From: Sascha Hauer <s.hauer@pengutronix.de>
To: Torben Hohn <torben.hohn@linutronix.de>
Cc: richard@nod.at, bigeasy@linutronix.de,
linux-mtd@lists.infradead.org, tglx@linutronix.de
Subject: Re: [PATCH 1/1] ubifs: support authentication, for ro mount, when no key is given
Date: Fri, 26 Jun 2020 10:10:28 +0200 [thread overview]
Message-ID: <20200626081028.GE19105@pengutronix.de> (raw)
In-Reply-To: <20200626072714.GH15356@linutronix.de>
On Fri, Jun 26, 2020 at 09:27:14AM +0200, Torben Hohn wrote:
> On Fri, Jun 26, 2020 at 06:31:20AM +0200, Sascha Hauer wrote:
> > Hi Torben,
> >
> > On Thu, Jun 25, 2020 at 05:59:27PM +0200, Torben Hohn wrote:
> > > diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
> > > index 7fc2f3f07c16..ec95f1f50e5e 100644
> > > --- a/fs/ubifs/super.c
> > > +++ b/fs/ubifs/super.c
> > > @@ -1291,6 +1291,17 @@ static int mount_ubifs(struct ubifs_info *c)
> > > err = -EINVAL;
> > > goto out_free;
> > > }
> > > + } else if (c->auth_hash_name) {
> > > + if (IS_ENABLED(CONFIG_UBIFS_FS_AUTHENTICATION)) {
> > > + err = ubifs_init_authentication_read_only(c);
> > > + if (err)
> > > + goto out_free;
> > > + } else {
> > > + ubifs_err(c, "auth_hash_name, but UBIFS is built without"
> > > + " authentication support");
> > > + err = -EINVAL;
> > > + goto out_free;
> > > + }
> > > }
> >
> > In case we don't have a key available for HMAC and can only verify the
> > FS is correctly signed then we have to be sure that we are mounting
> > readonly. This means the above needs an additional check for
> > c->ro_mount.
>
> Indeed, i had that check in authenticate_sb_node() in an earlier
> version, and forgot to add it here.
>
> Will do.
>
> >
> > Once we can be sure that UBIFS is in readonly mode when we can't do HMAC
> > then there's no point in adding a ubifs_authenticated_write(), because
> > the places where you call it will never be hit in a readonly mounted
> > filesystem.
>
> The point is making sure, that it really is never hit in a readonly
> filesystem. Now, and in the future. If we miss one point, we might
> trigger the hmac code with an empty hmac. Although it might just crash.
If that's your point then you can add a ubifs_assert(c, c->ro_mount) at
those places. This has the advantage that it triggers not only in
authenticated mode, but also in unauthenticated mode. Please add this
assertion explicitly and not indirectly in ubifs_authenticated_write().
This function has a strange semantics, the name suggests that it returns
the status of authenticated write. It's quite unexpected to me that it
triggers a warning when called with only readonly authentication
available.
Regards,
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
next prev parent reply other threads:[~2020-06-26 10:23 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-25 15:59 [PATCH 0/1] ubifs: support authentication without hmac Torben Hohn
2020-06-25 15:59 ` [PATCH 1/1] ubifs: support authentication, for ro mount, when no key is given Torben Hohn
2020-06-26 4:31 ` Sascha Hauer
2020-06-26 7:27 ` Torben Hohn
2020-06-26 7:53 ` Richard Weinberger
2020-06-26 8:10 ` Sascha Hauer [this message]
2020-06-26 9:39 ` Torben Hohn
2020-06-26 8:09 ` [PATCH 0/1] ubifs: support authentication without hmac Richard Weinberger
2020-06-29 6:46 ` Alexander Dahl
2020-06-29 7:04 ` Richard Weinberger
2020-06-29 7:48 ` Wolfgang Denk
2020-06-29 7:51 ` Richard Weinberger
2020-06-30 5:50 ` Wolfgang Denk
2020-06-30 13:36 ` Richard Weinberger
2020-06-30 14:36 ` Alexander Dahl
2020-06-26 11:29 ` [PATCH v2 0/4] " Torben Hohn
2020-06-26 11:29 ` [PATCH v2 1/4] ubifs: move #include "debug.h" above auth.c Torben Hohn
2020-06-26 11:29 ` [PATCH v2 2/4] ubifs: support authentication, for ro mount, when no key is given Torben Hohn
2020-06-26 11:29 ` [PATCH v2 3/4] ubifs: sprinkle ubifs_assert(c, !c->ro_mount) in hmac auth Torben Hohn
2020-06-26 11:29 ` [PATCH v2 4/4] ubifs: prevent remounting rw when no hmac key was given Torben Hohn
2020-06-26 12:27 ` Richard Weinberger
2020-06-29 8:53 ` Torben Hohn
2020-06-29 10:52 ` Richard Weinberger
2020-06-26 14:16 ` [PATCH v2 0/4] ubifs: support authentication without hmac Richard Weinberger
2020-06-26 14:36 ` Richard Weinberger
2020-06-29 9:13 ` Torben Hohn
2020-06-29 9:07 ` Torben Hohn
2020-06-29 10:46 ` Richard Weinberger
2020-07-02 14:40 ` Thomas Gleixner
2020-07-02 15:00 ` Richard Weinberger
2020-07-02 18:48 ` Thomas Gleixner
2020-07-02 19:03 ` Richard Weinberger
2020-07-03 8:16 ` bigeasy
2020-07-03 8:20 ` Richard Weinberger
2020-07-03 9:12 ` Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200626081028.GE19105@pengutronix.de \
--to=s.hauer@pengutronix.de \
--cc=bigeasy@linutronix.de \
--cc=linux-mtd@lists.infradead.org \
--cc=richard@nod.at \
--cc=tglx@linutronix.de \
--cc=torben.hohn@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).