[v8,0/8] Support for Casefolding and Encryption

Message ID	20200307023611.204708-1-drosen@google.com
Headers	show Return-Path: <linux-ext4-owner@vger.kernel.org> Date: Fri, 6 Mar 2020 18:36:03 -0800 Message-Id: <20200307023611.204708-1-drosen@google.com> Mime-Version: 1.0 Subject: [PATCH v8 0/8] Support for Casefolding and Encryption From: Daniel Rosenberg <drosen@google.com> To: "Theodore Ts'o" <tytso@mit.edu>, linux-ext4@vger.kernel.org, Jaegeuk Kim <jaegeuk@kernel.org>, Chao Yu <chao@kernel.org>, linux-f2fs-devel@lists.sourceforge.net, Eric Biggers <ebiggers@kernel.org>, linux-fscrypt@vger.kernel.org, Alexander Viro <viro@zeniv.linux.org.uk>, Richard Weinberger <richard@nod.at> Cc: linux-mtd@lists.infradead.org, Andreas Dilger <adilger.kernel@dilger.ca>, Jonathan Corbet <corbet@lwn.net>, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Gabriel Krisman Bertazi <krisman@collabora.com>, kernel-team@android.com, Daniel Rosenberg <drosen@google.com> Content-Type: text/plain; charset="UTF-8" Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk
Series	Support for Casefolding and Encryption \| expand [v8,0/8] Support for Casefolding and Encryption [v8,1/8] unicode: Add utf8_casefold_hash [v8,2/8] fs: Add standard casefolding support [v8,3/8] f2fs: Use generic casefolding support [v8,4/8] ext4: Use generic casefolding support [v8,5/8] fscrypt: Export fscrypt_d_revalidate [v8,6/8] libfs: Add generic function for setting dentry_ops [v8,7/8] fscrypt: Have filesystems handle their d_ops [v8,8/8] f2fs: Handle casefolding with Encryption

Message ID

20200307023611.204708-1-drosen@google.com

Headers

Date: Fri,  6 Mar 2020 18:36:03 -0800
Message-Id: <20200307023611.204708-1-drosen@google.com>
Mime-Version: 1.0
Subject: [PATCH v8 0/8] Support for Casefolding and Encryption
From: Daniel Rosenberg <drosen@google.com>
To: "Theodore Ts'o" <tytso@mit.edu>, linux-ext4@vger.kernel.org,
	Jaegeuk Kim <jaegeuk@kernel.org>, Chao Yu <chao@kernel.org>,
	linux-f2fs-devel@lists.sourceforge.net,
	Eric Biggers <ebiggers@kernel.org>, linux-fscrypt@vger.kernel.org,
	Alexander Viro <viro@zeniv.linux.org.uk>,
	Richard Weinberger <richard@nod.at>
Cc: linux-mtd@lists.infradead.org, Andreas Dilger <adilger.kernel@dilger.ca>,
	Jonathan Corbet <corbet@lwn.net>, linux-doc@vger.kernel.org,
	linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	Gabriel Krisman Bertazi <krisman@collabora.com>,
	kernel-team@android.com, Daniel Rosenberg <drosen@google.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-ext4-owner@vger.kernel.org
Precedence: bulk

Series

Support for Casefolding and Encryption | expand

Message

Daniel Rosenberg March 7, 2020, 2:36 a.m. UTC

These patches are all on top of torvalds/master

Ext4 and F2FS currently both support casefolding and encryption, but not at
the same time. These patches aim to rectify that.

I've left off the Ext4 patches that enable casefolding and ecryption from
this revision since they still need some fixups, and I haven't gotten around
to the fsck changes yet.

I moved the identical casefolding dcache operations for ext4 and f2fs into
fs/libfs.c, as all filesystems using casefolded names will want them.

I've also adjust fscrypt to not set it's d_revalidate operation during it's
prepare lookup, instead having the calling filesystem set it up. This is
done to that the filesystem may have it's own dentry_operations. Also added
a helper function in libfs.c that will work for filesystems supporting both
casefolding and fscrypt.

For Ext4, since the hash for encrypted casefolded directory names cannot be
computed without the key, we need to store the hash on disk. We only do so
for encrypted and casefolded directories to avoid on disk format changes.
Previously encryption and casefolding could not be on the same filesystem,
and we're relaxing that requirement. F2fs is a bit more straightforward
since it already stores hashes on disk.

I've updated the related tools with just enough to enable the feature. I
still need to adjust ext4's fsck's, although without access to the keys,
neither fsck will be able to verify the hashes of casefolded and encrypted
names.

v8 changes:
Fixed issue with non-strict_mode fallback for hashing dentry op
Fixed potential RCU/unicode issue in casefolding dentry_ops.
Split "fscrypt: Have filesystems handle their d_ops" into a few smaller patches
Switched ubifs change to also use the dentry op function added in libfs.c
Added hash function in fs/unicode
changed super_block s_encoding_flags to u16. Didn't make unsigned int since
both filesystems using them use them as 16 bits, and want to avoid possible
confusion. Wouldn't really be opposed to that change though
Added kernel doc comments
misc other small adjustments
TODO:
 Investigate moving to a dentry flag to check for casefolding, or otherwise
 conditionally setting the casefolding dentry ops as needed, like fscrypt.
 Currently not done due to some issues with cached negative dentries and
 toggling casefolding on an empty directory.

 Ext4 fsck changes/debugging ext4 patches


v7 changes:
Moved dentry operations from unicode to libfs, added new iterator function
to unicode to allow this.
Added libfs function for setting dentries to remove code duplication between
ext4 and f2fs.

v6 changes:
Went back to using dentry_operations for casefolding. Provided standard
implementations in fs/unicode, avoiding extra allocation in d_hash op.
Moved fscrypt d_ops setting to be filesystem's responsibility to maintain
compatibility with casefolding and overlayfs if casefolding is not used
fixes some f2fs error handling

v4-5: patches submitted on fscrypt

v3 changes:
fscrypt patch only creates hash key if it will be needed.
Rebased on top of fscrypt branch, reconstified match functions in ext4/f2fs

v2 changes:
fscrypt moved to separate thread to rebase on fscrypt dev branch
addressed feedback, plus some minor fixes

Daniel Rosenberg (8):
  unicode: Add utf8_casefold_hash
  fs: Add standard casefolding support
  f2fs: Use generic casefolding support
  ext4: Use generic casefolding support
  fscrypt: Export fscrypt_d_revalidate
  libfs: Add generic function for setting dentry_ops
  fscrypt: Have filesystems handle their d_ops
  f2fs: Handle casefolding with Encryption

 fs/crypto/fname.c           |   7 +-
 fs/crypto/fscrypt_private.h |   1 -
 fs/crypto/hooks.c           |   1 -
 fs/ext4/dir.c               |  51 -----------
 fs/ext4/ext4.h              |  16 ----
 fs/ext4/hash.c              |   2 +-
 fs/ext4/namei.c             |  21 ++---
 fs/ext4/super.c             |  15 ++--
 fs/f2fs/dir.c               | 127 +++++++++++-----------------
 fs/f2fs/f2fs.h              |  18 +---
 fs/f2fs/hash.c              |  27 ++++--
 fs/f2fs/inline.c            |   9 +-
 fs/f2fs/namei.c             |   1 +
 fs/f2fs/super.c             |  17 ++--
 fs/f2fs/sysfs.c             |  10 ++-
 fs/libfs.c                  | 164 ++++++++++++++++++++++++++++++++++++
 fs/ubifs/dir.c              |   1 +
 fs/unicode/utf8-core.c      |  23 ++++-
 include/linux/f2fs_fs.h     |   3 -
 include/linux/fs.h          |  24 ++++++
 include/linux/fscrypt.h     |   6 +-
 include/linux/unicode.h     |   3 +
 22 files changed, 321 insertions(+), 226 deletions(-)

Comments

Eric Biggers March 7, 2020, 5:08 a.m. UTC | #1

On Fri, Mar 06, 2020 at 06:36:03PM -0800, Daniel Rosenberg wrote:
> These patches are all on top of torvalds/master
> 
> Ext4 and F2FS currently both support casefolding and encryption, but not at
> the same time. These patches aim to rectify that.
> 
> I've left off the Ext4 patches that enable casefolding and ecryption from
> this revision since they still need some fixups, and I haven't gotten around
> to the fsck changes yet.
> 
> I moved the identical casefolding dcache operations for ext4 and f2fs into
> fs/libfs.c, as all filesystems using casefolded names will want them.
> 
> I've also adjust fscrypt to not set it's d_revalidate operation during it's
> prepare lookup, instead having the calling filesystem set it up. This is
> done to that the filesystem may have it's own dentry_operations. Also added
> a helper function in libfs.c that will work for filesystems supporting both
> casefolding and fscrypt.
> 
> For Ext4, since the hash for encrypted casefolded directory names cannot be
> computed without the key, we need to store the hash on disk. We only do so
> for encrypted and casefolded directories to avoid on disk format changes.
> Previously encryption and casefolding could not be on the same filesystem,
> and we're relaxing that requirement. F2fs is a bit more straightforward
> since it already stores hashes on disk.
> 
> I've updated the related tools with just enough to enable the feature. I
> still need to adjust ext4's fsck's, although without access to the keys,
> neither fsck will be able to verify the hashes of casefolded and encrypted
> names.
> 

Can you please do some more testing?  Just playing around with casefolding (not
even encryption yet), it didn't take long to notice some problems.  E.g.

$ mkfs.f2fs -f -C utf8 /dev/vdc
$ mount /vdc
$ mkdir /vdc/dir
$ chattr +F /vdc/dir
$ echo foo > /vdc/dir/a
$ cat /vdc/dir/A
foo
$ rm /vdc/dir/a
$ cat /vdc/dir/A
foo

I.e. 'rm' only deleted "a", not "A", even though they're the same file.

