lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Fri, 20 Nov 2020 10:50:30 -0800
From:   Eric Biggers <ebiggers@...nel.org>
To:     Alexander Viro <viro@...iv.linux.org.uk>,
        linux-fsdevel@...r.kernel.org
Cc:     linux-fscrypt@...r.kernel.org, linux-ext4@...r.kernel.org
Subject: Re: [PATCH] fs/inode.c: make inode_init_always() initialize i_ino to
 0

On Fri, Nov 06, 2020 at 09:52:05AM -0800, Eric Biggers wrote:
> On Fri, Oct 30, 2020 at 05:44:20PM -0700, Eric Biggers wrote:
> > From: Eric Biggers <ebiggers@...gle.com>
> > 
> > Currently inode_init_always() doesn't initialize i_ino to 0.  This is
> > unexpected because unlike the other inode fields that aren't initialized
> > by inode_init_always(), i_ino isn't guaranteed to end up back at its
> > initial value after the inode is freed.  Only one filesystem (XFS)
> > actually sets set i_ino back to 0 when freeing its inodes.
> > 
> > So, callers of new_inode() see some random previous i_ino.  Normally
> > that's fine, since normally i_ino isn't accessed before being set.
> > There can be edge cases where that isn't necessarily true, though.
> > 
> > The one I've run into is that on ext4, when creating an encrypted file,
> > the new file's encryption key has to be set up prior to the jbd2
> > transaction, and thus prior to i_ino being set.  If something goes
> > wrong, fs/crypto/ may log warning or error messages, which normally
> > include i_ino.  So it needs to know whether it is valid to include i_ino
> > yet or not.  Also, on some files i_ino needs to be hashed for use in the
> > crypto, so fs/crypto/ needs to know whether that can be done yet or not.
> > 
> > There are ways this could be worked around, either in fs/crypto/ or in
> > fs/ext4/.  But, it seems there's no reason not to just fix
> > inode_init_always() to do the expected thing and initialize i_ino to 0.
> > 
> > So, do that, and also remove the initialization in jfs_fill_super() that
> > becomes redundant.
> > 
> > Signed-off-by: Eric Biggers <ebiggers@...gle.com>
> > ---
> >  fs/inode.c     | 1 +
> >  fs/jfs/super.c | 1 -
> >  2 files changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/fs/inode.c b/fs/inode.c
> > index 9d78c37b00b81..eb001129f157c 100644
> > --- a/fs/inode.c
> > +++ b/fs/inode.c
> > @@ -142,6 +142,7 @@ int inode_init_always(struct super_block *sb, struct inode *inode)
> >  	atomic_set(&inode->i_count, 1);
> >  	inode->i_op = &empty_iops;
> >  	inode->i_fop = &no_open_fops;
> > +	inode->i_ino = 0;
> >  	inode->__i_nlink = 1;
> >  	inode->i_opflags = 0;
> >  	if (sb->s_xattr)
> > diff --git a/fs/jfs/super.c b/fs/jfs/super.c
> > index b2dc4d1f9dcc5..1f0ffabbde566 100644
> > --- a/fs/jfs/super.c
> > +++ b/fs/jfs/super.c
> > @@ -551,7 +551,6 @@ static int jfs_fill_super(struct super_block *sb, void *data, int silent)
> >  		ret = -ENOMEM;
> >  		goto out_unload;
> >  	}
> > -	inode->i_ino = 0;
> >  	inode->i_size = i_size_read(sb->s_bdev->bd_inode);
> >  	inode->i_mapping->a_ops = &jfs_metapage_aops;
> >  	inode_fake_hash(inode);
> > 
> 
> Al, any thoughts on this?
> 

Ping?

Powered by blists - more mailing lists