Skip to content

Initramfs data verification#163

Closed
ddiss wants to merge 4 commits into
rapido-linux:masterfrom
ddiss:initramfs_verify
Closed

Initramfs data verification#163
ddiss wants to merge 4 commits into
rapido-linux:masterfrom
ddiss:initramfs_verify

Conversation

@ddiss

@ddiss ddiss commented Dec 13, 2021

Copy link
Copy Markdown
Collaborator

No description provided.

This significantly reduces the amount of boilerplate.

Signed-off-by: David Disseldorp <ddiss@suse.de>
Create verification data with fio, pack it in the dracut cpio image and
then verify it within the rapido VM following extraction.

Signed-off-by: David Disseldorp <ddiss@suse.de>
This is very similar to initramfs_verify, but instead of packing the
verification data in the Dracut image, gen_init_cpio is used to append
it as a subsequent cpio archive. It is called with the new "-c"
parameter for data checksumming, which is provided via the patchset:
initramfs: "crc" cpio format and INITRAMFS_PRESERVE_MTIME

Signed-off-by: David Disseldorp <ddiss@suse.de>
@ddiss

ddiss commented Dec 14, 2021

Copy link
Copy Markdown
Collaborator Author

The gen_init_cpio change requires the kernel patchset:
https://lore.kernel.org/linux-fsdevel/20211213232007.26851-1-ddiss@suse.de/T/#t

It can also run fine without it, but the -c parameter needs to be removed.

@ddiss ddiss requested a review from morbidrsa December 14, 2021 10:34
bash implicitly uses the exit status of the last command executed in
body as the function exit status. When "rapido cut -B" is called, this
non-zero.

Signed-off-by: David Disseldorp <ddiss@suse.de>
@morbidrsa

Copy link
Copy Markdown
Contributor

From what I can tell, these changes look good to me.

Regarding the initramfs data verification, as it depends on a to be merged patchset, should we delay merging until the patches in question have reached Linus' tree?

@ddiss

ddiss commented Dec 15, 2021

Copy link
Copy Markdown
Collaborator Author

From what I can tell, these changes look good to me.

Thanks for the review!

Regarding the initramfs data verification, as it depends on a to be merged patchset, should we delay merging until the patches in question have reached Linus' tree?

Only the gen_init_cpio runner relies on not-yet-merged changes (cpio checksums with -c). I think what I'll do for now is just drop the -c parameter and add it back once the changes reach Linus' tree.

@ddiss

ddiss commented Dec 15, 2021

Copy link
Copy Markdown
Collaborator Author

Regarding the initramfs data verification, as it depends on a to be merged patchset, should we delay merging until the patches in question have reached Linus' tree?

Only the gen_init_cpio runner relies on not-yet-merged changes (cpio checksums with -c). I think what I'll do for now is just drop the -c parameter and add it back once the changes reach Linus' tree.

Pushed with this minor change squashed in:

--- a/cut/initramfs_gen_init_cpio.sh
+++ b/cut/initramfs_gen_init_cpio.sh
@@ -36,9 +36,9 @@ slink vdata-slink /vdata 0700 0 0
 EOF

 export tmp_vdata
-# gen_init_cpio -c option requires the kernel patchset
+# TODO: gen_init_cpio -c option requires the kernel patchset
 # initramfs: "crc" cpio format and INITRAMFS_PRESERVE_MTIME
-"${KERNEL_SRC}/usr/gen_init_cpio" -c "${tmp_vdata}/fiod.gen_init_cpio.manifest" \
+"${KERNEL_SRC}/usr/gen_init_cpio" "${tmp_vdata}/fiod.gen_init_cpio.manifest" \
        >> "$DRACUT_OUT" \
        || _fail "gen_init_cpio failed"
@ddiss ddiss closed this Dec 15, 2021
intel-lab-lkp pushed a commit to intel-lab-lkp/linux that referenced this pull request Apr 27, 2022
Patch series "initramfs: "crc" cpio format and INITRAMFS_PRESERVE_MTIME", v7.

This patchset does some minor initramfs refactoring and allows cpio entry
mtime preservation to be disabled via a new Kconfig
INITRAMFS_PRESERVE_MTIME option.

Patches 4/6 to 6/6 implement support for creation and extraction of "crc"
cpio archives, which carry file data checksums.  Basic tests for this
functionality can be found at rapido-linux/rapido#163

This patch (of 6):

do_header() is called for each cpio entry and fails if the first six bytes
don't match "newc" magic.  The magic check includes a special case error
message if POSIX.1 ASCII (cpio -H odc) magic is detected.  This special
case POSIX.1 check can be nested under the "newc" mismatch code path to
avoid calling memcmp() twice in a non-error case.

Link: https://lkml.kernel.org/r/20220404093429.27570-1-ddiss@suse.de
Link: https://lkml.kernel.org/r/20220404093429.27570-2-ddiss@suse.de
Signed-off-by: David Disseldorp <ddiss@suse.de>
Reviewed-by: Martin Wilck <mwilck@suse.com>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Matthew Wilcox <willy@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
roxell pushed a commit to roxell/linux that referenced this pull request Apr 29, 2022
Patch series "initramfs: "crc" cpio format and INITRAMFS_PRESERVE_MTIME", v7.

This patchset does some minor initramfs refactoring and allows cpio entry
mtime preservation to be disabled via a new Kconfig
INITRAMFS_PRESERVE_MTIME option.

Patches 4/6 to 6/6 implement support for creation and extraction of "crc"
cpio archives, which carry file data checksums.  Basic tests for this
functionality can be found at rapido-linux/rapido#163


This patch (of 6):

do_header() is called for each cpio entry and fails if the first six bytes
don't match "newc" magic.  The magic check includes a special case error
message if POSIX.1 ASCII (cpio -H odc) magic is detected.  This special
case POSIX.1 check can be nested under the "newc" mismatch code path to
avoid calling memcmp() twice in a non-error case.

