From: "Luís Henriques" <lhenriques@suse.de>
To: xiubli@redhat.com
Cc: jlayton@kernel.org, idryomov@gmail.com, vshankar@redhat.com,
ceph-devel@vger.kernel.org
Subject: Re: [PATCH 0/4] ceph: dencrypt the dentry names early and once for readdir
Date: Fri, 11 Mar 2022 16:02:57 +0000 [thread overview]
Message-ID: <87ee3879zi.fsf@brahms.olymp> (raw)
In-Reply-To: <20220311104558.157283-1-xiubli@redhat.com> (xiubli@redhat.com's message of "Fri, 11 Mar 2022 18:45:54 +0800")
Hi Xiubo,
I've started reviewing this patchset but, while running some quick tests,
I've seen found a bug. I was testing with fstests, but I can easily
reproduce it simply using 'src/dirhash_collide', from fstests:
- mount filesystem and create an encrypted directory
- run that application on the encrypted (unlocked) directory:
# cd mydir
# $FSTESTSDIR/src/dirhash_collide -d -n 10000 .
- umount filesystem and mount it again
- do an 'ls' in 'mydir' and I get:
[ 115.807181] ------------[ cut here ]------------
[ 115.807865] WARNING: CPU: 0 PID: 220 at fs/ceph/crypto.c:138 ceph_encode_encrypted_dname+0x1e6/0x240 [ceph]
[ 115.809298] Modules linked in: ceph libceph
[ 115.809881] CPU: 0 PID: 220 Comm: ls Not tainted 5.17.0-rc6+ #91
[ 115.810720] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b-rebuilt.opensuse.org 04/01/2014
[ 115.812298] RIP: 0010:ceph_encode_encrypted_dname+0x1e6/0x240 [ceph]
[ 115.813238] Code: 48 8b 44 24 50 48 89 85 ad 00 00 00 48 8b 44 24 58 48 89 85 b5 00 00 00 e9 2f ff ff ff 48 89 ef e8 6f dd 17 e1 e9 45 ff ff ff <0f> 0b e9 a2 fe ff ff 417
[ 115.815800] RSP: 0018:ffffc90000487bc0 EFLAGS: 00010246
[ 115.816519] RAX: 0000000000000000 RBX: 1ffff92000090f78 RCX: ffffffffa014654e
[ 115.817502] RDX: dffffc0000000000 RSI: ffffc90000487d58 RDI: ffff8880791b3230
[ 115.818466] RBP: ffffc90000487e90 R08: 0000000000000007 R09: ffff8880605d8748
[ 115.819445] R10: fffffbfff05a79b3 R11: 0000000000000001 R12: ffff8880791b2fe8
[ 115.820437] R13: ffff88807f88ae00 R14: ffffc90000487d58 R15: 0000000000000000
[ 115.821424] FS: 00007fe454541800(0000) GS:ffff888060c00000(0000) knlGS:0000000000000000
[ 115.822526] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 115.823308] CR2: 00007fe454530058 CR3: 000000000d6a0000 CR4: 00000000000006b0
[ 115.824296] Call Trace:
[ 115.824646] <TASK>
[ 115.824963] ? ceph_fscrypt_as_ctx_to_req+0x40/0x40 [ceph]
[ 115.825774] ? create_object.isra.0+0x34a/0x4b0
[ 115.826418] ? preempt_count_sub+0x18/0xc0
[ 115.827069] ? _raw_spin_unlock_irqrestore+0x28/0x40
[ 115.827815] ceph_readdir+0xe24/0x1fa0 [ceph]
[ 115.828459] ? preempt_count_sub+0x18/0xc0
[ 115.829028] ? preempt_count_sub+0x18/0xc0
[ 115.829604] ? ceph_d_revalidate+0x970/0x970 [ceph]
[ 115.830314] ? down_write_killable+0xb2/0x110
[ 115.830921] ? __down_killable+0x200/0x200
[ 115.831488] iterate_dir+0xe9/0x2a0
[ 115.831995] __x64_sys_getdents64+0xf2/0x1c0
[ 115.832587] ? __x64_sys_getdents+0x1c0/0x1c0
[ 115.833203] ? handle_mm_fault+0x1c3/0x230
[ 115.833778] ? compat_fillonedir+0x1b0/0x1b0
[ 115.834419] ? do_user_addr_fault+0x32b/0x940
[ 115.835048] do_syscall_64+0x43/0x90
[ 115.835575] entry_SYSCALL_64_after_hwframe+0x44/0xae
After this, I also see some KASAN NULL pointers, but I assume it's the
result of the above bug.
Cheers,
--
Luís
next prev parent reply other threads:[~2022-03-11 16:02 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-11 10:45 [PATCH 0/4] ceph: dencrypt the dentry names early and once for readdir xiubli
2022-03-11 10:45 ` [PATCH 1/4] ceph: pass the request to parse_reply_info_readdir() xiubli
2022-03-11 10:45 ` [PATCH 2/4] ceph: add ceph_encode_encrypted_dname() helper xiubli
2022-03-11 10:45 ` [PATCH 3/4] ceph: dencrypt the dentry names early and once for readdir xiubli
2022-03-11 10:45 ` [PATCH 4/4] ceph: clean up the ceph_readdir() code xiubli
2022-03-11 16:02 ` Luís Henriques [this message]
2022-03-12 0:21 ` [PATCH 0/4] ceph: dencrypt the dentry names early and once for readdir Xiubo Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ee3879zi.fsf@brahms.olymp \
--to=lhenriques@suse.de \
--cc=ceph-devel@vger.kernel.org \
--cc=idryomov@gmail.com \
--cc=jlayton@kernel.org \
--cc=vshankar@redhat.com \
--cc=xiubli@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.