Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp2567695ybt;
        Fri, 3 Jul 2020 12:23:31 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzDHmPUSryzHglS0qYkKyXF0IzDiakzfaY6Ef5OQ35W+9TlWUkdm2pEKHesZnDhhFJzJpMn
X-Received: by 2002:a17:907:20b4:: with SMTP id pw20mr34851307ejb.225.1593804211142;
        Fri, 03 Jul 2020 12:23:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1593804211; cv=none;
        d=google.com; s=arc-20160816;
        b=UAQhPA5WPK+yxrNEFJDn+DrTuPgV/+DP2naCpGdlyFoVcd+e5AkcFI+XFsw/CZbzHs
         pnH79RKqD6hYcTGXNIzIhNHGDLscAlqTxcKUgWZpCBv0vYDCC0sxykO0Kw5J3bP/x0Ma
         nYlzlC9V9ka589a57S2uPqK9QpjnXNu0cebVLSg2I/zW86ZxM+JfhD3ml0DjciWtl/JG
         ayUlg5SHg6DKQs58PtemKdp+bdvBZ1i4DbtSuZCajB1V0KM6VBgVbw/KfON1bjVu3LRj
         xWcmCC6HM8HAWCvTgKEUkimlRNl7e79H0cm08vCt2UAUAbOWNpS3gzA/vDS1NPKRU+oa
         dRJw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date
         :dkim-signature;
        bh=PZ1CWQ2oZOftmCp0xm6Cw5IBSVB3wpuBRpxl11xavR4=;
        b=cYqfp2Pox53dSw5GKb5BFgcZZkVAAlYe/WIUDxCO8fjeqS/Omp/KsSS5D+PWPSwIIT
         2/NdqMKstC4iJtH2ePuZjnZYc6w5GxFTOaTibCcwA/XfKvg7rdvHFV5a1gVuB0FwP7Jz
         I2zwoIjRAy1yfkF958attXQlrs5MLp+v21oBYT84QoqDd/tkqbrZfWeH2M1KjBWYEvGw
         yBbvhFq3+xj5GrjLOvAC2SUGihAcR86u7jVmfRfuH6RNEqyHi0+6r5wndzCtzFflAXQ3
         Ky7VlIGnUIpsu8zyjPNQvBCSaLwr3dWB0Csdy9pCH5uOsvPzy2RPw0SnPmFlc26a0ciw
         rSqg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=cZz3+cYt;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id q3si9874705edg.255.2020.07.03.12.23.07;
        Fri, 03 Jul 2020 12:23:31 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=cZz3+cYt;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726733AbgGCTU6 (ORCPT <rfc822;jaysonjohndmello@gmail.com>
        + 99 others); Fri, 3 Jul 2020 15:20:58 -0400
Received: from mail.kernel.org ([198.145.29.99]:49142 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726147AbgGCTU5 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 3 Jul 2020 15:20:57 -0400
Received: from sol.localdomain (c-107-3-166-239.hsd1.ca.comcast.net [107.3.166.239])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id EB37F207FF;
        Fri,  3 Jul 2020 19:20:56 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1593804057;
        bh=PEmsm7KiYhEynj7JM9OkcWwJJEMC5FTZ1MgB7GC3/kw=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=cZz3+cYtChLGxVGtGhI0iqF8NG4vRe7SyHyKP6rwlrniscYuLOgqOM9tC5bBvh6V9
         rCNuVMRKKdD1/I05cjOph+0nERO2OeeH/Y1QSjn/3szq+YCjsBxWz49TxA/V8HiT6F
         N6pBBTbIdf7MhFFMTY1BRtmYQCvTyvOSvJ4M/pzg=
Date:   Fri, 3 Jul 2020 12:20:55 -0700
From:   Eric Biggers <ebiggers@kernel.org>
To:     Daniel Rosenberg <drosen@google.com>
Cc:     Theodore Ts'o <tytso@mit.edu>, linux-ext4@vger.kernel.org,
        Jaegeuk Kim <jaegeuk@kernel.org>, Chao Yu <chao@kernel.org>,
        linux-f2fs-devel@lists.sourceforge.net,
        linux-fscrypt@vger.kernel.org,
        Alexander Viro <viro@zeniv.linux.org.uk>,
        Richard Weinberger <richard@nod.at>,
        linux-mtd@lists.infradead.org,
        Andreas Dilger <adilger.kernel@dilger.ca>,
        Jonathan Corbet <corbet@lwn.net>, linux-doc@vger.kernel.org,
        linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
        Gabriel Krisman Bertazi <krisman@collabora.com>,
        kernel-team@android.com
Subject: Re: [PATCH v9 2/4] fs: Add standard casefolding support
Message-ID: <20200703192055.GA2825@sol.localdomain>
References: <20200624043341.33364-1-drosen@google.com>
 <20200624043341.33364-3-drosen@google.com>
 <20200624055707.GG844@sol.localdomain>
 <CA+PiJmTDXTKnccJdADX=ir+PtqsDD72xHGbzObpntkjkVmKHxQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CA+PiJmTDXTKnccJdADX=ir+PtqsDD72xHGbzObpntkjkVmKHxQ@mail.gmail.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Jul 02, 2020 at 06:01:37PM -0700, Daniel Rosenberg wrote:
> On Tue, Jun 23, 2020 at 10:57 PM Eric Biggers <ebiggers@kernel.org> wrote:
> >
> > Note that the '!IS_ENCRYPTED(dir) || fscrypt_has_encryption_key(dir)' check can
> > be racy, because a process can be looking up a no-key token in a directory while
> > concurrently another process initializes the directory's ->i_crypt_info, causing
> > fscrypt_has_encryption_key(dir) to suddenly start returning true.
> >
> > In my rework of filename handling in f2fs, I actually ended up removing all
> > calls to needs_casefold(), thus avoiding this race.  f2fs now decides whether
> > the name is going to need casefolding early on, in __f2fs_setup_filename(),
> > where it knows in a race-free way whether the filename is a no-key token or not.
> >
> > Perhaps ext4 should work the same way?  It did look like there would be some
> > extra complexity due to how the ext4 directory hashing works in comparison to
> > f2fs's, but I haven't had a chance to properly investigate it.
> >
> > - Eric
> 
> Hm. I think I should be able to just check for DCACHE_ENCRYPTED_NAME
> in the dentry here, right? I'm just trying to avoid casefolding the
> no-key token, and that flag should indicate that.

Ideally yes, but currently the 'struct dentry' isn't always available.  See how
fscrypt_setup_filename(), f2fs_setup_filename(), f2fs_find_entry(),
ext4_find_entry(), etc. take a 'struct qstr', not a 'struct dentry'.

At some point we should fix that by passing down the dentry whenever it's
available, so that we reliably know whether the name is a no-key name or not.

So even my new f2fs code is still racy.  But it at least handles each filename
in a consistent way within each directory operation.  In comparison, your
proposed ext4 code can treat a filename as a no-key name while matching one
dir_entry and then as a regular filename while matching the next.  I think the
f2fs way is more on the right track, both correctness-wise and efficiency-wise.

- Eric