| Message ID | 1706654228-17180-13-git-send-email-wufan@linux.microsoft.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel+bounces-45415-ouuuleilei=gmail.com@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:7301:2087:b0:106:209c:c626 with SMTP id
gs7csp1539187dyb;
Tue, 30 Jan 2024 14:42:42 -0800 (PST)
X-Google-Smtp-Source:
AGHT+IHuKLgOcecxNnztdDui1BFmddje8tzPW+lIv+vM6FkCdLPzSXiUDHQtAOiw+TjdajQFgQkb
X-Received: by 2002:a05:620a:372a:b0:783:f683:e17c with SMTP id
de42-20020a05620a372a00b00783f683e17cmr7312102qkb.4.1706654562701;
Tue, 30 Jan 2024 14:42:42 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1706654562; cv=pass;
d=google.com; s=arc-20160816;
b=fTT1AwqfFY5qXVm7lms8I9b4M0Nqrf1viIitgsCWCChj9h+AJhQAGVfBAF35Kc1GAr
VgzWVfAATK57WIFvLgvizcRHopOcehLrjQ5XmKOxu/55myoqwRDJ8vlS90VqN4NMo1GA
sztdFOfpByrBn+4bdrhjYR935DLX6J3dfQVi2lK9BtA8T0/3kHbaxemr/s4J1qU/oLfX
wIFyF/L06UvojRQvd4OQJ0Dh0d7RL488kP+bj/cf03lRx1W0uFQ7gWrWYNCn5zKp5Aq1
nXK1cntwJ+L1sZ9/4teqigfuaCg2X9cPtT6FhMTxFhOd/b0wPsCeIVWd+C2hR8Ctz2aK
rnIA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-unsubscribe:list-subscribe:list-id:precedence:references
:in-reply-to:message-id:date:subject:cc:to:from:dkim-signature
:dkim-filter;
bh=Bn8u6PAyziVes0s1hsHk4jpq4JCxu5y2joWk5Bg0G+0=;
fh=OyVWwaN4k6amVBbLsUrv/LtzT4uXeXlIwg6oMI9yoyM=;
b=vQ+zAbiOC0fLaic5Oo7bLAV54ZtLLofDjOOuOp1KcfnNqv/HmRcJGjYbU/kg+Ja1t1
lBClPqRyICwQ0sUuTDg7/padJGnv/KVpg7op9PHPdzKDs1xOx3wuLUjrF87DkX+6grMd
1O1eSMRkwXGgfnBAJwt0qJ2t3JyBKB1Za6f63V8rj/tq+T2RnxnfDGiH0pcRQX3ljqaF
7wqRXey3LWWEWXi99Kg49iwHv428TB9DvN+7ZJSLeZAEJsqnAmtZ772GypDfss2dOIH0
hxuoIdSWtwC0sLVHbLCPaWYKAqpakQqDyOa7khfxoS2Y4Sv81nNL5VRu3azpt8Lp7fKY
M95g==
ARC-Authentication-Results: i=2; mx.google.com;
dkim=pass header.i=@linux.microsoft.com header.s=default
header.b=Rh9EW82U;
arc=pass (i=1 spf=pass spfdomain=linux.microsoft.com dkim=pass
dkdomain=linux.microsoft.com dmarc=pass fromdomain=linux.microsoft.com);
spf=pass (google.com: domain of
linux-kernel+bounces-45415-ouuuleilei=gmail.com@vger.kernel.org designates
147.75.199.223 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-45415-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223])
by mx.google.com with ESMTPS id
b4-20020a05620a088400b00783d8b62023si10428413qka.59.2024.01.30.14.42.42
for <ouuuleilei@gmail.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 30 Jan 2024 14:42:42 -0800 (PST)
Received-SPF: pass (google.com: domain of
linux-kernel+bounces-45415-ouuuleilei=gmail.com@vger.kernel.org designates
147.75.199.223 as permitted sender) client-ip=147.75.199.223;
Authentication-Results: mx.google.com;
dkim=pass header.i=@linux.microsoft.com header.s=default
header.b=Rh9EW82U;
arc=pass (i=1 spf=pass spfdomain=linux.microsoft.com dkim=pass
dkdomain=linux.microsoft.com dmarc=pass fromdomain=linux.microsoft.com);
spf=pass (google.com: domain of
linux-kernel+bounces-45415-ouuuleilei=gmail.com@vger.kernel.org designates
147.75.199.223 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-45415-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
[52.25.139.140])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ny.mirrors.kernel.org (Postfix) with ESMTPS id 678811C254DD
for <ouuuleilei@gmail.com>; Tue, 30 Jan 2024 22:42:42 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by smtp.subspace.kernel.org (Postfix) with ESMTP id A99C912B6B3;
Tue, 30 Jan 2024 22:37:40 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (1024-bit key) header.d=linux.microsoft.com
