1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Copyright (C) 2015 Google, Inc.
4 *
5 * Author: Sami Tolvanen <samitolvanen@google.com>
6 */
7
8#include "dm-verity-fec.h"
9#include <linux/math64.h>
10
11#define DM_MSG_PREFIX "verity-fec"
12
13/*
14 * If error correction has been configured, returns true.
15 */
16bool verity_fec_is_enabled(struct dm_verity *v)
17{
18 return v->fec && v->fec->dev;
19}
20
21/*
22 * Return a pointer to dm_verity_fec_io after dm_verity_io and its variable
23 * length fields.
24 */
25static inline struct dm_verity_fec_io *fec_io(struct dm_verity_io *io)
26{
27 return (struct dm_verity_fec_io *)
28 ((char *)io + io->v->ti->per_io_data_size - sizeof(struct dm_verity_fec_io));
29}
30
31/*
32 * Return an interleaved offset for a byte in RS block.
33 */
34static inline u64 fec_interleave(struct dm_verity *v, u64 offset)
35{
36 u32 mod;
37
38 mod = do_div(offset, v->fec->rsn);
39 return offset + mod * (v->fec->rounds << v->data_dev_block_bits);
40}
41
42/*
43 * Read error-correcting codes for the requested RS block. Returns a pointer
44 * to the data block. Caller is responsible for releasing buf.
45 */
46static u8 *fec_read_parity(struct dm_verity *v, u64 rsb, int index,
47 unsigned int *offset, unsigned int par_buf_offset,
48 struct dm_buffer **buf, unsigned short ioprio)
49{
50 u64 position, block, rem;
51 u8 *res;
52
53 /* We have already part of parity bytes read, skip to the next block */
54 if (par_buf_offset)
55 index++;
56
57 position = (index + rsb) * v->fec->roots;
58 block = div64_u64_rem(dividend: position, divisor: v->fec->io_size, remainder: &rem);
59 *offset = par_buf_offset ? 0 : (unsigned int)rem;
60
61 res = dm_bufio_read_with_ioprio(c: v->fec->bufio, block, bp: buf, ioprio);
62 if (IS_ERR(ptr: res)) {
63 DMERR("%s: FEC %llu: parity read failed (block %llu): %ld",
64 v->data_dev->name, (unsigned long long)rsb,
65 (unsigned long long)block, PTR_ERR(res));
66 *buf = NULL;
67 }
68
69 return res;
70}
71
72/* Loop over each preallocated buffer slot. */
73#define fec_for_each_prealloc_buffer(__i) \
74 for (__i = 0; __i < DM_VERITY_FEC_BUF_PREALLOC; __i++)
75
76/* Loop over each extra buffer slot. */
77#define fec_for_each_extra_buffer(io, __i) \
78 for (__i = DM_VERITY_FEC_BUF_PREALLOC; __i < DM_VERITY_FEC_BUF_MAX; __i++)
79
80/* Loop over each allocated buffer. */
81#define fec_for_each_buffer(io, __i) \
82 for (__i = 0; __i < (io)->nbufs; __i++)
83
84/* Loop over each RS block in each allocated buffer. */
85#define fec_for_each_buffer_rs_block(io, __i, __j) \
86 fec_for_each_buffer(io, __i) \
87 for (__j = 0; __j < 1 << DM_VERITY_FEC_BUF_RS_BITS; __j++)
88
89/*
90 * Return a pointer to the current RS block when called inside
91 * fec_for_each_buffer_rs_block.
92 */
93static inline u8 *fec_buffer_rs_block(struct dm_verity *v,
94 struct dm_verity_fec_io *fio,
95 unsigned int i, unsigned int j)
96{
97 return &fio->bufs[i][j * v->fec->rsn];
98}
99
100/*
101 * Return an index to the current RS block when called inside
102 * fec_for_each_buffer_rs_block.
103 */
104static inline unsigned int fec_buffer_rs_index(unsigned int i, unsigned int j)
105{
106 return (i << DM_VERITY_FEC_BUF_RS_BITS) + j;
107}
108
109/*
110 * Decode all RS blocks from buffers and copy corrected bytes into fio->output
111 * starting from block_offset.