Also, there's a casefolding test in xfstests, and with this patchset applied it
fails and causes kernel warnings.  It passes without this patchset applied.

$ kvm-xfstests -c f2fs -g casefold

[...]
[    5.947961] ------------[ cut here ]------------
[    5.948714] WARNING: CPU: 1 PID: 1053 at fs/inode.c:302 drop_nlink+0x1e/0x30
[    5.949742] CPU: 1 PID: 1053 Comm: rm Not tainted 5.6.0-rc4-00008-gf9c20981ece1 #4
[    5.950835] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20191223_100556-anatol 04/01/2014
[    5.952234] RIP: 0010:drop_nlink+0x1e/0x30
[    5.952838] Code: 44 24 10 eb da 0f 0b 0f 1f 44 00 00 8b 47 40 8d 50 ff 85 c0 74 14 85 d2 89 57 40 75 0c 48 8b 47 28 f0 48 ff 80 98 5
[    5.955509] RSP: 0018:ffffc90001633d60 EFLAGS: 00010246
[    5.956273] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000000000
[    5.957303] RDX: 00000000ffffffff RSI: 0000000000000001 RDI: ffff88807a84d688
[    5.958332] RBP: ffffc90001633d90 R08: 0000000000000000 R09: 0000000000000000
[    5.959363] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88807a84d688
[    5.960392] R13: ffff88807cf97648 R14: ffff88807a84da50 R15: ffff8880776bc000
[    5.961424] FS:  00007f7003d12540(0000) GS:ffff88807fd00000(0000) knlGS:0000000000000000
[    5.962588] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    5.963422] CR2: 000055a037bf5448 CR3: 00000000780ad000 CR4: 00000000003406e0
[    5.964453] Call Trace:
[    5.964828]  ? f2fs_drop_nlink+0x56/0x140
[    5.965417]  f2fs_delete_inline_entry+0x19e/0x1e0
[    5.966106]  f2fs_delete_entry+0x1be/0x320
[    5.966705]  f2fs_unlink+0x10c/0x360
[    5.967239]  vfs_unlink+0xf1/0x1d0
[    5.967747]  do_unlinkat+0x188/0x2c0
[    5.968254]  __x64_sys_unlinkat+0x33/0x50
[    5.968709]  do_syscall_64+0x4a/0x1f0
[    5.969130]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[    5.969533] RIP: 0033:0x7f7003c3bff7
[    5.969804] Code: 73 01 c3 48 8b 0d 99 ee 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 8
[    5.971154] RSP: 002b:00007ffde2c23588 EFLAGS: 00000206 ORIG_RAX: 0000000000000107
[    5.971707] RAX: ffffffffffffffda RBX: 000055a037bf5570 RCX: 00007f7003c3bff7
[    5.972242] RDX: 0000000000000000 RSI: 000055a037bf4340 RDI: 00000000ffffff9c
[    5.972774] RBP: 000055a037bf42b0 R08: 0000000000000003 R09: 0000000000000000
[    5.973305] R10: fffffffffffffbd8 R11: 0000000000000206 R12: 00007ffde2c23770
[    5.973837] R13: 0000000000000000 R14: 000055a037bf5570 R15: 0000000000000000
[    5.974367] irq event stamp: 1134
[    5.974621] hardirqs last  enabled at (1133): [<ffffffff810f6645>] ktime_get_coarse_real_ts64+0x95/0xb0
[    5.975321] hardirqs last disabled at (1134): [<ffffffff81001b79>] trace_hardirqs_off_thunk+0x1a/0x1c
[    5.976003] softirqs last  enabled at (502): [<ffffffff8102ab53>] fpu__clear+0xb3/0x1b0
[    5.976586] softirqs last disabled at (500): [<ffffffff8102ab15>] fpu__clear+0x75/0x1b0
[    5.977181] ---[ end trace 31b6c5defdf04f01 ]---
[    5.989770] ------------[ cut here ]------------
[...]
[failed, exit status 1] [21:03:50]- output mismatch (see /results/f2fs/results-default/generic/556.out.bad)
    --- tests/generic/556.out	2020-02-18 11:22:36.000000000 -0800
    +++ /results/f2fs/results-default/generic/556.out.bad	2020-03-06 21:03:50.783730049 -0800
    @@ -12,5 +12,5 @@
     # file: SCRATCH_MNT/xattrs/x/f1
     user.foo="bar"
     
    -touch: setting times of 'SCRATCH_MNT/strict/corac'$'\314\247\303': Invalid argument
    -touch: setting times of 'SCRATCH_MNT/strict/cora'$'\303\247\303': Invalid argument
    +_check_generic_filesystem: filesystem on /dev/vdc is inconsistent
    +(see /results/f2fs/results-default/generic/556.full for details)
    ...
    (Run 'diff -u /root/xfstests/tests/generic/556.out /results/f2fs/results-default/generic/556.out.bad'  to see the entire diff)
Ran: generic/556
Failures: generic/556
Failed 1 of 1 tests