[dm-devel] [PATCH] dm-crypt: Reject sector_size feature if device length is not aligned to it

Milan Broz gmazyland at gmail.com
Sat Sep 30 18:31:09 UTC 2017 

On 09/13/2017 03:45 PM, Milan Broz wrote:
> If a crypt mapping uses optional sector_size feature, additional
> restrictions to mapped device segment size must be applied in constructor,
> otherwise the device activation will fail later.

Hi,

we had some discussion with Mikulas if this check should be better in generic DM code.

I think that for this case it is not a good idea - dm-crypt can increase
encryption sector size during load (it is stupid to do, but I see no reason why to block it).
And then only constructor of the target itself know what is possible and what should be rejected.

Anyway, there is a short reproducer what this patch solves:

Create simple mapping with 4096 encryption sector:

# dmsetup create test --table "0 8 crypt cipher_null - 0 /dev/sdb 0 1 sector_size:4096"

Now load new unaligned-length table (this should fail!)
# dmsetup load test --table "0 9 crypt cipher_null - 0 /dev/sdb 0 1 sector_size:4096"

Inactive table is apparently accepted:
# dmsetup table --inactive
test: 0 9 crypt cipher_null 0 0 8:16 0 1 sector_size:4096

And now, resume fails, keeping the device in suspended state afterward:

# dmsetup resume test
device-mapper: resume ioctl on test failed: Invalid argument
Command failed
kernel: device-mapper: table: 254:0: len=9 not aligned to h/w logical block size 4096 of sdb

# dmsetup info -c
Name             Maj Min Stat Open Targ Event  UUID
test             254   0 L-sw    0    1      0

With the patch applied, the load step correctly fails:
# dmsetup load test --table "0 9 crypt cipher_null - 0 /dev/sdb 0 1 sector_size:4096"
device-mapper: reload ioctl on test failed: Invalid argument
kernel: device-mapper: table: 254:0: crypt: Device size is not multiple of sector_size feature

Please consider this for 4.14 (and stable 4.12+ perhaps).

Thanks,
Milan

> 
> Signed-off-by: Milan Broz <gmazyland at gmail.com>
> ---
>  drivers/md/dm-crypt.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
> index 54aef8ed97db..488ecd0b1bd0 100644
> --- a/drivers/md/dm-crypt.c
> +++ b/drivers/md/dm-crypt.c
> @@ -2584,6 +2584,10 @@ static int crypt_ctr_optional(struct dm_target *ti, unsigned int argc, char **ar
>  				ti->error = "Invalid feature value for sector_size";
>  				return -EINVAL;
>  			}
> +			if (ti->len & ((cc->sector_size >> SECTOR_SHIFT) - 1)) {
> +				ti->error = "Device size is not multiple of sector_size feature";
> +				return -EINVAL;
> +			}
>  			cc->sector_shift = __ffs(cc->sector_size) - SECTOR_SHIFT;
>  		} else if (!strcasecmp(opt_string, "iv_large_sectors"))
>  			set_bit(CRYPT_IV_LARGE_SECTORS, &cc->cipher_flags);
>

More information about the dm-devel mailing list