From: Eric Biggers <ebiggers@kernel.org>
To: Tiezhu Yang <yangtiezhu@loongson.cn>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>,
"Theodore Y. Ts'o" <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>, Chao Yu <yuchao0@huawei.com>,
Tyler Hicks <tyhicks@canonical.com>,
linux-fsdevel@vger.kernel.org, ecryptfs@vger.kernel.org,
linux-fscrypt@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v4] fs: introduce is_dot_or_dotdot helper for cleanup
Date: Tue, 10 Dec 2019 11:19:13 -0800 [thread overview]
Message-ID: <20191210191912.GA99557@gmail.com> (raw)
In-Reply-To: <1575979801-32569-1-git-send-email-yangtiezhu@loongson.cn>
On Tue, Dec 10, 2019 at 08:10:01PM +0800, Tiezhu Yang wrote:
> diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c
> index 3da3707..ef7eba8 100644
> --- a/fs/crypto/fname.c
> +++ b/fs/crypto/fname.c
> @@ -11,21 +11,11 @@
> * This has not yet undergone a rigorous security audit.
> */
>
> +#include <linux/namei.h>
> #include <linux/scatterlist.h>
> #include <crypto/skcipher.h>
> #include "fscrypt_private.h"
>
> -static inline bool fscrypt_is_dot_dotdot(const struct qstr *str)
> -{
> - if (str->len == 1 && str->name[0] == '.')
> - return true;
> -
> - if (str->len == 2 && str->name[0] == '.' && str->name[1] == '.')
> - return true;
> -
> - return false;
> -}
> -
> /**
> * fname_encrypt() - encrypt a filename
> *
> @@ -255,7 +245,7 @@ int fscrypt_fname_disk_to_usr(struct inode *inode,
> const struct qstr qname = FSTR_TO_QSTR(iname);
> struct fscrypt_digested_name digested_name;
>
> - if (fscrypt_is_dot_dotdot(&qname)) {
> + if (is_dot_or_dotdot(qname.name, qname.len)) {
There's no need for the 'qname' variable anymore. Can you please remove it and
do:
if (is_dot_or_dotdot(iname->name, iname->len)) {
> diff --git a/include/linux/namei.h b/include/linux/namei.h
> index 7fe7b87..aba114a 100644
> --- a/include/linux/namei.h
> +++ b/include/linux/namei.h
> @@ -92,4 +92,14 @@ retry_estale(const long error, const unsigned int flags)
> return error == -ESTALE && !(flags & LOOKUP_REVAL);
> }
>
> +static inline bool is_dot_or_dotdot(const unsigned char *name, size_t len)
> +{
> + if (unlikely(name[0] == '.')) {
> + if (len < 2 || (len == 2 && name[1] == '.'))
> + return true;
> + }
> +
> + return false;
> +}
This doesn't handle the len=0 case. Did you check that none of the users pass
in zero-length names? It looks like fscrypt_fname_disk_to_usr() can, if the
directory entry on-disk has a zero-length name. Currently it will return
-EUCLEAN in that case, but with this patch it may think it's the name ".".
So I think there needs to either be a len >= 1 check added, *or* you need to
make an argument for why it's okay to not care about the empty name case.
- Eric
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org>
To: Tiezhu Yang <yangtiezhu@loongson.cn>
Cc: ecryptfs@vger.kernel.org, "Theodore Y. Ts'o" <tytso@mit.edu>,
linux-kernel@vger.kernel.org, Tyler Hicks <tyhicks@canonical.com>,
linux-fscrypt@vger.kernel.org,
Alexander Viro <viro@zeniv.linux.org.uk>,
linux-fsdevel@vger.kernel.org, Jaegeuk Kim <jaegeuk@kernel.org>,
linux-f2fs-devel@lists.sourceforge.net
Subject: Re: [f2fs-dev] [PATCH v4] fs: introduce is_dot_or_dotdot helper for cleanup
Date: Tue, 10 Dec 2019 11:19:13 -0800 [thread overview]
Message-ID: <20191210191912.GA99557@gmail.com> (raw)
In-Reply-To: <1575979801-32569-1-git-send-email-yangtiezhu@loongson.cn>
On Tue, Dec 10, 2019 at 08:10:01PM +0800, Tiezhu Yang wrote:
> diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c
> index 3da3707..ef7eba8 100644
> --- a/fs/crypto/fname.c
> +++ b/fs/crypto/fname.c
> @@ -11,21 +11,11 @@
> * This has not yet undergone a rigorous security audit.
> */
>
> +#include <linux/namei.h>
> #include <linux/scatterlist.h>
> #include <crypto/skcipher.h>
> #include "fscrypt_private.h"
>
> -static inline bool fscrypt_is_dot_dotdot(const struct qstr *str)
> -{
> - if (str->len == 1 && str->name[0] == '.')
> - return true;
> -
> - if (str->len == 2 && str->name[0] == '.' && str->name[1] == '.')
> - return true;
> -
> - return false;
> -}
> -
> /**
> * fname_encrypt() - encrypt a filename
> *
> @@ -255,7 +245,7 @@ int fscrypt_fname_disk_to_usr(struct inode *inode,
> const struct qstr qname = FSTR_TO_QSTR(iname);
> struct fscrypt_digested_name digested_name;
>
> - if (fscrypt_is_dot_dotdot(&qname)) {
> + if (is_dot_or_dotdot(qname.name, qname.len)) {
There's no need for the 'qname' variable anymore. Can you please remove it and
do:
if (is_dot_or_dotdot(iname->name, iname->len)) {
> diff --git a/include/linux/namei.h b/include/linux/namei.h
> index 7fe7b87..aba114a 100644
> --- a/include/linux/namei.h
> +++ b/include/linux/namei.h
> @@ -92,4 +92,14 @@ retry_estale(const long error, const unsigned int flags)
> return error == -ESTALE && !(flags & LOOKUP_REVAL);
> }
>
> +static inline bool is_dot_or_dotdot(const unsigned char *name, size_t len)
> +{
> + if (unlikely(name[0] == '.')) {
> + if (len < 2 || (len == 2 && name[1] == '.'))
> + return true;
> + }
> +
> + return false;
> +}
This doesn't handle the len=0 case. Did you check that none of the users pass
in zero-length names? It looks like fscrypt_fname_disk_to_usr() can, if the
directory entry on-disk has a zero-length name. Currently it will return
-EUCLEAN in that case, but with this patch it may think it's the name ".".
So I think there needs to either be a len >= 1 check added, *or* you need to
make an argument for why it's okay to not care about the empty name case.
- Eric
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next prev parent reply other threads:[~2019-12-10 19:19 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-10 12:10 [PATCH v4] fs: introduce is_dot_or_dotdot helper for cleanup Tiezhu Yang
2019-12-10 12:10 ` [f2fs-dev] " Tiezhu Yang
2019-12-10 12:13 ` Matthew Wilcox
2019-12-10 12:13 ` [f2fs-dev] " Matthew Wilcox
2019-12-10 19:19 ` Eric Biggers [this message]
2019-12-10 19:19 ` Eric Biggers
2019-12-10 23:10 ` Al Viro
2019-12-10 23:10 ` [f2fs-dev] " Al Viro
2019-12-11 0:56 ` Tiezhu Yang
2019-12-11 0:56 ` [f2fs-dev] " Tiezhu Yang
2019-12-12 18:13 ` Matthew Wilcox
2019-12-12 18:13 ` [f2fs-dev] " Matthew Wilcox
-- strict thread matches above, loose matches on Subject: below --
2020-01-28 22:11 [willy@infradead.org: Re: [willy@infradead.org: Re: [PATCH v4] fs: introduce is_dot_or_dotdot helper for cleanup]] Matthew Wilcox
2020-01-29 1:23 ` [PATCH v4] fs: introduce is_dot_or_dotdot helper for cleanup Andreas Dilger
2020-01-29 7:36 ` Matthew Wilcox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191210191912.GA99557@gmail.com \
--to=ebiggers@kernel.org \
--cc=ecryptfs@vger.kernel.org \
--cc=jaegeuk@kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tyhicks@canonical.com \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
--cc=yangtiezhu@loongson.cn \
--cc=yuchao0@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.