lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240119184742.31088-1-krisman@suse.de> Date: Fri, 19 Jan 2024 15:47:32 -0300 From: Gabriel Krisman Bertazi <krisman@...e.de> To: viro@...iv.linux.org.uk, ebiggers@...nel.org, jaegeuk@...nel.org, tytso@....edu Cc: linux-ext4@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net, linux-fsdevel@...r.kernel.org, amir73il@...il.com, Gabriel Krisman Bertazi <krisman@...e.de> Subject: [PATCH v3 00/10] Set casefold/fscrypt dentry operations through sb->s_d_op Hi, The only difference of v3 from v2 is a fix from an issue reported by kernel test robot in patch 4. Please consider this version instead. The v2 has some big changes: instead of only configuring on the case-insensitive case, we do it for case-sensitive fscrypt as well, and disable d_revalidate as needed. This pretty much reverses the way fscrypt operated (only enable d_revalidate for dentries that require it), but has the advantage we can be consistent among variations of case-insensitive/sensitive, encrypted/unencrypted configurations. You'll find the code is simpler than v1 and v2. I dropped the dcache patch because now we always try to disable DCACHE_OP_REVALIDATE while holding the d_lock already, so I do it inline; I also changed the way we drop d_revalidate when the key is made available, because we couldn't really do it the way I originally proposed on the RCU case, which would require falling back to non-RCU lookup just to disable d_revalidate; I also included a patch fixing the overlayfs issue that I mentioned on the previous thread. While unrelated to the rest of the patchset, it is a quick fix that I might merge earlier if you are happy with it. More details can be found in the per-patch changelog. This survived fstests on ext4 and f2fs. I also verified that fscrypt continues to work when combined to overlayfs as Eric requested. .. original cover letter: When case-insensitive and fscrypt were adapted to work together, we moved the code that sets the dentry operations for case-insensitive dentries(d_hash and d_compare) to happen from a helper inside ->lookup. This is because fscrypt wants to set d_revalidate only on some dentries, so it does it only for them in d_revalidate. But, case-insensitive hooks are actually set on all dentries in the filesystem, so the natural place to do it is through s_d_op and let d_alloc handle it [1]. In addition, doing it inside the ->lookup is a problem for case-insensitive dentries that are not created through ->lookup, like those coming open-by-fhandle[2], which will not see the required d_ops. This patchset therefore reverts to using sb->s_d_op to set the dentry operations for case-insensitive filesystems. In order to set case-insensitive hooks early and not require every dentry to have d_revalidate in case-insensitive filesystems, it introduces a patch suggested by Al Viro to disable d_revalidate on some dentries on the fly. It survives fstests encrypt and quick groups without regressions. Based on v6.7-rc1. [1] https://lore.kernel.org/linux-fsdevel/20231123195327.GP38156@ZenIV/ [2] https://lore.kernel.org/linux-fsdevel/20231123171255.GN38156@ZenIV/ Gabriel Krisman Bertazi (10): ovl: Reject mounting case-insensitive filesystems fscrypt: Share code between functions that prepare lookup fscrypt: Drop d_revalidate for valid dentries during lookup fscrypt: Drop d_revalidate once the key is added libfs: Merge encrypted_ci_dentry_ops and ci_dentry_ops libfs: Add helper to choose dentry operations at mount ext4: Configure dentry operations at dentry-creation time f2fs: Configure dentry operations at dentry-creation time ubifs: Configure dentry operations at dentry-creation time libfs: Drop generic_set_encrypted_ci_d_ops fs/ceph/dir.c | 2 +- fs/ceph/file.c | 2 +- fs/crypto/hooks.c | 62 +++++++++++++++++++++-------------------- fs/ext4/namei.c | 1 - fs/ext4/super.c | 1 + fs/f2fs/namei.c | 1 - fs/f2fs/super.c | 1 + fs/libfs.c | 61 +++++++++++----------------------------- fs/overlayfs/params.c | 13 +++++++-- fs/ubifs/dir.c | 1 - fs/ubifs/super.c | 1 + include/linux/fs.h | 11 +++++++- include/linux/fscrypt.h | 51 ++++++++++++++++++++------------- 13 files changed, 106 insertions(+), 102 deletions(-) -- 2.43.0
Powered by blists - more mailing lists