lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CABCJKucJxi3CZU40LLg30fZx_YDsHBwA0fCB9fUMDY9rtqKczQ@mail.gmail.com>
Date:   Mon, 13 Sep 2021 10:55:37 -0700
From:   Sami Tolvanen <samitolvanen@...gle.com>
To:     Akilesh Kailash <akailash@...gle.com>
Cc:     Android Kernel Team <kernel-team@...roid.com>,
        Alasdair Kergon <agk@...hat.com>,
        Mike Snitzer <snitzer@...hat.com>,
        device-mapper development <dm-devel@...hat.com>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] dm-verity: skip verity_handle_error on I/O errors

Hi Akilesh,

On Mon, Sep 13, 2021 at 2:27 AM Akilesh Kailash <akailash@...gle.com> wrote:
>
> If there is an I/O error and FEC correction fails, return
> an error instead of calling verity_handle_error().
>
> Suggested-by: Sami Tolvanen <samitolvanen@...gle.com>
> Signed-off-by: Akilesh Kailash <akailash@...gle.com>
> ---
> This was discussed in [1] by Sami Tolvanen but was
> never implemented.
>
> [1] https://lore.kernel.org/dm-devel/b004e7c7-f795-77ed-19b9-983785780e92@gmail.com/T/#mec4df1ba3f3cb63846875fb2bfc1f8b3100f31f1

Great, thanks for the patch!

>  drivers/md/dm-verity-target.c | 13 +++++++++++--
>  1 file changed, 11 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c
> index 22a5ac82446a..a6f7c452ee80 100644
> --- a/drivers/md/dm-verity-target.c
> +++ b/drivers/md/dm-verity-target.c
> @@ -475,6 +475,7 @@ static int verity_verify_io(struct dm_verity_io *io)
>         struct bvec_iter start;
>         unsigned b;
>         struct crypto_wait wait;
> +       struct bio *bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size);
>
>         for (b = 0; b < io->n_blocks; b++) {
>                 int r;
> @@ -529,9 +530,17 @@ static int verity_verify_io(struct dm_verity_io *io)
>                 else if (verity_fec_decode(v, io, DM_VERITY_BLOCK_TYPE_DATA,
>                                            cur_block, NULL, &start) == 0)
>                         continue;
> -               else if (verity_handle_err(v, DM_VERITY_BLOCK_TYPE_DATA,
> +               else {
> +                       if (bio->bi_status) {
> +                               /*
> +                                * Error correction failed; Just return error
> +                                */
> +                               return -EIO;
> +                       }
> +                       if (verity_handle_err(v, DM_VERITY_BLOCK_TYPE_DATA,
>                                            cur_block))
> -                       return -EIO;
> +                               return -EIO;
> +               }
>         }
>
>         return 0;

This looks correct to me. A non-zero bio->bi_status here means that
FEC must be enabled because otherwise we wouldn't have ended up in
verity_verify_io() in the first place, and returning -EIO when
verity_fec_decode() fails after attempting to correct an I/O error is
consistent with the non-FEC behavior of dm-verity.

Reviewed-by: Sami Tolvanen <samitolvanen@...gle.com>

Sami

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