git.baikalelectronics.ru Git - kernel.git/commit

author	Mikulas Patocka <mpatocka@redhat.com>
	Thu, 21 Jan 2021 15:09:32 +0000 (10:09 -0500)
committer	Mike Snitzer <snitzer@redhat.com>
	Wed, 3 Feb 2021 15:10:05 +0000 (10:10 -0500)
commit	4df7d164f1a59090d6a8492c6f55c7484905726d
tree	6a66e25ef563aa53db9f148d08f2f531ddf36778	tree \| snapshot
parent	d6425b9dd1a34ea3d3cdb7b3e36b5d48f7fa6b92	commit \| diff

dm integrity: introduce the "fix_hmac" argument

The "fix_hmac" argument improves security of internal_hash and
journal_mac:
- the section number is mixed to the mac, so that an attacker can't
  copy sectors from one journal section to another journal section
- the superblock is protected by journal_mac
- a 16-byte salt stored in the superblock is mixed to the mac, so
  that the attacker can't detect that two disks have the same hmac
  key and also to disallow the attacker to move sectors from one
  disk to another

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Reported-by: Daniel Glockner <dg@emlix.com>
Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com> # ReST fix
Tested-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>

Documentation/admin-guide/device-mapper/dm-integrity.rst		diff \| blob \| history
drivers/md/dm-integrity.c		diff \| blob \| history