112 */
113static int fec_decode_bufs(struct dm_verity *v, struct dm_verity_io *io,
114 struct dm_verity_fec_io *fio, u64 rsb, int byte_index,
115 unsigned int block_offset, int neras)
116{
117 int r, corrected = 0, res;
118 struct dm_buffer *buf;
119 unsigned int n, i, j, offset, par_buf_offset = 0;
120 uint16_t par_buf[DM_VERITY_FEC_RSM - DM_VERITY_FEC_MIN_RSN];
121 u8 *par, *block;
122 struct bio *bio = dm_bio_from_per_bio_data(data: io, data_size: v->ti->per_io_data_size);
123
124 par = fec_read_parity(v, rsb, index: block_offset, offset: &offset,
125 par_buf_offset, buf: &buf, ioprio: bio->bi_ioprio);
126 if (IS_ERR(ptr: par))
127 return PTR_ERR(ptr: par);
128
129 /*
130 * Decode the RS blocks we have in bufs. Each RS block results in
131 * one corrected target byte and consumes fec->roots parity bytes.
132 */
133 fec_for_each_buffer_rs_block(fio, n, i) {
134 block = fec_buffer_rs_block(v, fio, i: n, j: i);
135 for (j = 0; j < v->fec->roots - par_buf_offset; j++)
136 par_buf[par_buf_offset + j] = par[offset + j];
137 /* Decode an RS block using Reed-Solomon */
138 res = decode_rs8(rs: fio->rs, data: block, par: par_buf, len: v->fec->rsn,
139 NULL, no_eras: neras, eras_pos: fio->erasures, invmsk: 0, NULL);
140 if (res < 0) {
141 r = res;
142 goto error;
143 }
144
145 corrected += res;
146 fio->output[block_offset] = block[byte_index];
147
148 block_offset++;
149 if (block_offset >= 1 << v->data_dev_block_bits)
150 goto done;
151
152 /* Read the next block when we run out of parity bytes */
153 offset += (v->fec->roots - par_buf_offset);
154 /* Check if parity bytes are split between blocks */
155 if (offset < v->fec->io_size && (offset + v->fec->roots) > v->fec->io_size) {
156 par_buf_offset = v->fec->io_size - offset;
157 for (j = 0; j < par_buf_offset; j++)
158 par_buf[j] = par[offset + j];
159 offset += par_buf_offset;
160 } else
161 par_buf_offset = 0;
162
163 if (offset >= v->fec->io_size) {
164 dm_bufio_release(b: buf);
165
166 par = fec_read_parity(v, rsb, index: block_offset, offset: &offset,
167 par_buf_offset, buf: &buf, ioprio: bio->bi_ioprio);
168 if (IS_ERR(ptr: par))
169 return PTR_ERR(ptr: par);
170 }
171 }
172done:
173 r = corrected;
174error:
175 dm_bufio_release(b: buf);
176
177 if (r < 0 && neras)
178 DMERR_LIMIT("%s: FEC %llu: failed to correct: %d",
179 v->data_dev->name, (unsigned long long)rsb, r);
180 else if (r > 0)
181 DMWARN_LIMIT("%s: FEC %llu: corrected %d errors",
182 v->data_dev->name, (unsigned long long)rsb, r);
183
184 return r;
185}
186
187/*
188 * Locate data block erasures using verity hashes.
189 */
190static int fec_is_erasure(struct dm_verity *v, struct dm_verity_io *io,
191 u8 *want_digest, u8 *data)
192{
193 if (unlikely(verity_hash(v, io, data, 1 << v->data_dev_block_bits,
194 verity_io_real_digest(v, io), true)))
195 return 0;
196
197 return memcmp(p: verity_io_real_digest(v, io), q: want_digest,
198 size: v->digest_size) != 0;
199}
200
201/*
202 * Read data blocks that are part of the RS block and deinterleave as much as
203 * fits into buffers. Check for erasure locations if @neras is non-NULL.
