From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1keF20-0007qG-Fu for mharc-grub-devel@gnu.org; Sun, 15 Nov 2020 05:13:12 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:42704) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1keF1z-0007qA-Jp for grub-devel@gnu.org; Sun, 15 Nov 2020 05:13:11 -0500 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:40771) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1keF1x-0003XE-Pc for grub-devel@gnu.org; Sun, 15 Nov 2020 05:13:11 -0500 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 30ED95C009A; Sun, 15 Nov 2020 05:13:09 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute1.internal (MEProxy); Sun, 15 Nov 2020 05:13:09 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=fm2; bh=/8gwdZR23PxzCN7FwDNWXCwwkc0 mz9nElyNj0EILqNg=; b=GQ3dgmKMgwGvyVhCvP85YdB81Vzfp6oSd7ACP86Iob0 gZS+MifR9JZwCgoEpnn/pT+Jpjgrlpt2/s5ISnHzqWl7caiQ53PzhjJ4S7PNmm0X aXzfldDjgL5+UPjaSV9np78nLSSplWGdb2Vy8m8gGcOX55oI1y1AVykF6HTfPpLA jDhNroI7Fqep4wETIOzDePcHyCaT44Gmz5UZ9uyU7LA12RNbr2u1Whrmxlrupo+c Gd9xWOa2y7Cz7tYpuBbTWvEbMVvLfLgwGHnxiAruYyF5wW7KIamS80jBK+xNM4Yx zl/tfpyrBjauaduckMILE02K3xeE6x0lwBf5iVNV8Ig== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=/8gwdZ R23PxzCN7FwDNWXCwwkc0mz9nElyNj0EILqNg=; b=P3/XbDef5+OHiDIiN6DFLc OXP1zauJHpUpJU9eeOeH3H2P3gmlVGE5YEY72zNeJ4q1zl+y5iYPHlPwrmXyYF3T xc2pikUr14yUcPlNd1U2ags0UuoqgTMN2OlPWvXcq0tn7JQqvcEzRAOeYguBrWvv 6nL/JTkQV105+xQMiH/00YYoDu1PHWphAJG9+49rwBDIpcXtvQyafNv72a/vktRD PNcO+vwXf4MN3Ml563Q09RfYuONYPFee/OcqalkZayu/VquL/uKTOffsObuvlFh8 Jm/Xql96bKvaD40UQ3VMIBRoyfnV2j64tAQh+L+ZaTXCpYJ9vTW+SiitUEwOTewg == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedruddvledgudegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfhfgggtuggjsehgtderredttddvnecuhfhrohhmpefrrghtrhhi tghkucfuthgvihhnhhgrrhguthcuoehpshesphhkshdrihhmqeenucggtffrrghtthgvrh hnpeehgefhtdefueffheekgfffudelffejtdfhvdejkedthfehvdelgfetgfdvtedthfen ucfkphepjeekrdehgedrvddurddvtdeinecuvehluhhsthgvrhfuihiivgeptdenucfrrg hrrghmpehmrghilhhfrhhomhepphhssehpkhhsrdhimh X-ME-Proxy: Received: from vm-mail.pks.im (dynamic-078-054-021-206.78.54.pool.telefonica.de [78.54.21.206]) by mail.messagingengine.com (Postfix) with ESMTPA id A66193064AA7; Sun, 15 Nov 2020 05:13:07 -0500 (EST) Received: from localhost (ncase [10.192.0.11]) by vm-mail.pks.im (OpenSMTPD) with ESMTPSA id f62062a9 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Sun, 15 Nov 2020 10:13:05 +0000 (UTC) Date: Sun, 15 Nov 2020 11:13:04 +0100 From: Patrick Steinhardt To: Glenn Washburn Cc: grub-devel@gnu.org, Daniel Kiper Subject: Re: [PATCH v4 14/15] luks2: Better error handling when setting up the cryptodisk. Message-ID: References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="4L83Fc41EKYtmJL+" Content-Disposition: inline In-Reply-To: Received-SPF: pass client-ip=66.111.4.27; envelope-from=ps@pks.im; helo=out3-smtp.messagingengine.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/11/15 04:37:28 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Nov 2020 10:13:11 -0000 --4L83Fc41EKYtmJL+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Nov 06, 2020 at 10:44:34PM -0600, Glenn Washburn wrote: > Signed-off-by: Glenn Washburn A commit message would help to set the stage for your changes here, especially so as they're non-trivial. > --- > grub-core/disk/luks2.c | 70 +++++++++++++++++++++++++++++++++++++++--- > include/grub/misc.h | 2 ++ > 2 files changed, 67 insertions(+), 5 deletions(-) >=20 > diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c > index 4a4a0dec4..751b48d6a 100644 > --- a/grub-core/disk/luks2.c > +++ b/grub-core/disk/luks2.c > @@ -600,9 +600,16 @@ luks2_recover_key (grub_disk_t source, > goto err; > } > =20 > + if (source->total_sectors =3D=3D GRUB_DISK_SIZE_UNKNOWN) > + { > + ret =3D grub_error (GRUB_ERR_BUG, "not a luks2 device"); > + goto err; > + } > + > /* Try all keyslot */ > for (i =3D 0; i < size; i++) > { > + grub_errno =3D GRUB_ERR_NONE; > ret =3D luks2_get_keyslot (&keyslot, &digest, &segment, json, i); > if (ret) > goto err; > @@ -617,13 +624,66 @@ luks2_recover_key (grub_disk_t source, > =20 > /* Set up disk according to