1. 08 Jul, 2019 5 commits
    • Sascha Hauer's avatar
      ubifs: support offline signed images · 817aa094
      Sascha Hauer authored
      HMACs can only be generated on the system the UBIFS image is running on.
      To support offline signed images we add a PKCS#7 signature to the UBIFS
      image which can be created by mkfs.ubifs.
      
      Both the master node and the superblock need to be authenticated, during
      normal runtime both are protected with HMACs. For offline signature
      support however only a single signature is desired. We add a signature
      covering the superblock node directly behind it. To protect the master
      node a hash of the master node is added to the superblock which is used
      when the master node doesn't contain a HMAC.
      
      Transition to a read/write filesystem is also supported. During
      transition first the master node is rewritten with a HMAC (implicitly,
      it is written anyway as the FS is marked dirty). Afterwards the
      superblock is rewritten with a HMAC. Once after the image has been
      mounted read/write it is HMAC only, the signature is no longer required
      or even present on the filesystem.
      
      In an offline signed image the master node is authenticated by the
      superblock. In a transition to r/w we have to make sure that the master
      node is rewritten before the superblock node. In this case the master
      node gets a HMAC and its authenticity no longer depends on the
      superblock node. There are some cases in which the current code first
      writes the superblock node though, so with this patch writing of the
      superblock node is delayed until the master node is written.
      Signed-off-by: default avatarSascha Hauer <s.hauer@pengutronix.de>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      817aa094
    • Liu Song's avatar
      ubifs: remove unnecessary check in ubifs_log_start_commit · 8ba0a2ab
      Liu Song authored
      In ubifs_log_start_commit, the value of c->lhead_offs is zero or set
      to zero by code bellow.
      
      	/* Switch to the next log LEB */
      	if (c->lhead_offs) {
      		c->lhead_lnum = ubifs_next_log_lnum(c, c->lhead_lnum);
      		ubifs_assert(c->lhead_lnum != c->ltail_lnum);
      		c->lhead_offs = 0;
      	}
      
      The value of 'len' can not exceed 'max_len' which assigned value by
      code bellow.
      
      	max_len = UBIFS_CS_NODE_SZ + c->jhead_cnt * UBIFS_REF_NODE_SZ;
      
      The value of c->lhead_offs changed by code bellow and cannot exceed
      'max_len'.
      
      	c->lhead_offs += len;
      	if (c->lhead_offs == c->leb_size) {
      		c->lhead_lnum = ubifs_next_log_lnum(c, c->lhead_lnum);
      		c->lhead_offs = 0;
      	}
      
      Usually, the size of PEB is between 64KB and 256KB. So the value of
      c->lhead_offs is far less than c->leb_size. The check
      'if (c->lhead_offs == c->leb_size)' could never to be true.
      Signed-off-by: default avatarLiu Song <liu.song11@zte.com.cn>
      Reviewed-by: default avatarJiang Biao <jiang.biao2@zte.com.cn>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      8ba0a2ab
    • Liu Song's avatar
      ubifs: Fix typo of output in get_cs_sqnum · 7d8c811b
      Liu Song authored
      "Not a CS node" makes more sense than "Node a CS node".
      Signed-off-by: default avatarLiu Song <liu.song11@zte.com.cn>
      Reviewed-by: default avatarJiang Biao <jiang.biao2@zte.com.cn>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      7d8c811b
    • Liu Song's avatar
      ubifs: Simplify redundant code · d5cf9473
      Liu Song authored
      cbuf's size can be simply assigned.
      Signed-off-by: default avatarLiu Song <liu.song11@zte.com.cn>
      Reviewed-by: default avatarJiang Biao <jiang.biao2@zte.com.cn>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      d5cf9473
    • Richard Weinberger's avatar
      ubifs: Correctly use tnc_next() in search_dh_cookie() · bacfa94b
      Richard Weinberger authored
      Commit c877154d fixed an uninitialized variable and optimized
      the function to not call tnc_next() in the first iteration of the
      loop. While this seemed perfectly legit and wise, it turned out to
      be illegal.
      If the lookup function does not find an exact match it will rewind
      the cursor by 1.
      The rewinded cursor will not match the name hash we are looking for
      and this results in a spurious -ENOENT.
      So we need to move to the next entry in case of an non-exact match,
      but not if the match was exact.
      
      While we are here, update the documentation to avoid further confusion.
      
      Cc: Hyunchul Lee <hyc.lee@gmail.com>
      Cc: Geert Uytterhoeven <geert@linux-m68k.org>
      Fixes: c877154d ("ubifs: Fix uninitialized variable in search_dh_cookie()")
      Fixes: 781f675e ("ubifs: Fix unlink code wrt. double hash lookups")
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      bacfa94b
  2. 30 Jun, 2019 3 commits
  3. 29 Jun, 2019 29 commits
  4. 28 Jun, 2019 3 commits