From: Eric Biggers <ebiggers@kernel.org>
To: linux-fscrypt@vger.kernel.org
Cc: linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org
Subject: [PATCH 0/5] fscrypt: prevent creating duplicate encrypted filenames
Date: Tue, 17 Nov 2020 23:56:04 -0800 [thread overview]
Message-ID: <20201118075609.120337-1-ebiggers@kernel.org> (raw)
This series fixes a longstanding race condition where a duplicate
filename can be created in an encrypted directory if a syscall that
creates a new filename (e.g. open() or mkdir()) races with the
directory's encryption key being added.
To close this race, we need to prevent creating files if the dentry is
still marked as a no-key name. I.e. we need to fail the ->create() (or
other operation that creates a new filename) if the key wasn't available
when doing the dentry lookup earlier in the syscall, even if the key was
concurrently added between the dentry lookup and ->create().
See patch 1 for a more detailed explanation.
Patch 1 introduces a helper function required for the fix. Patches 2-4
fix the bug on ext4, f2fs, and ubifs. Patch 5 is a cleanup.
This fixes xfstest generic/595 on ubifs, but that test was hitting this
bug only accidentally. I've also written a new xfstest which reproduces
this bug on both ext4 and ubifs.
Eric Biggers (5):
fscrypt: add fscrypt_is_nokey_name()
ext4: prevent creating duplicate encrypted filenames
f2fs: prevent creating duplicate encrypted filenames
ubifs: prevent creating duplicate encrypted filenames
fscrypt: remove unnecessary calls to fscrypt_require_key()
fs/crypto/hooks.c | 31 +++++++++++--------------------
fs/ext4/namei.c | 3 +++
fs/f2fs/f2fs.h | 2 ++
fs/ubifs/dir.c | 17 +++++++++++++----
include/linux/fscrypt.h | 37 +++++++++++++++++++++++++++++++++++--
5 files changed, 64 insertions(+), 26 deletions(-)
base-commit: 3ceb6543e9cf6ed87cc1fbc6f23ca2db903564cd
--
2.29.2
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org>
To: linux-fscrypt@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org,
linux-mtd@lists.infradead.org,
linux-f2fs-devel@lists.sourceforge.net
Subject: [f2fs-dev] [PATCH 0/5] fscrypt: prevent creating duplicate encrypted filenames
Date: Tue, 17 Nov 2020 23:56:04 -0800 [thread overview]
Message-ID: <20201118075609.120337-1-ebiggers@kernel.org> (raw)
This series fixes a longstanding race condition where a duplicate
filename can be created in an encrypted directory if a syscall that
creates a new filename (e.g. open() or mkdir()) races with the
directory's encryption key being added.
To close this race, we need to prevent creating files if the dentry is
still marked as a no-key name. I.e. we need to fail the ->create() (or
other operation that creates a new filename) if the key wasn't available
when doing the dentry lookup earlier in the syscall, even if the key was
concurrently added between the dentry lookup and ->create().
See patch 1 for a more detailed explanation.
Patch 1 introduces a helper function required for the fix. Patches 2-4
fix the bug on ext4, f2fs, and ubifs. Patch 5 is a cleanup.
This fixes xfstest generic/595 on ubifs, but that test was hitting this
bug only accidentally. I've also written a new xfstest which reproduces
this bug on both ext4 and ubifs.
