dm verity: fix biovecs hash calculation regression
Commit 003b5c5719
("block: Convert drivers
to immutable biovecs") incorrectly converted biovec iteration in
dm-verity to always calculate the hash from a full biovec, but the
function only needs to calculate the hash from part of the biovec (up to
the calculated "todo" value).
Fix this issue by limiting hash input to only the requested data size.
This problem was identified using the cryptsetup regression test for
veritysetup (verity-compat-test).
Signed-off-by: Milan Broz <gmazyland@gmail.com>
Acked-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Cc: stable@vger.kernel.org # 3.14+
This commit is contained in:
parent
b10ebd34cc
commit
3a7745215e
|
@ -330,15 +330,17 @@ static int verity_verify_io(struct dm_verity_io *io)
|
|||
return r;
|
||||
}
|
||||
}
|
||||
|
||||
todo = 1 << v->data_dev_block_bits;
|
||||
while (io->iter.bi_size) {
|
||||
do {
|
||||
u8 *page;
|
||||
unsigned len;
|
||||
struct bio_vec bv = bio_iter_iovec(bio, io->iter);
|
||||
|
||||
page = kmap_atomic(bv.bv_page);
|
||||
r = crypto_shash_update(desc, page + bv.bv_offset,
|
||||
bv.bv_len);
|
||||
len = bv.bv_len;
|
||||
if (likely(len >= todo))
|
||||
len = todo;
|
||||
r = crypto_shash_update(desc, page + bv.bv_offset, len);
|
||||
kunmap_atomic(page);
|
||||
|
||||
if (r < 0) {
|
||||
|
@ -346,8 +348,9 @@ static int verity_verify_io(struct dm_verity_io *io)
|
|||
return r;
|
||||
}
|
||||
|
||||
bio_advance_iter(bio, &io->iter, bv.bv_len);
|
||||
}
|
||||
bio_advance_iter(bio, &io->iter, len);
|
||||
todo -= len;
|
||||
} while (todo);
|
||||
|
||||
if (!v->version) {
|
||||
r = crypto_shash_update(desc, v->salt, v->salt_size);
|
||||
|
|
Loading…
Reference in New Issue