Commit 129a883b authored by Jaegeuk Kim's avatar Jaegeuk Kim Committed by Greg Kroah-Hartman

f2fs: check entire encrypted bigname when finding a dentry

commit 6332cd32 upstream.

If user has no key under an encrypted dir, fscrypt gives digested dentries.
Previously, when looking up a dentry, f2fs only checks its hash value with
first 4 bytes of the digested dentry, which didn't handle hash collisions fully.
This patch enhances to check entire dentry bytes likewise ext4.

Eric reported how to reproduce this issue by:

 # seq -f "edir/abcdefghijklmnopqrstuvwxyz012345%.0f" 100000 | xargs touch
 # find edir -type f | xargs stat -c %i | sort | uniq | wc -l
100000
 # sync
 # echo 3 > /proc/sys/vm/drop_caches
 # keyctl new_session
 # find edir -type f | xargs stat -c %i | sort | uniq | wc -l
99999

Cc: <stable@vger.kernel.org>
Reported-by: default avatarEric Biggers <ebiggers@google.com>
Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
(fixed f2fs_dentry_hash() to work even when the hash is 0)
Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 269d8211
......@@ -124,19 +124,29 @@ struct f2fs_dir_entry *find_target_dentry(struct f2fs_filename *fname,
de = &d->dentry[bit_pos];
/* encrypted case */
if (de->hash_code != namehash)
goto not_match;
de_name.name = d->filename[bit_pos];
de_name.len = le16_to_cpu(de->name_len);
/* show encrypted name */
if (fname->hash) {
if (de->hash_code == fname->hash)
#ifdef CONFIG_F2FS_FS_ENCRYPTION
if (unlikely(!name->name)) {
if (fname->usr_fname->name[0] == '_') {
if (de_name.len >= 16 &&
!memcmp(de_name.name + de_name.len - 16,
fname->crypto_buf.name + 8, 16))
goto found;
} else if (de_name.len == name->len &&
de->hash_code == namehash &&
goto not_match;
}
name->name = fname->crypto_buf.name;
name->len = fname->crypto_buf.len;
}
#endif
if (de_name.len == name->len &&
!memcmp(de_name.name, name->name, name->len))
goto found;
not_match:
if (max_slots && max_len > *max_slots)
*max_slots = max_len;
max_len = 0;
......@@ -170,7 +180,7 @@ static struct f2fs_dir_entry *find_in_level(struct inode *dir,
int max_slots;
f2fs_hash_t namehash;
namehash = f2fs_dentry_hash(&name);
namehash = f2fs_dentry_hash(&name, fname);
f2fs_bug_on(F2FS_I_SB(dir), level > MAX_DIR_HASH_DEPTH);
......@@ -547,7 +557,7 @@ int __f2fs_add_link(struct inode *dir, const struct qstr *name,
level = 0;
slots = GET_DENTRY_SLOTS(new_name.len);
dentry_hash = f2fs_dentry_hash(&new_name);
dentry_hash = f2fs_dentry_hash(&new_name, NULL);
current_depth = F2FS_I(dir)->i_current_depth;
if (F2FS_I(dir)->chash == dentry_hash) {
......
......@@ -1722,7 +1722,8 @@ void f2fs_msg(struct super_block *, const char *, const char *, ...);
/*
* hash.c
*/
f2fs_hash_t f2fs_dentry_hash(const struct qstr *);
f2fs_hash_t f2fs_dentry_hash(const struct qstr *name_info,
struct f2fs_filename *fname);
/*
* node.c
......
......@@ -70,7 +70,8 @@ static void str2hashbuf(const unsigned char *msg, size_t len,
*buf++ = pad;
}
f2fs_hash_t f2fs_dentry_hash(const struct qstr *name_info)
f2fs_hash_t f2fs_dentry_hash(const struct qstr *name_info,
struct f2fs_filename *fname)
{
__u32 hash;
f2fs_hash_t f2fs_hash;
......@@ -79,6 +80,10 @@ f2fs_hash_t f2fs_dentry_hash(const struct qstr *name_info)
const unsigned char *name = name_info->name;
size_t len = name_info->len;
/* encrypted bigname case */
if (fname && !fname->disk_name.name)
return cpu_to_le32(fname->hash);
if (is_dot_dotdot(name_info))
return 0;
......
......@@ -303,7 +303,7 @@ struct f2fs_dir_entry *find_in_inline_dir(struct inode *dir,
if (IS_ERR(ipage))
return NULL;
namehash = f2fs_dentry_hash(&name);
namehash = f2fs_dentry_hash(&name, fname);
inline_dentry = inline_data_addr(ipage);
......@@ -468,7 +468,7 @@ int f2fs_add_inline_entry(struct inode *dir, const struct qstr *name,
f2fs_wait_on_page_writeback(ipage, NODE);
name_hash = f2fs_dentry_hash(name);
name_hash = f2fs_dentry_hash(name, NULL);
make_dentry_ptr(NULL, &d, (void *)dentry_blk, 2);
f2fs_update_dentry(ino, mode, &d, name, name_hash, bit_pos);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment