projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
md/raid10: fix compile warning
[linux-block.git] / drivers / md / dm-ima.c
CommitLineData
91ccbbac
TS		 1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright (C) 2021 Microsoft Corporation
4 *
5 * Author: Tushar Sugandhi <tusharsu@linux.microsoft.com>
6 *
7 * File: dm-ima.c
8 * Enables IMA measurements for DM targets
9 */
10
11#include "dm-core.h"
12#include "dm-ima.h"
13
14#include <linux/ima.h>
e41d12f5 15#include <linux/sched/mm.h>
91ccbbac
TS		 16#include <crypto/hash.h>
17#include <linux/crypto.h>
18#include <crypto/hash_info.h>
19
20#define DM_MSG_PREFIX "ima"
21
22/*
23 * Internal function to prefix separator characters in input buffer with escape
24 * character, so that they don't interfere with the construction of key-value pairs,
25 * and clients can split the key1=val1,key2=val2,key3=val3; pairs properly.
26 */
27static void fix_separator_chars(char **buf)
28{
29 int l = strlen(*buf);
30 int i, j, sp = 0;
31
32 for (i = 0; i < l; i++)
33 if ((*buf)[i] == '\\' || (*buf)[i] == ';' || (*buf)[i] == '=' || (*buf)[i] == ',')
34 sp++;
35
36 if (!sp)
37 return;
38
39 for (i = l-1, j = i+sp; i >= 0; i--) {
40 (*buf)[j--] = (*buf)[i];
41 if ((*buf)[i] == '\\' || (*buf)[i] == ';' || (*buf)[i] == '=' || (*buf)[i] == ',')
42 (*buf)[j--] = '\\';
43 }
44}
45
46/*
47 * Internal function to allocate memory for IMA measurements.
48 */
49static void *dm_ima_alloc(size_t len, gfp_t flags, bool noio)
50{
51 unsigned int noio_flag;
52 void *ptr;
53
54 if (noio)
55 noio_flag = memalloc_noio_save();
56
57 ptr = kzalloc(len, flags);
58
59 if (noio)
60 memalloc_noio_restore(noio_flag);
61
62 return ptr;
63}
64
65/*
66 * Internal function to allocate and copy name and uuid for IMA measurements.
67 */
68static int dm_ima_alloc_and_copy_name_uuid(struct mapped_device *md, char **dev_name,
69 char **dev_uuid, bool noio)
70{
71 int r;
72 *dev_name = dm_ima_alloc(DM_NAME_LEN*2, GFP_KERNEL, noio);
73 if (!(*dev_name)) {
74 r = -ENOMEM;
75 goto error;
76 }
77
78 *dev_uuid = dm_ima_alloc(DM_UUID_LEN*2, GFP_KERNEL, noio);
79 if (!(*dev_uuid)) {
80 r = -ENOMEM;
81 goto error;
82 }
83
84 r = dm_copy_name_and_uuid(md, *dev_name, *dev_uuid);
85 if (r)
86 goto error;
87
88 fix_separator_chars(dev_name);
89 fix_separator_chars(dev_uuid);
90
91 return 0;
92error:
93 kfree(*dev_name);
94 kfree(*dev_uuid);
95 *dev_name = NULL;
96 *dev_uuid = NULL;
97 return r;
98}
99
100/*
101 * Internal function to allocate and copy device data for IMA measurements.
102 */
103static int dm_ima_alloc_and_copy_device_data(struct mapped_device *md, char **device_data,
104 unsigned int num_targets, bool noio)
105{
106 char *dev_name = NULL, *dev_uuid = NULL;
107 int r;
108
109 r = dm_ima_alloc_and_copy_name_uuid(md, &dev_name, &dev_uuid, noio);
110 if (r)
111 return r;
112
113 *device_data = dm_ima_alloc(DM_IMA_DEVICE_BUF_LEN, GFP_KERNEL, noio);
114 if (!(*device_data)) {
115 r = -ENOMEM;
116 goto error;
117 }
118
119 scnprintf(*device_data, DM_IMA_DEVICE_BUF_LEN,
120 "name=%s,uuid=%s,major=%d,minor=%d,minor_count=%d,num_targets=%u;",
121 dev_name, dev_uuid, md->disk->major, md->disk->first_minor,
122 md->disk->minors, num_targets);
123error:
124 kfree(dev_name);
125 kfree(dev_uuid);
126 return r;
127}
128
129/*
130 * Internal wrapper function to call IMA to measure DM data.
