[PATCH 0/9] Cryptodisk fixes for v2.06

From: Patrick Steinhardt <ps@pks.im>
To: grub-devel@gnu.org
Cc: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>,
	Glenn Washburn <development@efficientek.com>,
	Daniel Kiper <daniel.kiper@oracle.com>
Subject: [PATCH 0/9] Cryptodisk fixes for v2.06
Date: Sun, 23 Aug 2020 12:59:47 +0200	[thread overview]
Message-ID: <cover.1598179677.git.ps@pks.im> (raw)

[-- Attachment #1: Type: text/plain, Size: 2701 bytes --]

Hi,

I've sifted through the mailing list contents of the last few months to
cherry-pick cryptodisk bugfixes which I think should be included in the
v2.06 release. I've found the following 9 patches from Glenn and me
which should probably be included, separated them out from their
respective patch series and made them play nice with each other.

This patch series shouldn't be applied as-is, but my intention is
instead to bundle all fixes which apply to v2.06 in a single thread to
make discussion easier and help us keep track of what needs to be done.
I've got some comments which I've sent to the original threads already
and added notes below.

- luks2: grub_cryptodisk_t->total_length is the max number of device
  native sectors

    I'm not sure if this fix is correct, mostly because I think that
    `grub_disk_get_size` is buggy already: it returns sectors for
    partitions and the total size for disks. So I do think we need
    another patch to fix that function, too.

- cryptodisk: Incorrect calculation of start sector for grub_disk_read
  in grub_cryptodisk_read

    The patch looks correct to me and matches what both LUKS and LUKS2
    on-disk format say. But I'm surprised our code ever worked correctly
    without this fix, which does make me feel uncomfortable.

- cryptodisk: Properly handle non-512 byte sized sectors

    Should we pick this for v2.06? It definitely fixes things, but also
    feels a bit like feature-enablement.

I've added my Reviewed-by to those patches which look obviously correct
to me.

Glenn, please let me know if this somehow interferes with your work or
if you'd like to handle upstreaming of those fixes yourself.

Patrick

Glenn Washburn (6):
  luks2: Fix use of incorrect index and some error messages
  luks2: grub_cryptodisk_t->total_length is the max number of device
    native sectors
  cryptodisk: Unregister cryptomount command when removing module
  cryptodisk: Incorrect calculation of start sector for grub_disk_read
    in grub_cryptodisk_read
  cryptodisk: Fix cipher IV mode 'plain64' always being set as 'plain'
  cryptodisk: Properly handle non-512 byte sized sectors

Patrick Steinhardt (3):
  json: Remove invalid typedef redefinition
  luks: Fix out-of-bounds copy of UUID
  luks2: Improve error reporting when decrypting/verifying key

 grub-core/disk/cryptodisk.c | 56 +++++++++++++++++++++----------------
 grub-core/disk/luks.c       |  7 +++--
 grub-core/disk/luks2.c      | 33 +++++++++++++---------
 grub-core/lib/json/json.h   |  9 +++---
 include/grub/cryptodisk.h   |  2 +-
 5 files changed, 62 insertions(+), 45 deletions(-)

-- 
2.28.0

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]