lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <871q2bf62q.fsf@mailhost.krisman.be>
Date: Mon, 26 Aug 2024 15:16:13 -0400
From: Gabriel Krisman Bertazi <gabriel@...sman.be>
To: André Almeida <andrealmeid@...lia.com>
Cc: Hugh Dickins <hughd@...gle.com>,  Andrew Morton
 <akpm@...ux-foundation.org>,  Alexander Viro <viro@...iv.linux.org.uk>,
  Christian Brauner <brauner@...nel.org>,  Jan Kara <jack@...e.cz>,
  linux-mm@...ck.org,  linux-kernel@...r.kernel.org,
  linux-fsdevel@...r.kernel.org,  kernel-dev@...lia.com,
  krisman@...nel.org,  Daniel Rosenberg <drosen@...gle.com>,
  smcv@...labora.com
Subject: Re: [PATCH 1/5] tmpfs: Add casefold lookup support

André Almeida <andrealmeid@...lia.com> writes:

> Enable casefold lookup in tmpfs, based on the enconding defined by
> userspace. That means that instead of comparing byte per byte a file
> name, it compares to a case-insensitive equivalent of the Unicode
> string.

Hey,
>
> * dcache handling
>
> There's a special need when dealing with case-insensitive dentries.
> First of all, we currently invalidated every negative casefold dentries.
> That happens because currently VFS code has no proper support to deal
> with that, giving that it could incorrectly reuse a previous filename
> for a new file that has a casefold match. For instance, this could
> happen:
>
> $ mkdir DIR
> $ rm -r DIR
> $ mkdir dir
> $ ls
> DIR/

Right. Hopefully we can lift the limitation once we get the negative
dentry support for casefolded directories merged.

> And would be perceived as inconsistency from userspace point of view,
> because even that we match files in a case-insensitive manner, we still
> honor whatever is the initial filename.
>
> Along with that, tmpfs stores only the first equivalent name dentry used
> in the dcache, preventing duplications of dentries in the dcache. The
> d_compare() version for casefold files stores a normalized string, and
> before every lookup, the filename is normalized as well, achieving a
> casefolded lookup.

This is a bit misleading, because d_compare doesn't store
anything. d_compare does a case-insensitive comparison of the
filename-under-lookup with the dentry name, but it doesn't store
filename-under-lookup.

>  2 files changed, 63 insertions(+), 1 deletion(-)
>
> diff --git a/include/linux/shmem_fs.h b/include/linux/shmem_fs.h
> index 1d06b1e5408a..1a1196b077a6 100644
> --- a/include/linux/shmem_fs.h
> +++ b/include/linux/shmem_fs.h
> @@ -73,6 +73,7 @@ struct shmem_sb_info {
>  	struct list_head shrinklist;  /* List of shinkable inodes */
>  	unsigned long shrinklist_len; /* Length of shrinklist */
>  	struct shmem_quota_limits qlimits; /* Default quota limits */
> +	bool casefold;

This is redundant. you can just check sb->s_encoding != NULL.
>  };
>  
>  static inline struct shmem_inode_info *SHMEM_I(struct inode *inode)
> diff --git a/mm/shmem.c b/mm/shmem.c
> index 5a77acf6ac6a..aa272c62f811 100644
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -40,6 +40,8 @@
>  #include <linux/fs_parser.h>
>  #include <linux/swapfile.h>
>  #include <linux/iversion.h>
> +#include <linux/unicode.h>
> +#include <linux/parser.h>
>  #include "swap.h"
>  
>  static struct vfsmount *shm_mnt __ro_after_init;
> @@ -123,6 +125,8 @@ struct shmem_options {
>  	bool noswap;
>  	unsigned short quota_types;
>  	struct shmem_quota_limits qlimits;
> +	struct unicode_map *encoding;
> +	bool strict_encoding;
>  #define SHMEM_SEEN_BLOCKS 1
>  #define SHMEM_SEEN_INODES 2
>  #define SHMEM_SEEN_HUGE 4
> @@ -3427,6 +3431,12 @@ shmem_mknod(struct mnt_idmap *idmap, struct inode *dir,
>  	if (IS_ERR(inode))
>  		return PTR_ERR(inode);
>  
> +#if IS_ENABLED(CONFIG_UNICODE)
> +	if (sb_has_strict_encoding(dir->i_sb) && IS_CASEFOLDED(dir) &&
> +	    dir->i_sb->s_encoding && utf8_validate(dir->i_sb->s_encoding, &dentry->d_name))
> +		return -EINVAL;
> +#endif

Can you made this a helper that other filesystems can use?  Also,
sorting it to check IS_CASEFOLDED(dir) first would be a good idea.

