* [PATCH] dm-verity: fix dm_is_verity_target() when dm-verity is builtin
@ 2024-07-03 20:08 Eric Biggers
2024-07-03 20:26 ` Kees Cook
0 siblings, 1 reply; 2+ messages in thread
From: Eric Biggers @ 2024-07-03 20:08 UTC (permalink / raw)
To: dm-devel, Alasdair Kergon, Mike Snitzer, Mikulas Patocka
Cc: linux-security-module, linux-kernel, stable, Matthias Kaehlcke,
Kees Cook
From: Eric Biggers <ebiggers@google.com>
When CONFIG_DM_VERITY=y, dm_is_verity_target() returned true for any
builtin dm target, not just dm-verity. Fix this by checking for
verity_target instead of THIS_MODULE (which is NULL for builtin code).
Fixes: b6c1c5745ccc ("dm: Add verity helpers for LoadPin")
Cc: stable@vger.kernel.org
Cc: Matthias Kaehlcke <mka@chromium.org>
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
drivers/md/dm-verity-target.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c
index 0a2399d958b7..cf659c8feb29 100644
--- a/drivers/md/dm-verity-target.c
+++ b/drivers/md/dm-verity-target.c
@@ -1519,18 +1519,10 @@ static int verity_ctr(struct dm_target *ti, unsigned int argc, char **argv)
verity_dtr(ti);
return r;
}
-/*
- * Check whether a DM target is a verity target.
- */
-bool dm_is_verity_target(struct dm_target *ti)
-{
- return ti->type->module == THIS_MODULE;
-}
-
/*
* Get the verity mode (error behavior) of a verity target.
*
* Returns the verity mode of the target, or -EINVAL if 'ti' is not a verity
* target.
@@ -1580,10 +1572,18 @@ static struct target_type verity_target = {
.iterate_devices = verity_iterate_devices,
.io_hints = verity_io_hints,
};
module_dm(verity);
+/*
+ * Check whether a DM target is a verity target.
+ */
+bool dm_is_verity_target(struct dm_target *ti)
+{
+ return ti->type == &verity_target;
+}
+
MODULE_AUTHOR("Mikulas Patocka <mpatocka@redhat.com>");
MODULE_AUTHOR("Mandeep Baines <msb@chromium.org>");
MODULE_AUTHOR("Will Drewry <wad@chromium.org>");
MODULE_DESCRIPTION(DM_NAME " target for transparent disk integrity checking");
MODULE_LICENSE("GPL");
base-commit: ed28fe59c042e9b5bf3b15050aa6ee67834dc852
--
2.45.2
^ permalink raw reply related [flat|nested] 2+ messages in thread* Re: [PATCH] dm-verity: fix dm_is_verity_target() when dm-verity is builtin
2024-07-03 20:08 [PATCH] dm-verity: fix dm_is_verity_target() when dm-verity is builtin Eric Biggers
@ 2024-07-03 20:26 ` Kees Cook
0 siblings, 0 replies; 2+ messages in thread
From: Kees Cook @ 2024-07-03 20:26 UTC (permalink / raw)
To: Eric Biggers
Cc: dm-devel, Alasdair Kergon, Mike Snitzer, Mikulas Patocka,
linux-security-module, linux-kernel, stable, Matthias Kaehlcke
On Wed, Jul 03, 2024 at 01:08:13PM -0700, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
>
> When CONFIG_DM_VERITY=y, dm_is_verity_target() returned true for any
> builtin dm target, not just dm-verity. Fix this by checking for
> verity_target instead of THIS_MODULE (which is NULL for builtin code).
>
> Fixes: b6c1c5745ccc ("dm: Add verity helpers for LoadPin")
> Cc: stable@vger.kernel.org
> Cc: Matthias Kaehlcke <mka@chromium.org>
> Cc: Kees Cook <keescook@chromium.org>
> Signed-off-by: Eric Biggers <ebiggers@google.com>
Ah! Nice catch.
Reviewed-by: Kees Cook <kees@kernel.org>
--
Kees Cook
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-07-03 20:26 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-07-03 20:08 [PATCH] dm-verity: fix dm_is_verity_target() when dm-verity is builtin Eric Biggers
2024-07-03 20:26 ` Kees Cook
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).