From: Chao Yu <chao@kernel.org>
To: Theodore Ts'o <tytso@mit.edu>,
jaegeuk@kernel.org, linux-f2fs-devel@lists.sourceforge.net,
linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org,
Chao Yu <yuchao0@huawei.com>
Subject: Re: [PATCH] fscrypto: fix to null-terminate encrypted filename in fname_encrypt
Date: Mon, 29 Aug 2016 22:55:47 +0800 [thread overview]
Message-ID: <81758b43-a82c-0526-8921-cb34d6da1c50@kernel.org> (raw)
In-Reply-To: <4a1a7233-a8f5-873a-2895-a259dc0cf717@kernel.org>
Hi Ted, Jaegeuk,
On 2016/8/28 14:16, Chao Yu wrote:
> Hi Ted,
>
> On 2016/8/28 13:13, Theodore Ts'o wrote:
>> On Sun, Aug 28, 2016 at 09:13:28AM +0800, Chao Yu wrote:
>>> From: Chao Yu <yuchao0@huawei.com>
>>>
>>> This patch fixes to add null character at the end of encrypted filename
Since encryption functionality in ext4/f2fs was exported to vfs as fscrypot
module, more filesystems can use it, I'm not sure, maybe other fs will traverse
encrypted filename directly.
So, could we set this null character in fname_encrypt in advance in order to
avoid hitting random characters behind target filename when traversing it?
Thanks,
>>> in fname_encrypt, in order to avoid incorrectly traversing random data
>>> located after target filename. The call stack is as below:
>>>
>>> - f2fs_add_link
>>> - __f2fs_add_link
>>> - fscrypt_setup_filename
>>> - fscrypt_fname_alloc_buffer allocate buffer for @fname
>>> - fname_encrypt didn't set null character for @fname
>>> - f2fs_add_regular_entry init qstr with @fname
>>> - init_inode_metadata
>>> - f2fs_init_security
>>> - security_inode_init_security
>>> - selinux_inode_init_security
>>> - selinux_determine_inode_label
>>> - security_transition_sid
>>> - security_compute_sid
>>> - filename_compute_type
>>> - hashtab_search
>>> - filenametr_hash traverse @fname as one which has null character
>>
>> The problem is not in fname_encrypt(), but rather that
>> security_inode_init_security() should be given the _unencrypted_
>> filename.
>>
>> In ext4 security_inode_init_security() is called with the qstr from
>> the dentry, not the encrypted qstr --- in fact we call
>> security_inode_init_security before we call fname_encrypt.
>>
>> SELinux needs the unencrypted filename in order to decide which
>> SELinux rules / labels should apply.
>
> You're right, I missed this mistake. So actually, this is a bug of f2fs.
> Let me figure out the fixing patch.
>
> Thanks for your review! :)
>
> Thanks,
>
>>
>> - Ted
>>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Linux-f2fs-devel mailing list
> Linux-f2fs-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
>
------------------------------------------------------------------------------
next prev parent reply other threads:[~2016-08-29 14:56 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-28 1:13 [PATCH] fscrypto: fix to null-terminate encrypted filename in fname_encrypt Chao Yu
2016-08-28 5:13 ` Theodore Ts'o
2016-08-28 6:16 ` Chao Yu
2016-08-29 14:55 ` Chao Yu [this message]
2016-08-29 17:51 ` [f2fs-dev] " Jaegeuk Kim
2016-08-29 19:08 ` Theodore Ts'o
2016-08-30 16:10 ` Chao Yu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=81758b43-a82c-0526-8921-cb34d6da1c50@kernel.org \
--to=chao@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=tytso@mit.edu \
--cc=yuchao0@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).