dm-verity: don't crash if panic_on_corruption is not selected

If the user sets panic_on_error and doesn't set panic_on_corruption,
dm-verity should not panic on data mismatch. But, currently it panics,
because it treats data mismatch as I/O error.

This commit fixes the logic so that if there is data mismatch and
panic_on_corruption or restart_on_corruption is not selected, the system
won't restart or panic.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
Fixes: f811b83879 ("dm-verity: introduce the options restart_on_error and panic_on_error")
This commit is contained in:
Mikulas Patocka 2024-10-29 12:17:13 +01:00
parent 5a4510c762
commit a674d0cd56
2 changed files with 7 additions and 3 deletions

View File

@ -356,9 +356,9 @@ static int verity_verify_level(struct dm_verity *v, struct dm_verity_io *io,
else if (verity_handle_err(v, else if (verity_handle_err(v,
DM_VERITY_BLOCK_TYPE_METADATA, DM_VERITY_BLOCK_TYPE_METADATA,
hash_block)) { hash_block)) {
struct bio *bio = struct bio *bio;
dm_bio_from_per_bio_data(io, io->had_mismatch = true;
v->ti->per_io_data_size); bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size);
dm_audit_log_bio(DM_MSG_PREFIX, "verify-metadata", bio, dm_audit_log_bio(DM_MSG_PREFIX, "verify-metadata", bio,
block, 0); block, 0);
r = -EIO; r = -EIO;
@ -482,6 +482,7 @@ static int verity_handle_data_hash_mismatch(struct dm_verity *v,
return -EIO; /* Error correction failed; Just return error */ return -EIO; /* Error correction failed; Just return error */
if (verity_handle_err(v, DM_VERITY_BLOCK_TYPE_DATA, blkno)) { if (verity_handle_err(v, DM_VERITY_BLOCK_TYPE_DATA, blkno)) {
io->had_mismatch = true;
dm_audit_log_bio(DM_MSG_PREFIX, "verify-data", bio, blkno, 0); dm_audit_log_bio(DM_MSG_PREFIX, "verify-data", bio, blkno, 0);
return -EIO; return -EIO;
} }
@ -606,6 +607,7 @@ static void verity_finish_io(struct dm_verity_io *io, blk_status_t status)
if (unlikely(status != BLK_STS_OK) && if (unlikely(status != BLK_STS_OK) &&
unlikely(!(bio->bi_opf & REQ_RAHEAD)) && unlikely(!(bio->bi_opf & REQ_RAHEAD)) &&
!io->had_mismatch &&
!verity_is_system_shutting_down()) { !verity_is_system_shutting_down()) {
if (v->error_mode == DM_VERITY_MODE_PANIC) { if (v->error_mode == DM_VERITY_MODE_PANIC) {
panic("dm-verity device has I/O error"); panic("dm-verity device has I/O error");
@ -779,6 +781,7 @@ static int verity_map(struct dm_target *ti, struct bio *bio)
io->orig_bi_end_io = bio->bi_end_io; io->orig_bi_end_io = bio->bi_end_io;
io->block = bio->bi_iter.bi_sector >> (v->data_dev_block_bits - SECTOR_SHIFT); io->block = bio->bi_iter.bi_sector >> (v->data_dev_block_bits - SECTOR_SHIFT);
io->n_blocks = bio->bi_iter.bi_size >> v->data_dev_block_bits; io->n_blocks = bio->bi_iter.bi_size >> v->data_dev_block_bits;
io->had_mismatch = false;
bio->bi_end_io = verity_end_io; bio->bi_end_io = verity_end_io;
bio->bi_private = io; bio->bi_private = io;

View File

@ -92,6 +92,7 @@ struct dm_verity_io {
sector_t block; sector_t block;
unsigned int n_blocks; unsigned int n_blocks;
bool in_bh; bool in_bh;
bool had_mismatch;
struct work_struct work; struct work_struct work;
struct work_struct bh_work; struct work_struct bh_work;