Commit d6d0e6b
dm: fix excessive blk-crypto operations for invalid keys
dm_exec_wrappedkey_op() passes through the derive_sw_secret, import_key,
generate_key, and prepare_key blk-crypto operations to an underlying
device.
Currently, it calls the operation on every underlying device until one
returns success.
This logic is flawed when the operation is expected to fail, such as an
invalid key being passed to derive_sw_secret. That can happen if
userspace passes an invalid key to the FS_IOC_ADD_ENCRYPTION_KEY ioctl.
When that happens on a device-mapper device that consists of many
dm-linear targets, a lot of unnecessary key unwrapping requests get sent
to the underlying key wrapping hardware.
Fix this by considering the first device only. As already documented in
the comment, it was already checked that all underlying devices support
wrapped keys, so this should be fine.
Fixes: e939127 ("dm: pass through operations on wrapped inline crypto keys")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>1 parent 0f1e16b commit d6d0e6b
1 file changed
Lines changed: 3 additions & 9 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1237 | 1237 | | |
1238 | 1238 | | |
1239 | 1239 | | |
1240 | | - | |
1241 | | - | |
1242 | | - | |
1243 | 1240 | | |
1244 | 1241 | | |
1245 | 1242 | | |
| |||
1266 | 1263 | | |
1267 | 1264 | | |
1268 | 1265 | | |
1269 | | - | |
1270 | | - | |
1271 | | - | |
| 1266 | + | |
1272 | 1267 | | |
1273 | 1268 | | |
1274 | 1269 | | |
| |||
1294 | 1289 | | |
1295 | 1290 | | |
1296 | 1291 | | |
1297 | | - | |
| 1292 | + | |
1298 | 1293 | | |
1299 | 1294 | | |
1300 | 1295 | | |
1301 | 1296 | | |
1302 | 1297 | | |
1303 | | - | |
1304 | | - | |
| 1298 | + | |
1305 | 1299 | | |
1306 | 1300 | | |
1307 | 1301 | | |
| |||
0 commit comments