Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'for-5.11/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm

Pull device mapper fixes from Mike Snitzer:

- Fix DM integrity crash if "recalculate" used without "internal_hash"

- Fix DM integrity "recalculate" support to prevent recalculating
checksums if we use internal_hash or journal_hash with a key (e.g.
HMAC). Use of crypto as a means to prevent malicious corruption
requires further changes and was never a design goal for
dm-integrity's primary usecase of detecting accidental corruption.

- Fix a benign dm-crypt copy-and-paste bug introduced as part of a fix
that was merged for 5.11-rc4.

- Fix DM core's dm_get_device() to avoid filesystem lookup to get block
device (if possible).

* tag 'for-5.11/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
dm: avoid filesystem lookup in dm_get_dev_t()
dm crypt: fix copy and paste bug in crypt_alloc_req_aead
dm integrity: conditionally disable "recalculate" feature
dm integrity: fix a crash if "recalculate" used without "internal_hash"

+54 -11
+9 -3
Documentation/admin-guide/device-mapper/dm-integrity.rst
··· 177 177 The bitmap flush interval in milliseconds. The metadata buffers 178 178 are synchronized when this interval expires. 179 179 180 + allow_discards 181 + Allow block discard requests (a.k.a. TRIM) for the integrity device. 182 + Discards are only allowed to devices using internal hash. 183 + 180 184 fix_padding 181 185 Use a smaller padding of the tag area that is more 182 186 space-efficient. If this option is not present, large padding is 183 187 used - that is for compatibility with older kernels. 184 188 185 - allow_discards 186 - Allow block discard requests (a.k.a. TRIM) for the integrity device. 187 - Discards are only allowed to devices using internal hash. 189 + legacy_recalculate 190 + Allow recalculating of volumes with HMAC keys. This is disabled by 191 + default for security reasons - an attacker could modify the volume, 192 + set recalc_sector to zero, and the kernel would not detect the 193 + modification. 188 194 189 195 The journal mode (D/J), buffer_sectors, journal_watermark, commit_time and 190 196 allow_discards can be changed when reloading the target (load an inactive
+3 -3
drivers/md/dm-crypt.c
··· 1481 1481 static int crypt_alloc_req_aead(struct crypt_config *cc, 1482 1482 struct convert_context *ctx) 1483 1483 { 1484 - if (!ctx->r.req) { 1485 - ctx->r.req = mempool_alloc(&cc->req_pool, in_interrupt() ? GFP_ATOMIC : GFP_NOIO); 1486 - if (!ctx->r.req) 1484 + if (!ctx->r.req_aead) { 1485 + ctx->r.req_aead = mempool_alloc(&cc->req_pool, in_interrupt() ? GFP_ATOMIC : GFP_NOIO); 1486 + if (!ctx->r.req_aead) 1487 1487 return -ENOMEM; 1488 1488 } 1489 1489
+30 -2
drivers/md/dm-integrity.c
··· 257 257 bool journal_uptodate; 258 258 bool just_formatted; 259 259 bool recalculate_flag; 260 - bool fix_padding; 261 260 bool discard; 261 + bool fix_padding; 262 + bool legacy_recalculate; 262 263 263 264 struct alg_spec internal_hash_alg; 264 265 struct alg_spec journal_crypt_alg; ··· 385 384 static int dm_integrity_failed(struct dm_integrity_c *ic) 386 385 { 387 386 return READ_ONCE(ic->failed); 387 + } 388 + 389 + static bool dm_integrity_disable_recalculate(struct dm_integrity_c *ic) 390 + { 391 + if ((ic->internal_hash_alg.key || ic->journal_mac_alg.key) && 392 + !ic->legacy_recalculate) 393 + return true; 394 + return false; 388 395 } 389 396 390 397 static commit_id_t dm_integrity_commit_id(struct dm_integrity_c *ic, unsigned i, ··· 3149 3140 arg_count += !!ic->journal_crypt_alg.alg_string; 3150 3141 arg_count += !!ic->journal_mac_alg.alg_string; 3151 3142 arg_count += (ic->sb->flags & cpu_to_le32(SB_FLAG_FIXED_PADDING)) != 0; 3143 + arg_count += ic->legacy_recalculate; 3152 3144 DMEMIT("%s %llu %u %c %u", ic->dev->name, ic->start, 3153 3145 ic->tag_size, ic->mode, arg_count); 3154 3146 if (ic->meta_dev) ··· 3173 3163 } 3174 3164 if ((ic->sb->flags & cpu_to_le32(SB_FLAG_FIXED_PADDING)) != 0) 3175 3165 DMEMIT(" fix_padding"); 3166 + if (ic->legacy_recalculate) 3167 + DMEMIT(" legacy_recalculate"); 3176 3168 3177 3169 #define EMIT_ALG(a, n) \ 3178 3170 do { \ ··· 3804 3792 unsigned extra_args; 3805 3793 struct dm_arg_set as; 3806 3794 static const struct dm_arg _args[] = { 3807 - {0, 15, "Invalid number of feature args"}, 3795 + {0, 16, "Invalid number of feature args"}, 3808 3796 }; 3809 3797 unsigned journal_sectors, interleave_sectors, buffer_sectors, journal_watermark, sync_msec; 3810 3798 bool should_write_sb; ··· 3952 3940 ic->discard = true; 3953 3941 } else if (!strcmp(opt_string, "fix_padding")) { 3954 3942 ic->fix_padding = true; 3943 + } else if (!strcmp(opt_string, "legacy_recalculate")) { 3944 + ic->legacy_recalculate = true; 3955 3945 } else { 3956 3946 r = -EINVAL; 3957 3947 ti->error = "Invalid argument"; ··· 4249 4235 r = -ENOMEM; 4250 4236 goto bad; 4251 4237 } 4238 + } else { 4239 + if (ic->sb->flags & cpu_to_le32(SB_FLAG_RECALCULATING)) { 4240 + ti->error = "Recalculate can only be specified with internal_hash"; 4241 + r = -EINVAL; 4242 + goto bad; 4243 + } 4244 + } 4245 + 4246 + if (ic->sb->flags & cpu_to_le32(SB_FLAG_RECALCULATING) && 4247 + le64_to_cpu(ic->sb->recalc_sector) < ic->provided_data_sectors && 4248 + dm_integrity_disable_recalculate(ic)) { 4249 + ti->error = "Recalculating with HMAC is disabled for security reasons - if you really need it, use the argument \"legacy_recalculate\""; 4250 + r = -EOPNOTSUPP; 4251 + goto bad; 4252 4252 } 4253 4253 4254 4254 ic->bufio = dm_bufio_client_create(ic->meta_dev ? ic->meta_dev->bdev : ic->dev->bdev,
+12 -3
drivers/md/dm-table.c
··· 363 363 { 364 364 int r; 365 365 dev_t dev; 366 + unsigned int major, minor; 367 + char dummy; 366 368 struct dm_dev_internal *dd; 367 369 struct dm_table *t = ti->table; 368 370 369 371 BUG_ON(!t); 370 372 371 - dev = dm_get_dev_t(path); 372 - if (!dev) 373 - return -ENODEV; 373 + if (sscanf(path, "%u:%u%c", &major, &minor, &dummy) == 2) { 374 + /* Extract the major/minor numbers */ 375 + dev = MKDEV(major, minor); 376 + if (MAJOR(dev) != major || MINOR(dev) != minor) 377 + return -EOVERFLOW; 378 + } else { 379 + dev = dm_get_dev_t(path); 380 + if (!dev) 381 + return -ENODEV; 382 + } 374 383 375 384 dd = find_device(&t->devices, dev); 376 385 if (!dd) {