From: Mike Snitzer <snitzer@redhat.com>
To: Patrik Torstensson <totte@google.com>,
Eric Biggers <ebiggers@google.com>
Cc: gkaiser@google.com, linux-kernel@vger.kernel.org,
dm-devel@redhat.com, samitolvanen@google.com,
Alasdair Kergon <agk@redhat.com>,
paulcrowley@google.com
Subject: Re: Add an option to dm-verity to validate hashes at most once
Date: Tue, 20 Mar 2018 15:36:43 -0400 [thread overview]
Message-ID: <20180320193643.GA11080@redhat.com> (raw)
In-Reply-To: <20180314190957.GB183724@google.com>
On Wed, Mar 14 2018 at 3:09pm -0400,
Eric Biggers <ebiggers@google.com> wrote:
> Hi Patrik,
>
> On Tue, Mar 06, 2018 at 03:14:56PM -0800, Patrik Torstensson wrote:
> > Add an option to dm-verity to validate hashes at most once
> > to allow platforms that is CPU/memory contraint to be
> > protected by dm-verity against offline attacks.
> >
> > The option introduces a bitset that is used to check if
> > a block has been validated before or not. A block can
> > be validated more than once as there is no thread protection
> > for the bitset.
> >
> > This patch has been developed and tested on entry-level
> > Android Go devices.
> >
> > Signed-off-by: Patrik Torstensson <totte@google.com>
> > ---
> > drivers/md/dm-verity-target.c | 58 +++++++++++++++++++++++++++++++++--
> > drivers/md/dm-verity.h | 1 +
> > 2 files changed, 56 insertions(+), 3 deletions(-)
>
> The new option needs to be documented in Documentation/device-mapper/verity.txt,
> including a description of what the option does as well as how it affects the
> security properties of dm-verity. There should also be a mention of why the
> option applies to data blocks but not hash blocks, assuming that's intentional.
>
> verity_status() also needs to be updated to show the new option, otherwise it
> will not be visible via the DM_TABLE_STATUS ioctl ('dmsetup table' on the
> command line).
>
> Also the minor version number in the struct target_type needs to be incremented,
> so that userspace can determine whether the option is supported.
>
> >
> > for (b = 0; b < io->n_blocks; b++) {
> > int r;
> > + sector_t cur_block = io->block + b;
> > struct ahash_request *req = verity_io_hash_req(v, io);
> >
> > + if (v->validated_blocks &&
> > + likely(test_bit(cur_block, v->validated_blocks))) {
> > + verity_bv_skip_block(v, io, &io->iter);
> > + continue;
> > + }
> > +
> > r = verity_hash_for_block(v, io, io->block + b,
>
> Can you replace 'io->block + b' with 'cur_block' here as well?
Patrik, any chance you could act on Eric's review feedback and post v2
of this patch (assuming you still have a need for it)?
Thanks,
Mike
prev parent reply other threads:[~2018-03-20 19:36 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-06 23:14 [PATCH] Add an option to dm-verity to validate hashes at most once Patrik Torstensson
2018-03-08 12:35 ` Milan Broz
2018-03-09 22:04 ` Patrik Torstensson
2018-03-14 19:09 ` Eric Biggers
2018-03-20 19:36 ` Mike Snitzer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180320193643.GA11080@redhat.com \
--to=snitzer@redhat.com \
--cc=agk@redhat.com \
--cc=dm-devel@redhat.com \
--cc=ebiggers@google.com \
--cc=gkaiser@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=paulcrowley@google.com \
--cc=samitolvanen@google.com \
--cc=totte@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.