block: zero non-PI portion of auto integrity buffer #461
+7
−18
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Author
|
Upstream branch: 623fb99 |
Author
|
Upstream branch: 623fb99 |
blktests-ci
bot
force-pushed
the
series/1040053=>linus-master
branch
from
7357b8f to
5b8f38c
Compare
Author
|
Upstream branch: 623fb99 |
blktests-ci
bot
force-pushed
the
series/1040053=>linus-master
branch
from
5b8f38c to
629c41e
Compare
blktests-ci
bot
force-pushed
the
linus-master_base
branch
from
f962a4d to
06634b5
Compare
The auto-generated integrity buffer for writes needs to be fully
initialized before being passed to the underlying block device,
otherwise the uninitialized memory can be read back by userspace or
anyone with physical access to the storage device. If protection
information is generated, that portion of the integrity buffer is
already initialized. The integrity data is also zeroed if PI generation
is disabled via sysfs or the PI tuple size is 0. However, this misses
the case where PI is generated and the PI tuple size is nonzero, but the
metadata size is larger than the PI tuple. In this case, the remainder
("opaque") of the metadata is left uninitialized.
Generalize the BLK_INTEGRITY_CSUM_NONE check to cover any case when the
metadata is larger than just the PI tuple.
Signed-off-by: Caleb Sander Mateos <csander@purestorage.com>
Fixes: c546d6f ("block: only zero non-PI metadata tuples in bio_integrity_prep")
Reviewed-by: Anuj Gupta <anuj20.g@samsung.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Since commit ec7f31b ("block: make bio auto-integrity deadlock safe"), the gfp_t gfp variable in bio_integrity_prep() is no longer passed to an allocation function. It's only used to compute the zero_buffer argument to bio_integrity_alloc_buf(). So change the variable to bool zero_buffer to simplify the code. Signed-off-by: Caleb Sander Mateos <csander@purestorage.com> Reviewed-by: Anuj Gupta <anuj20.g@samsung.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
bi_offload_capable() returns whether a block device's metadata size matches its PI tuple size. Use pi_tuple_size instead of switching on csum_type. This makes the code considerably simpler and less branchy. Signed-off-by: Caleb Sander Mateos <csander@purestorage.com> Reviewed-by: Anuj Gupta <anuj20.g@samsung.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
Author
|
Upstream branch: b543459 |
blktests-ci
bot
force-pushed
the
series/1040053=>linus-master
branch
from
629c41e to
91d0936
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: block: zero non-PI portion of auto integrity buffer
version: 2
url: https://patchwork.kernel.org/project/linux-block/list/?series=1040053