From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E07C4C433E1 for ; Mon, 24 Aug 2020 20:49:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BCA912072D for ; Mon, 24 Aug 2020 20:49:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598302155; bh=PDF5FB3f/iX6KmB9XrlWFrnk42OQsjSRBtJ1FLkbKmk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:List-ID:From; b=mIz6dRkgp6hiyU0Sbhmpmal1zWtzke0Js1riq/8qMKLlKuSBob9W7RZDeejC/mmV/ Ds9oq/6FEL9+OzFK2MjAJf9KWJlcgybWhZMxS+j41DvUOYfAuKbg+sn0sB+nnx/bpw 6VLUvN/yw5j6E8ELz+aWKeZVOfzNfLSp7I03wJPY= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727797AbgHXUtP (ORCPT ); Mon, 24 Aug 2020 16:49:15 -0400 Received: from mail.kernel.org ([198.145.29.99]:38656 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726090AbgHXUtP (ORCPT ); Mon, 24 Aug 2020 16:49:15 -0400 Received: from gmail.com (unknown [104.132.1.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 195B02067C; Mon, 24 Aug 2020 20:49:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598302154; bh=PDF5FB3f/iX6KmB9XrlWFrnk42OQsjSRBtJ1FLkbKmk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=jUh/EXYBZSsJDdmVjLNI9Ide1YTidVvRvP57Wf4SyWXTEaa/Oq3Sun1fEYKw2zPbo aKCpyYiHp520+hjmEuKybQsRGqMfFfEWdJnjuX5r1U5Kobvoccm1Wqv2sA2JRBKfsY /d8CDZHgd3G1/Lq1Dw0aWx5EI4uNe9CYC6tcvDpQ= Date: Mon, 24 Aug 2020 13:49:12 -0700 From: Eric Biggers To: Jeff Layton Cc: linux-fscrypt@vger.kernel.org, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-mtd@lists.infradead.org, ceph-devel@vger.kernel.org Subject: Re: [RFC PATCH 1/8] fscrypt: add fscrypt_prepare_new_inode() and fscrypt_set_context() Message-ID: <20200824204912.GD1650861@gmail.com> References: <20200824061712.195654-1-ebiggers@kernel.org> <20200824061712.195654-2-ebiggers@kernel.org> <0cf5638796e7cddacc38dcd1e967368b99f0069a.camel@kernel.org> <20200824182114.GB1650861@gmail.com> <06a7d9562b84354eb72bd67c9d4b7262dac53457.camel@kernel.org> <20200824190221.GC1650861@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: ceph-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org On Mon, Aug 24, 2020 at 03:42:59PM -0400, Jeff Layton wrote: > On Mon, 2020-08-24 at 12:02 -0700, Eric Biggers wrote: > > On Mon, Aug 24, 2020 at 02:47:07PM -0400, Jeff Layton wrote: > > > On Mon, 2020-08-24 at 11:21 -0700, Eric Biggers wrote: > > > > On Mon, Aug 24, 2020 at 12:48:48PM -0400, Jeff Layton wrote: > > > > > > +void fscrypt_hash_inode_number(struct fscrypt_info *ci, > > > > > > + const struct fscrypt_master_key *mk) > > > > > > +{ > > > > > > + WARN_ON(ci->ci_inode->i_ino == 0); > > > > > > + WARN_ON(!mk->mk_ino_hash_key_initialized); > > > > > > + > > > > > > + ci->ci_hashed_ino = (u32)siphash_1u64(ci->ci_inode->i_ino, > > > > > > + &mk->mk_ino_hash_key); > > > > > > > > > > i_ino is an unsigned long. Will this produce a consistent results on > > > > > arches with 32 and 64 bit long values? I think it'd be nice to ensure > > > > > that we can access an encrypted directory created on a 32-bit host from > > > > > (e.g.) a 64-bit host. > > > > > > > > The result is the same regardless of word size and endianness. > > > > siphash_1u64(v, k) is equivalent to: > > > > > > > > __le64 x = cpu_to_le64(v); > > > > siphash(&x, 8, k); > > > > > > > > > > In the case where you have an (on-storage) inode number that is larger > > > than 2^32, x will almost certainly be different on a 32 vs. 64-bit > > > wordsize. > > > > > > On the box with the 32-bit wordsize, you'll end up promoting i_ino to a > > > 64-bit word and the upper 32 bits will be zeroed out. So it seems like > > > this means that if you're using inline hardware you're going to end up > > > with a result that won't work correctly across different wordsizes. > > > > That's only possible if the VFS is truncating the inode number, which would also > > break userspace in lots of ways like making applications think that files are > > hard-linked together when they aren't. Also, IV_INO_LBLK_64 would break. > > > > The correct fix for that would be to make inode::i_ino 64-bit. > > > > ...or just ask the filesystem for the 64-bit inode number via ->getattr > or a new op. You could also just truncate it down to 32 bits or xor the > top and bottom bits together first, etc... > > > Note that ext4 and f2fs (currently the only filesystems that support the > > IV_INO_LBLK_* flags) only support 32-bit inode numbers. > > > > Ahh, ok. That explains why it's not been an issue so far. Still, if > you're reworking this code anyway, you might want to consider avoiding > i_ino here. Let's just enforce ino_bits <= 32 for IV_INO_LBLK_32 for now, like is done for IV_INO_LBLK_64: https://lkml.kernel.org/r/20200824203841.1707847-1-ebiggers@kernel.org There's no need to add extra complexity for something that no one wants yet. (And as mentioned, this won't prevent ceph or other filesystems with 64-bit inode numbers from adding support for fscrypt, as IV_INO_LBLK_32 support is optional and has a pretty specific use case.) - Eric From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2E82EC433E1 for ; Mon, 24 Aug 2020 20:49:29 +0000 (UTC) Received: from lists.sourceforge.net (lists.sourceforge.net [216.105.38.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id CDB7B2067C; Mon, 24 Aug 2020 20:49:28 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=sourceforge.net header.i=@sourceforge.net header.b="VXcOGZ15"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=sf.net header.i=@sf.net header.b="lv6lkzsm"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="jUh/EXYB" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CDB7B2067C Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linux-f2fs-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1kAJPD-0003hI-Or; Mon, 24 Aug 2020 20:49:27 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kAJPC-0003hA-Ji for linux-f2fs-devel@lists.sourceforge.net; Mon, 24 Aug 2020 20:49:26 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=In-Reply-To:Content-Type:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=EIkdVfYAXZ0nF63I2+0jyZKFVY03yR4ihWoXcoRKcn8=; b=VXcOGZ15y9ClIiWmZKOBGRtOwO RKyZ2937QpQ+PiUV9mPMIACnltcpMmkuIdXkhpXnNJRONjdedhj6qnTvRK0Tt0lZAhwssJc65V3v6 CIlf40IKjBU15yalrkJl3e5H3A4sRWh+tsILspFXoqis6N0EEQ4d2jM6u928UCpTBiRM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To :From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=EIkdVfYAXZ0nF63I2+0jyZKFVY03yR4ihWoXcoRKcn8=; b=lv6lkzsm2ndhvveyQFc4RzFXOj SOhMoKYH0bzlJ00GA09yPr+JmsXpkJd5CupvvRqCwA6XEpyOzT6Y1bG/knS9C/RxFcbJ0J7awp7mk I21cMEx5XnXAW74au/cwrQKDt3wUpGg6nHTg2u21RYC5MU65QPbg1UJFtcoLAaRpklp0=; Received: from mail.kernel.org ([198.145.29.99]) by sfi-mx-4.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1kAJPA-005a6r-He for linux-f2fs-devel@lists.sourceforge.net; Mon, 24 Aug 2020 20:49:26 +0000 Received: from gmail.com (unknown [104.132.1.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 195B02067C; Mon, 24 Aug 2020 20:49:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598302154; bh=PDF5FB3f/iX6KmB9XrlWFrnk42OQsjSRBtJ1FLkbKmk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=jUh/EXYBZSsJDdmVjLNI9Ide1YTidVvRvP57Wf4SyWXTEaa/Oq3Sun1fEYKw2zPbo aKCpyYiHp520+hjmEuKybQsRGqMfFfEWdJnjuX5r1U5Kobvoccm1Wqv2sA2JRBKfsY /d8CDZHgd3G1/Lq1Dw0aWx5EI4uNe9CYC6tcvDpQ= Date: Mon, 24 Aug 2020 13:49:12 -0700 From: Eric Biggers To: Jeff Layton Message-ID: <20200824204912.GD1650861@gmail.com> References: <20200824061712.195654-1-ebiggers@kernel.org> <20200824061712.195654-2-ebiggers@kernel.org> <0cf5638796e7cddacc38dcd1e967368b99f0069a.camel@kernel.org> <20200824182114.GB1650861@gmail.com> <06a7d9562b84354eb72bd67c9d4b7262dac53457.camel@kernel.org> <20200824190221.GC1650861@gmail.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Headers-End: 1kAJPA-005a6r-He Subject: Re: [f2fs-dev] [RFC PATCH 1/8] fscrypt: add fscrypt_prepare_new_inode() and fscrypt_set_context() X-BeenThere: linux-f2fs-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-fscrypt@vger.kernel.org, linux-ext4@vger.kernel.org, linux-mtd@lists.infradead.org, ceph-devel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: linux-f2fs-devel-bounces@lists.sourceforge.net On Mon, Aug 24, 2020 at 03:42:59PM -0400, Jeff Layton wrote: > On Mon, 2020-08-24 at 12:02 -0700, Eric Biggers wrote: > > On Mon, Aug 24, 2020 at 02:47:07PM -0400, Jeff Layton wrote: > > > On Mon, 2020-08-24 at 11:21 -0700, Eric Biggers wrote: > > > > On Mon, Aug 24, 2020 at 12:48:48PM -0400, Jeff Layton wrote: > > > > > > +void fscrypt_hash_inode_number(struct fscrypt_info *ci, > > > > > > + const struct fscrypt_master_key *mk) > > > > > > +{ > > > > > > + WARN_ON(ci->ci_inode->i_ino == 0); > > > > > > + WARN_ON(!mk->mk_ino_hash_key_initialized); > > > > > > + > > > > > > + ci->ci_hashed_ino = (u32)siphash_1u64(ci->ci_inode->i_ino, > > > > > > + &mk->mk_ino_hash_key); > > > > > > > > > > i_ino is an unsigned long. Will this produce a consistent results on > > > > > arches with 32 and 64 bit long values? I think it'd be nice to ensure > > > > > that we can access an encrypted directory created on a 32-bit host from > > > > > (e.g.) a 64-bit host. > > > > > > > > The result is the same regardless of word size and endianness. > > > > siphash_1u64(v, k) is equivalent to: > > > > > > > > __le64 x = cpu_to_le64(v); > > > > siphash(&x, 8, k); > > > > > > > > > > In the case where you have an (on-storage) inode number that is larger > > > than 2^32, x will almost certainly be different on a 32 vs. 64-bit > > > wordsize. > > > > > > On the box with the 32-bit wordsize, you'll end up promoting i_ino to a > > > 64-bit word and the upper 32 bits will be zeroed out. So it seems like > > > this means that if you're using inline hardware you're going to end up > > > with a result that won't work correctly across different wordsizes. > > > > That's only possible if the VFS is truncating the inode number, which would also > > break userspace in lots of ways like making applications think that files are > > hard-linked together when they aren't. Also, IV_INO_LBLK_64 would break. > > > > The correct fix for that would be to make inode::i_ino 64-bit. > > > > ...or just ask the filesystem for the 64-bit inode number via ->getattr > or a new op. You could also just truncate it down to 32 bits or xor the > top and bottom bits together first, etc... > > > Note that ext4 and f2fs (currently the only filesystems that support the > > IV_INO_LBLK_* flags) only support 32-bit inode numbers. > > > > Ahh, ok. That explains why it's not been an issue so far. Still, if > you're reworking this code anyway, you might want to consider avoiding > i_ino here. Let's just enforce ino_bits <= 32 for IV_INO_LBLK_32 for now, like is done for IV_INO_LBLK_64: https://lkml.kernel.org/r/20200824203841.1707847-1-ebiggers@kernel.org There's no need to add extra complexity for something that no one wants yet. (And as mentioned, this won't prevent ceph or other filesystems with 64-bit inode numbers from adding support for fscrypt, as IV_INO_LBLK_32 support is optional and has a pretty specific use case.) - Eric _______________________________________________ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4EC63C433E1 for ; Mon, 24 Aug 2020 20:49:54 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id EBCF52067C for ; Mon, 24 Aug 2020 20:49:53 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="cUbHr4Jz"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="jUh/EXYB" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org EBCF52067C Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-mtd-bounces+linux-mtd=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:Message-ID: Subject:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=W6QJsCAsv275AJs6Lcwm/8LMyew7glt1Gf7QUsA0yfE=; b=cUbHr4Jz4DIC1nNm+9QXHMTEN mKDXwAkEU4Kni94NfoTsFNKPA9qIeFWal1yVpbZdRHWZyfRBVfn/gZoX5gA/rffREGx/KM0Cocg8r rfKTnOvNmVfKDFor7O924d3NesQu6/Kr+yUh7rY6q5az0OW0JdSi4fhf2ssUWJBmdoOfs4xelTWJV Gjk57veECTnyPWScibJzcW1lN5YFjTARs1YKUvzOAXK0h8GmIBJyhYx+u6rUQDy0INUD+kF1o99ig l+yJXtMtGuid6ldAT6kLRMRg290HTcAeSSqeoJ7wYSihYE5iD1bDz9q0h3RtpPdlXZ34MjWIyxzHo xvDt5N0ag==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kAJP3-0006aS-Ma; Mon, 24 Aug 2020 20:49:17 +0000 Received: from mail.kernel.org ([198.145.29.99]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kAJP1-0006Zk-3h for linux-mtd@lists.infradead.org; Mon, 24 Aug 2020 20:49:15 +0000 Received: from gmail.com (unknown [104.132.1.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 195B02067C; Mon, 24 Aug 2020 20:49:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598302154; bh=PDF5FB3f/iX6KmB9XrlWFrnk42OQsjSRBtJ1FLkbKmk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=jUh/EXYBZSsJDdmVjLNI9Ide1YTidVvRvP57Wf4SyWXTEaa/Oq3Sun1fEYKw2zPbo aKCpyYiHp520+hjmEuKybQsRGqMfFfEWdJnjuX5r1U5Kobvoccm1Wqv2sA2JRBKfsY /d8CDZHgd3G1/Lq1Dw0aWx5EI4uNe9CYC6tcvDpQ= Date: Mon, 24 Aug 2020 13:49:12 -0700 From: Eric Biggers To: Jeff Layton Subject: Re: [RFC PATCH 1/8] fscrypt: add fscrypt_prepare_new_inode() and fscrypt_set_context() Message-ID: <20200824204912.GD1650861@gmail.com> References: <20200824061712.195654-1-ebiggers@kernel.org> <20200824061712.195654-2-ebiggers@kernel.org> <0cf5638796e7cddacc38dcd1e967368b99f0069a.camel@kernel.org> <20200824182114.GB1650861@gmail.com> <06a7d9562b84354eb72bd67c9d4b7262dac53457.camel@kernel.org> <20200824190221.GC1650861@gmail.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200824_164915_281628_4522DBDB X-CRM114-Status: GOOD ( 28.03 ) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-fscrypt@vger.kernel.org, linux-ext4@vger.kernel.org, linux-mtd@lists.infradead.org, ceph-devel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-mtd" Errors-To: linux-mtd-bounces+linux-mtd=archiver.kernel.org@lists.infradead.org On Mon, Aug 24, 2020 at 03:42:59PM -0400, Jeff Layton wrote: > On Mon, 2020-08-24 at 12:02 -0700, Eric Biggers wrote: > > On Mon, Aug 24, 2020 at 02:47:07PM -0400, Jeff Layton wrote: > > > On Mon, 2020-08-24 at 11:21 -0700, Eric Biggers wrote: > > > > On Mon, Aug 24, 2020 at 12:48:48PM -0400, Jeff Layton wrote: > > > > > > +void fscrypt_hash_inode_number(struct fscrypt_info *ci, > > > > > > + const struct fscrypt_master_key *mk) > > > > > > +{ > > > > > > + WARN_ON(ci->ci_inode->i_ino == 0); > > > > > > + WARN_ON(!mk->mk_ino_hash_key_initialized); > > > > > > + > > > > > > + ci->ci_hashed_ino = (u32)siphash_1u64(ci->ci_inode->i_ino, > > > > > > + &mk->mk_ino_hash_key); > > > > > > > > > > i_ino is an unsigned long. Will this produce a consistent results on > > > > > arches with 32 and 64 bit long values? I think it'd be nice to ensure > > > > > that we can access an encrypted directory created on a 32-bit host from > > > > > (e.g.) a 64-bit host. > > > > > > > > The result is the same regardless of word size and endianness. > > > > siphash_1u64(v, k) is equivalent to: > > > > > > > > __le64 x = cpu_to_le64(v); > > > > siphash(&x, 8, k); > > > > > > > > > > In the case where you have an (on-storage) inode number that is larger > > > than 2^32, x will almost certainly be different on a 32 vs. 64-bit > > > wordsize. > > > > > > On the box with the 32-bit wordsize, you'll end up promoting i_ino to a > > > 64-bit word and the upper 32 bits will be zeroed out. So it seems like > > > this means that if you're using inline hardware you're going to end up > > > with a result that won't work correctly across different wordsizes. > > > > That's only possible if the VFS is truncating the inode number, which would also > > break userspace in lots of ways like making applications think that files are > > hard-linked together when they aren't. Also, IV_INO_LBLK_64 would break. > > > > The correct fix for that would be to make inode::i_ino 64-bit. > > > > ...or just ask the filesystem for the 64-bit inode number via ->getattr > or a new op. You could also just truncate it down to 32 bits or xor the > top and bottom bits together first, etc... > > > Note that ext4 and f2fs (currently the only filesystems that support the > > IV_INO_LBLK_* flags) only support 32-bit inode numbers. > > > > Ahh, ok. That explains why it's not been an issue so far. Still, if > you're reworking this code anyway, you might want to consider avoiding > i_ino here. Let's just enforce ino_bits <= 32 for IV_INO_LBLK_32 for now, like is done for IV_INO_LBLK_64: https://lkml.kernel.org/r/20200824203841.1707847-1-ebiggers@kernel.org There's no need to add extra complexity for something that no one wants yet. (And as mentioned, this won't prevent ceph or other filesystems with 64-bit inode numbers from adding support for fscrypt, as IV_INO_LBLK_32 support is optional and has a pretty specific use case.) - Eric ______________________________________________________ Linux MTD discussion mailing list http://lists.infradead.org/mailman/listinfo/linux-mtd/