lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <c790aa59-7686-09e2-1066-92bec97704cd@redhat.com>
Date:   Wed, 21 Aug 2019 10:17:09 -0500
From:   Eric Sandeen <esandeen@...hat.com>
To:     Lukas Czerner <lczerner@...hat.com>, linux-ext4@...r.kernel.org
Subject: Re: [PATCH 2/2] tune2fs: Warn if page size != blocksize when enabling
 encrypt



On 8/21/19 8:18 AM, Lukas Czerner wrote:
> With encrypt feature enabled the file system block size must match
> system page size. Currently tune2fs will not complain at all when we try
> to enable encrypt on a file system that does not satisfy this
> requirement for the system. Add a warning for this case.
> 
> Signed-off-by: Lukas Czerner <lczerner@...hat.com>
> ---
>  misc/tune2fs.c | 38 ++++++++++++++++++++++++++++++++++++++
>  1 file changed, 38 insertions(+)
> 
> diff --git a/misc/tune2fs.c b/misc/tune2fs.c
> index 7d2d38d7..26b1b1d0 100644
> --- a/misc/tune2fs.c
> +++ b/misc/tune2fs.c
> @@ -130,6 +130,8 @@ void do_findfs(int argc, char **argv);
>  int journal_enable_debug = -1;
>  #endif
>  
> +static int sys_page_size = 4096;
> +
>  static void usage(void)
>  {
>  	fprintf(stderr,
> @@ -1407,6 +1409,29 @@ mmp_error:
>  			      stderr);
>  			return 1;
>  		}
> +
> +		/*
> +		 * When encrypt feature is enabled, the file system blocksize
> +		 * needs to match system page size otherwise the file system
> +		 * won't mount.
> +		 */
> +		if (fs->blocksize != sys_page_size) {
> +			if (!f_flag) {
> +				com_err(program_name, 0,
> +					_("Block size (%dB) does not match "
> +					  "system page size (%dB). File "
> +					  "system won't be usable on this "
> +					  "system"),

I wonder if this message should explicitly mention the encryption option, right
now it doesn't give a lot of context as to why this is being printed.

Perhaps "Encryption feature requested, but block size (%dB) does not match ...?"

-Eric

> +					fs->blocksize, sys_page_size);
> +				proceed_question(-1);
> +			}
> +			fprintf(stderr,_("Warning: Encrypt feature enabled, "
> +					 "but block size (%dB) does not match "
> +					 "system page size (%dB), forced to "
> +					 "cointinue\n"),
> +				fs->blocksize, sys_page_size);
> +		}
> +
>  		fs->super->s_encrypt_algos[0] =
>  			EXT4_ENCRYPTION_MODE_AES_256_XTS;
>  		fs->super->s_encrypt_algos[1] =
> @@ -2844,6 +2869,7 @@ int main(int argc, char **argv)
>  int tune2fs_main(int argc, char **argv)
>  #endif  /* BUILD_AS_LIB */
>  {
> +	long sysval;
>  	errcode_t retval;
>  	ext2_filsys fs;
>  	struct ext2_super_block *sb;
> @@ -2879,6 +2905,18 @@ int tune2fs_main(int argc, char **argv)
>  #endif
>  		io_ptr = unix_io_manager;
>  
> +	/* Determine the system page size if possible */
> +#ifdef HAVE_SYSCONF
> +#if (!defined(_SC_PAGESIZE) && defined(_SC_PAGE_SIZE))
> +#define _SC_PAGESIZE _SC_PAGE_SIZE
> +#endif
> +#ifdef _SC_PAGESIZE
> +	sysval = sysconf(_SC_PAGESIZE);
> +	if (sysval > 0)
> +		sys_page_size = sysval;
> +#endif /* _SC_PAGESIZE */
> +#endif /* HAVE_SYSCONF */
> +
>  retry_open:
>  	if ((open_flag & EXT2_FLAG_RW) == 0 || f_flag)
>  		open_flag |= EXT2_FLAG_SKIP_MMP;
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