From patchwork Mon Apr 24 17:00:08 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eric Biggers <ebiggers3@gmail.com>
X-Patchwork-Id: 9696789
Return-Path: <linux-fscrypt-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	77322603F3 for <patchwork-linux-fscrypt@patchwork.kernel.org>;
	Mon, 24 Apr 2017 17:02:18 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 64760205F7
	for <patchwork-linux-fscrypt@patchwork.kernel.org>;
	Mon, 24 Apr 2017 17:02:18 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 58F5326B41; Mon, 24 Apr 2017 17:02:18 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM,
	T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CE00A205F7
	for <patchwork-linux-fscrypt@patchwork.kernel.org>;
	Mon, 24 Apr 2017 17:02:17 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S975297AbdDXRCR (ORCPT
	<rfc822;patchwork-linux-fscrypt@patchwork.kernel.org>);
	Mon, 24 Apr 2017 13:02:17 -0400
Received: from mail-pg0-f66.google.com ([74.125.83.66]:36124 "EHLO
	mail-pg0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S975168AbdDXRCG (ORCPT
	<rfc822;linux-fscrypt@vger.kernel.org>);
	Mon, 24 Apr 2017 13:02:06 -0400
Received: by mail-pg0-f66.google.com with SMTP id 34so5613801pgx.3;
	Mon, 24 Apr 2017 10:02:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=0UZUkcwiK6crpTivrS/UfGnUdjjEwO1opq8lCE9HiCo=;
	b=mUhVtTD9rzKMdSlxBMjcpLT47E1PIy3kyQtpPlhwEq2TE8xYg12RNNE37Lvo4IFhfT
	0mjXwsNvKJqfrtq6YLORJQ2N2i/x/H9DOb7vniBlorX5iY6zL1yN56kt2F7hmK+ZlVdt
	f5MuZ1DvYYer/wohJcodyPDrv8FV6Bb1UOSUwFE1CJ32CBv4/6Hq5P8nJEnCNXrXiohZ
	z/lEHO54zLBf/fluUiL1Gpb/8drK2N3KScdvJwGqzFBgudUvamM+c1H+Gj5Zo+y+B0jU
	2OAApps0KZgzu1QKVpWDti1DjpVmSnFK+s0D5LGjN4l/mEvzBRj5P0XfrdvZf0sa0Pjy
	78WQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=0UZUkcwiK6crpTivrS/UfGnUdjjEwO1opq8lCE9HiCo=;
	b=Z7bWUYWsX5zRmfdPvW4Zo4n2bzwZtOEP/uT9clRrRhrujX5s/9Hcx3vQPm9q11pg/W
	ywwp/iWY5ZULjjOZ0eZs50znIJhoZ2DxnABoLV9f1IzGlKiQ8neuz8P6cXv1jipQTQwI
	r77/FKTPsZ9GIWqaBWlX+oIld+Hygf7N5eejy+aUuf+IeJnbHGI5D2jk5rogtxywle9Z
	ygTNeSWqTPaoz7Ev17s4hHkjFaDuXpa74y2/fYMzwvlPtUXEAgCe7FyqIOnknL4TKwWR
	6HNzWIgZrr1QgTesAyW1NQGcKuzFLFadabplq1IKF5bfR9CBAcAm0R7KKauo9ZednZ15
	QUCQ==
X-Gm-Message-State: AN3rC/4RiO3L748LCvPTrKe/25BiWgg660OyMr7fx2pots3bXhHFrXTy
	bpJNQw+vbiqPdg==
X-Received: by 10.98.252.72 with SMTP id e69mr25588026pfh.247.1493053325360;
	Mon, 24 Apr 2017 10:02:05 -0700 (PDT)
Received: from ebiggers-linuxstation.kir.corp.google.com ([100.119.30.131])
	by smtp.gmail.com with ESMTPSA id
	s89sm31927267pfi.79.2017.04.24.10.02.04
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Mon, 24 Apr 2017 10:02:04 -0700 (PDT)
From: Eric Biggers <ebiggers3@gmail.com>
To: linux-fscrypt@vger.kernel.org
Cc: "Theodore Y . Ts'o" <tytso@mit.edu>, Jaegeuk Kim <jaegeuk@kernel.org>,
	linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org,
	linux-mtd@lists.infradead.org,
	Gwendal Grignou <gwendal@chromium.org>, hashimoto@chromium.org,
	kinaba@chromium.org, stable@vger.kernel.org,
	Eric Biggers <ebiggers@google.com>
Subject: [PATCH 1/6] f2fs: check entire encrypted bigname when finding a
	dentry
Date: Mon, 24 Apr 2017 10:00:08 -0700
Message-Id: <20170424170013.85175-2-ebiggers3@gmail.com>
X-Mailer: git-send-email 2.12.2.816.g2cccc81164-goog
In-Reply-To: <20170424170013.85175-1-ebiggers3@gmail.com>
References: <20170424170013.85175-1-ebiggers3@gmail.com>
Sender: linux-fscrypt-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fscrypt.vger.kernel.org>
X-Mailing-List: linux-fscrypt@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Jaegeuk Kim <jaegeuk@kernel.org>

If user has no key under an encrypted dir, fscrypt gives digested dentries.
Previously, when looking up a dentry, f2fs only checks its hash value with
first 4 bytes of the digested dentry, which didn't handle hash collisions fully.
This patch enhances to check entire dentry bytes likewise ext4.