204 */
205static int fec_read_bufs(struct dm_verity *v, struct dm_verity_io *io,
206 u64 rsb, u64 target, unsigned int block_offset,
207 int *neras)
208{
209 bool is_zero;
210 int i, j, target_index = -1;
211 struct dm_buffer *buf;
212 struct dm_bufio_client *bufio;
213 struct dm_verity_fec_io *fio = fec_io(io);
214 u64 block, ileaved;
215 u8 *bbuf, *rs_block;
216 u8 want_digest[HASH_MAX_DIGESTSIZE];
217 unsigned int n, k;
218 struct bio *bio = dm_bio_from_per_bio_data(data: io, data_size: v->ti->per_io_data_size);
219
220 if (neras)
221 *neras = 0;
222
223 if (WARN_ON(v->digest_size > sizeof(want_digest)))
224 return -EINVAL;
225
226 /*
227 * read each of the rsn data blocks that are part of the RS block, and
228 * interleave contents to available bufs
229 */
230 for (i = 0; i < v->fec->rsn; i++) {
231 ileaved = fec_interleave(v, offset: rsb * v->fec->rsn + i);
232
233 /*
234 * target is the data block we want to correct, target_index is
235 * the index of this block within the rsn RS blocks
236 */
237 if (ileaved == target)
238 target_index = i;
239
240 block = ileaved >> v->data_dev_block_bits;
241 bufio = v->fec->data_bufio;
242
243 if (block >= v->data_blocks) {
244 block -= v->data_blocks;
245
246 /*
247 * blocks outside the area were assumed to contain
248 * zeros when encoding data was generated
249 */
250 if (unlikely(block >= v->fec->hash_blocks))
251 continue;
252
253 block += v->hash_start;
254 bufio = v->bufio;
255 }
256
257 bbuf = dm_bufio_read_with_ioprio(c: bufio, block, bp: &buf, ioprio: bio->bi_ioprio);
258 if (IS_ERR(ptr: bbuf)) {
259 DMWARN_LIMIT("%s: FEC %llu: read failed (%llu): %ld",
260 v->data_dev->name,
261 (unsigned long long)rsb,
262 (unsigned long long)block, PTR_ERR(bbuf));
263
264 /* assume the block is corrupted */
265 if (neras && *neras <= v->fec->roots)
266 fio->erasures[(*neras)++] = i;
267
268 continue;
269 }
270
271 /* locate erasures if the block is on the data device */
272 if (bufio == v->fec->data_bufio &&
273 verity_hash_for_block(v, io, block, digest: want_digest,
274 is_zero: &is_zero) == 0) {
275 /* skip known zero blocks entirely */
276 if (is_zero)
277 goto done;
278
279 /*
280 * skip if we have already found the theoretical
281 * maximum number (i.e. fec->roots) of erasures
282 */
283 if (neras && *neras <= v->fec->roots &&
284 fec_is_erasure(v, io, want_digest, data: bbuf))
285 fio->erasures[(*neras)++] = i;
286 }
287
288 /*
289 * deinterleave and copy the bytes that fit into bufs,
290 * starting from block_offset
291 */
292 fec_for_each_buffer_rs_block(fio, n, j) {
293 k = fec_buffer_rs_index(i: n, j) + block_offset;
294
295 if (k >= 1 << v->data_dev_block_bits)
296 goto done;
297
298 rs_block = fec_buffer_rs_block(v, fio, i: n, j);
299 rs_block[i] = bbuf[k];
300 }
301done:
302 dm_bufio_release(b: buf);
303 }
304
305 return target_index;
306}
307
308/*
309 * Allocate RS control structure and FEC buffers from preallocated mempools,
310 * and attempt to allocate as many extra buffers as available.
311 */
312static int fec_alloc_bufs(struct dm_verity *v, struct dm_verity_fec_io *fio)
313{
314 unsigned int n;
315
316 if (!fio->rs)
317 fio->rs = mempool_alloc(&v->fec->rs_pool, GFP_NOIO);
318
319 fec_for_each_prealloc_buffer(n) {
320 if (fio->bufs[n])
321 continue;
322
323 fio->bufs[n] = mempool_alloc(&v->fec->prealloc_pool, GFP_NOWAIT);
324 if (unlikely(!fio->bufs[n])) {
325 DMERR("failed to allocate FEC buffer");
326 return -ENOMEM;
327 }
328 }
329
330 /* try to allocate the maximum number of buffers */
331 fec_for_each_extra_buffer(fio, n) {
332 if (fio->bufs[n])
333 continue;
334
335 fio->bufs[n] = mempool_alloc(&v->fec->extra_pool, GFP_NOWAIT);
336 /* we can manage with even one buffer if necessary */
337 if (unlikely(!fio->bufs[n]))
338 break;
339 }
340 fio->nbufs = n;
341
342 if (!fio->output)
343 fio->output = mempool_alloc(&v->fec->output_pool, GFP_NOIO);
344
345 return 0;
346}
347
348/*
349 * Initialize buffers and clear erasures. fec_read_bufs() assumes buffers are
350 * zeroed before deinterleaving.
