On Wed, Aug 02, 2017 at 02:27:50PM +0200, Milan Broz wrote: > In dm-integrity target we register integrity profile that have > both generate_fn and verify_fn callbacks set to NULL. > > This is used if dm-integrity is stacked under a dm-crypt device > for authenticated encryption (integrity payload contains authentication > tag and IV seed). > > In this case the verification is done through own crypto API > processing inside dm-crypt; integrity profile is only holder > of these data. (And memory is owned by dm-crypt as well.) Maybe that's where the problem lies? You're abusing the integrity payload for something that is not end to end data integrity at all and then wonder why it breaks? Also the commit that introduced your code had absolutely no review by Martin or any of the core block folks. The right fix is to revert the dm-crypt commit.