131 */
132static void dm_ima_measure_data(const char *event_name, const void *buf, size_t buf_len,
133 bool noio)
134{
135 unsigned int noio_flag;
136
137 if (noio)
138 noio_flag = memalloc_noio_save();
139
aef4892a
LT		 140 ima_measure_critical_data(DM_NAME, event_name, buf, buf_len,
141 false, NULL, 0);
91ccbbac
TS		 142
143 if (noio)
144 memalloc_noio_restore(noio_flag);
145}
146
8eb6fab4
TS		 147/*
148 * Internal function to allocate and copy current device capacity for IMA measurements.
149 */
150static int dm_ima_alloc_and_copy_capacity_str(struct mapped_device *md, char **capacity_str,
151 bool noio)
152{
153 sector_t capacity;
154
155 capacity = get_capacity(md->disk);
156
157 *capacity_str = dm_ima_alloc(DM_IMA_DEVICE_CAPACITY_BUF_LEN, GFP_KERNEL, noio);
158 if (!(*capacity_str))
159 return -ENOMEM;
160
161 scnprintf(*capacity_str, DM_IMA_DEVICE_BUF_LEN, "current_device_capacity=%llu;",
162 capacity);
163
164 return 0;
165}
166
91ccbbac
TS		 167/*
168 * Initialize/reset the dm ima related data structure variables.
169 */
170void dm_ima_reset_data(struct mapped_device *md)
171{
172 memset(&(md->ima), 0, sizeof(md->ima));
dc7b79cc 173 md->ima.dm_version_str_len = strlen(DM_IMA_VERSION_STR);
91ccbbac
TS		 174}
175
176/*
177 * Build up the IMA data for each target, and finally measure.
178 */
179void dm_ima_measure_on_table_load(struct dm_table *table, unsigned int status_flags)
180{
181 size_t device_data_buf_len, target_metadata_buf_len, target_data_buf_len, l = 0;
182 char *target_metadata_buf = NULL, *target_data_buf = NULL, *digest_buf = NULL;
183 char *ima_buf = NULL, *device_data_buf = NULL;
184 int digest_size, last_target_measured = -1, r;
185 status_type_t type = STATUSTYPE_IMA;
186 size_t cur_total_buf_len = 0;
187 unsigned int num_targets, i;
188 SHASH_DESC_ON_STACK(shash, NULL);
189 struct crypto_shash *tfm = NULL;
190 u8 *digest = NULL;
191 bool noio = false;
8f509fd4
TS		 192 /*
193 * In below hash_alg_prefix_len assignment +1 is for the additional char (':'),
194 * when prefixing the hash value with the hash algorithm name. e.g. sha256:<hash_value>.
195 */
196 const size_t hash_alg_prefix_len = strlen(DM_IMA_TABLE_HASH_ALG) + 1;
9c2adfa6 197 char table_load_event_name[] = "dm_table_load";
91ccbbac
TS		 198
199 ima_buf = dm_ima_alloc(DM_IMA_MEASUREMENT_BUF_LEN, GFP_KERNEL, noio);
200 if (!ima_buf)
201 return;
202
203 target_metadata_buf = dm_ima_alloc(DM_IMA_TARGET_METADATA_BUF_LEN, GFP_KERNEL, noio);
204 if (!target_metadata_buf)
205 goto error;
206
207 target_data_buf = dm_ima_alloc(DM_IMA_TARGET_DATA_BUF_LEN, GFP_KERNEL, noio);
208 if (!target_data_buf)
209 goto error;
210
2aec377a 211 num_targets = table->num_targets;
91ccbbac
TS		 212
213 if (dm_ima_alloc_and_copy_device_data(table->md, &device_data_buf, num_targets, noio))
214 goto error;
215
8f509fd4 216 tfm = crypto_alloc_shash(DM_IMA_TABLE_HASH_ALG, 0, 0);
91ccbbac
TS		 217 if (IS_ERR(tfm))
218 goto error;
219
220 shash->tfm = tfm;
221 digest_size = crypto_shash_digestsize(tfm);
222 digest = dm_ima_alloc(digest_size, GFP_KERNEL, noio);
223 if (!digest)
224 goto error;
225
226 r = crypto_shash_init(shash);
227 if (r)
228 goto error;
229
dc7b79cc
TS		 230 memcpy(ima_buf + l, DM_IMA_VERSION_STR, table->md->ima.dm_version_str_len);
231 l += table->md->ima.dm_version_str_len;
232
91ccbbac
TS		 233 device_data_buf_len = strlen(device_data_buf);
234 memcpy(ima_buf + l, device_data_buf, device_data_buf_len);
235 l += device_data_buf_len;
236
237 for (i = 0; i < num_targets; i++) {
238 struct dm_target *ti = dm_table_get_target(table, i);
239
91ccbbac
TS		 240 last_target_measured = 0;
241
242 /*
243 * First retrieve the target metadata.