351 */
352static void fec_init_bufs(struct dm_verity *v, struct dm_verity_fec_io *fio)
353{
354 unsigned int n;
355
356 fec_for_each_buffer(fio, n)
357 memset(fio->bufs[n], 0, v->fec->rsn << DM_VERITY_FEC_BUF_RS_BITS);
358
359 memset(fio->erasures, 0, sizeof(fio->erasures));
360}
361
362/*
363 * Decode all RS blocks in a single data block and return the target block
364 * (indicated by @offset) in fio->output. If @use_erasures is non-zero, uses
365 * hashes to locate erasures.
366 */
367static int fec_decode_rsb(struct dm_verity *v, struct dm_verity_io *io,
368 struct dm_verity_fec_io *fio, u64 rsb, u64 offset,
369 bool use_erasures)
370{
371 int r, neras = 0;
372 unsigned int pos;
373
374 r = fec_alloc_bufs(v, fio);
375 if (unlikely(r < 0))
376 return r;
377
378 for (pos = 0; pos < 1 << v->data_dev_block_bits; ) {
379 fec_init_bufs(v, fio);
380
381 r = fec_read_bufs(v, io, rsb, target: offset, block_offset: pos,
382 neras: use_erasures ? &neras : NULL);
383 if (unlikely(r < 0))
384 return r;
385
386 r = fec_decode_bufs(v, io, fio, rsb, byte_index: r, block_offset: pos, neras);
387 if (r < 0)
388 return r;
389
390 pos += fio->nbufs << DM_VERITY_FEC_BUF_RS_BITS;
391 }
392
393 /* Always re-validate the corrected block against the expected hash */
394 r = verity_hash(v, io, data: fio->output, len: 1 << v->data_dev_block_bits,
395 digest: verity_io_real_digest(v, io), may_sleep: true);
396 if (unlikely(r < 0))
397 return r;
398
399 if (memcmp(p: verity_io_real_digest(v, io), q: verity_io_want_digest(v, io),
400 size: v->digest_size)) {
401 DMERR_LIMIT("%s: FEC %llu: failed to correct (%d erasures)",
402 v->data_dev->name, (unsigned long long)rsb, neras);
403 return -EILSEQ;
404 }
405
406 return 0;
407}
408
409/* Correct errors in a block. Copies corrected block to dest. */
410int verity_fec_decode(struct dm_verity *v, struct dm_verity_io *io,
411 enum verity_block_type type, sector_t block, u8 *dest)
412{
413 int r;
414 struct dm_verity_fec_io *fio = fec_io(io);
415 u64 offset, res, rsb;
416
417 if (!verity_fec_is_enabled(v))
418 return -EOPNOTSUPP;
419
420 if (fio->level >= DM_VERITY_FEC_MAX_RECURSION) {
421 DMWARN_LIMIT("%s: FEC: recursion too deep", v->data_dev->name);
422 return -EIO;
423 }
424
425 fio->level++;
426
427 if (type == DM_VERITY_BLOCK_TYPE_METADATA)
428 block = block - v->hash_start + v->data_blocks;
429
430 /*
431 * For RS(M, N), the continuous FEC data is divided into blocks of N
432 * bytes. Since block size may not be divisible by N, the last block
433 * is zero padded when decoding.
434 *
435 * Each byte of the block is covered by a different RS(M, N) code,
436 * and each code is interleaved over N blocks to make it less likely
437 * that bursty corruption will leave us in unrecoverable state.
438 */
439
440 offset = block << v->data_dev_block_bits;
441 res = div64_u64(dividend: offset, divisor: v->fec->rounds << v->data_dev_block_bits);
442
443 /*
444 * The base RS block we can feed to the interleaver to find out all
445 * blocks required for decoding.
446 */
447 rsb = offset - res * (v->fec->rounds << v->data_dev_block_bits);
448
449 /*
450 * Locating erasures is slow, so attempt to recover the block without
451 * them first. Do a second attempt with erasures if the corruption is
452 * bad enough.
453 */
454 r = fec_decode_rsb(v, io, fio, rsb, offset, use_erasures: false);
455 if (r < 0) {
456 r = fec_decode_rsb(v, io, fio, rsb, offset, use_erasures: true);
457 if (r < 0)
458 goto done;
459 }
460
461 memcpy(dest, fio->output, 1 << v->data_dev_block_bits);
462
463done:
464 fio->level--;
465 return r;
466}
467
468/*
469 * Clean up per-bio data.
