1. 27 Apr, 2017 12 commits
  2. 25 Apr, 2017 1 commit
  3. 24 Apr, 2017 14 commits
  4. 31 Mar, 2017 2 commits
  5. 30 Mar, 2017 1 commit
  6. 27 Mar, 2017 3 commits
    • Heinz Mauelshagen's avatar
      dm raid: add raid4/5/6 journal write-back support via journal_mode option · 6e53636f
      Heinz Mauelshagen authored
      Commit 63c32ed4 ("dm raid: add raid4/5/6 journaling support") added
      journal support to close the raid4/5/6 "write hole" -- in terms of
      writethrough caching.
      
      Introduce a "journal_mode" feature and use the new
      r5c_journal_mode_set() API to add support for switching the journal
      device's cache mode between write-through (the current default) and
      write-back.
      
      NOTE: If the journal device is not layered on resilent storage and it
      fails, write-through mode will cause the "write hole" to reoccur.  But
      if the journal fails while in write-back mode it will cause data loss
      for any dirty cache entries unless resilent storage is used for the
      journal.
      Signed-off-by: default avatarHeinz Mauelshagen <heinzm@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      6e53636f
    • Heinz Mauelshagen's avatar
      dm raid: fix table line argument order in status · 4464e36e
      Heinz Mauelshagen authored
      Commit 3a1c1ef2 ("dm raid: enhance status interface and fixup
      takeover/raid0") added new table line arguments and introduced an
      ordering flaw.  The sequence of the raid10_copies and raid10_format
      raid parameters got reversed which causes lvm2 userspace to fail by
      falsely assuming a changed table line.
      
      Sequence those 2 parameters as before so that old lvm2 can function
      properly with new kernels by adjusting the table line output as
      documented in Documentation/device-mapper/dm-raid.txt.
      
      Also, add missing version 1.10.1 highlight to the documention.
      
      Fixes: 3a1c1ef2 ("dm raid: enhance status interface and fixup takeover/raid0")
      Signed-off-by: default avatarHeinz Mauelshagen <heinzm@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      4464e36e
    • Heinz Mauelshagen's avatar
      md: add raid4/5/6 journal mode switching API · 78e470c2
      Heinz Mauelshagen authored
      Commit 2ded3703 ("md/r5cache: State machine for raid5-cache write
      back mode") added support for "write-back" caching on the raid journal
      device.
      
      In order to allow the dm-raid target to switch between the available
      "write-through" and "write-back" modes, provide a new
      r5c_journal_mode_set() API.
      
      Use the new API in existing r5c_journal_mode_store()
      Signed-off-by: default avatarHeinz Mauelshagen <heinzm@redhat.com>
      Acked-by: default avatarShaohua Li <shli@fb.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      78e470c2
  7. 24 Mar, 2017 7 commits
    • Mikulas Patocka's avatar
      dm crypt: use shifts instead of sector_div · ff3af92b
      Mikulas Patocka authored
      sector_div is very slow, so we introduce a variable sector_shift and
      use shift instead of sector_div.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      ff3af92b
    • Mikulas Patocka's avatar
      dm integrity: add recovery mode · c2bcb2b7
      Mikulas Patocka authored
      In recovery mode, we don't:
      - replay the journal
      - check checksums
      - allow writes to the device
      
      This mode can be used as a last resort for data recovery.  The
      motivation for recovery mode is that when there is a single error in the
      journal, the user should not lose access to the whole device.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      c2bcb2b7
    • Mike Snitzer's avatar
      dm integrity: factor out create_journal() from dm_integrity_ctr() · 1aa0efd4
      Mike Snitzer authored
      Preparation for next commit that makes call to create_journal()
      optional.
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      1aa0efd4
    • Milan Broz's avatar
      dm crypt: optionally support larger encryption sector size · 8f0009a2
      Milan Broz authored
      Add  optional "sector_size"  parameter that specifies encryption sector
      size (atomic unit of block device encryption).
      