keyslot's segment. */ > crypt->offset_sectors =3D grub_divmod64 (segment.offset, segment.s= ector_size, NULL); > - crypt->log_sector_size =3D sizeof (unsigned int) * 8 > - - __builtin_clz ((unsigned int) segment.sector_size) - 1; > + crypt->log_sector_size =3D grub_log2ull (segment.sector_size); > if (grub_strcmp (segment.size, "dynamic") =3D=3D 0) > - crypt->total_sectors =3D (grub_disk_get_size (source) >> (crypt->log_se= ctor_size - source->log_sector_size)) > - - crypt->offset_sectors; > + { > + /* Convert source sized number of sectors to cryptodisk sized sectors= */ > + crypt->total_sectors =3D source->total_sectors >> (crypt->log_sector_= size - source->log_sector_size); > + if (crypt->total_sectors < crypt->offset_sectors) > + { > + grub_dprintf ("luks2", "Segment \"%"PRIuGRUB_UINT64_T"\" offset" > + " is greater than disk size.", > + segment.slot_key); > + continue; > + } > + > + crypt->total_sectors -=3D crypt->offset_sectors; > + } > else > - crypt->total_sectors =3D grub_strtoull (segment.size, NULL, 10) >> cryp= t->log_sector_size; > + { > + crypt->total_sectors =3D grub_strtoull (segment.size, NULL, 10) >> cr= ypt->log_sector_size; > + if (grub_errno =3D=3D GRUB_ERR_NONE) > + ; If any other code previously ran which set `grub_errno`, then it would still carry the old error value here as `grub_strtoull` doesn't unset it if no error occurred. We'd thus have to first set `grub_errno =3D GRUB_ERR_NONE` before the call to `grub_strtoull`. Patrick > + else if(grub_errno =3D=3D GRUB_ERR_BAD_NUMBER) > + { > + /* TODO: Unparsable number-string, try to use the whole disk */ > + grub_dprintf ("luks2", "Segment \"%"PRIuGRUB_UINT64_T"\" size" > + " is not a parsable number.", > + segment.slot_key); > + continue; > + } > + else if(grub_errno =3D=3D GRUB_ERR_OUT_OF_RANGE) > + { > + /* There was an overflow in parsing segment.size, so disk must > + * be very large or the string is incorrect. */ > + if ((source->total_sectors > + >> (crypt->log_sector_size - source->log_sector_size)) > + > crypt->total_sectors) > + { > + grub_dprintf ("luks2", "Segment \"%"PRIuGRUB_UINT64_T"\"" > + " size is very large. The end may be" > + " inaccessible.", > + segment.slot_key); > + } > + else > + { > + /* FIXME: Set total_sectors as in "dynamic" case. */ > + grub_dprintf ("luks2", "Segment \"%"PRIuGRUB_UINT64_T"\"" > + " size greater than the source" > + " device.", > + segment.slot_key); > + continue; > + } > + } > + } > + > + if (crypt->total_sectors =3D=3D 0) > + { > + grub_dprintf ("luks2", "Segment \"%"PRIuGRUB_UINT64_T"\" has" > + " zero sectors, skipping.", > + segment.slot_key); > + continue; > + } > =20 > ret =3D luks2_decrypt_key (candidate_key, source, crypt, &keyslot, > (const grub_uint8_t *) passphrase, grub_strlen (passphrase)); > diff --git a/include/grub/misc.h b/include/grub/misc.h > index b7ca6dd58..ec25131ba 100644 > --- a/include/grub/misc.h > +++ b/include/grub/misc.h > @@ -481,5 +481,7 @@ void EXPORT_FUNC(grub_real_boot_time) (const char *fi= le, > =20 > #define grub_max(a, b) (((a) > (b)) ? (a) : (b)) > #define grub_min(a, b) (((a) < (b)) ? (a) : (b)) > +#define grub_log2ull(n) (GRUB_TYPE_BITS (grub_uint64_t) \ > + - __builtin_clzll (n) - 1) > =20 > #endif /* ! GRUB_MISC_HEADER */ > --=20 > 2.27.0 >=20 --4L83Fc41EKYtmJL+ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEF9hrgiFbCdvenl/rVbJhu7ckPpQFAl+w/y8ACgkQVbJhu7ck PpS3Vw//YHVWXg6S7TWZwI3B6xMA1ooKsr5tU1Y12nbEBBee9va9W/EAw+aPabUz eYhsQ560Tma0AENPSJZBKByYX5Y2BS7GiYqa5G3yL3XvIzDcZXRhXFvpKGlz1HDW 3tW9+lQUtuEeL5NcsdJqqYS0UnLJbQr8i8Y4+MNsIUoaiNdVNQKnmGgzlooqX2T3 rNCbAANJBxqg2AUEVR1lq1zNioGJP0d+zfXAv28ACQpB+h76kPXFfyJOh6gBNv9H /EJJqhhpz4c89DYD5mK7X2fxuk5PjYF+qJ2ahM8bhBQj+C+B3VCGNpj8RsR3sfDM +RgM7d53WyPiy34kJMnZXVW3hd/dy+XRlx+TnKg8rYi8NeCnSFp81HL0BNR4PR/5 rKlK2D3bK2D866Y0g05VGedFxpsHvJNlRXE6VPSCP+tDVN9RGKVgxNZFQY5vg6Qc TB5ILLjdx/0TnQjowYhGBapWeFYaVQSLL4kJx5EJjmyIJvlUnenoECrJvuQk05wF K4ppf84JTdl72hjugtMdbDbgBPjQY3SupzBfLHQUXppeHNWrSaiZFohdOm7E3ETg txstRYkqzIH8t+XRw2nGnCH/ie6TiP7ZaZHU9Cx3wk7H4gXhoMvewifk0tDaawXZ cV9yti5UW7wGbqnCVrRc+aaj8pC4uf+TsnlWEZuVmC2pnQrX8cQ= =5tzi -----END PGP SIGNATURE----- --4L83Fc41EKYtmJL+--