diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2021-01-22 14:31:00 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-01-22 14:31:00 -0800 |
| commit | fe75a21824e78405b8d812421974524092250c63 (patch) | |
| tree | 78e6f9a233f917bcc92051054921382daf68c9d0 /Documentation | |
| parent | faba877b3bccb5af79f0cd8c6af93392030e6e41 (diff) | |
| parent | 809b1e4945774c9ec5619a8f4e2189b7b3833c0c (diff) | |
Merge tag 'for-5.11/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
Pull device mapper fixes from Mike Snitzer:
- Fix DM integrity crash if "recalculate" used without "internal_hash"
- Fix DM integrity "recalculate" support to prevent recalculating
checksums if we use internal_hash or journal_hash with a key (e.g.
HMAC). Use of crypto as a means to prevent malicious corruption
requires further changes and was never a design goal for
dm-integrity's primary usecase of detecting accidental corruption.
- Fix a benign dm-crypt copy-and-paste bug introduced as part of a fix
that was merged for 5.11-rc4.
- Fix DM core's dm_get_device() to avoid filesystem lookup to get block
device (if possible).
* tag 'for-5.11/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
dm: avoid filesystem lookup in dm_get_dev_t()
dm crypt: fix copy and paste bug in crypt_alloc_req_aead
dm integrity: conditionally disable "recalculate" feature
dm integrity: fix a crash if "recalculate" used without "internal_hash"
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/admin-guide/device-mapper/dm-integrity.rst | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/Documentation/admin-guide/device-mapper/dm-integrity.rst b/Documentation/admin-guide/device-mapper/dm-integrity.rst index 4e6f504474ac..2cc5488acbd9 100644 --- a/Documentation/admin-guide/device-mapper/dm-integrity.rst +++ b/Documentation/admin-guide/device-mapper/dm-integrity.rst @@ -177,14 +177,20 @@ bitmap_flush_interval:number The bitmap flush interval in milliseconds. The metadata buffers are synchronized when this interval expires. +allow_discards + Allow block discard requests (a.k.a. TRIM) for the integrity device. + Discards are only allowed to devices using internal hash. + fix_padding Use a smaller padding of the tag area that is more space-efficient. If this option is not present, large padding is used - that is for compatibility with older kernels. -allow_discards - Allow block discard requests (a.k.a. TRIM) for the integrity device. - Discards are only allowed to devices using internal hash. +legacy_recalculate + Allow recalculating of volumes with HMAC keys. This is disabled by + default for security reasons - an attacker could modify the volume, + set recalc_sector to zero, and the kernel would not detect the + modification. The journal mode (D/J), buffer_sectors, journal_watermark, commit_time and allow_discards can be changed when reloading the target (load an inactive |