From patchwork Fri Jan 17 21:42:38 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Rosenberg X-Patchwork-Id: 11339855 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EA8BF17EA for ; Fri, 17 Jan 2020 21:42:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id C90F02072B for ; Fri, 17 Jan 2020 21:42:59 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="RpJE0vRP" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729091AbgAQVm7 (ORCPT ); Fri, 17 Jan 2020 16:42:59 -0500 Received: from mail-pj1-f73.google.com ([209.85.216.73]:56619 "EHLO mail-pj1-f73.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727033AbgAQVm6 (ORCPT ); Fri, 17 Jan 2020 16:42:58 -0500 Received: by mail-pj1-f73.google.com with SMTP id d6so4813842pjs.6 for ; Fri, 17 Jan 2020 13:42:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=oVzP1lZIn+a9St2ynepuCubjBDmFUsIeC3EfH/4msv0=; b=RpJE0vRPtcFs+HwS/CjBwBybBr/6ggom40mvJvh3ijp1Iwn3zl70sBx/gr77hKICJW Nn+3hy98ID7+xceD3nY1pqc5rDoxEghmYiE44KXjp1v7sduUZaJffqZjavDWKbbW1pj/ zvMqLu9v53P+kYkQf1EpgyOjfRf8tsQbfxmgAGShQ1s6rZFM4SwNE46oSlcAgkg3Svdr ad7rWRKJhiWki92ARxOdBSMv6FVelFEk33fmbCruHpr2B6yfyyI10LPh0QAmz8hu4++A 65C7CE4mGfBlm9wXLVFLOmGV4Yze3r2BmuwbO/sz0YHYhTB8AqWnQ++5Hr4sN0Yqr88Z QNXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=oVzP1lZIn+a9St2ynepuCubjBDmFUsIeC3EfH/4msv0=; b=PCpzlyVYyQLfyW6kcoGIItjrC7YKsPzPLA2SJpEJk04jxYL2W5F6B8AaHkJnAM7LrK ALptTMNY9casimiFBPoImS+NQhnHnmj7/8wH/pTFYH9KaoendtE/ExKN1Pk8S7Je1xis sj28/QbbPJArNndONqXftMLfl5pSVQsA8jGZW8I0I/LhHeLz4T5/4JpZkQRigFzlj5ud UGIb/vG5C6xLQh7Ylm/J2Ay71wY5ax7dFqirECWK3AucCbvJVfcVcSU3fXfBdOE+wlH/ 3Py9ZRfq2MgRpA90ZVnoBGGbm2FF5w/xYfZgcB6ANuAKvma9yvVJgTRPLcI3EEneWHvZ FstQ== X-Gm-Message-State: APjAAAUaFwSV9n5qRr6+qMhzSzJnHLQS9GbeQ/Wx8yJDjxjVpWd70FEX lG5wFpj1XlkUzHgH6ZgxASVEYXD+ygo= X-Google-Smtp-Source: APXvYqyIgLp3Uf69UUUDJ12oPBO4Pke5blxqDXg302lLv/U33gnMRHUKpFqg0f+AuwAB8CavAzgqN8TQNc0= X-Received: by 2002:a63:2fc4:: with SMTP id v187mr46768529pgv.55.1579297377257; Fri, 17 Jan 2020 13:42:57 -0800 (PST) Date: Fri, 17 Jan 2020 13:42:38 -0800 In-Reply-To: <20200117214246.235591-1-drosen@google.com> Message-Id: <20200117214246.235591-2-drosen@google.com> Mime-Version: 1.0 References: <20200117214246.235591-1-drosen@google.com> X-Mailer: git-send-email 2.25.0.341.g760bfbb309-goog Subject: [PATCH v3 1/9] fscrypt: Add siphash and hash key for policy v2 From: Daniel Rosenberg To: "Theodore Ts'o" , linux-ext4@vger.kernel.org, Jaegeuk Kim , Chao Yu , linux-f2fs-devel@lists.sourceforge.net, Eric Biggers , linux-fscrypt@vger.kernel.org, Alexander Viro Cc: Andreas Dilger , Jonathan Corbet , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Gabriel Krisman Bertazi , kernel-team@android.com, Daniel Rosenberg Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org With encryption and casefolding, we cannot simply take the hash of the ciphertext because of case insensitivity, and we can't take the hash of the unencrypted name since that would leak information about the encrypted name. Instead we can use siphash to compute a keyed hash of the file names. When a v2 policy is used on a directory, we derive a key for use with siphash. Signed-off-by: Daniel Rosenberg --- fs/crypto/fname.c | 22 ++++++++++++++++++++++ fs/crypto/fscrypt_private.h | 9 +++++++++ fs/crypto/keysetup.c | 35 +++++++++++++++++++++++++---------- include/linux/fscrypt.h | 9 +++++++++ 4 files changed, 65 insertions(+), 10 deletions(-) diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c index 3fd27e14ebdd6..371e8f01d1c8e 100644 --- a/fs/crypto/fname.c +++ b/fs/crypto/fname.c @@ -402,6 +402,28 @@ int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname, } EXPORT_SYMBOL(fscrypt_setup_filename); +/** + * fscrypt_fname_siphash() - Calculate the siphash for a file name + * @dir: the parent directory + * @name: the name of the file to get the siphash of + * + * Given a user-provided filename @name, this function calculates the siphash of + * that name using the directory's hash key. + * + * This assumes the directory uses a v2 policy, and the key is available. + * + * Return: the siphash of @name using the hash key of @dir + */ +u64 fscrypt_fname_siphash(const struct inode *dir, const struct qstr *name) +{ + struct fscrypt_info *ci = dir->i_crypt_info; + + WARN_ON(!ci->ci_hash_key_initialized); + + return siphash(name->name, name->len, &ci->ci_hash_key); +} +EXPORT_SYMBOL(fscrypt_fname_siphash); + /* * Validate dentries in encrypted directories to make sure we aren't potentially * caching stale dentries after a key has been added. diff --git a/fs/crypto/fscrypt_private.h b/fs/crypto/fscrypt_private.h index b22e8decebedd..8b37a5eebb574 100644 --- a/fs/crypto/fscrypt_private.h +++ b/fs/crypto/fscrypt_private.h @@ -12,6 +12,7 @@ #define _FSCRYPT_PRIVATE_H #include +#include #include #define CONST_STRLEN(str) (sizeof(str) - 1) @@ -188,6 +189,13 @@ struct fscrypt_info { */ struct fscrypt_direct_key *ci_direct_key; + /* + * With v2 policies, this can be used with siphash + * When the key has been set, ci_hash_key_initialized is set to true + */ + siphash_key_t ci_hash_key; + bool ci_hash_key_initialized; + /* The encryption policy used by this inode */ union fscrypt_policy ci_policy; @@ -262,6 +270,7 @@ extern int fscrypt_init_hkdf(struct fscrypt_hkdf *hkdf, const u8 *master_key, #define HKDF_CONTEXT_PER_FILE_KEY 2 #define HKDF_CONTEXT_DIRECT_KEY 3 #define HKDF_CONTEXT_IV_INO_LBLK_64_KEY 4 +#define HKDF_CONTEXT_FNAME_HASH_KEY 5 extern int fscrypt_hkdf_expand(const struct fscrypt_hkdf *hkdf, u8 context, const u8 *info, unsigned int infolen, diff --git a/fs/crypto/keysetup.c b/fs/crypto/keysetup.c index 96074054bdbc8..7445ab76e0b32 100644 --- a/fs/crypto/keysetup.c +++ b/fs/crypto/keysetup.c @@ -189,7 +189,7 @@ static int fscrypt_setup_v2_file_key(struct fscrypt_info *ci, * This ensures that the master key is consistently used only * for HKDF, avoiding key reuse issues. */ - return setup_per_mode_key(ci, mk, mk->mk_direct_tfms, + err = setup_per_mode_key(ci, mk, mk->mk_direct_tfms, HKDF_CONTEXT_DIRECT_KEY, false); } else if (ci->ci_policy.v2.flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64) { @@ -199,21 +199,36 @@ static int fscrypt_setup_v2_file_key(struct fscrypt_info *ci, * the IVs. This format is optimized for use with inline * encryption hardware compliant with the UFS or eMMC standards. */ - return setup_per_mode_key(ci, mk, mk->mk_iv_ino_lblk_64_tfms, + err = setup_per_mode_key(ci, mk, mk->mk_iv_ino_lblk_64_tfms, HKDF_CONTEXT_IV_INO_LBLK_64_KEY, true); + } else { + err = fscrypt_hkdf_expand(&mk->mk_secret.hkdf, + HKDF_CONTEXT_PER_FILE_KEY, + ci->ci_nonce, + FS_KEY_DERIVATION_NONCE_SIZE, + derived_key, ci->ci_mode->keysize); + if (err) + return err; + + err = fscrypt_set_derived_key(ci, derived_key); + memzero_explicit(derived_key, ci->ci_mode->keysize); } - - err = fscrypt_hkdf_expand(&mk->mk_secret.hkdf, - HKDF_CONTEXT_PER_FILE_KEY, - ci->ci_nonce, FS_KEY_DERIVATION_NONCE_SIZE, - derived_key, ci->ci_mode->keysize); if (err) return err; - err = fscrypt_set_derived_key(ci, derived_key); - memzero_explicit(derived_key, ci->ci_mode->keysize); - return err; + if (S_ISDIR(ci->ci_inode->i_mode)) { + err = fscrypt_hkdf_expand(&mk->mk_secret.hkdf, + HKDF_CONTEXT_FNAME_HASH_KEY, + ci->ci_nonce, + FS_KEY_DERIVATION_NONCE_SIZE, + (u8 *)&ci->ci_hash_key, + sizeof(ci->ci_hash_key)); + if (err) + return err; + ci->ci_hash_key_initialized = true; + } + return 0; } /* diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index 6fe8d0f96a4ac..1dfbed855beeb 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -172,6 +172,8 @@ extern int fscrypt_fname_disk_to_usr(const struct inode *inode, u32 hash, u32 minor_hash, const struct fscrypt_str *iname, struct fscrypt_str *oname); +extern u64 fscrypt_fname_siphash(const struct inode *dir, + const struct qstr *name); #define FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE 32 @@ -468,6 +470,13 @@ static inline int fscrypt_fname_disk_to_usr(const struct inode *inode, return -EOPNOTSUPP; } +static inline u64 fscrypt_fname_siphash(const struct inode *dir, + const struct qstr *name) +{ + WARN_ON_ONCE(1); + return 0; +} + static inline bool fscrypt_match_name(const struct fscrypt_name *fname, const u8 *de_name, u32 de_name_len) { From patchwork Fri Jan 17 21:42:39 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Rosenberg X-Patchwork-Id: 11339889 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 40D9792A for ; Fri, 17 Jan 2020 21:43:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 1F7CB20842 for ; Fri, 17 Jan 2020 21:43:42 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="WHQxC8Nh" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729342AbgAQVnl (ORCPT ); Fri, 17 Jan 2020 16:43:41 -0500 Received: from mail-pg1-f202.google.com ([209.85.215.202]:39488 "EHLO mail-pg1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729064AbgAQVnA (ORCPT ); Fri, 17 Jan 2020 16:43:00 -0500 Received: by mail-pg1-f202.google.com with SMTP id v2so15161798pgv.6 for ; Fri, 17 Jan 2020 13:43:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=ijaPqYX9QMZlgJNEqLIabbahqNoro6V7G/0uSLsc++o=; b=WHQxC8Nh4cFd+mKz0Z5y8hCNfaRWaIIItg6rAD4vRRKh08n1rF1ROJp9bdNhKHjJEe dB+QzSzQk+37KIA3xLEYSV5jYc4LXnUAkScu6uDLEfQxiLJhWSUqLkSk9o/lj3OGUOFv x7d1El6VyYGxobDvLS1U1KrD73lJ1hHS4/+7B8qljX4+5zRjTKVAcKRaD+DQJ+DOSszS Quz0IYsmfSMa9Ytm8SlgE4uCUjy38oOsimu9gdN9/5CWb0bp8uDvRUzsZv7KYdIVZQFk 3LnqAgjGyE/d2ro52ABbHg/HE7dIctRYBIsBeLkMsAqgNdPO0t9LQXQxfHUAMHwqtmvi 0wNw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=ijaPqYX9QMZlgJNEqLIabbahqNoro6V7G/0uSLsc++o=; b=AVPYDvmjtiw5XcczYUAA/yKmv4SgrrEihwYaA1bMKHmiHliFVawlxEPkpEpIn5ZjLf zcv54ejrmQYylSyJhrMnouEp82vTSNx32td9TLDPLVAN9umTH+go8oKlB1ayIhKLCO4H s9jFWvChbsFX2zKOE0CYzIT8UIRa+kR0mdOwrL5FrCp+TbbnFKzy1/9FfPl3/hk1JFsT 4se5YMy+OCTWyrdkAojem7KWnH8q9orGhG+167Gt3trFPJ3vg78fUYmloe5x4toqHrc0 +SDnazNNtYboSmxHaJMCIKaBnuaGby5ALQ9FOcvQ1yKPEX6dFcjvqxf6gLgaCLzNmQ50 pyqQ== X-Gm-Message-State: APjAAAXO2449ekxlAo9xmfFKwH2Ksjp4sMEm5ibeD401vYKlJYt339T8 vCX3KzIM/xpx2f0b5RkGiZcqRPF363s= X-Google-Smtp-Source: APXvYqzKuQnOCxtPcdxY/PuMxbANDvGzPhycQ/4MRG+yecKcHD6KYxDk5xX57ii8X1oM1NolqUYQnxR+7ug= X-Received: by 2002:a63:3756:: with SMTP id g22mr47225338pgn.375.1579297379818; Fri, 17 Jan 2020 13:42:59 -0800 (PST) Date: Fri, 17 Jan 2020 13:42:39 -0800 In-Reply-To: <20200117214246.235591-1-drosen@google.com> Message-Id: <20200117214246.235591-3-drosen@google.com> Mime-Version: 1.0 References: <20200117214246.235591-1-drosen@google.com> X-Mailer: git-send-email 2.25.0.341.g760bfbb309-goog Subject: [PATCH v3 2/9] fscrypt: Don't allow v1 policies with casefolding From: Daniel Rosenberg To: "Theodore Ts'o" , linux-ext4@vger.kernel.org, Jaegeuk Kim , Chao Yu , linux-f2fs-devel@lists.sourceforge.net, Eric Biggers , linux-fscrypt@vger.kernel.org, Alexander Viro Cc: Andreas Dilger , Jonathan Corbet , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Gabriel Krisman Bertazi , kernel-team@android.com, Daniel Rosenberg Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org Casefolding currently requires a derived key for computing the siphash. This is available for v2 policies, but not v1, so we disallow it for v1. Signed-off-by: Daniel Rosenberg --- fs/crypto/policy.c | 28 ++++++++++++++++++++++++++++ fs/inode.c | 3 ++- include/linux/fscrypt.h | 11 +++++++++++ 3 files changed, 41 insertions(+), 1 deletion(-) diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c index f1cff83c151ac..2cd9a940d8f46 100644 --- a/fs/crypto/policy.c +++ b/fs/crypto/policy.c @@ -124,6 +124,12 @@ static bool fscrypt_supported_v1_policy(const struct fscrypt_policy_v1 *policy, policy->filenames_encryption_mode)) return false; + if (IS_CASEFOLDED(inode)) { + fscrypt_warn(inode, + "v1 policy does not support casefolded directories"); + return false; + } + return true; } @@ -579,3 +585,25 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child, return preload ? fscrypt_get_encryption_info(child): 0; } EXPORT_SYMBOL(fscrypt_inherit_context); + +int fscrypt_ioc_setflags_prepare(struct inode *inode, + unsigned int oldflags, + unsigned int flags) +{ + union fscrypt_policy policy; + int err; + + /* + * When a directory is encrypted, the CASEFOLD flag can only be turned + * on if the fscrypt policy supports it. + */ + if (IS_ENCRYPTED(inode) && (flags & ~oldflags & FS_CASEFOLD_FL)) { + err = fscrypt_get_policy(inode, &policy); + if (err) + return err; + if (policy.version != FSCRYPT_POLICY_V2) + return -EINVAL; + } + + return 0; +} diff --git a/fs/inode.c b/fs/inode.c index 96d62d97694ef..8f6267858d0c1 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include "internal.h" @@ -2252,7 +2253,7 @@ int vfs_ioc_setflags_prepare(struct inode *inode, unsigned int oldflags, !capable(CAP_LINUX_IMMUTABLE)) return -EPERM; - return 0; + return fscrypt_ioc_setflags_prepare(inode, oldflags, flags); } EXPORT_SYMBOL(vfs_ioc_setflags_prepare); diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index 1dfbed855beeb..2c292f19c6b94 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -142,6 +142,10 @@ extern int fscrypt_ioctl_get_policy_ex(struct file *, void __user *); extern int fscrypt_has_permitted_context(struct inode *, struct inode *); extern int fscrypt_inherit_context(struct inode *, struct inode *, void *, bool); +extern int fscrypt_ioc_setflags_prepare(struct inode *inode, + unsigned int oldflags, + unsigned int flags); + /* keyring.c */ extern void fscrypt_sb_free(struct super_block *sb); extern int fscrypt_ioctl_add_key(struct file *filp, void __user *arg); @@ -383,6 +387,13 @@ static inline int fscrypt_inherit_context(struct inode *parent, return -EOPNOTSUPP; } +static inline int fscrypt_ioc_setflags_prepare(struct inode *inode, + unsigned int oldflags, + unsigned int flags) +{ + return 0; +} + /* keyring.c */ static inline void fscrypt_sb_free(struct super_block *sb) { From patchwork Fri Jan 17 21:42:40 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Rosenberg X-Patchwork-Id: 11339887 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3685392A for ; Fri, 17 Jan 2020 21:43:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 025FD2087E for ; Fri, 17 Jan 2020 21:43:41 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="uUGq+dc3" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729361AbgAQVnD (ORCPT ); Fri, 17 Jan 2020 16:43:03 -0500 Received: from mail-pl1-f202.google.com ([209.85.214.202]:40425 "EHLO mail-pl1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729080AbgAQVnD (ORCPT ); Fri, 17 Jan 2020 16:43:03 -0500 Received: by mail-pl1-f202.google.com with SMTP id o12so11387238pll.7 for ; Fri, 17 Jan 2020 13:43:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=ukTX292U+2VcVX5ngLn2LgkUWhDOBHnzjPplbC8odDM=; b=uUGq+dc35nudg9nEj9wkdY75EkHIlMAOQp3BY9tAtNK/JDHb5DAWYXPTwUS/roBJCR xXe6HO2KZq4nLBRLO5j86lxp9jblxQM9vm4shX1tHojuISVnnfhYmhXwY4UmhwcsBsDs 8/H0Lhbj3YFL6+kpKl8xE/yu1qaMCb3LQ19JuX06TnkLtnBMzSmS+a1A3EQpxeCPcSPf QmP2QHmtvBNU6aSm9hMxdGG59kQN/3GnvwR8N7xIXsulJPq5dIriD+9yQcckGMHPSwQc Y5Gy4gb2+j9pMxqEzLoqV0fdXV9bK+/fXPc/zpU/sCp5u+KkUcvXbchMuEzPd4qOymRK mkJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=ukTX292U+2VcVX5ngLn2LgkUWhDOBHnzjPplbC8odDM=; b=ZvImWG7MV3BAoYUI6uSEJWIlNpiMwLsUdbn8iqz8NcGsqRSwE0gZKJroKuZsK20keW AgRKcjNMs435+0YodM20VjV4OpPzl4wJ2gDHgyCTh0BSQKyklXhBe6+DYScKrQhkWwIv Xok1snDw77Tde+VctjqKJknD6J0kZwgLIdDNBKRixHX+TEQkA0hVC30EneU6Wy6vAvJT CZpd9Goq7dKZ4iWsapTSlV2YlfR9/d2JQIKRJyhduQ84Do7diLU1hJF/aytmdjrySxwv VUm666TC0NLjNret6RwN83nteLyoUMS0VwxMFERA8kBqLyjxZQ3ob6c9l84VWnpW/xcv fnEA== X-Gm-Message-State: APjAAAWHa/CHneA9Iu+146vqzb7rf2F+BtHadT4auiSREwk7qglXMwWp /GKXEBAIqtJls2D4vfUN8h8wllcA53k= X-Google-Smtp-Source: APXvYqx0s4/S1nosUCZqXwcnzu7Uy3VUsmtnOzvlBPwX50rAlj2OpUolq89j4/3k42aMspaeactl7QKiIas= X-Received: by 2002:a63:2bcd:: with SMTP id r196mr46570787pgr.65.1579297382526; Fri, 17 Jan 2020 13:43:02 -0800 (PST) Date: Fri, 17 Jan 2020 13:42:40 -0800 In-Reply-To: <20200117214246.235591-1-drosen@google.com> Message-Id: <20200117214246.235591-4-drosen@google.com> Mime-Version: 1.0 References: <20200117214246.235591-1-drosen@google.com> X-Mailer: git-send-email 2.25.0.341.g760bfbb309-goog Subject: [PATCH v3 3/9] fscrypt: Change format of no-key token From: Daniel Rosenberg To: "Theodore Ts'o" , linux-ext4@vger.kernel.org, Jaegeuk Kim , Chao Yu , linux-f2fs-devel@lists.sourceforge.net, Eric Biggers , linux-fscrypt@vger.kernel.org, Alexander Viro Cc: Andreas Dilger , Jonathan Corbet , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Gabriel