lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 8 Aug 2012 00:43:28 +0000
From:	Wesley Miaw <wmiaw@...flix.com>
To:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
CC:	Will Drewry™ <w@...gle.com>,
	"msb@...gle.com" <msb@...gle.com>
Subject: [PATCH] dm: verity support data device offset

I needed to add support for dm-verity with data that is offset into a block device. As part of this I found that the existing code did not compute the correct hash block index if the data_start might be non-zero. Here's a patch to add support for a data offset target parameter as well as a fix to the hash block index computation.

Patch and (hopefully proper) commit message below. Thanks.
--
Wesley Miaw

============================================================

Add data device start block index to dm-verity target parameters to support verity targets where the data does not begin at sector 0 of the block device. Also fix the hash block index computation so it takes into account data offsets.

---

--- a/drivers/md/dm-verity.c	2012-08-07 16:03:03.778759000 -0700
+++ b/drivers/md/dm-verity.c	2012-08-07 17:30:56.914569414 -0700
@@ -491,7 +491,7 @@
 	io->bio = bio;
 	io->orig_bi_end_io = bio->bi_end_io;
 	io->orig_bi_private = bio->bi_private;
-	io->block = bio->bi_sector >> (v->data_dev_block_bits - SECTOR_SHIFT);
+	io->block = (bio->bi_sector - v->data_start)  >> (v->data_dev_block_bits - SECTOR_SHIFT);
 	io->n_blocks = bio->bi_size >> v->data_dev_block_bits;
 
 	bio->bi_end_io = verity_end_io;
@@ -641,6 +641,7 @@
  *	<hash device>
  *	<data block size>
  *	<hash block size>
+ *	<data start block>
  *	<the number of data blocks>
  *	<hash start block>
  *	<algorithm>
@@ -671,8 +672,8 @@
 		goto bad;
 	}
 
-	if (argc != 10) {
-		ti->error = "Invalid argument count: exactly 10 arguments required";
+	if (argc != 11) {
+		ti->error = "Invalid argument count: exactly 11 arguments required";
 		r = -EINVAL;
 		goto bad;
 	}
@@ -718,6 +719,15 @@
 	v->hash_dev_block_bits = ffs(num) - 1;
 
 	if (sscanf(argv[5], "%llu%c", &num_ll, &dummy) != 1 ||
+		num_ll << (v->data_dev_block_bits - SECTOR_SHIFT) !=
+		(sector_t)num_ll << (v->data_dev_block_bits - SECTOR_SHIFT)) {
+		ti->error = "Invalid data start";
+		r = -EINVAL;
+		goto bad;
+	}
+	v->data_start = num_ll << (v->data_dev_block_bits - SECTOR_SHIFT);
+
+	if (sscanf(argv[6], "%llu%c", &num_ll, &dummy) != 1 ||
 	    num_ll << (v->data_dev_block_bits - SECTOR_SHIFT) !=
 	    (sector_t)num_ll << (v->data_dev_block_bits - SECTOR_SHIFT)) {
 		ti->error = "Invalid data blocks";
@@ -732,7 +742,7 @@
 		goto bad;
 	}
 
-	if (sscanf(argv[6], "%llu%c", &num_ll, &dummy) != 1 ||
+	if (sscanf(argv[7], "%llu%c", &num_ll, &dummy) != 1 ||
 	    num_ll << (v->hash_dev_block_bits - SECTOR_SHIFT) !=
 	    (sector_t)num_ll << (v->hash_dev_block_bits - SECTOR_SHIFT)) {
 		ti->error = "Invalid hash start";
@@ -741,7 +751,7 @@
 	}
 	v->hash_start = num_ll;
 
-	v->alg_name = kstrdup(argv[7], GFP_KERNEL);
+	v->alg_name = kstrdup(argv[8], GFP_KERNEL);
 	if (!v->alg_name) {
 		ti->error = "Cannot allocate algorithm name";
 		r = -ENOMEM;
@@ -770,23 +780,23 @@
 		r = -ENOMEM;
 		goto bad;
 	}
-	if (strlen(argv[8]) != v->digest_size * 2 ||
-	    hex2bin(v->root_digest, argv[8], v->digest_size)) {
+	if (strlen(argv[9]) != v->digest_size * 2 ||
+	    hex2bin(v->root_digest, argv[9], v->digest_size)) {
 		ti->error = "Invalid root digest";
 		r = -EINVAL;
 		goto bad;
 	}
 
-	if (strcmp(argv[9], "-")) {
-		v->salt_size = strlen(argv[9]) / 2;
+	if (strcmp(argv[10], "-")) {
+		v->salt_size = strlen(argv[10]) / 2;
 		v->salt = kmalloc(v->salt_size, GFP_KERNEL);
 		if (!v->salt) {
 			ti->error = "Cannot allocate salt";
 			r = -ENOMEM;
 			goto bad;
 		}
-		if (strlen(argv[9]) != v->salt_size * 2 ||
-		    hex2bin(v->salt, argv[9], v->salt_size)) {
+		if (strlen(argv[10]) != v->salt_size * 2 ||
+		    hex2bin(v->salt, argv[10], v->salt_size)) {
 			ti->error = "Invalid salt";
 			r = -EINVAL;
 			goto bad;


Download attachment "signature.asc" of type "application/pgp-signature" (496 bytes)

Powered by blists - more mailing lists