lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <43c4515c-9977-3407-7bae-33cff19b3bdb@redhat.com>
Date:   Thu, 3 Oct 2019 08:48:51 -0500
From:   Eric Sandeen <esandeen@...hat.com>
To:     Lukas Czerner <lczerner@...hat.com>, linux-ext4@...r.kernel.org
Subject: Re: [PATCH v2 2/2] tune2fs: Warn if page size != blocksize when
 enabling encrypt

On 8/22/19 7:17 AM, Lukas Czerner wrote:
> With encrypt feature enabled the file system block size must match
> system page size. Currently tune2fs will not complain at all when we try
> to enable encrypt on a file system that does not satisfy this
> requirement for the system. Add a warning for this case.
> 
> Signed-off-by: Lukas Czerner <lczerner@...hat.com>
> ---
>  misc/tune2fs.c | 39 +++++++++++++++++++++++++++++++++++++++
>  1 file changed, 39 insertions(+)
> 
> diff --git a/misc/tune2fs.c b/misc/tune2fs.c
> index 7d2d38d7..f1604447 100644
> --- a/misc/tune2fs.c
> +++ b/misc/tune2fs.c
> @@ -130,6 +130,8 @@ void do_findfs(int argc, char **argv);
>  int journal_enable_debug = -1;
>  #endif
>  
> +static int sys_page_size = 4096;
> +
>  static void usage(void)
>  {
>  	fprintf(stderr,
> @@ -1407,6 +1409,30 @@ mmp_error:
>  			      stderr);
>  			return 1;
>  		}
> +
> +		/*
> +		 * When encrypt feature is enabled, the file system blocksize
> +		 * needs to match system page size otherwise the file system
> +		 * won't mount.
> +		 */
> +		if (fs->blocksize != sys_page_size) {
> +			if (!f_flag) {
> +				com_err(program_name, 0,
> +					_("Encryption feature requested, but "
> +					  "block size (%dB) does not match "
> +					  "system page size (%dB). File "
> +					  "system won't be usable on this "
> +					  "system"),
> +					fs->blocksize, sys_page_size);
> +				proceed_question(-1);
> +			}
> +			fprintf(stderr,_("Warning: Encrypt feature enabled, "
> +					 "but block size (%dB) does not match "
> +					 "system page size (%dB), forced to "
> +					 "cointinue\n"),

"continue"

With that fix,

Reviewed-by: Eric Sandeen <sandeen@...hat.com>

> +				fs->blocksize, sys_page_size);
> +		}
> +
>  		fs->super->s_encrypt_algos[0] =
>  			EXT4_ENCRYPTION_MODE_AES_256_XTS;
>  		fs->super->s_encrypt_algos[1] =
> @@ -2844,6 +2870,7 @@ int main(int argc, char **argv)
>  int tune2fs_main(int argc, char **argv)
>  #endif  /* BUILD_AS_LIB */
>  {
> +	long sysval;
>  	errcode_t retval;
>  	ext2_filsys fs;
>  	struct ext2_super_block *sb;
> @@ -2879,6 +2906,18 @@ int tune2fs_main(int argc, char **argv)
>  #endif
>  		io_ptr = unix_io_manager;
>  
> +	/* Determine the system page size if possible */
> +#ifdef HAVE_SYSCONF
> +#if (!defined(_SC_PAGESIZE) && defined(_SC_PAGE_SIZE))
> +#define _SC_PAGESIZE _SC_PAGE_SIZE
> +#endif
> +#ifdef _SC_PAGESIZE
> +	sysval = sysconf(_SC_PAGESIZE);
> +	if (sysval > 0)
> +		sys_page_size = sysval;
> +#endif /* _SC_PAGESIZE */
> +#endif /* HAVE_SYSCONF */
> +
>  retry_open:
>  	if ((open_flag & EXT2_FLAG_RW) == 0 || f_flag)
>  		open_flag |= EXT2_FLAG_SKIP_MMP;
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