Krisman Bertazi , kernel-team@android.com, Daniel Rosenberg Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org Fscrypt supplies a no-key token in place of file names when the name is encrypted and the key is not present. In the current scheme, the no-key token is the base64 encoded ciphertext of the name, unless the name is longer than a certain amount, after which it uses an alternative scheme which includes the directory hash of the file name and an abbreviated form of the ciphertext. Encrypted and casefolded names always require a dirtree hash, since their values cannot be generated without the key. In the new format, we always base64 encode the same structure. For names that are less than 149 characters, we concatenate the provided hash and ciphertext. If the name is longer than 149 characters, we also include the sha256 of the remaining parts of the name. We then base64 encode the resulting data to get a representation of the name that is at most 252 characters long, with a very low collision rate. We avoid needing to compute the sha256 apart from in the case of a very long filename, and then only need to compute the sha256 of possible matches if their ciphertext is also longer than 149. Signed-off-by: Daniel Rosenberg --- fs/crypto/Kconfig | 1 + fs/crypto/fname.c | 210 ++++++++++++++++++++++++++++++---------- include/linux/fscrypt.h | 75 +------------- 3 files changed, 162 insertions(+), 124 deletions(-) diff --git a/fs/crypto/Kconfig b/fs/crypto/Kconfig index 02df95b44331d..8046d7c7a3e9c 100644 --- a/fs/crypto/Kconfig +++ b/fs/crypto/Kconfig @@ -21,5 +21,6 @@ config FS_ENCRYPTION_ALGS select CRYPTO_CTS select CRYPTO_ECB select CRYPTO_HMAC + select CRYPTO_SHA256 select CRYPTO_SHA512 select CRYPTO_XTS diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c index 371e8f01d1c8e..4006ffd59ffa2 100644 --- a/fs/crypto/fname.c +++ b/fs/crypto/fname.c @@ -13,9 +13,69 @@ #include #include +#include +#include #include #include "fscrypt_private.h" +/** + * fscrypt_nokey_name - identifier for on-disk filenames when key is not present + * + * When userspace lists an encrypted directory without access to the key, we + * must present them with a unique identifier for the file. base64 encoding will + * expand the space, so we use this format to avoid most collisions. + * + * Filesystems may rely on the hash being present to look up a file on disk. + * For filenames that are both casefolded and encrypted, it is not possible to + * calculate the hash without the key. Additionally, if the ciphertext is longer + * than what we can base64 encode, we cannot generate the hash from the partial + * name. For simplicity, we always store the hash at the front of the name, + * followed by the first 149 bytes of the ciphertext, and then the sha256 of the + * remainder of the name if the ciphertext was longer than 149 bytes. For the + * usual case of relatively short filenames, this allows us to avoid needing to + * compute the sha256. This results in an encoded name that is at most 252 bytes + * long. + */ + +#define FSCRYPT_FNAME_UNDIGESTED_SIZE 149 +struct fscrypt_nokey_name { + u32 dirtree_hash[2]; + u8 bytes[FSCRYPT_FNAME_UNDIGESTED_SIZE]; + u8 sha256[SHA256_DIGEST_SIZE]; +}; + +static struct crypto_shash *sha256_hash_tfm; + +static int fscrypt_do_sha256(unsigned char *result, + const u8 *data, unsigned int data_len) +{ + struct crypto_shash *tfm = READ_ONCE(sha256_hash_tfm); + + if (unlikely(!tfm)) { + struct crypto_shash *prev_tfm; + + tfm = crypto_alloc_shash("sha256", 0, 0); + if (IS_ERR(tfm)) { + fscrypt_err(NULL, + "Error allocating SHA-256 transform: %ld", + PTR_ERR(tfm)); + return PTR_ERR(tfm); + } + prev_tfm = cmpxchg(&sha256_hash_tfm, NULL, tfm); + if (prev_tfm) { + crypto_free_shash(tfm); + tfm = prev_tfm; + } + } + { + SHASH_DESC_ON_STACK(desc, tfm); + + desc->tfm = tfm; + + return crypto_shash_digest(desc, data, data_len, result); + } +} + static inline bool fscrypt_is_dot_dotdot(const struct qstr *str) { if (str->len == 1 && str->name[0] == '.') @@ -208,8 +268,7 @@ int fscrypt_fname_alloc_buffer(const struct inode *inode, struct fscrypt_str *crypto_str) { const u32 max_encoded_len = - max_t(u32, BASE64_CHARS(FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE), - 1 + BASE64_CHARS(sizeof(struct fscrypt_digested_name))); + BASE64_CHARS(sizeof(struct fscrypt_nokey_name)); u32 max_presented_len; max_presented_len = max(max_encoded_len, max_encrypted_len); @@ -242,9 +301,9 @@ EXPORT_SYMBOL(fscrypt_fname_free_buffer); * * The caller must have allocated sufficient memory for the @oname string. * - * If the key is available, we'll decrypt the disk name; otherwise, we'll encode - * it for presentation. Short names are directly base64-encoded, while long - * names are encoded in fscrypt_digested_name format. + * If the key is available, we'll decrypt the disk name; + * otherwise, we'll encode it for presentation in fscrypt_nokey_name format. + * See struct fscrypt_nokey_name for details. * * Return: 0 on success, -errno on failure */ @@ -254,7 +313,9 @@ int fscrypt_fname_disk_to_usr(const struct inode *inode, struct fscrypt_str *oname) { const struct qstr qname = FSTR_TO_QSTR(iname); - struct fscrypt_digested_name digested_name; + struct fscrypt_nokey_name nokey_name; + u32 size; + int err = 0; if (fscrypt_is_dot_dotdot(&qname)) { oname->name[0] = '.'; @@ -269,25 +330,29 @@ int fscrypt_fname_disk_to_usr(const struct inode *inode, if (fscrypt_has_encryption_key(inode)) return fname_decrypt(inode, iname, oname); - if (iname->len <= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE) { - oname->len = base64_encode(iname->name, iname->len, - oname->name); - return 0; - } if (hash) { - digested_name.hash = hash; - digested_name.minor_hash = minor_hash; + nokey_name.dirtree_hash[0] = hash; + nokey_name.dirtree_hash[1] = minor_hash; } else { - digested_name.hash = 0; - digested_name.minor_hash = 0; + nokey_name.dirtree_hash[0] = 0; + nokey_name.dirtree_hash[1] = 0; } - memcpy(digested_name.digest, - FSCRYPT_FNAME_DIGEST(iname->name, iname->len), - FSCRYPT_FNAME_DIGEST_SIZE); - oname->name[0] = '_'; - oname->len = 1 + base64_encode((const u8 *)&digested_name, - sizeof(digested_name), oname->name + 1); - return 0; + if (iname->len <= FSCRYPT_FNAME_UNDIGESTED_SIZE) { + memcpy(nokey_name.bytes, iname->name, iname->len); + size = offsetof(struct fscrypt_nokey_name, bytes[iname->len]); + } else { + memcpy(nokey_name.bytes, iname->name, + FSCRYPT_FNAME_UNDIGESTED_SIZE); + /* compute sha256 of remaining name */ + err = fscrypt_do_sha256(nokey_name.sha256, + &iname->name[FSCRYPT_FNAME_UNDIGESTED_SIZE], + iname->len - FSCRYPT_FNAME_UNDIGESTED_SIZE); + if (err) + return err; + size = offsetofend(struct fscrypt_nokey_name, sha256); + } + oname->len = base64_encode((const u8 *)&nokey_name, size, oname->name); + return err; } EXPORT_SYMBOL(fscrypt_fname_disk_to_usr); @@ -307,8 +372,7 @@ EXPORT_SYMBOL(fscrypt_fname_disk_to_usr); * get the disk_name. * * Else, for keyless @lookup operations, @iname is the presented ciphertext, so - * we decode it to get either the ciphertext disk_name (for short names) or the - * fscrypt_digested_name (for long names). Non-@lookup operations will be + * we decode it to get the fscrypt_nokey_name. Non-@lookup operations will be * impossible in this case, so we fail them with ENOKEY. * * If successful, fscrypt_free_filename() must be called later to clean up. @@ -318,8 +382,8 @@ EXPORT_SYMBOL(fscrypt_fname_disk_to_usr); int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname, int lookup, struct fscrypt_name *fname) { + struct fscrypt_nokey_name *nokey_name; int ret; - int digested; memset(fname, 0, sizeof(struct fscrypt_name)); fname->usr_fname = iname; @@ -359,41 +423,29 @@ int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname, * We don't have the key and we are doing a lookup; decode the * user-supplied name */ - if (iname->name[0] == '_') { - if (iname->len != - 1 + BASE64_CHARS(sizeof(struct fscrypt_digested_name))) - return -ENOENT; - digested = 1; - } else { - if (iname->len > - BASE64_CHARS(FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE)) - return -ENOENT; - digested = 0; - } fname->crypto_buf.name = - kmalloc(max_t(size_t, FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE, - sizeof(struct fscrypt_digested_name)), - GFP_KERNEL); + kmalloc(sizeof(struct fscrypt_nokey_name), GFP_KERNEL); if (fname->crypto_buf.name == NULL) return -ENOMEM; - ret = base64_decode(iname->name + digested, iname->len - digested, - fname->crypto_buf.name); - if (ret < 0) { + if (iname->len > BASE64_CHARS(sizeof(struct fscrypt_nokey_name))) { ret = -ENOENT; goto errout; } - fname->crypto_buf.len = ret; - if (digested) { - const struct fscrypt_digested_name *n = - (const void *)fname->crypto_buf.name; - fname->hash = n->hash; - fname->minor_hash = n->minor_hash; - } else { - fname->disk_name.name = fname->crypto_buf.name; - fname->disk_name.len = fname->crypto_buf.len; + ret = base64_decode(iname->name, iname->len, fname->crypto_buf.name); + if ((int)ret < offsetof(struct fscrypt_nokey_name, bytes[1]) || + (ret > offsetof(struct fscrypt_nokey_name, sha256) && + ret != offsetofend(struct fscrypt_nokey_name, sha256))) { + ret = -ENOENT; + goto errout; } + + nokey_name = (void *)fname->crypto_buf.name; + fname->crypto_buf.len = ret; + + fname->hash = nokey_name->dirtree_hash[0]; + fname->minor_hash = nokey_name->dirtree_hash[1]; return 0; errout: @@ -402,6 +454,62 @@ int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname, } EXPORT_SYMBOL(fscrypt_setup_filename); +/** + * fscrypt_match_name() - test whether the given name matches a directory entry + * @fname: the name being searched for + * @de_name: the name from the directory entry + * @de_name_len: the length of @de_name in bytes + * + * Normally @fname->disk_name will be set, and in that case we simply compare + * that to the name stored in the directory entry. The only exception is that + * if we don't have the key for an encrypted directory we'll instead need to + * match against the fscrypt_nokey_name. + * + * Return: %true if the name matches, otherwise %false. + */ +bool fscrypt_match_name(const struct fscrypt_name *fname, + const u8 *de_name, u32 de_name_len) +{ + BUILD_BUG_ON(BASE64_CHARS(offsetofend(struct fscrypt_nokey_name, + sha256)) > NAME_MAX); + if (unlikely(!fname->disk_name.name)) { + const struct fscrypt_nokey_name *n = + (const void *)fname->crypto_buf.name; + + if (fname->crypto_buf.len == + offsetofend(struct fscrypt_nokey_name, sha256)) { + u8 sha256[SHA256_DIGEST_SIZE]; + + if (de_name_len <= FSCRYPT_FNAME_UNDIGESTED_SIZE) + return false; + if (memcmp(de_name, n->bytes, + FSCRYPT_FNAME_UNDIGESTED_SIZE) != 0) + return false; + fscrypt_do_sha256(sha256, + &de_name[FSCRYPT_FNAME_UNDIGESTED_SIZE], + de_name_len - FSCRYPT_FNAME_UNDIGESTED_SIZE); + if (memcmp(sha256, n->sha256, sizeof(sha256)) != 0) + return false; + } else { + u32 len = fname->crypto_buf.len - + offsetof(struct fscrypt_nokey_name, bytes); + + if (de_name_len != len) + return false; + + if (memcmp(de_name, n->bytes, len) != 0) + return false; + } + + return true; + } + + if (de_name_len != fname->disk_name.len) + return false; + return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len); +} +EXPORT_SYMBOL(fscrypt_match_name); + /** * fscrypt_fname_siphash() - Calculate the siphash for a file name * @dir: the parent directory diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index 2c292f19c6b94..14a727759a81a 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -179,79 +179,8 @@ extern int fscrypt_fname_disk_to_usr(const struct inode *inode, extern u64 fscrypt_fname_siphash(const struct inode *dir, const struct qstr *name); -#define FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE 32 - -/* Extracts the second-to-last ciphertext block; see explanation below */ -#define FSCRYPT_FNAME_DIGEST(name, len) \ - ((name) + round_down((len) - FS_CRYPTO_BLOCK_SIZE - 1, \ - FS_CRYPTO_BLOCK_SIZE)) - -#define FSCRYPT_FNAME_DIGEST_SIZE FS_CRYPTO_BLOCK_SIZE - -/** - * fscrypt_digested_name - alternate identifier for an on-disk filename - * - * When userspace lists an encrypted directory without access to the key, - * filenames whose ciphertext is longer than FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE - * bytes are shown in this abbreviated form (base64-encoded) rather than as the - * full ciphertext (base64-encoded). This is necessary to allow supporting - * filenames up to NAME_MAX bytes, since base64 encoding expands the length. - * - * To make it possible for filesystems to still find the correct directory entry - * despite not knowing the full on-disk name, we encode any filesystem-specific - * 'hash' and/or 'minor_hash' which the filesystem may need for its lookups, - * followed by the second-to-last ciphertext block of the filename. Due to the - * use of the CBC-CTS encryption mode, the second-to-last ciphertext block - * depends on the full plaintext. (Note that ciphertext stealing causes the - * last two blocks to appear "flipped".) This makes accidental collisions very - * unlikely: just a 1 in 2^128 chance for two filenames to collide even if they - * share the same filesystem-specific hashes. - * - * However, this scheme isn't immune to intentional collisions, which can be - * created by anyone able to create arbitrary plaintext filenames and view them - * without the key. Making the "digest" be a real cryptographic hash like - * SHA-256 over the full ciphertext would prevent this, although it would be - * less efficient and harder to implement, especially since the filesystem would - * need to calculate it for each directory entry examined during a search. - */ -struct fscrypt_digested_name { - u32 hash; - u32 minor_hash; - u8 digest[FSCRYPT_FNAME_DIGEST_SIZE]; -}; - -/** - * fscrypt_match_name() - test whether the given name matches a directory entry - * @fname: the name being searched for - * @de_name: the name from the directory entry - * @de_name_len: the length of @de_name in bytes - * - * Normally @fname->disk_name will be set, and in that case we simply compare - * that to the name stored in the directory entry. The only exception is that - * if we don't have the key for an encrypted directory and a filename in it is - * very long, then we won't have the full disk_name and we'll instead need to - * match against the fscrypt_digested_name. - * - * Return: %true if the name matches, otherwise %false. - */ -static inline bool fscrypt_match_name(const struct fscrypt_name *fname, - const u8 *de_name, u32 de_name_len) -{ - if (unlikely(!fname->disk_name.name)) { - const struct fscrypt_digested_name *n = - (const void *)fname->crypto_buf.name; - if (WARN_ON_ONCE(fname->usr_fname->name[0] != '_')) - return false; - if (de_name_len <= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE) - return false; - return !memcmp(FSCRYPT_FNAME_DIGEST(de_name, de_name_len), - n->digest, FSCRYPT_FNAME_DIGEST_SIZE); - } - - if (de_name_len != fname->disk_name.len) - return false; - return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len); -} +extern bool fscrypt_match_name(const struct fscrypt_name *fname, + const u8 *de_name, u32 de_name_len); /* bio.c */ extern void fscrypt_decrypt_bio(struct bio *); From patchwork Fri Jan 17 21:42:41 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Rosenberg X-Patchwork-Id: 11339885 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C189092A for ; Fri, 17 Jan 2020 21:43:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 9FA182087E for ; Fri, 17 Jan 2020 21:43:39 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="HgH/cjvr" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729714AbgAQVnH (ORCPT ); Fri, 17 Jan 2020 16:43:07 -0500 Received: from mail-vs1-f73.google.com ([209.85.217.73]:50775 "EHLO mail-vs1-f73.