diff options
author | Sascha Hauer <s.hauer@pengutronix.de> | 2018-10-02 08:33:08 +0200 |
---|---|---|
committer | Sascha Hauer <s.hauer@pengutronix.de> | 2019-04-24 13:24:57 +0200 |
commit | 49b2ae70344bc3212aa268576cb15d903b32558e (patch) | |
tree | 33bcab6833dd5c3d6fbbb25e5bae3468052f10b8 /fs/ubifs/super.c | |
parent | ea569a0afd6a2e9a84418cd18ddeaeefaa5eae39 (diff) | |
download | barebox-49b2ae70344bc3212aa268576cb15d903b32558e.tar.gz barebox-49b2ae70344bc3212aa268576cb15d903b32558e.tar.xz |
fs: ubifs: Add authentication support
This adds UBIFS authentication support. For now, we do not do
any authentication even on authenticated UBIFS images. Since
this behaviour is not what the user normally expects when mounting
authenticated images we only do this when the user explicitly allows
it in "global.ubifs.allow_authenticated_unauthenticated". If the
flag is false then we refuse mounting such an image and return -EPERM
instead.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'fs/ubifs/super.c')
-rw-r--r-- | fs/ubifs/super.c | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c index fd1b645f9f..b48e21fae6 100644 --- a/fs/ubifs/super.c +++ b/fs/ubifs/super.c @@ -391,6 +391,9 @@ static int init_constants_early(struct ubifs_info *c) c->ranges[UBIFS_REF_NODE].len = UBIFS_REF_NODE_SZ; c->ranges[UBIFS_TRUN_NODE].len = UBIFS_TRUN_NODE_SZ; c->ranges[UBIFS_CS_NODE].len = UBIFS_CS_NODE_SZ; + c->ranges[UBIFS_AUTH_NODE].min_len = UBIFS_AUTH_NODE_SZ; + c->ranges[UBIFS_AUTH_NODE].max_len = UBIFS_AUTH_NODE_SZ + + UBIFS_MAX_HMAC_LEN; c->ranges[UBIFS_INO_NODE].min_len = UBIFS_INO_NODE_SZ; c->ranges[UBIFS_INO_NODE].max_len = UBIFS_MAX_INO_NODE_SZ; @@ -564,6 +567,9 @@ static int alloc_wbufs(struct ubifs_info *c) c->jheads[i].wbuf.jhead = i; c->jheads[i].grouped = 1; + c->jheads[i].log_hash = ubifs_hash_get_desc(c); + if (IS_ERR(c->jheads[i].log_hash)) + goto out; } /* @@ -574,6 +580,12 @@ static int alloc_wbufs(struct ubifs_info *c) c->jheads[GCHD].grouped = 0; return 0; + +out: + while (i--) + kfree(c->jheads[i].log_hash); + + return err; } /** @@ -753,6 +765,19 @@ static int mount_ubifs(struct ubifs_info *c) c->mounting = 1; + if (c->auth_key_name) { + if (IS_ENABLED(CONFIG_UBIFS_FS_AUTHENTICATION)) { + err = ubifs_init_authentication(c); + if (err) + goto out_free; + } else { + ubifs_err(c, "auth_key_name, but UBIFS is built without" + " authentication support"); + err = -EINVAL; + goto out_free; + } + } + err = ubifs_read_superblock(c); if (err) goto out_free; @@ -803,9 +828,10 @@ static int mount_ubifs(struct ubifs_info *c) if (!c->ro_mount) { } else if (c->need_recovery) { - err = ubifs_recover_size(c); + err = ubifs_recover_size(c, false); if (err) goto out_orphans; + } else { } if (c->need_recovery) { @@ -932,7 +958,10 @@ void ubifs_umount(struct ubifs_info *c) spin_unlock(&ubifs_infos_lock); free_wbufs(c); + ubifs_exit_authentication(c); + kfree(c->auth_key_name); + kfree(c->auth_hash_name); kfree(c->cbuf); kfree(c->rcvrd_mst_node); kfree(c->mst_node); |