244 */
245 scnprintf(target_metadata_buf, DM_IMA_TARGET_METADATA_BUF_LEN,
246 "target_index=%d,target_begin=%llu,target_len=%llu,",
247 i, ti->begin, ti->len);
248 target_metadata_buf_len = strlen(target_metadata_buf);
249
250 /*
251 * Then retrieve the actual target data.
252 */
253 if (ti->type->status)
254 ti->type->status(ti, type, status_flags, target_data_buf,
255 DM_IMA_TARGET_DATA_BUF_LEN);
256 else
257 target_data_buf[0] = '\0';
258
259 target_data_buf_len = strlen(target_data_buf);
260
261 /*
262 * Check if the total data can fit into the IMA buffer.
263 */
264 cur_total_buf_len = l + target_metadata_buf_len + target_data_buf_len;
265
266 /*
267 * IMA measurements for DM targets are best-effort.
268 * If the total data buffered so far, including the current target,
269 * is too large to fit into DM_IMA_MEASUREMENT_BUF_LEN, measure what
270 * we have in the current buffer, and continue measuring the remaining
271 * targets by prefixing the device metadata again.
272 */
273 if (unlikely(cur_total_buf_len >= DM_IMA_MEASUREMENT_BUF_LEN)) {
9c2adfa6 274 dm_ima_measure_data(table_load_event_name, ima_buf, l, noio);
91ccbbac
TS		 275 r = crypto_shash_update(shash, (const u8 *)ima_buf, l);
276 if (r < 0)
277 goto error;
278
279 memset(ima_buf, 0, DM_IMA_MEASUREMENT_BUF_LEN);
280 l = 0;
281
282 /*
9c2adfa6
TS		 283 * Each new "dm_table_load" entry in IMA log should have device data
284 * prefix, so that multiple records from the same "dm_table_load" for
91ccbbac
TS		 285 * a given device can be linked together.
286 */
dc7b79cc
TS		 287 memcpy(ima_buf + l, DM_IMA_VERSION_STR, table->md->ima.dm_version_str_len);
288 l += table->md->ima.dm_version_str_len;
289
91ccbbac
TS		 290 memcpy(ima_buf + l, device_data_buf, device_data_buf_len);
291 l += device_data_buf_len;
292
293 /*
294 * If this iteration of the for loop turns out to be the last target
9c2adfa6 295 * in the table, dm_ima_measure_data("dm_table_load", ...) doesn't need
91ccbbac
TS		 296 * to be called again, just the hash needs to be finalized.
297 * "last_target_measured" tracks this state.
298 */
299 last_target_measured = 1;
300 }
301
302 /*
303 * Fill-in all the target metadata, so that multiple targets for the same
304 * device can be linked together.
305 */
306 memcpy(ima_buf + l, target_metadata_buf, target_metadata_buf_len);
307 l += target_metadata_buf_len;
308
309 memcpy(ima_buf + l, target_data_buf, target_data_buf_len);
310 l += target_data_buf_len;
311 }
312
313 if (!last_target_measured) {
9c2adfa6 314 dm_ima_measure_data(table_load_event_name, ima_buf, l, noio);
91ccbbac
TS		 315
316 r = crypto_shash_update(shash, (const u8 *)ima_buf, l);
317 if (r < 0)
318 goto error;
319 }
320
321 /*
322 * Finalize the table hash, and store it in table->md->ima.inactive_table.hash,
323 * so that the table data can be verified against the future device state change
324 * events, e.g. resume, rename, remove, table-clear etc.
