From patchwork Tue Feb 13 13:50:50 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Milan Broz X-Patchwork-Id: 10216367 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 7156D60467 for ; Tue, 13 Feb 2018 13:52:31 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7568428E76 for ; Tue, 13 Feb 2018 13:52:30 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1007128EB5; Tue, 13 Feb 2018 13:52:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 1A87128DC5 for ; Tue, 13 Feb 2018 13:51:31 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id AE09C85546; Tue, 13 Feb 2018 13:51:29 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4FC5660C96; Tue, 13 Feb 2018 13:51:28 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 31ED418033E1; Tue, 13 Feb 2018 13:51:25 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w1DDpODd027110 for ; Tue, 13 Feb 2018 08:51:24 -0500 Received: by smtp.corp.redhat.com (Postfix) id 25DB95D967; Tue, 13 Feb 2018 13:51:24 +0000 (UTC) Delivered-To: dm-devel@redhat.com Received: from mx1.redhat.com (ext-mx04.extmail.prod.ext.phx2.redhat.com [10.5.110.28]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7FEEA5D97A for ; Tue, 13 Feb 2018 13:51:18 +0000 (UTC) Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 842157853E for ; Tue, 13 Feb 2018 13:51:17 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id f71so16162117wmf.0 for ; Tue, 13 Feb 2018 05:51:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=w62gnYha071VNhesH6zp5RFTzGM6MUZ01g+kDl7H1CU=; b=iK2rW+XkPA5psAmXpjKaasqjm5ra1zd2yl8jIlrbAVEob8x8XP1bdyp9eSyGkRDXY6 QNn5mFwjCzxgLeL8I4jzMlu1uCmPJfU235hcbm2pOVJ7tsciEifUm0QPc/Asr9S3BU1i AIIKgmNdCKzIg5dGPy2bH9NH8g0m3QTW53yRhkl7ccBE/hWH8z5snYQuvUlgNVM0QQ+G NvRYRcj2GjAamOQhomDQkY4VbVYlX3po8g+dSadnx9p75Gvw6sB2gAcmcTJ9aFDMrc/1 qLlFx1wY5en3nJ7zaANye7uKNmdCDZu6kaa5ckXjaFSJQ0pWwqKBinKIEbLbRsNtQB5Y +Bxw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=w62gnYha071VNhesH6zp5RFTzGM6MUZ01g+kDl7H1CU=; b=tigvHMoRTJLhr1gDX47k4tvAg4DKLuFPvC8SJyIMVojB7pyYGJ8QRB+ScwirciIGyY ew9PmXLy1r+w0SbMo+ZpN5VuDelwy+EDPfk2A1aFOGnjraOYqqjCfEvegv+9nxzs4jHG Kvnb2HiQxIqyrwg6sQ4c7nmQrZKp/nwpFSzdsWIVuv1VMlgrlvdprJgyl2PdWqPA6DF0 VkdGLxAkYkrIXvLg8FmsSIWFxhc8EOWQGs2YZSovMAY59TZOA2DgeKRuaeziUuw6NZyz 1Fl/oRwL29VmH1n6vLRKsZTIcqu6AU1l3QvPRQYTrzZ5H9/PD8KZC6Fruddl5l7VqFib qgxg== X-Gm-Message-State: APf1xPCtDSYZ0O6eZwUay3KPsjNMgLah9ZkBKkIa34t5qIjI5QMqz5GE w/wTPEeSBxF7xyv8ozATgt8Hxg== X-Google-Smtp-Source: AH8x226ZfhJZIVqHunttMjrEOT0tAg1d251LM/i0soUIXuXgZ/K9d27k7l/ajMBrt5W++s0pkffK2A== X-Received: by 10.28.1.7 with SMTP id 7mr1367741wmb.138.1518529875921; Tue, 13 Feb 2018 05:51:15 -0800 (PST) Received: from merlot.mazyland.net (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.googlemail.com with ESMTPSA id y42sm10313659wry.87.2018.02.13.05.51.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Feb 2018 05:51:15 -0800 (PST) From: Milan Broz To: dm-devel@redhat.com Date: Tue, 13 Feb 2018 14:50:50 +0100 Message-Id: <20180213135050.21039-1-gmazyland@gmail.com> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Tue, 13 Feb 2018 13:51:17 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Tue, 13 Feb 2018 13:51:17 +0000 (UTC) for IP:'74.125.82.65' DOMAIN:'mail-wm0-f65.google.com' HELO:'mail-wm0-f65.google.com' FROM:'gmazyland@gmail.com' RCPT:'' X-RedHat-Spam-Score: -0.13 (DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_PASS) 74.125.82.65 mail-wm0-f65.google.com 74.125.82.65 mail-wm0-f65.google.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.28 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: dm-devel@redhat.com Cc: Milan Broz Subject: [dm-devel] [PATCH] dm-integrity: Fail early if required HMAC key is not available. X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: dm-devel-bounces@redhat.com Errors-To: dm-devel-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Tue, 13 Feb 2018 13:51:31 +0000 (UTC) X-Virus-Scanned: ClamAV using ClamSMTP With crypto API commit 9fa68f620041be04720d0cbfb1bd3ddfc6310b24 crypto: hash - prevent using keyed hashes without setting key dm-integrity cannot use keyed algorithms without setting key. The dm-integrity recognizes this too late (during use of HMAC), so it allows creation and formatting of superblock, but the device is in fact unusable. Fix it by detecting key requirement in integrity table constructor. Signed-off-by: Milan Broz --- drivers/md/dm-integrity.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c index 46d7c8749222..6c81b11d0521 100644 --- a/drivers/md/dm-integrity.c +++ b/drivers/md/dm-integrity.c @@ -2548,6 +2548,9 @@ static int get_mac(struct crypto_shash **hash, struct alg_spec *a, char **error, *error = error_key; return r; } + } else if (crypto_shash_get_flags(*hash) & CRYPTO_TFM_NEED_KEY) { + *error = error_key; + return -ENOKEY; } }