Commit 08e03016 authored by Andrew Morton's avatar Andrew Morton Committed by Linus Torvalds

[PATCH] dm-crypt cleanups

From: Christophe Saout <christophe@saout.de>

These are some dm-crypt cleanups.  Use a #define PFX "crypt: " for all the
places where something gets logged as suggested by Jeff Garzik.  It also
adds a small additional security check and fixed header includes.
parent 2a0d3e3a
...@@ -8,15 +8,18 @@ ...@@ -8,15 +8,18 @@
#include <linux/init.h> #include <linux/init.h>
#include <linux/kernel.h> #include <linux/kernel.h>
#include <linux/bio.h> #include <linux/bio.h>
#include <linux/blkdev.h>
#include <linux/mempool.h> #include <linux/mempool.h>
#include <linux/slab.h> #include <linux/slab.h>
#include <linux/crypto.h> #include <linux/crypto.h>
#include <linux/spinlock.h>
#include <linux/workqueue.h> #include <linux/workqueue.h>
#include <asm/atomic.h>
#include <asm/scatterlist.h> #include <asm/scatterlist.h>
#include "dm.h" #include "dm.h"
#define PFX "crypt: "
/* /*
* per bio private data * per bio private data
*/ */
...@@ -416,7 +419,7 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) ...@@ -416,7 +419,7 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv)
int key_size; int key_size;
if (argc != 5) { if (argc != 5) {
ti->error = "dm-crypt: Not enough arguments"; ti->error = PFX "Not enough arguments";
return -EINVAL; return -EINVAL;
} }
...@@ -425,14 +428,14 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) ...@@ -425,14 +428,14 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv)
mode = strsep(&tmp, "-"); mode = strsep(&tmp, "-");
if (tmp) if (tmp)
DMWARN("dm-crypt: Unexpected additional cipher options"); DMWARN(PFX "Unexpected additional cipher options");
key_size = strlen(argv[1]) >> 1; key_size = strlen(argv[1]) >> 1;
cc = kmalloc(sizeof(*cc) + key_size * sizeof(u8), GFP_KERNEL); cc = kmalloc(sizeof(*cc) + key_size * sizeof(u8), GFP_KERNEL);
if (cc == NULL) { if (cc == NULL) {
ti->error = ti->error =
"dm-crypt: Cannot allocate transparent encryption context"; PFX "Cannot allocate transparent encryption context";
return -ENOMEM; return -ENOMEM;
} }
...@@ -441,7 +444,7 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) ...@@ -441,7 +444,7 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv)
else if (strcmp(mode, "ecb") == 0) else if (strcmp(mode, "ecb") == 0)
cc->iv_generator = NULL; cc->iv_generator = NULL;
else { else {
ti->error = "dm-crypt: Invalid chaining mode"; ti->error = PFX "Invalid chaining mode";
goto bad1; goto bad1;
} }
...@@ -452,18 +455,22 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) ...@@ -452,18 +455,22 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv)
tfm = crypto_alloc_tfm(cipher, crypto_flags); tfm = crypto_alloc_tfm(cipher, crypto_flags);
if (!tfm) { if (!tfm) {
ti->error = "dm-crypt: Error allocating crypto tfm"; ti->error = PFX "Error allocating crypto tfm";
goto bad1; goto bad1;
} }
if (crypto_tfm_alg_type(tfm) != CRYPTO_ALG_TYPE_CIPHER) {
ti->error = PFX "Expected cipher algorithm";
goto bad2;
}
if (tfm->crt_u.cipher.cit_decrypt_iv && tfm->crt_u.cipher.cit_encrypt_iv) if (tfm->crt_cipher.cit_decrypt_iv && tfm->crt_cipher.cit_encrypt_iv)
/* at least a 32 bit sector number should fit in our buffer */ /* at least a 32 bit sector number should fit in our buffer */
cc->iv_size = max(crypto_tfm_alg_ivsize(tfm), cc->iv_size = max(crypto_tfm_alg_ivsize(tfm),
(unsigned int)(sizeof(u32) / sizeof(u8))); (unsigned int)(sizeof(u32) / sizeof(u8)));
else { else {
cc->iv_size = 0; cc->iv_size = 0;
if (cc->iv_generator) { if (cc->iv_generator) {
DMWARN("dm-crypt: Selected cipher does not support IVs"); DMWARN(PFX "Selected cipher does not support IVs");
cc->iv_generator = NULL; cc->iv_generator = NULL;
} }
} }
...@@ -471,14 +478,14 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) ...@@ -471,14 +478,14 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv)
