21
21
#include <linux/reboot.h>
22
22
#include <crypto/hash.h>
23
23
#include <crypto/skcipher.h>
24
+ #include <crypto/utils.h>
24
25
#include <linux/async_tx.h>
25
26
#include <linux/dm-bufio.h>
26
27
@@ -516,7 +517,7 @@ static int sb_mac(struct dm_integrity_c *ic, bool wr)
516
517
dm_integrity_io_error (ic , "crypto_shash_digest" , r );
517
518
return r ;
518
519
}
519
- if (memcmp (mac , actual_mac , mac_size )) {
520
+ if (crypto_memneq (mac , actual_mac , mac_size )) {
520
521
dm_integrity_io_error (ic , "superblock mac" , - EILSEQ );
521
522
dm_audit_log_target (DM_MSG_PREFIX , "mac-superblock" , ic -> ti , 0 );
522
523
return - EILSEQ ;
@@ -859,7 +860,7 @@ static void rw_section_mac(struct dm_integrity_c *ic, unsigned int section, bool
859
860
if (likely (wr ))
860
861
memcpy (& js -> mac , result + (j * JOURNAL_MAC_PER_SECTOR ), JOURNAL_MAC_PER_SECTOR );
861
862
else {
862
- if (memcmp (& js -> mac , result + (j * JOURNAL_MAC_PER_SECTOR ), JOURNAL_MAC_PER_SECTOR )) {
863
+ if (crypto_memneq (& js -> mac , result + (j * JOURNAL_MAC_PER_SECTOR ), JOURNAL_MAC_PER_SECTOR )) {
863
864
dm_integrity_io_error (ic , "journal mac" , - EILSEQ );
864
865
dm_audit_log_target (DM_MSG_PREFIX , "mac-journal" , ic -> ti , 0 );
865
866
}
@@ -1401,10 +1402,9 @@ static bool find_newer_committed_node(struct dm_integrity_c *ic, struct journal_
1401
1402
static int dm_integrity_rw_tag (struct dm_integrity_c * ic , unsigned char * tag , sector_t * metadata_block ,
1402
1403
unsigned int * metadata_offset , unsigned int total_size , int op )
1403
1404
{
1404
- #define MAY_BE_FILLER 1
1405
- #define MAY_BE_HASH 2
1406
1405
unsigned int hash_offset = 0 ;
1407
- unsigned int may_be = MAY_BE_HASH | (ic -> discard ? MAY_BE_FILLER : 0 );
1406
+ unsigned char mismatch_hash = 0 ;
1407
+ unsigned char mismatch_filler = !ic -> discard ;
1408
1408
1409
1409
do {
1410
1410
unsigned char * data , * dp ;
@@ -1425,37 +1425,38 @@ static int dm_integrity_rw_tag(struct dm_integrity_c *ic, unsigned char *tag, se
1425
1425
if (op == TAG_READ ) {
1426
1426
memcpy (tag , dp , to_copy );
1427
1427
} else if (op == TAG_WRITE ) {
1428
- if (memcmp (dp , tag , to_copy )) {
1428
+ if (crypto_memneq (dp , tag , to_copy )) {
1429
1429
memcpy (dp , tag , to_copy );
1430
1430
dm_bufio_mark_partial_buffer_dirty (b , * metadata_offset , * metadata_offset + to_copy );
1431
1431
}
1432
1432
} else {
1433
1433
/* e.g.: op == TAG_CMP */
1434
1434
1435
1435
if (likely (is_power_of_2 (ic -> tag_size ))) {
1436
- if (unlikely (memcmp (dp , tag , to_copy )))
1437
- if (unlikely (!ic -> discard ) ||
1438
- unlikely (memchr_inv (dp , DISCARD_FILLER , to_copy ) != NULL )) {
1439
- goto thorough_test ;
1440
- }
1436
+ if (unlikely (crypto_memneq (dp , tag , to_copy )))
1437
+ goto thorough_test ;
1441
1438
} else {
1442
1439
unsigned int i , ts ;
1443
1440
thorough_test :
1444
1441
ts = total_size ;
1445
1442
1446
1443
for (i = 0 ; i < to_copy ; i ++ , ts -- ) {
1447
- if (unlikely (dp [i ] != tag [i ]))
1448
- may_be &= ~MAY_BE_HASH ;
1449
- if (likely (dp [i ] != DISCARD_FILLER ))
1450
- may_be &= ~MAY_BE_FILLER ;
1444
+ /*
1445
+ * Warning: the control flow must not be
1446
+ * dependent on match/mismatch of
1447
+ * individual bytes.
