#
2971c058 |
| 05-Jun-2023 |
Russell Harmon <eatnumber1@gmail.com> |
Documentation: dm-integrity: Document an example of how the tunables relate.
Signed-off-by: Russell Harmon <eatnumber1@gmail.com> Signed-off-by: Mike Snitzer <snitzer@kernel.org>
|
#
52145f28 |
| 05-Jun-2023 |
Russell Harmon <eatnumber1@gmail.com> |
Documentation: dm-integrity: Document default values.
Signed-off-by: Russell Harmon <eatnumber1@gmail.com> Signed-off-by: Mike Snitzer <snitzer@kernel.org>
|
#
3b671459 |
| 05-Jun-2023 |
Russell Harmon <eatnumber1@gmail.com> |
Documentation: dm-integrity: Document the meaning of "buffer".
"Buffers" are buffers of the metadata/checksum area of dm-integrity. They are always at most as large as a single metadata area on-disk
Documentation: dm-integrity: Document the meaning of "buffer".
"Buffers" are buffers of the metadata/checksum area of dm-integrity. They are always at most as large as a single metadata area on-disk, but may be smaller.
Signed-off-by: Russell Harmon <eatnumber1@gmail.com> Reviewed-by: Bagas Sanjaya <bagasdotme@gmail.com> Signed-off-by: Mike Snitzer <snitzer@kernel.org>
show more ...
|
#
c3ba5aa6 |
| 05-Jun-2023 |
Russell Harmon <eatnumber1@gmail.com> |
Documentation: dm-integrity: Fix minor grammatical error.
"where dm-integrity uses bitmap" becomes "where dm-integrity uses a bitmap"
Signed-off-by: Russell Harmon <eatnumber1@gmail.com> Reviewed-b
Documentation: dm-integrity: Fix minor grammatical error.
"where dm-integrity uses bitmap" becomes "where dm-integrity uses a bitmap"
Signed-off-by: Russell Harmon <eatnumber1@gmail.com> Reviewed-by: Bagas Sanjaya <bagasdotme@gmail.com> Signed-off-by: Mike Snitzer <snitzer@kernel.org>
show more ...
|
#
09d85f8d |
| 21-Jan-2021 |
Mikulas Patocka <mpatocka@redhat.com> |
dm integrity: introduce the "fix_hmac" argument
The "fix_hmac" argument improves security of internal_hash and journal_mac: - the section number is mixed to the mac, so that an attacker can't copy
dm integrity: introduce the "fix_hmac" argument
The "fix_hmac" argument improves security of internal_hash and journal_mac: - the section number is mixed to the mac, so that an attacker can't copy sectors from one journal section to another journal section - the superblock is protected by journal_mac - a 16-byte salt stored in the superblock is mixed to the mac, so that the attacker can't detect that two disks have the same hmac key and also to disallow the attacker to move sectors from one disk to another
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com> Reported-by: Daniel Glockner <dg@emlix.com> Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com> # ReST fix Tested-by: Milan Broz <gmazyland@gmail.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com>
show more ...
|
#
663f63ee |
| 21-Jan-2021 |
Ard Biesheuvel <ardb@kernel.org> |
crypto: salsa20 - remove Salsa20 stream cipher algorithm
Salsa20 is not used anywhere in the kernel, is not suitable for disk encryption, and widely considered to have been superseded by ChaCha20. S
crypto: salsa20 - remove Salsa20 stream cipher algorithm
Salsa20 is not used anywhere in the kernel, is not suitable for disk encryption, and widely considered to have been superseded by ChaCha20. So let's remove it.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Mike Snitzer <snitzer@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
5c024064 |
| 20-Jan-2021 |
Mikulas Patocka <mpatocka@redhat.com> |
dm integrity: conditionally disable "recalculate" feature
Otherwise a malicious user could (ab)use the "recalculate" feature that makes dm-integrity calculate the checksums in the background while t
dm integrity: conditionally disable "recalculate" feature
Otherwise a malicious user could (ab)use the "recalculate" feature that makes dm-integrity calculate the checksums in the background while the device is already usable. When the system restarts before all checksums have been calculated, the calculation continues where it was interrupted even if the recalculate feature is not requested the next time the dm device is set up.
Disable recalculating if we use internal_hash or journal_hash with a key (e.g. HMAC) and we don't have the "legacy_recalculate" flag.
This may break activation of a volume, created by an older kernel, that is not yet fully recalculated -- if this happens, the user should add the "legacy_recalculate" flag to constructor parameters.
