tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

f2fs: don't use casefolded comparison for "." and ".."

Tryng to rename a directory that has all following properties fails with
EINVAL and triggers the 'WARN_ON_ONCE(!fscrypt_has_encryption_key(dir))'
in f2fs_match_ci_name():

- The directory is casefolded
- The directory is encrypted
- The directory's encryption key is not yet set up
- The parent directory is *not* encrypted

The problem is incorrect handling of the lookup of ".." to get the
parent reference to update. fscrypt_setup_filename() treats ".." (and
".") specially, as it's never encrypted. It's passed through as-is, and
setting up the directory's key is not attempted. As the name isn't a
no-key name, f2fs treats it as a "normal" name and attempts a casefolded
comparison. That breaks the assumption of the WARN_ON_ONCE() in
f2fs_match_ci_name() which assumes that for encrypted directories,
casefolded comparisons only happen when the directory's key is set up.

We could just remove this WARN_ON_ONCE(). However, since casefolding is
always a no-op on "." and ".." anyway, let's instead just not casefold
these names. This results in the standard bytewise comparison.

Fixes: 7ad08a58bf67 ("f2fs: Handle casefolding with Encryption")
Cc: <stable@vger.kernel.org> # v5.11+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Gabriel Krisman Bertazi <krisman@collabora.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>

authored by

Eric Biggers and committed by
Jaegeuk Kim b5639bb4 c81d5bae

+13 -11
+2 -1
fs/f2fs/dir.c
··· 82 82 #if IS_ENABLED(CONFIG_UNICODE) 83 83 struct super_block *sb = dir->i_sb; 84 84 85 - if (IS_CASEFOLDED(dir)) { 85 + if (IS_CASEFOLDED(dir) && 86 + !is_dot_dotdot(fname->usr_fname->name, fname->usr_fname->len)) { 86 87 fname->cf_name.name = f2fs_kmem_cache_alloc(f2fs_cf_name_slab, 87 88 GFP_NOFS, false, F2FS_SB(sb)); 88 89 if (!fname->cf_name.name)
+5 -5
fs/f2fs/f2fs.h
··· 508 508 #if IS_ENABLED(CONFIG_UNICODE) 509 509 /* 510 510 * For casefolded directories: the casefolded name, but it's left NULL 511 - * if the original name is not valid Unicode, if the directory is both 512 - * casefolded and encrypted and its encryption key is unavailable, or if 513 - * the filesystem is doing an internal operation where usr_fname is also 514 - * NULL. In all these cases we fall back to treating the name as an 515 - * opaque byte sequence. 511 + * if the original name is not valid Unicode, if the original name is 512 + * "." or "..", if the directory is both casefolded and encrypted and 513 + * its encryption key is unavailable, or if the filesystem is doing an 514 + * internal operation where usr_fname is also NULL. In all these cases 515 + * we fall back to treating the name as an opaque byte sequence. 516 516 */ 517 517 struct fscrypt_str cf_name; 518 518 #endif
+6 -5
fs/f2fs/hash.c
··· 91 91 /* 92 92 * Compute @fname->hash. For all directories, @fname->disk_name must be set. 93 93 * For casefolded directories, @fname->usr_fname must be set, and also 94 - * @fname->cf_name if the filename is valid Unicode. 94 + * @fname->cf_name if the filename is valid Unicode and is not "." or "..". 95 95 */ 96 96 void f2fs_hash_filename(const struct inode *dir, struct f2fs_filename *fname) 97 97 { ··· 110 110 /* 111 111 * If the casefolded name is provided, hash it instead of the 112 112 * on-disk name. If the casefolded name is *not* provided, that 113 - * should only be because the name wasn't valid Unicode, so fall 114 - * back to treating the name as an opaque byte sequence. Note 115 - * that to handle encrypted directories, the fallback must use 116 - * usr_fname (plaintext) rather than disk_name (ciphertext). 113 + * should only be because the name wasn't valid Unicode or was 114 + * "." or "..", so fall back to treating the name as an opaque 115 + * byte sequence. Note that to handle encrypted directories, 116 + * the fallback must use usr_fname (plaintext) rather than 117 + * disk_name (ciphertext). 117 118 */ 118 119 WARN_ON_ONCE(!fname->usr_fname->name); 119 120 if (fname->cf_name.name) {