Message ID | 1709168102-7677-13-git-send-email-wufan@linux.microsoft.com (mailing list archive) |
---|---|
State | Handled Elsewhere |
Delegated to: | Paul Moore |
Headers | show |
Series | Integrity Policy Enforcement LSM (IPE) | expand |
On Wed, Feb 28 2024 at 7:54P -0500, Fan Wu <wufan@linux.microsoft.com> wrote: > The device-mapper has a flag to mark targets as singleton, which is a > required flag for immutable targets. Without this flag, multiple > dm-verity targets can be added to a mapped device, which has no > practical use cases. Also from dm_table_get_immutable_target(), > it documented that "Immutable target is implicitly a singleton". > > This patch adds the missing flag, restricting only one > dm-verity target per mapped device. > > Signed-off-by: Fan Wu <wufan@linux.microsoft.com> FYI, I have picked this one up and staged it in dm-6.9 and linux-next: https://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm.git/commit/?h=dm-6.9&id=9356fcfe0ac4a8545f9fc32f2e404524e1115ee6 Mike
diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c index 1b591bfa90d5..a99ef30e45ca 100644 --- a/drivers/md/dm-verity-target.c +++ b/drivers/md/dm-verity-target.c @@ -1559,7 +1559,7 @@ int dm_verity_get_root_digest(struct dm_target *ti, u8 **root_digest, unsigned i static struct target_type verity_target = { .name = "verity", - .features = DM_TARGET_IMMUTABLE, + .features = DM_TARGET_SINGLETON | DM_TARGET_IMMUTABLE, .version = {1, 10, 0}, .module = THIS_MODULE, .ctr = verity_ctr,
The device-mapper has a flag to mark targets as singleton, which is a required flag for immutable targets. Without this flag, multiple dm-verity targets can be added to a mapped device, which has no practical use cases. Also from dm_table_get_immutable_target(), it documented that "Immutable target is implicitly a singleton". This patch adds the missing flag, restricting only one dm-verity target per mapped device. Signed-off-by: Fan Wu <wufan@linux.microsoft.com> --- v1-v10: + Not present v11: + Introduced v12: + No changes v13: + No changes --- drivers/md/dm-verity-target.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)