325 */
326 r = crypto_shash_final(shash, digest);
327 if (r < 0)
328 goto error;
329
8f509fd4
TS		 330 digest_buf = dm_ima_alloc((digest_size*2) + hash_alg_prefix_len + 1, GFP_KERNEL, noio);
331
91ccbbac
TS		 332 if (!digest_buf)
333 goto error;
334
8f509fd4
TS		 335 snprintf(digest_buf, hash_alg_prefix_len + 1, "%s:", DM_IMA_TABLE_HASH_ALG);
336
91ccbbac 337 for (i = 0; i < digest_size; i++)
8f509fd4 338 snprintf((digest_buf + hash_alg_prefix_len + (i*2)), 3, "%02x", digest[i]);
91ccbbac
TS		 339
340 if (table->md->ima.active_table.hash != table->md->ima.inactive_table.hash)
341 kfree(table->md->ima.inactive_table.hash);
342
343 table->md->ima.inactive_table.hash = digest_buf;
344 table->md->ima.inactive_table.hash_len = strlen(digest_buf);
345 table->md->ima.inactive_table.num_targets = num_targets;
346
347 if (table->md->ima.active_table.device_metadata !=
348 table->md->ima.inactive_table.device_metadata)
349 kfree(table->md->ima.inactive_table.device_metadata);
350
351 table->md->ima.inactive_table.device_metadata = device_data_buf;
352 table->md->ima.inactive_table.device_metadata_len = device_data_buf_len;
353
354 goto exit;
355error:
356 kfree(digest_buf);
357 kfree(device_data_buf);
358exit:
359 kfree(digest);
360 if (tfm)
361 crypto_free_shash(tfm);
362 kfree(ima_buf);
363 kfree(target_metadata_buf);
364 kfree(target_data_buf);
365}
8eb6fab4
TS		 366
367/*
368 * Measure IMA data on device resume.
369 */
370void dm_ima_measure_on_device_resume(struct mapped_device *md, bool swap)
371{
372 char *device_table_data, *dev_name = NULL, *dev_uuid = NULL, *capacity_str = NULL;
373 char active[] = "active_table_hash=";
374 unsigned int active_len = strlen(active), capacity_len = 0;
375 unsigned int l = 0;
376 bool noio = true;
dc7b79cc 377 bool nodata = true;
8eb6fab4
TS		 378 int r;
379
380 device_table_data = dm_ima_alloc(DM_IMA_DEVICE_BUF_LEN, GFP_KERNEL, noio);
381 if (!device_table_data)
382 return;
383
384 r = dm_ima_alloc_and_copy_capacity_str(md, &capacity_str, noio);
385 if (r)
386 goto error;
387
dc7b79cc
TS		 388 memcpy(device_table_data + l, DM_IMA_VERSION_STR, md->ima.dm_version_str_len);
389 l += md->ima.dm_version_str_len;
390
8eb6fab4
TS		 391 if (swap) {
392 if (md->ima.active_table.hash != md->ima.inactive_table.hash)
393 kfree(md->ima.active_table.hash);
394
395 md->ima.active_table.hash = NULL;
396 md->ima.active_table.hash_len = 0;
397
398 if (md->ima.active_table.device_metadata !=
399 md->ima.inactive_table.device_metadata)
400 kfree(md->ima.active_table.device_metadata);
401
402 md->ima.active_table.device_metadata = NULL;
403 md->ima.active_table.device_metadata_len = 0;
404 md->ima.active_table.num_targets = 0;
405
406 if (md->ima.inactive_table.hash) {
407 md->ima.active_table.hash = md->ima.inactive_table.hash;
408 md->ima.active_table.hash_len = md->ima.inactive_table.hash_len;
409 md->ima.inactive_table.hash = NULL;
410 md->ima.inactive_table.hash_len = 0;
411 }
412
413 if (md->ima.inactive_table.device_metadata) {
414 md->ima.active_table.device_metadata =
415 md->ima.inactive_table.device_metadata;
416 md->ima.active_table.device_metadata_len =
417 md->ima.inactive_table.device_metadata_len;
418 md->ima.active_table.num_targets = md->ima.inactive_table.num_targets;
419 md->ima.inactive_table.device_metadata = NULL;
420 md->ima.inactive_table.device_metadata_len = 0;
421 md->ima.inactive_table.num_targets = 0;
422 }
423 }
424
425 if (md->ima.active_table.device_metadata) {
dc7b79cc
TS		 426 memcpy(device_table_data + l, md->ima.active_table.device_metadata,
427 md->ima.active_table.device_metadata_len);
428 l += md->ima.active_table.device_metadata_len;
429
430 nodata = false;
8eb6fab4
TS		 431 }
432
433 if (md->ima.active_table.hash) {
434 memcpy(device_table_data + l, active, active_len);
435 l += active_len;
436
437 memcpy(device_table_data + l, md->ima.active_table.hash,
438 md->ima.active_table.hash_len);
439 l += md->ima.active_table.hash_len;
440
