| Message ID | 20200917041136.178600-14-ebiggers@kernel.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | fscrypt: improve file creation flow | expand |
On Wed, 2020-09-16 at 21:11 -0700, Eric Biggers wrote: > From: Eric Biggers <ebiggers@google.com> > > fscrypt_set_test_dummy_encryption() requires that the optional argument > to the test_dummy_encryption mount option be specified as a substring_t. > That doesn't work well with filesystems that use the new mount API, > since the new way of parsing mount options doesn't use substring_t. > > Make it take the argument as a 'const char *' instead. > > Instead of moving the match_strdup() into the callers in ext4 and f2fs, > make them just use arg->from directly. Since the pattern is > "test_dummy_encryption=%s", the argument will be null-terminated. > Are you sure about that? I thought the point of substring_t was to give you a token from the string without null terminating it. ISTM that when you just pass in ->from, you might end up with trailing arguments in your string like this. e.g.: "v2,foo,bar,baz" ...and then that might fail to match properly in fscrypt_set_test_dummy_encryption. > Signed-off-by: Eric Biggers <ebiggers@google.com> > --- > fs/crypto/policy.c | 20 ++++++-------------- > fs/ext4/super.c | 2 +- > fs/f2fs/super.c | 2 +- > include/linux/fscrypt.h | 5 +---- > 4 files changed, 9 insertions(+), 20 deletions(-) > > diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c > index 97cf07543651f..4441d9944b9ef 100644 > --- a/fs/crypto/policy.c > +++ b/fs/crypto/policy.c > @@ -697,8 +697,7 @@ EXPORT_SYMBOL_GPL(fscrypt_set_context); > /** > * fscrypt_set_test_dummy_encryption() - handle '-o test_dummy_encryption' > * @sb: the filesystem on which test_dummy_encryption is being specified > - * @arg: the argument to the test_dummy_encryption option. > - * If no argument was specified, then @arg->from == NULL. > + * @arg: the argument to the test_dummy_encryption option. May be NULL. > * @dummy_policy: the filesystem's current dummy policy (input/output, see > * below) > * > @@ -712,29 +711,23 @@ EXPORT_SYMBOL_GPL(fscrypt_set_context); > * -EEXIST if a different dummy policy is already set; > * or another -errno value. > */ > -int fscrypt_set_test_dummy_encryption(struct super_block *sb, > - const substring_t *arg, > +int fscrypt_set_test_dummy_encryption(struct super_block *sb, const char *arg, > struct fscrypt_dummy_policy *dummy_policy) > { > - const char *argstr = "v2"; > - const char *argstr_to_free = NULL; > struct fscrypt_key_specifier key_spec = { 0 }; > int version; > union fscrypt_policy *policy = NULL; > int err; > > - if (arg->from) { > - argstr = argstr_to_free = match_strdup(arg); > - if (!argstr) > - return -ENOMEM; > - } > + if (!arg) > + arg = "v2"; > > - if (!strcmp(argstr, "v1")) { > + if (!strcmp(arg, "v1")) { > version = FSCRYPT_POLICY_V1; > key_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; > memset(key_spec.u.descriptor, 0x42, > FSCRYPT_KEY_DESCRIPTOR_SIZE); > - } else if (!strcmp(argstr, "v2")) { > + } else if (!strcmp(arg, "v2")) { > version = FSCRYPT_POLICY_V2; > key_spec.type = FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER; > /* key_spec.u.identifier gets filled in when adding the key */ > @@ -785,7 +778,6 @@ int fscrypt_set_test_dummy_encryption(struct super_block *sb, > err = 0; > out: > kfree(policy); > - kfree(argstr_to_free); > return err; > } > EXPORT_SYMBOL_GPL(fscrypt_set_test_dummy_encryption); > diff --git a/fs/ext4/super.c b/fs/ext4/super.c > index 7e77722406e2f..ed5624285a475 100644 > --- a/fs/ext4/super.c > +++ b/fs/ext4/super.c > @@ -1893,7 +1893,7 @@ static int ext4_set_test_dummy_encryption(struct super_block *sb, > "Can't set test_dummy_encryption on remount"); > return -1; > } > - err = fscrypt_set_test_dummy_encryption(sb, arg, > + err = fscrypt_set_test_dummy_encryption(sb, arg->from, > &sbi->s_dummy_enc_policy); > if (err) { > if (err == -EEXIST) > diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c > index f2b3d1a279fb7..c72d22c0c52e7 100644 > --- a/fs/f2fs/super.c > +++ b/fs/f2fs/super.c > @@ -438,7 +438,7 @@ static int f2fs_set_test_dummy_encryption(struct super_block *sb, > return -EINVAL; > } > err = fscrypt_set_test_dummy_encryption( > - sb, arg, &F2FS_OPTION(sbi).dummy_enc_policy); > + sb, arg->from, &F2FS_OPTION(sbi).dummy_enc_policy); > if (err) { > if (err == -EEXIST) > f2fs_warn(sbi, > diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h > index b3b0c5675c6b1..fc67c4cbaa968 100644 > --- a/include/linux/fscrypt.h > +++ b/include/linux/fscrypt.h > @@ -15,7 +15,6 @@ > > #include <linux/fs.h> > #include <linux/mm.h> > -#include <linux/parser.h> > #include <linux/slab.h> > #include <uapi/linux/fscrypt.h> > > @@ -153,9 +152,7 @@ struct fscrypt_dummy_policy { > const union fscrypt_policy *policy; > }; > > -int fscrypt_set_test_dummy_encryption( > - struct super_block *sb, > - const substring_t *arg, > +int fscrypt_set_test_dummy_encryption(struct super_block *sb, const char *arg, > struct fscrypt_dummy_policy *dummy_policy); > void fscrypt_show_test_dummy_encryption(struct seq_file *seq, char sep, > struct super_block *sb);
On Thu, Sep 17, 2020 at 08:32:39AM -0400, Jeff Layton wrote: > On Wed, 2020-09-16 at 21:11 -0700, Eric Biggers wrote: > > From: Eric Biggers <ebiggers@google.com> > > > > fscrypt_set_test_dummy_encryption() requires that the optional argument > > to the test_dummy_encryption mount option be specified as a substring_t. > > That doesn't work well with filesystems that use the new mount API, > > since the new way of parsing mount options doesn't use substring_t. > > > > Make it take the argument as a 'const char *' instead. > > > > Instead of moving the match_strdup() into the callers in ext4 and f2fs, > > make them just use arg->from directly. Since the pattern is > > "test_dummy_encryption=%s", the argument will be null-terminated. > > > > Are you sure about that? I thought the point of substring_t was to give > you a token from the string without null terminating it. > > ISTM that when you just pass in ->from, you might end up with trailing > arguments in your string like this. e.g.: > > "v2,foo,bar,baz" > > ...and then that might fail to match properly > in fscrypt_set_test_dummy_encryption. > Yes I'm sure, and I had also tested it. The use of match_token() here is to parse one null-terminated mount option at a time. The reason that match_token() can return multiple substrings is that the pattern might be something like "foo=%d:%d". But here it's just "test_dummy_encryption=%s". "%s" matches until end-of-string. - Eric
On Thu, 2020-09-17 at 08:29 -0700, Eric Biggers wrote: > On Thu, Sep 17, 2020 at 08:32:39AM -0400, Jeff Layton wrote: > > On Wed, 2020-09-16 at 21:11 -0700, Eric Biggers wrote: > > > From: Eric Biggers <ebiggers@google.com> > > > > > > fscrypt_set_test_dummy_encryption() requires that the optional argument > > > to the test_dummy_encryption mount option be specified as a substring_t. > > > That doesn't work well with filesystems that use the new mount API, > > > since the new way of parsing mount options doesn't use substring_t. > > > > > > Make it take the argument as a 'const char *' instead. > > > > > > Instead of moving the match_strdup() into the callers in ext4 and f2fs, > > > make them just use arg->from directly. Since the pattern is > > > "test_dummy_encryption=%s", the argument will be null-terminated. > > > > > > > Are you sure about that? I thought the point of substring_t was to give > > you a token from the string without null terminating it. > > > > ISTM that when you just pass in ->from, you might end up with trailing > > arguments in your string like this. e.g.: > > > > "v2,foo,bar,baz" > > > > ...and then that might fail to match properly > > in fscrypt_set_test_dummy_encryption. > > > > Yes I'm sure, and I had also tested it. The use of match_token() here is to > parse one null-terminated mount option at a time. > > The reason that match_token() can return multiple substrings is that the pattern > might be something like "foo=%d:%d". > > But here it's just "test_dummy_encryption=%s". "%s" matches until end-of-string. Got it. Thanks for explaining!
diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c index 97cf07543651f..4441d9944b9ef 100644 --- a/fs/crypto/policy.c +++ b/fs/crypto/policy.c @@ -697,8 +697,7 @@ EXPORT_SYMBOL_GPL(fscrypt_set_context); /** * fscrypt_set_test_dummy_encryption() - handle '-o test_dummy_encryption' * @sb: the filesystem on which test_dummy_encryption is being specified - * @arg: the argument to the test_dummy_encryption option. - * If no argument was specified, then @arg->from == NULL. + * @arg: the argument to the test_dummy_encryption option. May be NULL. * @dummy_policy: the filesystem's current dummy policy (input/output, see * below) * @@ -712,29 +711,23 @@ EXPORT_SYMBOL_GPL(fscrypt_set_context); * -EEXIST if a different dummy policy is already set; * or another -errno value. */ -int fscrypt_set_test_dummy_encryption(struct super_block *sb, - const substring_t *arg, +int fscrypt_set_test_dummy_encryption(struct super_block *sb, const char *arg, struct fscrypt_dummy_policy *dummy_policy) { - const char *argstr = "v2"; - const char *argstr_to_free = NULL; struct fscrypt_key_specifier key_spec = { 0 }; int version; union fscrypt_policy *policy = NULL; int err; - if (arg->from) { - argstr = argstr_to_free = match_strdup(arg); - if (!argstr) - return -ENOMEM; - } + if (!arg) + arg = "v2"; - if (!strcmp(argstr, "v1")) { + if (!strcmp(arg, "v1")) { version = FSCRYPT_POLICY_V1; key_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; memset(key_spec.u.descriptor, 0x42, FSCRYPT_KEY_DESCRIPTOR_SIZE); - } else if (!strcmp(argstr, "v2")) { + } else if (!strcmp(arg, "v2")) { version = FSCRYPT_POLICY_V2; key_spec.type = FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER; /* key_spec.u.identifier gets filled in when adding the key */ @@ -785,7 +778,6 @@ int fscrypt_set_test_dummy_encryption(struct super_block *sb, err = 0; out: kfree(policy); - kfree(argstr_to_free); return err; } EXPORT_SYMBOL_GPL(fscrypt_set_test_dummy_encryption); diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 7e77722406e2f..ed5624285a475 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -1893,7 +1893,7 @@ static int ext4_set_test_dummy_encryption(struct super_block *sb, "Can't set test_dummy_encryption on remount"); return -1; } - err = fscrypt_set_test_dummy_encryption(sb, arg, + err = fscrypt_set_test_dummy_encryption(sb, arg->from, &sbi->s_dummy_enc_policy); if (err) { if (err == -EEXIST) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index f2b3d1a279fb7..c72d22c0c52e7 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -438,7 +438,7 @@ static int f2fs_set_test_dummy_encryption(struct super_block *sb, return -EINVAL; } err = fscrypt_set_test_dummy_encryption( - sb, arg, &F2FS_OPTION(sbi).dummy_enc_policy); + sb, arg->from, &F2FS_OPTION(sbi).dummy_enc_policy); if (err) { if (err == -EEXIST) f2fs_warn(sbi, diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index b3b0c5675c6b1..fc67c4cbaa968 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -15,7 +15,6 @@ #include <linux/fs.h> #include <linux/mm.h> -#include <linux/parser.h> #include <linux/slab.h> #include <uapi/linux/fscrypt.h> @@ -153,9 +152,7 @@ struct fscrypt_dummy_policy { const union fscrypt_policy *policy; }; -int fscrypt_set_test_dummy_encryption( - struct super_block *sb, - const substring_t *arg, +int fscrypt_set_test_dummy_encryption(struct super_block *sb, const char *arg, struct fscrypt_dummy_policy *dummy_policy); void fscrypt_show_test_dummy_encryption(struct seq_file *seq, char sep, struct super_block *sb);