lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1338391121.2536.94.camel@sauron.fi.intel.com>
Date:	Wed, 30 May 2012 18:18:41 +0300
From:	Artem Bityutskiy <dedekind1@...il.com>
To:	Joel Reardon <joel@...mbassador.com>
Cc:	linux-mtd@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] UBIFS: compute KSA size and store in superblock

Hi,

On Wed, 2012-05-30 at 15:32 +0200, Joel Reardon wrote:
> @@ -389,6 +408,7 @@ static int validate_sb(struct ubifs_info *c, struct ubifs_sb_node *sup)
>  	 */
>  	min_leb_cnt = UBIFS_SB_LEBS + UBIFS_MST_LEBS + c->log_lebs;
>  	min_leb_cnt += c->lpt_lebs + c->orph_lebs + c->jhead_cnt + 6;
> +	min_leb_cnt += c->ksa_lebs;

You need to validate that:

1. if use_ubifsec is true, then ksa_lebs is not zero.
2. ksa_lebs is sane - not too small, not too large.

> diff --git a/fs/ubifs/ubifs-media.h b/fs/ubifs/ubifs-media.h
> index 90f348c..1dda25d 100644
> --- a/fs/ubifs/ubifs-media.h
> +++ b/fs/ubifs/ubifs-media.h
> @@ -618,10 +618,13 @@ struct ubifs_pad_node {
>   * @rp_uid: reserve pool UID
>   * @rp_gid: reserve pool GID
>   * @rp_size: size of the reserved pool in bytes
> - * @padding2: reserved for future, zeroes

Do not remove this comment.

>   * @time_gran: time granularity in nanoseconds
>   * @uuid: UUID generated when the file system image was created
>   * @ro_compat_version: UBIFS R/O compatibility version
> + * @crypto_lebs: number of LEBS being used to store keys
> + * @use_ubifsec: the LSB signifies whether the file system should use secure
> + *		 deletion
> + * @padding2: reserved for future, zeroes
>   */
>  struct ubifs_sb_node {
>  	struct ubifs_ch ch;
> @@ -649,7 +652,9 @@ struct ubifs_sb_node {
>  	__le32 time_gran;
>  	__u8 uuid[16];
>  	__le32 ro_compat_version;
> -	__u8 padding2[3968];
> +	__le32 ksa_lebs;
> +	__u8 use_ubifsec;
> +	__u8 padding2[3963];
>  } __packed;

-- 
Best Regards,
Artem Bityutskiy

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