From patchwork Fri Feb 16 20:33:37 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taras Kondratiuk X-Patchwork-Id: 10225679 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id D440F60231 for ; Fri, 16 Feb 2018 20:39:18 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C443628C99 for ; Fri, 16 Feb 2018 20:39:18 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B6A862908E; Fri, 16 Feb 2018 20:39:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-14.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI,USER_IN_DEF_DKIM_WL autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5566F28C99 for ; Fri, 16 Feb 2018 20:39:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750911AbeBPUeA (ORCPT ); Fri, 16 Feb 2018 15:34:00 -0500 Received: from rcdn-iport-6.cisco.com ([173.37.86.77]:1571 "EHLO rcdn-iport-6.cisco.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750780AbeBPUd6 (ORCPT ); Fri, 16 Feb 2018 15:33:58 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4410; q=dns/txt; s=iport; t=1518813238; x=1520022838; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=yMQhh7trjXx0Imjbz7ZM1gjvUXuDiSEGQ+gn+V9SJXM=; b=bXDnpJN0aXyijdpY17xsN/r7NbAEypIkzil/n7K88V4RCoL8rU4221yl EKHPIHiJD58kjJUbDpkUjGP1gFI9i/hUx3Dzmr7WIFkvotJOtsLSTvQ1y +3stV4kF5n9iTa3tHy0/r37w5NZWq0SfTW6vlpu7p1Nc3HjmOHpp4d9JI 8=; X-IronPort-AV: E=Sophos;i="5.46,520,1511827200"; d="scan'208";a="357044583" Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Feb 2018 20:33:56 +0000 Received: from sjc-ads-7132.cisco.com (sjc-ads-7132.cisco.com [10.30.217.207]) (authenticated bits=0) by rcdn-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id w1GKXsMQ015412 (version=TLSv1/SSLv3 cipher=AES128-SHA256 bits=128 verify=NO); Fri, 16 Feb 2018 20:33:56 GMT From: Taras Kondratiuk To: "H. Peter Anvin" , Al Viro , Arnd Bergmann , Rob Landley , Mimi Zohar , Jonathan Corbet , James McMechan Cc: initramfs@vger.kernel.org, Victor Kamensky , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, xe-linux-external@cisco.com Subject: [PATCH v3 01/15] Documentation: add newcx initramfs format description Date: Fri, 16 Feb 2018 20:33:37 +0000 Message-Id: <1518813234-5874-2-git-send-email-takondra@cisco.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1518813234-5874-1-git-send-email-takondra@cisco.com> References: <1518813234-5874-1-git-send-email-takondra@cisco.com> X-Auto-Response-Suppress: DR, OOF, AutoReply X-Authenticated-User: takondra@cisco.com Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Many of the Linux security/integrity features are dependent on file metadata, stored as extended attributes (xattrs), for making decisions. These features need to be initialized during initcall and enabled as early as possible for complete security coverage. Initramfs (tmpfs) supports xattrs, but newc CPIO archive format does not support including them into the archive. This patch describes "extended" newc format (newcx) that is based on newc and has following changes: - extended attributes support - increased size of filesize to support files >4GB - increased mtime field size to have 64 bits of seconds and added a field for nanoseconds - removed unused checksum field Signed-off-by: Taras Kondratiuk Signed-off-by: Mimi Zohar Signed-off-by: Victor Kamensky --- Documentation/early-userspace/buffer-format.txt | 46 ++++++++++++++++++++++--- 1 file changed, 41 insertions(+), 5 deletions(-) diff --git a/Documentation/early-userspace/buffer-format.txt b/Documentation/early-userspace/buffer-format.txt index e1fd7f9dad16..8349b2f28b4b 100644 --- a/Documentation/early-userspace/buffer-format.txt +++ b/Documentation/early-userspace/buffer-format.txt @@ -24,6 +24,7 @@ grammar, where: + indicates concatenation GZIP() indicates the gzip(1) of the operand ALGN(n) means padding with null bytes to an n-byte boundary + [n] means size of field is n bytes initramfs := ("\0" | cpio_archive | cpio_gzip_archive)* @@ -31,20 +32,33 @@ grammar, where: cpio_archive := cpio_file* + ( | cpio_trailer) - cpio_file := ALGN(4) + cpio_header + filename + "\0" + ALGN(4) + data + cpio_file := (cpio_newc_file | cpio_newcx_file) + + cpio_newc_file := ALGN(4) + cpio_newc_header + filename + "\0" + \ + ALGN(4) + data + + cpio_newcx_file := ALGN(4) + cpio_newcx_header + filename + "\0" + \ + ALGN(4) + xattrs + ALGN(4) + data + + xattrs := xattr_entry* + + xattr_entry := xattr_size[8] + xattr_name + "\0" + xattr_value cpio_trailer := ALGN(4) + cpio_header + "TRAILER!!!\0" + ALGN(4) In human terms, the initramfs buffer contains a collection of -compressed and/or uncompressed cpio archives (in the "newc" or "crc" -formats); arbitrary amounts zero bytes (for padding) can be added -between members. +compressed and/or uncompressed cpio archives; arbitrary amounts +zero bytes (for padding) can be added between members. The cpio "TRAILER!!!" entry (cpio end-of-archive) is optional, but is not ignored; see "handling of hard links" below. -The structure of the cpio_header is as follows (all fields contain +xattr_size is a total size of xattr_entry including 8 bytes of +xattr_size. xattr_size has the same hexadecimal ASCII encoding as other +fields of cpio header (see below). + +The structure of the cpio_newc_header is as follows (all fields contain hexadecimal ASCII numbers fully padded with '0' on the left to the full width of the field, for example, the integer 4780 is represented by the ASCII string "000012ac"): @@ -81,6 +95,28 @@ algorithm used. If the filename is "TRAILER!!!" this is actually an end-of-archive marker; the c_filesize for an end-of-archive marker must be zero. +"Extended" newc format (newcx) +"newcx" cpio format extends "newc" by increasing size of some fields +and adding extended attributes support. cpio_newcx_header structure: + +Field name Field size Meaning +c_magic 6 bytes The string "070703" +c_ino 8 bytes File inode number +c_mode 8 bytes File mode and permissions +c_uid 8 bytes File uid +c_gid 8 bytes File gid +c_nlink 8 bytes Number of links +c_mtime 16 bytes Modification time (seconds) +c_mtime_nsec 8 bytes Modification time (nanoseconds) +c_filesize 16 bytes Size of data field +c_maj 8 bytes Major part of file device number +c_min 8 bytes Minor part of file device number +c_rmaj 8 bytes Major part of device node reference +c_rmin 8 bytes Minor part of device node reference +c_namesize 8 bytes Length of filename, including final \0 +c_xattrs_size 8 bytes Size of xattrs field + +Most of the fields match cpio_newc_header. c_chksum field is dropped. *** Handling of hard links