lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue,  1 Nov 2022 22:35:54 -0700
From:   Eric Biggers <ebiggers@...nel.org>
To:     linux-ext4@...r.kernel.org
Cc:     linux-fscrypt@...r.kernel.org
Subject: [e2fsprogs PATCH] e2fsck: don't allow journal inode to have encrypt flag

From: Eric Biggers <ebiggers@...gle.com>

Since the kernel is being fixed to consider journal inodes with the
'encrypt' flag set to be invalid, also update e2fsck accordingly.

Signed-off-by: Eric Biggers <ebiggers@...gle.com>
---
 e2fsck/journal.c                   |   3 ++-
 tests/f_badjour_encrypted/expect.1 |  30 +++++++++++++++++++++++++++++
 tests/f_badjour_encrypted/expect.2 |   7 +++++++
 tests/f_badjour_encrypted/image.gz | Bin 0 -> 2637 bytes
 tests/f_badjour_encrypted/name     |   1 +
 5 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 tests/f_badjour_encrypted/expect.1
 create mode 100644 tests/f_badjour_encrypted/expect.2
 create mode 100644 tests/f_badjour_encrypted/image.gz
 create mode 100644 tests/f_badjour_encrypted/name

diff --git a/e2fsck/journal.c b/e2fsck/journal.c
index d802c5e9..343e48ba 100644
--- a/e2fsck/journal.c
+++ b/e2fsck/journal.c
@@ -1039,7 +1039,8 @@ static errcode_t e2fsck_get_journal(e2fsck_t ctx, journal_t **ret_journal)
 			tried_backup_jnl++;
 		}
 		if (!j_inode->i_ext2.i_links_count ||
-		    !LINUX_S_ISREG(j_inode->i_ext2.i_mode)) {
+		    !LINUX_S_ISREG(j_inode->i_ext2.i_mode) ||
+		    (j_inode->i_ext2.i_flags & EXT4_ENCRYPT_FL)) {
 			retval = EXT2_ET_NO_JOURNAL;
 			goto try_backup_journal;
 		}
diff --git a/tests/f_badjour_encrypted/expect.1 b/tests/f_badjour_encrypted/expect.1
new file mode 100644
index 00000000..e88e3770
--- /dev/null
+++ b/tests/f_badjour_encrypted/expect.1
@@ -0,0 +1,30 @@
+Superblock has an invalid journal (inode 8).
+Clear? yes
+
+*** journal has been deleted ***
+
+Pass 1: Checking inodes, blocks, and sizes
+Journal inode is not in use, but contains data.  Clear? yes
+
+Pass 2: Checking directory structure
+Pass 3: Checking directory connectivity
+Pass 4: Checking reference counts
+Pass 5: Checking group summary information
+Block bitmap differences:  -(32--33) -(35--49) -(115--1121)
+Fix? yes
+
+Free blocks count wrong for group #0 (926, counted=1950).
+Fix? yes
+
+Free blocks count wrong (926, counted=1950).
+Fix? yes
+
+Recreate journal? yes
+
+Creating journal (1024 blocks):  Done.
+
+*** journal has been regenerated ***
+
+test_filesys: ***** FILE SYSTEM WAS MODIFIED *****
+test_filesys: 11/256 files (0.0% non-contiguous), 1122/2048 blocks
+Exit status is 1
diff --git a/tests/f_badjour_encrypted/expect.2 b/tests/f_badjour_encrypted/expect.2
new file mode 100644
index 00000000..a3744874
--- /dev/null
+++ b/tests/f_badjour_encrypted/expect.2
@@ -0,0 +1,7 @@
+Pass 1: Checking inodes, blocks, and sizes
+Pass 2: Checking directory structure
+Pass 3: Checking directory connectivity
+Pass 4: Checking reference counts
+Pass 5: Checking group summary information
+test_filesys: 11/256 files (9.1% non-contiguous), 1122/2048 blocks
+Exit status is 0
diff --git a/tests/f_badjour_encrypted/image.gz b/tests/f_badjour_encrypted/image.gz
new file mode 100644
index 0000000000000000000000000000000000000000..660496ea5bba9b5589e6ce522feb998a56ab946a
GIT binary patch
literal 2637
zcmb2|=3oE;CgwMHnR%A}ly$iH+hCjen-$w~Z}VkIC+6NxyCc!NYR5sNh}+xBbE4nR
zN&o!s6aW5(lcp<{UH`qxzUS4ptP5pfA==wwf8L3{|MOkc?r&esd8Bgo#^iqA5gFQC
z<@R-dVr@...HkR5{rAnDhwlG>jraZU^QHBbXJlmsKi|6fW!ukpZ~6bfSpUB2;pTmx
zj{M*I=+61|wWkw4%t_n+w)pIx)GIr3+pcz<UH*C1)vHaf+5&5L-JN;=TiBLGj=QD!
zvwYR3oA+2BEcm`&zU2O)tkADJdjH<PwxLjZ&!1oZHNUt0v)ga`;{kvAnl~H3enld#
z$+@...c~a}A54fin`clHvi0Skf*&i~udaD@=i-@...orPp11i^EC2t^@...&nP$X3
zzi$!s_i3c{*ZQX!$^Q>{-utf_{{O+ORnhK@!q@)4KVSKq`3wIq_AmS|<S*DSsCW3^
z@...?^DlP4J^%iH{<8evDyi)kD?Tqg`0VhxvhA|(9o0n`65ek4mi5+?8xj$4$636y
z`F^c@...vQi=WK?|9-~qcRR0El+UlfvVnKm_Je1l*?MoM1?axIu;=xksEaRLt^f1+
zcI>}%!KM17_pFRy`>QV2pCx6B<9`)>o$;~a`cLx=*Y;<@Z|{cwUm;riQQi9d{>A@(
z&c6T7uKx1sm(kDuuPD6Dvs!ev|MSq*t68t|F8)>W`}uD3t6l#pUM)HIKYZ_&&TqRj
zWsCn;=6#)UcWr%}?)}rh(#y8)a4!C~Kik#*_w$dx|Fgp#PX@#7>W*1KzH66-US2JE
z^-NZn>F!y<XV*Rp{k)o$kqqNTwTy<qXb9jBf%d~z-yS%C)HqDo|5YJ89>4NY+0hUf
k4S}H$0uFBvZUnjWfI|K2%r`6YXzOOCSzdj93=9ek0BUk;ZvX%Q

literal 0
HcmV?d00001

diff --git a/tests/f_badjour_encrypted/name b/tests/f_badjour_encrypted/name
new file mode 100644
index 00000000..e8f4c04f
--- /dev/null
+++ b/tests/f_badjour_encrypted/name
@@ -0,0 +1 @@
+journal inode has encrypt flag

base-commit: aad34909b6648579f42dade5af5b46821aa4d845
-- 
2.38.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