lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 1 Dec 2020 10:39:15 +0800
From:   Chao Yu <yuchao0@...wei.com>
To:     Eric Biggers <ebiggers@...nel.org>
CC:     <jaegeuk@...nel.org>, <linux-kernel@...r.kernel.org>,
        <linux-f2fs-devel@...ts.sourceforge.net>
Subject: Re: [f2fs-dev] [PATCH v2] f2fs: compress: add compress_inode to cache
 compressed blocks

On 2020/12/1 2:11, Eric Biggers wrote:
> On Fri, Nov 27, 2020 at 09:01:47AM +0800, Chao Yu wrote:
>> On 2020/11/27 1:55, Eric Biggers wrote:
>>> On Thu, Nov 26, 2020 at 06:37:09PM +0800, Chao Yu wrote:
>>>> Support to use address space of inner inode to cache compressed block,
>>>> in order to improve cache hit ratio of random read.
>>>>
>>>> Signed-off-by: Chao Yu <yuchao0@...wei.com>
>>>
>>> If the file is also encrypted, are the compressed pages that are cached still
>>> encrypted, or are they decrypted?
>>
>> In current implementation, they are decrypted in cache.
>>
> 
> One of the things the FS_IOC_REMOVE_ENCRYPTION key ioctl is supposed to
> accomplish is evicting all the pagecache pages for all encrypted files that were
> using a particular key.  This happens as a consequence of the ioctl evicting the
> inodes that were using that key.  If the user is also using the init_on_free=1
> kernel command-line option to enable automatic zeroing of all freed memory, that
> should cause those inode's pagecache pages (which contain decrypted data) to be
> zeroed, so that they can't be compromised later by an online attack.
> 
> This new filesystem-wide cache containing decrypted pages might break that.  It
> sounds like when an inode is evicted, its cached pages won't necessarily be
> evicted from this new filesystem-wide cache.

Correct.

> 
> Can you ensure that pages get evicted from this new cache when the inode to
> which they belong is evicted?

Not yet with current implementation, let me consider to find a way to make sure
all cached compressed pages being evicted during f2fs_evict_inode().

Thanks,

> 
> - Eric
> .
>

Powered by blists - more mailing lists