470 */
471void verity_fec_finish_io(struct dm_verity_io *io)
472{
473 unsigned int n;
474 struct dm_verity_fec *f = io->v->fec;
475 struct dm_verity_fec_io *fio = fec_io(io);
476
477 if (!verity_fec_is_enabled(v: io->v))
478 return;
479
480 mempool_free(element: fio->rs, pool: &f->rs_pool);
481
482 fec_for_each_prealloc_buffer(n)
483 mempool_free(element: fio->bufs[n], pool: &f->prealloc_pool);
484
485 fec_for_each_extra_buffer(fio, n)
486 mempool_free(element: fio->bufs[n], pool: &f->extra_pool);
487
488 mempool_free(element: fio->output, pool: &f->output_pool);
489}
490
491/*
492 * Initialize per-bio data.
493 */
494void verity_fec_init_io(struct dm_verity_io *io)
495{
496 struct dm_verity_fec_io *fio = fec_io(io);
497
498 if (!verity_fec_is_enabled(v: io->v))
499 return;
500
501 fio->rs = NULL;
502 memset(fio->bufs, 0, sizeof(fio->bufs));
503 fio->nbufs = 0;
504 fio->output = NULL;
505 fio->level = 0;
506}
507
508/*
509 * Append feature arguments and values to the status table.
510 */
511unsigned int verity_fec_status_table(struct dm_verity *v, unsigned int sz,
512 char *result, unsigned int maxlen)
513{
514 if (!verity_fec_is_enabled(v))
515 return sz;
516
517 DMEMIT(" " DM_VERITY_OPT_FEC_DEV " %s "
518 DM_VERITY_OPT_FEC_BLOCKS " %llu "
519 DM_VERITY_OPT_FEC_START " %llu "
520 DM_VERITY_OPT_FEC_ROOTS " %d",
521 v->fec->dev->name,
522 (unsigned long long)v->fec->blocks,
523 (unsigned long long)v->fec->start,
524 v->fec->roots);
525
526 return sz;
527}
528
529void verity_fec_dtr(struct dm_verity *v)
530{
531 struct dm_verity_fec *f = v->fec;
532
533 if (!verity_fec_is_enabled(v))
534 goto out;
535
536 mempool_exit(pool: &f->rs_pool);
537 mempool_exit(pool: &f->prealloc_pool);
538 mempool_exit(pool: &f->extra_pool);
539 mempool_exit(pool: &f->output_pool);
540 kmem_cache_destroy(s: f->cache);
541
542 if (f->data_bufio)
543 dm_bufio_client_destroy(c: f->data_bufio);
544 if (f->bufio)
545 dm_bufio_client_destroy(c: f->bufio);
546
547 if (f->dev)
548 dm_put_device(ti: v->ti, d: f->dev);
549out:
550 kfree(objp: f);
551 v->fec = NULL;
552}
553
554static void *fec_rs_alloc(gfp_t gfp_mask, void *pool_data)
555{
556 struct dm_verity *v = pool_data;
557
558 return init_rs_gfp(symsize: 8, gfpoly: 0x11d, fcr: 0, prim: 1, nroots: v->fec->roots, gfp: gfp_mask);
559}
560
561static void fec_rs_free(void *element, void *pool_data)
562{
563 struct rs_control *rs = element;
564
565 if (rs)
566 free_rs(rs);
567}
568
569bool verity_is_fec_opt_arg(const char *arg_name)
570{
571 return (!strcasecmp(s1: arg_name, DM_VERITY_OPT_FEC_DEV) ||
572 !strcasecmp(s1: arg_name, DM_VERITY_OPT_FEC_BLOCKS) ||
573 !strcasecmp(s1: arg_name, DM_VERITY_OPT_FEC_START) ||
574 !strcasecmp(s1: arg_name, DM_VERITY_OPT_FEC_ROOTS));
575}
576
577int verity_fec_parse_opt_args(struct dm_arg_set *as, struct dm_verity *v,
578 unsigned int *argc, const char *arg_name)
579{
580 int r;
581 struct dm_target *ti = v->ti;
582 const char *arg_value;
583 unsigned long long num_ll;
584 unsigned char num_c;
585 char dummy;
586
587 if (!*argc) {
588 ti->error = "FEC feature arguments require a value";
