Received: by 10.223.185.116 with SMTP id b49csp2083537wrg; Sat, 24 Feb 2018 10:33:32 -0800 (PST) X-Google-Smtp-Source: AH8x227F+a23X8S5z7j2l8HBIiVlEMPr8rn9oRjHIOLYIZBEpnQZLEscQnJAPZO/tafTqaclhn44 X-Received: by 10.98.16.13 with SMTP id y13mr5613355pfi.188.1519497212265; Sat, 24 Feb 2018 10:33:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519497212; cv=none; d=google.com; s=arc-20160816; b=byp8Q14UdGPIENorOyvmsOugpWjPktRhvVuAWBcL4OD/Q0b1g9iNo5gK5V3e2CTZw/ G9oBWwc3IZY3TGfMAC61pxdiKQmd/TUEcd5nBGOgGTsYZAvtXeK9WAqXBXNJVWlKPG3M rJR70HlNfnBCqvHQ/XYM92BAor8+o26w7+GE02iNeZKhh48wls1a0cRpovKuhq5wqyPE ylmSA1OQxFacktyhdB1gIdYl2OqCjWO2XH0EnrTOmNvP/I5QvuJB3nR94tcgSSQGz8qw Y9BmxBMXahAgdgKkPa31fFArRP7rm6GeomUgTOmhbYZD0ySD1esepQIfjBz3qKyPrk1h zGEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=0rtfOqepWEEZ3teZUeIaRJzPvHQ+Qx9EkUK/Sxx7QkM=; b=aIyPg/aGVkXZNbgGC07aykeOioWlXfh8r4ZfIyVvI3I2vRIqPMEEo4p43iOpR9Sl75 alxEE4ZlvoKZRzapeMF0z4culzPzVwKtcoyKzGOlcqD9mGS4px36fIicpmdT33UJXrT7 tBCj9URbfAbybbgURgqMBesMSUnypMk86lWNUno4YYBAEIOQfFgWWztmBDGl/qWoZGl4 qNuylUg79AKcMclECUYTdNRkc+FfwD/+GgCS/7LwfLUa9liON2jV6rG56eZBbojv5vEC RoBIx6/WoDNMbJdPh33K1GLG17H1z0lUg5RiYJ8shtaKKTLXtiklAqbB3YmcssaPxEa7 4YIA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=glbK73Wf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k15si3237169pgr.430.2018.02.24.10.33.17; Sat, 24 Feb 2018 10:33:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=glbK73Wf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751482AbeBXScf (ORCPT + 99 others); Sat, 24 Feb 2018 13:32:35 -0500 Received: from mail-pl0-f65.google.com ([209.85.160.65]:35613 "EHLO mail-pl0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751370AbeBXScd (ORCPT ); Sat, 24 Feb 2018 13:32:33 -0500 Received: by mail-pl0-f65.google.com with SMTP id bb3so6853762plb.2 for ; Sat, 24 Feb 2018 10:32:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=0rtfOqepWEEZ3teZUeIaRJzPvHQ+Qx9EkUK/Sxx7QkM=; b=glbK73Wfka1J9lkfC3/ZkIJuCtrL0QuUhcNtM5Ck6TKo4fxxh6kUSRgdRGHAupcZgX eSvY3E4QFRXRjbul0i3GQYXV91FQLOskpug1iNg2RbD/qN/4scDCd/SKnc+Jo/z/hKv1 EtXplTyP1OzIwhIS9CZEgHwfOxGSSDKaG3IHzfO/ft3xAaSIwdnPhpY+9NJeknQ9Toz5 DOoCA57Sq7VzVBiVubECZlwJGoY8xj3flnq62ddlvxLbTkr+Bmd76dg9tTe17ASSMfQ5 Cr5wJ+lDU5uSbqL45zMOCF1ZP71kOOLDG2QsOdBVRyTBgo/czTIXbQCe90UJMnh6u0mV jvrQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=0rtfOqepWEEZ3teZUeIaRJzPvHQ+Qx9EkUK/Sxx7QkM=; b=NT41wZHowb0rZen/ARzTV6se/YvyFVVRnJsU2FMGI5k29EFPK82AiFN7o4LkyY/vNq qoLpl2kfk8CIy2Jlo516wa8xcPosmSNBiBRK5GVLQJF+Iyry5wVIX25skhmEUXB/i+L4 llJYas6TV/nVuFW7ri/7KlE4BykEJLyrk+OdapkZbslnaUtHszECZFHYsWTsW1coM8ar n9L6ZuIYc6GvC+79NDW+lqKZHGFAQLykyDQT5g3Ea+Eyuk/Ilvn1RxsQtfxUEb+Sz1XM kU1XjcoEE3iY2hvRF8fJtZGJyN6rLW/U/7+siGlEXB8vRV0p6SIIghOS2oAMLSAR+xaK mEZw== X-Gm-Message-State: APf1xPAhvFycCxX1Xe6/4HsIN4t7+6QIh6ZAr2GrMJXK2h1VdFK7iLhO F/AbGFZy3EPOxHrrViNJQ6JEFZhO X-Received: by 2002:a17:902:4545:: with SMTP id m63-v6mr5412193pld.15.1519497152690; Sat, 24 Feb 2018 10:32:32 -0800 (PST) Received: from zzz.localdomain (c-67-185-97-198.hsd1.wa.comcast.net. [67.185.97.198]) by smtp.gmail.com with ESMTPSA id w88sm11378921pfa.50.2018.02.24.10.32.31 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 24 Feb 2018 10:32:32 -0800 (PST) Date: Sat, 24 Feb 2018 10:32:30 -0800 From: Eric Biggers To: Yunlong Song Cc: jaegeuk@kernel.org, chao@kernel.org, yuchao0@huawei.com, yunlong.song@icloud.com, miaoxie@huawei.com, bintian.wang@huawei.com, shengyong1@huawei.com, heyunlei@huawei.com, linux-f2fs-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org Subject: Re: [PATCH] f2fs: allocate buffer for decrypting filename to avoid panic Message-ID: <20180224183230.GA933@zzz.localdomain> References: <1519463698-60555-1-git-send-email-yunlong.song@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1519463698-60555-1-git-send-email-yunlong.song@huawei.com> User-Agent: Mutt/1.9.3 (2018-01-21) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Yunlong, On Sat, Feb 24, 2018 