441 memcpy(device_table_data + l, ";", 1);
442 l++;
dc7b79cc
TS		 443
444 nodata = false;
8eb6fab4
TS		 445 }
446
dc7b79cc 447 if (nodata) {
8eb6fab4
TS		 448 r = dm_ima_alloc_and_copy_name_uuid(md, &dev_name, &dev_uuid, noio);
449 if (r)
450 goto error;
451
452 scnprintf(device_table_data, DM_IMA_DEVICE_BUF_LEN,
dc7b79cc
TS		 453 "%sname=%s,uuid=%s;device_resume=no_data;",
454 DM_IMA_VERSION_STR, dev_name, dev_uuid);
118f31b4 455 l = strlen(device_table_data);
8eb6fab4
TS		 456
457 }
458
459 capacity_len = strlen(capacity_str);
460 memcpy(device_table_data + l, capacity_str, capacity_len);
461 l += capacity_len;
462
9c2adfa6 463 dm_ima_measure_data("dm_device_resume", device_table_data, l, noio);
8eb6fab4
TS		 464
465 kfree(dev_name);
466 kfree(dev_uuid);
467error:
468 kfree(capacity_str);
469 kfree(device_table_data);
470}
84010e51
TS		 471
472/*
473 * Measure IMA data on remove.
474 */
475void dm_ima_measure_on_device_remove(struct mapped_device *md, bool remove_all)
476{
477 char *device_table_data, *dev_name = NULL, *dev_uuid = NULL, *capacity_str = NULL;
478 char active_table_str[] = "active_table_hash=";
479 char inactive_table_str[] = "inactive_table_hash=";
480 char device_active_str[] = "device_active_metadata=";
481 char device_inactive_str[] = "device_inactive_metadata=";
482 char remove_all_str[] = "remove_all=";
483 unsigned int active_table_len = strlen(active_table_str);
484 unsigned int inactive_table_len = strlen(inactive_table_str);
485 unsigned int device_active_len = strlen(device_active_str);
486 unsigned int device_inactive_len = strlen(device_inactive_str);
487 unsigned int remove_all_len = strlen(remove_all_str);
488 unsigned int capacity_len = 0;
489 unsigned int l = 0;
490 bool noio = true;
dc7b79cc 491 bool nodata = true;
84010e51
TS		 492 int r;
493
494 device_table_data = dm_ima_alloc(DM_IMA_DEVICE_BUF_LEN*2, GFP_KERNEL, noio);
495 if (!device_table_data)
496 goto exit;
497
498 r = dm_ima_alloc_and_copy_capacity_str(md, &capacity_str, noio);
499 if (r) {
500 kfree(device_table_data);
501 goto exit;
502 }
503
dc7b79cc
TS		 504 memcpy(device_table_data + l, DM_IMA_VERSION_STR, md->ima.dm_version_str_len);
505 l += md->ima.dm_version_str_len;
506
84010e51
TS		 507 if (md->ima.active_table.device_metadata) {
508 memcpy(device_table_data + l, device_active_str, device_active_len);
509 l += device_active_len;
510
511 memcpy(device_table_data + l, md->ima.active_table.device_metadata,
512 md->ima.active_table.device_metadata_len);
513 l += md->ima.active_table.device_metadata_len;
dc7b79cc
TS		 514
515 nodata = false;
84010e51
TS		 516 }
517
518 if (md->ima.inactive_table.device_metadata) {
519 memcpy(device_table_data + l, device_inactive_str, device_inactive_len);
520 l += device_inactive_len;
521
522 memcpy(device_table_data + l, md->ima.inactive_table.device_metadata,
523 md->ima.inactive_table.device_metadata_len);
524 l += md->ima.inactive_table.device_metadata_len;
dc7b79cc
TS		 525
526 nodata = false;
84010e51
TS		 527 }
528
529 if (md->ima.active_table.hash) {
530 memcpy(device_table_data + l, active_table_str, active_table_len);
531 l += active_table_len;
532
533 memcpy(device_table_data + l, md->ima.active_table.hash,
534 md->ima.active_table.hash_len);
535 l += md->ima.active_table.hash_len;
536
537 memcpy(device_table_data + l, ",", 1);
538 l++;
dc7b79cc
TS		 539
540 nodata = false;
84010e51
TS		 541 }
542
543 if (md->ima.inactive_table.hash) {
544 memcpy(device_table_data + l, inactive_table_str, inactive_table_len);
545 l += inactive_table_len;
546
547 memcpy(device_table_data + l, md->ima.inactive_table.hash,
548 md->ima.inactive_table.hash_len);
549 l += md->ima.inactive_table.hash_len;
550
551 memcpy(device_table_data + l, ",", 1);
552 l++;
dc7b79cc
TS		 553
554 nodata = false;
84010e51
TS		 555 }
556 /*
557 * In case both active and inactive tables, and corresponding
558 * device metadata is cleared/missing - record the name and uuid
559 * in IMA measurements.
