Hi Ted, On 2016/8/28 13:13, Theodore Ts'o wrote: > On Sun, Aug 28, 2016 at 09:13:28AM +0800, Chao Yu wrote: >> From: Chao Yu <yuchao0@xxxxxxxxxx> >> >> This patch fixes to add null character at the end of encrypted filename >> in fname_encrypt, in order to avoid incorrectly traversing random data >> located after target filename. The call stack is as below: >> >> - f2fs_add_link >> - __f2fs_add_link >> - fscrypt_setup_filename >> - fscrypt_fname_alloc_buffer allocate buffer for @fname >> - fname_encrypt didn't set null character for @fname >> - f2fs_add_regular_entry init qstr with @fname >> - init_inode_metadata >> - f2fs_init_security >> - security_inode_init_security >> - selinux_inode_init_security >> - selinux_determine_inode_label >> - security_transition_sid >> - security_compute_sid >> - filename_compute_type >> - hashtab_search >> - filenametr_hash traverse @fname as one which has null character > > The problem is not in fname_encrypt(), but rather that > security_inode_init_security() should be given the _unencrypted_ > filename. > > In ext4 security_inode_init_security() is called with the qstr from > the dentry, not the encrypted qstr --- in fact we call > security_inode_init_security before we call fname_encrypt. > > SELinux needs the unencrypted filename in order to decide which > SELinux rules / labels should apply. You're right, I missed this mistake. So actually, this is a bug of f2fs. Let me figure out the fixing patch. Thanks for your review! :) Thanks, > > - Ted > -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
