]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
4.19-stable patches
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 13 Sep 2021 09:33:36 +0000 (11:33 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 13 Sep 2021 09:33:36 +0000 (11:33 +0200)
added patches:
ext4-report-correct-st_size-for-encrypted-symlinks.patch
f2fs-report-correct-st_size-for-encrypted-symlinks.patch
fscrypt-add-fscrypt_symlink_getattr-for-computing-st_size.patch
ubifs-report-correct-st_size-for-encrypted-symlinks.patch

queue-4.19/ext4-report-correct-st_size-for-encrypted-symlinks.patch [new file with mode: 0644]
queue-4.19/f2fs-report-correct-st_size-for-encrypted-symlinks.patch [new file with mode: 0644]
queue-4.19/fscrypt-add-fscrypt_symlink_getattr-for-computing-st_size.patch [new file with mode: 0644]
queue-4.19/series
queue-4.19/ubifs-report-correct-st_size-for-encrypted-symlinks.patch [new file with mode: 0644]

diff --git a/queue-4.19/ext4-report-correct-st_size-for-encrypted-symlinks.patch b/queue-4.19/ext4-report-correct-st_size-for-encrypted-symlinks.patch
new file mode 100644 (file)
index 0000000..0d46912
--- /dev/null
@@ -0,0 +1,53 @@
+From foo@baz Mon Sep 13 11:31:12 AM CEST 2021
+From: Eric Biggers <ebiggers@kernel.org>
+Date: Wed,  8 Sep 2021 14:50:31 -0700
+Subject: ext4: report correct st_size for encrypted symlinks
+To: stable@vger.kernel.org
+Cc: linux-fscrypt@vger.kernel.org, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-mtd@lists.infradead.org
+Message-ID: <20210908215033.1122580-3-ebiggers@kernel.org>
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit 8c4bca10ceafc43b1ca0a9fab5fa27e13cbce99e upstream.
+
+The stat() family of syscalls report the wrong size for encrypted
+symlinks, which has caused breakage in several userspace programs.
+
+Fix this by calling fscrypt_symlink_getattr() after ext4_getattr() for
+encrypted symlinks.  This function computes the correct size by reading
+and decrypting the symlink target (if it's not already cached).
+
+For more details, see the commit which added fscrypt_symlink_getattr().
+
+Fixes: f348c252320b ("ext4 crypto: add symlink encryption")
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20210702065350.209646-3-ebiggers@kernel.org
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ext4/symlink.c |   11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+--- a/fs/ext4/symlink.c
++++ b/fs/ext4/symlink.c
+@@ -52,10 +52,19 @@ static const char *ext4_encrypted_get_li
+       return paddr;
+ }
++static int ext4_encrypted_symlink_getattr(const struct path *path,
++                                        struct kstat *stat, u32 request_mask,
++                                        unsigned int query_flags)
++{
++      ext4_getattr(path, stat, request_mask, query_flags);
++
++      return fscrypt_symlink_getattr(path, stat);
++}
++
+ const struct inode_operations ext4_encrypted_symlink_inode_operations = {
+       .get_link       = ext4_encrypted_get_link,
+       .setattr        = ext4_setattr,
+-      .getattr        = ext4_getattr,
++      .getattr        = ext4_encrypted_symlink_getattr,
+       .listxattr      = ext4_listxattr,
+ };
diff --git a/queue-4.19/f2fs-report-correct-st_size-for-encrypted-symlinks.patch b/queue-4.19/f2fs-report-correct-st_size-for-encrypted-symlinks.patch
new file mode 100644 (file)
index 0000000..87b1cf3
--- /dev/null
@@ -0,0 +1,52 @@
+From foo@baz Mon Sep 13 11:31:12 AM CEST 2021
+From: Eric Biggers <ebiggers@kernel.org>
+Date: Wed,  8 Sep 2021 14:50:32 -0700
+Subject: f2fs: report correct st_size for encrypted symlinks
+To: stable@vger.kernel.org
+Cc: linux-fscrypt@vger.kernel.org, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-mtd@lists.infradead.org
+Message-ID: <20210908215033.1122580-4-ebiggers@kernel.org>
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit 461b43a8f92e68e96c4424b31e15f2b35f1bbfa9 upstream.
