* [PATCH] ext4: Fix no-key deletion for encrypt+casefold
@ 2021-05-22 0:41 Daniel Rosenberg
2021-05-25 17:29 ` Eric Biggers
2021-06-03 2:02 ` Theodore Ts'o
0 siblings, 2 replies; 3+ messages in thread
From: Daniel Rosenberg @ 2021-05-22 0:41 UTC (permalink / raw)
To: Theodore Y . Ts'o, Eric Biggers, Andreas Dilger, linux-ext4
Cc: linux-kernel, linux-fsdevel, Gabriel Krisman Bertazi,
kernel-team, Daniel Rosenberg
commit 471fbbea7ff7 ("ext4: handle casefolding with encryption") is
missing a few checks for the encryption key which are needed to
support deleting enrypted casefolded files when the key is not
present.
Note from ebiggers:
(These checks for the encryption key are still racy since they happen
too late, but apparently they worked well enough...)
This bug made it impossible to delete encrypted+casefolded directories
without the encryption key, due to errors like:
W : EXT4-fs warning (device vdc): __ext4fs_dirhash:270: inode #49202: comm Binder:378_4: Siphash requires key
Repro steps in kvm-xfstests test appliance:
mkfs.ext4 -F -E encoding=utf8 -O encrypt /dev/vdc
mount /vdc
mkdir /vdc/dir
chattr +F /vdc/dir
keyid=$(head -c 64 /dev/zero | xfs_io -c add_enckey /vdc | awk '{print $NF}')
xfs_io -c "set_encpolicy $keyid" /vdc/dir
for i in `seq 1 100`; do
mkdir /vdc/dir/$i
done
xfs_io -c "rm_enckey $keyid" /vdc
rm -rf /vdc/dir # fails with the bug
Fixes: 471fbbea7ff7 ("ext4: handle casefolding with encryption")
Signed-off-by: Daniel Rosenberg <drosen@google.com>
---
fs/ext4/namei.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
index afb9d05a99ba..a4af26d4459a 100644
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -1376,7 +1376,8 @@ int ext4_fname_setup_ci_filename(struct inode *dir, const struct qstr *iname,
struct dx_hash_info *hinfo = &name->hinfo;
int len;
- if (!IS_CASEFOLDED(dir) || !dir->i_sb->s_encoding) {
+ if (!IS_CASEFOLDED(dir) || !dir->i_sb->s_encoding ||
+ (IS_ENCRYPTED(dir) && !fscrypt_has_encryption_key(dir))) {
cf_name->name = NULL;
return 0;
}
@@ -1427,7 +1428,8 @@ static bool ext4_match(struct inode *parent,
#endif
#ifdef CONFIG_UNICODE
- if (parent->i_sb->s_encoding && IS_CASEFOLDED(parent)) {
+ if (parent->i_sb->s_encoding && IS_CASEFOLDED(parent) &&
+ (!IS_ENCRYPTED(parent) || fscrypt_has_encryption_key(parent))) {
if (fname->cf_name.name) {
struct qstr cf = {.name = fname->cf_name.name,
.len = fname->cf_name.len};
--
2.31.1.818.g46aad6cb9e-goog
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] ext4: Fix no-key deletion for encrypt+casefold
2021-05-22 0:41 [PATCH] ext4: Fix no-key deletion for encrypt+casefold Daniel Rosenberg
@ 2021-05-25 17:29 ` Eric Biggers
2021-06-03 2:02 ` Theodore Ts'o
1 sibling, 0 replies; 3+ messages in thread
From: Eric Biggers @ 2021-05-25 17:29 UTC (permalink / raw)
To: Daniel Rosenberg
Cc: Theodore Y . Ts'o, Andreas Dilger, linux-ext4, linux-kernel,
linux-fsdevel, Gabriel Krisman Bertazi, kernel-team
On Sat, May 22, 2021 at 12:41:32AM +0000, Daniel Rosenberg wrote:
> commit 471fbbea7ff7 ("ext4: handle casefolding with encryption") is
> missing a few checks for the encryption key which are needed to
> support deleting enrypted casefolded files when the key is not
> present.
