On Wed, 2 Nov 2016, Ondrej Kozina wrote: > on crypt_message() key set code path while loading new key > replacing the old one in case tfm->setkey() fails > we would end having invalid key in crypto layer but > DM_CRYPT_KEY_VALID flag set. > > Signed-off-by: Ondrej Kozina <okozina@xxxxxxxxxx> Reviewed-by: Mikulas Patocka <mpatocka@xxxxxxxxxx> > --- > drivers/md/dm-crypt.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c > index a276883..0aedd0e 100644 > --- a/drivers/md/dm-crypt.c > +++ b/drivers/md/dm-crypt.c > @@ -1503,12 +1503,15 @@ static int crypt_set_key(struct crypt_config *cc, char *key) > if (!cc->key_size && strcmp(key, "-")) > goto out; > > + /* clear the flag since following operations may invalidate previously valid key */ > + clear_bit(DM_CRYPT_KEY_VALID, &cc->flags); > + > if (cc->key_size && crypt_decode_key(cc->key, key, cc->key_size) < 0) > goto out; > > - set_bit(DM_CRYPT_KEY_VALID, &cc->flags); > - > r = crypt_setkey_allcpus(cc); > + if (!r) > + set_bit(DM_CRYPT_KEY_VALID, &cc->flags); > > out: > /* Hex key string not needed after here, so wipe it. */ > -- > 2.7.4 > -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel
