[dm-devel] [PATCH] dm verity: don't crash on vmallocated buffer

Xiao, Jin jin.xiao at intel.com
Mon Sep 10 02:51:24 UTC 2018 

Hi Mikulas,

I have tested the patch. It works. Thanks.

Jin

On 8/23/2018 12:45 AM, Mikulas Patocka wrote:
> Since the commit d1ac3ff008fb ("dm verity: switch to using asynchronous"+
> hash crypto API"), dm-verity uses asynchronous crypto calls for
> verification, so that it can use hardware with asynchronous processing of
> crypto operations.
>
> These asynchronous calls don't support vmalloc memory, but the buffer data
> can be vmallocated if dm-bufio is short of memory and uses a reserved
> buffer that was preallocated in dm_bufio_client_create.
>
> This patch fixes verity_hash_update, so that it deals with vmallocated
> memory correctly.
>
> Signed-off-by: Mikulas Patocka <mpatocka at redhat.com>
> Reported-by: "Xiao, Jin" <jin.xiao at intel.com>
> Fixes: d1ac3ff008fb ("dm verity: switch to using asynchronous hash crypto API")
> Cc: stable at vger.kernel.org	# 4.11+
>
> ---
>   drivers/md/dm-verity-target.c |   24 ++++++++++++++++++++----
>   1 file changed, 20 insertions(+), 4 deletions(-)
>
> Index: linux-2.6/drivers/md/dm-verity-target.c
> ===================================================================
> --- linux-2.6.orig/drivers/md/dm-verity-target.c	2018-08-22 17:18:30.800000000 +0200
> +++ linux-2.6/drivers/md/dm-verity-target.c	2018-08-22 17:22:14.810000000 +0200
> @@ -99,10 +99,26 @@ static int verity_hash_update(struct dm_
>   {
>   	struct scatterlist sg;
>   
> -	sg_init_one(&sg, data, len);
> -	ahash_request_set_crypt(req, &sg, NULL, len);
> -
> -	return crypto_wait_req(crypto_ahash_update(req), wait);
> +	if (likely(!is_vmalloc_addr(data))) {
> +		sg_init_one(&sg, data, len);
> +		ahash_request_set_crypt(req, &sg, NULL, len);
> +		return crypto_wait_req(crypto_ahash_update(req), wait);
> +	} else {
> +		do {
> +			int r;
> +			size_t this_step = min(len, PAGE_SIZE - offset_in_page(data));
> +			flush_kernel_vmap_range((void *)data, this_step);
> +			sg_init_table(&sg, 1);
> +			sg_set_page(&sg, vmalloc_to_page(data), this_step, offset_in_page(data));
> +			ahash_request_set_crypt(req, &sg, NULL, this_step);
> +			r = crypto_wait_req(crypto_ahash_update(req), wait);
> +			if (unlikely(r))
> +				return r;
> +			data += this_step;
> +			len -= this_step;
> +		} while (len);
> +		return 0;
> +	}
>   }
>   
>   /*

More information about the dm-devel mailing list