Received: by 2002:ac0:950c:0:0:0:0:0 with SMTP id f12csp3132504imc; Wed, 13 Mar 2019 09:34:56 -0700 (PDT) X-Google-Smtp-Source: APXvYqxbBVJusks9LjEDOMUWwyU/SgT9wqx0Y3gFqpYglS+bhmwKlShP/1P3FCeO98wd/zx6zdHV X-Received: by 2002:a63:d158:: with SMTP id c24mr40459746pgj.34.1552494896510; Wed, 13 Mar 2019 09:34:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1552494896; cv=none; d=google.com; s=arc-20160816; b=qOh6jvzZHePr4dQhnhl2sjtsQcaGFPH3F1X/08xGvcKQdOAMdAuSAbSoJ1k5xZh+n1 LigE4+K+LIk8mHgySfOnhL+ksqhckqKk/nlRbKFFpSHYGmrcCtfou07rO61QALie4IX6 pevRcrzPLxD3lyv37CJBSJf/HEfqQBu7f/xlIqjUR8wCoVXzb32AqoD3+mJLEN8Zl46W GhCRB6vBp6cJ6tLBP2MkP0rb91yKvKwz8aFM+aQJyt2jnOc4mdQiZYTf6T95F/mEdZ1C MkJlUYr6dkFp0J+H6PQMiNaQMz+2W+1ANyB1zBzI59zyKoFQgnIkq32vGKumOSsRU8kf rlUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=iGCiOTEujdFhJscB7eNdFoYiaFO3E64Upp5o3vOzdZg=; b=plL7Zl2ttXRSZQJr2JTpZokwuwxRh1LVBSdejkeSEsLqbaDrgqkvFPPW2MQgU/E99Y H3fcDz3GLBHUdFErRykR/tiXcUWiv9fFxX+NOlZf/C7Dx9ibQWMXQLlkE8ODdE2wtHcg P1W3e8nM8UbdIBswz16b81RQvagk9YennDS8iiQ9MdE7ZJWvvHQc5BxwabXkyZpdke55 ZtpQ8rWd/ClctomWTBf+uTbECtWT2HCO9Fka2RSkBA26y4ULFUd4o9Y5crHGvZg/O0sD lj1H6sMzrKGkXWFa3HZ6eydL7KIqhslIjCHa12ie4jsb3HqUyOLc6yg//7VPAudUYe8a z0bw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=XjQsbkzJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h124si10398498pgc.25.2019.03.13.09.34.40; Wed, 13 Mar 2019 09:34:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=XjQsbkzJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726782AbfCMQdw (ORCPT + 99 others); Wed, 13 Mar 2019 12:33:52 -0400 Received: from mail.kernel.org ([198.145.29.99]:59322 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725926AbfCMQdw (ORCPT ); Wed, 13 Mar 2019 12:33:52 -0400 Received: from sol.localdomain (c-107-3-167-184.hsd1.ca.comcast.net [107.3.167.184]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 0A0F42146E; Wed, 13 Mar 2019 16:33:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1552494831; bh=bn/1tJDwIetgrWZrMI9KrTdg30bcs0Isy2elXrxRawY=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=XjQsbkzJIVcEUnMvHuRG548xvsi5Q4mifAx8aMHWHHFOf9+scooeDgFGPL5cmZPYn e0wDs3MJFgR/BgL03oBWgCnsLbeKvsnH35fl7DMbl2y/jllR4kjcZnfZuXiQDr/y6s 7hEfvQCdz2bFzUK2M6zCgI3Hs8MCo2vOj6S1XSJ0= Date: Wed, 13 Mar 2019 09:33:49 -0700 From: Eric Biggers To: Al Viro Cc: Miklos Szeredi , Richard Weinberger , linux-fsdevel@vger.kernel.org, linux-fscrypt@vger.kernel.org, overlayfs , linux-kernel@vger.kernel.org Subject: Re: overlayfs vs. fscrypt Message-ID: <20190313163348.GD703@sol.localdomain> References: <4603533.ZIfxmiEf7K@blindfold> <1852545.qrIQg0rEWx@blindfold> <1854703.ve7plDhYWt@blindfold> <20190313150126.GA703@sol.localdomain> <20190313161147.GS2217@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190313161147.GS2217@ZenIV.linux.org.uk> User-Agent: Mutt/1.11.3 (2019-02-01) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Mar 13, 2019 at 04:11:48PM +0000, Al Viro wrote: > On Wed, Mar 13, 2019 at 08:01:27AM -0700, Eric Biggers wrote: > > > What do you think about this? > > That fscrypt might have some very deep flaws. I'll need to RTFS and > review its model, but what I've seen in this thread so far is not > promising anything good. > > It's not just overlayfs - there are all kinds of interesting trouble > possible just with fscrypt, unless I'm misparsing what had been said > so far. FYI, there *is* a known bug I was very recently made aware of and am planning to fix. When ->lookup() finds the plaintext name for a directory and the ciphertext name is already in the dcache, d_splice_alias() will __d_move() the existing dentry to the plaintext name. But it doesn't set DCACHE_ENCRYPTED_WITH_KEY, so the dentry incorrectly is still marked as a ciphertext name and will be invalidated on the next lookup. That's especially problematic if the lookup that caused the __d_move() came from sys_mount(). I'm thinking the best fix is to have __d_move() propagate DCACHE_ENCRYPTED_WITH_KEY from 'target' to 'dentry'. - Eric