560 */
dc7b79cc 561 if (nodata) {
84010e51
TS		 562 if (dm_ima_alloc_and_copy_name_uuid(md, &dev_name, &dev_uuid, noio))
563 goto error;
564
565 scnprintf(device_table_data, DM_IMA_DEVICE_BUF_LEN,
dc7b79cc
TS		 566 "%sname=%s,uuid=%s;device_remove=no_data;",
567 DM_IMA_VERSION_STR, dev_name, dev_uuid);
118f31b4 568 l = strlen(device_table_data);
84010e51
TS		 569 }
570
571 memcpy(device_table_data + l, remove_all_str, remove_all_len);
572 l += remove_all_len;
573 memcpy(device_table_data + l, remove_all ? "y;" : "n;", 2);
574 l += 2;
575
576 capacity_len = strlen(capacity_str);
577 memcpy(device_table_data + l, capacity_str, capacity_len);
578 l += capacity_len;
579
9c2adfa6 580 dm_ima_measure_data("dm_device_remove", device_table_data, l, noio);
84010e51
TS		 581
582error:
583 kfree(device_table_data);
584 kfree(capacity_str);
585exit:
586 kfree(md->ima.active_table.device_metadata);
587
588 if (md->ima.active_table.device_metadata !=
589 md->ima.inactive_table.device_metadata)
590 kfree(md->ima.inactive_table.device_metadata);
591
592 kfree(md->ima.active_table.hash);
593
594 if (md->ima.active_table.hash != md->ima.inactive_table.hash)
595 kfree(md->ima.inactive_table.hash);
596
597 dm_ima_reset_data(md);
598
599 kfree(dev_name);
600 kfree(dev_uuid);
601}
99169b93
TS		 602
603/*
604 * Measure ima data on table clear.
605 */
606void dm_ima_measure_on_table_clear(struct mapped_device *md, bool new_map)
607{
608 unsigned int l = 0, capacity_len = 0;
609 char *device_table_data = NULL, *dev_name = NULL, *dev_uuid = NULL, *capacity_str = NULL;
610 char inactive_str[] = "inactive_table_hash=";
611 unsigned int inactive_len = strlen(inactive_str);
612 bool noio = true;
dc7b79cc 613 bool nodata = true;
99169b93
TS		 614 int r;
615
616 device_table_data = dm_ima_alloc(DM_IMA_DEVICE_BUF_LEN, GFP_KERNEL, noio);
617 if (!device_table_data)
618 return;
619
620 r = dm_ima_alloc_and_copy_capacity_str(md, &capacity_str, noio);
621 if (r)
622 goto error1;
623
dc7b79cc
TS		 624 memcpy(device_table_data + l, DM_IMA_VERSION_STR, md->ima.dm_version_str_len);
625 l += md->ima.dm_version_str_len;
626
99169b93
TS		 627 if (md->ima.inactive_table.device_metadata_len &&
628 md->ima.inactive_table.hash_len) {
629 memcpy(device_table_data + l, md->ima.inactive_table.device_metadata,
630 md->ima.inactive_table.device_metadata_len);
631 l += md->ima.inactive_table.device_metadata_len;
632
633 memcpy(device_table_data + l, inactive_str, inactive_len);
634 l += inactive_len;
635
636 memcpy(device_table_data + l, md->ima.inactive_table.hash,
637 md->ima.inactive_table.hash_len);
638
639 l += md->ima.inactive_table.hash_len;
640
641 memcpy(device_table_data + l, ";", 1);
642 l++;
dc7b79cc
TS		 643
644 nodata = false;
99169b93
TS		 645 }
646
dc7b79cc 647 if (nodata) {
99169b93
TS		 648 if (dm_ima_alloc_and_copy_name_uuid(md, &dev_name, &dev_uuid, noio))
649 goto error2;
650
651 scnprintf(device_table_data, DM_IMA_DEVICE_BUF_LEN,
dc7b79cc
TS		 652 "%sname=%s,uuid=%s;table_clear=no_data;",
653 DM_IMA_VERSION_STR, dev_name, dev_uuid);
118f31b4 654 l = strlen(device_table_data);
