| Message ID | 20200626112907.13201-5-torben.hohn@linutronix.de |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | ubifs: support authentication without hmac | expand |
----- Ursprüngliche Mail ----- > Von: "Torben Hohn" <torben.hohn@linutronix.de> > An: "richard" <richard@nod.at> > CC: "bigeasy" <bigeasy@linutronix.de>, "tglx" <tglx@linutronix.de>, "linux-mtd" <linux-mtd@lists.infradead.org>, "Sascha > Hauer" <s.hauer@pengutronix.de> > Gesendet: Freitag, 26. Juni 2020 13:29:07 > Betreff: [PATCH v2 4/4] ubifs: prevent remounting rw when no hmac key was given > After adding readonly hmac-less authentication support, > prevent remounting the filesystem in rw mode, when > the hmac is not available. > > Signed-off-by: Torben Hohn <torben.hohn@linutronix.de> > --- > fs/ubifs/super.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c > index b41ca9ee5763..62bdef8f1ddf 100644 > --- a/fs/ubifs/super.c > +++ b/fs/ubifs/super.c > @@ -1996,6 +1996,10 @@ static int ubifs_remount_fs(struct super_block *sb, int > *flags, char *data) > ubifs_msg(c, "cannot re-mount R/W - UBI volume is R/O"); > return -EROFS; > } > + if (ubifs_authenticated(c) && !c->hash_tfm) { > + ubifs_msg(c, "cannot re-mount R/W due to missing hmac key, for > authentication"); > + return -EROFS; > + } But the case that one remounts rw and provides a HAMC is handled? Thanks, //richard
On Fri, Jun 26, 2020 at 02:27:21PM +0200, Richard Weinberger wrote: > ----- Ursprüngliche Mail ----- > > Von: "Torben Hohn" <torben.hohn@linutronix.de> > > An: "richard" <richard@nod.at> > > CC: "bigeasy" <bigeasy@linutronix.de>, "tglx" <tglx@linutronix.de>, "linux-mtd" <linux-mtd@lists.infradead.org>, "Sascha > > Hauer" <s.hauer@pengutronix.de> > > Gesendet: Freitag, 26. Juni 2020 13:29:07 > > Betreff: [PATCH v2 4/4] ubifs: prevent remounting rw when no hmac key was given > > > After adding readonly hmac-less authentication support, > > prevent remounting the filesystem in rw mode, when > > the hmac is not available. > > > > Signed-off-by: Torben Hohn <torben.hohn@linutronix.de> > > --- > > fs/ubifs/super.c | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c > > index b41ca9ee5763..62bdef8f1ddf 100644 > > --- a/fs/ubifs/super.c > > +++ b/fs/ubifs/super.c > > @@ -1996,6 +1996,10 @@ static int ubifs_remount_fs(struct super_block *sb, int > > *flags, char *data) > > ubifs_msg(c, "cannot re-mount R/W - UBI volume is R/O"); > > return -EROFS; > > } > > + if (ubifs_authenticated(c) && !c->hash_tfm) { > > + ubifs_msg(c, "cannot re-mount R/W due to missing hmac key, for > > authentication"); > > + return -EROFS; > > + } > > But the case that one remounts rw and provides a HAMC is handled? No. And i am not sure, whether thats a thing, we want to support. I would suggest, we clarify that in the message. One would need to check, whether c->auth_key_name is set now, and then instantiate c->hash_tfm. ubifs_init_authentication is not called upon remount. so a remount with a changed auth_key_name is not supported either. > > Thanks, > //richard
Torben, ----- Ursprüngliche Mail ----- >> >> But the case that one remounts rw and provides a HAMC is handled? > > No. And i am not sure, whether thats a thing, we want to support. > I would suggest, we clarify that in the message. Yeah. > > One would need to check, whether c->auth_key_name is set now, > and then instantiate c->hash_tfm. > > ubifs_init_authentication is not called upon remount. > so a remount with a changed auth_key_name is not supported either. Because it is technically not possible. We'd need both keys then. But I agree we should reject it. Remounting is tricky... Thanks, //richard
diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c index b41ca9ee5763..62bdef8f1ddf 100644 --- a/fs/ubifs/super.c +++ b/fs/ubifs/super.c @@ -1996,6 +1996,10 @@ static int ubifs_remount_fs(struct super_block *sb, int *flags, char *data) ubifs_msg(c, "cannot re-mount R/W - UBI volume is R/O"); return -EROFS; } + if (ubifs_authenticated(c) && !c->hash_tfm) { + ubifs_msg(c, "cannot re-mount R/W due to missing hmac key, for authentication"); + return -EROFS; + } err = ubifs_remount_rw(c); if (err) return err;
After adding readonly hmac-less authentication support, prevent remounting the filesystem in rw mode, when the hmac is not available. Signed-off-by: Torben Hohn <torben.hohn@linutronix.de> --- fs/ubifs/super.c | 4 ++++ 1 file changed, 4 insertions(+)