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729525AbgAQVnG (ORCPT ); Fri, 17 Jan 2020 16:43:06 -0500 Received: by mail-vs1-f73.google.com with SMTP id s29so2493600vsj.17 for ; Fri, 17 Jan 2020 13:43:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=Q4rBdwTpu0kgcesfAqettRZRoe3eJIs+PO2/oZPudMI=; b=HgH/cjvrF4Zia0V0+IeU5NYRKU1aapr1ropmrp6wIQEhHKtyjKZuynqRYZXyB6R0iK M2gvpJkEsO67KRph9gY05tFOH+FqKAIxduQZ1V9cE1pI6KCoFEgF5hiXeUyBak4o5CHB pC2wEBiQBi7O2M65FW7rjDF5NwtzLRJEXal88aPC8G+3EUBIwKRyt9hrc0SevGsO2q9V ZhhpNLkkikMSEdps2HlgtM/v/nAVY60CZKzDcl1eyYCbY8yr3hu3NggL9wcq8AT0cych /o5RTDmU82+mRI5AKUX31wCwtJqLzhwEPgaDpYSI+MsIUhkkkYw3NWF7A95mbwJx1ey0 itxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=Q4rBdwTpu0kgcesfAqettRZRoe3eJIs+PO2/oZPudMI=; b=nZvTcEzrUL42iagMI5RQbkwd9+63hLhtvVWcDvv/zLpmNOzsYpcVEN7wNsyClJPcVC U/zVESP8RyXjBS7/SKoNIOSiu9ln3NteHPPMc3vx3HiCuK3Y26Ljm0LHAuz9KEaR5X9G VFh/Cc4eLWtDpuzFX+hZcAmJDxXlUt0FUHXOpB9qb6FWwoBLR492t1TlmZXsK+MINzPN vR5CWLAzc4XHLsE/StZVE1O9n17LkrxqY5di96/QKySVdZ2bTswlb13bYmVr8/FLj7Ls 2eT9n6EDqH/ZB+7CKeYMezqG+rBBqSDzeris/kGgaNmikmurWEgfgmeCZV1BMnLEvWm1 qyNw== X-Gm-Message-State: APjAAAXu/gkLAfbQ9TJCCmHyX3A8IF6DPDHZc8KUDqoJYSTS14POuaBc LJj8KpHO7mR6RcHRHfx7wkyTgGBNPFE= X-Google-Smtp-Source: APXvYqxzCff7DvKzBojWKyAGZ3dq8QFpSmD6KoOeo/TuurTUuCeKd0w8VmzzbGwNUGOYIzxOpi9DPxWBE9M= X-Received: by 2002:ab0:48cf:: with SMTP id y15mr24885192uac.26.1579297385289; Fri, 17 Jan 2020 13:43:05 -0800 (PST) Date: Fri, 17 Jan 2020 13:42:41 -0800 In-Reply-To: <20200117214246.235591-1-drosen@google.com> Message-Id: <20200117214246.235591-5-drosen@google.com> Mime-Version: 1.0 References: <20200117214246.235591-1-drosen@google.com> X-Mailer: git-send-email 2.25.0.341.g760bfbb309-goog Subject: [PATCH v3 4/9] fscrypt: Only create hash key when needed From: Daniel Rosenberg To: "Theodore Ts'o" , linux-ext4@vger.kernel.org, Jaegeuk Kim , Chao Yu , linux-f2fs-devel@lists.sourceforge.net, Eric Biggers , linux-fscrypt@vger.kernel.org, Alexander Viro Cc: Andreas Dilger , Jonathan Corbet , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Gabriel Krisman Bertazi , kernel-team@android.com, Daniel Rosenberg Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org If a directory isn't casefolded, it doesn't need the hash key. Skip deriving it unless we enable it later. Signed-off-by: Daniel Rosenberg --- fs/crypto/keysetup.c | 2 +- fs/crypto/policy.c | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/fs/crypto/keysetup.c b/fs/crypto/keysetup.c index 7445ab76e0b32..c0db9e8d31f15 100644 --- a/fs/crypto/keysetup.c +++ b/fs/crypto/keysetup.c @@ -217,7 +217,7 @@ static int fscrypt_setup_v2_file_key(struct fscrypt_info *ci, if (err) return err; - if (S_ISDIR(ci->ci_inode->i_mode)) { + if (S_ISDIR(ci->ci_inode->i_mode) && IS_CASEFOLDED(ci->ci_inode)) { err = fscrypt_hkdf_expand(&mk->mk_secret.hkdf, HKDF_CONTEXT_FNAME_HASH_KEY, ci->ci_nonce, diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c index 2cd9a940d8f46..632ca355e1184 100644 --- a/fs/crypto/policy.c +++ b/fs/crypto/policy.c @@ -10,6 +10,7 @@ * Modified by Eric Biggers, 2019 for v2 policy support. */ +#include #include #include #include @@ -591,6 +592,8 @@ int fscrypt_ioc_setflags_prepare(struct inode *inode, unsigned int flags) { union fscrypt_policy policy; + struct fscrypt_info *ci; + struct fscrypt_master_key *mk; int err; /* @@ -603,6 +606,28 @@ int fscrypt_ioc_setflags_prepare(struct inode *inode, return err; if (policy.version != FSCRYPT_POLICY_V2) return -EINVAL; + err = fscrypt_require_key(inode); + if (err) + return err; + ci = inode->i_crypt_info; + if (ci->ci_hash_key_initialized) + return 0; + mk = ci->ci_master_key->payload.data[0]; + down_read(&mk->mk_secret_sem); + if (!is_master_key_secret_present(&mk->mk_secret)) { + err = -ENOKEY; + } else { + err = fscrypt_hkdf_expand(&mk->mk_secret.hkdf, + HKDF_CONTEXT_FNAME_HASH_KEY, + ci->ci_nonce, + FS_KEY_DERIVATION_NONCE_SIZE, + (u8 *)&ci->ci_hash_key, + sizeof(ci->ci_hash_key)); + } + up_read(&mk->mk_secret_sem); + if (err) + return err; + ci->ci_hash_key_initialized = true; } return 0; From patchwork Fri Jan 17 21:42:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Rosenberg X-Patchwork-Id: 11339881 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6FB6517EA for ; Fri, 17 Jan 2020 21:43:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 4EAB62072B for ; Fri, 17 Jan 2020 21:43:35 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="re88JEJx" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729836AbgAQVnK (ORCPT ); Fri, 17 Jan 2020 16:43:10 -0500 Received: from mail-pj1-f74.google.com ([209.85.216.74]:40533 "EHLO mail-pj1-f74.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729822AbgAQVnI (ORCPT ); Fri, 17 Jan 2020 16:43:08 -0500 Received: by mail-pj1-f74.google.com with SMTP id g12so5293170pje.5 for ; Fri, 17 Jan 2020 13:43:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=kB+NQKJiUAIRFl4aTji9u2bg8hO9+Q8WB3NnVD/VOa0=; b=re88JEJxDhwb7zLLnErnvZM02G0Gj4vQuRSRgAHJ0gPpq11nzY7dKVshwiMI8iTL7T 3hafAtjrYmHUaz5W2zGiRx84jD5Ff8W/hqL22aIB2sf5WjtIavPyHTZYDuGbhFal1VWr W2GR9e4ggOxjGg6Rdd6Ljz2n00RFUUNLwkGxlDSy5A9n8Itru3wF8riUuhmcbmhEwjSJ Ov7T0tQyORgBVk/nOhN75kRaxfBqppX/4cDjvHcSsHBnp2AyrFW5xMrWMzGKwHsRtu2X v9RZ5r6aQF9u7NS41DNZsV/IW1wwkGCvWcAtObe3V0kRAVe9Dk3HqdhGNGXjmYqPtfR9 BthA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=kB+NQKJiUAIRFl4aTji9u2bg8hO9+Q8WB3NnVD/VOa0=; b=LcHs1q3Y5bK7PK+Hv+3HBfTE84kMYWpNHcvYtEZDMNo3ScAXq6Pi0iU0jcHHcVTu94 OelF4aJPAii1vm3rnK0amjarHGDYEy+XYQypOpRNFfboiAR18zOwvqdtGBQ97pJOGkEn kRkTg3TIfoRJ4FAxcAbr2eqW2Ud5VVVzhuTPJWN2SBw6cQqI+B6OEw/ll1EaNn+kT605 KwrI5nFu1bI5FPBYbBiwHVCO6lZuZChGWic/kofTpXd1ZN6RfOr9aIGV7ttVlaXnuMB/ fKFclH5+BH1xbKy+16Bq3AT43ioMy4wrBQ/UZEanG0nJ6DR7cFmnZ1hMqtkndOKM9UHH 6CxA== X-Gm-Message-State: APjAAAWVlurdts5SaNsdBI2Xxgc1KHDfCkmCMkf5vlfa2gX5hQED08w/ KchVTF9sxSBMfzKHNURyhEySKp1mg+o= X-Google-Smtp-Source: APXvYqw6Ct56QGUI/qT+gtMlJeOAmF7SuNqwoG6m8v2zpcXR33XO9wzdYHdjMiRNIInMZ2yefbbvYg8zvuM= X-Received: by 2002:a65:46c6:: with SMTP id n6mr47933917pgr.15.1579297387762; Fri, 17 Jan 2020 13:43:07 -0800 (PST) Date: Fri, 17 Jan 2020 13:42:42 -0800 In-Reply-To: <20200117214246.235591-1-drosen@google.com> Message-Id: <20200117214246.235591-6-drosen@google.com> Mime-Version: 1.0 References: <20200117214246.235591-1-drosen@google.com> X-Mailer: git-send-email 2.25.0.341.g760bfbb309-goog Subject: [PATCH v3 5/9] vfs: Fold casefolding into vfs From: Daniel Rosenberg To: "Theodore Ts'o" , linux-ext4@vger.kernel.org, Jaegeuk Kim , Chao Yu , linux-f2fs-devel@lists.sourceforge.net, Eric Biggers , linux-fscrypt@vger.kernel.org, Alexander Viro Cc: Andreas Dilger , Jonathan Corbet , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Gabriel Krisman Bertazi , kernel-team@android.com, Daniel Rosenberg Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org Ext4 and F2fs are both using casefolding, and they, along with any other filesystem that adds the feature, will be using identical dentry_ops. Additionally, those dentry ops interfere with the dentry_ops required for fscrypt once we add support for casefolding and encryption. Moving this into the vfs removes code duplication as well as the complication with encryption. Currently this is pretty close to just moving the existing f2fs/ext4 code up a level into the vfs, although there is a lot of room for improvement now. Signed-off-by: Daniel Rosenberg --- fs/dcache.c | 28 ++++++++++++++++++++++++++++ fs/namei.c | 41 ++++++++++++++++++++++++++++++++++++++--- include/linux/fs.h | 10 ++++++++++ include/linux/unicode.h | 14 ++++++++++++++ 4 files changed, 90 insertions(+), 3 deletions(-) diff --git a/fs/dcache.c b/fs/dcache.c index b280e07e162b1..a8bbb7f4fad30 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -32,6 +32,7 @@ #include #include #include +#include #include "internal.h" #include "mount.h" @@ -247,7 +248,19 @@ static inline int dentry_cmp(const struct dentry *dentry, const unsigned char *c * be no NUL in the ct/tcount data) */ const unsigned char *cs = READ_ONCE(dentry->d_name.name); +#ifdef CONFIG_UNICODE + struct inode *parent = dentry->d_parent->d_inode; + if (unlikely(needs_casefold(parent))) { + const struct qstr n1 = QSTR_INIT(cs, tcount); + const struct qstr n2 = QSTR_INIT(ct, tcount); + int result = utf8_strncasecmp(dentry->d_sb->s_encoding, + &n1, &n2); + + if (result >= 0 || sb_has_enc_strict_mode(dentry->d_sb)) + return result; + } +#endif return dentry_string_cmp(cs, ct, tcount); } @@ -2406,7 +2419,22 @@ struct dentry *d_hash_and_lookup(struct dentry *dir, struct qstr *name) * calculate the standard hash first, as the d_op->d_hash() * routine may choose to leave the hash value unchanged. */ +#ifdef CONFIG_UNICODE + unsigned char *hname = NULL; + int hlen = name->len; + + if (IS_CASEFOLDED(dir->d_inode)) { + hname = kmalloc(PATH_MAX, GFP_ATOMIC); + if (!hname) + return ERR_PTR(-ENOMEM); + hlen = utf8_casefold(dir->d_sb->s_encoding, + name, hname, PATH_MAX); + } + name->hash = full_name_hash(dir, hname ?: name->name, hlen); + kfree(hname); +#else name->hash = full_name_hash(dir, name->name, name->len); +#endif if (dir->d_flags & DCACHE_OP_HASH) { int err = dir->d_op->d_hash(dir, name); if (unlikely(err < 0)) diff --git a/fs/namei.c b/fs/namei.c index d6c91d1e88cb3..f8e65c9f31444 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -39,6 +39,7 @@ #include #include #include +#include #include "internal.h" #include "mount.h" @@ -2055,6 +2056,10 @@ static inline u64 hash_name(const void *salt, const char *name) static int link_path_walk(const char *name, struct nameidata *nd) { int err; +#ifdef CONFIG_UNICODE + char *hname = NULL; + int hlen = 0; +#endif if (IS_ERR(name)) return PTR_ERR(name); @@ -2071,9 +2076,22 @@ static int link_path_walk(const char *name, struct nameidata *nd) err = may_lookup(nd); if (err) return err; - +#ifdef CONFIG_UNICODE + if (needs_casefold(nd->path.dentry->d_inode)) { + struct qstr str = QSTR_INIT(name, PATH_MAX); + + hname = kmalloc(PATH_MAX, GFP_ATOMIC); + if (!hname) + return -ENOMEM; + hlen = utf8_casefold(nd->path.dentry->d_sb->s_encoding, + &str, hname, PATH_MAX); + } + hash_len = hash_name(nd->path.dentry, hname ?: name); + kfree(hname); + hname = NULL; +#else hash_len = hash_name(nd->path.dentry, name); - +#endif type = LAST_NORM; if (name[0] == '.') switch (hashlen_len(hash_len)) { case 2: @@ -2445,9 +2463,26 @@ EXPORT_SYMBOL(vfs_path_lookup); static int lookup_one_len_common(const char *name, struct dentry *base, int len, struct qstr *this) { +#ifdef CONFIG_UNICODE + char *hname = NULL; + int hlen = len; + + if (needs_casefold(base->d_inode)) { + struct qstr str = QSTR_INIT(name, len); + + hname = kmalloc(PATH_MAX, GFP_ATOMIC); + if (!hname) + return -ENOMEM; + hlen = utf8_casefold(base->d_sb->s_encoding, + &str, hname, PATH_MAX); + } + this->hash = full_name_hash(base, hname ?: name, hlen); + kfree(hname); +#else + this->hash = full_name_hash(base, name, len); +#endif this->name = name; this->len = len; - this->hash = full_name_hash(base, name, len); if (!len) return -EACCES; diff --git a/include/linux/fs.h b/include/linux/fs.h index 98e0349adb526..9a7092449e94f 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1382,6 +1382,12 @@ extern int send_sigurg(struct fown_struct *fown); #define SB_ACTIVE (1<<30) #define SB_NOUSER (1<<31) +/* These flags relate to encoding and casefolding */ +#define SB_ENC_STRICT_MODE_FL (1 << 0) + +#define sb_has_enc_strict_mode(sb) \ + (sb->s_encoding_flags & SB_ENC_STRICT_MODE_FL) + /* * Umount options */ @@ -1449,6 +1455,10 @@ struct super_block { #endif #ifdef CONFIG_FS_VERITY const struct fsverity_operations *s_vop; +#endif +#ifdef CONFIG_UNICODE + struct unicode_map *s_encoding; + __u16 s_encoding_flags; #endif struct hlist_bl_head s_roots; /* alternate root dentries for NFS */ struct list_head s_mounts; /* list of mounts; _not_ for fs use */ diff --git a/include/linux/unicode.h b/include/linux/unicode.h index 990aa97d80496..182352f3cc30f 100644 --- a/include/linux/unicode.h +++ b/include/linux/unicode.h @@ -4,6 +4,8 @@ #include #include +#include +#include struct unicode_map { const char *charset; @@ -30,4 +32,16 @@ int utf8_casefold(const struct unicode_map *um, const struct qstr *str, struct unicode_map *utf8_load(const char *version); void utf8_unload(struct unicode_map *um); +#ifdef CONFIG_UNICODE +static inline bool needs_casefold(const struct inode *dir) +{ + return IS_CASEFOLDED(dir) && dir->i_sb->s_encoding && + (!IS_ENCRYPTED(dir) || fscrypt_has_encryption_key(dir)); +} +#else +static inline bool needs_casefold(const struct inode *dir) +{ + return 0; +} +#endif #endif /* _LINUX_UNICODE_H */ From patchwork Fri Jan 17 21:42:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Rosenberg X-Patchwork-Id: 11339879 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 37B8F13A0 for ; Fri, 17 Jan 2020 21:43:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 02D0F2082F for ; Fri, 17 Jan 2020 21:43:35 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="tmg1n5AJ" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729913AbgAQVn3 (ORCPT ); Fri, 17 Jan 2020 16:43:29 -0500 Received: from mail-pf1-f201.google.com ([209.85.210.201]:45005 "EHLO mail-pf1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729881AbgAQVnL (ORCPT ); Fri, 17 Jan 2020 16:43:11 -0500 Received: by mail-pf1-f201.google.com with SMTP id r127so15840356pfc.11 for ; Fri, 17 Jan 2020 13:43:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=grnU10Z6a+g9YzjWJl/zmZrX09JERk0gXsLPMGzwZEg=; b=tmg1n5AJ++3iPA89YL7e+NofQABXOr+Yn8pMbxxuzXPKOkOxolgvfDFdp53hbicanM rdgBUbYO1Go5bTIUXYgszM+auowwkI3NsommsInELAcl34Hzx3IzGPmiTidmd3zFO8r5 J+tBUPk7P28DJCeOfAH/dJPHqnuI8R0LzkK24ibf9EjtqWzqHbcRKJUFHZRuCDpFgPor kJcuMr0n0mGl5qAzSGpv0p2dhwsOWOfMwoccig6U6AiEEJQB/YrClrZHFeZT7FraQ750 suTiYEUIfQvWSSx+2FdbxHO2ofm751F+NWUe2bZ4tfcf2NdKXtru5XdyCW4z2+Vxek9O M6JQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=grnU10Z6a+g9YzjWJl/zmZrX09JERk0gXsLPMGzwZEg=; b=ggg3FPvnQyoikcHpTTxdJLB16Pjt77kBicjVFRdQBOKMPqZAY540Jg2ji6M6hJVrah thtbDzGU/gcZaRRZ10H2SnMUZY9YOudrqOWSy4bMVLgvsPQ/mQIoVpWuUSxT90+J4Clv vWslpbRkiIY4k7vFvrUfpmt3dBvZXRj2YS+togryL5yruurbnrwQIJzqfATbIf2WeShU ThI9IIexCSiQEh2RSjd2LQJg6KHAIWjEtryMu0qNB+vvhEGLEvxf0X18TBfN0beKbm2X jwmvDl3QbWpI6JhxQtHObND7BpRxUOwcsPz+o5709hyk9cIq+IWygT0IzQqIF7leXOcf Sqeg== X-Gm-Message-State: APjAAAUdj1FE7fT4lkxlnANJkm4tuuTw5IooyxhS0XTtv9pHRdcfrBsy fV8zVlCzpWSaKi6ymmnOUU1igim7eFk= X-Google-Smtp-Source: APXvYqy2ID3+qrZqys0Ss22zp2fVNo5JiZUqUwF+GG83stvZDzo1kJKS6bG90dljaMvh7tchAfWcZUPGyak= X-Received: by 2002:a63:f64a:: with SMTP id u10mr46175949pgj.16.1579297390423; Fri, 17 Jan 2020 13:43:10 -0800 (PST) Date: Fri, 17 Jan 2020 13:42:43 -0800 In-Reply-To: <20200117214246.235591-1-drosen@google.com> Message-Id: <20200117214246.235591-7-drosen@google.com> Mime-Version: 1.0 References: <20200117214246.235591-1-drosen@google.com> X-Mailer: git-send-email 2.25.0.341.g760bfbb309-goog Subject: [PATCH v3 6/9] f2fs: Handle casefolding with Encryption From: Daniel Rosenberg To: "Theodore Ts'o" , linux-ext4@vger.kernel.org, Jaegeuk Kim , Chao Yu , linux-f2fs-devel@lists.sourceforge.net, Eric Biggers , linux-fscrypt@vger.kernel.org, Alexander Viro Cc: Andreas Dilger , Jonathan Corbet , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Gabriel Krisman Bertazi , kernel-team@android.com, Daniel Rosenberg Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org This expands f2fs's casefolding support to include encrypted directories. For encrypted directories, we use the siphash of the casefolded name. This ensures there is no direct way to go from an unencrypted name to the stored hash on disk without knowledge of the encryption policy keys. Additionally, we switch to using the vfs layer's casefolding support instead of storing this information inside of f2fs's private data. Signed-off-by: Daniel Rosenberg --- fs/f2fs/dir.c | 112 ++++++++++++++++++----------------------------- fs/f2fs/f2fs.h | 12 ++--- fs/f2fs/hash.c | 25 +++++++---- fs/f2fs/inline.c | 9 ++-- fs/f2fs/super.c | 17 +++---- fs/f2fs/sysfs.c | 8 ++-- 6 files changed, 78 insertions(+), 105 deletions(-) diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c index d9ad842945df5..e0822c319887c 100644 --- a/fs/f2fs/dir.c +++ b/fs/f2fs/dir.c @@ -112,30 +112,49 @@ static struct f2fs_dir_entry *find_in_block(struct inode *dir, * doesn't match or less than zero on error. */ int f2fs_ci_compare(const struct inode *parent, const struct qstr *name, - const struct qstr *entry, bool quick) + unsigned char *name2, size_t len, bool quick) { const struct f2fs_sb_info *sbi = F2FS_SB(parent->i_sb); - const struct unicode_map *um = sbi->s_encoding; + const struct unicode_map *um = sbi->sb->s_encoding; + const struct fscrypt_str crypt_entry = FSTR_INIT(name2, len); + struct fscrypt_str decrypted_entry; + struct qstr decrypted; + struct qstr entry = QSTR_INIT(name2, len); int ret; + decrypted_entry.name = NULL; + + if (IS_ENCRYPTED(parent) && fscrypt_has_encryption_key(parent)) { + decrypted_entry.name = kmalloc(len, GFP_ATOMIC); + decrypted.name = decrypted_entry.name; + decrypted_entry.len = len; + decrypted.len = len; + if (!decrypted.name) + return -ENOMEM; + fscrypt_fname_disk_to_usr(parent, 0, 0, &crypt_entry, + &decrypted_entry); + } + if (quick) - ret = utf8_strncasecmp_folded(um, name, entry); + ret = utf8_strncasecmp_folded(um, name, decrypted_entry.name ? + &decrypted : &entry); else - ret = utf8_strncasecmp(um, name, entry); - + ret = utf8_strncasecmp(um, name, decrypted_entry.name ? + &decrypted : &entry); if (ret < 0) { /* Handle invalid character sequence as either an error * or as an opaque byte sequence. */ - if (f2fs_has_strict_mode(sbi)) + if (sb_has_enc_strict_mode(sbi->sb)) return -EINVAL; - if (name->len != entry->len) + if (name->len != len) return 1; - return !!memcmp(name->name, entry->name, name->len); + ret = !!memcmp(name->name, + decrypted_entry.name ?: name2, name->len); } - + kfree(decrypted_entry.name); return ret; } @@ -154,7 +173,7 @@ static void f2fs_fname_setup_ci_filename(struct inode *dir, if (!cf_name->name) return; - cf_name->len = utf8_casefold(sbi->s_encoding, + cf_name->len = utf8_casefold(dir->i_sb->s_encoding, iname, cf_name->name, F2FS_NAME_LEN); if ((int)cf_name->len <= 0) { @@ -173,24 +192,24 @@ static inline bool f2fs_match_name(struct f2fs_dentry_ptr *d, { #ifdef CONFIG_UNICODE struct inode *parent = d->inode; - struct f2fs_sb_info *sbi = F2FS_I_SB(parent); - struct qstr entry; + unsigned char *name; + int len; #endif if (de->hash_code != namehash) return false; #ifdef CONFIG_UNICODE - entry.name = d->filename[bit_pos]; - entry.len = de->name_len; + name = d->filename[bit_pos]; + len = de->name_len; - if (sbi->s_encoding && IS_CASEFOLDED(parent)) { + if (needs_casefold(parent)) { if (cf_str->name) { struct qstr cf = {.name = cf_str->name, .len = cf_str->len}; - return !f2fs_ci_compare(parent, &cf, &entry, true); + return !f2fs_ci_compare(parent, &cf, name, len, true); } - return !f2fs_ci_compare(parent, fname->usr_fname, &entry, + return !f2fs_ci_compare(parent, fname->usr_fname, name, len, false); } #endif @@ -357,8 +376,8 @@ struct f2fs_dir_entry *f2fs_find_entry(struct inode *dir, int err; #ifdef CONFIG_UNICODE - if (f2fs_has_strict_mode(F2FS_I_SB(dir)) && IS_CASEFOLDED(dir) && - utf8_validate(F2FS_I_SB(dir)->s_encoding, child)) { + if (sb_has_enc_strict_mode(dir->i_sb) && IS_CASEFOLDED(dir) && + utf8_validate(dir->i_sb->s_encoding, child)) { *res_page = ERR_PTR(-EINVAL); return NULL; } @@ -602,13 +621,13 @@ void f2fs_update_dentry(nid_t ino, umode_t mode, struct f2fs_dentry_ptr *d, int f2fs_add_regular_entry(struct inode *dir, const struct qstr *new_name, const struct qstr *orig_name, + f2fs_hash_t dentry_hash, struct inode *inode, nid_t ino, umode_t mode) { unsigned int bit_pos; unsigned int level; unsigned int current_depth; unsigned long bidx, block; - f2fs_hash_t dentry_hash; unsigned int nbucket, nblock; struct page *dentry_page = NULL; struct f2fs_dentry_block *dentry_blk = NULL; @@ -618,7 +637,6 @@ int f2fs_add_regular_entry(struct inode *dir, const struct qstr *new_name, level = 0; slots = GET_DENTRY_SLOTS(new_name->len); - dentry_hash = f2fs_dentry_hash(dir, new_name, NULL); current_depth = F2FS_I(dir)->i_current_depth; if (F2FS_I(dir)->chash == dentry_hash) { @@ -704,17 +722,19 @@ int f2fs_add_dentry(struct inode *dir, struct fscrypt_name *fname, struct inode *inode, nid_t ino, umode_t mode) { struct qstr new_name; + f2fs_hash_t dentry_hash; int err = -EAGAIN; new_name.name = fname_name(fname); new_name.len = fname_len(fname); if (f2fs_has_inline_dentry(dir)) - err = f2fs_add_inline_entry(dir, &new_name, fname->usr_fname, + err = f2fs_add_inline_entry(dir, &new_name, fname, inode, ino, mode); + dentry_hash = f2fs_dentry_hash(dir, &new_name, fname); if (err == -EAGAIN) err = f2fs_add_regular_entry(dir, &new_name, fname->usr_fname, - inode, ino, mode); + dentry_hash, inode, ino, mode); f2fs_update_time(F2FS_I_SB(dir), REQ_TIME); return err; @@ -1064,49 +1084,3 @@ const struct file_operations f2fs_dir_operations = { #endif }; -#ifdef CONFIG_UNICODE -static int f2fs_d_compare(const struct dentry *dentry, unsigned int len, - const char *str, const struct qstr *name) -{ - struct qstr qstr = {.name = str, .len = len }; - - if (!IS_CASEFOLDED(dentry->d_parent->d_inode)) { - if (len != name->len) - return -1; - return memcmp(str, name, len); - } - - return f2fs_ci_compare(dentry->d_parent->d_inode, name, &qstr, false); -} - -static int f2fs_d_hash(const struct dentry *dentry, struct qstr *str) -{ - struct f2fs_sb_info *sbi = F2FS_SB(dentry->d_sb); - const struct unicode_map *um = sbi->s_encoding; - unsigned char *norm; - int len, ret = 0; - - if (!IS_CASEFOLDED(dentry->d_inode)) - return 0; - - norm = f2fs_kmalloc(sbi, PATH_MAX, GFP_ATOMIC); - if (!norm) - return -ENOMEM; - - len = utf8_casefold(um, str, norm, PATH_MAX); - if (len < 0) { - if (f2fs_has_strict_mode(sbi)) - ret = -EINVAL; - goto out; - } - str->hash = full_name_hash(dentry, norm, len); -out: - kvfree(norm); - return ret; -} - -const struct dentry_operations f2fs_dentry_ops = { - .d_hash = f2fs_d_hash, - .d_compare = f2fs_d_compare, -}; -#endif diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index 5a888a063c7f1..9387d0b894264 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -1184,10 +1184,6 @@ struct f2fs_sb_info { int valid_super_block; /* valid super block no */ unsigned long s_flag; /* flags for sbi */ struct mutex writepages; /* mutex for writepages() */ -#ifdef CONFIG_UNICODE - struct unicode_map *s_encoding; - __u16 s_encoding_flags; -#endif #ifdef CONFIG_BLK_DEV_ZONED unsigned int blocks_per_blkz; /* F2FS blocks per zone */ @@ -2971,7 +2967,7 @@ struct dentry *f2fs_get_parent(struct dentry *child); extern int f2fs_ci_compare(const struct inode *parent, const struct qstr *name, - const struct qstr *entry, + unsigned char *name2, size_t len, bool quick); /* @@ -3005,7 +3001,7 @@ void f2fs_update_dentry(nid_t ino, umode_t mode, struct f2fs_dentry_ptr *d, const struct qstr *name, f2fs_hash_t name_hash, unsigned int bit_pos); int f2fs_add_regular_entry(struct inode *dir, const struct qstr *new_name, - const struct qstr *orig_name, + const struct qstr *orig_name, f2fs_hash_t dentry_hash, struct inode *inode, nid_t ino, umode_t mode); int f2fs_add_dentry(struct inode *dir, struct fscrypt_name *fname, struct inode *inode, nid_t ino, umode_t mode); @@ -3038,7 +3034,7 @@ int f2fs_sanity_check_ckpt(struct f2fs_sb_info *sbi); * hash.c */ f2fs_hash_t f2fs_dentry_hash(const struct inode *dir, - const struct qstr *name_info, struct fscrypt_name *fname); + const struct qstr *name_info, const struct fscrypt_name *fname); /* * node.c @@ -3517,7 +3513,7 @@ struct f2fs_dir_entry *f2fs_find_in_inline_dir(struct inode *dir, int f2fs_make_empty_inline_dir(struct inode *inode, struct inode *parent, struct page *ipage); int f2fs_add_inline_entry(struct inode *dir, const struct qstr *new_name, - const struct qstr *orig_name, + const struct fscrypt_name *fname, struct inode *inode, nid_t ino, umode_t mode); void f2fs_delete_inline_entry(struct f2fs_dir_entry *dentry, struct page *page, struct inode *dir, diff --git a/fs/f2fs/hash.c b/fs/f2fs/hash.c index 5bc4dcd8fc03f..954d03dee4506 100644 --- a/fs/f2fs/hash.c +++ b/fs/f2fs/hash.c @@ -68,8 +68,9 @@ static void str2hashbuf(const unsigned char *msg, size_t len, *buf++ = pad; } -static f2fs_hash_t __f2fs_dentry_hash(const struct qstr *name_info, - struct fscrypt_name *fname) +static f2fs_hash_t __f2fs_dentry_hash(const struct inode *dir, + const struct qstr *name_info, + const struct fscrypt_name *fname) { __u32 hash; f2fs_hash_t f2fs_hash; @@ -85,6 +86,11 @@ static f2fs_hash_t __f2fs_dentry_hash(const struct qstr *name_info, if (is_dot_dotdot(name_info)) return 0; + if (IS_CASEFOLDED(dir) && IS_ENCRYPTED(dir)) { + f2fs_hash = fscrypt_fname_siphash(dir, name_info); + return f2fs_hash; + } + /* Initialize the default seed for the hash checksum functions */ buf[0] = 0x67452301; buf[1] = 0xefcdab89; @@ -106,35 +112,38 @@ static f2fs_hash_t __f2fs_dentry_hash(const struct qstr *name_info, } f2fs_hash_t f2fs_dentry_hash(const struct inode *dir, - const struct qstr *name_info, struct fscrypt_name *fname) + const struct qstr *name_info, const struct fscrypt_name *fname) { #ifdef CONFIG_UNICODE struct f2fs_sb_info *sbi = F2FS_SB(dir->i_sb); - const struct unicode_map *um = sbi->s_encoding; + const struct unicode_map *um = sbi->sb->s_encoding; int r, dlen; unsigned char *buff; struct qstr folded; + const struct qstr *name = fname ? fname->usr_fname : name_info; if (!name_info->len || !IS_CASEFOLDED(dir)) goto opaque_seq; + if (IS_ENCRYPTED(dir) && !fscrypt_has_encryption_key(dir)) + goto opaque_seq; + buff = f2fs_kzalloc(sbi, sizeof(char) * PATH_MAX, GFP_KERNEL); if (!buff) return -ENOMEM; - - dlen = utf8_casefold(um, name_info, buff, PATH_MAX); + dlen = utf8_casefold(um, name, buff, PATH_MAX); if (dlen < 0) { kvfree(buff); goto opaque_seq; } folded.name = buff; folded.len = dlen; - r = __f2fs_dentry_hash(&folded, fname); + r = __f2fs_dentry_hash(dir, &folded, fname); kvfree(buff); return r; opaque_seq: #endif - return __f2fs_dentry_hash(name_info, fname); + return __f2fs_dentry_hash(dir, name_info, fname); } diff --git a/fs/f2fs/inline.c b/fs/f2fs/inline.c index 896db0416f0e6..3c37720941539 100644 --- a/fs/f2fs/inline.c +++ b/fs/f2fs/inline.c @@ -465,8 +465,8 @@ static int f2fs_add_inline_entries(struct inode *dir, void *inline_dentry) ino = le32_to_cpu(de->ino); fake_mode = f2fs_get_de_type(de) << S_SHIFT; - err = f2fs_add_regular_entry(dir, &new_name, NULL, NULL, - ino, fake_mode); + err = f2fs_add_regular_entry(dir, &new_name, NULL, + de->hash_code, NULL, ino, fake_mode); if (err) goto punch_dentry_pages; @@ -540,7 +540,7 @@ static int f2fs_convert_inline_dir(struct inode *dir, struct page *ipage, } int f2fs_add_inline_entry(struct inode *dir, const struct qstr *new_name, - const struct qstr *orig_name, + const struct fscrypt_name *fname, struct inode *inode, nid_t ino, umode_t mode) { struct f2fs_sb_info *sbi = F2FS_I_SB(dir); @@ -551,6 +551,7 @@ int f2fs_add_inline_entry(struct inode *dir, const struct qstr *new_name, struct f2fs_dentry_ptr d; int slots = GET_DENTRY_SLOTS(new_name->len); struct page *page = NULL; + const struct qstr *orig_name = fname->usr_fname; int err = 0; ipage = f2fs_get_node_page(sbi, dir->i_ino); @@ -581,7 +582,7 @@ int f2fs_add_inline_entry(struct inode *dir, const struct qstr *new_name, f2fs_wait_on_page_writeback(ipage, NODE, true, true); - name_hash = f2fs_dentry_hash(dir, new_name, NULL); + name_hash = f2fs_dentry_hash(dir, new_name, fname); f2fs_update_dentry(ino, mode, &d, new_name, name_hash, bit_pos); set_page_dirty(ipage); diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index 5111e1ffe58ab..5e4e76332c4ca 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -1144,7 +1144,7 @@ static void f2fs_put_super(struct super_block *sb) for (i = 0; i < NR_PAGE_TYPE; i++) kvfree(sbi->write_io[i]); #ifdef CONFIG_UNICODE - utf8_unload(sbi->s_encoding); + utf8_unload(sbi->sb->s_encoding); #endif kvfree(sbi); } @@ -3136,17 +3136,11 @@ static int f2fs_scan_devices(struct f2fs_sb_info *sbi) static int f2fs_setup_casefold(struct f2fs_sb_info *sbi) { #ifdef CONFIG_UNICODE - if (f2fs_sb_has_casefold(sbi) && !sbi->s_encoding) { + if (f2fs_sb_has_casefold(sbi) && !sbi->sb->s_encoding) { const struct f2fs_sb_encodings *encoding_info; struct unicode_map *encoding; __u16 encoding_flags; - if (f2fs_sb_has_encrypt(sbi)) { - f2fs_err(sbi, - "Can't mount with encoding and encryption"); - return -EINVAL; - } - if (f2fs_sb_read_encoding(sbi->raw_super, &encoding_info, &encoding_flags)) { f2fs_err(sbi, @@ -3167,9 +3161,8 @@ static int f2fs_setup_casefold(struct f2fs_sb_info *sbi) "%s-%s with flags 0x%hx", encoding_info->name, encoding_info->version?:"\b", encoding_flags); - sbi->s_encoding = encoding; - sbi->s_encoding_flags = encoding_flags; - sbi->sb->s_d_op = &f2fs_dentry_ops; + sbi->sb->s_encoding = encoding; + sbi->sb->s_encoding_flags = encoding_flags; } #else if (f2fs_sb_has_casefold(sbi)) { @@ -3637,7 +3630,7 @@ static int f2fs_fill_super(struct super_block *sb, void *data, int silent) kvfree(sbi->write_io[i]); #ifdef CONFIG_UNICODE - utf8_unload(sbi->s_encoding); + utf8_unload(sbi->sb->s_encoding); #endif free_options: #ifdef CONFIG_QUOTA diff --git a/fs/f2fs/sysfs.c b/fs/f2fs/sysfs.c index 70945ceb9c0ca..7fd37c8c9733a 100644 --- a/fs/f2fs/sysfs.c +++ b/fs/f2fs/sysfs.c @@ -88,10 +88,10 @@ static ssize_t encoding_show(struct f2fs_attr *a, #ifdef CONFIG_UNICODE if (f2fs_sb_has_casefold(sbi)) return snprintf(buf, PAGE_SIZE, "%s (%d.%d.%d)\n", - sbi->s_encoding->charset, - (sbi->s_encoding->version >> 16) & 0xff, - (sbi->s_encoding->version >> 8) & 0xff, - sbi->s_encoding->version & 0xff); + sbi->sb->s_encoding->charset, + (sbi->sb->s_encoding->version >> 16) & 0xff, + (sbi->sb->s_encoding->version >> 8) & 0xff, + sbi->sb->s_encoding->version & 0xff); #endif return snprintf(buf, PAGE_SIZE, "(none)"); } From patchwork Fri Jan 17 21:42:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Rosenberg X-Patchwork-Id: 11339873 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 83E8013A0 for ; Fri, 17 Jan 2020 21:43:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 58390214AF for ; Fri, 17 Jan 2020 21:43:28 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="a1g1iEYX" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729928AbgAQVnP (ORCPT ); Fri, 17 Jan 2020 16:43:15 -0500 Received: from mail-pg1-f201.google.com ([209.85.215.201]:37113 "EHLO mail-pg1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729908AbgAQVnN (ORCPT ); Fri, 17 Jan 2020 16:43:13 -0500 Received: by mail-pg1-f201.google.com with SMTP id 14so15161542pgg.4 for ; Fri, 17 Jan 2020 13:43:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=LFpKp6VUuFo6ppMUzAkcXjx34TBvN7NAK5WKB8aYuXQ=; b=a1g1iEYXJcbKToa1F5RzrCvDKCrpUy+o+QXdgYh6konUltzlkD+N7ueks7+m8vjfcx PUw2scPZaaIbda6rDzjYHAZueYmtBsf4g6Du0LZIMinaURO4sNRplrTmVpTC+8/5op8F x3FM0jxRhb8yV4bnczX3hU3Y03oucpDTFR4usNpIrWV7LAjLnQXnasxHeWu7fqHDpbGk zH2Ic7nBFe1KMj7Aup6N3XctmItcRyzjpZq5IhOtonXnRGGEyORmfaDnxN4DfhiYC3H4 3hsdYadTplppKmivx2jiI4sSva1CHImF7zPDD2vrQ80+K+WVT9NhAMQjYZkroGcQpdHB EuNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=LFpKp6VUuFo6ppMUzAkcXjx34TBvN7NAK5WKB8aYuXQ=; b=tHdGZ5usZoQd+pE2Omzu0Nc5KGNiq1C6AgoAFQaFq6pZdO13/08Jp+klQH8tH5S5cn /UG1+DTFMkurMADHLD9UUE8l521fEBN/CyNrq9lhv/lzhrVS+vu9Q01O20mM8bpti5fW ZMzWO0UzYa4YS/Uf1YFe0dbHdzWifBdBk76QKDGom6HlIU/l9s8vzXYa+IrlKeYPJZk3 iewPlk0wN6bjLzQ9/D7idx35/Xmzvav+MHGhnZLr4cnFbQqongcAzaKJAJXOBrrq4yCg DKDvkInHLthQOG0/3LpwRzRUzS7g7VNbZPifEZ1l4l4iZrf6Ar7X7nPwFHWBhPiGV83q Am8Q== X-Gm-Message-State: APjAAAUW9yMGl+iUA42lNkfV1gRiaXPtUfeRsrg7ker4SnSZeNqif2OM K86lJoor5edOEtvqjItwddQ/BuogD4o= X-Google-Smtp-Source: APXvYqxNlvdZpVuO6zVMH6+PmfhbGY/it+hzlfv/eX2SXFGnBzPHNaxaje5j1U0PfA+mQzmzcN96tzsChKs= X-Received: by 2002:a65:6706:: with SMTP id u6mr45728791pgf.38.1579297392919; Fri, 17 Jan 2020 13:43:12 -0800 (PST) Date: Fri, 17 Jan 2020 13:42:44 -0800 In-Reply-To: <20200117214246.235591-1-drosen@google.com> Message-Id: <20200117214246.235591-8-drosen@google.com> Mime-Version: 1.0 References: <20200117214246.235591-1-drosen@google.com> X-Mailer: git-send-email 2.25.0.341.g760bfbb309-goog Subject: [PATCH v3 7/9] ext4: Use struct super_blocks' casefold data From: Daniel Rosenberg To: "Theodore Ts'o" , linux-ext4@vger.kernel.org, Jaegeuk Kim , Chao Yu , linux-f2fs-devel@lists.sourceforge.net, Eric Biggers , linux-fscrypt@vger.kernel.org, Alexander Viro Cc: Andreas Dilger , Jonathan Corbet , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Gabriel Krisman Bertazi , kernel-team@android.com, Daniel Rosenberg Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org Switch over to using the struct entries added to the VFS Signed-off-by: Daniel Rosenberg --- fs/ext4/dir.c | 47 ----------------------------------------------- fs/ext4/ext4.h | 4 ---- fs/ext4/hash.c | 2 +- fs/ext4/namei.c | 20 ++++++++------------ fs/ext4/super.c | 15 +++++---------- 5 files changed, 14 insertions(+), 74 deletions(-) diff --git a/fs/ext4/dir.c b/fs/ext4/dir.c index 4e093277c8bfb..e0a9b3f0682dd 100644 --- a/fs/ext4/dir.c +++ b/fs/ext4/dir.c @@ -667,50 +667,3 @@ const struct file_operations ext4_dir_operations = { .release = ext4_release_dir, }; -#ifdef CONFIG_UNICODE -static int ext4_d_compare(const struct dentry *dentry, unsigned int len, - const char *str, const struct qstr *name) -{ - struct qstr qstr = {.name = str, .len = len }; - struct