]>
Commit | Line | Data |
---|---|---|
1668d1b8 GKH |
1 | From e4b069e0945fa14c71cf8b5b89f8b1b2aa68dbc2 Mon Sep 17 00:00:00 2001 |
2 | From: Mikulas Patocka <mpatocka@redhat.com> | |
3 | Date: Wed, 22 Aug 2018 12:45:51 -0400 | |
4 | Subject: dm verity: fix crash on bufio buffer that was allocated with vmalloc | |
5 | ||
6 | From: Mikulas Patocka <mpatocka@redhat.com> | |
7 | ||
8 | commit e4b069e0945fa14c71cf8b5b89f8b1b2aa68dbc2 upstream. | |
9 | ||
10 | Since commit d1ac3ff008fb ("dm verity: switch to using asynchronous hash | |
11 | crypto API") dm-verity uses asynchronous crypto calls for verification, | |
12 | so that it can use hardware with asynchronous processing of crypto | |
13 | operations. | |
14 | ||
15 | These asynchronous calls don't support vmalloc memory, but the buffer data | |
16 | can be allocated with vmalloc if dm-bufio is short of memory and uses a | |
17 | reserved buffer that was preallocated in dm_bufio_client_create(). | |
18 | ||
19 | Fix verity_hash_update() so that it deals with vmalloc'd memory | |
20 | correctly. | |
21 | ||
22 | Reported-by: "Xiao, Jin" <jin.xiao@intel.com> | |
23 | Signed-off-by: Mikulas Patocka <mpatocka@redhat.com> | |
24 | Fixes: d1ac3ff008fb ("dm verity: switch to using asynchronous hash crypto API") | |
25 | Cc: stable@vger.kernel.org # 4.12+ | |
26 | Signed-off-by: Mike Snitzer <snitzer@redhat.com> | |
27 | Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com> | |
28 | Acked-by: Mikulas Patocka <mpatocka@redhat.com> | |
29 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
30 | --- | |
31 | drivers/md/dm-verity-target.c | 24 ++++++++++++++++++++---- | |
32 | 1 file changed, 20 insertions(+), 4 deletions(-) | |
33 | ||
34 | --- a/drivers/md/dm-verity-target.c | |
35 | +++ b/drivers/md/dm-verity-target.c | |
36 | @@ -139,10 +139,26 @@ static int verity_hash_update(struct dm_ | |
37 | { | |
38 | struct scatterlist sg; | |
39 | ||
40 | - sg_init_one(&sg, data, len); | |
41 | - ahash_request_set_crypt(req, &sg, NULL, len); | |
42 | - | |
43 | - return verity_complete_op(res, crypto_ahash_update(req)); | |
44 | + if (likely(!is_vmalloc_addr(data))) { | |
45 | + sg_init_one(&sg, data, len); | |
46 | + ahash_request_set_crypt(req, &sg, NULL, len); | |
47 | + return verity_complete_op(res, crypto_ahash_update(req)); | |
48 | + } else { | |
49 | + do { | |
50 | + int r; | |
51 | + size_t this_step = min_t(size_t, len, PAGE_SIZE - offset_in_page(data)); | |
52 | + flush_kernel_vmap_range((void *)data, this_step); | |
53 | + sg_init_table(&sg, 1); | |
54 | + sg_set_page(&sg, vmalloc_to_page(data), this_step, offset_in_page(data)); | |
55 | + ahash_request_set_crypt(req, &sg, NULL, this_step); | |
56 | + r = verity_complete_op(res, crypto_ahash_update(req)); | |
57 | + if (unlikely(r)) | |
58 | + return r; | |
59 | + data += this_step; | |
60 | + len -= this_step; | |
61 | + } while (len); | |
62 | + return 0; | |
63 | + } | |
64 | } | |
65 | ||
66 | /* |