      Parameter can be in range 512 - 4096 bytes and must be power of two.
      For compatibility reasons, the maximal IO must fit into the page limit,
      so the limit is set to the minimal page size possible (4096 bytes).
      
      NOTE: this device cannot yet be handled by cryptsetup if this parameter
      is set.
      
      IV for the sector is calculated from the 512 bytes sector offset unless
      the iv_large_sectors option is used.
      
      Test script using dmsetup:
      
        DEV="/dev/sdb"
        DEV_SIZE=$(blockdev --getsz $DEV)
        KEY="9c1185a5c5e9fc54612808977ee8f548b2258d31ddadef707ba62c166051b9e3cd0294c27515f2bccee924e8823ca6e124b8fc3167ed478bca702babe4e130ac"
        BLOCK_SIZE=4096
      
        # dmsetup create test_crypt --table "0 $DEV_SIZE crypt aes-xts-plain64 $KEY 0 $DEV 0 1 sector_size:$BLOCK_SIZE"
        # dmsetup table --showkeys test_crypt
      Signed-off-by: default avatarMilan Broz <gmazyland@gmail.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      8f0009a2
    • Milan Broz's avatar
      dm crypt: introduce new format of cipher with "capi:" prefix · 33d2f09f
      Milan Broz authored
      For the new authenticated encryption we have to support generic composed
      modes (combination of encryption algorithm and authenticator) because
      this is how the kernel crypto API accesses such algorithms.
      
      To simplify the interface, we accept an algorithm directly in crypto API
      format.  The new format is recognised by the "capi:" prefix.  The
      dmcrypt internal IV specification is the same as for the old format.
      
      The crypto API cipher specifications format is:
           capi:cipher_api_spec-ivmode[:ivopts]
      Examples:
           capi:cbc(aes)-essiv:sha256 (equivalent to old aes-cbc-essiv:sha256)
           capi:xts(aes)-plain64      (equivalent to old aes-xts-plain64)
      Examples of authenticated modes:
           capi:gcm(aes)-random
           capi:authenc(hmac(sha256),xts(aes))-random
           capi:rfc7539(chacha20,poly1305)-random
      
      Authenticated modes can only be configured using the new cipher format.
      Note that this format allows user to specify arbitrary combinations that
      can be insecure. (Policy decision is done in cryptsetup userspace.)
      
      Authenticated encryption algorithms can be of two types, either native
      modes (like GCM) that performs both encryption and authentication
      internally, or composed modes where user can compose AEAD with separate
      specification of encryption algorithm and authenticator.
      
      For composed mode with HMAC (length-preserving encryption mode like an
      XTS and HMAC as an authenticator) we have to calculate HMAC digest size
      (the separate authentication key is the same size as the HMAC digest).
      Introduce crypt_ctr_auth_cipher() to parse the crypto API string to get
      HMAC algorithm and retrieve digest size from it.
      
      Also, for HMAC composed mode we need to parse the crypto API string to
      get the cipher mode nested in the specification.  For native AEAD mode
      (like GCM), we can use crypto_tfm_alg_name() API to get the cipher
      specification.
      
      Because the HMAC composed mode is not processed the same as the native
      AEAD mode, the CRYPT_MODE_INTEGRITY_HMAC flag is no longer needed and
      "hmac" specification for the table integrity argument is removed.
      Signed-off-by: default avatarMilan Broz <gmazyland@gmail.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      33d2f09f
    • Milan Broz's avatar
      dm crypt: factor IV constructor out to separate function · e889f97a
      Milan Broz authored
      No functional change.
      Signed-off-by: default avatarMilan Broz <gmazyland@gmail.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      e889f97a
    • Milan Broz's avatar
      dm crypt: add cryptographic data integrity protection (authenticated encryption) · ef43aa38
      Milan Broz authored
      Allow the use of per-sector metadata, provided by the dm-integrity
      module, for integrity protection and persistently stored per-sector
      Initialization Vector (IV).  The underlying device must support the
      "DM-DIF-EXT-TAG" dm-integrity profile.
      
