mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-16 10:17:32 +00:00
dm: verity-loadpin: Only trust verity targets with enforcement
commit 916ef6232cc4b84db7082b4c3d3cf1753d9462ba upstream. Verity targets can be configured to ignore corrupted data blocks. LoadPin must only trust verity targets that are configured to perform some kind of enforcement when data corruption is detected, like returning an error, restarting the system or triggering a panic. Fixes: b6c1c5745ccc ("dm: Add verity helpers for LoadPin") Reported-by: Sarthak Kukreti <sarthakkukreti@chromium.org> Signed-off-by: Matthias Kaehlcke <mka@chromium.org> Reviewed-by: Sarthak Kukreti <sarthakkukreti@chromium.org> Cc: stable@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220907133055.1.Ic8a1dafe960dc0f8302e189642bc88ebb785d274@changeid Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
847af66bb0
commit
cb1f5b76e3
@ -14,6 +14,7 @@ LIST_HEAD(dm_verity_loadpin_trusted_root_digests);
|
||||
|
||||
static bool is_trusted_verity_target(struct dm_target *ti)
|
||||
{
|
||||
int verity_mode;
|
||||
u8 *root_digest;
|
||||
unsigned int digest_size;
|
||||
struct dm_verity_loadpin_trusted_root_digest *trd;
|
||||
@ -22,6 +23,13 @@ static bool is_trusted_verity_target(struct dm_target *ti)
|
||||
if (!dm_is_verity_target(ti))
|
||||
return false;
|
||||
|
||||
verity_mode = dm_verity_get_mode(ti);
|
||||
|
||||
if ((verity_mode != DM_VERITY_MODE_EIO) &&
|
||||
(verity_mode != DM_VERITY_MODE_RESTART) &&
|
||||
(verity_mode != DM_VERITY_MODE_PANIC))
|
||||
return false;
|
||||
|
||||
if (dm_verity_get_root_digest(ti, &root_digest, &digest_size))
|
||||
return false;
|
||||
|
||||
|
@ -1446,6 +1446,22 @@ bool dm_is_verity_target(struct dm_target *ti)
|
||||
return ti->type->module == THIS_MODULE;
|
||||
}
|
||||
|
||||
/*
|
||||
* Get the verity mode (error behavior) of a verity target.
|
||||
*
|
||||
* Returns the verity mode of the target, or -EINVAL if 'ti' is not a verity
|
||||
* target.
|
||||
*/
|
||||
int dm_verity_get_mode(struct dm_target *ti)
|
||||
{
|
||||
struct dm_verity *v = ti->private;
|
||||
|
||||
if (!dm_is_verity_target(ti))
|
||||
return -EINVAL;
|
||||
|
||||
return v->mode;
|
||||
}
|
||||
|
||||
/*
|
||||
* Get the root digest of a verity target.
|
||||
*
|
||||
|
@ -134,6 +134,7 @@ extern int verity_hash_for_block(struct dm_verity *v, struct dm_verity_io *io,
|
||||
sector_t block, u8 *digest, bool *is_zero);
|
||||
|
||||
extern bool dm_is_verity_target(struct dm_target *ti);
|
||||
extern int dm_verity_get_mode(struct dm_target *ti);
|
||||
extern int dm_verity_get_root_digest(struct dm_target *ti, u8 **root_digest,
|
||||
unsigned int *digest_size);
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user