iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b01531db6c
linux/fs/ext4
History
Eric Biggers b01531db6c fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext 
->lookup() in an encrypted directory begins as follows:

1. fscrypt_prepare_lookup():
    a. Try to load the directory's encryption key.
    b. If the key is unavailable, mark the dentry as a ciphertext name
       via d_flags.
2. fscrypt_setup_filename():
    a. Try to load the directory's encryption key.
    b. If the key is available, encrypt the name (treated as a plaintext
       name) to get the on-disk name.  Otherwise decode the name
       (treated as a ciphertext name) to get the on-disk name.

But if the key is concurrently added, it may be found at (2a) but not at
(1a).  In this case, the dentry will be wrongly marked as a ciphertext
name even though it was actually treated as plaintext.

This will cause the dentry to be wrongly invalidated on the next lookup,
potentially causing problems.  For example, if the racy ->lookup() was
part of sys_mount(), then the new mount will be detached when anything
tries to access it.  This is despite the mountpoint having a plaintext
path, which should remain valid now that the key was added.

Of course, this is only possible if there's a userspace race.  Still,
the additional kernel-side race is confusing and unexpected.

Close the kernel-side race by changing fscrypt_prepare_lookup() to also
set the on-disk filename (step 2b), consistent with the d_flags update.

Fixes: 28b4c26396 ("ext4 crypto: revalidate dentry after adding or removing the key")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-04-17 10:07:51 -04:00
..
acl.c ext4: compare old and new mode before setting update_mode flag 2018-12-10 00:22:38 -05:00
acl.h ext4: fix up remaining files with SPDX cleanups 2017-12-17 22:00:59 -05:00
balloc.c ext4: use ext4_warning() for sb_getblk failure 2018-08-01 12:02:31 -04:00
bitmap.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
block_validity.c ext4: use 'sbi' instead of 'EXT4_SB(sb)' 2018-01-11 13:17:49 -05:00
dir.c fscrypt: remove filesystem specific build config option 2019-01-23 23:56:43 -05:00
ext4_extents.h ext4: adjust reserved cluster count when removing extents 2018-10-01 14:25:08 -04:00
ext4_jbd2.c ext4: shutdown should not prevent get_write_access 2018-02-18 22:07:36 -05:00
ext4_jbd2.h Miscellaneous ext4 bug fixes for 5.1. 2019-03-24 13:41:37 -07:00
ext4.h fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext 2019-04-17 10:07:51 -04:00
extents_status.c ext4: fix reserved cluster accounting at page invalidation time 2018-10-01 14:33:24 -04:00
extents_status.h ext4: reduce reserved cluster count by number of allocated clusters 2018-10-01 14:24:08 -04:00
extents.c A large number of bug fixes and cleanups. One new feature to allow 2019-03-12 15:03:21 -07:00
file.c ext4: fix data corruption caused by unaligned direct AIO 2019-03-14 23:20:25 -04:00
fsmap.c ext4: make function ‘ext4_getfsmap_find_fixed_metadata’ static 2018-05-10 11:50:04 -04:00
fsmap.h ext4: fix up remaining files with SPDX cleanups 2017-12-17 22:00:59 -05:00
fsync.c Revert "ext4: use ext4_write_inode() when fsyncing w/o a journal" 2019-01-31 23:41:11 -05:00
hash.c ext4: annotate implicit fall throughs 2019-02-21 10:49:53 -05:00
ialloc.c ext4: use IS_ENCRYPTED() to check encryption status 2019-01-23 23:56:43 -05:00
indirect.c ext4: cleanup bh release code in ext4_ind_remove_space() 2019-03-23 11:56:01 -04:00
inline.c ext4: fix a potential fiemap/page fault deadlock w/ inline_data 2018-12-25 00:56:33 -05:00
inode.c Miscellaneous ext4 bug fixes for 5.1. 2019-03-24 13:41:37 -07:00
ioctl.c Miscellaneous ext4 bug fixes for 5.1. 2019-03-24 13:41:37 -07:00
Kconfig A large number of bug fixes and cleanups. One new feature to allow 2019-03-12 15:03:21 -07:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mballoc.c ext4: replace opencoded i_writecount usage with inode_is_open_for_write() 2019-02-10 23:04:16 -05:00
mballoc.h ext4: fix up remaining files with SPDX cleanups 2017-12-17 22:00:59 -05:00
migrate.c ext4: clean up indentation issues, remove extraneous tabs 2018-12-04 00:16:44 -05:00
mmp.c ext4: don't mark mmp buffer head dirty 2018-09-15 17:11:25 -04:00
move_extent.c ext4: use IS_ENCRYPTED() to check encryption status 2019-01-23 23:56:43 -05:00
namei.c fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext 2019-04-17 10:07:51 -04:00
page-io.c A large number of bug fixes and cleanups. One new feature to allow 2019-03-12 15:03:21 -07:00
readpage.c fscrypt: drop inode argument from fscrypt_get_ctx() 2019-04-16 18:37:25 -04:00
resize.c ext4: report real fs size after failed resize 2019-03-15 00:22:28 -04:00
super.c Miscellaneous ext4 bug fixes for 5.1. 2019-03-24 13:41:37 -07:00
symlink.c ext4: switch to fscrypt_get_symlink() 2018-01-11 22:10:40 -05:00
sysfs.c A large number of bug fixes and cleanups. One new feature to allow 2019-03-12 15:03:21 -07:00
truncate.h ext4: handle layout changes to pinned DAX mappings 2018-07-29 17:00:22 -04:00
xattr_security.c ext4: use XATTR_CREATE in ext4_initxattrs() 2018-05-10 11:52:14 -04:00
xattr_trusted.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xattr_user.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xattr.c ext4: fix some error pointer dereferences 2019-02-21 11:17:34 -05:00
xattr.h ext4: add extra checks to ext4_xattr_block_get() 2018-03-30 20:04:11 -04:00