>
> Note from ebiggers:
> (These checks for the encryption key are still racy since they happen
> too late, but apparently they worked well enough...)
>
> This bug made it impossible to delete encrypted+casefolded directories
> without the encryption key, due to errors like:
>
> W : EXT4-fs warning (device vdc): __ext4fs_dirhash:270: inode #49202: comm Binder:378_4: Siphash requires key
>
> Repro steps in kvm-xfstests test appliance:
> mkfs.ext4 -F -E encoding=utf8 -O encrypt /dev/vdc
> mount /vdc
> mkdir /vdc/dir
> chattr +F /vdc/dir
> keyid=$(head -c 64 /dev/zero | xfs_io -c add_enckey /vdc | awk '{print $NF}')
> xfs_io -c "set_encpolicy $keyid" /vdc/dir
> for i in `seq 1 100`; do
> mkdir /vdc/dir/$i
> done
> xfs_io -c "rm_enckey $keyid" /vdc
> rm -rf /vdc/dir # fails with the bug
Looks fine, but can you please turn this reproducer into an xfstest?
I'm also wondering if you've done any investigation into fixing ext4 to handle
filenames properly like f2fs does, so that the above-mentioned race condition is
eliminated. In particular, we should decide whether the user-supplied filename
is a no-key name, and whether it needs casefolding or not, just once -- rather
than separately for each directory entry compared in ext4_match().
- Eric
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] ext4: Fix no-key deletion for encrypt+casefold
2021-05-22 0:41 [PATCH] ext4: Fix no-key deletion for encrypt+casefold Daniel Rosenberg
2021-05-25 17:29 ` Eric Biggers
@ 2021-06-03 2:02 ` Theodore Ts'o
1 sibling, 0 replies; 3+ messages in thread
From: Theodore Ts'o @ 2021-06-03 2:02 UTC (permalink / raw)
To: Daniel Rosenberg
Cc: Eric Biggers, Andreas Dilger, linux-ext4, linux-kernel,
linux-fsdevel, Gabriel Krisman Bertazi, kernel-team
On Sat, May 22, 2021 at 12:41:32AM +0000, Daniel Rosenberg wrote:
> commit 471fbbea7ff7 ("ext4: handle casefolding with encryption") is
> missing a few checks for the encryption key which are needed to
> support deleting enrypted casefolded files when the key is not
> present.
>
> Note from ebiggers:
> (These checks for the encryption key are still racy since they happen
> too late, but apparently they worked well enough...)
>
> This bug made it impossible to delete encrypted+casefolded directories
> without the encryption key, due to errors like:
>
> W : EXT4-fs warning (device vdc): __ext4fs_dirhash:270: inode #49202: comm Binder:378_4: Siphash requires key
>
> Repro steps in kvm-xfstests test appliance:
> mkfs.ext4 -F -E encoding=utf8 -O encrypt /dev/vdc
> mount /vdc
> mkdir /vdc/dir
> chattr +F /vdc/dir
> keyid=$(head -c 64 /dev/zero | xfs_io -c add_enckey /vdc | awk '{print $NF}')
> xfs_io -c "set_encpolicy $keyid" /vdc/dir
> for i in `seq 1 100`; do
> mkdir /vdc/dir/$i
> done
> xfs_io -c "rm_enckey $keyid" /vdc
> rm -rf /vdc/dir # fails with the bug
>
> Fixes: 471fbbea7ff7 ("ext4: handle casefolding with encryption")
> Signed-off-by: Daniel Rosenberg <drosen@google.com>
Applied, thanks.
- Ted
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-06-03 2:02 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-22 0:41 [PATCH] ext4: Fix no-key deletion for encrypt+casefold Daniel Rosenberg
2021-05-25 17:29 ` Eric Biggers
2021-06-03 2:02 ` Theodore Ts'o
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.