Hello, Dear devcice-mapper maintainers.
I'm JeongHyeon Lee, work in Samsung. I'm chage of DM-Verity feature with
Mr. sunwook eom.
I have a patch or suggestion about DM-Verity error handling.
Our device (smart phone) need DM-Verity feature. So I hope there is new
mode DM-Verity error handling.
This new mode concept is When detect corrupted block, will be go to panic.
Because our team policy is found device DM-Verity error, device will go
panic.
And then analyze what kind of device fault (crash UFS, IO error, DRAM
bit flip etc)
In addition to the smart phone, I would like to have an option that
users or administrators can use accordingly.
There are patch contents in the attachment. I would really appreciate it
if you could check it.
I will look forward to hearing from yours.
Thank you :)
From 6d3e508ed6872bfdc88d6ad979ac5c0347144fbb Mon Sep 17 00:00:00 2001
From: "jhs2.lee" <jhs2.lee@xxxxxxxxxxx>
Date: Thu, 18 Jun 2020 15:32:20 +0900
Subject: [PATCH] dm verity: new error handling mode for corrupted blocks
There is no panic error handling mode when a problem occurs.
So We add new error handling mode. users and administrators
setup to fit your need.
Signed-off-by: jhs2.lee <jhs2.lee@xxxxxxxxxxx>
---
Documentation/admin-guide/device-mapper/verity.rst | 4 ++++
drivers/md/dm-verity-target.c | 11 +++++++++++
drivers/md/dm-verity.h | 3 ++-
3 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/Documentation/admin-guide/device-mapper/verity.rst b/Documentation/admin-guide/device-mapper/verity.rst
index bb02caa45289..66f71f0dab1b 100644
--- a/Documentation/admin-guide/device-mapper/verity.rst
+++ b/Documentation/admin-guide/device-mapper/verity.rst
@@ -83,6 +83,10 @@ restart_on_corruption
not compatible with ignore_corruption and requires user space support to
avoid restart loops.
+panic_on_corruption
+ Panic the device when a corrupted block is discovered. This option is
+ not compatible with ignore_corruption and restart_on_corruption.
+
ignore_zero_blocks
Do not verify blocks that are expected to contain zeroes and always return
zeroes instead. This may be useful if the partition contains unused blocks
diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c
index eec9f252e935..c89114e7886c 100644
--- a/drivers/md/dm-verity-target.c
+++ b/drivers/md/dm-verity-target.c
@@ -30,6 +30,7 @@
#define DM_VERITY_OPT_LOGGING "ignore_corruption"
#define DM_VERITY_OPT_RESTART "restart_on_corruption"
+#define DM_VERITY_OPT_PANIC "panic_on_corruption"
#define DM_VERITY_OPT_IGN_ZEROES "ignore_zero_blocks"
#define DM_VERITY_OPT_AT_MOST_ONCE "check_at_most_once"
@@ -254,6 +255,9 @@ static int verity_handle_err(struct dm_verity *v, enum verity_block_type type,
if (v->mode == DM_VERITY_MODE_RESTART)
kernel_restart("dm-verity device corrupted");
+ if (v->mode == DM_VERITY_MODE_PANIC)
+ panic("dm-verity device corrupted");
+
return 1;
}
@@ -742,6 +746,9 @@ static void verity_status(struct dm_target *ti, status_type_t type,
case DM_VERITY_MODE_RESTART:
DMEMIT(DM_VERITY_OPT_RESTART);
break;
+ case DM_VERITY_MODE_PANIC:
+ DMEMIT(DM_VERITY_OPT_PANIC);
+ break;
default:
BUG();
}
@@ -907,6 +914,10 @@ static int verity_parse_opt_args(struct dm_arg_set *as, struct dm_verity *v,
v->mode = DM_VERITY_MODE_RESTART;
continue;
+ } else if (!strcasecmp(arg_name, DM_VERITY_OPT_PANIC)) {
+ v->mode = DM_VERITY_MODE_PANIC;
+ continue;
+
} else if (!strcasecmp(arg_name, DM_VERITY_OPT_IGN_ZEROES)) {
r = verity_alloc_zero_digest(v);
if (r) {
diff --git a/drivers/md/dm-verity.h b/drivers/md/dm-verity.h
index 641b9e3a399b..4e769d13473a 100644
--- a/drivers/md/dm-verity.h
+++ b/drivers/md/dm-verity.h
@@ -20,7 +20,8 @@
enum verity_mode {
DM_VERITY_MODE_EIO,
DM_VERITY_MODE_LOGGING,
- DM_VERITY_MODE_RESTART
+ DM_VERITY_MODE_RESTART,
+ DM_VERITY_MODE_PANIC
};
enum verity_block_type {
--
2.17.1
