review.tizen.org Git - platform/kernel/linux-starfive.git/commit

author	Matthias Kaehlcke <mka@chromium.org>
	Wed, 7 Sep 2022 20:30:58 +0000 (13:30 -0700)
committer	Kees Cook <keescook@chromium.org>
	Wed, 7 Sep 2022 23:37:27 +0000 (16:37 -0700)
commit	916ef6232cc4b84db7082b4c3d3cf1753d9462ba
tree	bce625a93d60639ce4c7d9e4fa7842af1a20d197	tree \| snapshot
parent	aafc203bbad4bf6cf394a34ea698c2b0b8affae0	commit \| diff

dm: verity-loadpin: Only trust verity targets with enforcement

Verity targets can be configured to ignore corrupted data blocks.
LoadPin must only trust verity targets that are configured to
perform some kind of enforcement when data corruption is detected,
like returning an error, restarting the system or triggering a
panic.

Fixes: b6c1c5745ccc ("dm: Add verity helpers for LoadPin")
Reported-by: Sarthak Kukreti <sarthakkukreti@chromium.org>
Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
Reviewed-by: Sarthak Kukreti <sarthakkukreti@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220907133055.1.Ic8a1dafe960dc0f8302e189642bc88ebb785d274@changeid

drivers/md/dm-verity-loadpin.c		diff \| blob \| history
drivers/md/dm-verity-target.c		diff \| blob \| history
drivers/md/dm-verity.h		diff \| blob \| history