Cc: stable@vger.kernel.org Signed-off-by: Mikulas Patocka <mpatocka@redhat.com> Reported-by: Daniel Glockner <dg@emlix.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com>
show more ...
|
#
751d5b27 |
| 04-Dec-2020 |
Andrew Klychkov <andrew.a.klychkov@gmail.com> |
Documentation: fix multiple typos found in the admin-guide subdirectory
Fix thirty five typos in dm-integrity.rst, dm-raid.rst, dm-zoned.rst, verity.rst, writecache.rst, tsx_async_abort.rst, md.rst,
Documentation: fix multiple typos found in the admin-guide subdirectory
Fix thirty five typos in dm-integrity.rst, dm-raid.rst, dm-zoned.rst, verity.rst, writecache.rst, tsx_async_abort.rst, md.rst, bttv.rst, dvb_references.rst, frontend-cardlist.rst, gspca-cardlist.rst, ipu3.rst, remote-controller.rst, mm/index.rst, numaperf.rst, userfaultfd.rst, module-signing.rst, imx-ddr.rst, intel-speed-select.rst, intel_pstate.rst, ramoops.rst, abi.rst, kernel.rst, vm.rst
Signed-off-by: Andrew Klychkov <andrew.a.klychkov@gmail.com> Link: https://lore.kernel.org/r/20201204072848.GA49895@spblnx124.lan Signed-off-by: Jonathan Corbet <corbet@lwn.net>
show more ...
|
#
4e578ba6 |
| 04-Jul-2020 |
Randy Dunlap <rdunlap@infradead.org> |
Documentation/admin-guide: dm-integrity: drop doubled words
Drop the doubled words "on" and "the".
Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Cc: Jonathan Corbet <corbet@lwn.net> Cc: linux
Documentation/admin-guide: dm-integrity: drop doubled words
Drop the doubled words "on" and "the".
Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Cc: Jonathan Corbet <corbet@lwn.net> Cc: linux-doc@vger.kernel.org Cc: dm-devel@redhat.com Link: https://lore.kernel.org/r/20200704032020.21923-4-rdunlap@infradead.org Signed-off-by: Jonathan Corbet <corbet@lwn.net>
show more ...
|
#
40e9c5ac |
| 02-Jun-2020 |
Mikulas Patocka <mpatocka@redhat.com> |
dm integrity: add status line documentation
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com>
|
#
0a2bd55c |
| 08-Apr-2020 |
Milan Broz <gmazyland@gmail.com> |
dm integrity: document allow_discard option
Add decription of the allow_discard option added in commit 84597a44a9d86ac949900441cea7da0af0f2f473.
Signed-off-by: Milan Broz <gmazyland@gmail.com> Sign
dm integrity: document allow_discard option
Add decription of the allow_discard option added in commit 84597a44a9d86ac949900441cea7da0af0f2f473.
Signed-off-by: Milan Broz <gmazyland@gmail.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com>
show more ...
|
#
7fc979f8 |
| 07-Dec-2019 |
Eric Biggers <ebiggers@google.com> |
docs: dm-integrity: remove reference to ARC4
ARC4 is no longer considered secure, so it shouldn't be used, even as just an example.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by:
docs: dm-integrity: remove reference to ARC4
ARC4 is no longer considered secure, so it shouldn't be used, even as just an example.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com>
show more ...
|
#
d537858a |
| 13-Nov-2019 |
Mikulas Patocka <mpatocka@redhat.com> |
dm integrity: fix excessive alignment of metadata runs
Metadata runs are supposed to be aligned on 4k boundary (so that they work efficiently with disks with 4k sectors). However, there was a progra
dm integrity: fix excessive alignment of metadata runs
Metadata runs are supposed to be aligned on 4k boundary (so that they work efficiently with disks with 4k sectors). However, there was a programming bug that makes them aligned on 128k boundary instead. The unused space is wasted.
Fix this bug by providing a proper 4k alignment. In order to keep existing volumes working, we introduce a new flag SB_FLAG_FIXED_PADDING - when the flag is clear, we calculate the padding the old way. In order to make sure that the old version cannot mount the volume created by the new version, we increase superblock version to 4.
Also in order to not break with old integritysetup, we fix alignment only if the parameter "fix_padding" is present when formatting the device.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com>
show more ...
|
#
6cf2a73c |
| 18-Jun-2019 |
Mauro Carvalho Chehab <mchehab+samsung@kernel.org> |
docs: device-mapper: move it to the admin-guide
The DM support describes lots of aspects related to mapped disk partitions from the userspace PoV.
Signed-off-by: Mauro Carvalho Chehab <mchehab+sams
docs: device-mapper: move it to the admin-guide
The DM support describes lots of aspects related to mapped disk partitions from the userspace PoV.
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
show more ...
|