| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260123013132.662393-6-lihongbo22@huawei.com>
Date: Fri, 23 Jan 2026 01:31:27 +0000
From: Hongbo Li <lihongbo22@...wei.com>
To: <hsiangkao@...ux.alibaba.com>, <chao@...nel.org>, <brauner@...nel.org>
CC: <hch@....de>, <djwong@...nel.org>, <amir73il@...il.com>,
<linux-fsdevel@...r.kernel.org>, <linux-erofs@...ts.ozlabs.org>,
<linux-kernel@...r.kernel.org>, <lihongbo22@...wei.com>
Subject: [PATCH v18 05/10] erofs: using domain_id in the safer way
Either the existing fscache usecase or the upcoming page
cache sharing case, the `domain_id` should be protected as
sensitive information, so we use the safer helpers to allocate,
free and display domain_id.
Signed-off-by: Hongbo Li <lihongbo22@...wei.com>
Reviewed-by: Gao Xiang <hsiangkao@...ux.alibaba.com>
---
Documentation/filesystems/erofs.rst | 5 +++--
fs/erofs/fscache.c | 4 ++--
fs/erofs/super.c | 10 ++++------
3 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/Documentation/filesystems/erofs.rst b/Documentation/filesystems/erofs.rst
index 08194f194b94..40dbf3b6a35f 100644
--- a/Documentation/filesystems/erofs.rst
+++ b/Documentation/filesystems/erofs.rst
@@ -126,8 +126,9 @@ dax={always,never} Use direct access (no page cache). See
dax A legacy option which is an alias for ``dax=always``.
device=%s Specify a path to an extra device to be used together.
fsid=%s Specify a filesystem image ID for Fscache back-end.
-domain_id=%s Specify a domain ID in fscache mode so that different images
- with the same blobs under a given domain ID can share storage.
+domain_id=%s Specify a trusted domain ID for fscache mode so that
+ different images with the same blobs, identified by blob IDs,
+ can share storage within the same trusted domain.
fsoffset=%llu Specify block-aligned filesystem offset for the primary device.
=================== =========================================================
diff --git a/fs/erofs/fscache.c b/fs/erofs/fscache.c
index f4937b025038..a2cc0f3fa9d0 100644
--- a/fs/erofs/fscache.c
+++ b/fs/erofs/fscache.c
@@ -379,7 +379,7 @@ static void erofs_fscache_domain_put(struct erofs_domain *domain)
}
fscache_relinquish_volume(domain->volume, NULL, false);
mutex_unlock(&erofs_domain_list_lock);
- kfree(domain->domain_id);
+ kfree_sensitive(domain->domain_id);
kfree(domain);
return;
}
@@ -446,7 +446,7 @@ static int erofs_fscache_init_domain(struct super_block *sb)
sbi->domain = domain;
return 0;
out:
- kfree(domain->domain_id);
+ kfree_sensitive(domain->domain_id);
kfree(domain);
return err;
}
diff --git a/fs/erofs/super.c b/fs/erofs/super.c
index dca1445f6c92..38be26ba04bb 100644
--- a/fs/erofs/super.c
+++ b/fs/erofs/super.c
@@ -525,10 +525,8 @@ static int erofs_fc_parse_param(struct fs_context *fc,
return -ENOMEM;
break;
case Opt_domain_id:
- kfree(sbi->domain_id);
- sbi->domain_id = kstrdup(param->string, GFP_KERNEL);
- if (!sbi->domain_id)
- return -ENOMEM;
+ kfree_sensitive(sbi->domain_id);
+ sbi->domain_id = no_free_ptr(param->string);
break;
#else
case Opt_fsid:
@@ -624,7 +622,7 @@ static void erofs_set_sysfs_name(struct super_block *sb)
{
struct erofs_sb_info *sbi = EROFS_SB(sb);
- if (sbi->domain_id)
+ if (sbi->domain_id && sbi->fsid)
super_set_sysfs_name_generic(sb, "%s,%s", sbi->domain_id,
sbi->fsid);
else if (sbi->fsid)
@@ -852,7 +850,7 @@ static void erofs_sb_free(struct erofs_sb_info *sbi)
{
erofs_free_dev_context(sbi->devs);
kfree(sbi->fsid);
- kfree(sbi->domain_id);
+ kfree_sensitive(sbi->domain_id);
if (sbi->dif0.file)
fput(sbi->dif0.file);
kfree(sbi->volume_name);
--
2.22.0
Powered by blists - more mailing lists