1448
+ */
1449
+ mismatch_hash |= dp [i ] ^ tag [i ];
1450
+ mismatch_filler |= dp [i ] ^ DISCARD_FILLER ;
1451
1451
hash_offset ++ ;
1452
1452
if (unlikely (hash_offset == ic -> tag_size )) {
1453
- if (unlikely (! may_be )) {
1453
+ if (unlikely (mismatch_hash ) && unlikely ( mismatch_filler )) {
1454
1454
dm_bufio_release (b );
1455
1455
return ts ;
1456
1456
}
1457
1457
hash_offset = 0 ;
1458
- may_be = MAY_BE_HASH | (ic -> discard ? MAY_BE_FILLER : 0 );
1458
+ mismatch_hash = 0 ;
1459
+ mismatch_filler = !ic -> discard ;
1459
1460
}
1460
1461
}
1461
1462
}
@@ -1476,8 +1477,6 @@ static int dm_integrity_rw_tag(struct dm_integrity_c *ic, unsigned char *tag, se
1476
1477
} while (unlikely (total_size ));
1477
1478
1478
1479
return 0 ;
1479
- #undef MAY_BE_FILLER
1480
- #undef MAY_BE_HASH
1481
1480
}
1482
1481
1483
1482
struct flush_request {
@@ -2076,7 +2075,7 @@ static bool __journal_read_write(struct dm_integrity_io *dio, struct bio *bio,
2076
2075
char checksums_onstack [MAX_T (size_t , HASH_MAX_DIGESTSIZE , MAX_TAG_SIZE )];
2077
2076
2078
2077
integrity_sector_checksum (ic , logical_sector , mem + bv .bv_offset , checksums_onstack );
2079
- if (unlikely (memcmp (checksums_onstack , journal_entry_tag (ic , je ), ic -> tag_size ))) {
2078
+ if (unlikely (crypto_memneq (checksums_onstack , journal_entry_tag (ic , je ), ic -> tag_size ))) {
2080
2079
DMERR_LIMIT ("Checksum failed when reading from journal, at sector 0x%llx" ,
2081
2080
logical_sector );
2082
2081
dm_audit_log_bio (DM_MSG_PREFIX , "journal-checksum" ,
@@ -2595,7 +2594,7 @@ static void dm_integrity_inline_recheck(struct work_struct *w)
2595
2594
bio_put (outgoing_bio );
2596
2595
2597
2596
integrity_sector_checksum (ic , dio -> bio_details .bi_iter .bi_sector , outgoing_data , digest );
2598
- if (unlikely (memcmp (digest , dio -> integrity_payload , min (crypto_shash_digestsize (ic -> internal_hash ), ic -> tag_size )))) {
2597
+ if (unlikely (crypto_memneq (digest , dio -> integrity_payload , min (crypto_shash_digestsize (ic -> internal_hash ), ic -> tag_size )))) {
2599
2598
DMERR_LIMIT ("%pg: Checksum failed at sector 0x%llx" ,
2600
2599
ic -> dev -> bdev , dio -> bio_details .bi_iter .bi_sector );
2601
2600
atomic64_inc (& ic -> number_of_mismatches );
@@ -2634,7 +2633,7 @@ static int dm_integrity_end_io(struct dm_target *ti, struct bio *bio, blk_status
2634
2633
char * mem = bvec_kmap_local (& bv );
2635
2634
//memset(mem, 0xff, ic->sectors_per_block << SECTOR_SHIFT);
2636
2635
integrity_sector_checksum (ic , dio -> bio_details .bi_iter .bi_sector , mem , digest );
2637
- if (unlikely (memcmp (digest , dio -> integrity_payload + pos ,
2636
+ if (unlikely (crypto_memneq (digest , dio -> integrity_payload + pos ,
2638
2637
min (crypto_shash_digestsize (ic -> internal_hash ), ic -> tag_size )))) {
2639
2638
kunmap_local (mem );
2640
2639
dm_integrity_free_payload (dio );
@@ -2911,7 +2910,7 @@ static void do_journal_write(struct dm_integrity_c *ic, unsigned int write_start
2911
2910
2912
2911
integrity_sector_checksum (ic , sec + ((l - j ) << ic -> sb -> log2_sectors_per_block ),
2913
2912
(char * )access_journal_data (ic , i , l ), test_tag );
2914
- if (unlikely (memcmp (test_tag , journal_entry_tag (ic , je2 ), ic -> tag_size ))) {
2913
+ if (unlikely (crypto_memneq (test_tag , journal_entry_tag (ic , je2 ), ic -> tag_size ))) {
2915
2914
dm_integrity_io_error (ic , "tag mismatch when replaying journal" , - EILSEQ );
2916
2915
dm_audit_log_target (DM_MSG_PREFIX , "integrity-replay-journal" , ic -> ti , 0 );
2917
2916
}
@@ -5084,16 +5083,19 @@ static int dm_integrity_ctr(struct dm_target *ti, unsigned int argc, char **argv
5084
5083
5085
5084
ic -> recalc_bitmap = dm_integrity_alloc_page_list (n_bitmap_pages );
5086
5085
if (!ic -> recalc_bitmap ) {
5086
+ ti -> error = "Could not allocate memory for bitmap" ;
5087
5087
r = - ENOMEM ;
5088
5088
goto bad ;
5089
5089
}
5090
5090
ic -> may_write_bitmap = dm_integrity_alloc_page_list (n_bitmap_pages );
5091
5091
if (!ic -> may_write_bitmap ) {
5092
+ ti -> error = "Could not allocate memory for bitmap" ;
5092
5093
r = - ENOMEM ;
5093
5094
goto bad ;
5094
5095
}
5095
5096
ic -> bbs = kvmalloc_array (ic -> n_bitmap_blocks , sizeof (struct bitmap_block_status ), GFP_KERNEL );
5096
5097
if (!ic -> bbs ) {
5098
+ ti -> error = "Could not allocate memory for bitmap" ;
5097
5099
r = - ENOMEM ;
5098
5100
goto bad ;
5099
5101
}
@@ -5174,7 +5176,7 @@ static void dm_integrity_dtr(struct dm_target *ti)
5174
5176
BUG_ON (!RB_EMPTY_ROOT (& ic -> in_progress ));
5175
5177
BUG_ON (!list_empty (& ic -> wait_list ));
5176
5178
5177
- if (ic -> mode == 'B' )
5179
+ if (ic -> mode == 'B' && ic -> bitmap_flush_work . work . func )
5178
5180
cancel_delayed_work_sync (& ic -> bitmap_flush_work );
5179
5181
if (ic -> metadata_wq )
5180
5182
destroy_workqueue (ic -> metadata_wq );
0 commit comments