ANDROID: AVB: Only invalidate vbmeta when told to do so.

When using AVB, the dm-verity error handling mode is now customizeable
by the bootloader. This CL is for the kernel-side support - it makes
the AVB error handler invalidate the vbmeta partition only if
androidboot.vbmeta.invalidate_on_error is set to "yes".

Bug: 38157502
Test: Manually tested all dm-verity error modes on UEFI-based bootloader.
Change-Id: If36b8a5be9ffd6120e7e0c162843e732eba2ce26
Signed-off-by: David Zeuthen <zeuthen@google.com>

diff --git a/drivers/md/dm-verity-avb.c b/drivers/md/dm-verity-avb.c
index 88487346c4c68a73a273a296441d761c3bccb31c..a0ee31e0dd094e85c80ffa6fa2ec53444167d585 100644 (file)
--- a/drivers/md/dm-verity-avb.c
+++ b/drivers/md/dm-verity-avb.c
@@ -12,8 +12,9 @@
 
 #define DM_MSG_PREFIX "verity-avb"
 
-/* Set via module parameter. */
+/* Set via module parameters. */
 static char avb_vbmeta_device[64];
+static char avb_invalidate_on_error[4];
 
 static void invalidate_vbmeta_endio(struct bio *bio)
 {
@@ -175,6 +176,11 @@ void dm_verity_avb_error_handler(void)
 
        DMINFO("AVB error handler called for %s", avb_vbmeta_device);
 
+       if (strcmp(avb_invalidate_on_error, "yes") != 0) {
+               DMINFO("Not configured to invalidate");
+               return;
+       }
+
        if (avb_vbmeta_device[0] == '\0') {
                DMERR("avb_vbmeta_device parameter not set");
                goto fail_no_dev;
@@ -215,3 +221,5 @@ MODULE_LICENSE("GPL");
 #undef MODULE_PARAM_PREFIX
 #define MODULE_PARAM_PREFIX    "androidboot.vbmeta."
 module_param_string(device, avb_vbmeta_device, sizeof(avb_vbmeta_device), 0);
+module_param_string(invalidate_on_error, avb_invalidate_on_error,
+                    sizeof(avb_invalidate_on_error), 0);