lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1edcdb9d-196a-4b0f-9752-5f6ef0520e48@gmail.com>
Date:   Wed, 4 Oct 2023 16:07:38 +0200
From:   Milan Broz <gmazyland@...il.com>
To:     linux-block@...r.kernel.org
Cc:     gjoyce@...ux.vnet.ibm.com, jonathan.derrick@...ux.dev,
        axboe@...nel.dk, linux-kernel@...r.kernel.org,
        Ondrej Kozina <okozina@...hat.com>
Subject: Re: [PATCH] block: Fix regression in sed-opal for a saved key.

On 10/3/23 12:02, Milan Broz wrote:
> The commit 3bfeb61256643281ac4be5b8a57e9d9da3db4335
> introduced the use of keyring for sed-opal.
> 
> Unfortunately, there is also a possibility to save
> the Opal key used in opal_lock_unlock().
> 
> This patch switches the order of operation, so the cached
> key is used instead of failure for opal_get_key.
> 
> The problem was found by the cryptsetup Opal test recently
> added to the cryptsetup tree.

Just forgot to mention - this is regression in 6.6-rc,
breaking our OPAL cryptsetup support, so  I think this
should go into next 6.6 rc.

Stable versions are ok, only 6.6-rc is affected currently.

Milan


> 
> Fixes: 3bfeb6125664 ("block: sed-opal: keyring support for SED keys")
> Tested-by: Ondrej Kozina <okozina@...hat.com>
> Signed-off-by: Milan Broz <gmazyland@...il.com>
> ---
>   block/sed-opal.c | 7 +++----
>   1 file changed, 3 insertions(+), 4 deletions(-)
> 
> diff --git a/block/sed-opal.c b/block/sed-opal.c
> index 6d7f25d1711b..04f38a3f5d95 100644
> --- a/block/sed-opal.c
> +++ b/block/sed-opal.c
> @@ -2888,12 +2888,11 @@ static int opal_lock_unlock(struct opal_dev *dev,
>   	if (lk_unlk->session.who > OPAL_USER9)
>   		return -EINVAL;
>   
> -	ret = opal_get_key(dev, &lk_unlk->session.opal_key);
> -	if (ret)
> -		return ret;
>   	mutex_lock(&dev->dev_lock);
>   	opal_lock_check_for_saved_key(dev, lk_unlk);
> -	ret = __opal_lock_unlock(dev, lk_unlk);
> +	ret = opal_get_key(dev, &lk_unlk->session.opal_key);
> +	if (!ret)
> +		ret = __opal_lock_unlock(dev, lk_unlk);
>   	mutex_unlock(&dev->dev_lock);
>   
>   	return ret;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