header.i=@linux.microsoft.com header.b="Rh9EW82U"
Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182])
by smtp.subspace.kernel.org (Postfix) with ESMTP id 6D0B512CD87;
Tue, 30 Jan 2024 22:37:26 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=none smtp.client-ip=13.77.154.182
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1706654250; cv=none;
b=ncXNAMheC9skD4JLf7ijxbhCVkaPmNmSk01UUH63fzP+rg+lTO86m1dfqaQMx2Z2bWdpotraF+VdmTqwxSWfryBWta576jjUgBqaM1HDlimsXmW/aSzZR9ZeTWZTdO3NiDsjil5jzTxseSTw2XKxAINsXz6qyESGRbTk2cRMMbY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1706654250; c=relaxed/simple;
bh=e+4lAQRk+1sqWv+mWddB1VL2xD4FFXo+2TSqecsvggQ=;
h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References;
b=kE7SLa9w5Vjgg+4HTPI24AnBM9cPfUvqHuHID7eMMxVC3YwMnWKfQlBx2Q1BG2/m6Y70iT7aUDXapZNdlfvndJneq00eTw7LVNGOYj1qGPExoBLXtHLbGfTYZerP1tTPDV8sKCnFDnAraOQH3ambwEpfGHEkf60kvefFZnk7mtc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
dmarc=pass (p=none dis=none) header.from=linux.microsoft.com;
spf=pass smtp.mailfrom=linux.microsoft.com;
dkim=pass (1024-bit key) header.d=linux.microsoft.com
header.i=@linux.microsoft.com header.b=Rh9EW82U;
arc=none smtp.client-ip=13.77.154.182
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=none dis=none) header.from=linux.microsoft.com
Authentication-Results: smtp.subspace.kernel.org;
spf=pass smtp.mailfrom=linux.microsoft.com
Received: by linux.microsoft.com (Postfix, from userid 1052)
id 9987720B2015; Tue, 30 Jan 2024 14:37:22 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 9987720B2015
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com;
s=default; t=1706654242;
bh=Bn8u6PAyziVes0s1hsHk4jpq4JCxu5y2joWk5Bg0G+0=;
h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
b=Rh9EW82UHPEc63gzo6A71jZ0RXefXsNEOrBrjIzHQOH6O3ROai3DR6IzwuFsQS52P
d4VHrYnGT+n1wBbLsv7kWO69RcAyb6EztZUaAOv5rjr2HGBB6y4cCyX8SHskPEzgSY
jtE6s7yVHZGWgBIbuhej61FM7JlaTjOKe10n4Bw0=
From: Fan Wu <wufan@linux.microsoft.com>
To: corbet@lwn.net,
zohar@linux.ibm.com,
jmorris@namei.org,
serge@hallyn.com,
tytso@mit.edu,
ebiggers@kernel.org,
axboe@kernel.dk,
agk@redhat.com,
snitzer@kernel.org,
eparis@redhat.com,
paul@paul-moore.com
Cc: linux-doc@vger.kernel.org,
linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-fscrypt@vger.kernel.org,
linux-block@vger.kernel.org,
dm-devel@lists.linux.dev,
audit@vger.kernel.org,
linux-kernel@vger.kernel.org,
Fan Wu <wufan@linux.microsoft.com>
Subject: [RFC PATCH v12 12/20] dm verity: set DM_TARGET_SINGLETON feature flag
Date: Tue, 30 Jan 2024 14:37:00 -0800
Message-Id: <1706654228-17180-13-git-send-email-wufan@linux.microsoft.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1706654228-17180-1-git-send-email-wufan@linux.microsoft.com>
References: <1706654228-17180-1-git-send-email-wufan@linux.microsoft.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1789557014364976760
X-GMAIL-MSGID: 1789557014364976760
|
| Series |
Integrity Policy Enforcement LSM (IPE)
|
|
Commit Message
Fan Wu
Jan. 30, 2024, 10:37 p.m. UTC
The device-mapper has a flag to mark targets as singleton, which is a
required flag for immutable targets. Without this flag, multiple
dm-verity targets can be added to a mapped device, which has no
practical use cases and will let dm_table_get_immutable_target return
NULL. This patch adds the missing flag, restricting only one
dm-verity target per mapped device.