589 return -EINVAL;
590 }
591
592 arg_value = dm_shift_arg(as);
593 (*argc)--;
594
595 if (!strcasecmp(s1: arg_name, DM_VERITY_OPT_FEC_DEV)) {
596 if (v->fec->dev) {
597 ti->error = "FEC device already specified";
598 return -EINVAL;
599 }
600 r = dm_get_device(ti, path: arg_value, BLK_OPEN_READ, result: &v->fec->dev);
601 if (r) {
602 ti->error = "FEC device lookup failed";
603 return r;
604 }
605
606 } else if (!strcasecmp(s1: arg_name, DM_VERITY_OPT_FEC_BLOCKS)) {
607 if (sscanf(arg_value, "%llu%c", &num_ll, &dummy) != 1 ||
608 ((sector_t)(num_ll << (v->data_dev_block_bits - SECTOR_SHIFT))
609 >> (v->data_dev_block_bits - SECTOR_SHIFT) != num_ll)) {
610 ti->error = "Invalid " DM_VERITY_OPT_FEC_BLOCKS;
611 return -EINVAL;
612 }
613 v->fec->blocks = num_ll;
614
615 } else if (!strcasecmp(s1: arg_name, DM_VERITY_OPT_FEC_START)) {
616 if (sscanf(arg_value, "%llu%c", &num_ll, &dummy) != 1 ||
617 ((sector_t)(num_ll << (v->data_dev_block_bits - SECTOR_SHIFT)) >>
618 (v->data_dev_block_bits - SECTOR_SHIFT) != num_ll)) {
619 ti->error = "Invalid " DM_VERITY_OPT_FEC_START;
620 return -EINVAL;
621 }
622 v->fec->start = num_ll;
623
624 } else if (!strcasecmp(s1: arg_name, DM_VERITY_OPT_FEC_ROOTS)) {
625 if (sscanf(arg_value, "%hhu%c", &num_c, &dummy) != 1 || !num_c ||
626 num_c < (DM_VERITY_FEC_RSM - DM_VERITY_FEC_MAX_RSN) ||
627 num_c > (DM_VERITY_FEC_RSM - DM_VERITY_FEC_MIN_RSN)) {
628 ti->error = "Invalid " DM_VERITY_OPT_FEC_ROOTS;
629 return -EINVAL;
630 }
631 v->fec->roots = num_c;
632
633 } else {
634 ti->error = "Unrecognized verity FEC feature request";
635 return -EINVAL;
636 }
637
638 return 0;
639}
640
641/*
642 * Allocate dm_verity_fec for v->fec. Must be called before verity_fec_ctr.
643 */
644int verity_fec_ctr_alloc(struct dm_verity *v)
645{
646 struct dm_verity_fec *f;
647
648 f = kzalloc(sizeof(struct dm_verity_fec), GFP_KERNEL);
649 if (!f) {
650 v->ti->error = "Cannot allocate FEC structure";
651 return -ENOMEM;
652 }
653 v->fec = f;
654
655 return 0;
656}
657
658/*
659 * Validate arguments and preallocate memory. Must be called after arguments
660 * have been parsed using verity_fec_parse_opt_args.
661 */
662int verity_fec_ctr(struct dm_verity *v)
663{
664 struct dm_verity_fec *f = v->fec;
665 struct dm_target *ti = v->ti;
666 u64 hash_blocks, fec_blocks;
667 int ret;
668
669 if (!verity_fec_is_enabled(v)) {
670 verity_fec_dtr(v);
671 return 0;
672 }
673
674 /*
675 * FEC is computed over data blocks, possible metadata, and
676 * hash blocks. In other words, FEC covers total of fec_blocks
677 * blocks consisting of the following:
678 *
679 * data blocks | hash blocks | metadata (optional)
680 *
681 * We allow metadata after hash blocks to support a use case
682 * where all data is stored on the same device and FEC covers
683 * the entire area.
684 *
685 * If metadata is included, we require it to be available on the
686 * hash device after the hash blocks.
687 */
688
689 hash_blocks = v->hash_blocks - v->hash_start;
690
691 /*
692 * Require matching block sizes for data and hash devices for
693 * simplicity.
