On Mon, Aug 27, 2018 at 09:36:56PM +0200, Richard Weinberger wrote:
> > diff --git a/fs/ubifs/tnc.c b/fs/ubifs/tnc.c
> > index a47fced47823..a00809d4fe6f 100644
> > --- a/fs/ubifs/tnc.c
> > +++ b/fs/ubifs/tnc.c
> > @@ -488,6 +488,12 @@ static int try_read_node(const struct ubifs_info *c, void *buf, int type,
> > if (crc != node_crc)
> > return 0;
> >
> > + err = ubifs_node_check_hash(c, buf, zbr->hash);
> > + if (err) {
> > + ubifs_err(c, "hash mismatch on node at LEB %d:%d", lnum, offs);
> > + return 0;
> > + }
>
> Hmm, I think a global "hash is bad" handler would be nice to have.
> That way we always report in the same way.
I created a function reporting a bad hash, so every failure goes through
the same code...
>
> Maybe also a new file system specific ioctl to query whether a hash
> failure was noticed.
but I'll leave that for a later excercise if that's ok. I am unsure how
useful such an ioctl() is. It's too easy to interpret such a hash
mismatch as some kind of security violation when it's more likely just a
bug somewhere.
> > @@ -868,6 +877,23 @@ static int write_index(struct ubifs_info *c)
> > }
> > len = ubifs_idx_node_sz(c, znode->child_cnt);
> > ubifs_prepare_node(c, idx, len, 0);
> > + ubifs_node_calc_hash(c, idx, hash);
> > +
> > + mutex_lock(&c->tnc_mutex);
>
> This lock looks correct too me.
> Just in case, you did test with lockdep enabled? :-)
Yes, I had lockdep enabled in all my tests.
Sascha
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
Re: [PATCH 13/25] ubifs: authentication: Add hashes to index nodes
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: [PATCH 13/25] ubifs: authentication: Add hashes to index nodes
- From: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>
- Date: Fri, 7 Sep 2018 12:25:16 +0200
- Cc: David Gstir <david@xxxxxxxxxxxxx>, linux-mtd@xxxxxxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, kernel@xxxxxxxxxxxxxx
- In-reply-to: <2092924.iTNEbfF25J@blindfold>
- References: <20180704124137.13396-1-s.hauer@pengutronix.de> <20180704124137.13396-14-s.hauer@pengutronix.de> <2092924.iTNEbfF25J@blindfold>
- User-agent: NeoMutt/20170113 (1.7.2)
- References:
- [PATCH 00/25] UBIFS authentication support
- From: Sascha Hauer
- [PATCH 13/25] ubifs: authentication: Add hashes to index nodes
- From: Sascha Hauer
- Re: [PATCH 13/25] ubifs: authentication: Add hashes to index nodes
- From: Richard Weinberger
- [PATCH 00/25] UBIFS authentication support
- Prev by Date: Re: [PATCH 19/19] mtd: rawnand: Move JEDEC code to nand_jedec.c
- Next by Date: [PATCH] mtd: rawnand: denali: add DT property to specify skipped bytes in OOB
- Previous by thread: Re: [PATCH 13/25] ubifs: authentication: Add hashes to index nodes
- Next by thread: [PATCH 14/25] ubifs: Add authentication nodes to journal
- Index(es):
 |