kernel/Documentation/admin-guide/device-mapper/verity.rst, branch linux-rolling-stable

dm verity fec: Expose corrected block count via status

2025-11-18T17:24:26Z

Enhance visibility into dm-verity Forward Error Correction (FEC) activity. While FEC can correct on-disk corruptions, the number of successful correction events is not readily exposed through a standard interface. This change integrates FEC statistics into the verity target's .status handler for STATUSTYPE_INFO. The info output now includes count of corrected block by FEC. The counter is a per-device instance atomic64_t, maintained within the struct dm_verity_fec, tracking blocks successfully repaired by FEC on this specific device instance since it was created. This approach aligns with the standard Device Mapper mechanism for targets to report runtime information, as used by other targets like dm-integrity. This patch also updates Documentation/admin-guide/device-mapper/verity.rst to reflect the new status information. Tested: Induced single-bit errors on a block device protected by dm-verity with FEC on android phone. Confirmed 'dmctl status ' on Android reports an incrementing 'fec_corrected_blocks' count after the corrupted blocks were accessed. Signed-off-by: Shubhankar Mishra Signed-off-by: Mikulas Patocka

dm-verity: support block number limits for different ioprio classes

2025-03-28T10:32:55Z

Calling verity_verify_io in bh for IO of all sizes is not suitable for embedded devices. From our tests, it can improve the performance of 4K synchronise random reads. For example: ./fio --name=rand_read --ioengine=psync --rw=randread --bs=4K \ --direct=1 --numjobs=8 --runtime=60 --time_based --group_reporting \ --filename=/dev/block/mapper/xx-verity But it will degrade the performance of 512K synchronise sequential reads on our devices. For example: ./fio --name=read --ioengine=psync --rw=read --bs=512K --direct=1 \ --numjobs=8 --runtime=60 --time_based --group_reporting \ --filename=/dev/block/mapper/xx-verity A parameter array is introduced by this change. And users can modify the default config by /sys/module/dm_verity/parameters/use_bh_bytes. The default limits for NONE/RT/BE is set to 8192. The default limits for IDLE is set to 0. Call verity_verify_io directly when verity_end_io is not in hardirq. Signed-off-by: LongPing Wei Signed-off-by: Mikulas Patocka

dm-verity: Document restart_on_error and panic_on_error options

2025-02-03T13:10:10Z

This patch adds documentation for options introduced in commit f811b83879fb ("dm-verity: introduce the options restart_on_error and panic_on_error"). Signed-off-by: Milan Broz Signed-off-by: Mikulas Patocka

dm verity: Add documentation for try_verify_in_tasklet option

2022-10-18T21:17:48Z

Add documentation that was missing from commit 5721d4e5a9cd ("dm verity: Add optional "try_verify_in_tasklet" feature"). Signed-off-by: Milan Broz Signed-off-by: Mike Snitzer

Merge tag 'for-5.11/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm

2020-12-22T21:27:21Z

Pull device mapper updates from Mike Snitzer: - Add DM verity support for signature verification with 2nd keyring - Fix DM verity to skip verity work if IO completes with error while system is shutting down - Add new DM multipath "IO affinity" path selector that maps IO destined to a given path to a specific CPU based on user provided mapping - Rename DM multipath path selector source files to have "dm-ps" prefix - Add REQ_NOWAIT support to some other simple DM targets that don't block in more elaborate ways waiting for IO - Export DM crypt's kcryptd workqueue via sysfs (WQ_SYSFS) - Fix error return code in DM's target_message() if empty message is received - A handful of other small cleanups * tag 'for-5.11/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: dm cache: simplify the return expression of load_mapping() dm ebs: avoid double unlikely() notation when using IS_ERR() dm verity: skip verity work if I/O error when system is shutting down dm crypt: export sysfs of kcryptd workqueue dm ioctl: fix error return code in target_message dm crypt: Constify static crypt_iv_operations dm: add support for REQ_NOWAIT to various targets dm: rename multipath path selector source files to have "dm-ps" prefix dm mpath: add IO affinity path selector dm verity: Add support for signature verification with 2nd keyring dm: remove unnecessary current->bio_list check when submitting split bio

Documentation: fix multiple typos found in the admin-guide subdirectory

2020-12-08T17:27:56Z

Fix thirty five typos in dm-integrity.rst, dm-raid.rst, dm-zoned.rst, verity.rst, writecache.rst, tsx_async_abort.rst, md.rst, bttv.rst, dvb_references.rst, frontend-cardlist.rst, gspca-cardlist.rst, ipu3.rst, remote-controller.rst, mm/index.rst, numaperf.rst, userfaultfd.rst, module-signing.rst, imx-ddr.rst, intel-speed-select.rst, intel_pstate.rst, ramoops.rst, abi.rst, kernel.rst, vm.rst Signed-off-by: Andrew Klychkov Link: https://lore.kernel.org/r/20201204072848.GA49895@spblnx124.lan Signed-off-by: Jonathan Corbet

dm verity: Add support for signature verification with 2nd keyring

2020-12-04T23:04:35Z

Add a new configuration DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING to enable dm-verity signatures to be verified against the secondary trusted keyring. Instead of relying on the builtin trusted keyring (with hard-coded certificates), the second trusted keyring can include certificate authorities from the builtin trusted keyring and child certificates loaded at run time. Using the secondary trusted keyring enables to use dm-verity disks (e.g. loop devices) signed by keys which did not exist at kernel build time, leveraging the certificate chain of trust model. In practice, this makes it possible to update certificates without kernel update and reboot, aligning with module and kernel (kexec) signature verification which already use the secondary trusted keyring. Signed-off-by: Mickaël Salaün Signed-off-by: Mike Snitzer

dm verity: add "panic_on_corruption" error handling mode

2020-07-13T15:47:33Z

Samsung smart phones may need the ability to panic on corruption. Not all devices provide the bootloader support needed to use the existing "restart_on_corruption" mode. Additional details for why Samsung needs this new mode can be found here: https://www.redhat.com/archives/dm-devel/2020-June/msg00235.html Signed-off-by: jhs2.lee Signed-off-by: Mike Snitzer

dm verity: add root hash pkcs#7 signature verification

2019-08-23T14:13:14Z

The verification is to support cases where the root hash is not secured by Trusted Boot, UEFI Secureboot or similar technologies. One of the use cases for this is for dm-verity volumes mounted after boot, the root hash provided during the creation of the dm-verity volume has to be secure and thus in-kernel validation implemented here will be used before we trust the root hash and allow the block device to be created. The signature being provided for verification must verify the root hash and must be trusted by the builtin keyring for verification to succeed. The hash is added as a key of type "user" and the description is passed to the kernel so it can look it up and use it for verification. Adds CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG which can be turned on if root hash verification is needed. Kernel commandline dm_verity module parameter 'require_signatures' will indicate whether to force root hash signature verification (for all dm verity volumes). Signed-off-by: Jaskaran Khurana Tested-and-Reviewed-by: Milan Broz Signed-off-by: Mike Snitzer

docs: device-mapper: move it to the admin-guide

2019-07-15T14:03:01Z

The DM support describes lots of aspects related to mapped disk partitions from the userspace PoV. Signed-off-by: Mauro Carvalho Chehab