From: Greg Kroah-Hartman Date: Mon, 13 Sep 2021 09:33:36 +0000 (+0200) Subject: 4.19-stable patches X-Git-Tag: v5.4.146~32 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b9abfd16a63b10a47211f61f11b3822a44fada3d;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: ext4-report-correct-st_size-for-encrypted-symlinks.patch f2fs-report-correct-st_size-for-encrypted-symlinks.patch fscrypt-add-fscrypt_symlink_getattr-for-computing-st_size.patch ubifs-report-correct-st_size-for-encrypted-symlinks.patch --- diff --git a/queue-4.19/ext4-report-correct-st_size-for-encrypted-symlinks.patch b/queue-4.19/ext4-report-correct-st_size-for-encrypted-symlinks.patch new file mode 100644 index 00000000000..0d46912c3a0 --- /dev/null +++ b/queue-4.19/ext4-report-correct-st_size-for-encrypted-symlinks.patch @@ -0,0 +1,53 @@ +From foo@baz Mon Sep 13 11:31:12 AM CEST 2021 +From: Eric Biggers +Date: Wed, 8 Sep 2021 14:50:31 -0700 +Subject: ext4: report correct st_size for encrypted symlinks +To: stable@vger.kernel.org +Cc: linux-fscrypt@vger.kernel.org, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-mtd@lists.infradead.org +Message-ID: <20210908215033.1122580-3-ebiggers@kernel.org> + +From: Eric Biggers + +commit 8c4bca10ceafc43b1ca0a9fab5fa27e13cbce99e upstream. + +The stat() family of syscalls report the wrong size for encrypted +symlinks, which has caused breakage in several userspace programs. + +Fix this by calling fscrypt_symlink_getattr() after ext4_getattr() for +encrypted symlinks. This function computes the correct size by reading +and decrypting the symlink target (if it's not already cached). + +For more details, see the commit which added fscrypt_symlink_getattr(). + +Fixes: f348c252320b ("ext4 crypto: add symlink encryption") +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20210702065350.209646-3-ebiggers@kernel.org +Signed-off-by: Eric Biggers +Signed-off-by: Greg Kroah-Hartman +--- + fs/ext4/symlink.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +--- a/fs/ext4/symlink.c ++++ b/fs/ext4/symlink.c +@@ -52,10 +52,19 @@ static const char *ext4_encrypted_get_li + return paddr; + } + ++static int ext4_encrypted_symlink_getattr(const struct path *path, ++ struct kstat *stat, u32 request_mask, ++ unsigned int query_flags) ++{ ++ ext4_getattr(path, stat, request_mask, query_flags); ++ ++ return fscrypt_symlink_getattr(path, stat); ++} ++ + const struct inode_operations ext4_encrypted_symlink_inode_operations = { + .get_link = ext4_encrypted_get_link, + .setattr = ext4_setattr, +- .getattr = ext4_getattr, ++ .getattr = ext4_encrypted_symlink_getattr, + .listxattr = ext4_listxattr, + }; + diff --git a/queue-4.19/f2fs-report-correct-st_size-for-encrypted-symlinks.patch b/queue-4.19/f2fs-report-correct-st_size-for-encrypted-symlinks.patch new file mode 100644 index 00000000000..87b1cf3b091 --- /dev/null +++ b/queue-4.19/f2fs-report-correct-st_size-for-encrypted-symlinks.patch @@ -0,0 +1,52 @@ +From foo@baz Mon Sep 13 11:31:12 AM CEST 2021 +From: Eric Biggers +Date: Wed, 8 Sep 2021 14:50:32 -0700 +Subject: f2fs: report correct st_size for encrypted symlinks +To: stable@vger.kernel.org +Cc: linux-fscrypt@vger.kernel.org, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-mtd@lists.infradead.org +Message-ID: <20210908215033.1122580-4-ebiggers@kernel.org> + +From: Eric Biggers + +commit 461b43a8f92e68e96c4424b31e15f2b35f1bbfa9 upstream. + +The stat() family of syscalls report the wrong size for encrypted +symlinks, which has caused breakage in several userspace programs. + +Fix this by calling fscrypt_symlink_getattr() after f2fs_getattr() for +encrypted symlinks. This function computes the correct size by reading +and decrypting the symlink target (if it's not already cached). + +For more details, see the commit which added fscrypt_symlink_getattr(). + +Fixes: cbaf042a3cc6 ("f2fs crypto: add symlink encryption") +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20210702065350.209646-4-ebiggers@kernel.org +Signed-off-by: Eric Biggers +Signed-off-by: Greg Kroah-Hartman +--- + fs/f2fs/namei.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +--- a/fs/f2fs/namei.c ++++ b/fs/f2fs/namei.c +@@ -1219,9 +1219,18 @@ static const char *f2fs_encrypted_get_li + return target; + } + ++static int f2fs_encrypted_symlink_getattr(const struct path *path, ++ struct kstat *stat, u32 request_mask, ++ unsigned int query_flags) ++{ ++ f2fs_getattr(path, stat, request_mask, query_flags); ++ ++ return fscrypt_symlink_getattr(path, stat); ++} ++ + const struct inode_operations f2fs_encrypted_symlink_inode_operations = { + .get_link = f2fs_encrypted_get_link, +- .getattr = f2fs_getattr, ++ .getattr = f2fs_encrypted_symlink_getattr, + .setattr = f2fs_setattr, + #ifdef CONFIG_F2FS_FS_XATTR + .listxattr = f2fs_listxattr, diff --git a/queue-4.19/fscrypt-add-fscrypt_symlink_getattr-for-computing-st_size.patch b/queue-4.19/fscrypt-add-fscrypt_symlink_getattr-for-computing-st_size.patch new file mode 100644 index 00000000000..58f7567fc7a --- /dev/null +++ b/queue-4.19/fscrypt-add-fscrypt_symlink_getattr-for-computing-st_size.patch @@ -0,0 +1,148 @@ +From foo@baz Mon Sep 13 11:31:12 AM CEST 2021 +From: Eric Biggers +Date: Wed, 8 Sep 2021 14:50:30 -0700 +Subject: fscrypt: add fscrypt_symlink_getattr() for computing st_size +To: stable@vger.kernel.org +Cc: linux-fscrypt@vger.kernel.org, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-mtd@lists.infradead.org +Message-ID: <20210908215033.1122580-2-ebiggers@kernel.org> + +From: Eric Biggers + +commit d18760560593e5af921f51a8c9b64b6109d634c2 upstream. + +Add a helper function fscrypt_symlink_getattr() which will be called +from the various filesystems' ->getattr() methods to read and decrypt +the target of encrypted symlinks in order to report the correct st_size. + +Detailed explanation: + +As required by POSIX and as documented in various man pages, st_size for +a symlink is supposed to be the length of the symlink target. +Unfortunately, st_size has always been wrong for encrypted symlinks +because st_size is populated from i_size from disk, which intentionally +contains the length of the encrypted symlink target. That's slightly +greater than the length of the decrypted symlink target (which is the +symlink target that userspace usually sees), and usually won't match the +length of the no-key encoded symlink target either. + +This hadn't been fixed yet because reporting the correct st_size would +require reading the symlink target from disk and decrypting or encoding +it, which historically has been considered too heavyweight to do in +->getattr(). Also historically, the wrong st_size had only broken a +test (LTP lstat03) and there were no known complaints from real users. +(This is probably because the st_size of symlinks isn't used too often, +and when it is, typically it's for a hint for what buffer size to pass +to readlink() -- which a slightly-too-large size still works for.) + +However, a couple things have changed now. First, there have recently +been complaints about the current behavior from real users: + +- Breakage in rpmbuild: + https://github.com/rpm-software-management/rpm/issues/1682 + https://github.com/google/fscrypt/issues/305 + +- Breakage in toybox cpio: + https://www.mail-archive.com/toybox@lists.landley.net/msg07193.html + +- Breakage in libgit2: https://issuetracker.google.com/issues/189629152 + (on Android public issue tracker, requires login) + +Second, we now cache decrypted symlink targets in ->i_link. Therefore, +taking the performance hit of reading and decrypting the symlink target +in ->getattr() wouldn't be as big a deal as it used to be, since usually +it will just save having to do the same thing later. + +Also note that eCryptfs ended up having to read and decrypt symlink +targets in ->getattr() as well, to fix this same issue; see +commit 3a60a1686f0d ("eCryptfs: Decrypt symlink target for stat size"). + +So, let's just bite the bullet, and read and decrypt the symlink target +in ->getattr() in order to report the correct st_size. Add a function +fscrypt_symlink_getattr() which the filesystems will call to do this. + +(Alternatively, we could store the decrypted size of symlinks on-disk. +But there isn't a great place to do so, and encryption is meant to hide +the original size to some extent; that property would be lost.) + +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20210702065350.209646-2-ebiggers@kernel.org +Signed-off-by: Eric Biggers +Signed-off-by: Greg Kroah-Hartman +--- + fs/crypto/hooks.c | 44 ++++++++++++++++++++++++++++++++++++++++ + include/linux/fscrypt_notsupp.h | 6 +++++ + include/linux/fscrypt_supp.h | 1 + 3 files changed, 51 insertions(+) + +--- a/fs/crypto/hooks.c ++++ b/fs/crypto/hooks.c +@@ -279,3 +279,47 @@ err_kfree: + return ERR_PTR(err); + } + EXPORT_SYMBOL_GPL(fscrypt_get_symlink); ++ ++/** ++ * fscrypt_symlink_getattr() - set the correct st_size for encrypted symlinks ++ * @path: the path for the encrypted symlink being queried ++ * @stat: the struct being filled with the symlink's attributes ++ * ++ * Override st_size of encrypted symlinks to be the length of the decrypted ++ * symlink target (or the no-key encoded symlink target, if the key is ++ * unavailable) rather than the length of the encrypted symlink target. This is ++ * necessary for st_size to match the symlink target that userspace actually ++ * sees. POSIX requires this, and some userspace programs depend on it. ++ * ++ * This requires reading the symlink target from disk if needed, setting up the ++ * inode's encryption key if possible, and then decrypting or encoding the ++ * symlink target. This makes lstat() more heavyweight than is normally the ++ * case. However, decrypted symlink targets will be cached in ->i_link, so ++ * usually the symlink won't have to be read and decrypted again later if/when ++ * it is actually followed, readlink() is called, or lstat() is called again. ++ * ++ * Return: 0 on success, -errno on failure ++ */ ++int fscrypt_symlink_getattr(const struct path *path, struct kstat *stat) ++{ ++ struct dentry *dentry = path->dentry; ++ struct inode *inode = d_inode(dentry); ++ const char *link; ++ DEFINE_DELAYED_CALL(done); ++ ++ /* ++ * To get the symlink target that userspace will see (whether it's the ++ * decrypted target or the no-key encoded target), we can just get it in ++ * the same way the VFS does during path resolution and readlink(). ++ */ ++ link = READ_ONCE(inode->i_link); ++ if (!link) { ++ link = inode->i_op->get_link(dentry, inode, &done); ++ if (IS_ERR(link)) ++ return PTR_ERR(link); ++ } ++ stat->size = strlen(link); ++ do_delayed_call(&done); ++ return 0; ++} ++EXPORT_SYMBOL_GPL(fscrypt_symlink_getattr); +--- a/include/linux/fscrypt_notsupp.h ++++ b/include/linux/fscrypt_notsupp.h +@@ -234,4 +234,10 @@ static inline const char *fscrypt_get_sy + return