From: Mikulas Patocka <mpatocka@redhat.com>
To: Milan Broz <gmazyland@gmail.com>
Cc: dm-devel@redhat.com, Mike Snitzer <msnitzer@redhat.com>,
"Alasdair G. Kergon" <agk@redhat.com>
Subject: Re: [PATCH] dm-crypt: Reject sector_size feature if device length is not aligned to it
Date: Mon, 2 Oct 2017 10:43:56 -0400 (EDT) [thread overview]
Message-ID: <alpine.LRH.2.02.1710021034380.2597@file01.intranet.prod.int.rdu2.redhat.com> (raw)
In-Reply-To: <b6c539ce-c841-a21c-1a2c-4ee93d826680@gmail.com>
On Sat, 30 Sep 2017, Milan Broz wrote:
> On 09/13/2017 03:45 PM, Milan Broz wrote:
> > If a crypt mapping uses optional sector_size feature, additional
> > restrictions to mapped device segment size must be applied in constructor,
> > otherwise the device activation will fail later.
>
> Hi,
>
> we had some discussion with Mikulas if this check should be better in generic DM code.
>
> I think that for this case it is not a good idea - dm-crypt can increase
> encryption sector size during load (it is stupid to do, but I see no reason why to block it).
> And then only constructor of the target itself know what is possible and what should be rejected.
The same argument also applies to verity, integrity and zoned target. I
think it should be tested in the generic dm code, not duplicated in these
targets.
Here I send a patch that checks invalid limits when the table is loaded
and aborts the table load ioctl with an error.
> Anyway, there is a short reproducer what this patch solves:
>
> Create simple mapping with 4096 encryption sector:
>
> # dmsetup create test --table "0 8 crypt cipher_null - 0 /dev/sdb 0 1 sector_size:4096"
>
> Now load new unaligned-length table (this should fail!)
> # dmsetup load test --table "0 9 crypt cipher_null - 0 /dev/sdb 0 1 sector_size:4096"
>
> Inactive table is apparently accepted:
> # dmsetup table --inactive
> test: 0 9 crypt cipher_null 0 0 8:16 0 1 sector_size:4096
>
> And now, resume fails, keeping the device in suspended state afterward:
>
> # dmsetup resume test
> device-mapper: resume ioctl on test failed: Invalid argument
> Command failed
> kernel: device-mapper: table: 254:0: len=9 not aligned to h/w logical block size 4096 of sdb
BTW. if you resume it twice, it will continue working with the old table.
> # dmsetup info -c
> Name Maj Min Stat Open Targ Event UUID
> test 254 0 L-sw 0 1 0
>
> With the patch applied, the load step correctly fails:
> # dmsetup load test --table "0 9 crypt cipher_null - 0 /dev/sdb 0 1 sector_size:4096"
> device-mapper: reload ioctl on test failed: Invalid argument
> kernel: device-mapper: table: 254:0: crypt: Device size is not multiple of sector_size feature
>
> Please consider this for 4.14 (and stable 4.12+ perhaps).
>
> Thanks,
> Milan
From: Mikulas Patocka <mpatocka@redhat.com>
Subject: dm: check invalid limits when table is created
Device mapper checks invalid limits when resuming a device and swapping a
table, however it may be too late becuase it makes the resume ioctl fail.
This patch checks the limits when a table is loaded, so that the table
load ioctl will fail.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
---
drivers/md/dm-ioctl.c | 5 +++++
1 file changed, 5 insertions(+)
Index: linux-2.6/drivers/md/dm-ioctl.c
===================================================================
--- linux-2.6.orig/drivers/md/dm-ioctl.c
+++ linux-2.6/drivers/md/dm-ioctl.c
@@ -1308,6 +1308,7 @@ static int table_load(struct file *filp,
struct dm_table *t, *old_map = NULL;
struct mapped_device *md;
struct target_type *immutable_target_type;
+ struct queue_limits dummy_limits;
md = find_device(param);
if (!md)
@@ -1349,6 +1350,10 @@ static int table_load(struct file *filp,
goto err_unlock_md_type;
}
+ r = dm_calculate_queue_limits(t, &dummy_limits);
+ if (r)
+ goto err_unlock_md_type;
+
dm_unlock_md_type(md);
/* stage inactive table */
next prev parent reply other threads:[~2017-10-02 14:43 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-13 13:45 [PATCH] dm-crypt: Reject sector_size feature if device length is not aligned to it Milan Broz
2017-09-30 18:31 ` Milan Broz
2017-10-02 14:43 ` Mikulas Patocka [this message]
2017-10-03 6:27 ` Milan Broz
2017-10-03 12:05 ` Alasdair G Kergon
2017-10-03 18:08 ` Mike Snitzer
2017-10-03 19:09 ` Alasdair G Kergon
2017-10-03 20:08 ` Mikulas Patocka
2017-10-03 20:33 ` Milan Broz
2017-10-03 21:18 ` Mike Snitzer
2017-10-04 6:45 ` Milan Broz
2017-10-04 15:05 ` Mike Snitzer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LRH.2.02.1710021034380.2597@file01.intranet.prod.int.rdu2.redhat.com \
--to=mpatocka@redhat.com \
--cc=agk@redhat.com \
--cc=dm-devel@redhat.com \
--cc=gmazyland@gmail.com \
--cc=msnitzer@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.