Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1759432Ab2HIAk0 (ORCPT ); Wed, 8 Aug 2012 20:40:26 -0400 Received: from exout102.netflix.com ([69.53.237.163]:42939 "EHLO exout104.netflix.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752881Ab2HIAkY (ORCPT ); Wed, 8 Aug 2012 20:40:24 -0400 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024;d=netflix.com; h=from:to:cc:subject:date:message-id:references:in-reply-to :content-type:mime-version; b=b+CmXYBgsViAjtw+QY9Cx7PRfWC/UMzRJGbuHmgdyRPP7p1X9r7wIvbV4l1QXpzIFKfr4OOc CMkh6Mr5DzKYpBA0JpvIbjaBouLpomTSh2u36LXcF2MKifOMtBtcGVHG9zn2swx7LyWbRLv2 gAVFy1zv26bVSNeg+c0A22616J4= From: Wesley Miaw To: Milan Broz CC: Mikulas Patocka , device-mapper development , Alasdair Kergon , "msb@google.com" , "linux-kernel@vger.kernel.org" , =?Windows-1252?Q?Will_Drewry=99?= Subject: Re: [dm-devel] [PATCH v2 1/2] dm: verity support data device offset (Linux 3.4.7) Thread-Topic: [dm-devel] [PATCH v2 1/2] dm: verity support data device offset (Linux 3.4.7) Thread-Index: AQHNdceP+1MmzaTJnU6WNNgho/xg/A== Date: Thu, 9 Aug 2012 00:40:22 +0000 Message-ID: <0066B4B7-B0FA-4C7F-99C4-0AABB577382C@netflix.com> References: <8893CF66-2E2C-4D8F-9239-E38BE55716AE@netflix.com> <5022CC99.30103@redhat.com> In-Reply-To: <5022CC99.30103@redhat.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [10.2.229.146] Content-Type: multipart/signed; boundary="Apple-Mail=_3C6D505E-6207-4AE9-8F6E-407F18C35D33"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 6252 Lines: 187 --Apple-Mail=_3C6D505E-6207-4AE9-8F6E-407F18C35D33 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On Aug 8, 2012, at 1:31 PM, Milan Broz wrote: > On 08/08/2012 08:46 PM, Mikulas Patocka wrote: >=20 >> The problem with the patch is that it changes interface to the = userspace=20 >> tool. The userspace tool veritysetup already exists in recent = cryptsetup=20 >> package, so we can't change the interface - you should change the = patch so=20 >> that the starting data block is the last argument and the argument is=20= >> optional - so that it is compatible with the existing userspace too. >=20 > yes. Please never change interface without at least increasing target = version. >=20 > I have to add userspace support as well to veritysetup and we need a = way > how to detect that option is supported by running kernel. Apologies if the version increment is incorrect; I was not sure if the = minor or patch number should be incremented. I assume the different = version number is what would be used to detect if the data offset option = is supported. Thanks. From: Wesley Miaw Add data device start block index as optional dm-verity target = parameters to support verity targets where the data does not begin at sector 0 of the = block device. Also fix the hash block index computations so they take into account any = data offset. Signed-off-by: Wesley Miaw --- Documentation/device-mapper/verity.txt | 8 ++++++- drivers/md/dm-verity.c | 24 ++++++++++++++++++----- 2 files changed, 26 insertions(+), 6 deletions(-) --- a/drivers/md/dm-verity.c 2012-08-07 16:03:03.778759000 -0700 +++ b/drivers/md/dm-verity.c 2012-08-08 17:04:16.344682266 -0700 @@ -477,7 +477,7 @@ static int verity_map(struct dm_target * return -EIO; } =20 - if ((bio->bi_sector + bio_sectors(bio)) >> + if ((bio->bi_sector - v->data_start + bio_sectors(bio)) >> (v->data_dev_block_bits - SECTOR_SHIFT) > v->data_blocks) { DMERR_LIMIT("io out of range"); return -EIO; @@ -491,7 +491,7 @@ static int verity_map(struct dm_target * io->bio =3D bio; io->orig_bi_end_io =3D bio->bi_end_io; io->orig_bi_private =3D bio->bi_private; - io->block =3D bio->bi_sector >> (v->data_dev_block_bits - = SECTOR_SHIFT); + io->block =3D (bio->bi_sector - v->data_start) >> = (v->data_dev_block_bits - SECTOR_SHIFT); io->n_blocks =3D bio->bi_size >> v->data_dev_block_bits; =20 bio->bi_end_io =3D verity_end_io; @@ -646,6 +646,7 @@ static void verity_dtr(struct dm_target=20 * * * Hex string or "-" if no salt. + * Optional. The default is zero. */ static int verity_ctr(struct dm_target *ti, unsigned argc, char **argv) { @@ -671,8 +672,8 @@ static int verity_ctr(struct dm_target * goto bad; } =20 - if (argc !=3D 10) { - ti->error =3D "Invalid argument count: exactly 10 = arguments required"; + if (argc !=3D 10 && argc !=3D 11) { + ti->error =3D "Invalid argument count: 10 or 11 = arguments required"; r =3D -EINVAL; goto bad; } @@ -793,6 +794,19 @@ static int verity_ctr(struct dm_target * } } =20 + if (argc =3D=3D 11) { + if (sscanf(argv[10], "%llu%c", &num_ll, &dummy) !=3D 1 = || + num_ll << (v->data_dev_block_bits - = SECTOR_SHIFT) !=3D + (sector_t)num_ll << (v->data_dev_block_bits - = SECTOR_SHIFT)) { + ti->error =3D "Invalid data start"; + r =3D -EINVAL; + goto bad; + } + v->data_start =3D num_ll << (v->data_dev_block_bits - = SECTOR_SHIFT); + } else { + v->data_start =3D 0; + } + v->hash_per_block_bits =3D fls((1 << v->hash_dev_block_bits) / v->digest_size) - 1; =20 @@ -875,7 +889,7 @@ bad: =20 static struct target_type verity_target =3D { .name =3D "verity", - .version =3D {1, 0, 0}, + .version =3D {1, 1, 0}, .module =3D THIS_MODULE, .ctr =3D verity_ctr, .dtr =3D verity_dtr, --- a/Documentation/device-mapper/verity.txt 2012-08-08 = 11:02:48.558883756 -0700 +++ b/Documentation/device-mapper/verity.txt 2012-08-08 = 16:50:04.114864090 -0700 @@ -11,6 +11,7 @@ Construction Parameters + [] =20 This is the type of the on-disk hash format. @@ -62,6 +63,10 @@ Construction Parameters The hexadecimal encoding of the salt value. =20 + + This is the offset, in -blocks, from the start of = data_dev + to the first block of the data. + Theory of operation =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 @@ -138,7 +143,8 @@ Set up a device: # dmsetup create vroot --readonly --table \ "0 2097152 verity 1 /dev/sda1 /dev/sda2 4096 4096 262144 1 sha256 = "\ "4392712ba01368efdf14b05c76f9e4df0d53664630b5d48632ed17a137f39076 = "\ - "1234000000000000000000000000000000000000000000000000000000000000" + "1234000000000000000000000000000000000000000000000000000000000000 = "\ + "0" =20 A command line tool veritysetup is available to compute or verify the hash tree or activate the kernel device. This is available from --Apple-Mail=_3C6D505E-6207-4AE9-8F6E-407F18C35D33 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="signature.asc" Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) iQEcBAEBAgAGBQJQIwb2AAoJELoPFVk1ivvRFbQIAIaiUmz1ylOnEOyl36dGIPzr Ms+12z8sq0ACDh5bozNaTEDsonRGZNbkBU+y36Sliw0CGuXp3UfK61dtHO83gAD0 6cqY6NIYFAXETHPNFgtHzGck5ZaLfxtoaxqnNtkCMp9f+hz6vrEXMzW7164ujCst 8Lmfg4XSLpL0+qlxiX7Mhchtx2MBn5aDN0lkWsIMxrPbzVDABoKF5ycJo7YrTV9L eQJFuP0+mX/Lc+KmhNh6ndYIWEFAjJSsvZfCi1OVA2VJ6vSWXXE511pSjwus7IWm vrzfC5CBFw1m1yP/dRdMA8JYoDhBNTJl+8bFmVD3vVXwjosVzRo7mxkekI0DG68= =p/kG -----END PGP SIGNATURE----- --Apple-Mail=_3C6D505E-6207-4AE9-8F6E-407F18C35D33-- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/