lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 20 May 2020 11:34:04 -0700
From:   Ira Weiny <ira.weiny@...el.com>
To:     Jan Kara <jack@...e.cz>
Cc:     linux-ext4@...r.kernel.org,
        Andreas Dilger <adilger.kernel@...ger.ca>,
        "Theodore Y. Ts'o" <tytso@....edu>,
        Eric Biggers <ebiggers@...nel.org>,
        Al Viro <viro@...iv.linux.org.uk>,
        Dan Williams <dan.j.williams@...el.com>,
        Dave Chinner <david@...morbit.com>,
        Christoph Hellwig <hch@....de>, Jeff Moyer <jmoyer@...hat.com>,
        "Darrick J. Wong" <darrick.wong@...cle.com>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH V3 7/8] fs/ext4: Introduce DAX inode flag

On Wed, May 20, 2020 at 04:11:38PM +0200, Jan Kara wrote:
> On Tue 19-05-20 22:57:52, ira.weiny@...el.com wrote:
> > From: Ira Weiny <ira.weiny@...el.com>
> > 
> > Add a flag to preserve FS_XFLAG_DAX in the ext4 inode.
> > 
> > Set the flag to be user visible and changeable.  Set the flag to be
> > inherited.  Allow applications to change the flag at any time with the
> > exception of if VERITY or ENCRYPT is set.
> > 
> > Disallow setting VERITY or ENCRYPT if DAX is set.
> > 
> > Finally, on regular files, flag the inode to not be cached to facilitate
> > changing S_DAX on the next creation of the inode.
> > 
> > Signed-off-by: Ira Weiny <ira.weiny@...el.com>
> 
> The patch looks good to me. You can add:
> 
> Reviewed-by: Jan Kara <jack@...e.cz>
> 
> One comment below:
> 
> > diff --git a/fs/ext4/super.c b/fs/ext4/super.c
> > index 5ba65eb0e2ef..be9713e898eb 100644
> > --- a/fs/ext4/super.c
> > +++ b/fs/ext4/super.c
> > @@ -1323,6 +1323,9 @@ static int ext4_set_context(struct inode *inode, const void *ctx, size_t len,
> >  	if (WARN_ON_ONCE(IS_DAX(inode) && i_size_read(inode)))
> >  		return -EINVAL;
> 
> AFAIU this check is here so that fscrypt_inherit_context() is able call us
> and we can clear S_DAX flag.

Basically yes that is true.  It is IMO somewhat convoluted because I think ext4
probably could have prevented S_DAX from being set in __ext4_new_inode() in the
first place.  But that is a clean up I was not prepared to make last night.

> So can't we rather move this below the
> EXT4_INODE_DAX check and change this to
> 
> 	IS_DAX(inode) && !(inode->i_flags & I_NEW)
> 
> ? Because as I'm reading the code now, this should never trigger?

I agree this should never trigger.  But I don't see how the order of the checks
maters much.  But changing this to !new is probably worth doing to make it
clear what we really mean here.

I think that is a follow on patch.  In addition, if we don't set S_DAX at all
in __ext4_new_inode() this check could then be what I had originally with the warn on.

	if (WARN_ON_ONCE(IS_DAX(inode)))
		...

... because it would be considered a bug to be setting DAX on inodes which are
going to be encrypted..

Ira

Something like this:  (compiled only)

commit 6cd5aed3cd9e2c10e3fb7c6dd23918580532f256 (HEAD -> lck-4071-b13-v4)
Author: Ira Weiny <ira.weiny@...el.com>
Date:   Wed May 20 11:32:50 2020 -0700

    RFC: do not set S_DAX on an inode which is going to be encrypted

diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c
index 7941c140723f..be80cb639d74 100644
--- a/fs/ext4/ialloc.c
+++ b/fs/ext4/ialloc.c
@@ -844,6 +844,9 @@ struct inode *__ext4_new_inode(handle_t *handle, struct inode *dir,
                return ERR_PTR(-ENOMEM);
        ei = EXT4_I(inode);
 
+       if (encrypt)
+               ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT);
+
        /*
         * Initialize owners and quota early so that we don't have to account
         * for quota initialization worst case in standard inode creating
@@ -1165,6 +1168,7 @@ struct inode *__ext4_new_inode(handle_t *handle, struct inode *dir,
                err = fscrypt_inherit_context(dir, inode, handle, true);
                if (err)
                        goto fail_free_drop;
+               ext4_clear_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA);
        }
 
        if (!(ei->i_flags & EXT4_EA_INODE_FL)) {
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index be9713e898eb..099b87864f55 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1320,7 +1320,10 @@ static int ext4_set_context(struct inode *inode, const void *ctx, size_t len,
        if (inode->i_ino == EXT4_ROOT_INO)
                return -EPERM;
 
-       if (WARN_ON_ONCE(IS_DAX(inode) && i_size_read(inode)))
+       /* S_DAX should never be set here because encryption is not compatible
+        * with DAX
+        */
+       if (WARN_ON_ONCE(IS_DAX(inode)))
                return -EINVAL;
 
        if (ext4_test_inode_flag(inode, EXT4_INODE_DAX))
@@ -1337,22 +1340,11 @@ static int ext4_set_context(struct inode *inode, const void *ctx, size_t len,
         * being set on an existing inode in its own transaction.  Only in the
         * latter case should the "retry on ENOSPC" logic be used.
         */
-
        if (handle) {
                res = ext4_xattr_set_handle(handle, inode,
                                            EXT4_XATTR_INDEX_ENCRYPTION,
                                            EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
                                            ctx, len, 0);
-               if (!res) {
-                       ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT);
-                       ext4_clear_inode_state(inode,
-                                       EXT4_STATE_MAY_INLINE_DATA);
-                       /*
-                        * Update inode->i_flags - S_ENCRYPTED will be enabled,
-                        * S_DAX may be disabled
-                        */
-                       ext4_set_inode_flags(inode, false);
-               }
                return res;
        }

Powered by blists - more mailing lists