lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <04825e07-04d4-4eef-8b06-1e2329880612@kernel.org>
Date: Tue, 18 Jun 2024 11:04:16 +0800
From: Chao Yu <chao@...nel.org>
To: Xiuhong Wang <xiuhong.wang@...soc.com>, jaegeuk@...nel.org,
 linux-f2fs-devel@...ts.sourceforge.net, linux-kernel@...r.kernel.org
Cc: niuzhiguo84@...il.com, ke.wang@...soc.com, xiuhong.wang.cn@...il.com,
 hao_hao.wang@...soc.com
Subject: Re: [PATCH] f2fs-tools: fix do_set_verity ioctl fail issue

On 2024/6/17 15:11, Xiuhong Wang wrote:
> When using the f2fs_io tool to set_verity, it will fail as follows:
> unisc:/data # ./f2fs_io set_verity file
> FS_IOC_ENABLE_VERITY: Inappropriate ioctl for device
> this is because commit: 95ae251fe828 ("f2fs: add fs-verity support"),
> the passed parameters do not match the latest kernel version.
> 
> After patch:
> unisoc:/data # ./f2fs_io set_verity file
> Set fsverity bit to file
> unisoc:/data # ./f2fs_io getflags file
> get a flag on file ret=0, flags=verity
> 
> Fixes: 95ae251fe828 ("f2fs: add fs-verity support")
> Signed-off-by: Xiuhong Wang <xiuhong.wang@...soc.com>
> Signed-off-by: Zhiguo Niu <zhiguo.niu@...soc.com>
> ---
>   include/android_config.h |  1 +
>   tools/f2fs_io/f2fs_io.c  |  9 ++++++---
>   tools/f2fs_io/f2fs_io.h  | 20 ++++++++++++++++++--
>   3 files changed, 25 insertions(+), 5 deletions(-)
> 
> diff --git a/include/android_config.h b/include/android_config.h
> index 05b686e..9c8b163 100644
> --- a/include/android_config.h
> +++ b/include/android_config.h
> @@ -13,6 +13,7 @@
>   #define HAVE_LINUX_XATTR_H 1
>   #define HAVE_LINUX_FS_H 1
>   #define HAVE_LINUX_FIEMAP_H 1
> +#define HAVE_LINUX_VERITY_H 1
>   #define HAVE_MNTENT_H 1
>   #define HAVE_STDLIB_H 1
>   #define HAVE_STRING_H 1
> diff --git a/tools/f2fs_io/f2fs_io.c b/tools/f2fs_io/f2fs_io.c
> index a7b593a..2447490 100644
> --- a/tools/f2fs_io/f2fs_io.c
> +++ b/tools/f2fs_io/f2fs_io.c
> @@ -182,16 +182,19 @@ static void do_fsync(int argc, char **argv, const struct cmd_desc *cmd)
>   static void do_set_verity(int argc, char **argv, const struct cmd_desc *cmd)
>   {
>   	int ret, fd;
> +	struct fsverity_enable_arg args = {.version = 1};
> +
> +	args.hash_algorithm = FS_VERITY_HASH_ALG_SHA256;
> +	args.block_size = 4096;
>   
>   	if (argc != 2) {
>   		fputs("Excess arguments\n\n", stderr);
>   		fputs(cmd->cmd_help, stderr);
>   		exit(1);
>   	}
> +	fd = open(argv[1], O_RDONLY);
>   
> -	fd = open(argv[1], O_RDWR);

It needs write permission?

Thanks,

> -
> -	ret = ioctl(fd, FS_IOC_ENABLE_VERITY);
> +	ret = ioctl(fd, FS_IOC_ENABLE_VERITY, &args);
>   	if (ret < 0) {
>   		perror("FS_IOC_ENABLE_VERITY");
>   		exit(1);
> diff --git a/tools/f2fs_io/f2fs_io.h b/tools/f2fs_io/f2fs_io.h
> index b5c82f5..e55db5f 100644
> --- a/tools/f2fs_io/f2fs_io.h
> +++ b/tools/f2fs_io/f2fs_io.h
> @@ -16,6 +16,9 @@
>   #ifdef HAVE_LINUX_FS_H
>   #include <linux/fs.h>
>   #endif
> +#ifdef HAVE_LINUX_VERITY_H
> +#include <linux/fsverity.h>
> +#endif
>   
>   #include <sys/types.h>
>   
> @@ -136,8 +139,21 @@ struct fscrypt_get_policy_ex_arg {
>   #define F2FS_IOC_GET_ENCRYPTION_POLICY	FS_IOC_GET_ENCRYPTION_POLICY
>   #define F2FS_IOC_GET_ENCRYPTION_PWSALT	FS_IOC_GET_ENCRYPTION_PWSALT
>   
> -#define FS_IOC_ENABLE_VERITY		_IO('f', 133)
> -
> +#ifndef FS_IOC_ENABLE_VERITY
> +#define FS_IOC_ENABLE_VERITY    _IOW('f', 133, struct fsverity_enable_arg)
> +#define FS_VERITY_HASH_ALG_SHA256       1
> +struct fsverity_enable_arg {
> +	__u32 version;
> +	__u32 hash_algorithm;
> +	__u32 block_size;
> +	__u32 salt_size;
> +	__u64 salt_ptr;
> +	__u32 sig_size;
> +	__u32 __reserved1;
> +	__u64 sig_ptr;
> +	__u64 __reserved2[11];
> +};
> +#endif
>   /*
>    * Inode flags
>    */

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