+
+The stat() family of syscalls report the wrong size for encrypted
+symlinks, which has caused breakage in several userspace programs.
+
+Fix this by calling fscrypt_symlink_getattr() after f2fs_getattr() for
+encrypted symlinks.  This function computes the correct size by reading
+and decrypting the symlink target (if it's not already cached).
+
+For more details, see the commit which added fscrypt_symlink_getattr().
+
+Fixes: cbaf042a3cc6 ("f2fs crypto: add symlink encryption")
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20210702065350.209646-4-ebiggers@kernel.org
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/f2fs/namei.c |   11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+--- a/fs/f2fs/namei.c
++++ b/fs/f2fs/namei.c
+@@ -1219,9 +1219,18 @@ static const char *f2fs_encrypted_get_li
+       return target;
+ }
++static int f2fs_encrypted_symlink_getattr(const struct path *path,
++                                        struct kstat *stat, u32 request_mask,
++                                        unsigned int query_flags)
++{
++      f2fs_getattr(path, stat, request_mask, query_flags);
++
++      return fscrypt_symlink_getattr(path, stat);
++}
++
+ const struct inode_operations f2fs_encrypted_symlink_inode_operations = {
+       .get_link       = f2fs_encrypted_get_link,
+-      .getattr        = f2fs_getattr,
++      .getattr        = f2fs_encrypted_symlink_getattr,
+       .setattr        = f2fs_setattr,
+ #ifdef CONFIG_F2FS_FS_XATTR
+       .listxattr      = f2fs_listxattr,
diff --git a/queue-4.19/fscrypt-add-fscrypt_symlink_getattr-for-computing-st_size.patch b/queue-4.19/fscrypt-add-fscrypt_symlink_getattr-for-computing-st_size.patch
new file mode 100644 (file)
index 0000000..58f7567
--- /dev/null
@@ -0,0 +1,148 @@
+From foo@baz Mon Sep 13 11:31:12 AM CEST 2021
+From: Eric Biggers <ebiggers@kernel.org>
+Date: Wed,  8 Sep 2021 14:50:30 -0700
+Subject: fscrypt: add fscrypt_symlink_getattr() for computing st_size
+To: stable@vger.kernel.org
+Cc: linux-fscrypt@vger.kernel.org, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-mtd@lists.infradead.org
+Message-ID: <20210908215033.1122580-2-ebiggers@kernel.org>
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit d18760560593e5af921f51a8c9b64b6109d634c2 upstream.
+
+Add a helper function fscrypt_symlink_getattr() which will be called
+from the various filesystems' ->getattr() methods to read and decrypt
+the target of encrypted symlinks in order to report the correct st_size.
+
+Detailed explanation:
+
+As required by POSIX and as documented in various man pages, st_size for
+a symlink is supposed to be the length of the symlink target.
+Unfortunately, st_size has always been wrong for encrypted symlinks
+because st_size is populated from i_size from disk, which intentionally
+contains the length of the encrypted symlink target.  That's slightly
+greater than the length of the decrypted symlink target (which is the
+symlink target that userspace usually sees), and usually won't match the
+length of the no-key encoded symlink target either.
+
+This hadn't been fixed yet because reporting the correct st_size would
+require reading the symlink target from disk and decrypting or encoding
+it, which historically has been considered too heavyweight to do in
+->getattr().  Also historically, the wrong st_size had only broken a
+test (LTP lstat03) and there were no known complaints from real users.
+(This is probably because the st_size of symlinks isn't used too often,
+and when it is, typically it's for a hint for what buffer size to pass
+to readlink() -- which a slightly-too-large size still works for.)
+
+However, a couple things have changed now.  First, there have recently
+been complaints about the current behavior from real users:
+
+- Breakage in rpmbuild:
+  https://github.com/rpm-software-management/rpm/issues/1682
+  https://github.com/google/fscrypt/issues/305
+
+- Breakage in toybox cpio:
+  https://www.mail-archive.com/toybox@lists.landley.net/msg07193.html
+
+- Breakage in libgit2: https://issuetracker.google.com/issues/189629152
+  (on Android public issue tracker, requires login)
+
+Second, we now cache decrypted symlink targets in ->i_link.  Therefore,
+taking the performance hit of reading and decrypting the symlink target
+in ->getattr() wouldn't be as big a deal as it used to be, since usually
+it will just save having to do the same thing later.
+
+Also note that eCryptfs ended up having to read and decrypt symlink
+targets in ->getattr() as well, to fix this same issue; see
+commit 3a60a1686f0d ("eCryptfs: Decrypt symlink target for stat size").
+
+So, let's just bite the bullet, and read and decrypt the symlink target
+in ->getattr() in order to report the correct st_size.  Add a function
+fscrypt_symlink_getattr() which the filesystems will call to do this.
+
+(Alternatively, we could store the decrypted size of symlinks on-disk.
+But there isn't a great place to do so, and encryption is meant to hide
+the original size to some extent; that property would be lost.)
+
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20210702065350.209646-2-ebiggers@kernel.org
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/crypto/hooks.c               |   44 ++++++++++++++++++++++++++++++++++++++++
+ include/linux/fscrypt_notsupp.h |    6 +++++
+ include/linux/fscrypt_supp.h    |    1 
+ 3 files changed, 51 insertions(+)
+
+--- a/fs/crypto/hooks.c
++++ b/fs/crypto/hooks.c
+@@ -279,3 +279,47 @@ err_kfree:
+       return ERR_PTR(err);
+ }
+ EXPORT_SYMBOL_GPL(fscrypt_get_symlink);
++
++/**
++ * fscrypt_symlink_getattr() - set the correct st_size for encrypted symlinks
++ * @path: the path for the encrypted symlink being queried
++ * @stat: the struct being filled with the symlink's attributes
++ *
++ * Override st_size of encrypted symlinks to be the length of the decrypted
++ * symlink target (or the no-key encoded symlink target, if the key is
++ * unavailable) rather than the length of the encrypted symlink target.  This is
++ * necessary for st_size to match the symlink target that userspace actually
++ * sees.  POSIX requires this, and some userspace programs depend on it.
++ *
++ * This requires reading the symlink target from disk if needed, setting up the
++ * inode's encryption key if possible, and then decrypting or encoding the
++ * symlink target.  This makes lstat() more heavyweight than is normally the
++ * case.  However, decrypted symlink targets will be cached in ->i_link, so
++ * usually the symlink won't have to be read and decrypted again later if/when
++ * it is actually followed, readlink() is called, or lstat() is called again.
++ *
++ * Return: 0 on success, -errno on failure
++ */
++int fscrypt_symlink_getattr(const struct path *path, struct kstat *stat)
++{
++      struct dentry *dentry = path->dentry;
++      struct inode *inode = d_inode(dentry);
++      const char *link;
++      DEFINE_DELAYED_CALL(done);
++
++      /*
++       * To get the symlink target that userspace will see (whether it's the
++       * decrypted target or the no-key encoded target), we can just get it in
++       * the same way the VFS does during path resolution and readlink().