      The per-bio integrity metadata is allocated by dm-crypt for every bio.
      
      Example of low-level mapping table for various types of use:
       DEV=/dev/sdb
       SIZE=417792
      
       # Additional HMAC with CBC-ESSIV, key is concatenated encryption key + HMAC key
       SIZE_INT=389952
       dmsetup create x --table "0 $SIZE_INT integrity $DEV 0 32 J 0"
       dmsetup create y --table "0 $SIZE_INT crypt aes-cbc-essiv:sha256 \
       11ff33c6fb942655efb3e30cf4c0fd95f5ef483afca72166c530ae26151dd83b \
       00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff \
       0 /dev/mapper/x 0 1 integrity:32:hmac(sha256)"
      
       # AEAD (Authenticated Encryption with Additional Data) - GCM with random IVs
       # GCM in kernel uses 96bits IV and we store 128bits auth tag (so 28 bytes metadata space)
       SIZE_INT=393024
       dmsetup create x --table "0 $SIZE_INT integrity $DEV 0 28 J 0"
       dmsetup create y --table "0 $SIZE_INT crypt aes-gcm-random \
       11ff33c6fb942655efb3e30cf4c0fd95f5ef483afca72166c530ae26151dd83b \
       0 /dev/mapper/x 0 1 integrity:28:aead"
      
       # Random IV only for XTS mode (no integrity protection but provides atomic random sector change)
       SIZE_INT=401272
       dmsetup create x --table "0 $SIZE_INT integrity $DEV 0 16 J 0"
       dmsetup create y --table "0 $SIZE_INT crypt aes-xts-random \
       11ff33c6fb942655efb3e30cf4c0fd95f5ef483afca72166c530ae26151dd83b \
       0 /dev/mapper/x 0 1 integrity:16:none"
      
       # Random IV with XTS + HMAC integrity protection
       SIZE_INT=377656
       dmsetup create x --table "0 $SIZE_INT integrity $DEV 0 48 J 0"
       dmsetup create y --table "0 $SIZE_INT crypt aes-xts-random \
       11ff33c6fb942655efb3e30cf4c0fd95f5ef483afca72166c530ae26151dd83b \
       00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff \
       0 /dev/mapper/x 0 1 integrity:48:hmac(sha256)"
      
      Both AEAD and HMAC protection authenticates not only data but also
      sector metadata.
      
      HMAC protection is implemented through autenc wrapper (so it is
      processed the same way as an authenticated mode).
      
      In HMAC mode there are two keys (concatenated in dm-crypt mapping
      table).  First is the encryption key and the second is the key for
      authentication (HMAC).  (It is userspace decision if these keys are
      independent or somehow derived.)
      
      The sector request for AEAD/HMAC authenticated encryption looks like this:
       |----- AAD -------|------ DATA -------|-- AUTH TAG --|
       | (authenticated) | (auth+encryption) |              |
       | sector_LE |  IV |  sector in/out    |  tag in/out  |
      
      For writes, the integrity fields are calculated during AEAD encryption
      of every sector and stored in bio integrity fields and sent to
      underlying dm-integrity target for storage.
      
      For reads, the integrity metadata is verified during AEAD decryption of
      every sector (they are filled in by dm-integrity, but the integrity
      fields are pre-allocated in dm-crypt).
      
      There is also an experimental support in cryptsetup utility for more
      friendly configuration (part of LUKS2 format).
      
      Because the integrity fields are not valid on initial creation, the
      device must be "formatted".  This can be done by direct-io writes to the
      device (e.g. dd in direct-io mode).  For now, there is available trivial
      tool to do this, see: https://github.com/mbroz/dm_int_toolsSigned-off-by: default avatarMilan Broz <gmazyland@gmail.com>
      Signed-off-by: default avatarOndrej Mosnacek <omosnacek@gmail.com>
      Signed-off-by: default avatarVashek Matyas <matyas@fi.muni.cz>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      ef43aa38