Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp2738161pxv; Mon, 12 Jul 2021 00:19:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzj/j/ZJ/FDkehA6EPK39WRRg2ooUOh9QLECtt6vj1+dHGpEuZyjap+fvlCNiIhmUKY/YRr X-Received: by 2002:a5e:980c:: with SMTP id s12mr34230927ioj.128.1626074383975; Mon, 12 Jul 2021 00:19:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626074383; cv=none; d=google.com; s=arc-20160816; b=drxATYDX3eaj3mWFxPYIWJl31+kZrFzOLeMLChbjKPABI2yC6y9YfuU+y7Ca158Ge9 jtZ3TGmVMvBlLY4FablmpmHQ+IBgRMQdAqkS7zLRZTsqw9pS/GXnwohqxvO6s2Pm8/lq vceKRhRM/R8QnF6iozkC8v8ycT1Njnm88Sp6C2Rgq7PV38C3dQCSVh+OBPNn6NANvB+N VyGvlNEoojKxgSVcMJbYXYM8XWt3lPHIlwT88QzDqoj1xBCcbPaRMSvE31Cs4NbD34Cs CG4IxNG19atTrlC6nokv+1Ukmo7skJq6Q+e6CpGz6X5J0LWJUQJBkRAE5tSzCEIsKmci Zr4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=7EkZsgHckdP3oflae7s/jd1OzJjqcApr8GV3752pYXM=; b=mtzwJ9SGHjNQiolbLXYX58ERaM9Pui2K+RaNtEPWiHyQSIo+qg10ysnIv5t7JuJCgB OkEGQbb56rdrN5XK30wh5kXa3PX2hvJhQoobNthWAJFPYKwud+CvaOqAKYXIRb0BwgtL gIdbjV6BZwOxoVtpTIYeVCTW/Lqglnep+bkY8JG5WNbn4zpNbzgOg88C5vGJhXqglJhV C0cpERqRTTS1ep59rD7d1X7y1O4ksFo4SGcbmvKLHmjM/sLnTiuimsKpB2xVFf++D5cA mXVvUgMIoNNfeXHzAJeKjOuMGv5rBg/d44iRYrD4Kn9xFg7vPW6DtvcZrBxWCbuvVrUh WQqQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=oGbbJBzX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p5si17013776jal.76.2021.07.12.00.19.32; Mon, 12 Jul 2021 00:19:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=oGbbJBzX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244995AbhGLHTS (ORCPT + 99 others); Mon, 12 Jul 2021 03:19:18 -0400 Received: from mail.kernel.org ([198.145.29.99]:53800 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240984AbhGLGyY (ORCPT ); Mon, 12 Jul 2021 02:54:24 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 9F929611C2; Mon, 12 Jul 2021 06:51:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1626072694; bh=RtWuVmcFlAjsPSFFHOaPn9GmQSPNvNq00+3sAYldAJE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=oGbbJBzXiRzXiYmsBNZAAgeT9/iwWDPZbx+xd6cW+h1drNL3T5++w9HtcjF7VLM7R WR7vXR+3KLd46oLgtasgvaJ8k0hm2gX19rM9TjLsDv4P6APHbIwVFw7oANUiWWv17K hLGUEvbbxMTHtVB+JOjFYRVZC/w1EwtSi79KBovE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Biggers Subject: [PATCH 5.10 584/593] fscrypt: dont ignore minor_hash when hash is 0 Date: Mon, 12 Jul 2021 08:12:24 +0200 Message-Id: <20210712060959.572089895@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210712060843.180606720@linuxfoundation.org> References: <20210712060843.180606720@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Eric Biggers commit 77f30bfcfcf484da7208affd6a9e63406420bf91 upstream. When initializing a no-key name, fscrypt_fname_disk_to_usr() sets the minor_hash to 0 if the (major) hash is 0. This doesn't make sense because 0 is a valid hash code, so we shouldn't ignore the filesystem-provided minor_hash in that case. Fix this by removing the special case for 'hash == 0'. This is an old bug that appears to have originated when the encryption code in ext4 and f2fs was moved into fs/crypto/. The original ext4 and f2fs code passed the hash by pointer instead of by value. So 'if (hash)' actually made sense then, as it was checking whether a pointer was NULL. But now the hashes are passed by value, and filesystems just pass 0 for any hashes they don't have. There is no need to handle this any differently from the hashes actually being 0. It is difficult to reproduce this bug, as it only made a difference in the case where a filename's 32-bit major hash happened to be 0. However, it probably had the largest chance of causing problems on ubifs, since ubifs uses minor_hash to do lookups of no-key names, in addition to using it as a readdir cookie. ext4 only uses minor_hash as a readdir cookie, and f2fs doesn't use minor_hash at all. Fixes: 0b81d0779072 ("fs crypto: move per-file encryption from f2fs tree to fs/crypto") Cc: # v4.6+ Link: https://lore.kernel.org/r/20210527235236.2376556-1-ebiggers@kernel.org Signed-off-by: Eric Biggers Signed-off-by: Greg Kroah-Hartman --- fs/crypto/fname.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) --- a/fs/crypto/fname.c +++ b/fs/crypto/fname.c @@ -344,13 +344,9 @@ int fscrypt_fname_disk_to_usr(const stru offsetof(struct fscrypt_nokey_name, sha256)); BUILD_BUG_ON(BASE64_CHARS(FSCRYPT_NOKEY_NAME_MAX) > NAME_MAX); - if (hash) { - nokey_name.dirhash[0] = hash; - nokey_name.dirhash[1] = minor_hash; - } else { - nokey_name.dirhash[0] = 0; - nokey_name.dirhash[1] = 0; - } + nokey_name.dirhash[0] = hash; + nokey_name.dirhash[1] = minor_hash; + if (iname->len <= sizeof(nokey_name.bytes)) { memcpy(nokey_name.bytes, iname->name, iname->len); size = offsetof(struct fscrypt_nokey_name, bytes[iname->len]);