Link: https://lkml.kernel.org/r/20220404093429.27570-1-ddiss@suse.de
Link: https://lkml.kernel.org/r/20220404093429.27570-2-ddiss@suse.de
Signed-off-by: David Disseldorp <ddiss@suse.de>
Reviewed-by: Martin Wilck <mwilck@suse.com>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Matthew Wilcox <willy@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
intel-lab-lkp pushed a commit to intel-lab-lkp/linux that referenced this pull request May 2, 2022
Patch series "initramfs: "crc" cpio format and INITRAMFS_PRESERVE_MTIME", v7.

This patchset does some minor initramfs refactoring and allows cpio entry
mtime preservation to be disabled via a new Kconfig
INITRAMFS_PRESERVE_MTIME option.

Patches 4/6 to 6/6 implement support for creation and extraction of "crc"
cpio archives, which carry file data checksums.  Basic tests for this
functionality can be found at rapido-linux/rapido#163


This patch (of 6):

do_header() is called for each cpio entry and fails if the first six bytes
don't match "newc" magic.  The magic check includes a special case error
message if POSIX.1 ASCII (cpio -H odc) magic is detected.  This special
case POSIX.1 check can be nested under the "newc" mismatch code path to
avoid calling memcmp() twice in a non-error case.

Link: https://lkml.kernel.org/r/20220404093429.27570-1-ddiss@suse.de
Link: https://lkml.kernel.org/r/20220404093429.27570-2-ddiss@suse.de
Signed-off-by: David Disseldorp <ddiss@suse.de>
Reviewed-by: Martin Wilck <mwilck@suse.com>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Matthew Wilcox <willy@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
x-y-z pushed a commit to x-y-z/linux-1gb-thp that referenced this pull request May 5, 2022
Patch series "initramfs: "crc" cpio format and INITRAMFS_PRESERVE_MTIME", v7.

This patchset does some minor initramfs refactoring and allows cpio entry
mtime preservation to be disabled via a new Kconfig
INITRAMFS_PRESERVE_MTIME option.

Patches 4/6 to 6/6 implement support for creation and extraction of "crc"
cpio archives, which carry file data checksums.  Basic tests for this
functionality can be found at rapido-linux/rapido#163


This patch (of 6):

do_header() is called for each cpio entry and fails if the first six bytes
don't match "newc" magic.  The magic check includes a special case error
message if POSIX.1 ASCII (cpio -H odc) magic is detected.  This special
case POSIX.1 check can be nested under the "newc" mismatch code path to
avoid calling memcmp() twice in a non-error case.

Link: https://lkml.kernel.org/r/20220404093429.27570-1-ddiss@suse.de
Link: https://lkml.kernel.org/r/20220404093429.27570-2-ddiss@suse.de
Signed-off-by: David Disseldorp <ddiss@suse.de>
Reviewed-by: Martin Wilck <mwilck@suse.com>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Matthew Wilcox <willy@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
intel-lab-lkp pushed a commit to intel-lab-lkp/linux that referenced this pull request May 10, 2022
Patch series "initramfs: "crc" cpio format and INITRAMFS_PRESERVE_MTIME", v7.

This patchset does some minor initramfs refactoring and allows cpio entry
mtime preservation to be disabled via a new Kconfig
INITRAMFS_PRESERVE_MTIME option.

Patches 4/6 to 6/6 implement support for creation and extraction of "crc"
cpio archives, which carry file data checksums.  Basic tests for this
functionality can be found at rapido-linux/rapido#163


This patch (of 6):

do_header() is called for each cpio entry and fails if the first six bytes
don't match "newc" magic.  The magic check includes a special case error
message if POSIX.1 ASCII (cpio -H odc) magic is detected.  This special
case POSIX.1 check can be nested under the "newc" mismatch code path to
avoid calling memcmp() twice in a non-error case.

Link: https://lkml.kernel.org/r/20220404093429.27570-1-ddiss@suse.de
Link: https://lkml.kernel.org/r/20220404093429.27570-2-ddiss@suse.de
Signed-off-by: David Disseldorp <ddiss@suse.de>
Reviewed-by: Martin Wilck <mwilck@suse.com>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Matthew Wilcox <willy@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
x-y-z pushed a commit to x-y-z/linux-1gb-thp that referenced this pull request May 10, 2022
Patch series "initramfs: "crc" cpio format and INITRAMFS_PRESERVE_MTIME", v7.

This patchset does some minor initramfs refactoring and allows cpio entry
mtime preservation to be disabled via a new Kconfig
INITRAMFS_PRESERVE_MTIME option.

Patches 4/6 to 6/6 implement support for creation and extraction of "crc"
cpio archives, which carry file data checksums.  Basic tests for this
functionality can be found at rapido-linux/rapido#163


This patch (of 6):

do_header() is called for each cpio entry and fails if the first six bytes
don't match "newc" magic.  The magic check includes a special case error
message if POSIX.1 ASCII (cpio -H odc) magic is detected.  This special
case POSIX.1 check can be nested under the "newc" mismatch code path to
avoid calling memcmp() twice in a non-error case.

Link: https://lkml.kernel.org/r/20220404093429.27570-1-ddiss@suse.de
Link: https://lkml.kernel.org/r/20220404093429.27570-2-ddiss@suse.de
Signed-off-by: David Disseldorp <ddiss@suse.de>
Reviewed-by: Martin Wilck <mwilck@suse.com>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Matthew Wilcox <willy@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants