| Message ID | 1397505750-18783-1-git-send-email-gmazyland@gmail.com (mailing list archive) |
|---|---|
| State | Accepted, archived |
| Headers | show |
On Mon, 14 Apr 2014, Milan Broz wrote: > The commit > 003b5c5719f159f4f4bf97511c4702a0638313dd > block: Convert drivers to immutable biovecs > > incorrectly converted biovec iteration in dm-verity to always > calculate hash from full biovec, while the function need > to calculate hash only from part of it (up to "todo" > calculated value). > > This patch fixes the issue by limiting hash input to only > really requested data size. > > The problem is easily reproducible using cryptsetup > regression test for veritysetup (verity-compat-test). > > (Patch should be applied also to 3.14 stable.) > > Signed-off-by: Milan Broz <gmazyland@gmail.com> Acked-by: Mikulas Patocka <mpatocka@redhat.com> Cc: stable@vger.kernel.org # 3.14 > --- > drivers/md/dm-verity.c | 15 +++++++++------ > 1 file changed, 9 insertions(+), 6 deletions(-) > > diff --git a/drivers/md/dm-verity.c b/drivers/md/dm-verity.c > index 796007a..7a7bab8 100644 > --- a/drivers/md/dm-verity.c > +++ b/drivers/md/dm-verity.c > @@ -330,15 +330,17 @@ test_block_hash: > return r; > } > } > - > todo = 1 << v->data_dev_block_bits; > - while (io->iter.bi_size) { > + do { > u8 *page; > + unsigned len; > struct bio_vec bv = bio_iter_iovec(bio, io->iter); > > page = kmap_atomic(bv.bv_page); > - r = crypto_shash_update(desc, page + bv.bv_offset, > - bv.bv_len); > + len = bv.bv_len; > + if (likely(len >= todo)) > + len = todo; > + r = crypto_shash_update(desc, page + bv.bv_offset, len); > kunmap_atomic(page); > > if (r < 0) { > @@ -346,8 +348,9 @@ test_block_hash: > return r; > } > > - bio_advance_iter(bio, &io->iter, bv.bv_len); > - } > + bio_advance_iter(bio, &io->iter, len); > + todo -= len; > + } while (todo); > > if (!v->version) { > r = crypto_shash_update(desc, v->salt, v->salt_size); > -- > 1.9.2 > -- dm-devel mailing list dm-devel@redhat.com https://www.redhat.com/mailman/listinfo/dm-devel
On Mon, Apr 14 2014 at 4:29pm -0400, Mikulas Patocka <mpatocka@redhat.com> wrote: > > > On Mon, 14 Apr 2014, Milan Broz wrote: > > > The commit > > 003b5c5719f159f4f4bf97511c4702a0638313dd > > block: Convert drivers to immutable biovecs > > > > incorrectly converted biovec iteration in dm-verity to always > > calculate hash from full biovec, while the function need > > to calculate hash only from part of it (up to "todo" > > calculated value). > > > > This patch fixes the issue by limiting hash input to only > > really requested data size. > > > > The problem is easily reproducible using cryptsetup > > regression test for veritysetup (verity-compat-test). > > > > (Patch should be applied also to 3.14 stable.) > > > > Signed-off-by: Milan Broz <gmazyland@gmail.com> > > Acked-by: Mikulas Patocka <mpatocka@redhat.com> > Cc: stable@vger.kernel.org # 3.14 I'll pick this up to include in 3.15 fixes that I'll be sending to Linus. -- dm-devel mailing list dm-devel@redhat.com https://www.redhat.com/mailman/listinfo/dm-devel
diff --git a/drivers/md/dm-verity.c b/drivers/md/dm-verity.c index 796007a..7a7bab8 100644 --- a/drivers/md/dm-verity.c +++ b/drivers/md/dm-verity.c @@ -330,15 +330,17 @@ test_block_hash: return r; } } - todo = 1 << v->data_dev_block_bits; - while (io->iter.bi_size) { + do { u8 *page; + unsigned len; struct bio_vec bv = bio_iter_iovec(bio, io->iter); page = kmap_atomic(bv.bv_page); - r = crypto_shash_update(desc, page + bv.bv_offset, - bv.bv_len); + len = bv.bv_len; + if (likely(len >= todo)) + len = todo; + r = crypto_shash_update(desc, page + bv.bv_offset, len); kunmap_atomic(page); if (r < 0) { @@ -346,8 +348,9 @@ test_block_hash: return r; } - bio_advance_iter(bio, &io->iter, bv.bv_len); - } + bio_advance_iter(bio, &io->iter, len); + todo -= len; + } while (todo); if (!v->version) { r = crypto_shash_update(desc, v->salt, v->salt_size);
The commit 003b5c5719f159f4f4bf97511c4702a0638313dd block: Convert drivers to immutable biovecs incorrectly converted biovec iteration in dm-verity to always calculate hash from full biovec, while the function need to calculate hash only from part of it (up to "todo" calculated value). This patch fixes the issue by limiting hash input to only really requested data size. The problem is easily reproducible using cryptsetup regression test for veritysetup (verity-compat-test). (Patch should be applied also to 3.14 stable.) Signed-off-by: Milan Broz <gmazyland@gmail.com> --- drivers/md/dm-verity.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-)