On Fri, Nov 14, 2025 at 04:54:01PM +0100, Mikulas Patocka wrote: > Hi > > What do you think about this patch? > > There are two problems with the recursive correction: > > 1. It may cause denial-of-service. In fec_read_bufs, there is a loop that > has 253 iterations. For each iteration, we may call verity_hash_for_block > recursively. There is a limit of 4 nested recursions - that means that > there may be at most 253^4 (4 billion) iterations. Red Hat QE team > actually created an image that that pushes dm-verity to this limit - and > this image just makes the udev-worker process get stuck in the 'D' state. > > 2. It probably doesn't work. In fec_read_bufs we store data into the > variable "fio->bufs", but fio bufs is shared between recursive > invocations, if "verity_hash_for_block" invoked correction recursively, it > would overwrite partially filled fio->bufs. > > So, I'm suggesting to remove recursive correction at all. This patch > passed the cryptsetup testsuite. Does it pass your tests too? > > Signed-off-by: Mikulas Patocka <[email protected]> > Reported-by: Guangwu Zhang <[email protected]> > > --- > drivers/md/dm-verity-fec.c | 4 +--- > drivers/md/dm-verity-fec.h | 3 --- > drivers/md/dm-verity-target.c | 2 +- > 3 files changed, 2 insertions(+), 7 deletions(-)
Reviewed-by: Eric Biggers <[email protected]> - Eric
