Re: [PATCH v3 02/10] fscrypt: Share code between functions that prepare lookup

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Gabriel Krisman Bertazi <krisman@suse.de>
To: Eric Biggers <ebiggers@kernel.org>
Cc: viro@zeniv.linux.org.uk,  jaegeuk@kernel.org,  tytso@mit.edu,
	linux-ext4@vger.kernel.org,
	 linux-f2fs-devel@lists.sourceforge.net,
	linux-fsdevel@vger.kernel.org,  amir73il@gmail.com
Subject: Re: [PATCH v3 02/10] fscrypt: Share code between functions that prepare lookup
Date: Thu, 25 Jan 2024 17:18:00 -0300	[thread overview]
Message-ID: <87a5otxj47.fsf@mailhost.krisman.be> (raw)
In-Reply-To: <20240125030530.GB52073@sol.localdomain> (Eric Biggers's message of "Wed, 24 Jan 2024 19:05:30 -0800")

Eric Biggers <ebiggers@kernel.org> writes:

> On Fri, Jan 19, 2024 at 03:47:34PM -0300, Gabriel Krisman Bertazi wrote:
>> To make the patch simpler, we now call fscrypt_get_encryption_info twice
>> for fscrypt_prepare_lookup, once inside fscrypt_setup_filename and once
>> inside fscrypt_prepare_lookup_dentry.  It seems safe to do, and
>> considering it will bail early in the second lookup and most lookups
>> should go to the dcache anyway, it doesn't seem problematic for
>> performance.  In addition, we add a function call for the unencrypted
>> case, also during lookup.
>
> Unfortunately I don't think it's correct.  This is basically undoing my fix
> b01531db6cec ("fscrypt: fix race where ->lookup() marks plaintext dentry as
> ciphertext") from several years ago.
>
> When a lookup is done, the filesystem needs to either treat the name being
> looked up as a no-key name *or* as a regular name, depending on whether the
> directory's key is present.  We shouldn't enable race conditions where, due to
> the key being concurrently added, the name is treated as a no-key name for
> filename matching purposes but a regular name for dentry validation purposes.
> That can result in an anomaly where a file that exists ends up with a negative
> dentry that doesn't get invalidated.
>
> Basically, the boolean fscrypt_name::is_nokey_name that's produced by
> fscrypt_setup_filename() should continue to be propagated to DCACHE_NOKEY_NAME.

I see your point.  I'll drop this patch and replace it with a patch that
just merges the DCACHE_NOKEY_NAME configuration.  Sadly, we gotta keep
the two variants I think.

thanks for the review

-- 
Gabriel Krisman Bertazi

WARNING: multiple messages have this Message-ID (diff)

From: Gabriel Krisman Bertazi <krisman@suse.de>
To: Eric Biggers <ebiggers@kernel.org>
Cc: tytso@mit.edu, amir73il@gmail.com,
	linux-f2fs-devel@lists.sourceforge.net, viro@zeniv.linux.org.uk,
	linux-fsdevel@vger.kernel.org, jaegeuk@kernel.org,
	linux-ext4@vger.kernel.org
Subject: Re: [f2fs-dev] [PATCH v3 02/10] fscrypt: Share code between functions that prepare lookup
Date: Thu, 25 Jan 2024 17:18:00 -0300	[thread overview]
Message-ID: <87a5otxj47.fsf@mailhost.krisman.be> (raw)
In-Reply-To: <20240125030530.GB52073@sol.localdomain> (Eric Biggers's message of "Wed, 24 Jan 2024 19:05:30 -0800")

Eric Biggers <ebiggers@kernel.org> writes:

> On Fri, Jan 19, 2024 at 03:47:34PM -0300, Gabriel Krisman Bertazi wrote:
>> To make the patch simpler, we now call fscrypt_get_encryption_info twice
>> for fscrypt_prepare_lookup, once inside fscrypt_setup_filename and once
>> inside fscrypt_prepare_lookup_dentry.  It seems safe to do, and
>> considering it will bail early in the second lookup and most lookups
>> should go to the dcache anyway, it doesn't seem problematic for
>> performance.  In addition, we add a function call for the unencrypted
>> case, also during lookup.
>
> Unfortunately I don't think it's correct.  This is basically undoing my fix
> b01531db6cec ("fscrypt: fix race where ->lookup() marks plaintext dentry as
> ciphertext") from several years ago.
>
> When a lookup is done, the filesystem needs to either treat the name being
> looked up as a no-key name *or* as a regular name, depending on whether the
> directory's key is present.  We shouldn't enable race conditions where, due to
> the key being concurrently added, the name is treated as a no-key name for
> filename matching purposes but a regular name for dentry validation purposes.
> That can result in an anomaly where a file that exists ends up with a negative
> dentry that doesn't get invalidated.
>
> Basically, the boolean fscrypt_name::is_nokey_name that's produced by
> fscrypt_setup_filename() should continue to be propagated to DCACHE_NOKEY_NAME.

