| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 May 2022 22:46:10 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: Gabriel Krisman Bertazi <krisman@...labora.com>
Cc: tytso@....edu, adilger.kernel@...ger.ca, jaegeuk@...nel.org,
linux-ext4@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net,
kernel@...labora.com
Subject: Re: [PATCH v4 05/10] ext4: Simplify hash check on ext4_match
On Wed, May 11, 2022 at 03:31:41PM -0400, Gabriel Krisman Bertazi wrote:
> The existence of fname->cf_name.name requires s_encoding & IS_CASEFOLDED,
> therefore this can be simplified.
>
> Signed-off-by: Gabriel Krisman Bertazi <krisman@...labora.com>
> ---
> fs/ext4/namei.c | 20 +++++++-------------
> 1 file changed, 7 insertions(+), 13 deletions(-)
>
> diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
> index 5296ced2e43e..cebbcabf0ff0 100644
> --- a/fs/ext4/namei.c
> +++ b/fs/ext4/namei.c
> @@ -1438,25 +1438,19 @@ static bool ext4_match(struct inode *parent,
> #endif
>
> #if IS_ENABLED(CONFIG_UNICODE)
> - if (parent->i_sb->s_encoding && IS_CASEFOLDED(parent) &&
> - (!IS_ENCRYPTED(parent) || fscrypt_has_encryption_key(parent))) {
> + if (IS_ENCRYPTED(parent) && fname->cf_name.name) {
> + if (fname->hinfo.hash != EXT4_DIRENT_HASH(de) ||
> + fname->hinfo.minor_hash != EXT4_DIRENT_MINOR_HASH(de))
> + return false;
> + }
> +
> + if (parent->i_sb->s_encoding && IS_CASEFOLDED(parent)) {
> struct unicode_name u = {
> .folded_name = &fname->cf_name,
> .usr_name = fname->usr_fname
> };
> int ret;
>
> - if (fname->cf_name.name) {
> - if (IS_ENCRYPTED(parent)) {
> - if (fname->hinfo.hash != EXT4_DIRENT_HASH(de) ||
> - fname->hinfo.minor_hash !=
> - EXT4_DIRENT_MINOR_HASH(de)) {
> -
> - return false;
> - }
> - }
> - }
> -
I don't think it's correct to delete the check for the encryption key here. If
lookup is by no-key name, then fscrypt_match_name() must be used, not
generic_ci_match(). And unlike f2fs, ext4 doesn't keep track of whether the
whole lookup is by no-key name; ext4 relies on this fscrypt_has_encryption_key()
check at the last minute when doing each individual comparison. (Which is not
great, but that's how it works now.)
- Eric
Powered by blists - more mailing lists