lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20110414140925.GA25803@redhat.com>
Date:	Thu, 14 Apr 2011 10:09:25 -0400
From:	Mike Snitzer <snitzer@...hat.com>
To:	"Martin K. Petersen" <martin.petersen@...cle.com>
Cc:	Jens Axboe <jaxboe@...ionio.com>,
	LKML <linux-kernel@...r.kernel.org>,
	James Bottomley <James.Bottomley@...e.de>,
	device-mapper development <dm-devel@...hat.com>
Subject: Re: dm: improve block integrity support

[trimming CCs so as not to pester as many people directly]

On Fri, Apr 01 2011 at  1:42pm -0400,
Mike Snitzer <snitzer@...hat.com> wrote:

> The current block integrity (DIF/DIX) support in DM is verifying that
> all devices' integrity profiles match during DM device resume (which
> is past the point of no return).  To some degree that is unavoidable
> (stacked DM devices force this late checking).  But for most DM
> devices (which aren't stacking on other DM devices) the ideal time to
> verify all integrity profiles match is during table load.
> 
> Introduce the notion of an "initialized" integrity profile: a profile
> that was blk_integrity_register()'d with a non-NULL 'blk_integrity'
> template.  Add blk_integrity_is_initialized() to allow checking if a
> profile was initialized.
> 
> Update DM integrity support to:
> - check all devices with _initialized_ integrity profiles match
>   during table load; uninitialized profiles (e.g. for underlying DM
>   device(s) of a stacked DM device) are ignored.
> - disallow a table load that would result in an integrity profile that
>   conflicts with a DM device's existing (in-use) integrity profile
> - avoid clearing an existing integrity profile
> - validate all integrity profiles match during resume; but if they
>   don't all we can do is report the mismatch (during resume we're past
>   the point of no return)
> 
> Signed-off-by: Mike Snitzer <snitzer@...hat.com>
> Cc: Martin K. Petersen <martin.petersen@...cle.com>

Hi Martin,

Any chance you've had a look at this?  I'm most interested in whether
the code works with the various integrity profiles you have.

I'd really like to get this reviewed and queued for upstream so that it
doesn't die on the vine.

Thanks,
Mike
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