* [PATCH] ubifs: Do not skip hash checking in data nodes
@ 2019-04-01 13:00 Sascha Hauer
2019-04-04 20:06 ` Richard Weinberger
0 siblings, 1 reply; 2+ messages in thread
From: Sascha Hauer @ 2019-04-01 13:00 UTC (permalink / raw)
To: linux-mtd; +Cc: Richard Weinberger, Sascha Hauer, kernel
UBIFS bails out early from try_read_node() when it doesn't have to check
the CRC. Still the node hash has to be checked, otherwise wrong data
could be sneaked into the FS. Fix this by not bailing out early and
always checking the node hash.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
fs/ubifs/tnc.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/fs/ubifs/tnc.c b/fs/ubifs/tnc.c
index 25572ffea163..ebf8c26f5b22 100644
--- a/fs/ubifs/tnc.c
+++ b/fs/ubifs/tnc.c
@@ -479,14 +479,13 @@ static int try_read_node(const struct ubifs_info *c, void *buf, int type,
if (node_len != len)
return 0;
- if (type == UBIFS_DATA_NODE && c->no_chk_data_crc && !c->mounting &&
- !c->remounting_rw)
- return 1;
-
- crc = crc32(UBIFS_CRC32_INIT, buf + 8, node_len - 8);
- node_crc = le32_to_cpu(ch->crc);
- if (crc != node_crc)
- return 0;
+ if (type != UBIFS_DATA_NODE || !c->no_chk_data_crc || c->mounting ||
+ c->remounting_rw) {
+ crc = crc32(UBIFS_CRC32_INIT, buf + 8, node_len - 8);
+ node_crc = le32_to_cpu(ch->crc);
+ if (crc != node_crc)
+ return 0;
+ }
err = ubifs_node_check_hash(c, buf, zbr->hash);
if (err) {
--
2.20.1
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] ubifs: Do not skip hash checking in data nodes
2019-04-01 13:00 [PATCH] ubifs: Do not skip hash checking in data nodes Sascha Hauer
@ 2019-04-04 20:06 ` Richard Weinberger
0 siblings, 0 replies; 2+ messages in thread
From: Richard Weinberger @ 2019-04-04 20:06 UTC (permalink / raw)
To: Sascha Hauer; +Cc: linux-mtd, kernel
Am Montag, 1. April 2019, 15:00:44 CEST schrieb Sascha Hauer:
> UBIFS bails out early from try_read_node() when it doesn't have to check
> the CRC. Still the node hash has to be checked, otherwise wrong data
> could be sneaked into the FS. Fix this by not bailing out early and
> always checking the node hash.
>
> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Good catch!
I think we need another UBIFS self-check to catch such issues.
How about adding a marker to each in-memory node/page up on checking?
That way a self-check can walk UBIFS in-memory data structures and check
whether everything has the marker set. If not, we found a bug in the auth
code.
Thanks,
//richard
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-04-04 20:07 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-04-01 13:00 [PATCH] ubifs: Do not skip hash checking in data nodes Sascha Hauer
2019-04-04 20:06 ` Richard Weinberger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).