Commit 5014bebe authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'for-6.15/dm-changes' of... 

Merge tag 'for-6.15/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm

Pull device mapper updates from Mikulas Patocka:

 - dm-crypt: switch to using the crc32 library

 - dm-verity, dm-integrity, dm-crypt: documentation improvement

 - dm-vdo fixes

 - dm-stripe: enable inline crypto passthrough

 - dm-integrity: set ti->error on memory allocation failure

 - dm-bufio: remove unused return value

 - dm-verity: do forward error correction on metadata I/O errors

 - dm: fix unconditional IO throttle caused by REQ_PREFLUSH

 - dm cache: prevent BUG_ON by blocking retries on failed device resumes

 - dm cache: support shrinking the origin device

 - dm: restrict dm device size to 2^63-512 bytes

 - dm-delay: support zoned devices

 - dm-verity: support block number limits for different ioprio classes

 - dm-integrity: fix non-constant-time tag verification (security bug)

 - dm-verity, dm-ebs: fix prefetch-vs-suspend race

* tag 'for-6.15/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: (27 commits)
  dm-ebs: fix prefetch-vs-suspend race
  dm-verity: fix prefetch-vs-suspend race
  dm-integrity: fix non-constant-time tag verification
  dm-verity: support block number limits for different ioprio classes
  dm-delay: support zoned devices
  dm: restrict dm device size to 2^63-512 bytes
  dm cache: support shrinking the origin device
  dm cache: prevent BUG_ON by blocking retries on failed device resumes
  dm vdo indexer: reorder uds_request to reduce padding
  dm: fix unconditional IO throttle caused by REQ_PREFLUSH
  dm vdo: rework processing of loaded refcount byte arrays
  dm vdo: remove remaining ring references
  dm-verity: do forward error correction on metadata I/O errors
  dm-bufio: remove unused return value
  dm-integrity: set ti->error on memory allocation failure
  dm: Enable inline crypto passthrough for striped target
  dm vdo slab-depot: read refcount blocks in large chunks at load time
  dm vdo vio-pool: allow variable-sized metadata vios
  dm vdo vio-pool: support pools with multiple data blocks per vio
  dm vdo vio-pool: add a pool pointer to pooled_vio
  ...
parents 447d2d27 9c565428

Documentation/admin-guide/device-mapper/dm-crypt.rst

+5 −0
Original line number Diff line number Diff line
@@ -146,6 +146,11 @@ integrity:<bytes>:<type> 
    integrity for the encrypted device. The additional space is then

    used for storing authentication tag (and persistent IV if needed).



integrity_key_size:<bytes>

    Optionally set the integrity key size if it differs from the digest size.

    It allows the use of wrapped key algorithms where the key size is

    independent of the cryptographic key size.



sector_size:<bytes>

    Use <bytes> as the encryption unit instead of 512 bytes sectors.

    This option can be in range 512 - 4096 bytes and must be power of two.

Documentation/admin-guide/device-mapper/dm-integrity.rst

+5 −0
Original line number Diff line number Diff line
@@ -92,6 +92,11 @@ Target arguments: 
		allowed. This mode is useful for data recovery if the

		device cannot be activated in any of the other standard

		modes.

	I - inline mode - in this mode, dm-integrity will store integrity

		data directly in the underlying device sectors.

		The underlying device must have an integrity profile that

		allows storing user integrity data and provides enough

		space for the selected integrity tag.



5. the number of additional arguments

Documentation/admin-guide/device-mapper/verity.rst

+18 −2
Original line number Diff line number Diff line
@@ -87,6 +87,15 @@ panic_on_corruption 
    Panic the device when a corrupted block is discovered. This option is

    not compatible with ignore_corruption and restart_on_corruption.



restart_on_error

    Restart the system when an I/O error is detected.

    This option can be combined with the restart_on_corruption option.



panic_on_error

    Panic the device when an I/O error is detected. This option is

    not compatible with the restart_on_error option but can be combined

    with the panic_on_corruption option.



ignore_zero_blocks

    Do not verify blocks that are expected to contain zeroes and always return

    zeroes instead. This may be useful if the partition contains unused blocks
@@ -142,8 +151,15 @@ root_hash_sig_key_desc <key_description> 
    already in the secondary trusted keyring.



try_verify_in_tasklet

    If verity hashes are in cache, verify data blocks in kernel tasklet instead

    of workqueue. This option can reduce IO latency.

    If verity hashes are in cache and the IO size does not exceed the limit,

    verify data blocks in bottom half instead of workqueue. This option can

    reduce IO latency. The size limits can be configured via

    /sys/module/dm_verity/parameters/use_bh_bytes. The four parameters

    correspond to limits for IOPRIO_CLASS_NONE, IOPRIO_CLASS_RT,

    IOPRIO_CLASS_BE and IOPRIO_CLASS_IDLE in turn.

    For example:

    <none>,<rt>,<be>,<idle>

    4096,4096,4096,4096



Theory of operation

===================

drivers/md/Kconfig

+1 −0
Original line number Diff line number Diff line
@@ -267,6 +267,7 @@ config DM_CRYPT 
	depends on BLK_DEV_DM

	depends on (ENCRYPTED_KEYS || ENCRYPTED_KEYS=n)

	depends on (TRUSTED_KEYS || TRUSTED_KEYS=n)

	select CRC32

	select CRYPTO

	select CRYPTO_CBC

	select CRYPTO_ESSIV

drivers/md/dm-bufio.c

+1 −3
Original line number Diff line number Diff line
@@ -2234,7 +2234,7 @@ int dm_bufio_issue_discard(struct dm_bufio_client *c, sector_t block, sector_t c 
}

EXPORT_SYMBOL_GPL(dm_bufio_issue_discard);



static bool forget_buffer(struct dm_bufio_client *c, sector_t block)

static void forget_buffer(struct dm_bufio_client *c, sector_t block)

{

	struct dm_buffer *b;
@@ -2249,8 +2249,6 @@ static bool forget_buffer(struct dm_bufio_client *c, sector_t block) 
			cache_put_and_wake(c, b);

		}

	}



	return b ? true : false;

}



/*