| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Jan 2024 21:10:00 -0300 From: Gabriel Krisman Bertazi <krisman@...e.de> To: ebiggers@...nel.org, viro@...iv.linux.org.uk, jaegeuk@...nel.org, tytso@....edu Cc: amir73il@...il.com, linux-ext4@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net, linux-fsdevel@...r.kernel.org, Gabriel Krisman Bertazi <krisman@...e.de> Subject: [PATCH v4 00/12] Set casefold/fscrypt dentry operations through sb->s_d_op Hi, The v4 of this patchset addresses the issues Eric pointed out in the previous version. The patch merging the fscrypt lookup helpers was completely rewritten to avoid the race condition; We also now return immediately from __fscrypt_handle_d_move; Finally, the overlayfs patch message was improved. Further details can be found on the changelog of each patch. As usual, this survived fstests on ext4 and f2fs. --- original cover letter: When case-insensitive and fscrypt were adapted to work together, we moved the code that sets the dentry operations for case-insensitive dentries(d_hash and d_compare) to happen from a helper inside ->lookup. This is because fscrypt wants to set d_revalidate only on some dentries, so it does it only for them in d_revalidate. But, case-insensitive hooks are actually set on all dentries in the filesystem, so the natural place to do it is through s_d_op and let d_alloc handle it [1]. In addition, doing it inside the ->lookup is a problem for case-insensitive dentries that are not created through ->lookup, like those coming open-by-fhandle[2], which will not see the required d_ops. This patchset therefore reverts to using sb->s_d_op to set the dentry operations for case-insensitive filesystems. In order to set case-insensitive hooks early and not require every dentry to have d_revalidate in case-insensitive filesystems, it introduces a patch suggested by Al Viro to disable d_revalidate on some dentries on the fly. It survives fstests encrypt and quick groups without regressions. Based on v6.7-rc1. [1] https://lore.kernel.org/linux-fsdevel/20231123195327.GP38156@ZenIV/ [2] https://lore.kernel.org/linux-fsdevel/20231123171255.GN38156@ZenIV/ Gabriel Krisman Bertazi (12): ovl: Reject mounting over case-insensitive directories fscrypt: Factor out a helper to configure the lookup dentry fscrypt: Call fscrypt_prepare_lookup_dentry on unencrypted dentries fscrypt: Drop d_revalidate for valid dentries during lookup fscrypt: Drop d_revalidate once the key is added fscrypt: Ignore non-fscrypt volumes during d_move libfs: Merge encrypted_ci_dentry_ops and ci_dentry_ops libfs: Add helper to choose dentry operations at mount-time ext4: Configure dentry operations at dentry-creation time f2fs: Configure dentry operations at dentry-creation time ubifs: Configure dentry operations at dentry-creation time libfs: Drop generic_set_encrypted_ci_d_ops fs/crypto/hooks.c | 28 ++++----------- fs/ext4/namei.c | 1 - fs/ext4/super.c | 1 + fs/f2fs/namei.c | 1 - fs/f2fs/super.c | 1 + fs/libfs.c | 62 +++++++++----------------------- fs/overlayfs/params.c | 14 ++++++-- fs/ubifs/dir.c | 1 - fs/ubifs/super.c | 1 + include/linux/fs.h | 11 +++++- include/linux/fscrypt.h | 78 +++++++++++++++++++++++++++++------------ 11 files changed, 103 insertions(+), 96 deletions(-) -- 2.43.0
Powered by blists - more mailing lists