[dm-devel] [PATCH 2/2] dm-integrity: disable recalculate due to secrurity reasons
Mikulas Patocka
mpatocka at redhat.com
Wed Jan 20 12:58:23 UTC 2021
Disable recalculating if we don't have fix_hmac, the journal hash
algorithm is using a kay and we don't have the "legacy_recalculate" flag.
Signed-off-by: Mikulas Patocka <mpatocka at redhat.com>
Index: linux-2.6/drivers/md/dm-integrity.c
===================================================================
--- linux-2.6.orig/drivers/md/dm-integrity.c
+++ linux-2.6/drivers/md/dm-integrity.c
@@ -262,6 +262,7 @@ struct dm_integrity_c {
bool discard;
bool fix_padding;
bool fix_hmac;
+ bool legacy_recalculate;
struct alg_spec internal_hash_alg;
struct alg_spec journal_crypt_alg;
@@ -389,6 +390,15 @@ static int dm_integrity_failed(struct dm
return READ_ONCE(ic->failed);
}
+static bool dm_integrity_disable_recalculate(struct dm_integrity_c *ic)
+{
+ if (!ic->fix_hmac &&
+ ic->journal_mac_alg.key &&
+ !ic->legacy_recalculate)
+ return true;
+ return false;
+}
+
static commit_id_t dm_integrity_commit_id(struct dm_integrity_c *ic, unsigned i,
unsigned j, unsigned char seq)
{
@@ -3221,6 +3231,7 @@ static void dm_integrity_status(struct d
arg_count += !!ic->journal_mac_alg.alg_string;
arg_count += (ic->sb->flags & cpu_to_le32(SB_FLAG_FIXED_PADDING)) != 0;
arg_count += (ic->sb->flags & cpu_to_le32(SB_FLAG_FIXED_HMAC)) != 0;
+ arg_count += ic->legacy_recalculate;
DMEMIT("%s %llu %u %c %u", ic->dev->name, ic->start,
ic->tag_size, ic->mode, arg_count);
if (ic->meta_dev)
@@ -3246,6 +3257,8 @@ static void dm_integrity_status(struct d
DMEMIT(" fix_padding");
if ((ic->sb->flags & cpu_to_le32(SB_FLAG_FIXED_HMAC)) != 0)
DMEMIT(" fix_hmac");
+ if (ic->legacy_recalculate)
+ DMEMIT(" legacy_recalculate");
#define EMIT_ALG(a, n) \
do { \
@@ -3878,7 +3891,7 @@ static int dm_integrity_ctr(struct dm_ta
unsigned extra_args;
struct dm_arg_set as;
static const struct dm_arg _args[] = {
- {0, 16, "Invalid number of feature args"},
+ {0, 17, "Invalid number of feature args"},
};
unsigned journal_sectors, interleave_sectors, buffer_sectors, journal_watermark, sync_msec;
bool should_write_sb;
@@ -4028,6 +4041,8 @@ static int dm_integrity_ctr(struct dm_ta
ic->fix_padding = true;
} else if (!strcmp(opt_string, "fix_hmac")) {
ic->fix_hmac = true;
+ } else if (!strcmp(opt_string, "legacy_recalculate")) {
+ ic->legacy_recalculate = true;
} else {
r = -EINVAL;
ti->error = "Invalid argument";
@@ -4331,6 +4346,14 @@ try_smaller_buffer:
}
}
+ if (ic->sb->flags & cpu_to_le32(SB_FLAG_RECALCULATING) &&
+ le64_to_cpu(ic->sb->recalc_sector) < ic->provided_data_sectors &&
+ dm_integrity_disable_recalculate(ic)) {
+ ti->error = "Recalculating with \"fix_hmac\" is disable for security reasons - if you really need it, use the argument \"legacy_recalculate\"";
+ r = -EOPNOTSUPP;
+ goto bad;
+ }
+
ic->bufio = dm_bufio_client_create(ic->meta_dev ? ic->meta_dev->bdev : ic->dev->bdev,
1U << (SECTOR_SHIFT + ic->log2_buffer_sectors), 1, 0, NULL, NULL);
if (IS_ERR(ic->bufio)) {
Index: linux-2.6/Documentation/admin-guide/device-mapper/dm-integrity.rst
===================================================================
--- linux-2.6.orig/Documentation/admin-guide/device-mapper/dm-integrity.rst
+++ linux-2.6/Documentation/admin-guide/device-mapper/dm-integrity.rst
@@ -128,9 +128,15 @@ internal_hash:algorithm(:key) (the key i
You can use a crc algorithm (such as crc32), then integrity target
will protect the data against accidental corruption.
- You can also use a hmac algorithm (for example
- "hmac(sha256):0123456789abcdef"), in this mode it will provide
- cryptographic authentication of the data without encryption.
+
+ In order to provide cryptographic authentication of the data
+ without encryption, you need:
+ * the kernel 5.12 and integritysetup 2.3.5
+ * specfiy internal_hash as a hmac function with a key, for example
+ hmac(sha256):0123456789abcdef
+ * specify journal_hash as a hmac function with a key, for example
+ hmac(sha256):0123456789abcdef
+ * specify the fix_hmac argument
When this argument is not used, the integrity tags are accepted
from an upper layer target, such as dm-crypt. The upper layer
More information about the dm-devel
mailing list