summaryrefslogtreecommitdiff
path: root/drivers/md/dm-verity.h
diff options
context:
space:
mode:
authorMikulas Patocka <mpatocka@redhat.com>2024-02-19 21:28:09 +0100
committerMike Snitzer <snitzer@kernel.org>2024-02-20 13:34:31 -0500
commit9177f3c0dea6143d05cac1bbd28668fd0e216d11 (patch)
treec986c5410d17dad296307c5a3eb8ca673391d173 /drivers/md/dm-verity.h
parentc88f5e553fe38b2ffc4c33d08654e5281b297677 (diff)
downloadlwn-9177f3c0dea6143d05cac1bbd28668fd0e216d11.tar.gz
lwn-9177f3c0dea6143d05cac1bbd28668fd0e216d11.zip
dm-verity: recheck the hash after a failure
If a userspace process reads (with O_DIRECT) multiple blocks into the same buffer, dm-verity reports an error [1]. This commit fixes dm-verity, so that if hash verification fails, the data is read again into a kernel buffer (where userspace can't modify it) and the hash is rechecked. If the recheck succeeds, the content of the kernel buffer is copied into the user buffer; if the recheck fails, an error is reported. [1] https://people.redhat.com/~mpatocka/testcases/blk-auth-modify/read2.c Signed-off-by: Mikulas Patocka <mpatocka@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Diffstat (limited to 'drivers/md/dm-verity.h')
-rw-r--r--drivers/md/dm-verity.h6
1 files changed, 6 insertions, 0 deletions
diff --git a/drivers/md/dm-verity.h b/drivers/md/dm-verity.h
index f3f607008419..4620a98c9956 100644
--- a/drivers/md/dm-verity.h
+++ b/drivers/md/dm-verity.h
@@ -11,6 +11,7 @@
#ifndef DM_VERITY_H
#define DM_VERITY_H
+#include <linux/dm-io.h>
#include <linux/dm-bufio.h>
#include <linux/device-mapper.h>
#include <linux/interrupt.h>
@@ -68,6 +69,9 @@ struct dm_verity {
unsigned long *validated_blocks; /* bitset blocks validated */
char *signature_key_desc; /* signature keyring reference */
+
+ struct dm_io_client *io;
+ mempool_t recheck_pool;
};
struct dm_verity_io {
@@ -84,6 +88,8 @@ struct dm_verity_io {
struct work_struct work;
+ char *recheck_buffer;
+
/*
* Three variably-size fields follow this struct:
*