[dm-devel] [PATCH] dm verity: correcting logic used with corrupted_errs counter

Sami Tolvanen samitolvanen at google.com
Thu Dec 3 22:13:23 UTC 2020 

On Thu, Dec 3, 2020 at 8:18 AM Ravi Kumar Siddojigari
<rsiddoji at codeaurora.org> wrote:
>
> Sorry,  Resending the patch for comments with  dm-devel added .
>
> -----Original Message-----
> From: Ravi Kumar Siddojigari <rsiddoji at codeaurora.org>
> Sent: Friday, November 20, 2020 6:37 PM
> To: 'linux-block at vger.kernel.org' <linux-block at vger.kernel.org>
> Cc: 'dm-devel at redhat.com' <dm-devel at redhat.com>
> Subject: RE: [PATCH] dm verity: correcting logic used with corrupted_errs
> counter
>
> One more question  :
>         Current code has DM_VERITY_MAX_CORRUPTED_ERRS  set to 100  can we
> reduce this ? or is there any  data that made us to keep this 100 ?
> Regards,
> Ravi
>
> -----Original Message-----
> From: Ravi Kumar Siddojigari <rsiddoji at codeaurora.org>
> Sent: Wednesday, November 18, 2020 6:17 PM
> To: 'linux-block at vger.kernel.org' <linux-block at vger.kernel.org>
> Subject: [PATCH] dm verity: correcting logic used with corrupted_errs
> counter
>
> In verity_handle_err we see that the "corrupted_errs"  is never going to be
> more than one as the code will fall through "out" label and hit
> panic/kernel_restart on the first error  which is not as expected..
> Following patch will make sure that corrupted_errs are incremented and only
> panic/kernel_restart once it reached DM_VERITY_MAX_CORRUPTED_ERRS.
>
> Signed-off-by: Ravi Kumar Siddojigari <rsiddoji at codeaurora.org>
> ---
>  drivers/md/dm-verity-target.c | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c
> index f74982dcbea0..d86900a2a8d7 100644
> --- a/drivers/md/dm-verity-target.c
> +++ b/drivers/md/dm-verity-target.c
> @@ -221,8 +221,10 @@ static int verity_handle_err(struct dm_verity *v, enum
> verity_block_type type,
>         /* Corruption should be visible in device status in all modes */
>         v->hash_failed = 1;
>
> -       if (v->corrupted_errs >= DM_VERITY_MAX_CORRUPTED_ERRS)
> +       if (v->corrupted_errs >= DM_VERITY_MAX_CORRUPTED_ERRS) {
> +               DMERR("%s: reached maximum errors", v->data_dev->name);
>                 goto out;
> +       }
>
>         v->corrupted_errs++;
>
> @@ -240,13 +242,13 @@ static int verity_handle_err(struct dm_verity *v, enum
> verity_block_type type,
>         DMERR_LIMIT("%s: %s block %llu is corrupted", v->data_dev->name,
>                     type_str, block);
>
> -       if (v->corrupted_errs == DM_VERITY_MAX_CORRUPTED_ERRS)
> -               DMERR("%s: reached maximum errors", v->data_dev->name);
>
>         snprintf(verity_env, DM_VERITY_ENV_LENGTH, "%s=%d,%llu",
>                 DM_VERITY_ENV_VAR_NAME, type, block);
>
>         kobject_uevent_env(&disk_to_dev(dm_disk(md))->kobj, KOBJ_CHANGE,
> envp);
> +       /* DM_VERITY_MAX_CORRUPTED_ERRS limit not reached yet */
> +               return 0;

No. This would allow invalid blocks to be returned to userspace when
dm-verity is NOT in logging mode, which is unacceptable.
DM_VERITY_MAX_CORRUPTED_ERRS is only used to limit the number of error
messages printed out, we cannot let the first N corrupt blocks to just
slip through.

Sami

More information about the dm-devel mailing list