| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 Jun 2024 11:04:16 +0800
From: Chao Yu <chao@...nel.org>
To: Xiuhong Wang <xiuhong.wang@...soc.com>, jaegeuk@...nel.org,
linux-f2fs-devel@...ts.sourceforge.net, linux-kernel@...r.kernel.org
Cc: niuzhiguo84@...il.com, ke.wang@...soc.com, xiuhong.wang.cn@...il.com,
hao_hao.wang@...soc.com
Subject: Re: [PATCH] f2fs-tools: fix do_set_verity ioctl fail issue
On 2024/6/17 15:11, Xiuhong Wang wrote:
> When using the f2fs_io tool to set_verity, it will fail as follows:
> unisc:/data # ./f2fs_io set_verity file
> FS_IOC_ENABLE_VERITY: Inappropriate ioctl for device
> this is because commit: 95ae251fe828 ("f2fs: add fs-verity support"),
> the passed parameters do not match the latest kernel version.
>
> After patch:
> unisoc:/data # ./f2fs_io set_verity file
> Set fsverity bit to file
> unisoc:/data # ./f2fs_io getflags file
> get a flag on file ret=0, flags=verity
>
> Fixes: 95ae251fe828 ("f2fs: add fs-verity support")
> Signed-off-by: Xiuhong Wang <xiuhong.wang@...soc.com>
> Signed-off-by: Zhiguo Niu <zhiguo.niu@...soc.com>
> ---
> include/android_config.h | 1 +
> tools/f2fs_io/f2fs_io.c | 9 ++++++---
> tools/f2fs_io/f2fs_io.h | 20 ++++++++++++++++++--
> 3 files changed, 25 insertions(+), 5 deletions(-)
>
> diff --git a/include/android_config.h b/include/android_config.h
> index 05b686e..9c8b163 100644
> --- a/include/android_config.h
> +++ b/include/android_config.h
> @@ -13,6 +13,7 @@
> #define HAVE_LINUX_XATTR_H 1
> #define HAVE_LINUX_FS_H 1
> #define HAVE_LINUX_FIEMAP_H 1
> +#define HAVE_LINUX_VERITY_H 1
> #define HAVE_MNTENT_H 1
> #define HAVE_STDLIB_H 1
> #define HAVE_STRING_H 1
> diff --git a/tools/f2fs_io/f2fs_io.c b/tools/f2fs_io/f2fs_io.c
> index a7b593a..2447490 100644
> --- a/tools/f2fs_io/f2fs_io.c
> +++ b/tools/f2fs_io/f2fs_io.c
> @@ -182,16 +182,19 @@ static void do_fsync(int argc, char **argv, const struct cmd_desc *cmd)
> static void do_set_verity(int argc, char **argv, const struct cmd_desc *cmd)
> {
> int ret, fd;
> + struct fsverity_enable_arg args = {.version = 1};
> +
> + args.hash_algorithm = FS_VERITY_HASH_ALG_SHA256;
> + args.block_size = 4096;
>
> if (argc != 2) {
> fputs("Excess arguments\n\n", stderr);
> fputs(cmd->cmd_help, stderr);
> exit(1);
> }
> + fd = open(argv[1], O_RDONLY);
>
> - fd = open(argv[1], O_RDWR);
It needs write permission?
Thanks,
> -
> - ret = ioctl(fd, FS_IOC_ENABLE_VERITY);
> + ret = ioctl(fd, FS_IOC_ENABLE_VERITY, &args);
> if (ret < 0) {
> perror("FS_IOC_ENABLE_VERITY");
> exit(1);
> diff --git a/tools/f2fs_io/f2fs_io.h b/tools/f2fs_io/f2fs_io.h
> index b5c82f5..e55db5f 100644
> --- a/tools/f2fs_io/f2fs_io.h
> +++ b/tools/f2fs_io/f2fs_io.h
> @@ -16,6 +16,9 @@
> #ifdef HAVE_LINUX_FS_H
> #include <linux/fs.h>
> #endif
> +#ifdef HAVE_LINUX_VERITY_H
> +#include <linux/fsverity.h>
> +#endif
>
> #include <sys/types.h>
>
> @@ -136,8 +139,21 @@ struct fscrypt_get_policy_ex_arg {
> #define F2FS_IOC_GET_ENCRYPTION_POLICY FS_IOC_GET_ENCRYPTION_POLICY
> #define F2FS_IOC_GET_ENCRYPTION_PWSALT FS_IOC_GET_ENCRYPTION_PWSALT
>
> -#define FS_IOC_ENABLE_VERITY _IO('f', 133)
> -
> +#ifndef FS_IOC_ENABLE_VERITY
> +#define FS_IOC_ENABLE_VERITY _IOW('f', 133, struct fsverity_enable_arg)
> +#define FS_VERITY_HASH_ALG_SHA256 1
> +struct fsverity_enable_arg {
> + __u32 version;
> + __u32 hash_algorithm;
> + __u32 block_size;
> + __u32 salt_size;
> + __u64 salt_ptr;
> + __u32 sig_size;
> + __u32 __reserved1;
> + __u64 sig_ptr;
> + __u64 __reserved2[11];
> +};
> +#endif
> /*
> * Inode flags
> */
Powered by blists - more mailing lists