I see your point.  I'll drop this patch and replace it with a patch that
just merges the DCACHE_NOKEY_NAME configuration.  Sadly, we gotta keep
the two variants I think.

thanks for the review

-- 
Gabriel Krisman Bertazi


_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

next prev parent reply	other threads:[~2024-01-25 20:18 UTC|newest]

Thread overview: 43+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-01-19 18:47 [PATCH v3 00/10] Set casefold/fscrypt dentry operations through sb->s_d_op Gabriel Krisman Bertazi
2024-01-19 18:47 ` [f2fs-dev] " Gabriel Krisman Bertazi
2024-01-19 18:47 ` [PATCH v3 01/10] ovl: Reject mounting case-insensitive filesystems Gabriel Krisman Bertazi
2024-01-19 18:47   ` [f2fs-dev] " Gabriel Krisman Bertazi
2024-01-25  2:51   ` Eric Biggers
2024-01-25  2:51     ` [f2fs-dev] " Eric Biggers
2024-01-25 16:55     ` Gabriel Krisman Bertazi
2024-01-25 16:55       ` [f2fs-dev] " Gabriel Krisman Bertazi
2024-01-27  7:08       ` Eric Biggers
2024-01-27  7:08         ` [f2fs-dev] " Eric Biggers
2024-01-19 18:47 ` [PATCH v3 02/10] fscrypt: Share code between functions that prepare lookup Gabriel Krisman Bertazi
2024-01-19 18:47   ` [f2fs-dev] " Gabriel Krisman Bertazi
2024-01-25  3:05   ` Eric Biggers
2024-01-25  3:05     ` [f2fs-dev] " Eric Biggers
2024-01-25 20:18     ` Gabriel Krisman Bertazi [this message]
2024-01-25 20:18       ` Gabriel Krisman Bertazi
2024-01-19 18:47 ` [PATCH v3 03/10] fscrypt: Drop d_revalidate for valid dentries during lookup Gabriel Krisman Bertazi
2024-01-19 18:47   ` [f2fs-dev] " Gabriel Krisman Bertazi
2024-01-19 18:47 ` [PATCH v3 04/10] fscrypt: Drop d_revalidate once the key is added Gabriel Krisman Bertazi
2024-01-19 18:47   ` [f2fs-dev] " Gabriel Krisman Bertazi
2024-01-25  3:12   ` Eric Biggers
2024-01-25  3:12     ` [f2fs-dev] " Eric Biggers
2024-01-25 20:20     ` Gabriel Krisman Bertazi
2024-01-25 20:20       ` [f2fs-dev] " Gabriel Krisman Bertazi
2024-01-27  7:17       ` Eric Biggers
2024-01-27  7:17         ` [f2fs-dev] " Eric Biggers
2024-01-29 19:34         ` Gabriel Krisman Bertazi
2024-01-29 19:34           ` [f2fs-dev] " Gabriel Krisman Bertazi
2024-01-19 18:47 ` [PATCH v3 05/10] libfs: Merge encrypted_ci_dentry_ops and ci_dentry_ops Gabriel Krisman Bertazi
2024-01-19 18:47   ` [f2fs-dev] " Gabriel Krisman Bertazi
2024-01-19 18:47 ` [PATCH v3 06/10] libfs: Add helper to choose dentry operations at mount Gabriel Krisman Bertazi
2024-01-19 18:47   ` [f2fs-dev] " Gabriel Krisman Bertazi
2024-01-25  3:13   ` Eric Biggers
2024-01-25  3:13     ` [f2fs-dev] " Eric Biggers
2024-01-19 18:47 ` [PATCH v3 07/10] ext4: Configure dentry operations at dentry-creation time Gabriel Krisman Bertazi
2024-01-19 18:47   ` [f2fs-dev] " Gabriel Krisman Bertazi
2024-01-19 18:47 ` [PATCH v3 08/10] f2fs: " Gabriel Krisman Bertazi
2024-01-19 18:47   ` [f2fs-dev] " Gabriel Krisman Bertazi
2024-01-19 18:47 ` [PATCH v3 09/10] ubifs: " Gabriel Krisman Bertazi
2024-01-19 18:47   ` [f2fs-dev] " Gabriel Krisman Bertazi
2024-01-19 18:47 ` [PATCH v3 10/10] libfs: Drop generic_set_encrypted_ci_d_ops Gabriel Krisman Bertazi
2024-01-19 18:47   ` [f2fs-dev] " Gabriel Krisman Bertazi
  -- strict thread matches above, loose matches on Subject: below --
2024-01-11 22:58 [PATCH v3 00/10] Set casefold/fscrypt dentry operations through sb->s_d_op Gabriel Krisman Bertazi
2024-01-11 22:58 ` [PATCH v3 02/10] fscrypt: Share code between functions that prepare lookup Gabriel Krisman Bertazi

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87a5otxj47.fsf@mailhost.krisman.be \
    --to=krisman@suse.de \
    --cc=amir73il@gmail.com \
    --cc=ebiggers@kernel.org \
    --cc=jaegeuk@kernel.org \
    --cc=linux-ext4@vger.kernel.org \
    --cc=linux-f2fs-devel@lists.sourceforge.net \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=tytso@mit.edu \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.