Commit d8355e74 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'for-5.11/dm-changes' of... 

Merge tag 'for-5.11/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm

Pull device mapper updates from Mike Snitzer:

 - Add DM verity support for signature verification with 2nd keyring

 - Fix DM verity to skip verity work if IO completes with error while
   system is shutting down

 - Add new DM multipath "IO affinity" path selector that maps IO
   destined to a given path to a specific CPU based on user provided
   mapping

 - Rename DM multipath path selector source files to have "dm-ps" prefix

 - Add REQ_NOWAIT support to some other simple DM targets that don't
   block in more elaborate ways waiting for IO

 - Export DM crypt's kcryptd workqueue via sysfs (WQ_SYSFS)

 - Fix error return code in DM's target_message() if empty message is
   received

 - A handful of other small cleanups

* tag 'for-5.11/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
  dm cache: simplify the return expression of load_mapping()
  dm ebs: avoid double unlikely() notation when using IS_ERR()
  dm verity: skip verity work if I/O error when system is shutting down
  dm crypt: export sysfs of kcryptd workqueue
  dm ioctl: fix error return code in target_message
  dm crypt: Constify static crypt_iv_operations
  dm: add support for REQ_NOWAIT to various targets
  dm: rename multipath path selector source files to have "dm-ps" prefix
  dm mpath: add IO affinity path selector
  dm verity: Add support for signature verification with 2nd keyring
  dm: remove unnecessary current->bio_list check when submitting split bio
parents 4e31dcc0 b7770923

Documentation/admin-guide/device-mapper/verity.rst

+6 −1
Original line number Diff line number Diff line
@@ -134,7 +134,12 @@ root_hash_sig_key_desc <key_description> 
    the pkcs7 signature of the roothash. The pkcs7 signature is used to validate

    the root hash during the creation of the device mapper block device.

    Verification of roothash depends on the config DM_VERITY_VERIFY_ROOTHASH_SIG

    being set in the kernel.

    being set in the kernel.  The signatures are checked against the builtin

    trusted keyring by default, or the secondary trusted keyring if

    DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING is set.  The secondary

    trusted keyring includes by default the builtin trusted keyring, and it can

    also gain new certificates at run time if they are signed by a certificate

    already in the secondary trusted keyring.



Theory of operation

===================

drivers/md/Kconfig

+21 −1
Original line number Diff line number Diff line
@@ -463,6 +463,15 @@ config DM_MULTIPATH_HST 


	  If unsure, say N.



config DM_MULTIPATH_IOA

	tristate "I/O Path Selector based on CPU submission"

	depends on DM_MULTIPATH

	help

	  This path selector selects the path based on the CPU the IO is

	  executed on and the CPU to path mapping setup at path addition time.



	  If unsure, say N.



config DM_DELAY

	tristate "I/O delaying target"

	depends on BLK_DEV_DM
@@ -535,6 +544,17 @@ config DM_VERITY_VERIFY_ROOTHASH_SIG 
	  pre-generated tree of cryptographic checksums passed has a pkcs#7

	  signature file that can validate the roothash of the tree.



	  By default, rely on the builtin trusted keyring.



	  If unsure, say N.



config DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING

	bool "Verity data device root hash signature verification with secondary keyring"

	depends on DM_VERITY_VERIFY_ROOTHASH_SIG

	depends on SECONDARY_TRUSTED_KEYRING

	help

	  Rely on the secondary trusted keyring to verify dm-verity signatures.



	  If unsure, say N.



config DM_VERITY_FEC

drivers/md/Makefile

+13 −7
Original line number Diff line number Diff line
@@ -7,11 +7,15 @@ dm-mod-y += dm.o dm-table.o dm-target.o dm-linear.o dm-stripe.o \ 
		   dm-ioctl.o dm-io.o dm-kcopyd.o dm-sysfs.o dm-stats.o \

		   dm-rq.o

dm-multipath-y	+= dm-path-selector.o dm-mpath.o

dm-historical-service-time-y += dm-ps-historical-service-time.o

dm-io-affinity-y += dm-ps-io-affinity.o

dm-queue-length-y += dm-ps-queue-length.o

dm-round-robin-y += dm-ps-round-robin.o

dm-service-time-y += dm-ps-service-time.o

dm-snapshot-y	+= dm-snap.o dm-exception-store.o dm-snap-transient.o \

		    dm-snap-persistent.o

dm-mirror-y	+= dm-raid1.o

dm-log-userspace-y \

		+= dm-log-userspace-base.o dm-log-userspace-transfer.o

dm-log-userspace-y += dm-log-userspace-base.o dm-log-userspace-transfer.o

dm-bio-prison-y += dm-bio-prison-v1.o dm-bio-prison-v2.o

dm-thin-pool-y	+= dm-thin.o dm-thin-metadata.o

dm-cache-y	+= dm-cache-target.o dm-cache-metadata.o dm-cache-policy.o \
@@ -21,9 +25,10 @@ dm-ebs-y += dm-ebs-target.o 
dm-era-y	+= dm-era-target.o

