lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Apr 2022 11:24:33 -0400 From: "Theodore Ts'o" <tytso@....edu> To: Eric Biggers <ebiggers@...nel.org> Cc: linux-ext4@...r.kernel.org, linux-fscrypt@...r.kernel.org, fstests@...r.kernel.org Subject: Re: [PATCH] ext4: make test_dummy_encryption require the encrypt feature On Thu, Apr 21, 2022 at 11:40:40AM -0700, Eric Biggers wrote: > From: Eric Biggers <ebiggers@...gle.com> > > Make the test_dummy_encryption mount option require that the encrypt > feature flag be already enabled on the filesystem, rather than > automatically enabling it. Practically, this means that "-O encrypt" > will need to be included in MKFS_OPTIONS when running xfstests with the > test_dummy_encryption mount option. > > The motivation for this is that: > > - Having the filesystem auto-enable feature flags is problematic, as it > bypasses the usual sanity checks. The specific issue which came up > recently is that in kernel versions where ext4 supports casefold but > not encrypt+casefold (v5.1 through v5.10), the kernel will happily add > the encrypt flag to a filesystem that has the casefold flag, making it > unmountable -- but only for subsequent mounts, not the initial one. > This confused the casefold support detection in xfstests, causing > generic/556 to fail rather than be skipped. > > - The xfstests-bld test runners (kvm-xfstests et al.) already use the > required mkfs flag, so they will not be affected by this change. Only > users of test_dummy_encryption alone will be affected. But, this > option has always been for testing only, so it should be fine to > require that the few users of this option update their test scripts. One of the test scripts involved is xfstests's ext4/053, as the zero-day test rebot has remarked upon. Eric, could you look into submitting a patch to xfstests's ext4/053. Thanks! - Ted
Powered by blists - more mailing lists