Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v3.2.56 2013-03-20T15:03:20Z 2013-03-20T15:03:20Z Mikulas Patocka mpatocka@redhat.com 2013-03-01T22:45:44Z urn:sha1:4c8e681cfb1ce38e5c335ea943acc19be49bb302 commit fd7c092e711ebab55b2688d3859d95dfd0301f73 upstream. Avoid returning a truncated table or status string instead of setting the DM_BUFFER_FULL_FLAG when the last target of a table fills the buffer. When processing a table or status request, the function retrieve_status calls ti->type->status. If ti->type->status returns non-zero, retrieve_status assumes that the buffer overflowed and sets DM_BUFFER_FULL_FLAG. However, targets don't return non-zero values from their status method on overflow. Most targets returns always zero. If a buffer overflow happens in a target that is not the last in the table, it gets noticed during the next iteration of the loop in retrieve_status; but if a buffer overflow happens in the last target, it goes unnoticed and erroneously truncated data is returned. In the current code, the targets behave in the following way: * dm-crypt returns -ENOMEM if there is not enough space to store the key, but it returns 0 on all other overflows. * dm-thin returns errors from the status method if a disk error happened. This is incorrect because retrieve_status doesn't check the error code, it assumes that all non-zero values mean buffer overflow. * all the other targets always return 0. This patch changes the ti->type->status function to return void (because most targets don't use the return code). Overflow is detected in retrieve_status: if the status method fills up the remaining space completely, it is assumed that buffer overflow happened. Signed-off-by: Mikulas Patocka <mpatocka@redhat.com> Signed-off-by: Alasdair G Kergon <agk@redhat.com> [bwh: Backported to 3.2: - Adjust context - dm_status_fn doesn't take a status_flags parameter - Bump the last component of each current version (verified not to match any version used in mainline) - Drop changes to dm-verity] Signed-off-by: Ben Hutchings <ben@decadent.org.uk> 2012-04-02T16:53:05Z Mikulas Patocka mpatocka@redhat.com 2012-03-28T17:41:22Z urn:sha1:33eb514c949a81198867cebfd34153f98d308b79 commit 72c6e7afc43e19f68a31dea204fc366624d6eee9 upstream. Always set io->error to -EIO when an error is detected in dm-crypt. There were cases where an error code would be set only if we finish processing the last sector. If there were other encryption operations in flight, the error would be ignored and bio would be returned with success as if no error happened. This bug is present in kcryptd_crypt_write_convert, kcryptd_crypt_read_convert and kcryptd_async_done. Signed-off-by: Mikulas Patocka <mpatocka@redhat.com> Reviewed-by: Milan Broz <mbroz@redhat.com> Signed-off-by: Alasdair G Kergon <agk@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2012-04-02T16:53:05Z Mikulas Patocka mpatocka@redhat.com 2012-03-28T17:41:22Z urn:sha1:16c69b101a905588160514815f6285be4547f998 commit aeb2deae2660a1773c83d3c6e9e6575daa3855d6 upstream. This patch fixes a possible deadlock in dm-crypt's mempool use. Currently, dm-crypt reserves a mempool of MIN_BIO_PAGES reserved pages. It allocates first MIN_BIO_PAGES with non-failing allocation (the allocation cannot fail and waits until the mempool is refilled). Further pages are allocated with different gfp flags that allow failing. Because allocations may be done in parallel, this code can deadlock. Example: There are two processes, each tries to allocate MIN_BIO_PAGES and the processes run simultaneously. It may end up in a situation where each process allocates (MIN_BIO_PAGES / 2) pages. The mempool is exhausted. Each process waits for more pages to be freed to the