Commit e37a784d authored by Eric Biggers's avatar Eric Biggers Committed by Theodore Ts'o

fscrypt: use READ_ONCE() to access ->i_crypt_info

->i_crypt_info starts out NULL and may later be locklessly set to a
non-NULL value by the cmpxchg() in fscrypt_get_encryption_info().

But ->i_crypt_info is used directly, which technically is incorrect.
It's a data race, and it doesn't include the data dependency barrier
needed to safely dereference the pointer on at least one architecture.

Fix this by using READ_ONCE() instead.  Note: we don't need to use
smp_load_acquire(), since dereferencing the pointer only requires a data
dependency barrier, which is already included in READ_ONCE().  We also
don't need READ_ONCE() in places where ->i_crypt_info is unconditionally
dereferenced, since it must have already been checked.

Also downgrade the cmpxchg() to cmpxchg_release(), since RELEASE
semantics are sufficient on the write side.
Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
parent ff5d3a97
...@@ -328,7 +328,7 @@ static int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags) ...@@ -328,7 +328,7 @@ static int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags)
spin_lock(&dentry->d_lock); spin_lock(&dentry->d_lock);
cached_with_key = dentry->d_flags & DCACHE_ENCRYPTED_WITH_KEY; cached_with_key = dentry->d_flags & DCACHE_ENCRYPTED_WITH_KEY;
spin_unlock(&dentry->d_lock); spin_unlock(&dentry->d_lock);
dir_has_key = (d_inode(dir)->i_crypt_info != NULL); dir_has_key = fscrypt_has_encryption_key(d_inode(dir));
dput(dir); dput(dir);
/* /*
......
...@@ -269,7 +269,7 @@ int fscrypt_fname_disk_to_usr(struct inode *inode, ...@@ -269,7 +269,7 @@ int fscrypt_fname_disk_to_usr(struct inode *inode,
if (iname->len < FS_CRYPTO_BLOCK_SIZE) if (iname->len < FS_CRYPTO_BLOCK_SIZE)
return -EUCLEAN; return -EUCLEAN;
if (inode->i_crypt_info) if (fscrypt_has_encryption_key(inode))
return fname_decrypt(inode, iname, oname); return fname_decrypt(inode, iname, oname);
if (iname->len <= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE) { if (iname->len <= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE) {
...@@ -336,7 +336,7 @@ int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname, ...@@ -336,7 +336,7 @@ int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname,
if (ret) if (ret)
return ret; return ret;
if (dir->i_crypt_info) { if (fscrypt_has_encryption_key(dir)) {
if (!fscrypt_fname_encrypted_size(dir, iname->len, if (!fscrypt_fname_encrypted_size(dir, iname->len,
dir->i_sb->s_cop->max_namelen, dir->i_sb->s_cop->max_namelen,
&fname->crypto_buf.len)) &fname->crypto_buf.len))
......
...@@ -509,7 +509,7 @@ int fscrypt_get_encryption_info(struct inode *inode) ...@@ -509,7 +509,7 @@ int fscrypt_get_encryption_info(struct inode *inode)
u8 *raw_key = NULL; u8 *raw_key = NULL;
int res; int res;
if (inode->i_crypt_info) if (fscrypt_has_encryption_key(inode))
return 0; return 0;
res = fscrypt_initialize(inode->i_sb->s_cop->flags); res = fscrypt_initialize(inode->i_sb->s_cop->flags);
...@@ -573,7 +573,7 @@ int fscrypt_get_encryption_info(struct inode *inode) ...@@ -573,7 +573,7 @@ int fscrypt_get_encryption_info(struct inode *inode)
if (res) if (res)
goto out; goto out;
if (cmpxchg(&inode->i_crypt_info, NULL, crypt_info) == NULL) if (cmpxchg_release(&inode->i_crypt_info, NULL, crypt_info) == NULL)
crypt_info = NULL; crypt_info = NULL;
out: out:
if (res == -ENOKEY) if (res == -ENOKEY)
......
...@@ -194,8 +194,8 @@ int fscrypt_has_permitted_context(struct inode *parent, struct inode *child) ...@@ -194,8 +194,8 @@ int fscrypt_has_permitted_context(struct inode *parent, struct inode *child)
res = fscrypt_get_encryption_info(child); res = fscrypt_get_encryption_info(child);
if (res) if (res)
return 0; return 0;
parent_ci = parent->i_crypt_info; parent_ci = READ_ONCE(parent->i_crypt_info);
child_ci = child->i_crypt_info; child_ci = READ_ONCE(child->i_crypt_info);
if (parent_ci && child_ci) { if (parent_ci && child_ci) {
return memcmp(parent_ci->ci_master_key_descriptor, return memcmp(parent_ci->ci_master_key_descriptor,
...@@ -246,7 +246,7 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child, ...@@ -246,7 +246,7 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child,
if (res < 0) if (res < 0)
return res; return res;
ci = parent->i_crypt_info; ci = READ_ONCE(parent->i_crypt_info);
if (ci == NULL) if (ci == NULL)
return -ENOKEY; return -ENOKEY;
......
...@@ -79,7 +79,8 @@ struct fscrypt_ctx { ...@@ -79,7 +79,8 @@ struct fscrypt_ctx {
static inline bool fscrypt_has_encryption_key(const struct inode *inode) static inline bool fscrypt_has_encryption_key(const struct inode *inode)
{ {
return (inode->i_crypt_info != NULL); /* pairs with cmpxchg_release() in fscrypt_get_encryption_info() */
return READ_ONCE(inode->i_crypt_info) != NULL;
} }
static inline bool fscrypt_dummy_context_enabled(struct inode *inode) static inline bool fscrypt_dummy_context_enabled(struct inode *inode)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment