01 Sep, 2021
1 commit
-
…/device-mapper/linux-dm
Pull device mapper updates from Mike Snitzer:
- Add DM infrastructure for IMA-based remote attestion. These changes
are the basis for deploying DM-based storage in a "cloud" that must
validate configurations end-users run to maintain trust. These DM
changes allow supported DM targets' configurations to be measured via
IMA. But the policy and enforcement (of which configurations are
valid) is managed by something outside the kernel (e.g. Keylime).- Fix DM crypt scalability regression on systems with many cpus due to
percpu_counter spinlock contention in crypt_page_alloc().- Use in_hardirq() instead of deprecated in_irq() in DM crypt.
- Add event counters to DM writecache to allow users to further assess
how the writecache is performing.- Various code cleanup in DM writecache's main IO mapping function.
* tag 'for-5.15/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
dm crypt: use in_hardirq() instead of deprecated in_irq()
dm ima: update dm documentation for ima measurement support
dm ima: update dm target attributes for ima measurements
dm ima: add a warning in dm_init if duplicate ima events are not measured
dm ima: prefix ima event name related to device mapper with dm_
dm ima: add version info to dm related events in ima log
dm ima: prefix dm table hashes in ima log with hash algorithm
dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()
dm: add documentation for IMA measurement support
dm: update target status functions to support IMA measurement
dm ima: measure data on device rename
dm ima: measure data on table clear
dm ima: measure data on device remove
dm ima: measure data on device resume
dm ima: measure data on table load
dm writecache: add event counters
dm writecache: report invalid return from writecache_map helpers
dm writecache: further writecache_map() cleanup
dm writecache: factor out writecache_map_remap_origin()
dm writecache: split up writecache_map() to improve code readability
17 Aug, 2021
1 commit
-
Use bvec_virt instead of open coding it.
Signed-off-by: Christoph Hellwig
Link: https://lore.kernel.org/r/20210804095634.460779-5-hch@lst.de
Signed-off-by: Jens Axboe
11 Aug, 2021
1 commit
-
For device mapper targets to take advantage of IMA's measurement
capabilities, the status functions for the individual targets need to be
updated to handle the status_type_t case for value STATUSTYPE_IMA.Update status functions for the following target types, to log their
respective attributes to be measured using IMA.
01. cache
02. crypt
03. integrity
04. linear
05. mirror
06. multipath
07. raid
08. snapshot
09. striped
10. verityFor rest of the targets, handle the STATUSTYPE_IMA case by setting the
measurement buffer to NULL.For IMA to measure the data on a given system, the IMA policy on the
system needs to be updated to have the following line, and the system
needs to be restarted for the measurements to take effect./etc/ima/ima-policy
measure func=CRITICAL_DATA label=device-mapper template=ima-bufThe measurements will be reflected in the IMA logs, which are located at:
/sys/kernel/security/integrity/ima/ascii_runtime_measurements
/sys/kernel/security/integrity/ima/binary_runtime_measurementsThese IMA logs can later be consumed by various attestation clients
running on the system, and send them to external services for attesting
the system.The DM target data measured by IMA subsystem can alternatively
be queried from userspace by setting DM_IMA_MEASUREMENT_FLAG with
DM_TABLE_STATUS_CMD.Signed-off-by: Tushar Sugandhi
Signed-off-by: Mike Snitzer
27 Mar, 2021
1 commit
-
s/retrievd/retrieved/
s/misalignement/misalignment/
s/funtion/function/Signed-off-by: Bhaskar Chowdhury
Acked-by: Randy Dunlap
Signed-off-by: Mike Snitzer
22 Dec, 2020
1 commit
-
The definition of IS_ERR() already applies the unlikely() notation
when checking the error status of the passed pointer. For this
reason there is no need to have the same notation outside of
IS_ERR() itself.Clean up code by removing redundant notation.
Signed-off-by: Antonio Quartulli
Signed-off-by: Mike Snitzer
05 Aug, 2020
1 commit
-
REQ_OP_FLUSH was being treated as a flag, but the operation
part of bio->bi_opf must be treated as a whole. Change to
accessing the operation part via bio_op(bio) and checking
for equality.Signed-off-by: John Dorminy
Acked-by: Heinz Mauelshagen
Fixes: d3c7b35c20d60 ("dm: add emulated block size target")
Cc: stable@vger.kernel.org
Signed-off-by: Mike Snitzer
06 Jun, 2020
1 commit
-
Use dm_bufio_forget_buffers instead of a block-by-block loop that
calls dm_bufio_forget. dm_bufio_forget_buffers is faster than the loop
because it searches for used buffers using rb-tree.Signed-off-by: Mikulas Patocka
Signed-off-by: Mike Snitzer
15 May, 2020
2 commits
-
Make use of dm_bufio_issue_discard() to pass discards down to the
underlying device.Signed-off-by: Heinz Mauelshagen
Signed-off-by: Mike Snitzer -
This new target is similar to the linear target except that it emulates
a smaller logical block size on a device with a larger logical block
size. Its main purpose is to emulate 512 byte sectors on 4K native
disks (i.e. 512e).See Documentation/admin-guide/device-mapper/dm-ebs.rst for details.
Reviewed-by: Damien Le Moal
Signed-off-by: Heinz Mauelshagen
Signed-off-by: Randy Dunlap [Kconfig fixes]
Signed-off-by: Zheng Bin [static fixes]
Signed-off-by: Mike Snitzer
