lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20231221073940.GC1674809@ZenIV> Date: Thu, 21 Dec 2023 07:39:40 +0000 From: Al Viro <viro@...iv.linux.org.uk> To: Gabriel Krisman Bertazi <krisman@...e.de> Cc: ebiggers@...nel.org, jaegeuk@...nel.org, tytso@....edu, linux-f2fs-devel@...ts.sourceforge.net, linux-ext4@...r.kernel.org, linux-fsdevel@...r.kernel.org Subject: Re: [PATCH v2 8/8] fscrypt: Move d_revalidate configuration back into fscrypt On Fri, Dec 15, 2023 at 04:16:08PM -0500, Gabriel Krisman Bertazi wrote: > +static const struct dentry_operations fscrypt_dentry_ops = { > + .d_revalidate = fscrypt_d_revalidate, > +}; > + > int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry, > struct fscrypt_name *fname) > { > @@ -106,6 +110,10 @@ int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry, > spin_lock(&dentry->d_lock); > dentry->d_flags |= DCACHE_NOKEY_NAME; > spin_unlock(&dentry->d_lock); > + > + /* Give preference to the filesystem hooks, if any. */ > + if (!dentry->d_op) > + d_set_d_op(dentry, &fscrypt_dentry_ops); > } > return err; Hmm... Could we simply set ->s_d_op to &fscrypt_dentry_ops in non-ci case *AND* have __fscrypt_prepare_lookup() clear DCACHE_OP_REVALIDATE in case when it's not setting DCACHE_NOKEY_NAME and ->d_op->d_revalidate is equal to fscrypt_d_revalidate? I mean, spin_lock(&dentry->d_lock); if (fname->is_nokey_name) dentry->d_flags |= DCACHE_NOKEY_NAME; else if (dentry->d_flags & DCACHE_OP_REVALIDATE && dentry->d_op->d_revalidate == fscrypt_d_revalidate) dentry->d_flags &= ~DCACHE_OP_REVALIDATE; spin_unlock(&dentry->d_lock); here + always set ->s_d_op for ext4 and friends (conditional upon the CONFIG_UNICODE). No encryption - fine, you get ->is_nokey_name false from the very beginning, DCACHE_OP_REVALIDATE is cleared and VFS won't ever call ->d_revalidate(); not even the first time. Yes, you pay minimal price in dentry_unlink_inode() when we hit if (dentry->d_op && dentry->d_op->d_iput) and bugger off after the second fetch instead of the first one. I would be quite surprised if it turns out to be measurable, but if it is, we can always add DCACHE_OP_IPUT to flags. Similar for ->d_op->d_release (called in the end of __dentry_kill()). Again, that only makes sense if we get a measurable overhead from that.
Powered by blists - more mailing lists