99169b93
TS		 655 }
656
657 capacity_len = strlen(capacity_str);
658 memcpy(device_table_data + l, capacity_str, capacity_len);
659 l += capacity_len;
660
9c2adfa6 661 dm_ima_measure_data("dm_table_clear", device_table_data, l, noio);
99169b93
TS		 662
663 if (new_map) {
664 if (md->ima.inactive_table.hash &&
665 md->ima.inactive_table.hash != md->ima.active_table.hash)
666 kfree(md->ima.inactive_table.hash);
667
668 md->ima.inactive_table.hash = NULL;
669 md->ima.inactive_table.hash_len = 0;
670
671 if (md->ima.inactive_table.device_metadata &&
672 md->ima.inactive_table.device_metadata != md->ima.active_table.device_metadata)
673 kfree(md->ima.inactive_table.device_metadata);
674
675 md->ima.inactive_table.device_metadata = NULL;
676 md->ima.inactive_table.device_metadata_len = 0;
677 md->ima.inactive_table.num_targets = 0;
678
679 if (md->ima.active_table.hash) {
680 md->ima.inactive_table.hash = md->ima.active_table.hash;
681 md->ima.inactive_table.hash_len = md->ima.active_table.hash_len;
682 }
683
684 if (md->ima.active_table.device_metadata) {
685 md->ima.inactive_table.device_metadata =
686 md->ima.active_table.device_metadata;
687 md->ima.inactive_table.device_metadata_len =
688 md->ima.active_table.device_metadata_len;
689 md->ima.inactive_table.num_targets =
690 md->ima.active_table.num_targets;
691 }
692 }
693
694 kfree(dev_name);
695 kfree(dev_uuid);
696error2:
697 kfree(capacity_str);
698error1:
699 kfree(device_table_data);
700}
7d1d1df8
TS		 701
702/*
703 * Measure IMA data on device rename.
704 */
705void dm_ima_measure_on_device_rename(struct mapped_device *md)
706{
707 char *old_device_data = NULL, *new_device_data = NULL, *combined_device_data = NULL;
708 char *new_dev_name = NULL, *new_dev_uuid = NULL, *capacity_str = NULL;
709 bool noio = true;
710 int r;
711
712 if (dm_ima_alloc_and_copy_device_data(md, &new_device_data,
713 md->ima.active_table.num_targets, noio))
714 return;
715
716 if (dm_ima_alloc_and_copy_name_uuid(md, &new_dev_name, &new_dev_uuid, noio))
717 goto error;
718
719 combined_device_data = dm_ima_alloc(DM_IMA_DEVICE_BUF_LEN * 2, GFP_KERNEL, noio);
720 if (!combined_device_data)
721 goto error;
722
723 r = dm_ima_alloc_and_copy_capacity_str(md, &capacity_str, noio);
724 if (r)
725 goto error;
726
727 old_device_data = md->ima.active_table.device_metadata;
728
729 md->ima.active_table.device_metadata = new_device_data;
730 md->ima.active_table.device_metadata_len = strlen(new_device_data);
731
dc7b79cc
TS		 732 scnprintf(combined_device_data, DM_IMA_DEVICE_BUF_LEN * 2,
733 "%s%snew_name=%s,new_uuid=%s;%s", DM_IMA_VERSION_STR, old_device_data,
734 new_dev_name, new_dev_uuid, capacity_str);
7d1d1df8 735
9c2adfa6 736 dm_ima_measure_data("dm_device_rename", combined_device_data, strlen(combined_device_data),
7d1d1df8
TS		 737 noio);
738
739 goto exit;
740
741error:
742 kfree(new_device_data);
743exit:
744 kfree(capacity_str);
745 kfree(combined_device_data);
746 kfree(old_device_data);
747 kfree(new_dev_name);
748 kfree(new_dev_uuid);
749}
Linux 6.x block layer and io_uring tree(s)