lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 30 May 2024 20:11:33 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: Lizhi Xu <lizhi.xu@...driver.com>
Cc: coreteam@...filter.org, davem@...emloft.net, fw@...len.de,
	jaegeuk@...nel.org, kadlec@...filter.org, kuba@...nel.org,
	linux-fscrypt@...r.kernel.org, linux-kernel@...r.kernel.org,
	netdev@...r.kernel.org, netfilter-devel@...r.kernel.org,
	pablo@...filter.org,
	syzbot+340581ba9dceb7e06fb3@...kaller.appspotmail.com,
	syzkaller-bugs@...glegroups.com, tytso@....edu
Subject: Re: [PATCH V2] ext4: add casefolded feature check before setup
 encrypted info

On Fri, May 31, 2024 at 11:07:40AM +0800, 'Lizhi Xu' via syzkaller-bugs wrote:
> Due to the current file system not supporting the casefolded feature, only 
> i_crypt_info was initialized when creating encrypted information, without actually
> setting the sighash. Therefore, when creating an inode, if the system does not 
> support the casefolded feature, encrypted information will not be created.
> 
> Reported-by: syzbot+340581ba9dceb7e06fb3@...kaller.appspotmail.com
> Signed-off-by: Lizhi Xu <lizhi.xu@...driver.com>
> ---
>  fs/ext4/ialloc.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c
> index e9bbb1da2d0a..47b75589fdf4 100644
> --- a/fs/ext4/ialloc.c
> +++ b/fs/ext4/ialloc.c
> @@ -983,7 +983,8 @@ struct inode *__ext4_new_inode(struct mnt_idmap *idmap,
>  		ei->i_projid = make_kprojid(&init_user_ns, EXT4_DEF_PROJID);
>  
>  	if (!(i_flags & EXT4_EA_INODE_FL)) {
> -		err = fscrypt_prepare_new_inode(dir, inode, &encrypt);
> +		if (ext4_has_feature_casefold(inode->i_sb))
> +			err = fscrypt_prepare_new_inode(dir, inode, &encrypt);
>  		if (err)
>  			goto out;

No, this is not correct at all.  This just disables encryption on filesystems
with the casefold feature.

As I said before, please also use the correct mailing lists.

- Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