lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <X8U1zbBa4IaaSYXV@sol.localdomain>
Date:   Mon, 30 Nov 2020 10:11:25 -0800
From:   Eric Biggers <ebiggers@...nel.org>
To:     Chao Yu <yuchao0@...wei.com>
Cc:     jaegeuk@...nel.org, linux-kernel@...r.kernel.org,
        linux-f2fs-devel@...ts.sourceforge.net
Subject: Re: [f2fs-dev] [PATCH v2] f2fs: compress: add compress_inode to
 cache compressed blocks

On Fri, Nov 27, 2020 at 09:01:47AM +0800, Chao Yu wrote:
> On 2020/11/27 1:55, Eric Biggers wrote:
> > On Thu, Nov 26, 2020 at 06:37:09PM +0800, Chao Yu wrote:
> > > Support to use address space of inner inode to cache compressed block,
> > > in order to improve cache hit ratio of random read.
> > > 
> > > Signed-off-by: Chao Yu <yuchao0@...wei.com>
> > 
> > If the file is also encrypted, are the compressed pages that are cached still
> > encrypted, or are they decrypted?
> 
> In current implementation, they are decrypted in cache.
> 

One of the things the FS_IOC_REMOVE_ENCRYPTION key ioctl is supposed to
accomplish is evicting all the pagecache pages for all encrypted files that were
using a particular key.  This happens as a consequence of the ioctl evicting the
inodes that were using that key.  If the user is also using the init_on_free=1
kernel command-line option to enable automatic zeroing of all freed memory, that
should cause those inode's pagecache pages (which contain decrypted data) to be
zeroed, so that they can't be compromised later by an online attack.

This new filesystem-wide cache containing decrypted pages might break that.  It
sounds like when an inode is evicted, its cached pages won't necessarily be
evicted from this new filesystem-wide cache.

Can you ensure that pages get evicted from this new cache when the inode to
which they belong is evicted?

- Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