LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Mike Snitzer <snitzer@redhat.com>
To: Patrik Torstensson <totte@google.com>,
	Eric Biggers <ebiggers@google.com>
Cc: gkaiser@google.com, linux-kernel@vger.kernel.org,
	dm-devel@redhat.com, samitolvanen@google.com,
	Alasdair Kergon <agk@redhat.com>,
	paulcrowley@google.com
Subject: Re: Add an option to dm-verity to validate hashes at most once
Date: Tue, 20 Mar 2018 15:36:43 -0400	[thread overview]
Message-ID: <20180320193643.GA11080@redhat.com> (raw)
In-Reply-To: <20180314190957.GB183724@google.com>

On Wed, Mar 14 2018 at  3:09pm -0400,
Eric Biggers <ebiggers@google.com> wrote:

> Hi Patrik,
> 
> On Tue, Mar 06, 2018 at 03:14:56PM -0800, Patrik Torstensson wrote:
> > Add an option to dm-verity to validate hashes at most once
> > to allow platforms that is CPU/memory contraint to be
> > protected by dm-verity against offline attacks.
> > 
> > The option introduces a bitset that is used to check if
> > a block has been validated before or not. A block can
> > be validated more than once as there is no thread protection
> > for the bitset.
> > 
> > This patch has been developed and tested on entry-level
> > Android Go devices.
> > 
> > Signed-off-by: Patrik Torstensson <totte@google.com>
> > ---
> >  drivers/md/dm-verity-target.c | 58 +++++++++++++++++++++++++++++++++--
> >  drivers/md/dm-verity.h        |  1 +
> >  2 files changed, 56 insertions(+), 3 deletions(-)
> 
> The new option needs to be documented in Documentation/device-mapper/verity.txt,
> including a description of what the option does as well as how it affects the
> security properties of dm-verity.  There should also be a mention of why the
> option applies to data blocks but not hash blocks, assuming that's intentional.
> 
> verity_status() also needs to be updated to show the new option, otherwise it
> will not be visible via the DM_TABLE_STATUS ioctl ('dmsetup table' on the
> command line).
> 
> Also the minor version number in the struct target_type needs to be incremented,
> so that userspace can determine whether the option is supported.
> 
> >  
> >  	for (b = 0; b < io->n_blocks; b++) {
> >  		int r;
> > +		sector_t cur_block = io->block + b;
> >  		struct ahash_request *req = verity_io_hash_req(v, io);
> >  
> > +		if (v->validated_blocks &&
> > +		    likely(test_bit(cur_block, v->validated_blocks))) {
> > +			verity_bv_skip_block(v, io, &io->iter);
> > +			continue;
> > +		}
> > +
> >  		r = verity_hash_for_block(v, io, io->block + b,
> 
> Can you replace 'io->block + b' with 'cur_block' here as well?

Patrik, any chance you could act on Eric's review feedback and post v2
of this patch (assuming you still have a need for it)?

Thanks,
Mike

      reply	other threads:[~2018-03-20 19:36 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-03-06 23:14 [PATCH] " Patrik Torstensson
2018-03-08 12:35 ` Milan Broz
2018-03-09 22:04   ` Patrik Torstensson
2018-03-14 19:09 ` Eric Biggers
2018-03-20 19:36   ` Mike Snitzer [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180320193643.GA11080@redhat.com \
    --to=snitzer@redhat.com \
    --cc=agk@redhat.com \
    --cc=dm-devel@redhat.com \
    --cc=ebiggers@google.com \
    --cc=gkaiser@google.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=paulcrowley@google.com \
    --cc=samitolvanen@google.com \
    --cc=totte@google.com \
    --subject='Re: Add an option to dm-verity to validate hashes at most once' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).