ERR_PTR(-EOPNOTSUPP); + } + ++static inline int fscrypt_symlink_getattr(const struct path *path, ++ struct kstat *stat) ++{ ++ return -EOPNOTSUPP; ++} ++ + #endif /* _LINUX_FSCRYPT_NOTSUPP_H */ +--- a/include/linux/fscrypt_supp.h ++++ b/include/linux/fscrypt_supp.h +@@ -231,5 +231,6 @@ extern int __fscrypt_encrypt_symlink(str + extern const char *fscrypt_get_symlink(struct inode *inode, const void *caddr, + unsigned int max_size, + struct delayed_call *done); ++int fscrypt_symlink_getattr(const struct path *path, struct kstat *stat); + + #endif /* _LINUX_FSCRYPT_SUPP_H */ diff --git a/queue-4.19/series b/queue-4.19/series index 091c6c162db..bc58a5aed77 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -105,3 +105,7 @@ net-sched-fix-qdisc_rate_table-refcount-leak-when-ge.patch net-qualcomm-fix-qca7000-checksum-handling.patch ipv4-fix-endianness-issue-in-inet_rtm_getroute_build.patch netns-protect-netns-id-lookups-with-rcu.patch +fscrypt-add-fscrypt_symlink_getattr-for-computing-st_size.patch +ext4-report-correct-st_size-for-encrypted-symlinks.patch +f2fs-report-correct-st_size-for-encrypted-symlinks.patch +ubifs-report-correct-st_size-for-encrypted-symlinks.patch diff --git a/queue-4.19/ubifs-report-correct-st_size-for-encrypted-symlinks.patch b/queue-4.19/ubifs-report-correct-st_size-for-encrypted-symlinks.patch new file mode 100644 index 00000000000..610bb83d506 --- /dev/null +++ b/queue-4.19/ubifs-report-correct-st_size-for-encrypted-symlinks.patch @@ -0,0 +1,58 @@ +From foo@baz Mon Sep 13 11:31:12 AM CEST 2021 +From: Eric Biggers +Date: Wed, 8 Sep 2021 14:50:33 -0700 +Subject: ubifs: report correct st_size for encrypted symlinks +To: stable@vger.kernel.org +Cc: linux-fscrypt@vger.kernel.org, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-mtd@lists.infradead.org +Message-ID: <20210908215033.1122580-5-ebiggers@kernel.org> + +From: Eric Biggers + +commit 064c734986011390b4d111f1a99372b7f26c3850 upstream. + +The stat() family of syscalls report the wrong size for encrypted +symlinks, which has caused breakage in several userspace programs. + +Fix this by calling fscrypt_symlink_getattr() after ubifs_getattr() for +encrypted symlinks. This function computes the correct size by reading +and decrypting the symlink target (if it's not already cached). + +For more details, see the commit which added fscrypt_symlink_getattr(). + +Fixes: ca7f85be8d6c ("ubifs: Add support for encrypted symlinks") +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20210702065350.209646-5-ebiggers@kernel.org +Signed-off-by: Eric Biggers +Signed-off-by: Greg Kroah-Hartman +--- + fs/ubifs/file.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +--- a/fs/ubifs/file.c ++++ b/fs/ubifs/file.c +@@ -1642,6 +1642,16 @@ static const char *ubifs_get_link(struct + return fscrypt_get_symlink(inode, ui->data, ui->data_len, done); + } + ++static int ubifs_symlink_getattr(const struct path *path, struct kstat *stat, ++ u32 request_mask, unsigned int query_flags) ++{ ++ ubifs_getattr(path, stat, request_mask, query_flags); ++ ++ if (IS_ENCRYPTED(d_inode(path->dentry))) ++ return fscrypt_symlink_getattr(path, stat); ++ return 0; ++} ++ + const struct address_space_operations ubifs_file_address_operations = { + .readpage = ubifs_readpage, + .writepage = ubifs_writepage, +@@ -1669,7 +1679,7 @@ const struct inode_operations ubifs_file + const struct inode_operations ubifs_symlink_inode_operations = { + .get_link = ubifs_get_link, + .setattr = ubifs_setattr, +- .getattr = ubifs_getattr, ++ .getattr = ubifs_symlink_getattr, + #ifdef CONFIG_UBIFS_FS_XATTR + .listxattr = ubifs_listxattr, + #endif