lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4dc8f521-e6ca-b80c-eee8-060158a38407@redhat.com>
Date: Mon, 10 Feb 2025 17:46:26 +0100 (CET)
From: Mikulas Patocka <mpatocka@...hat.com>
To: Milan Broz <gmazyland@...il.com>
cc: Akilesh Kailash <akailash@...gle.com>, 
    Sami Tolvanen <samitolvanen@...gle.com>, kernel-team@...roid.com, 
    Alasdair Kergon <agk@...hat.com>, Mike Snitzer <snitzer@...nel.org>, 
    dm-devel@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] dm-verity: do forward error correction on metadata
 I/O errors



On Mon, 10 Feb 2025, Milan Broz wrote:

> On 2/10/25 4:04 PM, Mikulas Patocka wrote:
> > Do forward error correction if metadata I/O fails.
> > 
> > Signed-off-by: Mikulas Patocka <mpatocka@...hat.com>
> 
> Not directly related to this patch, but...
> please could you also increase the dm-verity version?
> 
> I just implemented support for the errors-as-corruption
> dm-verity flags in veritysetup.
> 
> The version of dm-verity stayed at 1.10 for a very long, and
> the IO error processing change was a functional change that we
> would like to detect.
> We cannot set version retrospectively, but at least now with other
> changes.
> 
> (Veritysetup tries the requested flags; if activation fails,
> it displays a better error message based on the detected
> target version. That way it works even with backports.)
> 
> Thanks,
> Milan

OK.


From: Mikulas Patocka <mpatocka@...hat.com>

Do forward error correction if metadata I/O fails.

Signed-off-by: Mikulas Patocka <mpatocka@...hat.com>

---
 drivers/md/dm-verity-target.c |   21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

Index: linux-2.6/drivers/md/dm-verity-target.c
===================================================================
--- linux-2.6.orig/drivers/md/dm-verity-target.c	2025-02-10 16:24:56.000000000 +0100
+++ linux-2.6/drivers/md/dm-verity-target.c	2025-02-10 17:43:50.000000000 +0100
@@ -324,8 +324,22 @@ static int verity_verify_level(struct dm
 						&buf, bio->bi_ioprio);
 	}
 
-	if (IS_ERR(data))
-		return PTR_ERR(data);
+	if (IS_ERR(data)) {
+		r = PTR_ERR(data);
+		data = dm_bufio_new(v->bufio, hash_block, &buf);
+		if (IS_ERR(data))
+			return r;
+		if (verity_fec_decode(v, io, DM_VERITY_BLOCK_TYPE_METADATA,
+				      hash_block, data) == 0) {
+			aux = dm_bufio_get_aux_data(buf);
+			aux->hash_verified = 1;
+			goto release_ok;
+		} else {
+			dm_bufio_release(buf);
+			dm_bufio_forget(v->bufio, hash_block);
+			return r;
+		}
+	}
 
 	aux = dm_bufio_get_aux_data(buf);
 
@@ -366,6 +380,7 @@ static int verity_verify_level(struct dm
 		}
 	}
 
+release_ok:
 	data += offset;
 	memcpy(want_digest, data, v->digest_size);
 	r = 0;
@@ -1761,7 +1776,7 @@ static struct target_type verity_target
 	.name		= "verity",
 /* Note: the LSMs depend on the singleton and immutable features */
 	.features	= DM_TARGET_SINGLETON | DM_TARGET_IMMUTABLE,
-	.version	= {1, 10, 0},
+	.version	= {1, 11, 0},
 	.module		= THIS_MODULE,
 	.ctr		= verity_ctr,
 	.dtr		= verity_dtr,

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