Eric Biggers (5):
fscrypt: add fscrypt_is_nokey_name()
ext4: prevent creating duplicate encrypted filenames
f2fs: prevent creating duplicate encrypted filenames
ubifs: prevent creating duplicate encrypted filenames
fscrypt: remove unnecessary calls to fscrypt_require_key()
fs/crypto/hooks.c | 31 +++++++++++--------------------
fs/ext4/namei.c | 3 +++
fs/f2fs/f2fs.h | 2 ++
fs/ubifs/dir.c | 17 +++++++++++++----
include/linux/fscrypt.h | 37 +++++++++++++++++++++++++++++++++++--
5 files changed, 64 insertions(+), 26 deletions(-)
base-commit: 3ceb6543e9cf6ed87cc1fbc6f23ca2db903564cd
--
2.29.2
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org>
To: linux-fscrypt@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org,
linux-mtd@lists.infradead.org,
linux-f2fs-devel@lists.sourceforge.net
Subject: [PATCH 0/5] fscrypt: prevent creating duplicate encrypted filenames
Date: Tue, 17 Nov 2020 23:56:04 -0800 [thread overview]
Message-ID: <20201118075609.120337-1-ebiggers@kernel.org> (raw)
This series fixes a longstanding race condition where a duplicate
filename can be created in an encrypted directory if a syscall that
creates a new filename (e.g. open() or mkdir()) races with the
directory's encryption key being added.
To close this race, we need to prevent creating files if the dentry is
still marked as a no-key name. I.e. we need to fail the ->create() (or
other operation that creates a new filename) if the key wasn't available
when doing the dentry lookup earlier in the syscall, even if the key was
concurrently added between the dentry lookup and ->create().
See patch 1 for a more detailed explanation.
Patch 1 introduces a helper function required for the fix. Patches 2-4
fix the bug on ext4, f2fs, and ubifs. Patch 5 is a cleanup.
This fixes xfstest generic/595 on ubifs, but that test was hitting this
bug only accidentally. I've also written a new xfstest which reproduces
this bug on both ext4 and ubifs.
Eric Biggers (5):
fscrypt: add fscrypt_is_nokey_name()
ext4: prevent creating duplicate encrypted filenames
f2fs: prevent creating duplicate encrypted filenames
ubifs: prevent creating duplicate encrypted filenames
fscrypt: remove unnecessary calls to fscrypt_require_key()
fs/crypto/hooks.c | 31 +++++++++++--------------------
fs/ext4/namei.c | 3 +++
fs/f2fs/f2fs.h | 2 ++
fs/ubifs/dir.c | 17 +++++++++++++----
include/linux/fscrypt.h | 37 +++++++++++++++++++++++++++++++++++--
5 files changed, 64 insertions(+), 26 deletions(-)
base-commit: 3ceb6543e9cf6ed87cc1fbc6f23ca2db903564cd
--
2.29.2
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
next reply other threads:[~2020-11-18 7:57 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-18 7:56 Eric Biggers [this message]
2020-11-18 7:56 ` [PATCH 0/5] fscrypt: prevent creating duplicate encrypted filenames Eric Biggers
2020-11-18 7:56 ` [f2fs-dev] " Eric Biggers
2020-11-18 7:56 ` [PATCH 1/5] fscrypt: add fscrypt_is_nokey_name() Eric Biggers
2020-11-18 7:56 ` Eric Biggers
2020-11-18 7:56 ` [f2fs-dev] " Eric Biggers
2020-11-18 7:56 ` [PATCH 2/5] ext4: prevent creating duplicate encrypted filenames Eric Biggers
2020-11-18 7:56 ` Eric Biggers
2020-11-18 7:56 ` [f2fs-dev] " Eric Biggers
2020-11-18 7:56 ` [PATCH 3/5] f2fs: " Eric Biggers
2020-11-18 7:56 ` Eric Biggers
2020-11-18 7:56 ` [f2fs-dev] " Eric Biggers
2020-11-18 7:56 ` [PATCH 4/5] ubifs: " Eric Biggers
2020-11-18 7:56 ` Eric Biggers
2020-11-18 7:56 ` [f2fs-dev] " Eric Biggers
2020-11-18 7:56 ` [PATCH 5/5] fscrypt: remove unnecessary calls to fscrypt_require_key() Eric Biggers
2020-11-18 7:56 ` Eric Biggers
2020-11-18 7:56 ` [f2fs-dev] " Eric Biggers
2020-11-24 23:28 ` [PATCH 0/5] fscrypt: prevent creating duplicate encrypted filenames Eric Biggers
2020-11-24 23:28 ` Eric Biggers
2020-11-24 23:28 ` [f2fs-dev] " Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201118075609.120337-1-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.