From: Eric Biggers <ebiggers@kernel.org>
To: linux-fscrypt@vger.kernel.org
Cc: Luca Boccassi <luca.boccassi@gmail.com>,
Jes Sorensen <Jes.Sorensen@gmail.com>
Subject: [fsverity-utils PATCH v2 1/4] programs/fsverity: change default block size from PAGE_SIZE to 4096
Date: Mon, 16 Nov 2020 12:56:25 -0800 [thread overview]
Message-ID: <20201116205628.262173-2-ebiggers@kernel.org> (raw)
In-Reply-To: <20201116205628.262173-1-ebiggers@kernel.org>
From: Eric Biggers <ebiggers@google.com>
Even though the kernel currently only supports PAGE_SIZE == Merkle tree
block size, PAGE_SIZE isn't a good default Merkle tree block size for
fsverity-utils, since it means that if someone doesn't explicitly
specify the block size, then the results of 'fsverity sign' and
'fsverity enable' will differ between different architectures.
So change the default Merkle tree block size to 4096, which is the most
common PAGE_SIZE. This will break anyone using the fsverity program
without the --block-size option on an architecture with a non-4K page
size. But I don't think anyone is actually doing that yet anyway.
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
programs/cmd_digest.c | 2 +-
programs/cmd_enable.c | 2 +-
programs/cmd_sign.c | 2 +-
programs/fsverity.c | 14 --------------
programs/fsverity.h | 1 -
5 files changed, 3 insertions(+), 18 deletions(-)
diff --git a/programs/cmd_digest.c b/programs/cmd_digest.c
index 180f438..7899b04 100644
--- a/programs/cmd_digest.c
+++ b/programs/cmd_digest.c
@@ -90,7 +90,7 @@ int fsverity_cmd_digest(const struct fsverity_command *cmd,
tree_params.hash_algorithm = FS_VERITY_HASH_ALG_DEFAULT;
if (tree_params.block_size == 0)
- tree_params.block_size = get_default_block_size();
+ tree_params.block_size = 4096;
for (int i = 0; i < argc; i++) {
struct fsverity_signed_digest *d = NULL;
diff --git a/programs/cmd_enable.c b/programs/cmd_enable.c
index d90d208..ba5b088 100644
--- a/programs/cmd_enable.c
+++ b/programs/cmd_enable.c
@@ -114,7 +114,7 @@ int fsverity_cmd_enable(const struct fsverity_command *cmd,
arg.hash_algorithm = FS_VERITY_HASH_ALG_DEFAULT;
if (arg.block_size == 0)
- arg.block_size = get_default_block_size();
+ arg.block_size = 4096;
if (!open_file(&file, argv[0], O_RDONLY, 0))
goto out_err;
diff --git a/programs/cmd_sign.c b/programs/cmd_sign.c
index 580e4df..9cb7507 100644
--- a/programs/cmd_sign.c
+++ b/programs/cmd_sign.c
@@ -105,7 +105,7 @@ int fsverity_cmd_sign(const struct fsverity_command *cmd,
tree_params.hash_algorithm = FS_VERITY_HASH_ALG_DEFAULT;
if (tree_params.block_size == 0)
- tree_params.block_size = get_default_block_size();
+ tree_params.block_size = 4096;
if (sig_params.keyfile == NULL) {
error_msg("Missing --key argument");
diff --git a/programs/fsverity.c b/programs/fsverity.c
index 4a2f8df..33d0a3f 100644
--- a/programs/fsverity.c
+++ b/programs/fsverity.c
@@ -12,7 +12,6 @@
#include "fsverity.h"
#include <limits.h>
-#include <unistd.h>
static const struct fsverity_command {
const char *name;
@@ -192,19 +191,6 @@ bool parse_salt_option(const char *arg, u8 **salt_ptr, u32 *salt_size_ptr)
return true;
}
-u32 get_default_block_size(void)
-{
- long n = sysconf(_SC_PAGESIZE);
-
- if (n <= 0 || n >= INT_MAX || !is_power_of_2(n)) {
- fprintf(stderr,
- "Warning: invalid _SC_PAGESIZE (%ld). Assuming 4K blocks.\n",
- n);
- return 4096;
- }
- return n;
-}
-
int main(int argc, char *argv[])
{
const struct fsverity_command *cmd;
diff --git a/programs/fsverity.h b/programs/fsverity.h
index 669fef2..2af5527 100644
--- a/programs/fsverity.h
+++ b/programs/fsverity.h
@@ -46,6 +46,5 @@ void usage(const struct fsverity_command *cmd, FILE *fp);
bool parse_hash_alg_option(const char *arg, u32 *alg_ptr);
bool parse_block_size_option(const char *arg, u32 *size_ptr);
bool parse_salt_option(const char *arg, u8 **salt_ptr, u32 *salt_size_ptr);
-u32 get_default_block_size(void);
#endif /* PROGRAMS_FSVERITY_H */
--
2.29.2
next prev parent reply other threads:[~2020-11-16 20:56 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-16 20:56 [fsverity-utils PATCH v2 0/4] Add libfsverity_enable() and default params Eric Biggers
2020-11-16 20:56 ` Eric Biggers [this message]
2020-11-17 9:47 ` [fsverity-utils PATCH v2 1/4] programs/fsverity: change default block size from PAGE_SIZE to 4096 Luca Boccassi
2020-11-16 20:56 ` [fsverity-utils PATCH v2 2/4] lib/compute_digest: add default hash_algorithm and block_size Eric Biggers
2020-11-17 10:01 ` Luca Boccassi
2020-11-16 20:56 ` [fsverity-utils PATCH v2 3/4] lib: add libfsverity_enable() and libfsverity_enable_with_sig() Eric Biggers
2020-11-17 10:02 ` Luca Boccassi
2020-11-16 20:56 ` [fsverity-utils PATCH v2 4/4] programs/fsverity: share code to parse tree parameters Eric Biggers
2020-11-17 10:03 ` [fsverity-utils PATCH v2 0/4] Add libfsverity_enable() and default params Luca Boccassi
2020-11-17 16:53 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201116205628.262173-2-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=Jes.Sorensen@gmail.com \
--cc=linux-fscrypt@vger.kernel.org \
--cc=luca.boccassi@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.