lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 11 May 2022 22:46:10 -0700
From:   Eric Biggers <ebiggers@...nel.org>
To:     Gabriel Krisman Bertazi <krisman@...labora.com>
Cc:     tytso@....edu, adilger.kernel@...ger.ca, jaegeuk@...nel.org,
        linux-ext4@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net,
        kernel@...labora.com
Subject: Re: [PATCH v4 05/10] ext4: Simplify hash check on ext4_match

On Wed, May 11, 2022 at 03:31:41PM -0400, Gabriel Krisman Bertazi wrote:
> The existence of fname->cf_name.name requires s_encoding & IS_CASEFOLDED,
> therefore this can be simplified.
> 
> Signed-off-by: Gabriel Krisman Bertazi <krisman@...labora.com>
> ---
>  fs/ext4/namei.c | 20 +++++++-------------
>  1 file changed, 7 insertions(+), 13 deletions(-)
> 
> diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
> index 5296ced2e43e..cebbcabf0ff0 100644
> --- a/fs/ext4/namei.c
> +++ b/fs/ext4/namei.c
> @@ -1438,25 +1438,19 @@ static bool ext4_match(struct inode *parent,
>  #endif
>  
>  #if IS_ENABLED(CONFIG_UNICODE)
> -	if (parent->i_sb->s_encoding && IS_CASEFOLDED(parent) &&
> -	    (!IS_ENCRYPTED(parent) || fscrypt_has_encryption_key(parent))) {
> +	if (IS_ENCRYPTED(parent) && fname->cf_name.name) {
> +		if (fname->hinfo.hash != EXT4_DIRENT_HASH(de) ||
> +		    fname->hinfo.minor_hash != EXT4_DIRENT_MINOR_HASH(de))
> +			return false;
> +	}
> +
> +	if (parent->i_sb->s_encoding && IS_CASEFOLDED(parent)) {
>  		struct unicode_name u = {
>  			.folded_name = &fname->cf_name,
>  			.usr_name = fname->usr_fname
>  		};
>  		int ret;
>  
> -		if (fname->cf_name.name) {
> -			if (IS_ENCRYPTED(parent)) {
> -				if (fname->hinfo.hash != EXT4_DIRENT_HASH(de) ||
> -					fname->hinfo.minor_hash !=
> -						EXT4_DIRENT_MINOR_HASH(de)) {
> -
> -					return false;
> -				}
> -			}
> -		}
> -

I don't think it's correct to delete the check for the encryption key here.  If
lookup is by no-key name, then fscrypt_match_name() must be used, not
generic_ci_match().  And unlike f2fs, ext4 doesn't keep track of whether the
whole lookup is by no-key name; ext4 relies on this fscrypt_has_encryption_key()
check at the last minute when doing each individual comparison.  (Which is not
great, but that's how it works now.)

- Eric

Powered by blists - more mailing lists