cc->io_pool = mempool_create(MIN_IOS, mempool_alloc_slab, cc->io_pool = mempool_create(MIN_IOS, mempool_alloc_slab,
mempool_free_slab, _crypt_io_pool); mempool_free_slab, _crypt_io_pool);
if (!cc->io_pool) { if (!cc->io_pool) {
ti->error = "dm-crypt: Cannot allocate crypt io mempool"; ti->error = PFX "Cannot allocate crypt io mempool";
goto bad2; goto bad2;
} }
cc->page_pool = mempool_create(MIN_POOL_PAGES, mempool_alloc_page, cc->page_pool = mempool_create(MIN_POOL_PAGES, mempool_alloc_page,
mempool_free_page, NULL); mempool_free_page, NULL);
if (!cc->page_pool) { if (!cc->page_pool) {
ti->error = "dm-crypt: Cannot allocate page mempool"; ti->error = PFX "Cannot allocate page mempool";
goto bad3; goto bad3;
} }
...@@ -486,28 +493,28 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) ...@@ -486,28 +493,28 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv)
cc->key_size = key_size; cc->key_size = key_size;
if ((key_size == 0 && strcmp(argv[1], "-") != 0) if ((key_size == 0 && strcmp(argv[1], "-") != 0)
|| crypt_decode_key(cc->key, argv[1], key_size) < 0) { || crypt_decode_key(cc->key, argv[1], key_size) < 0) {
ti->error = "dm-crypt: Error decoding key"; ti->error = PFX "Error decoding key";
goto bad4; goto bad4;
} }
if (tfm->crt_u.cipher.cit_setkey(tfm, cc->key, key_size) < 0) { if (tfm->crt_cipher.cit_setkey(tfm, cc->key, key_size) < 0) {
ti->error = "dm-crypt: Error setting key"; ti->error = PFX "Error setting key";
goto bad4; goto bad4;
} }
if (sscanf(argv[2], SECTOR_FORMAT, &cc->iv_offset) != 1) { if (sscanf(argv[2], SECTOR_FORMAT, &cc->iv_offset) != 1) {
ti->error = "dm-crypt: Invalid iv_offset sector"; ti->error = PFX "Invalid iv_offset sector";
goto bad4; goto bad4;
} }
if (sscanf(argv[4], SECTOR_FORMAT, &cc->start) != 1) { if (sscanf(argv[4], SECTOR_FORMAT, &cc->start) != 1) {
ti->error = "dm-crypt: Invalid device sector"; ti->error = PFX "Invalid device sector";
goto bad4; goto bad4;
} }
if (dm_get_device(ti, argv[3], cc->start, ti->len, if (dm_get_device(ti, argv[3], cc->start, ti->len,
dm_table_get_mode(ti->table), &cc->dev)) { dm_table_get_mode(ti->table), &cc->dev)) {
ti->error = "dm-crypt: Device lookup failed"; ti->error = PFX "Device lookup failed";
goto bad4; goto bad4;
} }
...@@ -682,7 +689,7 @@ static int crypt_status(struct dm_target *ti, status_type_t type, ...@@ -682,7 +689,7 @@ static int crypt_status(struct dm_target *ti, status_type_t type,
case STATUSTYPE_TABLE: case STATUSTYPE_TABLE:
cipher = crypto_tfm_alg_name(cc->tfm); cipher = crypto_tfm_alg_name(cc->tfm);
switch(cc->tfm->crt_u.cipher.cit_mode) { switch(cc->tfm->crt_cipher.cit_mode) {
case CRYPTO_TFM_MODE_CBC: case CRYPTO_TFM_MODE_CBC:
mode = "plain"; mode = "plain";
break; break;
...@@ -739,13 +746,13 @@ static int __init dm_crypt_init(void) ...@@ -739,13 +746,13 @@ static int __init dm_crypt_init(void)
_kcryptd_workqueue = create_workqueue("kcryptd"); _kcryptd_workqueue = create_workqueue("kcryptd");
if (!_kcryptd_workqueue) { if (!_kcryptd_workqueue) {
r = -ENOMEM; r = -ENOMEM;
DMERR("couldn't create kcryptd"); DMERR(PFX "couldn't create kcryptd");
goto bad1; goto bad1;
} }
r = dm_register_target(&crypt_target); r = dm_register_target(&crypt_target);
if (r < 0) { if (r < 0) {
DMERR("crypt: register failed %d", r); DMERR(PFX "register failed %d", r);
goto bad2; goto bad2;
} }
...@@ -763,7 +770,7 @@ static void __exit dm_crypt_exit(void) ...@@ -763,7 +770,7 @@ static void __exit dm_crypt_exit(void)
int r = dm_unregister_target(&crypt_target); int r = dm_unregister_target(&crypt_target);
if (r < 0) if (r < 0)
DMERR("crypt: unregister failed %d", r); DMERR(PFX "unregister failed %d", r);
destroy_workqueue(_kcryptd_workqueue); destroy_workqueue(_kcryptd_workqueue);
kmem_cache_destroy(_crypt_io_pool); kmem_cache_destroy(_crypt_io_pool);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment