Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp2472391imd; Fri, 2 Nov 2018 12:01:22 -0700 (PDT) X-Google-Smtp-Source: AJdET5dCKlQ63qAQPRM0o6D9e1BaliOs+qa+tjyIlhajB8TSCQhSrdmFYEM+SFgrmqNmur2qUOCj X-Received: by 2002:a62:43cd:: with SMTP id l74-v6mr13250352pfi.240.1541185282294; Fri, 02 Nov 2018 12:01:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1541185282; cv=none; d=google.com; s=arc-20160816; b=KZEuvdHJ3FDYuFPVWSA13CB+9haNmaUyB6sKT7DBeUTtxM91iJUGnZgXZNk2ZtP+hS ULYQJV/HQ6ekrjCcwnkEKEqv+Oal7eLiQzC0nmcup1PqzUvpMhi3PIe2Sg++QncZavpQ BJZBCDXljBtMnQLz0GlMQR+0BMMfIOaxVQ1vohGun5BaY+JHlc2naOC7KxYU/0NAtdJB Q8WwTl10hUYmVkP21NlVcNRdfcTQ46xSITJxf6dNSyda/DqSfzUbfeqCYs95HWBfGMNk 0K+vU3ONL5+4uNh76htSatYvxmyiw2RbpT8VYdCsxefg1bWXksijg+rcnQGJLoEmrW1n fvjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=GnlY5kHxgp+F+5E/bwE+KU/MQv15A7zPwU/PqfddOPQ=; b=rcLxz/pcc0EQ6qu/HxFEOkshrFyo+84oLm4ySDGskDneVvcgksuinASR9hhvOjUgHd VM1DEHvZfsYC9CsDhO/2pZ0w0P0iE9FmxyVGVlJzGMv4Y6IRyBoR2DZP7Lo9wdywLhSt MWNDzIFjCRcnkRaALyp4l5lBS79ZftABi2lQXwKUrGN4qJXqYrwUvT4Js739dnELAEnk DXuFJian4payFlcnxy19+Guj0dCg0kfJtF7tsVNM9FfG+FXJGuU042tcuxFhwMBjBKnN NtHQ3PxqWiy17O8d9M5x8n1DXO60Zt0KDu4YGS/7ucp3D2X2HdIetZracResJtP2iDyu 86OQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="ojs4+2V/"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y2-v6si34943343pgc.430.2018.11.02.12.01.07; Fri, 02 Nov 2018 12:01:22 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="ojs4+2V/"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730885AbeKCD7O (ORCPT + 99 others); Fri, 2 Nov 2018 23:59:14 -0400 Received: from mail.kernel.org ([198.145.29.99]:54972 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729339AbeKCD7N (ORCPT ); Fri, 2 Nov 2018 23:59:13 -0400 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 0E8942082D; Fri, 2 Nov 2018 18:50:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1541184658; bh=/98sbzyUNEKQweW3TiI439NWBuOUkUebtaGY+AvRrQc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ojs4+2V/5w+BXUf0QIWLDyjX7kGjRePNAOeI/OOZP1IvF3wM/eE8rU1kfOrem+212 sTtSOPG6o8yRrHGRsaZwyuaJeVLouVb7lxtDtcVyAbHrVGNuNWZPHGBU42qKS7OZhU srWLCqsWpR2nFFLGEC09vJ/BZM/2gGnVhb83zzwc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Milan Broz , Mike Snitzer , Sasha Levin Subject: [PATCH 4.14 062/143] dm integrity: fail early if required HMAC key is not available Date: Fri, 2 Nov 2018 19:34:07 +0100 Message-Id: <20181102182902.092522847@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181102182857.064326086@linuxfoundation.org> References: <20181102182857.064326086@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ [ Upstream commit e16b4f99f0f79682a7efe191a8ce694d87ca9fc8 ] Since crypto API commit 9fa68f62004 ("crypto: hash - prevent using keyed hashes without setting key") dm-integrity cannot use keyed algorithms without the key being set. The dm-integrity recognizes this too late (during use of HMAC), so it allows creation and formatting of superblock, but the device is in fact unusable. Fix it by detecting the key requirement in integrity table constructor. Signed-off-by: Milan Broz Signed-off-by: Mike Snitzer Signed-off-by: Sasha Levin --- drivers/md/dm-integrity.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c index 898286ed47a1..b10e4c5641ea 100644 --- a/drivers/md/dm-integrity.c +++ b/drivers/md/dm-integrity.c @@ -2547,6 +2547,9 @@ static int get_mac(struct crypto_shash **hash, struct alg_spec *a, char **error, *error = error_key; return r; } + } else if (crypto_shash_get_flags(*hash) & CRYPTO_TFM_NEED_KEY) { + *error = error_key; + return -ENOKEY; } } -- 2.17.1