iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/drivers/md
History
Mikulas Patocka 7f84c93722 dm integrity: fix memory corruption when tag_size is less than digest size 
commit 08c1af8f1c13bbf210f1760132f4df24d0ed46d6 upstream.

It is possible to set up dm-integrity in such a way that the
"tag_size" parameter is less than the actual digest size. In this
situation, a part of the digest beyond tag_size is ignored.

In this case, dm-integrity would write beyond the end of the
ic->recalc_tags array and corrupt memory. The corruption happened in
integrity_recalc->integrity_sector_checksum->crypto_shash_final.

Fix this corruption by increasing the tags array so that it has enough
padding at the end to accomodate the loop in integrity_recalc() being
able to write a full digest size for the last member of the tags
array.

Cc: stable@vger.kernel.org # v4.19+
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-04-20 09:19:39 +02:00
..
bcache
bcache: add proper error unwinding in bcache_device_init
2021-09-15 09:47:27 +02:00
persistent-data
dm space map common: add bounds check to sm_ll_lookup_bitmap()
2022-01-27 09:19:46 +01:00
dm-bio-prison-v1.c
dm-bio-prison-v1.h
dm-bio-prison-v2.c
dm-bio-prison-v2.h
dm-bio-record.h
dm bio record: save/restore bi_end_io and bi_integrity
2020-03-25 08:25:48 +01:00
dm-bufio.c
dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size
2021-03-09 11:09:37 +01:00
dm-builtin.c
dm-cache-background-tracker.c
dm-cache-background-tracker.h
dm-cache-block-types.h
dm-cache-metadata.c
dm cache metadata: Avoid returning cmd->bm wild pointer on error
2020-09-09 19:12:35 +02:00
dm-cache-metadata.h
dm-cache-policy-internal.h
dm-cache-policy-smq.c
dm: remove unnecessary unlikely() around WARN_ON_ONCE()
2018-10-16 14:34:59 -04:00
dm-cache-policy.c
dm-cache-policy.h
dm-cache-target.c
dm cache: fix a crash due to incorrect work item cancelling
2020-03-12 13:00:23 +01:00
dm-clone-metadata.c
dm clone: Fix handling of partial region discards
2020-04-17 10:50:24 +02:00
dm-clone-metadata.h
dm clone: replace spin_lock_irqsave with spin_lock_irq
2020-04-17 10:50:23 +02:00
dm-clone-target.c
dm clone: Add missing casts to prevent overflows and data corruption
2020-04-17 10:50:24 +02:00
dm-core.h
dm: fix deadlock when swapping to encrypted device
2021-03-04 10:26:51 +01:00
dm-crypt.c
dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
2022-04-15 14:18:13 +02:00
dm-delay.c
dm delay: fix a crash when invalid device is specified
2019-04-26 11:29:32 -04:00
dm-dust.c
dm dust: use dust block size for badblocklist index
2019-08-21 11:27:17 -04:00
dm-era-target.c
dm era: Update in-core bitset after committing the metadata
2021-03-04 10:26:53 +01:00
dm-exception-store.c
dm-exception-store.h
- Improve DM snapshot target's scalability by using finer grained
2019-05-16 15:55:48 -07:00
dm-flakey.c
block: Kill gfp_t argument of blkdev_report_zones()
2019-07-11 20:04:37 -06:00
dm-init.c
docs: device-mapper: move it to the admin-guide
2019-07-15 11:03:01 -03:00
dm-integrity.c
dm integrity: fix memory corruption when tag_size is less than digest size
2022-04-20 09:19:39 +02:00
dm-io.c
dm-ioctl.c
dm ioctl: prevent potential spectre v1 gadget
2022-04-15 14:18:33 +02:00
dm-kcopyd.c
dm kcopyd: always complete failed jobs
2019-08-15 15:57:39 -04:00
dm-linear.c
block: Kill gfp_t argument of blkdev_report_zones()
2019-07-11 20:04:37 -06:00
dm-log-userspace-base.c
dm-log-userspace-transfer.c
dm-log-userspace-transfer.h
dm-log-writes.c
dm log writes: fix incorrect comment about the logged sequence example
2019-07-09 14:13:33 -04:00
dm-log.c
dm-mpath.c
dm mpath: fix racey management of PG initialization
2020-09-09 19:12:35 +02:00
dm-mpath.h
dm-path-selector.c
dm-path-selector.h
dm-queue-length.c
dm-raid1.c
dm raid1: use struct_size() with kzalloc()
2019-08-26 11:05:32 -04:00
dm-raid.c
dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences
2021-05-11 14:04:15 +02:00
dm-region-hash.c
dm-round-robin.c
dm-rq.c
dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails
2021-05-11 14:04:18 +02:00
dm-rq.h
dm: remove unused _rq_tio_cache and _rq_cache
2019-03-05 14:48:50 -05:00
dm-service-time.c
dm-snap-persistent.c
block: fix an integer overflow in logical block size
2020-01-23 08:22:32 +01:00
dm-snap-transient.c
