| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <z4652hoxetll645hgpfuhy3pogm5y32ealgydlaz4kwve6qc2g@bl6ilzut2ybp> Date: Mon, 19 Jan 2026 10:21:00 +0100 From: Jan Kara <jack@...e.cz> To: Christoph Hellwig <hch@....de> Cc: Eric Biggers <ebiggers@...nel.org>, Al Viro <viro@...iv.linux.org.uk>, Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>, David Sterba <dsterba@...e.com>, Theodore Ts'o <tytso@....edu>, Jaegeuk Kim <jaegeuk@...nel.org>, Chao Yu <chao@...nel.org>, Andrey Albershteyn <aalbersh@...hat.com>, linux-fsdevel@...r.kernel.org, linux-btrfs@...r.kernel.org, linux-ext4@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net, fsverity@...ts.linux.dev Subject: Re: [PATCH 4/6] fsverity: use a hashtable to find the fsverity_info On Mon 19-01-26 07:22:45, Christoph Hellwig wrote: > Use the kernel's resizable hash table to find the fsverity_info. This > way file systems that want to support fsverity don't have to bloat > every inode in the system with an extra pointer. The tradeoff is that > looking up the fsverity_info is a bit more expensive now, but the main > operations are still dominated by I/O and hashing overhead. > > Signed-off-by: Christoph Hellwig <hch@....de> ... > diff --git a/fs/verity/enable.c b/fs/verity/enable.c > index 95ec42b84797..91cada0d455c 100644 > --- a/fs/verity/enable.c > +++ b/fs/verity/enable.c > @@ -264,9 +264,24 @@ static int enable_verity(struct file *filp, > goto rollback; > } > > + /* > + * Add the fsverity_info into the hash table before finishing the > + * initialization. This ensures we don't have to undo the enabling when > + * memory allocation for the hash table fails. This is safe because > + * looking up the fsverity_info always first checks the S_VERITY flag on > + * the inode, which will only be set at the very end of the > + * ->end_enable_verity method. > + */ > + err = fsverity_set_info(vi); > + if (err) > + goto rollback; OK, but since __fsverity_get_info() is just rhashtable_lookup_fast() what prevents the CPU from reordering the hash table reads before the S_VERITY check? I think you need a barrier in fsverity_get_info() to enforce the proper ordering. The matching ordering during setting of S_VERITY is implied by cmpxchg used to manipulate i_flags so that part should be fine. Honza -- Jan Kara <jack@...e.com> SUSE Labs, CR
Powered by blists - more mailing lists