tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

dm-crypt: don't modify the data when using authenticated encryption

It was said that authenticated encryption could produce invalid tag when
the data that is being encrypted is modified [1]. So, fix this problem by
copying the data into the clone bio first and then encrypt them inside the
clone bio.

This may reduce performance, but it is needed to prevent the user from
corrupting the device by writing data with O_DIRECT and modifying them at
the same time.

[1] https://lore.kernel.org/all/20240207004723.GA35324@sol.localdomain/T/

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Mike Snitzer <snitzer@kernel.org>

authored by

Mikulas Patocka and committed by
Mike Snitzer 50c70240 9177f3c0

+6
+6
drivers/md/dm-crypt.c
··· 2071 2071 io->ctx.bio_out = clone; 2072 2072 io->ctx.iter_out = clone->bi_iter; 2073 2073 2074 + if (crypt_integrity_aead(cc)) { 2075 + bio_copy_data(clone, io->base_bio); 2076 + io->ctx.bio_in = clone; 2077 + io->ctx.iter_in = clone->bi_iter; 2078 + } 2079 + 2074 2080 sector += bio_sectors(clone); 2075 2081 2076 2082 crypt_inc_pending(io);