diff options
author | Mikulas Patocka <mpatocka@redhat.com> | 2024-02-19 21:28:09 +0100 |
---|---|---|
committer | Mike Snitzer <snitzer@kernel.org> | 2024-02-20 13:34:31 -0500 |
commit | 9177f3c0dea6143d05cac1bbd28668fd0e216d11 (patch) | |
tree | c986c5410d17dad296307c5a3eb8ca673391d173 /drivers/md/dm-verity.h | |
parent | c88f5e553fe38b2ffc4c33d08654e5281b297677 (diff) | |
download | lwn-9177f3c0dea6143d05cac1bbd28668fd0e216d11.tar.gz lwn-9177f3c0dea6143d05cac1bbd28668fd0e216d11.zip |
dm-verity: recheck the hash after a failure
If a userspace process reads (with O_DIRECT) multiple blocks into the same
buffer, dm-verity reports an error [1].
This commit fixes dm-verity, so that if hash verification fails, the data
is read again into a kernel buffer (where userspace can't modify it) and
the hash is rechecked. If the recheck succeeds, the content of the kernel
buffer is copied into the user buffer; if the recheck fails, an error is
reported.
[1] https://people.redhat.com/~mpatocka/testcases/blk-auth-modify/read2.c
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Diffstat (limited to 'drivers/md/dm-verity.h')
-rw-r--r-- | drivers/md/dm-verity.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/drivers/md/dm-verity.h b/drivers/md/dm-verity.h index f3f607008419..4620a98c9956 100644 --- a/drivers/md/dm-verity.h +++ b/drivers/md/dm-verity.h @@ -11,6 +11,7 @@ #ifndef DM_VERITY_H #define DM_VERITY_H +#include <linux/dm-io.h> #include <linux/dm-bufio.h> #include <linux/device-mapper.h> #include <linux/interrupt.h> @@ -68,6 +69,9 @@ struct dm_verity { unsigned long *validated_blocks; /* bitset blocks validated */ char *signature_key_desc; /* signature keyring reference */ + + struct dm_io_client *io; + mempool_t recheck_pool; }; struct dm_verity_io { @@ -84,6 +88,8 @@ struct dm_verity_io { struct work_struct work; + char *recheck_buffer; + /* * Three variably-size fields follow this struct: * |