inode *inode = dentry->d_parent->d_inode; - - if (!IS_CASEFOLDED(inode) || !EXT4_SB(inode->i_sb)->s_encoding) { - if (len != name->len) - return -1; - return memcmp(str, name->name, len); - } - - return ext4_ci_compare(inode, name, &qstr, false); -} - -static int ext4_d_hash(const struct dentry *dentry, struct qstr *str) -{ - const struct ext4_sb_info *sbi = EXT4_SB(dentry->d_sb); - const struct unicode_map *um = sbi->s_encoding; - unsigned char *norm; - int len, ret = 0; - - if (!IS_CASEFOLDED(dentry->d_inode) || !um) - return 0; - - norm = kmalloc(PATH_MAX, GFP_ATOMIC); - if (!norm) - return -ENOMEM; - - len = utf8_casefold(um, str, norm, PATH_MAX); - if (len < 0) { - if (ext4_has_strict_mode(sbi)) - ret = -EINVAL; - goto out; - } - str->hash = full_name_hash(dentry, norm, len); -out: - kfree(norm); - return ret; -} - -const struct dentry_operations ext4_dentry_ops = { - .d_hash = ext4_d_hash, - .d_compare = ext4_d_compare, -}; -#endif diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h index f8578caba40d5..3162ef2e53d46 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -1430,10 +1430,6 @@ struct ext4_sb_info { struct kobject s_kobj; struct completion s_kobj_unregister; struct super_block *s_sb; -#ifdef CONFIG_UNICODE - struct unicode_map *s_encoding; - __u16 s_encoding_flags; -#endif /* Journaling */ struct journal_s *s_journal; diff --git a/fs/ext4/hash.c b/fs/ext4/hash.c index 3e133793a5a34..143b0073b3f46 100644 --- a/fs/ext4/hash.c +++ b/fs/ext4/hash.c @@ -275,7 +275,7 @@ int ext4fs_dirhash(const struct inode *dir, const char *name, int len, struct dx_hash_info *hinfo) { #ifdef CONFIG_UNICODE - const struct unicode_map *um = EXT4_SB(dir->i_sb)->s_encoding; + const struct unicode_map *um = dir->i_sb->s_encoding; int r, dlen; unsigned char *buff; struct qstr qstr = {.name = name, .len = len }; diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c index 1cb42d9407847..7f4e625ab2f9b 100644 --- a/fs/ext4/namei.c +++ b/fs/ext4/namei.c @@ -1282,8 +1282,8 @@ static void dx_insert_block(struct dx_frame *frame, u32 hash, ext4_lblk_t block) int ext4_ci_compare(const struct inode *parent, const struct qstr *name, const struct qstr *entry, bool quick) { - const struct ext4_sb_info *sbi = EXT4_SB(parent->i_sb); - const struct unicode_map *um = sbi->s_encoding; + const struct super_block *sb = parent->i_sb; + const struct unicode_map *um = sb->s_encoding; int ret; if (quick) @@ -1295,7 +1295,7 @@ int ext4_ci_compare(const struct inode *parent, const struct qstr *name, /* Handle invalid character sequence as either an error * or as an opaque byte sequence. */ - if (ext4_has_strict_mode(sbi)) + if (sb_has_enc_strict_mode(sb)) return -EINVAL; if (name->len != entry->len) @@ -1312,7 +1312,7 @@ void ext4_fname_setup_ci_filename(struct inode *dir, const struct qstr *iname, { int len; - if (!IS_CASEFOLDED(dir) || !EXT4_SB(dir->i_sb)->s_encoding) { + if (!needs_casefold(dir)) { cf_name->name = NULL; return; } @@ -1321,7 +1321,7 @@ void ext4_fname_setup_ci_filename(struct inode *dir, const struct qstr *iname, if (!cf_name->name) return; - len = utf8_casefold(EXT4_SB(dir->i_sb)->s_encoding, + len = utf8_casefold(dir->i_sb->s_encoding, iname, cf_name->name, EXT4_NAME_LEN); if (len <= 0) { @@ -1358,7 +1358,7 @@ static inline bool ext4_match(const struct inode *parent, #endif #ifdef CONFIG_UNICODE - if (EXT4_SB(parent->i_sb)->s_encoding && IS_CASEFOLDED(parent)) { + if (needs_casefold(parent)) { if (fname->cf_name.name) { struct qstr cf = {.name = fname->cf_name.name, .len = fname->cf_name.len}; @@ -2164,9 +2164,6 @@ static int ext4_add_entry(handle_t *handle, struct dentry *dentry, struct buffer_head *bh = NULL; struct ext4_dir_entry_2 *de; struct super_block *sb; -#ifdef CONFIG_UNICODE - struct ext4_sb_info *sbi; -#endif struct ext4_filename fname; int retval; int dx_fallback=0; @@ -2183,9 +2180,8 @@ static int ext4_add_entry(handle_t *handle, struct dentry *dentry, return -EINVAL; #ifdef CONFIG_UNICODE - sbi = EXT4_SB(sb); - if (ext4_has_strict_mode(sbi) && IS_CASEFOLDED(dir) && - sbi->s_encoding && utf8_validate(sbi->s_encoding, &dentry->d_name)) + if (sb_has_enc_strict_mode(sb) && IS_CASEFOLDED(dir) && + sb->s_encoding && utf8_validate(sb->s_encoding, &dentry->d_name)) return -EINVAL; #endif diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 2937a8873fe13..11584bdc3e237 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -1056,7 +1056,7 @@ static void ext4_put_super(struct super_block *sb) kfree(sbi->s_blockgroup_lock); fs_put_dax(sbi->s_daxdev); #ifdef CONFIG_UNICODE - utf8_unload(sbi->s_encoding); + utf8_unload(sb->s_encoding); #endif kfree(sbi); } @@ -3850,7 +3850,7 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) goto failed_mount; #ifdef CONFIG_UNICODE - if (ext4_has_feature_casefold(sb) && !sbi->s_encoding) { + if (ext4_has_feature_casefold(sb) && !sb->s_encoding) { const struct ext4_sb_encodings *encoding_info; struct unicode_map *encoding; __u16 encoding_flags; @@ -3881,8 +3881,8 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) "%s-%s with flags 0x%hx", encoding_info->name, encoding_info->version?:"\b", encoding_flags); - sbi->s_encoding = encoding; - sbi->s_encoding_flags = encoding_flags; + sb->s_encoding = encoding; + sb->s_encoding_flags = encoding_flags; } #endif @@ -4497,11 +4497,6 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) goto failed_mount4; } -#ifdef CONFIG_UNICODE - if (sbi->s_encoding) - sb->s_d_op = &ext4_dentry_ops; -#endif - sb->s_root = d_make_root(root); if (!sb->s_root) { ext4_msg(sb, KERN_ERR, "get root dentry failed"); @@ -4684,7 +4679,7 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) crypto_free_shash(sbi->s_chksum_driver); #ifdef CONFIG_UNICODE - utf8_unload(sbi->s_encoding); + utf8_unload(sb->s_encoding); #endif #ifdef CONFIG_QUOTA From patchwork Fri Jan 17 21:42:45 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Rosenberg X-Patchwork-Id: 11339871 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2D32813A0 for ; Fri, 17 Jan 2020 21:43:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 019A321582 for ; Fri, 17 Jan 2020 21:43:27 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="vfufudba" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729921AbgAQVnR (ORCPT ); Fri, 17 Jan 2020 16:43:17 -0500 Received: from mail-pg1-f201.google.com ([209.85.215.201]:51978 "EHLO mail-pg1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729936AbgAQVnQ (ORCPT ); Fri, 17 Jan 2020 16:43:16 -0500 Received: by mail-pg1-f201.google.com with SMTP id g20so15151185pgb.18 for ; Fri, 17 Jan 2020 13:43:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=ED+OdKpzd1Y2Gx6mHqYoI/z45k3s+9K0NlkzBn0277w=; b=vfufudbaxTzErludXjKU507rvvm3v+HAM8EhFClpecw+YDzdFKjHNS+Nca4tEthIit E4vTP6MzVgdk+posSz2paeEIJMu0TNVUcYgtdQKMJ1Xo5cMBLia7Ce0MAJYk09f8WyE8 SkYhHYOt/Rw8ba1Yj7LEJFtEMapMiawgKZjiutP15+TjecoOl4//9DUDIl9+ruqFwV5i PyvEe6BTY0G5CQWwXEDDJmZplROOqVdyvUcGztbgDrVAF1G8dvjeFsLXNS+s62Xp+pFD d6LWdN/yF8s2QU2P8jOHdkoovFKbDwBkRdQ+qDREzYuP8Yc7qGQMWUnFc8LRNtxz6MMh QR3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=ED+OdKpzd1Y2Gx6mHqYoI/z45k3s+9K0NlkzBn0277w=; b=lPCd79lAJNIG58YrPMYCxvYIIF6l6l12fT6ZO5dlyzmIpsldFNI6XWDCoRKsc4QayP Or5ov4QerBq2CVtYTohF/hlvkF5ALhqcJzJyZ86REj6Sh2mU3bxHa1cbo2KU2Q944ZYp +S1DIRi97lKNyQ5Ezd45lJ8Jn5p7IOUm6KwK8PPLa5fPHQxkbsil5YwVQZYqRxRO8YrX 6LLWS0hMBJDwEIhV1JwjpBPoOwFeF67ZjUeQyArgwVc6Ez4cAJBBUKi4NBP/KTriSOgt nPPb3bUB5FA6o3O1mzNtn/WYQlILrB0sT9Q73tWWPTohWTJbGLAi9FrORAIouGAXV3Rr jmDg== X-Gm-Message-State: APjAAAUAHw6X1ipY3dCma2AgzBtcrVTyQnNNG+6KiOGvOzOUsdpBJaLT IaXO1YWAO/0aGUaTUCS+8TVQthb3RZo= X-Google-Smtp-Source: APXvYqy+qD0VTC+AXDDgjdT+HQi4MgNtuCJsA61ZoCwgWLPCG1enzF7c1cv0PTWRCnzWX5SDKjrbzlqb7uY= X-Received: by 2002:a63:d543:: with SMTP id v3mr46350150pgi.285.1579297395443; Fri, 17 Jan 2020 13:43:15 -0800 (PST) Date: Fri, 17 Jan 2020 13:42:45 -0800 In-Reply-To: <20200117214246.235591-1-drosen@google.com> Message-Id: <20200117214246.235591-9-drosen@google.com> Mime-Version: 1.0 References: <20200117214246.235591-1-drosen@google.com> X-Mailer: git-send-email 2.25.0.341.g760bfbb309-goog Subject: [PATCH v3 8/9] ext4: Hande casefolding with encryption From: Daniel Rosenberg To: "Theodore Ts'o" , linux-ext4@vger.kernel.org, Jaegeuk Kim , Chao Yu , linux-f2fs-devel@lists.sourceforge.net, Eric Biggers , linux-fscrypt@vger.kernel.org, Alexander Viro Cc: Andreas Dilger , Jonathan Corbet , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Gabriel Krisman Bertazi , kernel-team@android.com, Daniel Rosenberg Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org This adds support for encryption with casefolding. Since the name on disk is case preserving, and also encrypted, we can no longer just recompute the hash on the fly. Additionally, to avoid leaking extra information from the hash of the unencrypted name, we use siphash via an fscrypt v2 policy. The hash is stored at the end of the directory entry for all entries inside of an encrypted and casefolded directory apart from those that deal with '.' and '..'. This way, the change is backwards compatible with existing ext4 filesystems. Signed-off-by: Daniel Rosenberg --- Documentation/filesystems/ext4/directory.rst | 27 ++ fs/ext4/dir.c | 28 +- fs/ext4/ext4.h | 64 +++- fs/ext4/hash.c | 24 +- fs/ext4/ialloc.c | 5 +- fs/ext4/inline.c | 41 +-- fs/ext4/namei.c | 291 +++++++++++++------ fs/ext4/super.c | 6 - 8 files changed, 343 insertions(+), 143 deletions(-) diff --git a/Documentation/filesystems/ext4/directory.rst b/Documentation/filesystems/ext4/directory.rst index 073940cc64edd..55f618b371445 100644 --- a/Documentation/filesystems/ext4/directory.rst +++ b/Documentation/filesystems/ext4/directory.rst @@ -121,6 +121,31 @@ The directory file type is one of the following values: * - 0x7 - Symbolic link. +To support directories that are both encrypted and casefolded directories, we +must also include hash information in the directory entry. We append +``ext4_extended_dir_entry_2`` to ``ext4_dir_entry_2`` except for the entries +for dot and dotdot, which are kept the same. The structure follows immediately +after ``name`` and is included in the size listed by ``rec_len`` If a directory +entry uses this extension, it may be up to 271 bytes. + +.. list-table:: + :widths: 8 8 24 40 + :header-rows: 1 + + * - Offset + - Size + - Name + - Description + * - 0x0 + - \_\_le32 + - hash + - The hash of the directory name + * - 0x4 + - \_\_le32 + - minor\_hash + - The minor hash of the directory name + + In order to add checksums to these classic directory blocks, a phony ``struct ext4_dir_entry`` is placed at the end of each leaf block to hold the checksum. The directory entry is 12 bytes long. The inode @@ -322,6 +347,8 @@ The directory hash is one of the following values: - Half MD4, unsigned. * - 0x5 - Tea, unsigned. + * - 0x6 + - Siphash. Interior nodes of an htree are recorded as ``struct dx_node``, which is also the full length of a data block: diff --git a/fs/ext4/dir.c b/fs/ext4/dir.c index e0a9b3f0682dd..f65ca3a7153b9 100644 --- a/fs/ext4/dir.c +++ b/fs/ext4/dir.c @@ -26,10 +26,11 @@ #include #include #include -#include #include "ext4.h" #include "xattr.h" +#define DOTDOT_OFFSET 12 + static int ext4_dx_readdir(struct file *, struct dir_context *); /** @@ -67,22 +68,26 @@ int __ext4_check_dir_entry(const char *function, unsigned int line, struct inode *dir, struct file *filp, struct ext4_dir_entry_2 *de, struct buffer_head *bh, char *buf, int size, + ext4_lblk_t lblk, unsigned int offset) { const char *error_msg = NULL; const int rlen = ext4_rec_len_from_disk(de->rec_len, dir->i_sb->s_blocksize); const int next_offset = ((char *) de - buf) + rlen; + bool fake = (lblk == 0) && (offset <= DOTDOT_OFFSET); - if (unlikely(rlen < EXT4_DIR_REC_LEN(1))) + if (unlikely(rlen < ext4_dir_rec_len(1, fake ? NULL : dir))) error_msg = "rec_len is smaller than minimal"; else if (unlikely(rlen % 4 != 0)) error_msg = "rec_len % 4 != 0"; - else if (unlikely(rlen < EXT4_DIR_REC_LEN(de->name_len))) + else if (unlikely(rlen < ext4_dir_rec_len(de->name_len, + fake ? NULL : dir))) error_msg = "rec_len is too small for name_len"; else if (unlikely(next_offset > size)) error_msg = "directory entry overrun"; - else if (unlikely(next_offset > size - EXT4_DIR_REC_LEN(1) && + else if (unlikely(next_offset > size - ext4_dir_rec_len(1, + fake ? NULL : dir) && next_offset != size)) error_msg = "directory entry too close to block end"; else if (unlikely(le32_to_cpu(de->inode) > @@ -94,15 +99,15 @@ int __ext4_check_dir_entry(const char *function, unsigned int line, if (filp) ext4_error_file(filp, function, line, bh->b_blocknr, "bad entry in directory: %s - offset=%u, " - "inode=%u, rec_len=%d, name_len=%d, size=%d", + "inode=%u, rec_len=%d, lblk=%d, size=%d", error_msg, offset, le32_to_cpu(de->inode), - rlen, de->name_len, size); + rlen, lblk, size); else ext4_error_inode(dir, function, line, bh->b_blocknr, "bad entry in directory: %s - offset=%u, " - "inode=%u, rec_len=%d, name_len=%d, size=%d", + "inode=%u, rec_len=%d, lblk=%d, size=%d", error_msg, offset, le32_to_cpu(de->inode), - rlen, de->name_len, size); + rlen, lblk, size); return 1; } @@ -224,7 +229,8 @@ static int ext4_readdir(struct file *file, struct dir_context *ctx) * failure will be detected in the * dirent test below. */ if (ext4_rec_len_from_disk(de->rec_len, - sb->s_blocksize) < EXT4_DIR_REC_LEN(1)) + sb->s_blocksize) < ext4_dir_rec_len(1, + inode)) break; i += ext4_rec_len_from_disk(de->rec_len, sb->s_blocksize); @@ -240,7 +246,7 @@ static int ext4_readdir(struct file *file, struct dir_context *ctx) de = (struct ext4_dir_entry_2 *) (bh->b_data + offset); if (ext4_check_dir_entry(inode, file, de, bh, bh->b_data, bh->b_size, - offset)) { + map.m_lblk, offset)) { /* * On error, skip to the next block */ @@ -642,7 +648,7 @@ int ext4_check_all_de(struct inode *dir, struct buffer_head *bh, void *buf, top = buf + buf_size; while ((char *) de < top) { if (ext4_check_dir_entry(dir, NULL, de, bh, - buf, buf_size, offset)) + buf, buf_size, 0, offset)) return -EFSCORRUPTED; rlen = ext4_rec_len_from_disk(de->rec_len, buf_size); de = (struct ext4_dir_entry_2 *)((char *)de + rlen); diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h index 3162ef2e53d46..a70b4db05b745 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -1955,6 +1955,19 @@ struct ext4_dir_entry { char name[EXT4_NAME_LEN]; /* File name */ }; + +/* + * Extended entry for ext4_dir_entry_2, since we can't easily store values after + * an arbitrary sized field, and would prefer not to break the format. For + * entries that are both encrypted and casefolded, we need to include the hash + * in the entry. + */ + +struct ext4_extended_dir_entry_2 { + __le32 hash; + __le32 minor_hash; +}; + /* * The new version of the directory entry. Since EXT4 structures are * stored in intel byte order, and the name_len field could never be @@ -1967,8 +1980,24 @@ struct ext4_dir_entry_2 { __u8 name_len; /* Name length */ __u8 file_type; char name[EXT4_NAME_LEN]; /* File name */ + char padding[sizeof(struct ext4_extended_dir_entry_2)]; }; +/* + * Access the extended section of ext4_dir_entry_2 + */ +#define EXT4_EXTENDED_DIRENT(entry) \ + ((struct ext4_extended_dir_entry_2 *) \ + (((void *)(entry)) + 8 + (entry)->name_len)) +#define EXT4_DIRENT_HASH(entry) le32_to_cpu(EXT4_EXTENDED_DIRENT(de)->hash) +#define EXT4_DIRENT_MINOR_HASH(entry) \ + le32_to_cpu(EXT4_EXTENDED_DIRENT(de)->minor_hash) + +static inline bool ext4_hash_in_dirent(const struct inode *inode) +{ + return IS_CASEFOLDED(inode) && IS_ENCRYPTED(inode); +} + /* * This is a bogus directory entry at the end of each leaf block that * records checksums. @@ -2010,10 +2039,25 @@ struct ext4_dir_entry_tail { */ #define EXT4_DIR_PAD 4 #define EXT4_DIR_ROUND (EXT4_DIR_PAD - 1) -#define EXT4_DIR_REC_LEN(name_len) (((name_len) + 8 + EXT4_DIR_ROUND) & \ - ~EXT4_DIR_ROUND) #define EXT4_MAX_REC_LEN ((1<<16)-1) +/* + * The rec_len is dependent on the type of directory. Directories that are + * casefolded and encrypted need to store the hash as well, so we add room for + * ext4_extended_dir_entry_2. For all entries related to '.' or '..' you should + * pass NULL for dir, as those entries do not use the extra fields. + */ + +static inline unsigned int ext4_dir_rec_len(__u8 name_len, + const struct inode *dir) +{ + int rec_len = (name_len + 8 + EXT4_DIR_ROUND); + + if (dir && ext4_hash_in_dirent(dir)) + rec_len += sizeof(struct ext4_extended_dir_entry_2); + return (rec_len & ~EXT4_DIR_ROUND); +} + /* * If we ever get support for fs block sizes > page_size, we'll need * to remove the #if statements in the next two functions... @@ -2070,6 +2114,7 @@ static inline __le16 ext4_rec_len_to_disk(unsigned len, unsigned blocksize) #define DX_HASH_LEGACY_UNSIGNED 3 #define DX_HASH_HALF_MD4_UNSIGNED 4 #define DX_HASH_TEA_UNSIGNED 5 +#define DX_HASH_SIPHASH 6 static inline u32 ext4_chksum(struct ext4_sb_info *sbi, u32 crc, const void *address, unsigned int length) @@ -2124,6 +2169,7 @@ struct ext4_filename { }; #define fname_name(p) ((p)->disk_name.name) +#define fname_usr_name(p) ((p)->usr_fname->name) #define fname_len(p) ((p)->disk_name.len) /* @@ -2458,21 +2504,22 @@ extern int __ext4_check_dir_entry(const char *, unsigned int, struct inode *, struct file *, struct ext4_dir_entry_2 *, struct buffer_head *, char *, int, - unsigned int); -#define ext4_check_dir_entry(dir, filp, de, bh, buf, size, offset) \ + ext4_lblk_t, unsigned int); +#define ext4_check_dir_entry(dir, filp, de, bh, buf, size, lblk, offset) \ unlikely(__ext4_check_dir_entry(__func__, __LINE__, (dir), (filp), \ - (de), (bh), (buf), (size), (offset))) + (de), (bh), (buf), (size), (lblk), (offset))) extern int ext4_htree_store_dirent(struct file *dir_file, __u32 hash, __u32 minor_hash, struct ext4_dir_entry_2 *dirent, struct fscrypt_str *ent_name); extern void ext4_htree_free_dir_info(struct dir_private_info *p); extern int ext4_find_dest_de(struct inode *dir, struct inode *inode, + ext4_lblk_t lblk, struct buffer_head *bh, void *buf, int buf_size, struct ext4_filename *fname, struct ext4_dir_entry_2 **dest_de); -void ext4_insert_dentry(struct inode *inode, +void ext4_insert_dentry(struct inode *dir, struct inode *inode, struct ext4_dir_entry_2 *de, int buf_size, struct ext4_filename *fname); @@ -2650,11 +2697,12 @@ extern int ext4_search_dir(struct buffer_head *bh, int buf_size, struct inode *dir, struct ext4_filename *fname, - unsigned int offset, + ext4_lblk_t lblk, unsigned int offset, struct ext4_dir_entry_2 **res_dir); extern int ext4_generic_delete_entry(handle_t *handle, struct inode *dir, struct ext4_dir_entry_2 *de_del, + ext4_lblk_t lblk, struct buffer_head *bh, void *entry_buf, int buf_size, @@ -3190,7 +3238,7 @@ extern int ext4_handle_dirty_dirblock(handle_t *handle, struct inode *inode, struct buffer_head *bh); extern int ext4_ci_compare(const struct inode *parent, const struct qstr *fname, - const struct qstr *entry, bool quick); + unsigned char *name2, size_t len, bool quick); #define S_SHIFT 12 static const unsigned char ext4_type_by_mode[(S_IFMT >> S_SHIFT) + 1] = { diff --git a/fs/ext4/hash.c b/fs/ext4/hash.c index 143b0073b3f46..035b57b936732 100644 --- a/fs/ext4/hash.c +++ b/fs/ext4/hash.c @@ -197,7 +197,7 @@ static void str2hashbuf_unsigned(const char *msg, int len, __u32 *buf, int num) * represented, and whether or not the returned hash is 32 bits or 64 * bits. 32 bit hashes will return 0 for the minor hash. */ -static int __ext4fs_dirhash(const char *name, int len, +static int __ext4fs_dirhash(const struct inode *dir, const char *name, int len, struct dx_hash_info *hinfo) { __u32 hash; @@ -259,6 +259,22 @@ static int __ext4fs_dirhash(const char *name, int len, hash = buf[0]; minor_hash = buf[1]; break; + case DX_HASH_SIPHASH: + { + struct qstr qname = QSTR_INIT(name, len); + __u64 combined_hash; + + if (fscrypt_has_encryption_key(dir)) { + combined_hash = fscrypt_fname_siphash(dir, &qname); + } else { + ext4_warning_inode(dir, "Siphash requires key"); + return -1; + } + + hash = (__u32)(combined_hash >> 32); + minor_hash = (__u32)combined_hash; + break; + } default: hinfo->hash = 0; return -1; @@ -280,7 +296,7 @@ int ext4fs_dirhash(const struct inode *dir, const char *name, int len, unsigned char *buff; struct qstr qstr = {.name = name, .len = len }; - if (len && IS_CASEFOLDED(dir) && um) { + if (len && needs_casefold(dir) && um) { buff = kzalloc(sizeof(char) * PATH_MAX, GFP_KERNEL); if (!buff) return -ENOMEM; @@ -291,12 +307,12 @@ int ext4fs_dirhash(const struct inode *dir, const char *name, int len, goto opaque_seq; } - r = __ext4fs_dirhash(buff, dlen, hinfo); + r = __ext4fs_dirhash(dir, buff, dlen, hinfo); kfree(buff); return r; } opaque_seq: #endif - return __ext4fs_dirhash(name, len, hinfo); + return __ext4fs_dirhash(dir, name, len, hinfo); } diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c index 8ca4a23129aaf..fbf3f915c4871 100644 --- a/fs/ext4/ialloc.c +++ b/fs/ext4/ialloc.c @@ -448,7 +448,10 @@ static int find_group_orlov(struct super_block *sb, struct inode *parent, int ret = -1; if (qstr) { - hinfo.hash_version = DX_HASH_HALF_MD4; + if (ext4_hash_in_dirent(parent)) + hinfo.hash_version = DX_HASH_SIPHASH; + else + hinfo.hash_version = DX_HASH_HALF_MD4; hinfo.seed = sbi->s_hash_seed; ext4fs_dirhash(parent, qstr->name, qstr->len, &hinfo); grp = hinfo.hash; diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c index 2fec62d764fa9..4dd04c06bdabe 100644 --- a/fs/ext4/inline.c +++ b/fs/ext4/inline.c @@ -996,7 +996,7 @@ void ext4_show_inline_dir(struct inode *dir, struct buffer_head *bh, offset, de_len, de->name_len, de->name, de->name_len, le32_to_cpu(de->inode)); if (ext4_check_dir_entry(dir, NULL, de, bh, - inline_start, inline_size, offset)) + inline_start, inline_size, 0, offset)) BUG(); offset += de_len; @@ -1022,7 +1022,7 @@ static int ext4_add_dirent_to_inline(handle_t *handle, int err; struct ext4_dir_entry_2 *de; - err = ext4_find_dest_de(dir, inode, iloc->bh, inline_start, + err = ext4_find_dest_de(dir, inode, 0, iloc->bh, inline_start, inline_size, fname, &de); if (err) return err; @@ -1031,7 +1031,7 @@ static int ext4_add_dirent_to_inline(handle_t *handle, err = ext4_journal_get_write_access(handle, iloc->bh); if (err) return err; - ext4_insert_dentry(inode, de, inline_size, fname); + ext4_insert_dentry(dir, inode, de, inline_size, fname); ext4_show_inline_dir(dir, iloc->bh, inline_start, inline_size); @@ -1100,7 +1100,7 @@ static int ext4_update_inline_dir(handle_t *handle, struct inode *dir, int old_size = EXT4_I(dir)->i_inline_size - EXT4_MIN_INLINE_DATA_SIZE; int new_size = get_max_inline_xattr_value_size(dir, iloc); - if (new_size - old_size <= EXT4_DIR_REC_LEN(1)) + if (new_size - old_size <= ext4_dir_rec_len(1, NULL)) return -ENOSPC; ret = ext4_update_inline_data(handle, dir, @@ -1378,8 +1378,8 @@ int ext4_inlinedir_to_tree(struct file *dir_file, fake.name_len = 1; strcpy(fake.name, "."); fake.rec_len = ext4_rec_len_to_disk( - EXT4_DIR_REC_LEN(fake.name_len), - inline_size); + ext4_dir_rec_len(fake.name_len, NULL), + inline_size); ext4_set_de_type(inode->i_sb, &fake, S_IFDIR); de = &fake; pos = EXT4_INLINE_DOTDOT_OFFSET; @@ -1388,8 +1388,8 @@ int ext4_inlinedir_to_tree(struct file *dir_file, fake.name_len = 2; strcpy(fake.name, ".."); fake.rec_len = ext4_rec_len_to_disk( - EXT4_DIR_REC_LEN(fake.name_len), - inline_size); + ext4_dir_rec_len(fake.name_len, NULL), + inline_size); ext4_set_de_type(inode->i_sb, &fake, S_IFDIR); de = &fake; pos = EXT4_INLINE_DOTDOT_SIZE; @@ -1398,13 +1398,18 @@ int ext4_inlinedir_to_tree(struct file *dir_file, pos += ext4_rec_len_from_disk(de->rec_len, inline_size); if (ext4_check_dir_entry(inode, dir_file, de, iloc.bh, dir_buf, - inline_size, pos)) { + inline_size, block, pos)) { ret = count; goto out; } } - ext4fs_dirhash(dir, de->name, de->name_len, hinfo); + if (ext4_hash_in_dirent(dir)) { + hinfo->hash = EXT4_DIRENT_HASH(de); + hinfo->minor_hash = EXT4_DIRENT_MINOR_HASH(de); + } else { + ext4fs_dirhash(dir, de->name, de->name_len, hinfo); + } if ((hinfo->hash < start_hash) || ((hinfo->hash == start_hash) && (hinfo->minor_hash < start_minor_hash))) @@ -1486,8 +1491,8 @@ int ext4_read_inline_dir(struct file *file, * So we will use extra_offset and extra_size to indicate them * during the inline dir iteration. */ - dotdot_offset = EXT4_DIR_REC_LEN(1); - dotdot_size = dotdot_offset + EXT4_DIR_REC_LEN(2); + dotdot_offset = ext4_dir_rec_len(1, NULL); + dotdot_size = dotdot_offset + ext4_dir_rec_len(2, NULL); extra_offset = dotdot_size - EXT4_INLINE_DOTDOT_SIZE; extra_size = extra_offset + inline_size; @@ -1522,7 +1527,7 @@ int ext4_read_inline_dir(struct file *file, * failure will be detected in the * dirent test below. */ if (ext4_rec_len_from_disk(de->rec_len, extra_size) - < EXT4_DIR_REC_LEN(1)) + < ext4_dir_rec_len(1, NULL)) break; i += ext4_rec_len_from_disk(de->rec_len, extra_size); @@ -1550,7 +1555,7 @@ int ext4_read_inline_dir(struct file *file, de = (struct ext4_dir_entry_2 *) (dir_buf + ctx->pos - extra_offset); if (ext4_check_dir_entry(inode, file, de, iloc.bh, dir_buf, - extra_size, ctx->pos)) + extra_size, 0, ctx->pos)) goto out; if (le32_to_cpu(de->inode)) { if (!dir_emit(ctx, de->name, de->name_len, @@ -1642,7 +1647,7 @@ struct buffer_head *ext4_find_inline_entry(struct inode *dir, EXT4_INLINE_DOTDOT_SIZE; inline_size = EXT4_MIN_INLINE_DATA_SIZE - EXT4_INLINE_DOTDOT_SIZE; ret = ext4_search_dir(iloc.bh, inline_start, inline_size, - dir, fname, 0, res_dir); + dir, fname, 0, 0, res_dir); if (ret == 1) goto out_find; if (ret < 0) @@ -1655,7 +1660,7 @@ struct buffer_head *ext4_find_inline_entry(struct inode *dir, inline_size = ext4_get_inline_size(dir) - EXT4_MIN_INLINE_DATA_SIZE; ret = ext4_search_dir(iloc.bh, inline_start, inline_size, - dir, fname, 0, res_dir); + dir, fname, 0, 0, res_dir); if (ret == 1) goto out_find; @@ -1704,7 +1709,7 @@ int ext4_delete_inline_entry(handle_t *handle, if (err) goto out; - err = ext4_generic_delete_entry(handle, dir, de_del, bh, + err = ext4_generic_delete_entry(handle, dir, de_del, 0, bh, inline_start, inline_size, 0); if (err) goto out; @@ -1788,7 +1793,7 @@ bool empty_inline_dir(struct inode *dir, int *has_inline_data) &inline_pos, &inline_size); if (ext4_check_dir_entry(dir, NULL, de, iloc.bh, inline_pos, - inline_size, offset)) { + inline_size, 0, offset)) { ext4_warning(dir->i_sb, "bad inline directory (dir #%lu) - " "inode %u, rec_len %u, name_len %d" diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c index 7f4e625ab2f9b..a5ee76a14e3b7 100644 --- a/fs/ext4/namei.c +++ b/fs/ext4/namei.c @@ -277,9 +277,11 @@ static int dx_make_map(struct inode *dir, struct ext4_dir_entry_2 *de, unsigned blocksize, struct dx_hash_info *hinfo, struct dx_map_entry map[]); static void dx_sort_map(struct dx_map_entry *map, unsigned count); -static struct ext4_dir_entry_2 *dx_move_dirents(char *from, char *to, - struct dx_map_entry *offsets, int count, unsigned blocksize); -static struct ext4_dir_entry_2* dx_pack_dirents(char *base, unsigned blocksize); +static struct ext4_dir_entry_2 *dx_move_dirents(struct inode *dir, char *from, + char *to, struct dx_map_entry *offsets, + int count, unsigned int blocksize); +static struct ext4_dir_entry_2 *dx_pack_dirents(struct inode *dir, char *base, + unsigned int blocksize); static void dx_insert_block(struct dx_frame *frame, u32 hash, ext4_lblk_t block); static int ext4_htree_next_block(struct inode *dir, __u32 hash, @@ -288,7 +290,7 @@ static int ext4_htree_next_block(struct inode *dir, __u32 hash, __u32 *start_hash); static struct buffer_head * ext4_dx_find_entry(struct inode *dir, struct ext4_filename *fname, - struct ext4_dir_entry_2 **res_dir); + struct ext4_dir_entry_2 **res_dir, ext4_lblk_t *lblk); static int ext4_dx_add_entry(handle_t *handle, struct ext4_filename *fname, struct inode *dir, struct inode *inode); @@ -571,8 +573,9 @@ static inline void dx_set_limit(struct dx_entry *entries, unsigned value) static inline unsigned dx_root_limit(struct inode *dir, unsigned infosize) { - unsigned entry_space = dir->i_sb->s_blocksize - EXT4_DIR_REC_LEN(1) - - EXT4_DIR_REC_LEN(2) - infosize; + unsigned int entry_space = dir->i_sb->s_blocksize - + ext4_dir_rec_len(1, NULL) - + ext4_dir_rec_len(2, NULL) - infosize; if (ext4_has_metadata_csum(dir->i_sb)) entry_space -= sizeof(struct dx_tail); @@ -581,7 +584,8 @@ static inline unsigned dx_root_limit(struct inode *dir, unsigned infosize) static inline unsigned dx_node_limit(struct inode *dir) { - unsigned entry_space = dir->i_sb->s_blocksize - EXT4_DIR_REC_LEN(0); + unsigned int entry_space = dir->i_sb->s_blocksize - + ext4_dir_rec_len(0, dir); if (ext4_has_metadata_csum(dir->i_sb)) entry_space -= sizeof(struct dx_tail); @@ -677,7 +681,10 @@ static struct stats dx_show_leaf(struct inode *dir, name = fname_crypto_str.name; len = fname_crypto_str.len; } - ext4fs_dirhash(dir, de->name, + if (IS_CASEFOLDED(dir)) + h.hash = EXT4_DIRENT_HASH(de); + else + ext4fs_dirhash(dir, de->name, de->name_len, &h); printk("%*.s:(E)%x.%u ", len, name, h.hash, (unsigned) ((char *) de @@ -693,7 +700,7 @@ static struct stats dx_show_leaf(struct inode *dir, (unsigned) ((char *) de - base)); #endif } - space += EXT4_DIR_REC_LEN(de->name_len); + space += ext4_dir_rec_len(de->name_len, dir); names++; } de = ext4_next_entry(de, size); @@ -765,7 +772,8 @@ dx_probe(struct ext4_filename *fname, struct inode *dir, root = (struct dx_root *) frame->bh->b_data; if (root->info.hash_version != DX_HASH_TEA && root->info.hash_version != DX_HASH_HALF_MD4 && - root->info.hash_version != DX_HASH_LEGACY) { + root->info.hash_version != DX_HASH_LEGACY && + root->info.hash_version != DX_HASH_SIPHASH) { ext4_warning_inode(dir, "Unrecognised inode hash code %u", root->info.hash_version); goto fail; @@ -1001,7 +1009,7 @@ static int htree_dirblock_to_tree(struct file *dir_file, de = (struct ext4_dir_entry_2 *) bh->b_data; top = (struct ext4_dir_entry_2 *) ((char *) de + dir->i_sb->s_blocksize - - EXT4_DIR_REC_LEN(0)); + ext4_dir_rec_len(0, dir)); #ifdef CONFIG_FS_ENCRYPTION /* Check if the directory is encrypted */ if (IS_ENCRYPTED(dir)) { @@ -1020,13 +1028,18 @@ static int htree_dirblock_to_tree(struct file *dir_file, #endif for (; de < top; de = ext4_next_entry(de, dir->i_sb->s_blocksize)) { if (ext4_check_dir_entry(dir, NULL, de, bh, - bh->b_data, bh->b_size, + bh->b_data, bh->b_size, block, (block<i_sb)) + ((char *)de - bh->b_data))) { /* silently ignore the rest of the block */ break; } - ext4fs_dirhash(dir, de->name, de->name_len, hinfo); + if (ext4_hash_in_dirent(dir)) { + hinfo->hash = EXT4_DIRENT_HASH(de); + hinfo->minor_hash = EXT4_DIRENT_MINOR_HASH(de); + } else { + ext4fs_dirhash(dir, de->name, de->name_len, hinfo); + } if ((hinfo->hash < start_hash) || ((hinfo->hash == start_hash) && (hinfo->minor_hash < start_minor_hash))) @@ -1097,7 +1110,11 @@ int ext4_htree_fill_tree(struct file *dir_file, __u32 start_hash, start_hash, start_minor_hash)); dir = file_inode(dir_file); if (!