> +
>  	error = simple_acl_create(dir, inode);
>  	if (error)
>  		goto out_iput;
> @@ -3435,6 +3445,9 @@ shmem_mknod(struct mnt_idmap *idmap, struct inode *dir,
>  	if (error && error != -EOPNOTSUPP)
>  		goto out_iput;
>  
> +	if (IS_CASEFOLDED(dir))
> +		d_add(dentry, NULL);
> +

I get why you do this here and elsewhere: Since we disable negative
dentries in case-insensitive directories, you have an unhashed dentry
here.  We can get away with it in ext4/f2fs because the next lookup will
find the file on disk and create the dentry, but in shmem we need to
hash it.

But it is not the right way to do it. you are effectively creating a
negative dentry to turn it positive right below. One problem with that
is that if simple_offset_add() fails, you left an illegal negative
dentry in a case-insensitive directory. Another, is that a parallel
lookup will be able to find the negative dentry temporarily.  fsnotify
will also behave weirdly.

What I think you should do is call d_add once with the proper inode and
never call d_instantiate for it.

> +	/*
> +	 * For now, VFS can't deal with case-insensitive negative dentries, so
> +	 * we destroy them
> +	 */
> +	if (IS_CASEFOLDED(dir))
> +		d_invalidate(dentry);
> +
>  	return 0;
>  }

s/destroy/invalidate/


> @@ -4471,6 +4497,11 @@ static void shmem_put_super(struct super_block *sb)
>  {
>  	struct shmem_sb_info *sbinfo = SHMEM_SB(sb);
>  
> +#if IS_ENABLED(CONFIG_UNICODE)
> +	if (sbinfo->casefold)
> +		utf8_unload(sb->s_encoding);
> +#endif

if (sb->s_encoding)
  utf8_unload(sb->s_encoding);

> +#if IS_ENABLED(CONFIG_UNICODE)
> +	if (ctx->encoding) {
> +		sb->s_encoding = ctx->encoding;
> +		generic_set_sb_d_ops(sb);
> +		if (ctx->strict_encoding)
> +			sb->s_encoding_flags = SB_ENC_STRICT_MODE_FL;
> +		sbinfo->casefold = true;
> +	}
> +#endif
> +
>  #else
>  	sb->s_flags |= SB_NOUSER;
>  #endif
> @@ -4704,11 +4746,28 @@ static const struct inode_operations shmem_inode_operations = {
>  #endif
>  };
>  
> +static struct dentry *shmem_lookup(struct inode *dir, struct dentry *dentry, unsigned int flags)
> +{
> +	if (dentry->d_name.len > NAME_MAX)
> +		return ERR_PTR(-ENAMETOOLONG);
> +
> +	/*
> +	 * For now, VFS can't deal with case-insensitive negative dentries, so
> +	 * we prevent them from being created
> +	 */
> +	if (IS_CASEFOLDED(dir))
> +		return NULL;
> +
> +	d_add(dentry, NULL);
> +
> +	return NULL;
> +}
> +
>  static const struct inode_operations shmem_dir_inode_operations = {
>  #ifdef CONFIG_TMPFS
>  	.getattr	= shmem_getattr,
>  	.create		= shmem_create,
> -	.lookup		= simple_lookup,
> +	.lookup		= shmem_lookup,
>  	.link		= shmem_link,
>  	.unlink		= shmem_unlink,
>  	.symlink	= shmem_symlink,
> @@ -4791,6 +4850,8 @@ int shmem_init_fs_context(struct fs_context *fc)
>  	ctx->uid = current_fsuid();
>  	ctx->gid = current_fsgid();
>  
> +	ctx->encoding = NULL;
> +

I find the organization of this patchset a bit weird because the other
part of the init_fs_context is only done in patch 3.  Perhaps 1 and 3
should be merged together to make review easier.


-- 
Gabriel Krisman Bertazi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