lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <bdd94a7c-7364-c262-ed01-d7e6fcb26007@linux.alibaba.com>
Date:   Sun, 30 Jul 2023 22:01:11 +0800
From:   Gao Xiang <hsiangkao@...ux.alibaba.com>
To:     Thomas Weißschuh <thomas@...ch.de>,
        Jingbo Xu <jefflexu@...ux.alibaba.com>
Cc:     chao@...nel.org, huyue2@...lpad.com, linux-erofs@...ts.ozlabs.org,
        linux-kernel@...r.kernel.org, Karel Zak <kzak@...hat.com>
Subject: Re: [PATCH v2] erofs: deprecate superblock checksum feature


Hi Thomas,

On 2023/7/30 21:31, Thomas Weißschuh wrote:
> On 2023-07-17 19:27:03+0800, Jingbo Xu wrote:
>> Later we're going to try the self-contained image verification.
>> The current superblock checksum feature has quite limited
>> functionality, instead, merkle trees can provide better protection
>> for image integrity.
> 
> The crc32c checksum is also used by libblkid to gain more confidence
> in its filesystem detection.
> I guess a merkle tree would be much harder to implement.
> 
> This is for example used by the mount(8) cli program to allow mounting
> of devices without explicitly needing to specify a filesystem.
> 
> Note: libblkid tests for EROFS_FEATURE_SB_CSUM so at least it won't
> break when the checksum is removed.
I'm not sure if we could switch EROFS_FEATURE_SB_CSUM to a simpler
checksum instead (e.g. just sum each byte up if both
EROFS_FEATURE_SB_CSUM and COMPAT_XATTR_FILTER bits are set, or
ignore checksums completely at least in the kernel) if the better
filesystem detection by using sb chksum is needed (not sure if other
filesystems have sb chksum or just do magic comparsion)?

The main problem here is after xattr name filter feature is added
(xxhash is generally faster than crc32c), there could be two
hard-depended hashing algorithms, this increases more dependency
especially for embededed devices.

Thanks,
Gao Xiang

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