lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Jun 2022 11:54:46 +0200 From: Greg KH <greg@...ah.com> To: Eric Biggers <ebiggers@...nel.org> Cc: stable@...r.kernel.org, linux-ext4@...r.kernel.org, linux-fscrypt@...r.kernel.org, Gabriel Krisman Bertazi <krisman@...labora.com>, Theodore Ts'o <tytso@....edu> Subject: Re: [PATCH 5.10] ext4: only allow test_dummy_encryption when supported On Mon, Jun 06, 2022 at 04:12:33PM -0700, Eric Biggers wrote: > From: Eric Biggers <ebiggers@...gle.com> > > commit 5f41fdaea63ddf96d921ab36b2af4a90ccdb5744 upstream. > > Make the test_dummy_encryption mount option require that the encrypt > feature flag be already enabled on the filesystem, rather than > automatically enabling it. Practically, this means that "-O encrypt" > will need to be included in MKFS_OPTIONS when running xfstests with the > test_dummy_encryption mount option. (ext4/053 also needs an update.) > > Moreover, as long as the preconditions for test_dummy_encryption are > being tightened anyway, take the opportunity to start rejecting it when > !CONFIG_FS_ENCRYPTION rather than ignoring it. > > The motivation for requiring the encrypt feature flag is that: > > - Having the filesystem auto-enable feature flags is problematic, as it > bypasses the usual sanity checks. The specific issue which came up > recently is that in kernel versions where ext4 supports casefold but > not encrypt+casefold (v5.1 through v5.10), the kernel will happily add > the encrypt flag to a filesystem that has the casefold flag, making it > unmountable -- but only for subsequent mounts, not the initial one. > This confused the casefold support detection in xfstests, causing > generic/556 to fail rather than be skipped. > > - The xfstests-bld test runners (kvm-xfstests et al.) already use the > required mkfs flag, so they will not be affected by this change. Only > users of test_dummy_encryption alone will be affected. But, this > option has always been for testing only, so it should be fine to > require that the few users of this option update their test scripts. > > - f2fs already requires it (for its equivalent feature flag). > > Signed-off-by: Eric Biggers <ebiggers@...gle.com> > Reviewed-by: Gabriel Krisman Bertazi <krisman@...labora.com> > Link: https://lore.kernel.org/r/20220519204437.61645-1-ebiggers@kernel.org > Signed-off-by: Theodore Ts'o <tytso@....edu> Both now queued up, thanks. greg k-h
Powered by blists - more mailing lists