++       */
++      link = READ_ONCE(inode->i_link);
++      if (!link) {
++              link = inode->i_op->get_link(dentry, inode, &done);
++              if (IS_ERR(link))
++                      return PTR_ERR(link);
++      }
++      stat->size = strlen(link);
++      do_delayed_call(&done);
++      return 0;
++}
++EXPORT_SYMBOL_GPL(fscrypt_symlink_getattr);
+--- a/include/linux/fscrypt_notsupp.h
++++ b/include/linux/fscrypt_notsupp.h
+@@ -234,4 +234,10 @@ static inline const char *fscrypt_get_sy
+       return ERR_PTR(-EOPNOTSUPP);
+ }
++static inline int fscrypt_symlink_getattr(const struct path *path,
++                                        struct kstat *stat)
++{
++      return -EOPNOTSUPP;
++}
++
+ #endif        /* _LINUX_FSCRYPT_NOTSUPP_H */
+--- a/include/linux/fscrypt_supp.h
++++ b/include/linux/fscrypt_supp.h
+@@ -231,5 +231,6 @@ extern int __fscrypt_encrypt_symlink(str
+ extern const char *fscrypt_get_symlink(struct inode *inode, const void *caddr,
+                                      unsigned int max_size,
+                                      struct delayed_call *done);
++int fscrypt_symlink_getattr(const struct path *path, struct kstat *stat);
+ #endif        /* _LINUX_FSCRYPT_SUPP_H */
index 091c6c162db5605776b0b911d72da3926a9186c0..bc58a5aed777b6e89d0502a8a6229329dcd6549b 100644 (file)
@@ -105,3 +105,7 @@ net-sched-fix-qdisc_rate_table-refcount-leak-when-ge.patch
 net-qualcomm-fix-qca7000-checksum-handling.patch
 ipv4-fix-endianness-issue-in-inet_rtm_getroute_build.patch
 netns-protect-netns-id-lookups-with-rcu.patch
+fscrypt-add-fscrypt_symlink_getattr-for-computing-st_size.patch
+ext4-report-correct-st_size-for-encrypted-symlinks.patch
+f2fs-report-correct-st_size-for-encrypted-symlinks.patch
+ubifs-report-correct-st_size-for-encrypted-symlinks.patch
diff --git a/queue-4.19/ubifs-report-correct-st_size-for-encrypted-symlinks.patch b/queue-4.19/ubifs-report-correct-st_size-for-encrypted-symlinks.patch
new file mode 100644 (file)
index 0000000..610bb83
--- /dev/null
@@ -0,0 +1,58 @@
+From foo@baz Mon Sep 13 11:31:12 AM CEST 2021
+From: Eric Biggers <ebiggers@kernel.org>
+Date: Wed,  8 Sep 2021 14:50:33 -0700
+Subject: ubifs: report correct st_size for encrypted symlinks
+To: stable@vger.kernel.org
+Cc: linux-fscrypt@vger.kernel.org, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-mtd@lists.infradead.org
+Message-ID: <20210908215033.1122580-5-ebiggers@kernel.org>
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit 064c734986011390b4d111f1a99372b7f26c3850 upstream.
+
+The stat() family of syscalls report the wrong size for encrypted
+symlinks, which has caused breakage in several userspace programs.
+
+Fix this by calling fscrypt_symlink_getattr() after ubifs_getattr() for
+encrypted symlinks.  This function computes the correct size by reading
+and decrypting the symlink target (if it's not already cached).
+
+For more details, see the commit which added fscrypt_symlink_getattr().
+
+Fixes: ca7f85be8d6c ("ubifs: Add support for encrypted symlinks")
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20210702065350.209646-5-ebiggers@kernel.org
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ubifs/file.c |   12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+--- a/fs/ubifs/file.c
++++ b/fs/ubifs/file.c
+@@ -1642,6 +1642,16 @@ static const char *ubifs_get_link(struct
+       return fscrypt_get_symlink(inode, ui->data, ui->data_len, done);
+ }
++static int ubifs_symlink_getattr(const struct path *path, struct kstat *stat,
++                               u32 request_mask, unsigned int query_flags)
++{
++      ubifs_getattr(path, stat, request_mask, query_flags);
++
++      if (IS_ENCRYPTED(d_inode(path->dentry)))
++              return fscrypt_symlink_getattr(path, stat);
++      return 0;
++}
++
+ const struct address_space_operations ubifs_file_address_operations = {
+       .readpage       = ubifs_readpage,
+       .writepage      = ubifs_writepage,
+@@ -1669,7 +1679,7 @@ const struct inode_operations ubifs_file
+ const struct inode_operations ubifs_symlink_inode_operations = {
+       .get_link    = ubifs_get_link,
+       .setattr     = ubifs_setattr,
+-      .getattr     = ubifs_getattr,
++      .getattr     = ubifs_symlink_getattr,
+ #ifdef CONFIG_UBIFS_FS_XATTR
+       .listxattr   = ubifs_listxattr,
+ #endif