Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp2918827rwr; Fri, 21 Apr 2023 17:04:31 -0700 (PDT) X-Google-Smtp-Source: AKy350YL5agkaFWsVbZ6HR2+o4LixzAZMKFhZf8C2MbifMBS71g/jYdcyyhI//DGQplzy64SXwCC X-Received: by 2002:a05:6a20:a581:b0:f0:2ba6:8406 with SMTP id bc1-20020a056a20a58100b000f02ba68406mr7457028pzb.26.1682121871520; Fri, 21 Apr 2023 17:04:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1682121871; cv=none; d=google.com; s=arc-20160816; b=QxZcj9x4eCFrB0PdhhWvdeBBBrVLphLdyBgbUHk7NL4BggmBc0C/DWAVS8vJ0olYob utGhdufP+VUgRUPSZGquJn0qQYfGXMh2KZ622tYyMUM5QVMA/FMukyhKzss1fe6Yi4s3 KSfTDBBvfEq9waEexZ+4A7/n8AcheGP1tJlt+n4RMJrGVnPgaGFeyU9ZChuMLkL6Xywm GYRldWlHZVr1I+etDHT051rSzfgwvDzPfTJntbJRJrNWzibMHU6nb08XK/VRbl4dtGYU Zfguc+BlifSEVvtQbh/4KlayCdN+SPl1k+n4YdCFaWdb3W5Z29cw6kdhJQMscstr0D9w uucg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:dkim-signature; bh=e/QY3Q5AUsGwoQIvTobRrxWyVBRqL+pLZ7lAXnxVniA=; b=CtsCrxJYLdgqCD1BzIgDxrmKxfT9YiJVGpNXROTPPhTB2NMFDma8oYMnffgOczoKYK 7nK5BXsiSB6nAAWCMD8n+Qc7tgZ4C69MAY9Z1BenGIeWSBEfg2sRKK6yFkqXg62M6hyM s3iV09WAZQ3AgcMClmgw1ePkBSM+GwqYkvoqsO8dwmMQiNneWQG6Nw4UAUcQ3YCMUgCH aHqxfJ1lWfW6opDmb+v/GIy0dFLhZJ25TobxwOy16WeADdJC1C7N1PCTVvn2T/J20B5m FePoewSmXQhW7219qzKfGsPdnM8AI80ixlHKkhQYjulq0H0xLrR2FF0djxvfGhPLnoyJ Mz7Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=Op+Kfj7X; dkim=neutral (no key) header.i=@suse.de; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v10-20020a63610a000000b00513edc81581si5634788pgb.287.2023.04.21.17.03.55; Fri, 21 Apr 2023 17:04:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=Op+Kfj7X; dkim=neutral (no key) header.i=@suse.de; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233855AbjDVADe (ORCPT + 99 others); Fri, 21 Apr 2023 20:03:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45588 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233655AbjDVADV (ORCPT ); Fri, 21 Apr 2023 20:03:21 -0400 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C4AF4212D; Fri, 21 Apr 2023 17:03:17 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 657AF21A5B; Sat, 22 Apr 2023 00:03:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1682121796; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=e/QY3Q5AUsGwoQIvTobRrxWyVBRqL+pLZ7lAXnxVniA=; b=Op+Kfj7XzhSC/JQ5ZdrCSs6iEhM9I/dk6A84frFvXNjAwUT+kJkUlDW66GsQhlRX8sMaGZ DiSLat+3a+O6OVs4xj8BLg7i9W9TQ+kO0MM4AoKFLHiNLeKRIgZhSTPG947vw+5rq68n2O PkHPzYz4yrfykWsVzei31krRywhEkDk= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1682121796; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=e/QY3Q5AUsGwoQIvTobRrxWyVBRqL+pLZ7lAXnxVniA=; b=rDMOkG17UzGXLEFJ/PefeRg+cEc2AaWZcRH/R1l4/8dZFnlLtDjx4TlwdEt8+i0AvOitBN +Da5xomtTMb2O8Aw== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 2F08E1358E; Sat, 22 Apr 2023 00:03:16 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id 34TjBUQkQ2TldwAAMHmgww (envelope-from ); Sat, 22 Apr 2023 00:03:16 +0000 From: Gabriel Krisman Bertazi To: viro@zeniv.linux.org.uk, brauner@kernel.org Cc: tytso@mit.edu, jaegeuk@kernel.org, ebiggers@kernel.org, linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, krisman@suse.de Subject: [PATCH v2 3/7] libfs: Validate negative dentries in case-insensitive directories Date: Fri, 21 Apr 2023 20:03:06 -0400 Message-Id: <20230422000310.1802-4-krisman@suse.de> X-Mailer: git-send-email 2.40.0 In-Reply-To: <20230422000310.1802-1-krisman@suse.de> References: <20230422000310.1802-1-krisman@suse.