Re: [dm-devel] [PATCH v2 1/2] dm: verity support data device offset (Linux 3.4.7)

Wed, 08 Aug 2012 17:40:49 -0700 

On Aug 8, 2012, at 1:31 PM, Milan Broz wrote:

> On 08/08/2012 08:46 PM, Mikulas Patocka wrote:
> 
>> The problem with the patch is that it changes interface to the userspace 
>> tool. The userspace tool veritysetup already exists in recent cryptsetup 
>> package, so we can't change the interface - you should change the patch so 
>> that the starting data block is the last argument and the argument is 
>> optional - so that it is compatible with the existing userspace too.
> 
> yes. Please never change interface without at least increasing target version.
> 
> I have to add userspace support as well to veritysetup and we need a way
> how to detect that option is supported by running kernel.

Apologies if the version increment is incorrect; I was not sure if the minor or 
patch number should be incremented. I assume the different version number is 
what would be used to detect if the data offset option is supported. Thanks.

From: Wesley Miaw <wm...@netflix.com>

Add data device start block index as optional dm-verity target parameters to
support verity targets where the data does not begin at sector 0 of the block
device.

Also fix the hash block index computations so they take into account any data
offset.

Signed-off-by: Wesley Miaw <wm...@netflix.com>
---
 Documentation/device-mapper/verity.txt |    8 ++++++-
 drivers/md/dm-verity.c                 |   24 ++++++++++++++++++-----
 2 files changed, 26 insertions(+), 6 deletions(-)
--- a/drivers/md/dm-verity.c    2012-08-07 16:03:03.778759000 -0700
+++ b/drivers/md/dm-verity.c    2012-08-08 17:04:16.344682266 -0700
@@ -477,7 +477,7 @@ static int verity_map(struct dm_target *
                return -EIO;
        }
 
-       if ((bio->bi_sector + bio_sectors(bio)) >>
+       if ((bio->bi_sector - v->data_start + bio_sectors(bio)) >>
            (v->data_dev_block_bits - SECTOR_SHIFT) > v->data_blocks) {
                DMERR_LIMIT("io out of range");
                return -EIO;
@@ -491,7 +491,7 @@ static int verity_map(struct dm_target *
        io->bio = bio;
        io->orig_bi_end_io = bio->bi_end_io;
        io->orig_bi_private = bio->bi_private;
-       io->block = bio->bi_sector >> (v->data_dev_block_bits - SECTOR_SHIFT);
+       io->block = (bio->bi_sector - v->data_start) >> (v->data_dev_block_bits 
- SECTOR_SHIFT);
        io->n_blocks = bio->bi_size >> v->data_dev_block_bits;
 
        bio->bi_end_io = verity_end_io;
@@ -646,6 +646,7 @@ static void verity_dtr(struct dm_target 
  *     <algorithm>
  *     <digest>
  *     <salt>          Hex string or "-" if no salt.
+ *     <data start block>              Optional. The default is zero.
  */
 static int verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
 {
@@ -671,8 +672,8 @@ static int verity_ctr(struct dm_target *
                goto bad;
        }
 
-       if (argc != 10) {
-               ti->error = "Invalid argument count: exactly 10 arguments 
required";
+       if (argc != 10 && argc != 11) {
+               ti->error = "Invalid argument count: 10 or 11 arguments 
required";
                r = -EINVAL;
                goto bad;
        }
@@ -793,6 +794,19 @@ static int verity_ctr(struct dm_target *
                }
        }
 
+       if (argc == 11) {
+               if (sscanf(argv[10], "%llu%c", &num_ll, &dummy) != 1 ||
+                       num_ll << (v->data_dev_block_bits - SECTOR_SHIFT) !=
+                       (sector_t)num_ll << (v->data_dev_block_bits - 
SECTOR_SHIFT)) {
+                       ti->error = "Invalid data start";
+                       r = -EINVAL;
+                       goto bad;
+               }
+               v->data_start = num_ll << (v->data_dev_block_bits - 
SECTOR_SHIFT);
+       } else {
+               v->data_start = 0;
+       }
+
        v->hash_per_block_bits =
                fls((1 << v->hash_dev_block_bits) / v->digest_size) - 1;
 
@@ -875,7 +889,7 @@ bad:
 
 static struct target_type verity_target = {
        .name           = "verity",
-       .version        = {1, 0, 0},
+       .version        = {1, 1, 0},
        .module         = THIS_MODULE,
        .ctr            = verity_ctr,
        .dtr            = verity_dtr,
--- a/Documentation/device-mapper/verity.txt    2012-08-08 11:02:48.558883756 
-0700
+++ b/Documentation/device-mapper/verity.txt    2012-08-08 16:50:04.114864090 
-0700
@@ -11,6 +11,7 @@ Construction Parameters
     <data_block_size> <hash_block_size>
     <num_data_blocks> <hash_start_block>
     <algorithm> <digest> <salt>
+    [<data_start_block>]
 
 <version>
     This is the type of the on-disk hash format.
@@ -62,6 +63,10 @@ Construction Parameters
 <salt>
     The hexadecimal encoding of the salt value.
 
+<data_start_block>
+    This is the offset, in <data_block_size>-blocks, from the start of data_dev
+    to the first block of the data.
+
 Theory of operation
 ===================
 
@@ -138,7 +143,8 @@ Set up a device:
   # dmsetup create vroot --readonly --table \
     "0 2097152 verity 1 /dev/sda1 /dev/sda2 4096 4096 262144 1 sha256 "\
     "4392712ba01368efdf14b05c76f9e4df0d53664630b5d48632ed17a137f39076 "\
-    "1234000000000000000000000000000000000000000000000000000000000000"
+    "1234000000000000000000000000000000000000000000000000000000000000 "\
+    "0"
 
 A command line tool veritysetup is available to compute or verify
 the hash tree or activate the kernel device. This is available from

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Reply via email to