Revert: "dm-verity: restart or panic on an I/O error"

Mikulas Patocka · Mikulas Patocka · commit 462763212dd7 · 2024-10-02T16:15:34.000+02:00
This reverts commit e6a3531. The problem that the commit e6a3531 fixes was reported as a security bug, but Google engineers working on Android and ChromeOS didn't want to change the default behavior, they want to get -EIO rather than restarting the system, so I am reverting that commit. Note also that calling machine_restart from the I/O handling code is potentially unsafe (the reboot notifiers may wait for the bio that triggered the restart), but Android uses the reboot notifiers to store the reboot reason into the PMU microcontroller, so machine_restart must be used. Signed-off-by: Mikulas Patocka <mpatocka@redhat.com> Cc: stable@vger.kernel.org Fixes: e6a3531 ("dm-verity: restart or panic on an I/O error") Suggested-by: Sami Tolvanen <samitolvanen@google.com> Suggested-by: Will Drewry <wad@chromium.org>
diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c
@@ -273,10 +273,8 @@ static int verity_handle_err(struct dm_verity *v, enum verity_block_type type,
 	if (v->mode == DM_VERITY_MODE_LOGGING)
 		return 0;
 
-	if (v->mode == DM_VERITY_MODE_RESTART) {
-		pr_emerg("dm-verity device corrupted\n");
-		emergency_restart();
-	}
+	if (v->mode == DM_VERITY_MODE_RESTART)
+		kernel_restart("dm-verity device corrupted");
 
 	if (v->mode == DM_VERITY_MODE_PANIC)
 		panic("dm-verity device corrupted");
@@ -599,23 +597,6 @@ static void verity_finish_io(struct dm_verity_io *io, blk_status_t status)
 	if (!static_branch_unlikely(&use_bh_wq_enabled) || !io->in_bh)
 		verity_fec_finish_io(io);
 
-	if (unlikely(status != BLK_STS_OK) &&
-	    unlikely(!(bio->bi_opf & REQ_RAHEAD)) &&
-	    !verity_is_system_shutting_down()) {
-		if (v->mode == DM_VERITY_MODE_RESTART ||
-		    v->mode == DM_VERITY_MODE_PANIC)
-			DMERR_LIMIT("%s has error: %s", v->data_dev->name,
-					blk_status_to_str(status));
-
-		if (v->mode == DM_VERITY_MODE_RESTART) {
-			pr_emerg("dm-verity device corrupted\n");
-			emergency_restart();
-		}
-
-		if (v->mode == DM_VERITY_MODE_PANIC)
-			panic("dm-verity device corrupted");
-	}
-
 	bio_endio(bio);
 }
 
