50:04.114864090 -0700
@@ -11,6 +11,7 @@ Construction Parameters
<data_block_size> <hash_block_size>
<num_data_blocks> <hash_start_block>
<algorithm> <digest> <salt>
+ [<data_start_block>]
<version>
This is the type of the on-disk hash format.
@@ -62,6 +63,10 @@ Construction Parameters
<salt>
The hexadecimal encoding of the salt value.
+<data_start_block>
+ This is the offset, in <data_block_size>-blocks, from the start of data_dev
+ to the first block of the data.
+
Theory of operation
===================
@@ -138,7 +143,8 @@ Set up a device:
# dmsetup create vroot --readonly --table \
"0 2097152 verity 1 /dev/sda1 /dev/sda2 4096 4096 262144 1 sha256 "\
"4392712ba01368efdf14b05c76f9e4df0d53664630b5d48632ed17a137f39076 "\
- "1234000000000000000000000000000000000000000000000000000000000000"
+ "1234000000000000000000000000000000000000000000000000000000000000 "\
+ "0"
A command line tool veritysetup is available to compute or verify
the hash tree or activate the kernel device. This is available from
Download attachment "signature.asc" of type "application/pgp-signature" (496 bytes)
Powered by blists - more mailing lists