at 05:14:58PM +0800, Yunlong Song wrote: > In some platforms (such as arm), high memory is used, then the > decrypting filename will cause panic, the reason see commit > 569cf1876a32e574ba8a7fb825cd91bafd003882 ("f2fs crypto: allocate buffer > for decrypting filename"): > > We got dentry pages from high_mem, and its address space directly goes into the > decryption path via f2fs_fname_disk_to_usr. > But, sg_init_one assumes the address is not from high_mem, so we can get this > panic since it doesn't call kmap_high but kunmap_high is triggered at the end. > > kernel BUG at ../../../../../../kernel/mm/highmem.c:290! > Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM > ... > (kunmap_high+0xb0/0xb8) from [] (__kunmap_atomic+0xa0/0xa4) > (__kunmap_atomic+0xa0/0xa4) from [] (blkcipher_walk_done+0x128/0x1ec) > (blkcipher_walk_done+0x128/0x1ec) from [] (crypto_cbc_decrypt+0xc0/0x170) > (crypto_cbc_decrypt+0xc0/0x170) from [] (crypto_cts_decrypt+0xc0/0x114) > (crypto_cts_decrypt+0xc0/0x114) from [] (async_decrypt+0x40/0x48) > (async_decrypt+0x40/0x48) from [] (f2fs_fname_disk_to_usr+0x124/0x304) > (f2fs_fname_disk_to_usr+0x124/0x304) from [] (f2fs_fill_dentries+0xac/0x188) > (f2fs_fill_dentries+0xac/0x188) from [] (f2fs_readdir+0x1f0/0x300) > (f2fs_readdir+0x1f0/0x300) from [] (vfs_readdir+0x90/0xb4) > (vfs_readdir+0x90/0xb4) from [] (SyS_getdents64+0x64/0xcc) > (SyS_getdents64+0x64/0xcc) from [] (ret_fast_syscall+0x0/0x30) > > Howerver, later patches: > commit 922ec355f86365388203672119b5bca346a45085 ("f2fs crypto: avoid > unneeded memory allocation when {en/de}crypting symlink") > commit e06f86e61d7a67fe6e826010f57aa39c674f4b1b ("f2fs crypto: avoid > unneeded memory allocation in ->readdir") > > reverts the codes, which causes panic again in arm, so let's add the old > patch again. > > Signed-off-by: Yunlong Song > --- > fs/f2fs/dir.c | 7 +++++++ > fs/f2fs/namei.c | 10 +++++++++- > 2 files changed, 16 insertions(+), 1 deletion(-) > > diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c > index f00b5ed..c0cf3e7b 100644 > --- a/fs/f2fs/dir.c > +++ b/fs/f2fs/dir.c > @@ -825,9 +825,16 @@ int f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d, > int save_len = fstr->len; > int err; > > + de_name.name = kmalloc(de_name.len, GFP_NOFS); > + if (!de_name.name) > + return -ENOMEM; > + > + memcpy(de_name.name, d->filename[bit_pos], de_name.len); > + > err = fscrypt_fname_disk_to_usr(d->inode, > (u32)de->hash_code, 0, > &de_name, fstr); > + kfree(de_name.name); > if (err) > return err; > > diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c > index c4c94c7..2cb70c1 100644 > --- a/fs/f2fs/namei.c > +++ b/fs/f2fs/namei.c > @@ -1170,8 +1170,13 @@ static const char *f2fs_encrypted_get_link(struct dentry *dentry, > > /* Symlink is encrypted */ > sd = (struct fscrypt_symlink_data *)caddr; > - cstr.name = sd->encrypted_path; > cstr.len = le16_to_cpu(sd->len); > + cstr.name = kmalloc(cstr.len, GFP_NOFS); > + if (!cstr.name) { > + res = -ENOMEM; > + goto errout; > + } > + memcpy(cstr.name, sd->encrypted_path, cstr.len); > > /* this is broken symlink case */ > if (unlikely(cstr.len == 0)) { > @@ -1198,6 +1203,8 @@ static const char *f2fs_encrypted_get_link(struct dentry *dentry, > goto errout; > } > > + kfree(cstr.name); > + > paddr = pstr.name; > > /* Null-terminate the name */ > @@ -1207,6 +1214,7 @@ static const char *f2fs_encrypted_get_link(struct dentry *dentry, > set_delayed_call(done, kfree_link, paddr); > return paddr; > errout: > + kfree(cstr.name); > fscrypt_fname_free_buffer(&pstr); > put_page(cpage); > return ERR_PTR(res); > -- > 1.8.5.2 > The pagecache for symlinks in f2fs already uses lowmem only, so the change to ->get_link() isn't needed. Also that part of the patch doesn't apply to upstream. For directories we may need your fix. Note: kmalloc + memcpy should be replaced with kmemdup. But alternatively, directory pages could be restricted to lowmem which would match ext4. Eric