Re: [PATCH] dm-verity: restart or panic on an I/O error

[Mikulas Patocka]

On Mon, 30 Sep 2024, Will Drewry wrote:

> > The dm-verity behavior was reported as a security bug, so by default, it
> > should behave in the secure way - i.e. restart or panic on I/O error.
> >
> > Do you intend to use dm-verity in Android and ChromeOS in the less-secure
> > way where it returns -EIO? Have you audited the Android and ChromeOS
> > codebase so that -EIO can't cause security breach? If yes, I can make a
> > configuration switch for you that will enable the old behavior.
> 
> tl;dr don't change the default behavior, but adding a reboot-on-eio is nice.

OK, so I can revert it if you want it.

I'd like to ask - there is another change in that patch - I changed
        kernel_restart("dm-verity device corrupted");
to
        pr_emerg("dm-verity device corrupted\n");
        emergency_restart();

Because kernel_restart calls reboot notifiers and they may in theory wait 
for the bio that caused the restart, resulting in deadlock.

Do you want to have this part of the patch reverted too?

Mikulas