[dm-devel] [PATCH] dm verity: don't crash on vmallocated buffer

Wed, 22 Aug 2018 09:46:18 -0700 

Since the commit d1ac3ff008fb ("dm verity: switch to using asynchronous"+
hash crypto API"), dm-verity uses asynchronous crypto calls for
verification, so that it can use hardware with asynchronous processing of
crypto operations.

These asynchronous calls don't support vmalloc memory, but the buffer data
can be vmallocated if dm-bufio is short of memory and uses a reserved
buffer that was preallocated in dm_bufio_client_create.

This patch fixes verity_hash_update, so that it deals with vmallocated 
memory correctly.

Signed-off-by: Mikulas Patocka <[email protected]>
Reported-by: "Xiao, Jin" <[email protected]>
Fixes: d1ac3ff008fb ("dm verity: switch to using asynchronous hash crypto API")
Cc: [email protected]      # 4.11+

---
 drivers/md/dm-verity-target.c |   24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

Index: linux-2.6/drivers/md/dm-verity-target.c
===================================================================
--- linux-2.6.orig/drivers/md/dm-verity-target.c        2018-08-22 
17:18:30.800000000 +0200
+++ linux-2.6/drivers/md/dm-verity-target.c     2018-08-22 17:22:14.810000000 
+0200
@@ -99,10 +99,26 @@ static int verity_hash_update(struct dm_
 {
        struct scatterlist sg;
 
-       sg_init_one(&sg, data, len);
-       ahash_request_set_crypt(req, &sg, NULL, len);
-
-       return crypto_wait_req(crypto_ahash_update(req), wait);
+       if (likely(!is_vmalloc_addr(data))) {
+               sg_init_one(&sg, data, len);
+               ahash_request_set_crypt(req, &sg, NULL, len);
+               return crypto_wait_req(crypto_ahash_update(req), wait);
+       } else {
+               do {
+                       int r;
+                       size_t this_step = min(len, PAGE_SIZE - 
offset_in_page(data));
+                       flush_kernel_vmap_range((void *)data, this_step);
+                       sg_init_table(&sg, 1);
+                       sg_set_page(&sg, vmalloc_to_page(data), this_step, 
offset_in_page(data));
+                       ahash_request_set_crypt(req, &sg, NULL, this_step);
+                       r = crypto_wait_req(crypto_ahash_update(req), wait);
+                       if (unlikely(r))
+                               return r;
+                       data += this_step;
+                       len -= this_step;
+               } while (len);
+               return 0;
+       }
 }
 
 /*

--
dm-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/dm-devel

Reply via email to