[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[dm-devel] [PATCH] dm verity: don't crash on vmallocated buffer



Since the commit d1ac3ff008fb ("dm verity: switch to using asynchronous"+
hash crypto API"), dm-verity uses asynchronous crypto calls for
verification, so that it can use hardware with asynchronous processing of
crypto operations.

These asynchronous calls don't support vmalloc memory, but the buffer data
can be vmallocated if dm-bufio is short of memory and uses a reserved
buffer that was preallocated in dm_bufio_client_create.

This patch fixes verity_hash_update, so that it deals with vmallocated 
memory correctly.

Signed-off-by: Mikulas Patocka <mpatocka redhat com>
Reported-by: "Xiao, Jin" <jin xiao intel com>
Fixes: d1ac3ff008fb ("dm verity: switch to using asynchronous hash crypto API")
Cc: stable vger kernel org	# 4.11+

---
 drivers/md/dm-verity-target.c |   24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

Index: linux-2.6/drivers/md/dm-verity-target.c
===================================================================
--- linux-2.6.orig/drivers/md/dm-verity-target.c	2018-08-22 17:18:30.800000000 +0200
+++ linux-2.6/drivers/md/dm-verity-target.c	2018-08-22 17:22:14.810000000 +0200
@@ -99,10 +99,26 @@ static int verity_hash_update(struct dm_
 {
 	struct scatterlist sg;
 
-	sg_init_one(&sg, data, len);
-	ahash_request_set_crypt(req, &sg, NULL, len);
-
-	return crypto_wait_req(crypto_ahash_update(req), wait);
+	if (likely(!is_vmalloc_addr(data))) {
+		sg_init_one(&sg, data, len);
+		ahash_request_set_crypt(req, &sg, NULL, len);
+		return crypto_wait_req(crypto_ahash_update(req), wait);
+	} else {
+		do {
+			int r;
+			size_t this_step = min(len, PAGE_SIZE - offset_in_page(data));
+			flush_kernel_vmap_range((void *)data, this_step);
+			sg_init_table(&sg, 1);
+			sg_set_page(&sg, vmalloc_to_page(data), this_step, offset_in_page(data));
+			ahash_request_set_crypt(req, &sg, NULL, this_step);
+			r = crypto_wait_req(crypto_ahash_update(req), wait);
+			if (unlikely(r))
+				return r;
+			data += this_step;
+			len -= this_step;
+		} while (len);
+		return 0;
+	}
 }
 
 /*


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]