[dm-devel] [RFC PATCH] bio-integrity: Fix regression if profile verify_fn is NULL
Christoph Hellwig
hch at lst.de
Wed Aug 2 12:55:09 UTC 2017
On Wed, Aug 02, 2017 at 02:27:50PM +0200, Milan Broz wrote:
> In dm-integrity target we register integrity profile that have
> both generate_fn and verify_fn callbacks set to NULL.
>
> This is used if dm-integrity is stacked under a dm-crypt device
> for authenticated encryption (integrity payload contains authentication
> tag and IV seed).
>
> In this case the verification is done through own crypto API
> processing inside dm-crypt; integrity profile is only holder
> of these data. (And memory is owned by dm-crypt as well.)
Maybe that's where the problem lies? You're abusing the integrity
payload for something that is not end to end data integrity at all
and then wonder why it breaks? Also the commit that introduced your
code had absolutely no review by Martin or any of the core block
folks.
The right fix is to revert the dm-crypt commit.
More information about the dm-devel
mailing list