[dm-devel] [PATCH] dm verity: don't crash on vmallocated buffer
Xiao, Jin
jin.xiao at intel.com
Mon Sep 10 02:51:24 UTC 2018
Hi Mikulas,
I have tested the patch. It works. Thanks.
Jin
On 8/23/2018 12:45 AM, Mikulas Patocka wrote:
> Since the commit d1ac3ff008fb ("dm verity: switch to using asynchronous"+
> hash crypto API"), dm-verity uses asynchronous crypto calls for
> verification, so that it can use hardware with asynchronous processing of
> crypto operations.
>
> These asynchronous calls don't support vmalloc memory, but the buffer data
> can be vmallocated if dm-bufio is short of memory and uses a reserved
> buffer that was preallocated in dm_bufio_client_create.
>
> This patch fixes verity_hash_update, so that it deals with vmallocated
> memory correctly.
>
> Signed-off-by: Mikulas Patocka <mpatocka at redhat.com>
> Reported-by: "Xiao, Jin" <jin.xiao at intel.com>
> Fixes: d1ac3ff008fb ("dm verity: switch to using asynchronous hash crypto API")
> Cc: stable at vger.kernel.org # 4.11+
>
> ---
> drivers/md/dm-verity-target.c | 24 ++++++++++++++++++++----
> 1 file changed, 20 insertions(+), 4 deletions(-)
>
> Index: linux-2.6/drivers/md/dm-verity-target.c
> ===================================================================
> --- linux-2.6.orig/drivers/md/dm-verity-target.c 2018-08-22 17:18:30.800000000 +0200
> +++ linux-2.6/drivers/md/dm-verity-target.c 2018-08-22 17:22:14.810000000 +0200
> @@ -99,10 +99,26 @@ static int verity_hash_update(struct dm_
> {
> struct scatterlist sg;
>
> - sg_init_one(&sg, data, len);
> - ahash_request_set_crypt(req, &sg, NULL, len);
> -
> - return crypto_wait_req(crypto_ahash_update(req), wait);
> + if (likely(!is_vmalloc_addr(data))) {
> + sg_init_one(&sg, data, len);
> + ahash_request_set_crypt(req, &sg, NULL, len);
> + return crypto_wait_req(crypto_ahash_update(req), wait);
> + } else {
> + do {
> + int r;
> + size_t this_step = min(len, PAGE_SIZE - offset_in_page(data));
> + flush_kernel_vmap_range((void *)data, this_step);
> + sg_init_table(&sg, 1);
> + sg_set_page(&sg, vmalloc_to_page(data), this_step, offset_in_page(data));
> + ahash_request_set_crypt(req, &sg, NULL, this_step);
> + r = crypto_wait_req(crypto_ahash_update(req), wait);
> + if (unlikely(r))
> + return r;
> + data += this_step;
> + len -= this_step;
> + } while (len);
> + return 0;
> + }
> }
>
> /*
More information about the dm-devel
mailing list