694 */
695 if (v->data_dev_block_bits != v->hash_dev_block_bits) {
696 ti->error = "Block sizes must match to use FEC";
697 return -EINVAL;
698 }
699
700 if (!f->roots) {
701 ti->error = "Missing " DM_VERITY_OPT_FEC_ROOTS;
702 return -EINVAL;
703 }
704 f->rsn = DM_VERITY_FEC_RSM - f->roots;
705
706 if (!f->blocks) {
707 ti->error = "Missing " DM_VERITY_OPT_FEC_BLOCKS;
708 return -EINVAL;
709 }
710
711 f->rounds = f->blocks;
712 if (sector_div(f->rounds, f->rsn))
713 f->rounds++;
714
715 /*
716 * Due to optional metadata, f->blocks can be larger than
717 * data_blocks and hash_blocks combined.
718 */
719 if (f->blocks < v->data_blocks + hash_blocks || !f->rounds) {
720 ti->error = "Invalid " DM_VERITY_OPT_FEC_BLOCKS;
721 return -EINVAL;
722 }
723
724 /*
725 * Metadata is accessed through the hash device, so we require
726 * it to be large enough.
727 */
728 f->hash_blocks = f->blocks - v->data_blocks;
729 if (dm_bufio_get_device_size(c: v->bufio) < f->hash_blocks) {
730 ti->error = "Hash device is too small for "
731 DM_VERITY_OPT_FEC_BLOCKS;
732 return -E2BIG;
733 }
734
735 f->io_size = 1 << v->data_dev_block_bits;
736
737 f->bufio = dm_bufio_client_create(bdev: f->dev->bdev,
738 block_size: f->io_size,
739 reserved_buffers: 1, aux_size: 0, NULL, NULL, flags: 0);
740 if (IS_ERR(ptr: f->bufio)) {
741 ti->error = "Cannot initialize FEC bufio client";
742 return PTR_ERR(ptr: f->bufio);
743 }
744
745 dm_bufio_set_sector_offset(c: f->bufio, start: f->start << (v->data_dev_block_bits - SECTOR_SHIFT));
746
747 fec_blocks = div64_u64(dividend: f->rounds * f->roots, divisor: v->fec->roots << SECTOR_SHIFT);
748 if (dm_bufio_get_device_size(c: f->bufio) < fec_blocks) {
749 ti->error = "FEC device is too small";
750 return -E2BIG;
751 }
752
753 f->data_bufio = dm_bufio_client_create(bdev: v->data_dev->bdev,
754 block_size: 1 << v->data_dev_block_bits,
755 reserved_buffers: 1, aux_size: 0, NULL, NULL, flags: 0);
756 if (IS_ERR(ptr: f->data_bufio)) {
757 ti->error = "Cannot initialize FEC data bufio client";
758 return PTR_ERR(ptr: f->data_bufio);
759 }
760
761 if (dm_bufio_get_device_size(c: f->data_bufio) < v->data_blocks) {
762 ti->error = "Data device is too small";
763 return -E2BIG;
764 }
765
766 /* Preallocate an rs_control structure for each worker thread */
767 ret = mempool_init(&f->rs_pool, num_online_cpus(), fec_rs_alloc,
768 fec_rs_free, (void *) v);
769 if (ret) {
770 ti->error = "Cannot allocate RS pool";
771 return ret;
772 }
773
774 f->cache = kmem_cache_create("dm_verity_fec_buffers",
775 f->rsn << DM_VERITY_FEC_BUF_RS_BITS,
776 0, 0, NULL);
777 if (!f->cache) {
778 ti->error = "Cannot create FEC buffer cache";
779 return -ENOMEM;
780 }
781
782 /* Preallocate DM_VERITY_FEC_BUF_PREALLOC buffers for each thread */
783 ret = mempool_init_slab_pool(&f->prealloc_pool, num_online_cpus() *
784 DM_VERITY_FEC_BUF_PREALLOC,
785 f->cache);
786 if (ret) {
787 ti->error = "Cannot allocate FEC buffer prealloc pool";
788 return ret;
789 }
790
791 ret = mempool_init_slab_pool(&f->extra_pool, 0, f->cache);
792 if (ret) {
793 ti->error = "Cannot allocate FEC buffer extra pool";
794 return ret;
795 }
796
797 /* Preallocate an output buffer for each thread */
798 ret = mempool_init_kmalloc_pool(&f->output_pool, num_online_cpus(),
799 1 << v->data_dev_block_bits);
800 if (ret) {
801 ti->error = "Cannot allocate FEC output pool";
802 return ret;
803 }
804
805 /* Reserve space for our per-bio data */
806 ti->per_io_data_size += sizeof(struct dm_verity_fec_io);
807
808 return 0;
809}
810

source code of linux/drivers/md/dm-verity-fec.c