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_FILL_THIS_FORM_SHORT,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org From: Gabriel Krisman Bertazi Introduce a dentry revalidation helper to be used by case-insensitive filesystems to check if it is safe to reuse a negative dentry. A negative dentry is safe to be reused on a case-insensitive lookup if it was created during a case-insensitive lookup and this is not a lookup that will instantiate a dentry. If this is a creation lookup, we also need to make sure the name matches sensitively the name under lookup in order to assure the name preserving semantics. dentry->d_name is only checked by the case-insensitive d_revalidate hook in the LOOKUP_CREATE/LOOKUP_RENAME_TARGET case since, for these cases, d_revalidate is always called with the parent inode locked, and therefore the name cannot change from under us. d_revalidate is only called in 4 places: lookup_dcache, __lookup_slow, lookup_open and lookup_fast: - lookup_dcache always calls it with zeroed flags, with the exception of when coming from __lookup_hash, which needs the parent locked already, for instance in the open/creation path, which is locked in open_last_lookups. - In __lookup_slow, either the parent inode is locked by the caller (lookup_slow), or it is called with no flags (lookup_one/lookup_one_len). - lookup_open also requires the parent to be locked in the creation case, which is done in open_last_lookups. - lookup_fast will indeed be called with the parent unlocked, but it shouldn't be called with LOOKUP_CREATE. Either it is called in the link_path_walk, where nd->flags doesn't have LOOKUP_CREATE yet or in open_last_lookups. But, in this case, it also never has LOOKUP_CREATE, because it is only called on the !O_CREAT case, which means op->intent doesn't have LOOKUP_CREAT (set in build_open_flags only if O_CREAT is set). Finally, for the LOOKUP_RENAME_TARGET, we are doing a rename, so the parents inodes are also be locked. Reviewed-by: Theodore Ts'o Signed-off-by: Gabriel Krisman Bertazi --- fs/libfs.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/fs/libfs.c b/fs/libfs.c index 4eda519c3002..f8881e29c5d5 100644 --- a/fs/libfs.c +++ b/fs/libfs.c @@ -1467,9 +1467,43 @@ static int generic_ci_d_hash(const struct dentry *dentry, struct qstr *str) return 0; } +static inline int generic_ci_d_revalidate(struct dentry *dentry, + const struct qstr *name, + unsigned int flags) +{ + int is_creation = flags & (LOOKUP_CREATE | LOOKUP_RENAME_TARGET); + + if (d_is_negative(dentry)) { + const struct dentry *parent = READ_ONCE(dentry->d_parent); + const struct inode *dir = READ_ONCE(parent->d_inode); + + if (dir && needs_casefold(dir)) { + if (!d_is_casefold_lookup(dentry)) + return 0; + + if (is_creation) { + /* + * dentry->d_name won't change from under us in + * the is_creation path only, since d_revalidate + * during creation and renames is always called + * with the parent inode locked. This isn't the + * case for all lookup callpaths, so it should + * not be accessed outside + * (LOOKUP_CREATE|LOOKUP_RENAME_TARGET) context. + */ + if (dentry->d_name.len != name->len || + memcmp(dentry->d_name.name, name->name, name->len)) + return 0; + } + } + } + return 1; +} + static const struct dentry_operations generic_ci_dentry_ops = { .d_hash = generic_ci_d_hash, .d_compare = generic_ci_d_compare, + .d_revalidate_name = generic_ci_d_revalidate, }; #endif -- 2.40.0