lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 22 Aug 2019 11:48:33 +0200
From:   Lukas Czerner <lczerner@...hat.com>
To:     sandeen@...hat.com
Cc:     linux-ext4@...r.kernel.org
Subject: Re: [PATCH 2/2] tune2fs: Warn if page size != blocksize when
 enabling encrypt

On Wed, Aug 21, 2019 at 10:17:09AM -0500, Eric Sandeen wrote:
> 
> 
> On 8/21/19 8:18 AM, Lukas Czerner wrote:
> > With encrypt feature enabled the file system block size must match
> > system page size. Currently tune2fs will not complain at all when we try
> > to enable encrypt on a file system that does not satisfy this
> > requirement for the system. Add a warning for this case.
> > 
> > Signed-off-by: Lukas Czerner <lczerner@...hat.com>
> > ---
> >  misc/tune2fs.c | 38 ++++++++++++++++++++++++++++++++++++++
> >  1 file changed, 38 insertions(+)
> > 
> > diff --git a/misc/tune2fs.c b/misc/tune2fs.c
> > index 7d2d38d7..26b1b1d0 100644
> > --- a/misc/tune2fs.c
> > +++ b/misc/tune2fs.c
> > @@ -130,6 +130,8 @@ void do_findfs(int argc, char **argv);
> >  int journal_enable_debug = -1;
> >  #endif
> >  
> > +static int sys_page_size = 4096;
> > +
> >  static void usage(void)
> >  {
> >  	fprintf(stderr,
> > @@ -1407,6 +1409,29 @@ mmp_error:
> >  			      stderr);
> >  			return 1;
> >  		}
> > +
> > +		/*
> > +		 * When encrypt feature is enabled, the file system blocksize
> > +		 * needs to match system page size otherwise the file system
> > +		 * won't mount.
> > +		 */
> > +		if (fs->blocksize != sys_page_size) {
> > +			if (!f_flag) {
> > +				com_err(program_name, 0,
> > +					_("Block size (%dB) does not match "
> > +					  "system page size (%dB). File "
> > +					  "system won't be usable on this "
> > +					  "system"),
> 
> I wonder if this message should explicitly mention the encryption option, right
> now it doesn't give a lot of context as to why this is being printed.

Ah right, I suppose people can change more things at once. I'll get it
fixed.

Thanks!
-Lukas

> 
> Perhaps "Encryption feature requested, but block size (%dB) does not match ...?"
> 
> -Eric
> 
> > +					fs->blocksize, sys_page_size);
> > +				proceed_question(-1);
> > +			}
> > +			fprintf(stderr,_("Warning: Encrypt feature enabled, "
> > +					 "but block size (%dB) does not match "
> > +					 "system page size (%dB), forced to "
> > +					 "cointinue\n"),
> > +				fs->blocksize, sys_page_size);
> > +		}
> > +
> >  		fs->super->s_encrypt_algos[0] =
> >  			EXT4_ENCRYPTION_MODE_AES_256_XTS;
> >  		fs->super->s_encrypt_algos[1] =
> > @@ -2844,6 +2869,7 @@ int main(int argc, char **argv)
> >  int tune2fs_main(int argc, char **argv)
> >  #endif  /* BUILD_AS_LIB */
> >  {
> > +	long sysval;
> >  	errcode_t retval;
> >  	ext2_filsys fs;
> >  	struct ext2_super_block *sb;
> > @@ -2879,6 +2905,18 @@ int tune2fs_main(int argc, char **argv)
> >  #endif
> >  		io_ptr = unix_io_manager;
> >  
> > +	/* Determine the system page size if possible */
> > +#ifdef HAVE_SYSCONF
> > +#if (!defined(_SC_PAGESIZE) && defined(_SC_PAGE_SIZE))
> > +#define _SC_PAGESIZE _SC_PAGE_SIZE
> > +#endif
> > +#ifdef _SC_PAGESIZE
> > +	sysval = sysconf(_SC_PAGESIZE);
> > +	if (sysval > 0)
> > +		sys_page_size = sysval;
> > +#endif /* _SC_PAGESIZE */
> > +#endif /* HAVE_SYSCONF */
> > +
> >  retry_open:
> >  	if ((open_flag & EXT2_FLAG_RW) == 0 || f_flag)
> >  		open_flag |= EXT2_FLAG_SKIP_MMP;
> >

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