md: High security vulnerability in dm-anroid-verity [1/1]

PD#SWPL-24864

Problem:
High security vulnerability in dm-anroid-verity

Solution:
we add this code for test.
It was improperly released, revert it.
Android avb code is ok after revert it.
Revert "md: use dm-anroid-verity [3/4]"

This reverts commit 84edbc7284d824c43d14293d56e17d5d201cfd66.

Verify:
franklin

Change-Id: I8daa068475ee6d29b3ee8a5e8475b7594d71ce7d
Signed-off-by: Xindong Xu <xindong.xu@amlogic.com>

3 files changed, 3 insertions, 40 deletions

diff --git a/arch/arm64/configs/meson64_defconfig b/arch/arm64/configs/meson64_defconfig
index 275f21b..5be73ab 100644
--- a/arch/arm64/configs/meson64_defconfig
+++ b/arch/arm64/configs/meson64_defconfig
@@ -391,15 +391,11 @@ CONFIG_SCSI=y
 CONFIG_BLK_DEV_SD=y
 CONFIG_BLK_DEV_SR=y
 CONFIG_MD=y
-CONFIG_BLK_DEV_MD=y
-CONFIG_MD_LINEAR=y
 CONFIG_BLK_DEV_DM=y
 CONFIG_DM_CRYPT=y
 CONFIG_DM_VERITY=y
-CONFIG_DM_VERITY_HASH_PREFETCH_MIN_SIZE=1
 CONFIG_DM_VERITY_FEC=y
 CONFIG_DM_VERITY_AVB=y
-CONFIG_DM_ANDROID_VERITY=y
 CONFIG_NETDEVICES=y
 CONFIG_TUN=y
 CONFIG_8139CP=y
diff --git a/drivers/md/Kconfig b/drivers/md/Kconfig
index b425a87..b76de4d 100644
--- a/drivers/md/Kconfig
+++ b/drivers/md/Kconfig
@@ -531,6 +531,8 @@ config DM_ANDROID_VERITY
 	bool "Android verity target support"
 	depends on DM_VERITY=y
 	depends on X509_CERTIFICATE_PARSER
+	depends on SYSTEM_TRUSTED_KEYRING
+	depends on PUBLIC_KEY_ALGO_RSA
 	depends on KEYS
 	depends on ASYMMETRIC_KEY_TYPE
 	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
diff --git a/drivers/md/dm-android-verity.c b/drivers/md/dm-android-verity.c
index f225538..eb4bdf6 100644
--- a/drivers/md/dm-android-verity.c
+++ b/drivers/md/dm-android-verity.c
@@ -33,9 +33,6 @@
 
 #include <asm/setup.h>
 #include <crypto/hash.h>
-#ifdef CONFIG_AMLOGIC_MODIFY
-#include <crypto/hash_info.h>
-#endif
 #include <crypto/public_key.h>
 #include <crypto/sha.h>
 #include <keys/asymmetric-type.h>
@@ -99,12 +96,11 @@ static int __init verity_buildvariant(char *line)
 
 __setup("buildvariant=", verity_buildvariant);
 
-#ifndef CONFIG_AMLOGIC_MODIFY
 static inline bool default_verity_key_id(void)
 {
 	return veritykeyid[0] != '\0';
 }
-#endif
+
 static inline bool is_eng(void)
 {
 	static const char typeeng[]  = "eng";
@@ -126,7 +122,6 @@ static inline bool is_unlocked(void)
 	return !strncmp(verifiedbootstate, unlocked, sizeof(unlocked));
 }
 
-#ifndef CONFIG_AMLOGIC_MODIFY
 static int table_extract_mpi_array(struct public_key_signature *pks,
 				const void *data, size_t len)
 {
@@ -195,7 +190,6 @@ error:
 	crypto_free_shash(tfm);
 	return ERR_PTR(ret);
 }
-#endif
 
 static int read_block_dev(struct bio_read *payload, struct block_device *bdev,
 		sector_t offset, int length)
@@ -236,11 +230,7 @@ static int read_block_dev(struct bio_read *payload, struct block_device *bdev,
 		}
 	}
 
-#ifdef CONFIG_AMLOGIC_MODIFY
-	if (!submit_bio_wait(bio))
-#else
 	if (!submit_bio_wait(READ, bio))
-#endif
 		/* success */
 		goto free_bio;
 	DMERR("bio read failed");
@@ -577,7 +567,6 @@ static int verity_mode(void)
 	return DM_VERITY_MODE_EIO;
 }
 
-#ifndef CONFIG_AMLOGIC_MODIFY
 static int verify_verity_signature(char *key_id,
 		struct android_metadata *metadata)
 {
@@ -622,7 +611,6 @@ error:
 
 	return retval;
 }
-#endif
 
 static void handle_error(void)
 {
@@ -706,13 +694,8 @@ static int android_verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
 	dev_t uninitialized_var(dev);
 	struct android_metadata *metadata = NULL;
 	int err = 0, i, mode;
-#ifdef CONFIG_AMLOGIC_MODIFY
-	char *table_ptr, dummy, *target_device,
-	*verity_table_args[VERITY_TABLE_ARGS + 2 + VERITY_TABLE_OPT_FEC_ARGS];
-#else
 	char *key_id, *table_ptr, dummy, *target_device,
 	*verity_table_args[VERITY_TABLE_ARGS + 2 + VERITY_TABLE_OPT_FEC_ARGS];
-#endif
 	/* One for specifying number of opt args and one for mode */
 	sector_t data_sectors;
 	u32 data_block_size;
@@ -722,14 +705,6 @@ static int android_verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
 	char buf[FEC_ARG_LENGTH], *buf_ptr;
 	unsigned long long tmpll;
 
-#ifdef CONFIG_AMLOGIC_MODIFY
-	DMERR("come to android_verity_ctr in dm-android-verity.c");
-	if (argc < 10) {
-		DMERR("Incorrect number of arguments");
-		handle_error();
-		return -EINVAL;
-	}
-#else
 	if (argc == 1) {
 		/* Use the default keyid */
 		if (default_verity_key_id())
@@ -746,16 +721,10 @@ static int android_verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
 		handle_error();
 		return -EINVAL;
 	}
-#endif
 
-#ifdef CONFIG_AMLOGIC_MODIFY
-	target_device = argv[1];
-	dev = dm_get_dev_t(argv[1]);
-#else
 	target_device = argv[0];
 
 	dev = name_to_dev_t(target_device);
-#endif
 	if (!dev) {
 		DMERR("no dev found for %s", target_device);
 		handle_error();
@@ -765,11 +734,9 @@ static int android_verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
 	if (is_eng())
 		return create_linear_device(ti, dev, target_device);
 
-#ifndef CONFIG_AMLOGIC_MODIFY
 	strreplace(key_id, '#', ' ');
 
 	DMINFO("key:%s dev:%s", key_id, target_device);
-#endif
 
 	if (extract_fec_header(dev, &fec, &ecc)) {
 		DMERR("Error while extracting fec header");
@@ -790,7 +757,6 @@ static int android_verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
 		goto free_metadata;
 	}
 
-#ifndef CONFIG_AMLOGIC_MODIFY
 	if (verity_enabled) {
 		err = verify_verity_signature(key_id, metadata);
 
@@ -801,7 +767,6 @@ static int android_verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
 		} else
 			DMINFO("Signature verification success");
 	}
-#endif
 
 	table_ptr = metadata->verity_table;