Received: by 2002:ac0:aa62:0:0:0:0:0 with SMTP id w31-v6csp1936799ima; Thu, 25 Oct 2018 07:16:35 -0700 (PDT) X-Google-Smtp-Source: AJdET5dF2XkBhnZI/wQ5eDUKBtyqIul6DKQ/F3NWbLDMgYGsgm+Tnm2BFOzKRqKwMtMCR649jPE/ X-Received: by 2002:a63:ac46:: with SMTP id z6mr1663044pgn.162.1540476995273; Thu, 25 Oct 2018 07:16:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540476995; cv=none; d=google.com; s=arc-20160816; b=0HjugjB1KH7TIvJ6wI3pulh900rCL1OAgD+81wl3gl8sqbQ+1pgb9ynE1C904vVJnw VSeh7nJBS6FoR1pfZ4SCLfVmmHzE3LvXNAOuehDZtM9EEbEkpQjWUg7d4mdoFnApURU/ rVO/GawrHSathnFyh4lmPJEZRykxgVxCWwbNDIy8lpAHM+l3WPT/FMg9s+5wREgYv/zF md3M2cVgzyQLfdAAEqHR3jZGoHn+LzliGTPUxizgeB+4pmNkZV1QITfShbVqD8T5XErv ODBjwm2v6SQARK6lU9b7nPrYgobisbETRl8YNPiF2GSNpkG1d7vLznNpjCq9MTgB0ZkT ntEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=1Z+RzLreDK+GVxIld18Eb9UBKzVDmluLN3/NcI763Xg=; b=fxsgI3mf9rUTbTa3EBwnfQjsyqYUxPk4eItI6i71UAfPHhZUOI8+hh1JEQ9j0bQ2rq P9chKoPIQwDcACB6aaWzju4dNbjDU1RmLMVF37oPUaUQGQcDg6cURAiOMdyQ2Chft6z6 ksx6/XstSS5wjK8TgYmI6+Ubtj9kYiorpsMd9jmNwnbD2AVcnQoq0cZDqjjiKctYP3mO 03p/yb5NaG9WODw2WDxYF1M/AD1shj3WceSrDuR6oXDQUNg1rx275RAc13b2s2KKZPSe j/6eLcq8UxUo5UhqdyKQLD1LnymvWNBsU5dD0RV3zLiBgrZ4z7oWShWFG8ABxy7EtyDR UFfw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=RORH4pWY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g13-v6si8134881pgk.21.2018.10.25.07.16.02; Thu, 25 Oct 2018 07:16:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=RORH4pWY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728000AbeJYWoJ (ORCPT + 99 others); Thu, 25 Oct 2018 18:44:09 -0400 Received: from mail.kernel.org ([198.145.29.99]:52748 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727877AbeJYWoI (ORCPT ); Thu, 25 Oct 2018 18:44:08 -0400 Received: from sasha-vm.mshome.net (unknown [167.98.65.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A5C872054F; Thu, 25 Oct 2018 14:11:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1540476673; bh=JHt2FEyUHhx4buYNYjus5OpLvd5xdvNhhG9N71hSCB4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RORH4pWYTwzQ43dqub+E+Y3ZKYxJaPNCQGIOqtBhQdOgj/7/GMuZxglAs4NbsZ+LD XHOQ3TRdDMi83P50SgliC1+j+/jjDNI7VR02tRx3C/jJXT22U6fNiuvNuPUOUaYGGG mFrz7XZBayV8BbAmvAwRa/Fj4dtlSTZWYO53uqUg= From: Sasha Levin To: stable@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Milan Broz , Mike Snitzer , Sasha Levin Subject: [PATCH AUTOSEL 4.14 13/46] dm integrity: fail early if required HMAC key is not available Date: Thu, 25 Oct 2018 10:10:20 -0400 Message-Id: <20181025141053.213330-13-sashal@kernel.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181025141053.213330-1-sashal@kernel.org> References: <20181025141053.213330-1-sashal@kernel.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Milan Broz [ Upstream commit e16b4f99f0f79682a7efe191a8ce694d87ca9fc8 ] Since crypto API commit 9fa68f62004 ("crypto: hash - prevent using keyed hashes without setting key") dm-integrity cannot use keyed algorithms without the key being set. The dm-integrity recognizes this too late (during use of HMAC), so it allows creation and formatting of superblock, but the device is in fact unusable. Fix it by detecting the key requirement in integrity table constructor. Signed-off-by: Milan Broz Signed-off-by: Mike Snitzer Signed-off-by: Sasha Levin --- drivers/md/dm-integrity.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c index 898286ed47a1..b10e4c5641ea 100644 --- a/drivers/md/dm-integrity.c +++ b/drivers/md/dm-integrity.c @@ -2547,6 +2547,9 @@ static int get_mac(struct crypto_shash **hash, struct alg_spec *a, char **error, *error = error_key; return r; } + } else if (crypto_shash_get_flags(*hash) & CRYPTO_TFM_NEED_KEY) { + *error = error_key; + return -ENOKEY; } } -- 2.17.1