ANDROID: AVB: Only invalidate vbmeta when told to do so.

When using AVB, the dm-verity error handling mode is now customizeable
by the bootloader. This CL is for the kernel-side support - it makes
the AVB error handler invalidate the vbmeta partition only if
androidboot.vbmeta.invalidate_on_error is set to "yes".

Bug: 38157502
Test: Manually tested all dm-verity error modes on UEFI-based bootloader.
Change-Id: If36b8a5be9ffd6120e7e0c162843e732eba2ce26
Signed-off-by: David Zeuthen <zeuthen@google.com>

drivers/md/dm-verity-avb.c

@@ -12,8 +12,9 @@
 
 #define DM_MSG_PREFIX "verity-avb"
 
-/* Set via module parameter. */
+/* Set via module parameters. */
 static char avb_vbmeta_device[64];
+static char avb_invalidate_on_error[4];
 
 static void invalidate_vbmeta_endio(struct bio *bio)
 {
@@ -175,6 +176,11 @@ void dm_verity_avb_error_handler(void)
 
 	DMINFO("AVB error handler called for %s", avb_vbmeta_device);
 
+	if (strcmp(avb_invalidate_on_error, "yes") != 0) {
+		DMINFO("Not configured to invalidate");
+		return;
+	}
+
 	if (avb_vbmeta_device[0] == '\0') {
 		DMERR("avb_vbmeta_device parameter not set");
 		goto fail_no_dev;
@@ -215,3 +221,5 @@ MODULE_LICENSE("GPL");
 #undef MODULE_PARAM_PREFIX
 #define MODULE_PARAM_PREFIX	"androidboot.vbmeta."
 module_param_string(device, avb_vbmeta_device, sizeof(avb_vbmeta_device), 0);
+module_param_string(invalidate_on_error, avb_invalidate_on_error,
+                    sizeof(avb_invalidate_on_error), 0);