dm-clone-y	+= dm-clone-target.o dm-clone-metadata.o

dm-verity-y	+= dm-verity-target.o

dm-zoned-y	+= dm-zoned-target.o dm-zoned-metadata.o dm-zoned-reclaim.o



md-mod-y	+= md.o md-bitmap.o

raid456-y	+= raid5.o raid5-cache.o raid5-ppl.o

dm-zoned-y	+= dm-zoned-target.o dm-zoned-metadata.o dm-zoned-reclaim.o

linear-y	+= md-linear.o

multipath-y	+= md-multipath.o

faulty-y	+= md-faulty.o
@@ -59,6 +64,7 @@ obj-$(CONFIG_DM_MULTIPATH) += dm-multipath.o dm-round-robin.o 
obj-$(CONFIG_DM_MULTIPATH_QL)	+= dm-queue-length.o

obj-$(CONFIG_DM_MULTIPATH_ST)	+= dm-service-time.o

obj-$(CONFIG_DM_MULTIPATH_HST)	+= dm-historical-service-time.o

obj-$(CONFIG_DM_MULTIPATH_IOA)	+= dm-io-affinity.o

obj-$(CONFIG_DM_SWITCH)		+= dm-switch.o

obj-$(CONFIG_DM_SNAPSHOT)	+= dm-snapshot.o

obj-$(CONFIG_DM_PERSISTENT_DATA) += persistent-data/

drivers/md/dm-cache-target.c

+1 −6
Original line number Diff line number Diff line
@@ -2840,7 +2840,6 @@ static void cache_postsuspend(struct dm_target *ti) 
static int load_mapping(void *context, dm_oblock_t oblock, dm_cblock_t cblock,

			bool dirty, uint32_t hint, bool hint_valid)

{

	int r;

	struct cache *cache = context;



	if (dirty) {
@@ -2849,11 +2848,7 @@ static int load_mapping(void *context, dm_oblock_t oblock, dm_cblock_t cblock, 
	} else

		clear_bit(from_cblock(cblock), cache->dirty_bitset);



	r = policy_load_mapping(cache->policy, oblock, cblock, dirty, hint, hint_valid);

	if (r)

		return r;



	return 0;

	return policy_load_mapping(cache->policy, oblock, cblock, dirty, hint, hint_valid);

}



/*

drivers/md/dm-crypt.c

+7 −6
Original line number Diff line number Diff line
@@ -1090,16 +1090,16 @@ static const struct crypt_iv_operations crypt_iv_tcw_ops = { 
	.post	   = crypt_iv_tcw_post

};



static struct crypt_iv_operations crypt_iv_random_ops = {

static const struct crypt_iv_operations crypt_iv_random_ops = {

	.generator = crypt_iv_random_gen

};



static struct crypt_iv_operations crypt_iv_eboiv_ops = {

static const struct crypt_iv_operations crypt_iv_eboiv_ops = {

	.ctr	   = crypt_iv_eboiv_ctr,

	.generator = crypt_iv_eboiv_gen

};



static struct crypt_iv_operations crypt_iv_elephant_ops = {

static const struct crypt_iv_operations crypt_iv_elephant_ops = {

	.ctr	   = crypt_iv_elephant_ctr,

	.dtr	   = crypt_iv_elephant_dtr,

	.init	   = crypt_iv_elephant_init,
@@ -3166,11 +3166,12 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) 
	}



	if (test_bit(DM_CRYPT_SAME_CPU, &cc->flags))

		cc->crypt_queue = alloc_workqueue("kcryptd/%s", WQ_CPU_INTENSIVE | WQ_MEM_RECLAIM,

		cc->crypt_queue = alloc_workqueue("kcryptd-%s", WQ_CPU_INTENSIVE | WQ_MEM_RECLAIM,

						  1, devname);

	else

		cc->crypt_queue = alloc_workqueue("kcryptd/%s",

						  WQ_CPU_INTENSIVE | WQ_MEM_RECLAIM | WQ_UNBOUND,

		cc->crypt_queue = alloc_workqueue("kcryptd-%s",

						  WQ_CPU_INTENSIVE | WQ_MEM_RECLAIM |

						  WQ_UNBOUND | WQ_SYSFS,

						  num_online_cpus(), devname);

	if (!cc->crypt_queue) {

		ti->error = "Couldn't create kcryptd queue";

CRA Git | Maintained and supported by SUSTech CRA and CCSE