Re: [PATCH 13/25] ubifs: authentication: Add hashes to index nodes
From: Sascha Hauer
Date: Fri Sep 07 2018 - 06:25:34 EST
On Mon, Aug 27, 2018 at 09:36:56PM +0200, Richard Weinberger wrote:
> > diff --git a/fs/ubifs/tnc.c b/fs/ubifs/tnc.c
> > index a47fced47823..a00809d4fe6f 100644
> > --- a/fs/ubifs/tnc.c
> > +++ b/fs/ubifs/tnc.c
> > @@ -488,6 +488,12 @@ static int try_read_node(const struct ubifs_info *c, void *buf, int type,
> > if (crc != node_crc)
> > return 0;
> >
> > + err = ubifs_node_check_hash(c, buf, zbr->hash);
> > + if (err) {
> > + ubifs_err(c, "hash mismatch on node at LEB %d:%d", lnum, offs);
> > + return 0;
> > + }
>
> Hmm, I think a global "hash is bad" handler would be nice to have.
> That way we always report in the same way.
I created a function reporting a bad hash, so every failure goes through
the same code...
>
> Maybe also a new file system specific ioctl to query whether a hash
> failure was noticed.
but I'll leave that for a later excercise if that's ok. I am unsure how
useful such an ioctl() is. It's too easy to interpret such a hash
mismatch as some kind of security violation when it's more likely just a
bug somewhere.
> > @@ -868,6 +877,23 @@ static int write_index(struct ubifs_info *c)
> > }
> > len = ubifs_idx_node_sz(c, znode->child_cnt);
> > ubifs_prepare_node(c, idx, len, 0);
> > + ubifs_node_calc_hash(c, idx, hash);
> > +
> > + mutex_lock(&c->tnc_mutex);
>
> This lock looks correct too me.
> Just in case, you did test with lockdep enabled? :-)
Yes, I had lockdep enabled in all my tests.
Sascha
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |