review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Mikulas Patocka <mpatocka@redhat.com>
	Thu, 21 Jan 2021 15:09:32 +0000 (10:09 -0500)
committer	Mike Snitzer <snitzer@redhat.com>
	Wed, 3 Feb 2021 15:10:05 +0000 (10:10 -0500)
commit	09d85f8d8909ec8baa07479ba5777bbca24961f3
tree	6a66e25ef563aa53db9f148d08f2f531ddf36778	tree \| snapshot
parent	4c9e9883c20a3ad5384e689bdbb1d0677da4094c	commit \| diff

dm integrity: introduce the "fix_hmac" argument

The "fix_hmac" argument improves security of internal_hash and
journal_mac:
- the section number is mixed to the mac, so that an attacker can't
  copy sectors from one journal section to another journal section
- the superblock is protected by journal_mac
- a 16-byte salt stored in the superblock is mixed to the mac, so
  that the attacker can't detect that two disks have the same hmac
  key and also to disallow the attacker to move sectors from one
  disk to another

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Reported-by: Daniel Glockner <dg@emlix.com>
Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com> # ReST fix
Tested-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>

Documentation/admin-guide/device-mapper/dm-integrity.rst		diff \| blob \| history
drivers/md/dm-integrity.c		diff \| blob \| history