[PATCH v2 4/4] ubifs: prevent remounting rw when no hmac key was given

Torben Hohn torben.hohn at linutronix.de
Mon Jun 29 04:53:00 EDT 2020 

On Fri, Jun 26, 2020 at 02:27:21PM +0200, Richard Weinberger wrote:
> ----- Ursprüngliche Mail -----
> > Von: "Torben Hohn" <torben.hohn at linutronix.de>
> > An: "richard" <richard at nod.at>
> > CC: "bigeasy" <bigeasy at linutronix.de>, "tglx" <tglx at linutronix.de>, "linux-mtd" <linux-mtd at lists.infradead.org>, "Sascha
> > Hauer" <s.hauer at pengutronix.de>
> > Gesendet: Freitag, 26. Juni 2020 13:29:07
> > Betreff: [PATCH v2 4/4] ubifs: prevent remounting rw when no hmac key was given
> 
> > After adding readonly hmac-less authentication support,
> > prevent remounting the filesystem in rw mode, when
> > the hmac is not available.
> > 
> > Signed-off-by: Torben Hohn <torben.hohn at linutronix.de>
> > ---
> > fs/ubifs/super.c | 4 ++++
> > 1 file changed, 4 insertions(+)
> > 
> > diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
> > index b41ca9ee5763..62bdef8f1ddf 100644
> > --- a/fs/ubifs/super.c
> > +++ b/fs/ubifs/super.c
> > @@ -1996,6 +1996,10 @@ static int ubifs_remount_fs(struct super_block *sb, int
> > *flags, char *data)
> > 			ubifs_msg(c, "cannot re-mount R/W - UBI volume is R/O");
> > 			return -EROFS;
> > 		}
> > +		if (ubifs_authenticated(c) && !c->hash_tfm) {
> > +			ubifs_msg(c, "cannot re-mount R/W due to missing hmac key, for
> > authentication");
> > +			return -EROFS;
> > +		}
> 
> But the case that one remounts rw and provides a HAMC is handled?

No. And i am not sure, whether thats a thing, we want to support.
I would suggest, we clarify that in the message.


One would need to check, whether c->auth_key_name is set now,
and then instantiate c->hash_tfm.

ubifs_init_authentication is not called upon remount.
so a remount with a changed auth_key_name is not supported either.




> 
> Thanks,
> //richard

-- 
Torben Hohn
Linutronix GmbH | Bahnhofstrasse 3 | D-88690 Uhldingen-Mühlhofen
Phone: +49 7556 25 999 18; Fax.: +49 7556 25 999 99

Hinweise zum Datenschutz finden Sie hier (Informations on data privacy 
can be found here): https://linutronix.de/kontakt/Datenschutz.php

Linutronix GmbH | Firmensitz (Registered Office): Uhldingen-Mühlhofen | 
Registergericht (Registration Court): Amtsgericht Freiburg i.Br., HRB700 
806 | Geschäftsführer (Managing Directors): Heinz Egger, Thomas Gleixner

More information about the linux-mtd mailing list