lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240131005510.GD2020@sol.localdomain> Date: Tue, 30 Jan 2024 16:55:10 -0800 From: Eric Biggers <ebiggers@...nel.org> To: Gabriel Krisman Bertazi <krisman@...e.de> Cc: viro@...iv.linux.org.uk, jaegeuk@...nel.org, tytso@....edu, amir73il@...il.com, linux-ext4@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net, linux-fsdevel@...r.kernel.org Subject: Re: [PATCH v5 06/12] fscrypt: Ignore plaintext dentries during d_move On Mon, Jan 29, 2024 at 05:43:24PM -0300, Gabriel Krisman Bertazi wrote: > Now that we do more than just clear the DCACHE_NOKEY_NAME in > fscrypt_handle_d_move, skip it entirely for plaintext dentries, to avoid > extra costs. > > Note that VFS will call this function for any dentry, whether the volume > has fscrypt on not. But, since we only care about DCACHE_NOKEY_NAME, we > can check for that, to avoid touching the superblock for other fields > that identify a fscrypt volume. > > Note also that fscrypt_handle_d_move is hopefully inlined back into > __d_move, so the call cost is not significant. Considering that > DCACHE_NOKEY_NAME is a fscrypt-specific flag, we do the check in fscrypt > code instead of the caller. > > Signed-off-by: Gabriel Krisman Bertazi <krisman@...e.de> > > --- > Changes since v4: > - Check based on the dentry itself (eric) > --- > include/linux/fscrypt.h | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h > index c1e285053b3e..ab668760d63e 100644 > --- a/include/linux/fscrypt.h > +++ b/include/linux/fscrypt.h > @@ -232,6 +232,15 @@ static inline bool fscrypt_needs_contents_encryption(const struct inode *inode) > */ > static inline void fscrypt_handle_d_move(struct dentry *dentry) > { > + /* > + * VFS calls fscrypt_handle_d_move even for non-fscrypt > + * filesystems. Since we only care about DCACHE_NOKEY_NAME > + * dentries here, check that to bail out quickly, if possible. > + */ > + if (!(dentry->d_flags & DCACHE_NOKEY_NAME)) > + return; I think you're over-complicating this a bit. This should be merged with patch 5, since this is basically fixing patch 5, and the end result should look like: /* * When d_splice_alias() moves a directory's no-key alias to its plaintext alias * as a result of the encryption key being added, DCACHE_NOKEY_NAME must be * cleared and there might be an opportunity to disable d_revalidate. Note that * we don't have to support the inverse operation because fscrypt doesn't allow * no-key names to be the source or target of a rename(). */ static inline void fscrypt_handle_d_move(struct dentry *dentry) { if (dentry->d_flags & DCACHE_NOKEY_NAME) { dentry->d_flags &= ~DCACHE_NOKEY_NAME; if (dentry->d_op->d_revalidate == fscrypt_d_revalidate) dentry->d_flags &= ~DCACHE_OP_REVALIDATE; } } Note that checking for NULL dentry->d_op is not necessary, since it's already been verified that DCACHE_NOKEY_NAME is set, which means fscrypt is in use, which means that there are dentry_operations. - Eric
Powered by blists - more mailing lists