From: Steven Rostedt <rostedt@goodmis.org>
To: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>,
Kees Cook <keescook@chromium.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-kernel@vger.kernel.org,
Masami Hiramatsu <mhiramat@kernel.org>,
Mark Rutland <mark.rutland@arm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Christian Brauner <brauner@kernel.org>,
Al Viro <viro@zeniv.linux.org.uk>,
Ajay Kaher <ajay.kaher@broadcom.com>
Subject: Re: [for-linus][PATCH 1/3] eventfs: Have the inodes all for files and directories all be the same
Date: Mon, 22 Jan 2024 12:50:04 -0500 [thread overview]
Message-ID: <20240122125004.7bbf0b70@gandalf.local.home> (raw)
In-Reply-To: <ccc4234d-8a47-4c0f-808a-95e61c9c9171@efficios.com>
On Mon, 22 Jan 2024 12:14:36 -0500
Mathieu Desnoyers <mathieu.desnoyers@efficios.com> wrote:
>
> Why use an improvised hashing function (re-purposed from
> scripts/kconfig/symbol.c to a use-case which is exposed through a
That hash is just salt to the real hash function, which is the
siphash_1u32(). I added the name hash so that each file will get a little
different salt to the hash.
The siphash_1u32() is what the rest of the kernel uses for hashing kernel
address space.
> userspace ABI prone to kernel address leaks) rather than simply
> reserving values by setting bits in a bitmap ?
>
> How many inodes do we realistically expect to have there ?
If I only do directories, it is actually significantly less.
>
> On my 6.1.0 kernel:
>
> find /sys/kernel/tracing | wc -l
> 15598
>
> (mainly due to TRACE_EVENT ABI files)
>
> Hashing risks:
>
> - Exposing kernel addresses if the hashing algorithm is broken,
Well this was my biggest concern, but if I truncate at least a nibble, with
the unique salt to the algorithm for each file, how easily does that expose
kernel addresses.
The ei itself, is created from kmalloc() so you would at best get a heap
address. But with the missing nibble (if I mask it with ((1 << 28) - 1),
and much more taken away for 64 bit systems), and the added unique salt, is
it possible for this to expose anything that could be used in an attack?
> - Collisions if users are unlucky (which could trigger those
> 'find' errors).
>
> Those 15598 inode values fit within a single page (bitmap of
> 1922 bytes).
>
> So I would recommend simply adding a bitmap per tracefs filesystem
> instance to keep track of inode number allocation.
And how do I recover this bit after the inode is freed, but then referenced
again?
>
> Creation/removal of files/directories in tracefs should not be
> a fast-path anyway, so who cares about the speed of a find first
> bit within a single page ?
>
When an inode is no longer referenced, it is freed. When it is referenced
again, I want it to be recreated with the same inode number it had
previously. How would having a bitmask help with that? I need a way to map
an ei structure with a unique number without adding another 4 bytes to the
structure itself.
-- Steve
next prev parent reply other threads:[~2024-01-22 17:48 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-17 14:35 [for-linus][PATCH 0/3] eventfs: A few more fixes for 6.8 Steven Rostedt
2024-01-17 14:35 ` [for-linus][PATCH 1/3] eventfs: Have the inodes all for files and directories all be the same Steven Rostedt
2024-01-22 10:38 ` Geert Uytterhoeven
2024-01-22 15:06 ` Steven Rostedt
2024-01-22 16:23 ` Geert Uytterhoeven
2024-01-22 16:47 ` Steven Rostedt
2024-01-22 17:37 ` Linus Torvalds
2024-01-22 17:39 ` Linus Torvalds
2024-01-22 18:19 ` Linus Torvalds
2024-01-22 18:27 ` Mathieu Desnoyers
2024-01-22 19:37 ` Steven Rostedt
2024-01-22 18:50 ` Kees Cook
2024-01-22 19:44 ` Steven Rostedt
2024-01-22 19:48 ` Steven Rostedt
2024-01-22 21:33 ` Kees Cook
2024-01-25 17:40 ` Christian Brauner
2024-01-25 18:07 ` Steven Rostedt
2024-01-25 18:08 ` Steven Rostedt
2024-01-26 8:07 ` Geert Uytterhoeven
2024-01-26 10:11 ` Christian Brauner
2024-01-26 16:25 ` Steven Rostedt
2024-01-26 19:09 ` Linus Torvalds
2024-01-26 13:16 ` Steven Rostedt
2024-01-26 14:06 ` Steven Rostedt
2024-01-22 17:14 ` Mathieu Desnoyers
2024-01-22 17:50 ` Steven Rostedt [this message]
2024-01-22 18:35 ` Mathieu Desnoyers
2024-01-22 19:59 ` Steven Rostedt
2024-01-17 14:35 ` [for-linus][PATCH 2/3] eventfs: Do not create dentries nor inodes in iterate_shared Steven Rostedt
2024-01-17 14:35 ` [for-linus][PATCH 3/3] eventfs: Use kcalloc() instead of kzalloc() Steven Rostedt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240122125004.7bbf0b70@gandalf.local.home \
--to=rostedt@goodmis.org \
--cc=ajay.kaher@broadcom.com \
--cc=akpm@linux-foundation.org \
--cc=brauner@kernel.org \
--cc=geert@linux-m68k.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mathieu.desnoyers@efficios.com \
--cc=mhiramat@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).