* [PATCH] dm-verity: Fix biovecs hash calculation regression
@ 2014-04-14 20:02 Milan Broz
2014-04-14 20:29 ` Mikulas Patocka
0 siblings, 1 reply; 3+ messages in thread
From: Milan Broz @ 2014-04-14 20:02 UTC (permalink / raw)
To: dm-devel; +Cc: kmo, mpatocka, Milan Broz, snitzer
The commit
003b5c5719f159f4f4bf97511c4702a0638313dd
block: Convert drivers to immutable biovecs
incorrectly converted biovec iteration in dm-verity to always
calculate hash from full biovec, while the function need
to calculate hash only from part of it (up to "todo"
calculated value).
This patch fixes the issue by limiting hash input to only
really requested data size.
The problem is easily reproducible using cryptsetup
regression test for veritysetup (verity-compat-test).
(Patch should be applied also to 3.14 stable.)
Signed-off-by: Milan Broz <gmazyland@gmail.com>
---
drivers/md/dm-verity.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/drivers/md/dm-verity.c b/drivers/md/dm-verity.c
index 796007a..7a7bab8 100644
--- a/drivers/md/dm-verity.c
+++ b/drivers/md/dm-verity.c
@@ -330,15 +330,17 @@ test_block_hash:
return r;
}
}
-
todo = 1 << v->data_dev_block_bits;
- while (io->iter.bi_size) {
+ do {
u8 *page;
+ unsigned len;
struct bio_vec bv = bio_iter_iovec(bio, io->iter);
page = kmap_atomic(bv.bv_page);
- r = crypto_shash_update(desc, page + bv.bv_offset,
- bv.bv_len);
+ len = bv.bv_len;
+ if (likely(len >= todo))
+ len = todo;
+ r = crypto_shash_update(desc, page + bv.bv_offset, len);
kunmap_atomic(page);
if (r < 0) {
@@ -346,8 +348,9 @@ test_block_hash:
return r;
}
- bio_advance_iter(bio, &io->iter, bv.bv_len);
- }
+ bio_advance_iter(bio, &io->iter, len);
+ todo -= len;
+ } while (todo);
if (!v->version) {
r = crypto_shash_update(desc, v->salt, v->salt_size);
--
1.9.2
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH] dm-verity: Fix biovecs hash calculation regression
2014-04-14 20:02 [PATCH] dm-verity: Fix biovecs hash calculation regression Milan Broz
@ 2014-04-14 20:29 ` Mikulas Patocka
2014-04-14 21:11 ` Mike Snitzer
0 siblings, 1 reply; 3+ messages in thread
From: Mikulas Patocka @ 2014-04-14 20:29 UTC (permalink / raw)
To: Milan Broz; +Cc: dm-devel, kmo, snitzer
On Mon, 14 Apr 2014, Milan Broz wrote:
> The commit
> 003b5c5719f159f4f4bf97511c4702a0638313dd
> block: Convert drivers to immutable biovecs
>
> incorrectly converted biovec iteration in dm-verity to always
> calculate hash from full biovec, while the function need
> to calculate hash only from part of it (up to "todo"
> calculated value).
>
> This patch fixes the issue by limiting hash input to only
> really requested data size.
>
> The problem is easily reproducible using cryptsetup
> regression test for veritysetup (verity-compat-test).
>
> (Patch should be applied also to 3.14 stable.)
>
> Signed-off-by: Milan Broz <gmazyland@gmail.com>
Acked-by: Mikulas Patocka <mpatocka@redhat.com>
Cc: stable@vger.kernel.org # 3.14
> ---
> drivers/md/dm-verity.c | 15 +++++++++------
> 1 file changed, 9 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/md/dm-verity.c b/drivers/md/dm-verity.c
> index 796007a..7a7bab8 100644
> --- a/drivers/md/dm-verity.c
> +++ b/drivers/md/dm-verity.c
> @@ -330,15 +330,17 @@ test_block_hash:
> return r;
> }
> }
> -
> todo = 1 << v->data_dev_block_bits;
> - while (io->iter.bi_size) {
> + do {
> u8 *page;
> + unsigned len;
> struct bio_vec bv = bio_iter_iovec(bio, io->iter);
>
> page = kmap_atomic(bv.bv_page);
> - r = crypto_shash_update(desc, page + bv.bv_offset,
> - bv.bv_len);
> + len = bv.bv_len;
> + if (likely(len >= todo))
> + len = todo;
> + r = crypto_shash_update(desc, page + bv.bv_offset, len);
> kunmap_atomic(page);
>
> if (r < 0) {
> @@ -346,8 +348,9 @@ test_block_hash:
> return r;
> }
>
> - bio_advance_iter(bio, &io->iter, bv.bv_len);
> - }
> + bio_advance_iter(bio, &io->iter, len);
> + todo -= len;
> + } while (todo);
>
> if (!v->version) {
> r = crypto_shash_update(desc, v->salt, v->salt_size);
> --
> 1.9.2
>
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: dm-verity: Fix biovecs hash calculation regression
2014-04-14 20:29 ` Mikulas Patocka
@ 2014-04-14 21:11 ` Mike Snitzer
0 siblings, 0 replies; 3+ messages in thread
From: Mike Snitzer @ 2014-04-14 21:11 UTC (permalink / raw)
To: Mikulas Patocka; +Cc: dm-devel, kmo, Milan Broz
On Mon, Apr 14 2014 at 4:29pm -0400,
Mikulas Patocka <mpatocka@redhat.com> wrote:
>
>
> On Mon, 14 Apr 2014, Milan Broz wrote:
>
> > The commit
> > 003b5c5719f159f4f4bf97511c4702a0638313dd
> > block: Convert drivers to immutable biovecs
> >
> > incorrectly converted biovec iteration in dm-verity to always
> > calculate hash from full biovec, while the function need
> > to calculate hash only from part of it (up to "todo"
> > calculated value).
> >
> > This patch fixes the issue by limiting hash input to only
> > really requested data size.
> >
> > The problem is easily reproducible using cryptsetup
> > regression test for veritysetup (verity-compat-test).
> >
> > (Patch should be applied also to 3.14 stable.)
> >
> > Signed-off-by: Milan Broz <gmazyland@gmail.com>
>
> Acked-by: Mikulas Patocka <mpatocka@redhat.com>
> Cc: stable@vger.kernel.org # 3.14
I'll pick this up to include in 3.15 fixes that I'll be sending to Linus.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-04-14 21:11 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-04-14 20:02 [PATCH] dm-verity: Fix biovecs hash calculation regression Milan Broz
2014-04-14 20:29 ` Mikulas Patocka
2014-04-14 21:11 ` Mike Snitzer
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.