dm-snap.c
dm snapshot: properly fix a crash when an origin has no snapshots
2021-06-03 08:59:02 +02:00
dm-stats.c
dm stats: use struct_size() helper
2019-09-04 09:39:22 -04:00
dm-stats.h
dm-stripe.c
dm-switch.c
dm switch: use struct_size() in kzalloc()
2019-03-05 14:48:51 -05:00
dm-sysfs.c
dm: remove legacy request-based IO path
2018-10-11 11:36:09 -04:00
dm-table.c
dm table: fix zoned iterate_devices based device capability checks
2021-03-11 14:06:49 +01:00
dm-target.c
dm mpath: fix missing call of path selector type->end_io
2019-04-25 15:38:52 -04:00
dm-thin-metadata.c
dm thin metadata: Fix use-after-free in dm_bm_set_read_only
2020-09-09 19:12:36 +02:00
dm-thin-metadata.h
dm thin metadata: Add support for a pre-commit callback
2019-12-21 11:05:01 +01:00
dm-thin.c
dm thin: don't allow changing data device during thin-pool reload
2020-02-24 08:36:49 +01:00
dm-uevent.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
2019-05-30 11:26:35 -07:00
dm-uevent.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
2019-05-30 11:26:35 -07:00
dm-unstripe.c
dm: Check for device sector overflow if CONFIG_LBDAF is not set
2018-12-18 09:02:26 -05:00
dm-verity-fec.c
dm verity fec: fix misaligned RS roots IO
2021-04-21 12:56:15 +02:00
dm-verity-fec.h
dm verity fec: fix misaligned RS roots IO
2021-04-21 12:56:15 +02:00
dm-verity-target.c
dm verity: fix DM_VERITY_OPTS_MAX value
2021-03-30 14:35:24 +02:00
dm-verity-verify-sig.c
dm verity: fix require_signatures module_param permissions
2021-06-16 11:59:37 +02:00
dm-verity-verify-sig.h
dm verity: add root hash pkcs#7 signature verification
2019-08-23 10:13:14 -04:00
dm-verity.h
dm verity: add root hash pkcs#7 signature verification
2019-08-23 10:13:14 -04:00
dm-writecache.c
dm writecache: return the exact table values that were set
2021-07-25 14:35:14 +02:00
dm-zero.c
dm-zoned-metadata.c
dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone
2020-06-24 17:50:31 +02:00
dm-zoned-reclaim.c
dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone
2020-06-24 17:50:31 +02:00
dm-zoned-target.c
dm zoned: assign max_io_len correctly
2020-07-09 09:37:57 +02:00
dm-zoned.h
dm zoned: reduce overhead of backing device checks
2019-12-17 19:56:12 +01:00
dm.c
dm table: fix DAX iterate_devices based device capability checks
2021-03-11 14:06:49 +01:00
dm.h
dm table: fix DAX iterate_devices based device capability checks
2021-03-11 14:06:49 +01:00
Kconfig
dm integrity: select CRYPTO_SKCIPHER
2021-01-27 11:47:42 +01:00
Makefile
dm: add clone target
2019-09-12 09:32:31 -04:00
md-bitmap.c
md/bitmap: wait for external bitmap writes to complete during tear down
2021-05-14 09:44:12 +02:00
md-bitmap.h
md-cluster.c
md/cluster: fix deadlock when node is doing resync job
2020-12-30 11:51:45 +01:00
md-cluster.h
md-cluster: introduce resync_info_get interface for sanity check
2018-10-18 09:36:35 -07:00
md-faulty.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 47
2019-05-24 17:27:13 +02:00
md-linear.c
md: improve handling of bio with REQ_PREFLUSH in md_flush_request()
2019-12-17 19:56:14 +01:00
md-linear.h
md-multipath.c
md: improve handling of bio with REQ_PREFLUSH in md_flush_request()
2019-12-17 19:56:14 +01:00
md-multipath.h
md.c
md: fix a lock order reversal in md_alloc
2021-09-30 10:09:24 +02:00
md.h
md: improve handling of bio with REQ_PREFLUSH in md_flush_request()
2019-12-17 19:56:14 +01:00
raid0.c
block: fix an integer overflow in logical block size
2020-01-23 08:22:32 +01:00
raid0.h
md/raid0: avoid RAID0 data corruption due to layout confusion.
2019-09-13 13:10:05 -07:00
raid1-10.c
md: raid1-10: Unify r{1,10}bio_pool_free
2019-06-15 01:37:35 -06:00
raid1.c
md/raid10: properly indicate failure when ending a failed write request
2021-08-12 13:21:03 +02:00
raid1.h
raid5-cache.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 288
2019-06-05 17:36:37 +02:00
raid5-log.h
raid5: set write hint for PPL
2019-03-12 10:15:18 -07:00
raid5-ppl.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 288
2019-06-05 17:36:37 +02:00
raid5.c
md/raid5: fix oops during stripe resizing
2020-11-05 11:43:22 +01:00
raid5.h
raid5: use bio_end_sector in r5_next_bio
2019-09-13 13:14:43 -07:00
raid10.c
md/raid10: properly indicate failure when ending a failed write request
2021-08-12 13:21:03 +02:00
raid10.h