Eric reported how to reproduce this issue by:

 # seq -f "edir/abcdefghijklmnopqrstuvwxyz012345%.0f" 100000 | xargs touch
 # find edir -type f | xargs stat -c %i | sort | uniq | wc -l
100000
 # sync
 # echo 3 > /proc/sys/vm/drop_caches
 # keyctl new_session
 # find edir -type f | xargs stat -c %i | sort | uniq | wc -l
99999

Cc: <stable@vger.kernel.org>
Reported-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
(fixed f2fs_dentry_hash() to work even when the hash is 0)
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 fs/f2fs/dir.c    | 37 +++++++++++++++++++++----------------
 fs/f2fs/f2fs.h   |  3 ++-
 fs/f2fs/hash.c   |  7 ++++++-
 fs/f2fs/inline.c |  4 ++--
 4 files changed, 31 insertions(+), 20 deletions(-)

diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c
index c143dffcae6e..374e4b8f9b70 100644
--- a/fs/f2fs/dir.c
+++ b/fs/f2fs/dir.c
@@ -130,19 +130,29 @@ struct f2fs_dir_entry *find_target_dentry(struct fscrypt_name *fname,
 			continue;
 		}
 
-		/* encrypted case */
+		if (de->hash_code != namehash)
+			goto not_match;
+
 		de_name.name = d->filename[bit_pos];
 		de_name.len = le16_to_cpu(de->name_len);
 
-		/* show encrypted name */
-		if (fname->hash) {
-			if (de->hash_code == cpu_to_le32(fname->hash))
-				goto found;
-		} else if (de_name.len == name->len &&
-			de->hash_code == namehash &&
-			!memcmp(de_name.name, name->name, name->len))
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
+		if (unlikely(!name->name)) {
+			if (fname->usr_fname->name[0] == '_') {
+				if (de_name.len >= 16 &&
+					!memcmp(de_name.name + de_name.len - 16,
+						fname->crypto_buf.name + 8, 16))
+					goto found;
+				goto not_match;
+			}
+			name->name = fname->crypto_buf.name;
+			name->len = fname->crypto_buf.len;
+		}
+#endif
+		if (de_name.len == name->len &&
+				!memcmp(de_name.name, name->name, name->len))
 			goto found;
-
+not_match:
 		if (max_slots && max_len > *max_slots)
 			*max_slots = max_len;
 		max_len = 0;
@@ -170,12 +180,7 @@ static struct f2fs_dir_entry *find_in_level(struct inode *dir,
 	struct f2fs_dir_entry *de = NULL;
 	bool room = false;
 	int max_slots;
-	f2fs_hash_t namehash;
-
-	if(fname->hash)
-		namehash = cpu_to_le32(fname->hash);
-	else
-		namehash = f2fs_dentry_hash(&name);
+	f2fs_hash_t namehash = f2fs_dentry_hash(&name, fname);
 
 	nbucket = dir_buckets(level, F2FS_I(dir)->i_dir_level);
 	nblock = bucket_blocks(level);
@@ -527,7 +532,7 @@ int f2fs_add_regular_entry(struct inode *dir, const struct qstr *new_name,
 
 	level = 0;
 	slots = GET_DENTRY_SLOTS(new_name->len);
-	dentry_hash = f2fs_dentry_hash(new_name);
+	dentry_hash = f2fs_dentry_hash(new_name, NULL);
 
 	current_depth = F2FS_I(dir)->i_current_depth;
 	if (F2FS_I(dir)->chash == dentry_hash) {
diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index 562db8989a4e..5bc232e21a6e 100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -2145,7 +2145,8 @@ int sanity_check_ckpt(struct f2fs_sb_info *sbi);
 /*
  * hash.c
  */
-f2fs_hash_t f2fs_dentry_hash(const struct qstr *name_info);
+f2fs_hash_t f2fs_dentry_hash(const struct qstr *name_info,
+				struct fscrypt_name *fname);
 
 /*
  * node.c
diff --git a/fs/f2fs/hash.c b/fs/f2fs/hash.c
index 71b7206c431e..eb2e031ea887 100644
--- a/fs/f2fs/hash.c
+++ b/fs/f2fs/hash.c
@@ -70,7 +70,8 @@ static void str2hashbuf(const unsigned char *msg, size_t len,
 		*buf++ = pad;
 }
 
-f2fs_hash_t f2fs_dentry_hash(const struct qstr *name_info)
+f2fs_hash_t f2fs_dentry_hash(const struct qstr *name_info,
+				struct fscrypt_name *fname)
 {
 	__u32 hash;
 	f2fs_hash_t f2fs_hash;
@@ -79,6 +80,10 @@ f2fs_hash_t f2fs_dentry_hash(const struct qstr *name_info)
 	const unsigned char *name = name_info->name;
 	size_t len = name_info->len;
 
+	/* encrypted bigname case */
+	if (fname && !fname->disk_name.name)
+		return cpu_to_le32(fname->hash);
+
 	if (is_dot_dotdot(name_info))
 		return 0;
 
diff --git a/fs/f2fs/inline.c b/fs/f2fs/inline.c
index 0ccdefe9fdba..e4c527c4e7d0 100644
--- a/fs/f2fs/inline.c
+++ b/fs/f2fs/inline.c
@@ -298,7 +298,7 @@ struct f2fs_dir_entry *find_in_inline_dir(struct inode *dir,
 		return NULL;
 	}
 
-	namehash = f2fs_dentry_hash(&name);
+	namehash = f2fs_dentry_hash(&name, fname);
 
 	inline_dentry = inline_data_addr(ipage);
 
@@ -533,7 +533,7 @@ int f2fs_add_inline_entry(struct inode *dir, const struct qstr *new_name,
 
 	f2fs_wait_on_page_writeback(ipage, NODE, true);
 
-	name_hash = f2fs_dentry_hash(new_name);
+	name_hash = f2fs_dentry_hash(new_name, NULL);
 	make_dentry_ptr_inline(NULL, &d, dentry_blk);
 	f2fs_update_dentry(ino, mode, &d, new_name, name_hash, bit_pos);