lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0066B4B7-B0FA-4C7F-99C4-0AABB577382C@netflix.com>
Date:	Thu, 9 Aug 2012 00:40:22 +0000
From:	Wesley Miaw <wmiaw@...flix.com>
To:	Milan Broz <mbroz@...hat.com>
CC:	Mikulas Patocka <mpatocka@...hat.com>,
	device-mapper development <dm-devel@...hat.com>,
	Alasdair Kergon <agk@...hat.com>,
	"msb@...gle.com" <msb@...gle.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Will Drewry™ <w@...gle.com>
Subject: Re: [dm-devel] [PATCH v2 1/2] dm: verity support data device offset
 (Linux 3.4.7)

On Aug 8, 2012, at 1:31 PM, Milan Broz wrote:

> On 08/08/2012 08:46 PM, Mikulas Patocka wrote:
> 
>> The problem with the patch is that it changes interface to the userspace 
>> tool. The userspace tool veritysetup already exists in recent cryptsetup 
>> package, so we can't change the interface - you should change the patch so 
>> that the starting data block is the last argument and the argument is 
>> optional - so that it is compatible with the existing userspace too.
> 
> yes. Please never change interface without at least increasing target version.
> 
> I have to add userspace support as well to veritysetup and we need a way
> how to detect that option is supported by running kernel.

Apologies if the version increment is incorrect; I was not sure if the minor or patch number should be incremented. I assume the different version number is what would be used to detect if the data offset option is supported. Thanks.

From: Wesley Miaw <wmiaw@...flix.com>

Add data device start block index as optional dm-verity target parameters to
support verity targets where the data does not begin at sector 0 of the block
device.

Also fix the hash block index computations so they take into account any data
offset.

Signed-off-by: Wesley Miaw <wmiaw@...flix.com>
---
 Documentation/device-mapper/verity.txt |    8 ++++++-
 drivers/md/dm-verity.c                 |   24 ++++++++++++++++++-----
 2 files changed, 26 insertions(+), 6 deletions(-)
--- a/drivers/md/dm-verity.c	2012-08-07 16:03:03.778759000 -0700
+++ b/drivers/md/dm-verity.c	2012-08-08 17:04:16.344682266 -0700
@@ -477,7 +477,7 @@ static int verity_map(struct dm_target *
 		return -EIO;
 	}
 
-	if ((bio->bi_sector + bio_sectors(bio)) >>
+	if ((bio->bi_sector - v->data_start + bio_sectors(bio)) >>
 	    (v->data_dev_block_bits - SECTOR_SHIFT) > v->data_blocks) {
 		DMERR_LIMIT("io out of range");
 		return -EIO;
@@ -491,7 +491,7 @@ static int verity_map(struct dm_target *
 	io->bio = bio;
 	io->orig_bi_end_io = bio->bi_end_io;
 	io->orig_bi_private = bio->bi_private;
-	io->block = bio->bi_sector >> (v->data_dev_block_bits - SECTOR_SHIFT);
+	io->block = (bio->bi_sector - v->data_start) >> (v->data_dev_block_bits - SECTOR_SHIFT);
 	io->n_blocks = bio->bi_size >> v->data_dev_block_bits;
 
 	bio->bi_end_io = verity_end_io;
@@ -646,6 +646,7 @@ static void verity_dtr(struct dm_target 
  *	<algorithm>
  *	<digest>
  *	<salt>		Hex string or "-" if no salt.
+ *	<data start block>		Optional. The default is zero.
  */
 static int verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
 {
@@ -671,8 +672,8 @@ static int verity_ctr(struct dm_target *
 		goto bad;
 	}
 
-	if (argc != 10) {
-		ti->error = "Invalid argument count: exactly 10 arguments required";
+	if (argc != 10 && argc != 11) {
+		ti->error = "Invalid argument count: 10 or 11 arguments required";
 		r = -EINVAL;
 		goto bad;
 	}
@@ -793,6 +794,19 @@ static int verity_ctr(struct dm_target *
 		}
 	}
 
+	if (argc == 11) {
+		if (sscanf(argv[10], "%llu%c", &num_ll, &dummy) != 1 ||
+			num_ll << (v->data_dev_block_bits - SECTOR_SHIFT) !=
+			(sector_t)num_ll << (v->data_dev_block_bits - SECTOR_SHIFT)) {
+			ti->error = "Invalid data start";
+			r = -EINVAL;
+			goto bad;
+		}
+		v->data_start = num_ll << (v->data_dev_block_bits - SECTOR_SHIFT);
+	} else {
+		v->data_start = 0;
+	}
+
 	v->hash_per_block_bits =
 		fls((1 << v->hash_dev_block_bits) / v->digest_size) - 1;
 
@@ -875,7 +889,7 @@ bad:
 
 static struct target_type verity_target = {
 	.name		= "verity",
-	.version	= {1, 0, 0},
+	.version	= {1, 1, 0},
 	.module		= THIS_MODULE,
 	.ctr		= verity_ctr,
 	.dtr		= verity_dtr,
--- a/Documentation/device-mapper/verity.txt	2012-08-08 11:02:48.558883756 -0700
+++ b/Documentation/device-mapper/verity.txt	2012-08-08 16:50:04.114864090 -0700
@@ -11,6 +11,7 @@ Construction Parameters
     <data_block_size> <hash_block_size>
     <num_data_blocks> <hash_start_block>
     <algorithm> <digest> <salt>
+    [<data_start_block>]
 
 <version>
     This is the type of the on-disk hash format.
@@ -62,6 +63,10 @@ Construction Parameters
 <salt>
     The hexadecimal encoding of the salt value.
 
+<data_start_block>
+    This is the offset, in <data_block_size>-blocks, from the start of data_dev
+    to the first block of the data.
+
 Theory of operation
 ===================
 
@@ -138,7 +143,8 @@ Set up a device:
   # dmsetup create vroot --readonly --table \
     "0 2097152 verity 1 /dev/sda1 /dev/sda2 4096 4096 262144 1 sha256 "\
     "4392712ba01368efdf14b05c76f9e4df0d53664630b5d48632ed17a137f39076 "\
-    "1234000000000000000000000000000000000000000000000000000000000000"
+    "1234000000000000000000000000000000000000000000000000000000000000 "\
+    "0"
 
 A command line tool veritysetup is available to compute or verify
 the hash tree or activate the kernel device. This is available from


Download attachment "signature.asc" of type "application/pgp-signature" (496 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