(ext4_test_inode_flag(dir, EXT4_INODE_INDEX))) { - hinfo.hash_version = EXT4_SB(dir->i_sb)->s_def_hash_version; + if (ext4_hash_in_dirent(dir)) + hinfo.hash_version = DX_HASH_SIPHASH; + else + hinfo.hash_version = + EXT4_SB(dir->i_sb)->s_def_hash_version; if (hinfo.hash_version <= DX_HASH_TEA) hinfo.hash_version += EXT4_SB(dir->i_sb)->s_hash_unsigned; @@ -1190,11 +1207,12 @@ int ext4_htree_fill_tree(struct file *dir_file, __u32 start_hash, static inline int search_dirblock(struct buffer_head *bh, struct inode *dir, struct ext4_filename *fname, + ext4_lblk_t lblk, unsigned int offset, struct ext4_dir_entry_2 **res_dir) { return ext4_search_dir(bh, bh->b_data, dir->i_sb->s_blocksize, dir, - fname, offset, res_dir); + fname, lblk, offset, res_dir); } /* @@ -1215,7 +1233,10 @@ static int dx_make_map(struct inode *dir, struct ext4_dir_entry_2 *de, while ((char *) de < base + blocksize) { if (de->name_len && de->inode) { - ext4fs_dirhash(dir, de->name, de->name_len, &h); + if (ext4_hash_in_dirent(dir)) + h.hash = EXT4_DIRENT_HASH(de); + else + ext4fs_dirhash(dir, de->name, de->name_len, &h); map_tail--; map_tail->hash = h.hash; map_tail->offs = ((char *) de - base)>>2; @@ -1280,30 +1301,54 @@ static void dx_insert_block(struct dx_frame *frame, u32 hash, ext4_lblk_t block) * doesn't match or less than zero on error. */ int ext4_ci_compare(const struct inode *parent, const struct qstr *name, - const struct qstr *entry, bool quick) + unsigned char *name2, size_t len, bool quick) { const struct super_block *sb = parent->i_sb; const struct unicode_map *um = sb->s_encoding; + const struct fscrypt_str crypt_entry = FSTR_INIT(name2, len); + struct fscrypt_str decrypted_entry; + struct qstr entry = QSTR_INIT(name2, len); int ret; + decrypted_entry.name = NULL; + decrypted_entry.len = 0; + if (IS_ENCRYPTED(parent) && fscrypt_has_encryption_key(parent)) { + decrypted_entry.name = kmalloc(len, GFP_ATOMIC); + decrypted_entry.len = len; + if (!decrypted_entry.name) + return -ENOMEM; + ret = fscrypt_fname_disk_to_usr(parent, 0, 0, &crypt_entry, + &decrypted_entry); + if (ret < 0) + goto err; + } + + { + struct qstr decrypted = FSTR_TO_QSTR(&decrypted_entry); if (quick) - ret = utf8_strncasecmp_folded(um, name, entry); + ret = utf8_strncasecmp_folded(um, name, + decrypted_entry.name ? &decrypted : &entry); else - ret = utf8_strncasecmp(um, name, entry); + ret = utf8_strncasecmp(um, name, + decrypted_entry.name ? &decrypted : &entry); + } if (ret < 0) { /* Handle invalid character sequence as either an error * or as an opaque byte sequence. */ - if (sb_has_enc_strict_mode(sb)) - return -EINVAL; - - if (name->len != entry->len) - return 1; + if (sb_has_enc_strict_mode(sb)) { + ret = -EINVAL; + goto err; + } - return !!memcmp(name->name, entry->name, name->len); + if (name->len != entry.len) + ret = 1; + else + ret = !!memcmp(name->name, entry.name, name->len); } - +err: + kfree(decrypted_entry.name); return ret; } @@ -1339,14 +1384,11 @@ void ext4_fname_setup_ci_filename(struct inode *dir, const struct qstr *iname, * * Return: %true if the directory entry matches, otherwise %false. */ -static inline bool ext4_match(const struct inode *parent, +static bool ext4_match(struct inode *parent, const struct ext4_filename *fname, - const struct ext4_dir_entry_2 *de) + struct ext4_dir_entry_2 *de) { struct fscrypt_name f; -#ifdef CONFIG_UNICODE - const struct qstr entry = {.name = de->name, .len = de->name_len}; -#endif if (!de->inode) return false; @@ -1362,10 +1404,23 @@ static inline bool ext4_match(const struct inode *parent, if (fname->cf_name.name) { struct qstr cf = {.name = fname->cf_name.name, .len = fname->cf_name.len}; - return !ext4_ci_compare(parent, &cf, &entry, true); + if (IS_ENCRYPTED(parent)) { + struct dx_hash_info hinfo; + + hinfo.hash_version = DX_HASH_SIPHASH; + hinfo.seed = NULL; + ext4fs_dirhash(parent, fname->cf_name.name, + fname_len(fname), &hinfo); + if (hinfo.hash != EXT4_DIRENT_HASH(de) || + hinfo.minor_hash != + EXT4_DIRENT_MINOR_HASH(de)) + return 0; + } + return !ext4_ci_compare(parent, &cf, de->name, + de->name_len, true); } - return !ext4_ci_compare(parent, fname->usr_fname, &entry, - false); + return !ext4_ci_compare(parent, fname->usr_fname, de->name, + de->name_len, false); } #endif @@ -1377,7 +1432,8 @@ static inline bool ext4_match(const struct inode *parent, */ int ext4_search_dir(struct buffer_head *bh, char *search_buf, int buf_size, struct inode *dir, struct ext4_filename *fname, - unsigned int offset, struct ext4_dir_entry_2 **res_dir) + ext4_lblk_t lblk, unsigned int offset, + struct ext4_dir_entry_2 **res_dir) { struct ext4_dir_entry_2 * de; char * dlimit; @@ -1393,7 +1449,7 @@ int ext4_search_dir(struct buffer_head *bh, char *search_buf, int buf_size, /* found a match - just to be sure, do * a full check */ if (ext4_check_dir_entry(dir, NULL, de, bh, bh->b_data, - bh->b_size, offset)) + bh->b_size, lblk, offset)) return -1; *res_dir = de; return 1; @@ -1439,7 +1495,7 @@ static int is_dx_internal_node(struct inode *dir, ext4_lblk_t block, static struct buffer_head *__ext4_find_entry(struct inode *dir, struct ext4_filename *fname, struct ext4_dir_entry_2 **res_dir, - int *inlined) + int *inlined, ext4_lblk_t *lblk) { struct super_block *sb; struct buffer_head *bh_use[NAMEI_RA_SIZE]; @@ -1463,6 +1519,8 @@ static struct buffer_head *__ext4_find_entry(struct inode *dir, int has_inline_data = 1; ret = ext4_find_inline_entry(dir, fname, res_dir, &has_inline_data); + if (lblk) + *lblk = 0; if (has_inline_data) { if (inlined) *inlined = 1; @@ -1481,7 +1539,7 @@ static struct buffer_head *__ext4_find_entry(struct inode *dir, goto restart; } if (is_dx(dir)) { - ret = ext4_dx_find_entry(dir, fname, res_dir); + ret = ext4_dx_find_entry(dir, fname, res_dir, lblk); /* * On success, or if the error was file not found, * return. Otherwise, fall back to doing a search the @@ -1544,9 +1602,11 @@ static struct buffer_head *__ext4_find_entry(struct inode *dir, goto cleanup_and_exit; } set_buffer_verified(bh); - i = search_dirblock(bh, dir, fname, + i = search_dirblock(bh, dir, fname, block, block << EXT4_BLOCK_SIZE_BITS(sb), res_dir); if (i == 1) { + if (lblk) + *lblk = block; EXT4_I(dir)->i_dir_start_lookup = block; ret = bh; goto cleanup_and_exit; @@ -1581,7 +1641,7 @@ static struct buffer_head *__ext4_find_entry(struct inode *dir, static struct buffer_head *ext4_find_entry(struct inode *dir, const struct qstr *d_name, struct ext4_dir_entry_2 **res_dir, - int *inlined) + int *inlined, ext4_lblk_t *lblk) { int err; struct ext4_filename fname; @@ -1593,7 +1653,7 @@ static struct buffer_head *ext4_find_entry(struct inode *dir, if (err) return ERR_PTR(err); - bh = __ext4_find_entry(dir, &fname, res_dir, inlined); + bh = __ext4_find_entry(dir, &fname, res_dir, inlined, lblk); ext4_fname_free_filename(&fname); return bh; @@ -1613,7 +1673,7 @@ static struct buffer_head *ext4_lookup_entry(struct inode *dir, if (err) return ERR_PTR(err); - bh = __ext4_find_entry(dir, &fname, res_dir, NULL); + bh = __ext4_find_entry(dir, &fname, res_dir, NULL, NULL); ext4_fname_free_filename(&fname); return bh; @@ -1621,7 +1681,7 @@ static struct buffer_head *ext4_lookup_entry(struct inode *dir, static struct buffer_head * ext4_dx_find_entry(struct inode *dir, struct ext4_filename *fname, - struct ext4_dir_entry_2 **res_dir) + struct ext4_dir_entry_2 **res_dir, ext4_lblk_t *lblk) { struct super_block * sb = dir->i_sb; struct dx_frame frames[EXT4_HTREE_LEVEL], *frame; @@ -1637,11 +1697,13 @@ static struct buffer_head * ext4_dx_find_entry(struct inode *dir, return (struct buffer_head *) frame; do { block = dx_get_block(frame->at); + if (lblk) + *lblk = block; bh = ext4_read_dirblock(dir, block, DIRENT_HTREE); if (IS_ERR(bh)) goto errout; - retval = search_dirblock(bh, dir, fname, + retval = search_dirblock(bh, dir, fname, block, block << EXT4_BLOCK_SIZE_BITS(sb), res_dir); if (retval == 1) @@ -1736,7 +1798,7 @@ struct dentry *ext4_get_parent(struct dentry *child) struct ext4_dir_entry_2 * de; struct buffer_head *bh; - bh = ext4_find_entry(d_inode(child), &dotdot, &de, NULL); + bh = ext4_find_entry(d_inode(child), &dotdot, &de, NULL, NULL); if (IS_ERR(bh)) return ERR_CAST(bh); if (!bh) @@ -1758,7 +1820,8 @@ struct dentry *ext4_get_parent(struct dentry *child) * Returns pointer to last entry moved. */ static struct ext4_dir_entry_2 * -dx_move_dirents(char *from, char *to, struct dx_map_entry *map, int count, +dx_move_dirents(struct inode *dir, char *from, char *to, + struct dx_map_entry *map, int count, unsigned blocksize) { unsigned rec_len = 0; @@ -1766,7 +1829,8 @@ dx_move_dirents(char *from, char *to, struct dx_map_entry *map, int count, while (count--) { struct ext4_dir_entry_2 *de = (struct ext4_dir_entry_2 *) (from + (map->offs<<2)); - rec_len = EXT4_DIR_REC_LEN(de->name_len); + rec_len = ext4_dir_rec_len(de->name_len, dir); + memcpy (to, de, rec_len); ((struct ext4_dir_entry_2 *) to)->rec_len = ext4_rec_len_to_disk(rec_len, blocksize); @@ -1781,7 +1845,8 @@ dx_move_dirents(char *from, char *to, struct dx_map_entry *map, int count, * Compact each dir entry in the range to the minimal rec_len. * Returns pointer to last entry in range. */ -static struct ext4_dir_entry_2* dx_pack_dirents(char *base, unsigned blocksize) +static struct ext4_dir_entry_2 *dx_pack_dirents(struct inode *dir, char *base, + unsigned int blocksize) { struct ext4_dir_entry_2 *next, *to, *prev, *de = (struct ext4_dir_entry_2 *) base; unsigned rec_len = 0; @@ -1790,7 +1855,7 @@ static struct ext4_dir_entry_2* dx_pack_dirents(char *base, unsigned blocksize) while ((char*)de < base + blocksize) { next = ext4_next_entry(de, blocksize); if (de->inode && de->name_len) { - rec_len = EXT4_DIR_REC_LEN(de->name_len); + rec_len = ext4_dir_rec_len(de->name_len, dir); if (de > to) memmove(to, de, rec_len); to->rec_len = ext4_rec_len_to_disk(rec_len, blocksize); @@ -1808,13 +1873,12 @@ static struct ext4_dir_entry_2* dx_pack_dirents(char *base, unsigned blocksize) * Returns pointer to de in block into which the new entry will be inserted. */ static struct ext4_dir_entry_2 *do_split(handle_t *handle, struct inode *dir, - struct buffer_head **bh,struct dx_frame *frame, - struct dx_hash_info *hinfo) + struct buffer_head **bh, struct dx_frame *frame, + struct dx_hash_info *hinfo, ext4_lblk_t *newblock) { unsigned blocksize = dir->i_sb->s_blocksize; unsigned count, continued; struct buffer_head *bh2; - ext4_lblk_t newblock; u32 hash2; struct dx_map_entry *map; char *data1 = (*bh)->b_data, *data2; @@ -1826,7 +1890,7 @@ static struct ext4_dir_entry_2 *do_split(handle_t *handle, struct inode *dir, if (ext4_has_metadata_csum(dir->i_sb)) csum_size = sizeof(struct ext4_dir_entry_tail); - bh2 = ext4_append(handle, dir, &newblock); + bh2 = ext4_append(handle, dir, newblock); if (IS_ERR(bh2)) { brelse(*bh); *bh = NULL; @@ -1870,9 +1934,9 @@ static struct ext4_dir_entry_2 *do_split(handle_t *handle, struct inode *dir, hash2, split, count-split)); /* Fancy dance to stay within two buffers */ - de2 = dx_move_dirents(data1, data2, map + split, count - split, + de2 = dx_move_dirents(dir, data1, data2, map + split, count - split, blocksize); - de = dx_pack_dirents(data1, blocksize); + de = dx_pack_dirents(dir, data1, blocksize); de->rec_len = ext4_rec_len_to_disk(data1 + (blocksize - csum_size) - (char *) de, blocksize); @@ -1894,7 +1958,7 @@ static struct ext4_dir_entry_2 *do_split(handle_t *handle, struct inode *dir, swap(*bh, bh2); de = de2; } - dx_insert_block(frame, hash2 + continued, newblock); + dx_insert_block(frame, hash2 + continued, *newblock); err = ext4_handle_dirty_dirblock(handle, dir, bh2); if (err) goto journal_error; @@ -1914,13 +1978,14 @@ static struct ext4_dir_entry_2 *do_split(handle_t *handle, struct inode *dir, } int ext4_find_dest_de(struct inode *dir, struct inode *inode, + ext4_lblk_t lblk, struct buffer_head *bh, void *buf, int buf_size, struct ext4_filename *fname, struct ext4_dir_entry_2 **dest_de) { struct ext4_dir_entry_2 *de; - unsigned short reclen = EXT4_DIR_REC_LEN(fname_len(fname)); + unsigned short reclen = ext4_dir_rec_len(fname_len(fname), dir); int nlen, rlen; unsigned int offset = 0; char *top; @@ -1929,11 +1994,11 @@ int ext4_find_dest_de(struct inode *dir, struct inode *inode, top = buf + buf_size - reclen; while ((char *) de <= top) { if (ext4_check_dir_entry(dir, NULL, de, bh, - buf, buf_size, offset)) + buf, buf_size, lblk, offset)) return -EFSCORRUPTED; if (ext4_match(dir, fname, de)) return -EEXIST; - nlen = EXT4_DIR_REC_LEN(de->name_len); + nlen = ext4_dir_rec_len(de->name_len, dir); rlen = ext4_rec_len_from_disk(de->rec_len, buf_size); if ((de->inode ? rlen - nlen : rlen) >= reclen) break; @@ -1947,7 +2012,8 @@ int ext4_find_dest_de(struct inode *dir, struct inode *inode, return 0; } -void ext4_insert_dentry(struct inode *inode, +void ext4_insert_dentry(struct inode *dir, + struct inode *inode, struct ext4_dir_entry_2 *de, int buf_size, struct ext4_filename *fname) @@ -1955,7 +2021,7 @@ void ext4_insert_dentry(struct inode *inode, int nlen, rlen; - nlen = EXT4_DIR_REC_LEN(de->name_len); + nlen = ext4_dir_rec_len(de->name_len, dir); rlen = ext4_rec_len_from_disk(de->rec_len, buf_size); if (de->inode) { struct ext4_dir_entry_2 *de1 = @@ -1969,6 +2035,17 @@ void ext4_insert_dentry(struct inode *inode, ext4_set_de_type(inode->i_sb, de, inode->i_mode); de->name_len = fname_len(fname); memcpy(de->name, fname_name(fname), fname_len(fname)); + if (ext4_hash_in_dirent(dir)) { + struct dx_hash_info hinfo; + + hinfo.hash_version = DX_HASH_SIPHASH; + hinfo.seed = NULL; + ext4fs_dirhash(dir, fname_usr_name(fname), + fname_len(fname), &hinfo); + EXT4_EXTENDED_DIRENT(de)->hash = cpu_to_le32(hinfo.hash); + EXT4_EXTENDED_DIRENT(de)->minor_hash = + cpu_to_le32(hinfo.minor_hash); + } } /* @@ -1982,6 +2059,7 @@ void ext4_insert_dentry(struct inode *inode, static int add_dirent_to_buf(handle_t *handle, struct ext4_filename *fname, struct inode *dir, struct inode *inode, struct ext4_dir_entry_2 *de, + ext4_lblk_t blk, struct buffer_head *bh) { unsigned int blocksize = dir->i_sb->s_blocksize; @@ -1992,7 +2070,7 @@ static int add_dirent_to_buf(handle_t *handle, struct ext4_filename *fname, csum_size = sizeof(struct ext4_dir_entry_tail); if (!de) { - err = ext4_find_dest_de(dir, inode, bh, bh->b_data, + err = ext4_find_dest_de(dir, inode, blk, bh, bh->b_data, blocksize - csum_size, fname, &de); if (err) return err; @@ -2005,7 +2083,7 @@ static int add_dirent_to_buf(handle_t *handle, struct ext4_filename *fname, } /* By now the buffer is marked for journaling */ - ext4_insert_dentry(inode, de, blocksize, fname); + ext4_insert_dentry(dir, inode, de, blocksize, fname); /* * XXX shouldn't update any times until successful @@ -2097,11 +2175,16 @@ static int make_indexed_dir(handle_t *handle, struct ext4_filename *fname, /* Initialize the root; the dot dirents already exist */ de = (struct ext4_dir_entry_2 *) (&root->dotdot); - de->rec_len = ext4_rec_len_to_disk(blocksize - EXT4_DIR_REC_LEN(2), - blocksize); + de->rec_len = ext4_rec_len_to_disk( + blocksize - ext4_dir_rec_len(2, NULL), blocksize); memset (&root->info, 0, sizeof(root->info)); root->info.info_length = sizeof(root->info); - root->info.hash_version = EXT4_SB(dir->i_sb)->s_def_hash_version; + if (ext4_hash_in_dirent(dir)) + root->info.hash_version = DX_HASH_SIPHASH; + else + root->info.hash_version = + EXT4_SB(dir->i_sb)->s_def_hash_version; + entries = root->entries; dx_set_block(entries, 1); dx_set_count(entries, 1); @@ -2112,7 +2195,12 @@ static int make_indexed_dir(handle_t *handle, struct ext4_filename *fname, if (fname->hinfo.hash_version <= DX_HASH_TEA) fname->hinfo.hash_version += EXT4_SB(dir->i_sb)->s_hash_unsigned; fname->hinfo.seed = EXT4_SB(dir->i_sb)->s_hash_seed; - ext4fs_dirhash(dir, fname_name(fname), fname_len(fname), &fname->hinfo); + if (ext4_hash_in_dirent(dir)) + ext4fs_dirhash(dir, fname_usr_name(fname), + fname_len(fname), &fname->hinfo); + else + ext4fs_dirhash(dir, fname_name(fname), + fname_len(fname), &fname->hinfo); memset(frames, 0, sizeof(frames)); frame = frames; @@ -2127,13 +2215,13 @@ static int make_indexed_dir(handle_t *handle, struct ext4_filename *fname, if (retval) goto out_frames; - de = do_split(handle,dir, &bh2, frame, &fname->hinfo); + de = do_split(handle, dir, &bh2, frame, &fname->hinfo, &block); if (IS_ERR(de)) { retval = PTR_ERR(de); goto out_frames; } - retval = add_dirent_to_buf(handle, fname, dir, inode, de, bh2); + retval = add_dirent_to_buf(handle, fname, dir, inode, de, block, bh2); out_frames: /* * Even if the block split failed, we have to properly write @@ -2221,7 +2309,7 @@ static int ext4_add_entry(handle_t *handle, struct dentry *dentry, goto out; } retval = add_dirent_to_buf(handle, &fname, dir, inode, - NULL, bh); + NULL, block, bh); if (retval != -ENOSPC) goto out; @@ -2248,7 +2336,7 @@ static int ext4_add_entry(handle_t *handle, struct dentry *dentry, if (csum_size) ext4_initialize_dirent_tail(bh, blocksize); - retval = add_dirent_to_buf(handle, &fname, dir, inode, de, bh); + retval = add_dirent_to_buf(handle, &fname, dir, inode, de, block, bh); out: ext4_fname_free_filename(&fname); brelse(bh); @@ -2270,6 +2358,7 @@ static int ext4_dx_add_entry(handle_t *handle, struct ext4_filename *fname, struct ext4_dir_entry_2 *de; int restart; int err; + ext4_lblk_t lblk; again: restart = 0; @@ -2278,7 +2367,8 @@ static int ext4_dx_add_entry(handle_t *handle, struct ext4_filename *fname, return PTR_ERR(frame); entries = frame->entries; at = frame->at; - bh = ext4_read_dirblock(dir, dx_get_block(frame->at), DIRENT_HTREE); + lblk = dx_get_block(frame->at); + bh = ext4_read_dirblock(dir, lblk, DIRENT_HTREE); if (IS_ERR(bh)) { err = PTR_ERR(bh); bh = NULL; @@ -2290,7 +2380,7 @@ static int ext4_dx_add_entry(handle_t *handle, struct ext4_filename *fname, if (err) goto journal_error; - err = add_dirent_to_buf(handle, fname, dir, inode, NULL, bh); + err = add_dirent_to_buf(handle, fname, dir, inode, NULL, lblk, bh); if (err != -ENOSPC) goto cleanup; @@ -2410,12 +2500,12 @@ static int ext4_dx_add_entry(handle_t *handle, struct ext4_filename *fname, goto journal_error; } } - de = do_split(handle, dir, &bh, frame, &fname->hinfo); + de = do_split(handle, dir, &bh, frame, &fname->hinfo, &lblk); if (IS_ERR(de)) { err = PTR_ERR(de); goto cleanup; } - err = add_dirent_to_buf(handle, fname, dir, inode, de, bh); + err = add_dirent_to_buf(handle, fname, dir, inode, de, lblk, bh); goto cleanup; journal_error: @@ -2438,6 +2528,7 @@ static int ext4_dx_add_entry(handle_t *handle, struct ext4_filename *fname, int ext4_generic_delete_entry(handle_t *handle, struct inode *dir, struct ext4_dir_entry_2 *de_del, + ext4_lblk_t lblk, struct buffer_head *bh, void *entry_buf, int buf_size, @@ -2452,7 +2543,7 @@ int ext4_generic_delete_entry(handle_t *handle, de = (struct ext4_dir_entry_2 *)entry_buf; while (i < buf_size - csum_size) { if (ext4_check_dir_entry(dir, NULL, de, bh, - bh->b_data, bh->b_size, i)) + bh->b_data, bh->b_size, lblk, i)) return -EFSCORRUPTED; if (de == de_del) { if (pde) @@ -2477,6 +2568,7 @@ int ext4_generic_delete_entry(handle_t *handle, static int ext4_delete_entry(handle_t *handle, struct inode *dir, struct ext4_dir_entry_2 *de_del, + ext4_lblk_t lblk, struct buffer_head *bh) { int err, csum_size = 0; @@ -2497,7 +2589,7 @@ static int ext4_delete_entry(handle_t *handle, if (unlikely(err)) goto out; - err = ext4_generic_delete_entry(handle, dir, de_del, + err = ext4_generic_delete_entry(handle, dir, de_del, lblk, bh, bh->b_data, dir->i_sb->s_blocksize, csum_size); if (err) @@ -2691,7 +2783,7 @@ struct ext4_dir_entry_2 *ext4_init_dot_dotdot(struct inode *inode, { de->inode = cpu_to_le32(inode->i_ino); de->name_len = 1; - de->rec_len = ext4_rec_len_to_disk(EXT4_DIR_REC_LEN(de->name_len), + de->rec_len = ext4_rec_len_to_disk(ext4_dir_rec_len(de->name_len, NULL), blocksize); strcpy(de->name, "."); ext4_set_de_type(inode->i_sb, de, S_IFDIR); @@ -2701,11 +2793,12 @@ struct ext4_dir_entry_2 *ext4_init_dot_dotdot(struct inode *inode, de->name_len = 2; if (!dotdot_real_len) de->rec_len = ext4_rec_len_to_disk(blocksize - - (csum_size + EXT4_DIR_REC_LEN(1)), + (csum_size + ext4_dir_rec_len(1, NULL)), blocksize); else de->rec_len = ext4_rec_len_to_disk( - EXT4_DIR_REC_LEN(de->name_len), blocksize); + ext4_dir_rec_len(de->name_len, NULL), + blocksize); strcpy(de->name, ".."); ext4_set_de_type(inode->i_sb, de, S_IFDIR); @@ -2833,7 +2926,8 @@ bool ext4_empty_dir(struct inode *inode) } sb = inode->i_sb; - if (inode->i_size < EXT4_DIR_REC_LEN(1) + EXT4_DIR_REC_LEN(2)) { + if (inode->i_size < ext4_dir_rec_len(1, NULL) + + ext4_dir_rec_len(2, NULL)) { EXT4_ERROR_INODE(inode, "invalid size"); return true; } @@ -2845,7 +2939,7 @@ bool ext4_empty_dir(struct inode *inode) return true; de = (struct ext4_dir_entry_2 *) bh->b_data; - if (ext4_check_dir_entry(inode, NULL, de, bh, bh->b_data, bh->b_size, + if (ext4_check_dir_entry(inode, NULL, de, bh, bh->b_data, bh->b_size, 0, 0) || le32_to_cpu(de->inode) != inode->i_ino || strcmp(".", de->name)) { ext4_warning_inode(inode, "directory missing '.'"); @@ -2854,7 +2948,7 @@ bool ext4_empty_dir(struct inode *inode) } offset = ext4_rec_len_from_disk(de->rec_len, sb->s_blocksize); de = ext4_next_entry(de, sb->s_blocksize); - if (ext4_check_dir_entry(inode, NULL, de, bh, bh->b_data, bh->b_size, + if (ext4_check_dir_entry(inode, NULL, de, bh, bh->b_data, bh->b_size, 0, offset) || le32_to_cpu(de->inode) == 0 || strcmp("..", de->name)) { ext4_warning_inode(inode, "directory missing '..'"); @@ -2878,7 +2972,7 @@ bool ext4_empty_dir(struct inode *inode) de = (struct ext4_dir_entry_2 *) (bh->b_data + (offset & (sb->s_blocksize - 1))); if (ext4_check_dir_entry(inode, NULL, de, bh, - bh->b_data, bh->b_size, offset)) { + bh->b_data, bh->b_size, 0, offset)) { offset = (offset | (sb->s_blocksize - 1)) + 1; continue; } @@ -3073,6 +3167,8 @@ static int ext4_rmdir(struct inode *dir, struct dentry *dentry) struct buffer_head *bh; struct ext4_dir_entry_2 *de; handle_t *handle = NULL; + ext4_lblk_t lblk; + if (unlikely(ext4_forced_shutdown(EXT4_SB(dir->i_sb)))) return -EIO; @@ -3087,7 +3183,7 @@ static int ext4_rmdir(struct inode *dir, struct dentry *dentry) return retval; retval = -ENOENT; - bh = ext4_find_entry(dir, &dentry->d_name, &de, NULL); + bh = ext4_find_entry(dir, &dentry->d_name, &de, NULL, &lblk); if (IS_ERR(bh)) return PTR_ERR(bh); if (!bh) @@ -3114,7 +3210,7 @@ static int ext4_rmdir(struct inode *dir, struct dentry *dentry) if (IS_DIRSYNC(dir)) ext4_handle_sync(handle); - retval = ext4_delete_entry(handle, dir, de, bh); + retval = ext4_delete_entry(handle, dir, de, lblk, bh); if (retval) goto end_rmdir; if (!EXT4_DIR_LINK_EMPTY(inode)) @@ -3160,6 +3256,7 @@ static int ext4_unlink(struct inode *dir, struct dentry *dentry) struct buffer_head *bh; struct ext4_dir_entry_2 *de; handle_t *handle = NULL; + ext4_lblk_t lblk; if (unlikely(ext4_forced_shutdown(EXT4_SB(dir->i_sb)))) return -EIO; @@ -3175,7 +3272,7 @@ static int ext4_unlink(struct inode *dir, struct dentry *dentry) return retval; retval = -ENOENT; - bh = ext4_find_entry(dir, &dentry->d_name, &de, NULL); + bh = ext4_find_entry(dir, &dentry->d_name, &de, NULL, &lblk); if (IS_ERR(bh)) return PTR_ERR(bh); if (!bh) @@ -3198,7 +3295,7 @@ static int ext4_unlink(struct inode *dir, struct dentry *dentry) if (IS_DIRSYNC(dir)) ext4_handle_sync(handle); - retval = ext4_delete_entry(handle, dir, de, bh); + retval = ext4_delete_entry(handle, dir, de, lblk, bh); if (retval) goto end_unlink; dir->i_ctime = dir->i_mtime = current_time(dir); @@ -3459,6 +3556,7 @@ struct ext4_renament { int dir_nlink_delta; /* entry for "dentry" */ + ext4_lblk_t lblk; struct buffer_head *bh; struct ext4_dir_entry_2 *de; int inlined; @@ -3546,12 +3644,13 @@ static int ext4_find_delete_entry(handle_t *handle, struct inode *dir, int retval = -ENOENT; struct buffer_head *bh; struct ext4_dir_entry_2 *de; + ext4_lblk_t lblk; - bh = ext4_find_entry(dir, d_name, &de, NULL); + bh = ext4_find_entry(dir, d_name, &de, NULL, &lblk); if (IS_ERR(bh)) return PTR_ERR(bh); if (bh) { - retval = ext4_delete_entry(handle, dir, de, bh); + retval = ext4_delete_entry(handle, dir, de, lblk, bh); brelse(bh); } return retval; @@ -3575,7 +3674,8 @@ static void ext4_rename_delete(handle_t *handle, struct ext4_renament *ent, retval = ext4_find_delete_entry(handle, ent->dir, &ent->dentry->d_name); } else { - retval = ext4_delete_entry(handle, ent->dir, ent->de, ent->bh); + retval = ext4_delete_entry(handle, ent->dir, ent->de, + ent->lblk, ent->bh); if (retval == -ENOENT) { retval = ext4_find_delete_entry(handle, ent->dir, &ent->dentry->d_name); @@ -3688,7 +3788,8 @@ static int ext4_rename(struct inode *old_dir, struct dentry *old_dentry, return retval; } - old.bh = ext4_find_entry(old.dir, &old.dentry->d_name, &old.de, NULL); + old.bh = ext4_find_entry(old.dir, &old.dentry->d_name, &old.de, NULL, + &old.lblk); if (IS_ERR(old.bh)) return PTR_ERR(old.bh); /* @@ -3702,7 +3803,7 @@ static int ext4_rename(struct inode *old_dir, struct dentry *old_dentry, goto end_rename; new.bh = ext4_find_entry(new.dir, &new.dentry->d_name, - &new.de, &new.inlined); + &new.de, &new.inlined, NULL); if (IS_ERR(new.bh)) { retval = PTR_ERR(new.bh); new.bh = NULL; @@ -3882,7 +3983,7 @@ static int ext4_cross_rename(struct inode *old_dir, struct dentry *old_dentry, return retval; old.bh = ext4_find_entry(old.dir, &old.dentry->d_name, - &old.de, &old.inlined); + &old.de, &old.inlined, NULL); if (IS_ERR(old.bh)) return PTR_ERR(old.bh); /* @@ -3896,7 +3997,7 @@ static int ext4_cross_rename(struct inode *old_dir, struct dentry *old_dentry, goto end_rename; new.bh = ext4_find_entry(new.dir, &new.dentry->d_name, - &new.de, &new.inlined); + &new.de, &new.inlined, NULL); if (IS_ERR(new.bh)) { retval = PTR_ERR(new.bh); new.bh = NULL; diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 11584bdc3e237..ab6bc300b6b6e 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -3855,12 +3855,6 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) struct unicode_map *encoding; __u16 encoding_flags; - if (ext4_has_feature_encrypt(sb)) { - ext4_msg(sb, KERN_ERR, - "Can't mount with encoding and encryption"); - goto failed_mount; - } - if (ext4_sb_read_encoding(es, &encoding_info, &encoding_flags)) { ext4_msg(sb, KERN_ERR, From patchwork Fri Jan 17 21:42:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Rosenberg X-Patchwork-Id: 11339867 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 29A4017EA for ; Fri, 17 Jan 2020 21:43:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id F269E214AF for ; Fri, 17 Jan 2020 21:43:23 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="CXn4pZxO" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729990AbgAQVnT (ORCPT ); Fri, 17 Jan 2020 16:43:19 -0500 Received: from mail-pg1-f201.google.com ([209.85.215.201]:38789 "EHLO mail-pg1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729972AbgAQVnS (ORCPT ); Fri, 17 Jan 2020 16:43:18 -0500 Received: by mail-pg1-f201.google.com with SMTP id l13so15180051pgt.5 for ; Fri, 17 Jan 2020 13:43:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=WxgwVjypClb4wXBEnsFhPs7Md2cufBpre+u9WsKYw7I=; b=CXn4pZxOLuGC69Nz6+VELpBugZtMeU/+bpuehqeDRIvTgJ1+DTEzF6kAnUKvl/kdpv tH1ORxCZV8mfoQdBRjVVDCjzQGKEUzKuC9Fn0wiJOEdN1iK7doyl6jr02pV4L4pRtHY3 JAvZmdteNZl+3GhUhhKfY5puOczHxeAX/ZDHqtyZWovpSgo0ipRlpN3i6DMOWNQEmCxm RgOncLDTBFjfO93fHu0zE2K8yUE6NfrYSwL4N103piqajX4AE55PaR42jGXLnspE1BgQ LLQoLJYHoy/0AY/2poOlEsLlDTYraotXfoLEu85+AhDihvkjSNloELKjuZ0DaF84EHHV PCpw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=WxgwVjypClb4wXBEnsFhPs7Md2cufBpre+u9WsKYw7I=; b=F7NUjGVfiQLZr6QS/tzzPWSb6V4LbDUUkZyndQF/s60lyVGw0EKW6+t11nbpJN0xuj oVvNzM/HASC3zLFEJtxEC6TPC+DJfdyxWTCyjxhceAR2M54PTye2OVX8Y514bS/Mkj+d oc6Bq97dWSM/5uzZRqlgxPzmj0iDcEwDIQCrStg2rcAaM5TIGeIyEifXgReEPoWca30s /ce/X4Nb9vV7mEmsgE+5G7lb4kyxpJN0b21FkSzmL/tPjgrgY6L0vC2h2ljDrb5aj1dJ XOZZfMeztPcX28k+Ez3UNNAjIoE/UQRXutRAvZ/KWRuwin2cGNUJRiy+BNczRmwd+7C8 fynQ== X-Gm-Message-State: APjAAAURvswTSQ2wmo2OLkvj6wNvTCv5EjX/GcTiH6QalW2dNTbiLpPT xL2K1slcri4+VhbHAmBrXQavXiFbB3U= X-Google-Smtp-Source: APXvYqxJp/yPu39dSyYifPYGuJFQwiU24dAWTohyAP4bwt0cypS4daC77iVFCfvCJ4uEO0qPJpWRdUpk2tU= X-Received: by 2002:a63:770c:: with SMTP id s12mr49288598pgc.25.1579297398140; Fri, 17 Jan 2020 13:43:18 -0800 (PST) Date: Fri, 17 Jan 2020 13:42:46 -0800 In-Reply-To: <20200117214246.235591-1-drosen@google.com> Message-Id: <20200117214246.235591-10-drosen@google.com> Mime-Version: 1.0 References: <20200117214246.235591-1-drosen@google.com> X-Mailer: git-send-email 2.25.0.341.g760bfbb309-goog Subject: [PATCH v3 9/9] ext4: Optimize match for casefolded encrypted dirs From: Daniel Rosenberg To: "Theodore Ts'o" , linux-ext4@vger.kernel.org, Jaegeuk Kim , Chao Yu , linux-f2fs-devel@lists.sourceforge.net, Eric Biggers , linux-fscrypt@vger.kernel.org, Alexander Viro Cc: Andreas Dilger , Jonathan Corbet , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Gabriel Krisman Bertazi , kernel-team@android.com, Daniel Rosenberg Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org Matching names with casefolded encrypting directories requires decrypting entries to confirm case since we are case preserving. We can avoid needing to decrypt if our hash values don't match. Signed-off-by: Daniel Rosenberg --- fs/ext4/ext4.h | 17 ++++++++------- fs/ext4/namei.c | 55 ++++++++++++++++++++++++++----------------------- 2 files changed, 38 insertions(+), 34 deletions(-) diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h index a70b4db05b745..6755eb30a89b7 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -2393,9 +2393,9 @@ extern unsigned ext4_free_clusters_after_init(struct super_block *sb, ext4_fsblk_t ext4_inode_to_goal_block(struct inode *); #ifdef CONFIG_UNICODE -extern void ext4_fname_setup_ci_filename(struct inode *dir, +extern int ext4_fname_setup_ci_filename(struct inode *dir, const struct qstr *iname, - struct fscrypt_str *fname); + struct ext4_filename *fname); #endif #ifdef CONFIG_FS_ENCRYPTION @@ -2426,9 +2426,9 @@ static inline int ext4_fname_setup_filename(struct inode *dir, ext4_fname_from_fscrypt_name(fname, &name); #ifdef CONFIG_UNICODE - ext4_fname_setup_ci_filename(dir, iname, &fname->cf_name); + err = ext4_fname_setup_ci_filename(dir, iname, fname); #endif - return 0; + return err; } static inline int ext4_fname_prepare_lookup(struct inode *dir, @@ -2445,9 +2445,9 @@ static inline int ext4_fname_prepare_lookup(struct inode *dir, ext4_fname_from_fscrypt_name(fname, &name); #ifdef CONFIG_UNICODE - ext4_fname_setup_ci_filename(dir, &dentry->d_name, &fname->cf_name); + err = ext4_fname_setup_ci_filename(dir, &dentry->d_name, fname); #endif - return 0; + return err; } static inline void ext4_fname_free_filename(struct ext4_filename *fname) @@ -2472,15 +2472,16 @@ static inline int ext4_fname_setup_filename(struct inode *dir, int lookup, struct ext4_filename *fname) { + int err = 0; fname->usr_fname = iname; fname->disk_name.name = (unsigned char *) iname->name; fname->disk_name.len = iname->len; #ifdef CONFIG_UNICODE - ext4_fname_setup_ci_filename(dir, iname, &fname->cf_name); + err = ext4_fname_setup_ci_filename(dir, iname, fname); #endif - return 0; + return err; } static inline int ext4_fname_prepare_lookup(struct inode *dir, diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c index a5ee76a14e3b7..6b63271978a0b 100644 --- a/fs/ext4/namei.c +++ b/fs/ext4/namei.c @@ -784,7 +784,9 @@ dx_probe(struct ext4_filename *fname, struct inode *dir, if (hinfo->hash_version <= DX_HASH_TEA) hinfo->hash_version += EXT4_SB(dir->i_sb)->s_hash_unsigned; hinfo->seed = EXT4_SB(dir->i_sb)->s_hash_seed; - if (fname && fname_name(fname)) + /* hash is already computed for encrypted casefolded directory */ + if (fname && fname_name(fname) && + !(IS_ENCRYPTED(dir) && IS_CASEFOLDED(dir))) ext4fs_dirhash(dir, fname_name(fname), fname_len(fname), hinfo); hash = hinfo->hash; @@ -1352,19 +1354,21 @@ int ext4_ci_compare(const struct inode *parent, const struct qstr *name, return ret; } -void ext4_fname_setup_ci_filename(struct inode *dir, const struct qstr *iname, - struct fscrypt_str *cf_name) +int ext4_fname_setup_ci_filename(struct inode *dir, const struct qstr *iname, + struct ext4_filename *name) { + struct fscrypt_str *cf_name = &name->cf_name; + struct dx_hash_info *hinfo = &name->hinfo; int len; if (!needs_casefold(dir)) { cf_name->name = NULL; - return; + return 0; } cf_name->name = kmalloc(EXT4_NAME_LEN, GFP_NOFS); if (!cf_name->name) - return; + return -ENOMEM; len = utf8_casefold(dir->i_sb->s_encoding, iname, cf_name->name, @@ -1372,10 +1376,18 @@ void ext4_fname_setup_ci_filename(struct inode *dir, const struct qstr *iname, if (len <= 0) { kfree(cf_name->name); cf_name->name = NULL; - return; } cf_name->len = (unsigned) len; + if (!IS_ENCRYPTED(dir)) + return 0; + hinfo->hash_version = DX_HASH_SIPHASH; + hinfo->seed = NULL; + if (cf_name->name) + ext4fs_dirhash(dir, cf_name->name, cf_name->len, hinfo); + else + ext4fs_dirhash(dir, iname->name, iname->len, hinfo); + return 0; } #endif @@ -1405,16 +1417,12 @@ static bool ext4_match(struct inode *parent, struct qstr cf = {.name = fname->cf_name.name, .len = fname->cf_name.len}; if (IS_ENCRYPTED(parent)) { - struct dx_hash_info hinfo; - - hinfo.hash_version = DX_HASH_SIPHASH; - hinfo.seed = NULL; - ext4fs_dirhash(parent, fname->cf_name.name, - fname_len(fname), &hinfo); - if (hinfo.hash != EXT4_DIRENT_HASH(de) || - hinfo.minor_hash != - EXT4_DIRENT_MINOR_HASH(de)) + if (fname->hinfo.hash != EXT4_DIRENT_HASH(de) || + fname->hinfo.minor_hash != + EXT4_DIRENT_MINOR_HASH(de)) { + return 0; + } } return !ext4_ci_compare(parent, &cf, de->name, de->name_len, true); @@ -2036,15 +2044,11 @@ void ext4_insert_dentry(struct inode *dir, de->name_len = fname_len(fname); memcpy(de->name, fname_name(fname), fname_len(fname)); if (ext4_hash_in_dirent(dir)) { - struct dx_hash_info hinfo; + struct dx_hash_info *hinfo = &fname->hinfo; - hinfo.hash_version = DX_HASH_SIPHASH; - hinfo.seed = NULL; - ext4fs_dirhash(dir, fname_usr_name(fname), - fname_len(fname), &hinfo); - EXT4_EXTENDED_DIRENT(de)->hash = cpu_to_le32(hinfo.hash); + EXT4_EXTENDED_DIRENT(de)->hash = cpu_to_le32(hinfo->hash); EXT4_EXTENDED_DIRENT(de)->minor_hash = - cpu_to_le32(hinfo.minor_hash); + cpu_to_le32(hinfo->minor_hash); } } @@ -2195,10 +2199,9 @@ static int make_indexed_dir(handle_t *handle, struct ext4_filename *fname, if (fname->hinfo.hash_version <= DX_HASH_TEA) fname->hinfo.hash_version += EXT4_SB(dir->i_sb)->s_hash_unsigned; fname->hinfo.seed = EXT4_SB(dir->i_sb)->s_hash_seed; - if (ext4_hash_in_dirent(dir)) - ext4fs_dirhash(dir, fname_usr_name(fname), - fname_len(fname), &fname->hinfo); - else + + /* casefolded encrypted hashes are computed on fname setup */ + if (!ext4_hash_in_dirent(dir)) ext4fs_dirhash(dir, fname_name(fname), fname_len(fname), &fname->hinfo);