[dm-devel] [PATCH] dm verity: don't crash on vmallocated buffer

Mikulas Patocka mpatocka at redhat.com
Wed Aug 22 16:45:51 UTC 2018


Since the commit d1ac3ff008fb ("dm verity: switch to using asynchronous"+
hash crypto API"), dm-verity uses asynchronous crypto calls for
verification, so that it can use hardware with asynchronous processing of
crypto operations.

These asynchronous calls don't support vmalloc memory, but the buffer data
can be vmallocated if dm-bufio is short of memory and uses a reserved
buffer that was preallocated in dm_bufio_client_create.

This patch fixes verity_hash_update, so that it deals with vmallocated 
memory correctly.

Signed-off-by: Mikulas Patocka <mpatocka at redhat.com>
Reported-by: "Xiao, Jin" <jin.xiao at intel.com>
Fixes: d1ac3ff008fb ("dm verity: switch to using asynchronous hash crypto API")
Cc: stable at vger.kernel.org	# 4.11+

---
 drivers/md/dm-verity-target.c |   24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

Index: linux-2.6/drivers/md/dm-verity-target.c
===================================================================
--- linux-2.6.orig/drivers/md/dm-verity-target.c	2018-08-22 17:18:30.800000000 +0200
+++ linux-2.6/drivers/md/dm-verity-target.c	2018-08-22 17:22:14.810000000 +0200
@@ -99,10 +99,26 @@ static int verity_hash_update(struct dm_
 {
 	struct scatterlist sg;
 
-	sg_init_one(&sg, data, len);
-	ahash_request_set_crypt(req, &sg, NULL, len);
-
-	return crypto_wait_req(crypto_ahash_update(req), wait);
+	if (likely(!is_vmalloc_addr(data))) {
+		sg_init_one(&sg, data, len);
+		ahash_request_set_crypt(req, &sg, NULL, len);
+		return crypto_wait_req(crypto_ahash_update(req), wait);
+	} else {
+		do {
+			int r;
+			size_t this_step = min(len, PAGE_SIZE - offset_in_page(data));
+			flush_kernel_vmap_range((void *)data, this_step);
+			sg_init_table(&sg, 1);
+			sg_set_page(&sg, vmalloc_to_page(data), this_step, offset_in_page(data));
+			ahash_request_set_crypt(req, &sg, NULL, this_step);
+			r = crypto_wait_req(crypto_ahash_update(req), wait);
+			if (unlikely(r))
+				return r;
+			data += this_step;
+			len -= this_step;
+		} while (len);
+		return 0;
+	}
 }
 
 /*




More information about the dm-devel mailing list