f2fs: check entire encrypted bigname when finding a dentry
If user has no key under an encrypted dir, fscrypt gives digested dentries. Previously, when looking up a dentry, f2fs only checks its hash value with first 4 bytes of the digested dentry, which didn't handle hash collisions fully. This patch enhances to check entire dentry bytes likewise ext4. Eric reported how to reproduce this issue by: # seq -f "edir/abcdefghijklmnopqrstuvwxyz012345%.0f" 100000 | xargs touch # find edir -type f | xargs stat -c %i | sort | uniq | wc -l 100000 # sync # echo 3 > /proc/sys/vm/drop_caches # keyctl new_session # find edir -type f | xargs stat -c %i | sort | uniq | wc -l 99999 Cc: <stable@vger.kernel.org> Reported-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> (fixed f2fs_dentry_hash() to work even when the hash is 0) Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
This commit is contained in:
parent
413d5a9edb
commit
6332cd32c8
@ -130,19 +130,29 @@ struct f2fs_dir_entry *find_target_dentry(struct fscrypt_name *fname,
|
||||
continue;
|
||||
}
|
||||
|
||||
/* encrypted case */
|
||||
if (de->hash_code != namehash)
|
||||
goto not_match;
|
||||
|
||||
de_name.name = d->filename[bit_pos];
|
||||
de_name.len = le16_to_cpu(de->name_len);
|
||||
|
||||
/* show encrypted name */
|
||||
if (fname->hash) {
|
||||
if (de->hash_code == cpu_to_le32(fname->hash))
|
||||
goto found;
|
||||
} else if (de_name.len == name->len &&
|
||||
de->hash_code == namehash &&
|
||||
!memcmp(de_name.name, name->name, name->len))
|
||||
#ifdef CONFIG_F2FS_FS_ENCRYPTION
|
||||
if (unlikely(!name->name)) {
|
||||
if (fname->usr_fname->name[0] == '_') {
|
||||
if (de_name.len >= 16 &&
|
||||
!memcmp(de_name.name + de_name.len - 16,
|
||||
fname->crypto_buf.name + 8, 16))
|
||||
goto found;
|
||||
goto not_match;
|
||||
}
|
||||
name->name = fname->crypto_buf.name;
|
||||
name->len = fname->crypto_buf.len;
|
||||
}
|
||||
#endif
|
||||
if (de_name.len == name->len &&
|
||||
!memcmp(de_name.name, name->name, name->len))
|
||||
goto found;
|
||||
|
||||
not_match:
|
||||
if (max_slots && max_len > *max_slots)
|
||||
*max_slots = max_len;
|
||||
max_len = 0;
|
||||
@ -170,12 +180,7 @@ static struct f2fs_dir_entry *find_in_level(struct inode *dir,
|
||||
struct f2fs_dir_entry *de = NULL;
|
||||
bool room = false;
|
||||
int max_slots;
|
||||
f2fs_hash_t namehash;
|
||||
|
||||
if(fname->hash)
|
||||
namehash = cpu_to_le32(fname->hash);
|
||||
else
|
||||
namehash = f2fs_dentry_hash(&name);
|
||||
f2fs_hash_t namehash = f2fs_dentry_hash(&name, fname);
|
||||
|
||||
nbucket = dir_buckets(level, F2FS_I(dir)->i_dir_level);
|
||||
nblock = bucket_blocks(level);
|
||||
@ -542,7 +547,7 @@ int f2fs_add_regular_entry(struct inode *dir, const struct qstr *new_name,
|
||||
|
||||
level = 0;
|
||||
slots = GET_DENTRY_SLOTS(new_name->len);
|
||||
dentry_hash = f2fs_dentry_hash(new_name);
|
||||
dentry_hash = f2fs_dentry_hash(new_name, NULL);
|
||||
|
||||
current_depth = F2FS_I(dir)->i_current_depth;
|
||||
if (F2FS_I(dir)->chash == dentry_hash) {
|
||||
|
@ -2133,7 +2133,8 @@ int sanity_check_ckpt(struct f2fs_sb_info *sbi);
|
||||
/*
|
||||
* hash.c
|
||||
*/
|
||||
f2fs_hash_t f2fs_dentry_hash(const struct qstr *name_info);
|
||||
f2fs_hash_t f2fs_dentry_hash(const struct qstr *name_info,
|
||||
struct fscrypt_name *fname);
|
||||
|
||||
/*
|
||||
* node.c
|
||||
|
@ -70,7 +70,8 @@ static void str2hashbuf(const unsigned char *msg, size_t len,
|
||||
*buf++ = pad;
|
||||
}
|
||||
|
||||
f2fs_hash_t f2fs_dentry_hash(const struct qstr *name_info)
|
||||
f2fs_hash_t f2fs_dentry_hash(const struct qstr *name_info,
|
||||
struct fscrypt_name *fname)
|
||||
{
|
||||
__u32 hash;
|
||||
f2fs_hash_t f2fs_hash;
|
||||
@ -79,6 +80,10 @@ f2fs_hash_t f2fs_dentry_hash(const struct qstr *name_info)
|
||||
const unsigned char *name = name_info->name;
|
||||
size_t len = name_info->len;
|
||||
|
||||
/* encrypted bigname case */
|
||||
if (fname && !fname->disk_name.name)
|
||||
return cpu_to_le32(fname->hash);
|
||||
|
||||
if (is_dot_dotdot(name_info))
|
||||
return 0;
|
||||
|
||||
|
@ -296,7 +296,7 @@ struct f2fs_dir_entry *find_in_inline_dir(struct inode *dir,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
namehash = f2fs_dentry_hash(&name);
|
||||
namehash = f2fs_dentry_hash(&name, fname);
|
||||
|
||||
inline_dentry = inline_data_addr(ipage);
|
||||
|
||||
@ -533,7 +533,7 @@ int f2fs_add_inline_entry(struct inode *dir, const struct qstr *new_name,
|
||||
|
||||
f2fs_wait_on_page_writeback(ipage, NODE, true);
|
||||
|
||||
name_hash = f2fs_dentry_hash(new_name);
|
||||
name_hash = f2fs_dentry_hash(new_name, NULL);
|
||||
make_dentry_ptr(NULL, &d, (void *)dentry_blk, 2);
|
||||
f2fs_update_dentry(ino, mode, &d, new_name, name_hash, bit_pos);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user