lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 23 Aug 2020 23:17:04 -0700
From:   Eric Biggers <ebiggers@...nel.org>
To:     linux-fscrypt@...r.kernel.org
Cc:     linux-ext4@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net,
        linux-mtd@...ts.infradead.org, ceph-devel@...r.kernel.org,
        Jeff Layton <jlayton@...nel.org>
Subject: [RFC PATCH 0/8] fscrypt: avoid GFP_NOFS-unsafe key setup during transaction

This series fixes some deadlocks which are theoretically possible due to
fscrypt_get_encryption_info() being GFP_NOFS-unsafe, and thus not safe
to be called from within an ext4 transaction or under f2fs_lock_op().

The problem is solved by new helper functions which allow setting up the
key for new inodes earlier.  Patch 1 adds these helper functions.  Also
see that patch for a more detailed description of this problem.

Patches 2-6 then convert ext4, f2fs, and ubifs to use these new helpers.

Patch 7-8 then clean up a few things afterwards.

Coincidentally, this also solves some of the ordering problems that
ceph fscrypt support will have.  For more details about this, see the
discussion on Jeff Layton's RFC patchset for ceph fscrypt support
(https://lkml.kernel.org/linux-fscrypt/20200821182813.52570-1-jlayton@kernel.org/T/#u)
However, fscrypt_prepare_new_inode() still requires that the new
'struct inode' exist already, so it might not be enough for ceph yet.

This patchset applies to v5.9-rc2.

Eric Biggers (8):
  fscrypt: add fscrypt_prepare_new_inode() and fscrypt_set_context()
  ext4: factor out ext4_xattr_credits_for_new_inode()
  ext4: remove some #ifdefs in ext4_xattr_credits_for_new_inode()
  ext4: use fscrypt_prepare_new_inode() and fscrypt_set_context()
  f2fs: use fscrypt_prepare_new_inode() and fscrypt_set_context()
  ubifs: use fscrypt_prepare_new_inode() and fscrypt_set_context()
  fscrypt: remove fscrypt_inherit_context()
  fscrypt: stop pretending that key setup is nofs-safe

 fs/crypto/fscrypt_private.h |   3 +
 fs/crypto/hooks.c           |  10 +-
 fs/crypto/inline_crypt.c    |   7 +-
 fs/crypto/keysetup.c        | 190 ++++++++++++++++++++++++++++--------
 fs/crypto/keysetup_v1.c     |   8 +-
 fs/crypto/policy.c          |  64 +++++++-----
 fs/ext4/ialloc.c            | 118 +++++++++++-----------
 fs/f2fs/dir.c               |   2 +-
 fs/f2fs/f2fs.h              |  16 ---
 fs/f2fs/namei.c             |   7 +-
 fs/ubifs/dir.c              |  26 ++---
 include/linux/fscrypt.h     |  18 +++-
 12 files changed, 293 insertions(+), 176 deletions(-)

-- 
2.28.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