Signed-off-by: Fan Wu <wufan@linux.microsoft.com>
---
v1-v10:
+ Not present
v11:
+ Introduced
v12:
+ No changes
---
drivers/md/dm-verity-target.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
On Tue, Jan 30 2024 at 5:37P -0500, Fan Wu <wufan@linux.microsoft.com> wrote: > The device-mapper has a flag to mark targets as singleton, which is a > required flag for immutable targets. Without this flag, multiple > dm-verity targets can be added to a mapped device, which has no > practical use cases and will let dm_table_get_immutable_target return > NULL. This patch adds the missing flag, restricting only one > dm-verity target per mapped device. > > Signed-off-by: Fan Wu <wufan@linux.microsoft.com> > > --- > v1-v10: > + Not present > > v11: > + Introduced > > v12: > + No changes > --- > drivers/md/dm-verity-target.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c > index 14e58ae70521..66a850c02be4 100644 > --- a/drivers/md/dm-verity-target.c > +++ b/drivers/md/dm-verity-target.c > @@ -1507,7 +1507,7 @@ int dm_verity_get_root_digest(struct dm_target *ti, u8 **root_digest, unsigned i > > static struct target_type verity_target = { > .name = "verity", > - .features = DM_TARGET_IMMUTABLE, > + .features = DM_TARGET_SINGLETON | DM_TARGET_IMMUTABLE, > .version = {1, 9, 0}, > .module = THIS_MODULE, > .ctr = verity_ctr, > -- > 2.43.0 > > It is true this change will cause dm_table_get_immutable_target() to not return NULL, but: I'm curious how that is meaningful in the context of dm-verity? (given the only caller of dm_table_get_immutable_target() is request-based DM code in DM core.) Thanks, Mike
On 2/2/2024 10:51 AM, Mike Snitzer wrote: > On Tue, Jan 30 2024 at 5:37P -0500, > Fan Wu <wufan@linux.microsoft.com> wrote: > >> The device-mapper has a flag to mark targets as singleton, which is a >> required flag for immutable targets. Without this flag, multiple >> dm-verity targets can be added to a mapped device, which has no >> practical use cases and will let dm_table_get_immutable_target return >> NULL. This patch adds the missing flag, restricting only one >> dm-verity target per mapped device. >> >> Signed-off-by: Fan Wu <wufan@linux.microsoft.com> >> >> --- >> v1-v10: >> + Not present >> >> v11: >> + Introduced >> >> v12: >> + No changes >> --- >> drivers/md/dm-verity-target.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c >> index 14e58ae70521..66a850c02be4 100644 >> --- a/drivers/md/dm-verity-target.c >> +++ b/drivers/md/dm-verity-target.c >> @@ -1507,7 +1507,7 @@ int dm_verity_get_root_digest(struct dm_target *ti, u8 **root_digest, unsigned i >> >> static struct target_type verity_target = { >> .name = "verity", >> - .features = DM_TARGET_IMMUTABLE, >> + .features = DM_TARGET_SINGLETON | DM_TARGET_IMMUTABLE, >> .version = {1, 9, 0}, >> .module = THIS_MODULE, >> .ctr = verity_ctr, >> -- >> 2.43.0 >> >> > > It is true this change will cause dm_table_get_immutable_target() to > not return NULL, but: I'm curious how that is meaningful in the > context of dm-verity? (given the only caller of > dm_table_get_immutable_target() is request-based DM code in DM core.) > > Thanks, > Mike Sorry for the confusion. The reference of dm_table_get_immutable_target() is only to justify an immutable target should also be a singleton(https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/drivers/md/dm-table.c#n982). It is not directly related to dm-verity. In the context of dm-verity. I found although veritysetup does ensure the dm-verity target as a singleton, users can still use dmsetup to configure multiple dm-verity targets within a single map table. This leads to a situation where only the first target can be accessed. Therefore to prevent this and similar misuse, I propose introducing DM_TARGET_SINGLETON to allow the kernel to enforce dm-verity targets as singletons. Thanks, Fan
diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c index 14e58ae70521..66a850c02be4 100644 --- a/drivers/md/dm-verity-target.c +++ b/drivers/md/dm-verity-target.c @@ -1507,7 +1507,7 @@ int dm_verity_get_root_digest(struct dm_target *ti, u8 **root_digest, unsigned i static struct target_type verity_target = { .name = "verity", - .features = DM_TARGET_IMMUTABLE, + .features = DM_TARGET_SINGLETON | DM_TARGET_IMMUTABLE, .version = {1, 9, 0}, .module = THIS_MODULE, .ctr = verity_ctr,