From: Sascha Hauer <s.hauer@pengutronix.de>
To: Richard Weinberger <richard@nod.at>
Cc: linux-mtd@lists.infradead.org, David Gstir <david@sigma-star.at>,
kernel@pengutronix.de, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 13/25] ubifs: authentication: Add hashes to index nodes
Date: Fri, 7 Sep 2018 12:25:16 +0200 [thread overview]
Message-ID: <20180907102516.2dr3x3mevuu2l2mz@pengutronix.de> (raw)
In-Reply-To: <2092924.iTNEbfF25J@blindfold>
On Mon, Aug 27, 2018 at 09:36:56PM +0200, Richard Weinberger wrote:
> > diff --git a/fs/ubifs/tnc.c b/fs/ubifs/tnc.c
> > index a47fced47823..a00809d4fe6f 100644
> > --- a/fs/ubifs/tnc.c
> > +++ b/fs/ubifs/tnc.c
> > @@ -488,6 +488,12 @@ static int try_read_node(const struct ubifs_info *c, void *buf, int type,
> > if (crc != node_crc)
> > return 0;
> >
> > + err = ubifs_node_check_hash(c, buf, zbr->hash);
> > + if (err) {
> > + ubifs_err(c, "hash mismatch on node at LEB %d:%d", lnum, offs);
> > + return 0;
> > + }
>
> Hmm, I think a global "hash is bad" handler would be nice to have.
> That way we always report in the same way.
I created a function reporting a bad hash, so every failure goes through
the same code...
>
> Maybe also a new file system specific ioctl to query whether a hash
> failure was noticed.
but I'll leave that for a later excercise if that's ok. I am unsure how
useful such an ioctl() is. It's too easy to interpret such a hash
mismatch as some kind of security violation when it's more likely just a
bug somewhere.
> > @@ -868,6 +877,23 @@ static int write_index(struct ubifs_info *c)
> > }
> > len = ubifs_idx_node_sz(c, znode->child_cnt);
> > ubifs_prepare_node(c, idx, len, 0);
> > + ubifs_node_calc_hash(c, idx, hash);
> > +
> > + mutex_lock(&c->tnc_mutex);
>
> This lock looks correct too me.
> Just in case, you did test with lockdep enabled? :-)
Yes, I had lockdep enabled in all my tests.
Sascha
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
next prev parent reply other threads:[~2018-09-07 10:25 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-04 12:41 [PATCH 00/25] UBIFS authentication support Sascha Hauer
2018-07-04 12:41 ` [PATCH 01/25] ubifs: refactor create_default_filesystem() Sascha Hauer
2018-07-04 12:41 ` [PATCH 02/25] ubifs: pass ubifs_zbranch to try_read_node() Sascha Hauer
2018-07-04 12:41 ` [PATCH 03/25] ubifs: pass ubifs_zbranch to read_znode() Sascha Hauer
2018-07-04 12:41 ` [PATCH 04/25] ubifs: export pnode_lookup as ubifs_pnode_lookup Sascha Hauer
2018-07-04 12:41 ` [PATCH 05/25] ubifs: implement ubifs_lpt_lookup using ubifs_pnode_lookup Sascha Hauer
2018-08-13 6:31 ` Sascha Hauer
2018-08-13 6:34 ` Richard Weinberger
2018-08-13 8:12 ` Sascha Hauer
2018-08-13 11:30 ` Richard Weinberger
2018-08-26 20:59 ` Richard Weinberger
2018-07-04 12:41 ` [PATCH 06/25] ubifs: drop write_node Sascha Hauer
2018-07-04 12:41 ` [PATCH 07/25] ubifs: Store read superblock node Sascha Hauer
2018-08-27 12:50 ` Richard Weinberger
2018-07-04 12:41 ` [PATCH 08/25] ubifs: Format changes for authentication support Sascha Hauer
2018-07-04 12:41 ` [PATCH 09/25] ubifs: add separate functions to init/crc a node Sascha Hauer
2018-07-04 12:41 ` [PATCH 10/25] ubifs: add helper functions for authentication support Sascha Hauer
2018-08-27 12:50 ` Richard Weinberger
2018-08-29 6:30 ` Sascha Hauer
2018-07-04 12:41 ` [PATCH 11/25] ubifs: Create functions to embed a HMAC in a node Sascha Hauer
2018-07-04 12:41 ` [PATCH 12/25] ubifs: Add hashes to the tree node cache Sascha Hauer
2018-08-27 19:18 ` Richard Weinberger
2018-08-29 11:16 ` Sascha Hauer
2018-07-04 12:41 ` [PATCH 13/25] ubifs: authentication: Add hashes to index nodes Sascha Hauer
2018-08-27 19:36 ` Richard Weinberger
2018-09-07 10:25 ` Sascha Hauer [this message]
2018-07-04 12:41 ` [PATCH 14/25] ubifs: Add authentication nodes to journal Sascha Hauer
2018-07-08 2:59 ` kbuild test robot
2018-08-27 20:48 ` Richard Weinberger
2018-08-29 14:38 ` Sascha Hauer
2018-08-29 14:54 ` Richard Weinberger
2018-08-30 13:41 ` Sascha Hauer
2018-09-02 19:45 ` Richard Weinberger
2018-07-04 12:41 ` [PATCH 15/25] ubifs: Add auth nodes to garbage collector journal head Sascha Hauer
2018-08-27 20:51 ` Richard Weinberger
2018-08-30 14:43 ` Sascha Hauer
2018-07-04 12:41 ` [PATCH 16/25] ubifs: authenticate replayed journal Sascha Hauer
2018-07-08 6:08 ` kbuild test robot
2018-08-27 21:16 ` Richard Weinberger
2018-07-04 12:41 ` [PATCH 17/25] ubifs: authentication: authenticate LPT Sascha Hauer
2018-07-04 12:41 ` [PATCH 18/25] ubfis: authentication: authenticate master node Sascha Hauer
2018-07-04 12:41 ` [PATCH 19/25] ubifs: Create hash for default LPT Sascha Hauer
2018-07-04 12:41 ` [PATCH 20/25] ubifs: authentication: Authenticate super block node Sascha Hauer
2018-07-04 12:41 ` [PATCH 21/25] ubifs: Add hashes and HMACs to default filesystem Sascha Hauer
2018-07-04 12:41 ` [PATCH 22/25] ubifs: do not update inode size in-place in authenticated mode Sascha Hauer
2018-07-04 12:41 ` [PATCH 23/25] ubifs: Enable authentication support Sascha Hauer
2018-07-04 12:41 ` [PATCH 24/25] ubifs: support offline signed images Sascha Hauer
2018-07-04 12:41 ` [PATCH 25/25] Documentation: ubifs: Add authentication whitepaper Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180907102516.2dr3x3mevuu2l2mz@pengutronix.de \
--to=s.hauer@pengutronix.de \
--cc=david@sigma-star.at \
--cc=kernel@pengutronix.de \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=richard@nod.at \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).