Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp998099pxj; Thu, 27 May 2021 17:24:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy5rwekaG71bAGDFEHgj5NrRJuDTcjrLb19mi3HPHBPpub1x/WrHHc0HIzjDuOqT3lOXLex X-Received: by 2002:a05:6e02:92f:: with SMTP id o15mr5193634ilt.127.1622161478410; Thu, 27 May 2021 17:24:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622161478; cv=none; d=google.com; s=arc-20160816; b=SkYNTH3KBowm+hsFGaV/mjbumywyxNr7po6qYnvq+JKOaal/xXAGEuuXOfTu5T7tw/ nn8fLDWZys/ncDe6IOc6qPcU/8hJEAyugxzup4IpkyZMHSU0ErzO1Y+kqOLpRZFmn1dr OyYamSFA7i6wfvGI7wsd67CI5xu8ivlijPEt25Z/ymHVOGd51fVux1HQYYml4uHXyCsO Bng7aoYZz72dul8dwzYg/3P6e7OGBpE52VhAxzpPpcv558ZZWcR7uYceEQggaBx24miP XIcFMll8OFJG1pmDwIpVHAk/o/EvGjOHbC/DFWU28gdV6SwWWTKJQxpuQutCIX6OGQsA L+lw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=XbpS8EXHuhK2vNlcAO6MLFE9rILJlt6WjcSqqYSq5z0=; b=RJPrzmOcfUxuMvVwL8wJQV2MrtsuE9cizEJgjdoMQ8WIfLIdZ5fQl4gAuycz+y/Hqc kyREvdIxPuF2IlgpHst1Q/IAMYjVwbtVg/NrmfyTlhduoImMXzPapqpFQIe8P3wd2pUe INg0/6HLFPU9V+X+sfWb3EB7Zh6EqZfeImK/HBRnDVtKrUKaKkQn8raIyWO5Q3ZKRv08 oNkPY83J+pWv+ieavtMPBcaoM/A8df8xKJubluyHRxHv2nppGbD3rWUZTonC5k3itiR9 oaitRvi8YsZ7RX0nhar++PTHySwUdcOu0wGMwhVej5AlL+fvzWQXlNAUiD6Smfr2DQEq lXfA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=hkto4pcL; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o1si4389960jat.48.2021.05.27.17.24.25; Thu, 27 May 2021 17:24:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=hkto4pcL; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235640AbhE0Xyv (ORCPT + 99 others); Thu, 27 May 2021 19:54:51 -0400 Received: from mail.kernel.org ([198.145.29.99]:43950 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233938AbhE0Xyv (ORCPT ); Thu, 27 May 2021 19:54:51 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 6C18A61178; Thu, 27 May 2021 23:53:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1622159597; bh=unu2CwRiIklLEI2TXoBveyWjP3PNdHwKr8/qOcOwHz0=; h=From:To:Cc:Subject:Date:From; b=hkto4pcLDdjg2amAWXxT+C//4V+e6tlGib27nP72HTOxXnR12jea3mWhtLFQ4dm0E 7gwn3yhQgn+Q9mY4pgnnWtM19dxKvdC+D3JFlgXKY/zQbcHieUH1I/os3kiQaWnWa8 7StchJcisGJpEhNQxJQIlaL4KJC1m3VRSS7Ju1ZaDoe77Col5CYNf88ewi/OFQ5RKw 7Yt6KfSlRbCNsUcDqAKmbR4xtASP6DXqsDDkYHSQCDHe3Giqjl6WSFc6N/76VUO+uy lYdSz5Vj1wzt8WHYuF05AytMP14o1V84uCWmMHAo1pYLmHfHcHGtrLFxeYcYzlanQI EH1Gc8b/jdHLw== From: Eric Biggers To: linux-fscrypt@vger.kernel.org Cc: linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-mtd@lists.infradead.org, stable@vger.kernel.org Subject: [PATCH] fscrypt: don't ignore minor_hash when hash is 0 Date: Thu, 27 May 2021 16:52:36 -0700 Message-Id: <20210527235236.2376556-1-ebiggers@kernel.org> X-Mailer: git-send-email 2.32.0.rc0.204.g9fa02ecfa5-goog MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org From: Eric Biggers When initializing a no-key name, fscrypt_fname_disk_to_usr() sets the minor_hash to 0 if the (major) hash is 0. This doesn't make sense because 0 is a valid hash code, so we shouldn't ignore the filesystem-provided minor_hash in that case. Fix this by removing the special case for 'hash == 0'. This is an old bug that appears to have originated when the encryption code in ext4 and f2fs was moved into fs/crypto/. The original ext4 and f2fs code passed the hash by pointer instead of by value. So 'if (hash)' actually made sense then, as it was checking whether a pointer was NULL. But now the hashes are passed by value, and filesystems just pass 0 for any hashes they don't have. There is no need to handle this any differently from the hashes actually being 0. It is difficult to reproduce this bug, as it only made a difference in the case where a filename's 32-bit major hash happened to be 0. However, it probably had the largest chance of causing problems on ubifs, since ubifs uses minor_hash to do lookups of no-key names, in addition to using it as a readdir cookie. ext4 only uses minor_hash as a readdir cookie, and f2fs doesn't use minor_hash at all. Fixes: 0b81d0779072 ("fs crypto: move per-file encryption from f2fs tree to fs/crypto") Cc: # v4.6+ Signed-off-by: Eric Biggers --- fs/crypto/fname.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c index 6ca7d16593ff..d00455440d08 100644 --- a/fs/crypto/fname.c +++ b/fs/crypto/fname.c @@ -344,13 +344,9 @@ int fscrypt_fname_disk_to_usr(const struct inode *inode, offsetof(struct fscrypt_nokey_name, sha256)); BUILD_BUG_ON(BASE64_CHARS(FSCRYPT_NOKEY_NAME_MAX) > NAME_MAX); - if (hash) { - nokey_name.dirhash[0] = hash; - nokey_name.dirhash[1] = minor_hash; - } else { - nokey_name.dirhash[0] = 0; - nokey_name.dirhash[1] = 0; - } + nokey_name.dirhash[0] = hash; + nokey_name.dirhash[1] = minor_hash; + if (iname->len <= sizeof(nokey_name.bytes)) { memcpy(nokey_name.bytes, iname->name, iname->len); size = offsetof(struct fscrypt_nokey_name, bytes[iname->len]); base-commit: c4681547bcce777daf576925a966ffa824edd09d -- 2.32.0.rc0.204.g9fa02ecfa5-goog