The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to stable@vger.kernel.org.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From e4b069e0945fa14c71cf8b5b89f8b1b2aa68dbc2 Mon Sep 17 00:00:00 2001
From: Mikulas Patocka mpatocka@redhat.com Date: Wed, 22 Aug 2018 12:45:51 -0400 Subject: [PATCH] dm verity: fix crash on bufio buffer that was allocated with vmalloc
Since commit d1ac3ff008fb ("dm verity: switch to using asynchronous hash crypto API") dm-verity uses asynchronous crypto calls for verification, so that it can use hardware with asynchronous processing of crypto operations.
These asynchronous calls don't support vmalloc memory, but the buffer data can be allocated with vmalloc if dm-bufio is short of memory and uses a reserved buffer that was preallocated in dm_bufio_client_create().
Fix verity_hash_update() so that it deals with vmalloc'd memory correctly.
Reported-by: "Xiao, Jin" jin.xiao@intel.com Signed-off-by: Mikulas Patocka mpatocka@redhat.com Fixes: d1ac3ff008fb ("dm verity: switch to using asynchronous hash crypto API") Cc: stable@vger.kernel.org # 4.12+ Signed-off-by: Mike Snitzer snitzer@redhat.com
diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c index 12decdbd722d..fc65f0dedf7f 100644 --- a/drivers/md/dm-verity-target.c +++ b/drivers/md/dm-verity-target.c @@ -99,10 +99,26 @@ static int verity_hash_update(struct dm_verity *v, struct ahash_request *req, { struct scatterlist sg;
- sg_init_one(&sg, data, len); - ahash_request_set_crypt(req, &sg, NULL, len); - - return crypto_wait_req(crypto_ahash_update(req), wait); + if (likely(!is_vmalloc_addr(data))) { + sg_init_one(&sg, data, len); + ahash_request_set_crypt(req, &sg, NULL, len); + return crypto_wait_req(crypto_ahash_update(req), wait); + } else { + do { + int r; + size_t this_step = min_t(size_t, len, PAGE_SIZE - offset_in_page(data)); + flush_kernel_vmap_range((void *)data, this_step); + sg_init_table(&sg, 1); + sg_set_page(&sg, vmalloc_to_page(data), this_step, offset_in_page(data)); + ahash_request_set_crypt(req, &sg, NULL, this_step); + r = crypto_wait_req(crypto_ahash_update(req), wait); + if (unlikely(r)) + return r; + data += this_step; + len -= this_step; + } while (len); + return 0; + } }
/*
Hi Greg,
On Sun, Sep 23, 2018 at 09:17:16PM +0200, gregkh@linuxfoundation.org wrote:
The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to stable@vger.kernel.org.
The attached backported patch will apply to 4.14-stable tree. But I will want to for an ack.
-- Regards Sudip
On Sun, 23 Dec 2018, Sudip Mukherjee wrote:
Hi Greg,
On Sun, Sep 23, 2018 at 09:17:16PM +0200, gregkh@linuxfoundation.org wrote:
The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to stable@vger.kernel.org.
The attached backported patch will apply to 4.14-stable tree. But I will want to for an ack.
-- Regards Sudip
The patch looks correct.
Acked-by: Mikulas Patocka mpatocka@redhat.com
Mikulas
On Wed, Jan 02, 2019 at 11:04:23AM -0500, Mikulas Patocka wrote:
On Sun, 23 Dec 2018, Sudip Mukherjee wrote:
Hi Greg,
On Sun, Sep 23, 2018 at 09:17:16PM +0200, gregkh@linuxfoundation.org wrote:
The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to stable@vger.kernel.org.
The attached backported patch will apply to 4.14-stable tree. But I will want to for an ack.
-- Regards Sudip
The patch looks correct.
Acked-by: Mikulas Patocka mpatocka@redhat.com
Thanks, now queued up.
greg k-h
linux-stable-mirror@lists.linaro.org