lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <c1e1f4b3-e3a0-4a9a-982d-9fd6f6e96090@igalia.com>
Date: Fri, 22 Aug 2025 11:07:14 -0300
From: André Almeida <andrealmeid@...lia.com>
To: Amir Goldstein <amir73il@...il.com>
Cc: Miklos Szeredi <miklos@...redi.hu>, Theodore Tso <tytso@....edu>,
 Gabriel Krisman Bertazi <krisman@...nel.org>, linux-unionfs@...r.kernel.org,
 linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
 Alexander Viro <viro@...iv.linux.org.uk>,
 Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>,
 kernel-dev@...lia.com
Subject: Re: [PATCH v5 4/9] ovl: Create ovl_casefold() to support casefolded
 strncmp()

Em 17/08/2025 11:33, Amir Goldstein escreveu:
> On Thu, Aug 14, 2025 at 7:22 PM André Almeida <andrealmeid@...lia.com> wrote:
>>
>> To add overlayfs support casefold layers, create a new function
>> ovl_casefold(), to be able to do case-insensitive strncmp().
>>
>> ovl_casefold() allocates a new buffer and stores the casefolded version
>> of the string on it. If the allocation or the casefold operation fails,
>> fallback to use the original string.
>>
>> The case-insentive name is then used in the rb-tree search/insertion
>> operation. If the name is found in the rb-tree, the name can be
>> discarded and the buffer is freed. If the name isn't found, it's then
>> stored at struct ovl_cache_entry to be used later.
>>
>> Signed-off-by: André Almeida <andrealmeid@...lia.com>
>> ---
>> Changes from v4:
>>   - Move the consumer/free buffer logic out to the caller
>>   - s/aux/c_name
>>
>> Changes from v3:
>>   - Improve commit message text
>>   - s/OVL_NAME_LEN/NAME_MAX
>>   - drop #ifdef in favor of if(IS_ENABLED)
>>   - use new helper sb_encoding
>>   - merged patch "Store casefold name..." and "Create ovl_casefold()..."
>>   - Guard all the casefolding inside of IS_ENABLED(UNICODE)
>>
>> Changes from v2:
>> - Refactor the patch to do a single kmalloc() per rb_tree operation
>> - Instead of casefolding the cache entry name everytime per strncmp(),
>>    casefold it once and reuse it for every strncmp().
>> ---
>>   fs/overlayfs/readdir.c | 115 +++++++++++++++++++++++++++++++++++++++++--------
>>   1 file changed, 97 insertions(+), 18 deletions(-)
>>
>> diff --git a/fs/overlayfs/readdir.c b/fs/overlayfs/readdir.c
>> index b65cdfce31ce27172d28d879559f1008b9c87320..803ac6a7516d0156ae7793ee1ff884dbbf2e20b0 100644
>> --- a/fs/overlayfs/readdir.c
>> +++ b/fs/overlayfs/readdir.c
>> @@ -27,6 +27,8 @@ struct ovl_cache_entry {
>>          bool is_upper;
>>          bool is_whiteout;
>>          bool check_xwhiteout;
>> +       const char *cf_name;
>> +       int cf_len;
> 
> We should also change these member names to c_name
> Because they are the "compare/canonicalized" name, which
> may or may not be casefolded.
> 
>>          char name[];
>>   };
>>
>> @@ -45,6 +47,7 @@ struct ovl_readdir_data {
>>          struct list_head *list;
>>          struct list_head middle;
>>          struct ovl_cache_entry *first_maybe_whiteout;
>> +       struct unicode_map *map;
>>          int count;
>>          int err;
>>          bool is_upper;
>> @@ -66,6 +69,27 @@ static struct ovl_cache_entry *ovl_cache_entry_from_node(struct rb_node *n)
>>          return rb_entry(n, struct ovl_cache_entry, node);
>>   }
>>
>> +static int ovl_casefold(struct unicode_map *map, const char *str, int len, char **dst)
>> +{
>> +       const struct qstr qstr = { .name = str, .len = len };
>> +       int cf_len;
>> +
>> +       if (!IS_ENABLED(CONFIG_UNICODE) || !map || is_dot_dotdot(str, len))
>> +               return 0;
>> +
>> +       *dst = kmalloc(NAME_MAX, GFP_KERNEL);
>> +
>> +       if (dst) {
>> +               cf_len = utf8_casefold(map, &qstr, *dst, NAME_MAX);
>> +
>> +               if (cf_len > 0)
>> +                       return cf_len;
>> +       }
>> +
>> +       kfree(*dst);
>> +       return 0;
>> +}
>> +
>>   static bool ovl_cache_entry_find_link(const char *name, int len,
>>                                        struct rb_node ***link,
>>                                        struct rb_node **parent)
>> @@ -79,7 +103,7 @@ static bool ovl_cache_entry_find_link(const char *name, int len,
>>
>>                  *parent = *newp;
>>                  tmp = ovl_cache_entry_from_node(*newp);
>> -               cmp = strncmp(name, tmp->name, len);
>> +               cmp = strncmp(name, tmp->cf_name, tmp->cf_len);
>>                  if (cmp > 0)
>>                          newp = &tmp->node.rb_right;
>>                  else if (cmp < 0 || len < tmp->len)
> 
> This looks like a bug - should be len < tmp->c_len
> 
>> @@ -101,7 +125,7 @@ static struct ovl_cache_entry *ovl_cache_entry_find(struct rb_root *root,
>>          while (node) {
>>                  struct ovl_cache_entry *p = ovl_cache_entry_from_node(node);
>>
>> -               cmp = strncmp(name, p->name, len);
>> +               cmp = strncmp(name, p->cf_name, p->cf_len);
>>                  if (cmp > 0)
>>                          node = p->node.rb_right;
>>                  else if (cmp < 0 || len < p->len)
> 
> Same here.
> 
> But it's not the only bug, because this patch regresses 3 fstests without
> enabling any casefolding:
> 

That was due to the following change:

-               cmp = strncmp(name, p->name, len);
+               cmp = strncmp(name, p->cf_name, p->cf_len);

Keeping len (instead of p->cf_len) as the third argument fixed it. I 
will send a v6 with that and the other changes.

> overlay/038 12s ...  [14:16:39] [14:16:50]- output mismatch (see
> /results/overlay/results-large/overlay/038.out.bad)
>      --- tests/overlay/038.out 2025-05-25 08:52:54.000000000 +0000
>      +++ /results/overlay/results-large/overlay/038.out.bad 2025-08-17
> 14:16:50.549367654 +0000
>      @@ -1,2 +1,3 @@
>       QA output created by 038
>      +Merged dir: Invalid d_ino reported for ..
>       Silence is golden
> 
> overlay/041 11s ...  [14:16:54] [14:17:05]- output mismatch (see
> /results/overlay/results-large/overlay/041.out.bad)
>      --- tests/overlay/041.out 2025-05-25 08:52:54.000000000 +0000
>      +++ /results/overlay/results-large/overlay/041.out.bad 2025-08-17
> 14:17:05.275206922 +0000
>      @@ -1,2 +1,3 @@
>       QA output created by 041
>      +Merged dir: Invalid d_ino reported for ..
>       Silence is golden
> 
> overlay/077 19s ...  [14:17:08][  107.348626] WARNING: CPU: 3 PID:
> 5414 at fs/overlayfs/readdir.c:677 ovl_dir_read_impure+0x178/0x1c0
> [  107.354647] ---[ end trace 0000000000000000 ]---
> [  107.399525] WARNING: CPU: 2 PID: 5415 at fs/overlayfs/readdir.c:677
> ovl_dir_read_impure+0x178/0x1c0
> [  107.406826] ---[ end trace 0000000000000000 ]---
> _check_dmesg: something found in dmesg (see
> /results/overlay/results-large/overlay/077.dmesg)
>   [14:17:28]- output mismatch (see
> /results/overlay/results-large/overlay/077.out.bad)
>      --- tests/overlay/077.out 2025-05-25 08:52:54.000000000 +0000
>      +++ /results/overlay/results-large/overlay/077.out.bad 2025-08-17
> 14:17:28.762250671 +0000
>      @@ -1,2 +1,6 @@
>       QA output created by 077
>      +getdents: Input/output error
>      +Missing created file in impure upper dir (see
> /results/overlay/results-large/overlay/077.full for details)
>      +getdents: Input/output error
>      +Found unlinked file in impure upper dir (see
> /results/overlay/results-large/overlay/077.full for details)
>       Silence is golden
> 
> Thanks,
> Amir.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