lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240129204330.32346-7-krisman@suse.de> Date: Mon, 29 Jan 2024 17:43:24 -0300 From: Gabriel Krisman Bertazi <krisman@...e.de> To: ebiggers@...nel.org, viro@...iv.linux.org.uk, jaegeuk@...nel.org, tytso@....edu Cc: amir73il@...il.com, linux-ext4@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net, linux-fsdevel@...r.kernel.org, Gabriel Krisman Bertazi <krisman@...e.de> Subject: [PATCH v5 06/12] fscrypt: Ignore plaintext dentries during d_move Now that we do more than just clear the DCACHE_NOKEY_NAME in fscrypt_handle_d_move, skip it entirely for plaintext dentries, to avoid extra costs. Note that VFS will call this function for any dentry, whether the volume has fscrypt on not. But, since we only care about DCACHE_NOKEY_NAME, we can check for that, to avoid touching the superblock for other fields that identify a fscrypt volume. Note also that fscrypt_handle_d_move is hopefully inlined back into __d_move, so the call cost is not significant. Considering that DCACHE_NOKEY_NAME is a fscrypt-specific flag, we do the check in fscrypt code instead of the caller. Signed-off-by: Gabriel Krisman Bertazi <krisman@...e.de> --- Changes since v4: - Check based on the dentry itself (eric) --- include/linux/fscrypt.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index c1e285053b3e..ab668760d63e 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -232,6 +232,15 @@ static inline bool fscrypt_needs_contents_encryption(const struct inode *inode) */ static inline void fscrypt_handle_d_move(struct dentry *dentry) { + /* + * VFS calls fscrypt_handle_d_move even for non-fscrypt + * filesystems. Since we only care about DCACHE_NOKEY_NAME + * dentries here, check that to bail out quickly, if possible. + */ + if (!(dentry->d_flags & DCACHE_NOKEY_NAME)) + return; + + /* Mark the dentry as a plaintext dentry. */ dentry->d_flags &= ~DCACHE_NOKEY_NAME; /* -- 2.43.0
Powered by blists - more mailing lists