git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Mikulas Patocka <mpatocka@redhat.com>
	Mon, 19 Feb 2024 20:28:09 +0000 (21:28 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 1 Mar 2024 12:34:59 +0000 (13:34 +0100)
commit	e5cc2309f6b328716ae86924a321d5622906ed78
tree	0999e042bd0bb53d56b751948f19afd23197ad36	tree
parent	64ba01a365980755732972523600a961c4266b75	commit \| diff

dm-verity: recheck the hash after a failure

commit 9177f3c0dea6143d05cac1bbd28668fd0e216d11 upstream.

If a userspace process reads (with O_DIRECT) multiple blocks into the same
buffer, dm-verity reports an error [1].

This commit fixes dm-verity, so that if hash verification fails, the data
is read again into a kernel buffer (where userspace can't modify it) and
the hash is rechecked. If the recheck succeeds, the content of the kernel
buffer is copied into the user buffer; if the recheck fails, an error is
reported.

[1] https://people.redhat.com/~mpatocka/testcases/blk-auth-modify/read2.c

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/md/dm-verity-target.c		diff \| blob \| blame \| history
drivers/md/dm-verity.h		diff \| blob \| blame \| history