mempool, which never happens. To avoid this deadlock scenario, this patch changes the code so that only the first page is allocated with non-failing gfp mask. Allocation of further pages may fail. Signed-off-by: Mikulas Patocka <mpatocka@redhat.com> Signed-off-by: Milan Broz <mbroz@redhat.com> Signed-off-by: Alasdair G Kergon <agk@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2011-09-25T22:26:21Z Milan Broz mbroz@redhat.com 2011-09-25T22:26:21Z urn:sha1:983c7db347db8ce2d8453fd1d89b7a4bb6920d56 If optional discard support in dm-crypt is enabled, discards requests bypass the crypt queue and blocks of the underlying device are discarded. For the read path, discarded blocks are handled the same as normal ciphertext blocks, thus decrypted. So if the underlying device announces discarded regions return zeroes, dm-crypt must disable this flag because after decryption there is just random noise instead of zeroes. Signed-off-by: Milan Broz <mbroz@redhat.com> Signed-off-by: Alasdair G Kergon <agk@redhat.com> 2011-08-02T11:32:08Z Milan Broz mbroz@redhat.com 2011-08-02T11:32:08Z urn:sha1:772ae5f54d69c38a5e3c4352c5fdbdaff141af21 Add optional parameter field to dmcrypt table and support "allow_discards" option. Discard requests bypass crypt queue processing. Bio is simple remapped to underlying device. Note that discard will be never enabled by default because of security consequences. It is up to the administrator to enable it for encrypted devices. (Note that userspace cryptsetup does not understand new optional parameters yet. Support for this will come later. Until then, you should use 'dmsetup' to enable and disable this.) Signed-off-by: Milan Broz <mbroz@redhat.com> Signed-off-by: Alasdair G Kergon <agk@redhat.com> 2011-08-02T11:32:04Z Mike Snitzer snitzer@redhat.com 2011-08-02T11:32:04Z urn:sha1:498f0103ea13123e007660def9072a0b7dd1c599 Move multipath target argument parsing code into dm-table so other targets can share it. Signed-off-by: Mike Snitzer <snitzer@redhat.com> Signed-off-by: Alasdair G Kergon <agk@redhat.com> 2011-08-02T11:32:01Z Alasdair G Kergon agk@redhat.com 2011-08-02T11:32:01Z urn:sha1:283a8328ca5b987e547848de8ff0e28edcfb9e08 Suppress sparse warnings about cpu_to_le32() by using __le32 types for on-disk data etc. Signed-off-by: Alasdair G Kergon <agk@redhat.com> 2011-07-26T23:49:47Z Arun Sharma asharma@fb.com 2011-07-26T23:09:06Z urn:sha1:60063497a95e716c9a689af3be2687d261f115b4 This allows us to move duplicated code in <asm/atomic.h> (atomic_inc_not_zero() for now) to <linux/atomic.h> Signed-off-by: Arun Sharma <asharma@fb.com> Reviewed-by: Eric Dumazet <eric.dumazet@gmail.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: David Miller <davem@davemloft.net> Cc: Eric Dumazet <eric.dumazet@gmail.com> Acked-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2011-03-26T03:51:44Z Linus Torvalds torvalds@linux-foundation.org 2011-03-26T03:51:44Z urn:sha1:44bbd7ac2658eb1118342493026ef141e259b739 * git://git.kernel.org/pub/scm/linux/kernel/git/agk/linux-2.6-dm: dm stripe: implement merge method dm mpath: allow table load with no priority groups dm mpath: fail message ioctl if specified path is not valid dm ioctl: add flag to wipe buffers for secure data dm ioctl: prepare for crypt key wiping dm crypt: wipe keys string immediately after key is set dm: add flakey target dm: fix opening log and cow devices for read only tables 2011-03-24T13:54:27Z Milan Broz mbroz@redhat.com 2011-03-24T13:54:27Z urn:sha1:de8be5ac70f50a2340f24fd769a1aafa5a51ae34 Always wipe the original copy of the key after processing it in crypt_set_key(). Signed-off-by: Milan Broz <mbroz@redhat.com> Acked-by: Mike Snitzer <snitzer@redhat.com> Signed-off-by: Alasdair G Kergon <agk@redhat.com>