On Mon, Jun 05, 2023 at 11:59:45AM -0500, Eric Sandeen wrote: > On 6/5/23 10:36 AM, Darrick J. Wong wrote: > > @@ -1205,9 +1264,9 @@ generate_obfuscated_name( > > /* Obfuscate the name (if possible) */ > > - hash = libxfs_da_hashname(name, namelen); > > - obfuscate_name(hash, namelen, name); > > - ASSERT(hash == libxfs_da_hashname(name, namelen)); > > + hash = dirattr_hashname(ino != 0, name, namelen); > > + obfuscate_name(hash, namelen, name, ino != 0); > > + ASSERT(hash == dirattr_hashname(ino != 0, name, namelen)); > > This makes sense to me - comments above here remind us that "inode == 0" > means we're obfuscating an xattr value, not a filename or path name, but ... > > > /* > > * Make sure the name is not something already seen. If we > > @@ -1320,7 +1379,7 @@ obfuscate_path_components( > > /* last (or single) component */ > > namelen = strnlen((char *)comp, len); > > hash = libxfs_da_hashname(comp, namelen); > > - obfuscate_name(hash, namelen, comp); > > + obfuscate_name(hash, namelen, comp, false); > > ASSERT(hash == libxfs_da_hashname(comp, namelen)); > > break; > > } > > @@ -1332,7 +1391,7 @@ obfuscate_path_components( > > continue; > > } > > hash = libxfs_da_hashname(comp, namelen); > > - obfuscate_name(hash, namelen, comp); > > + obfuscate_name(hash, namelen, comp, false); > > ASSERT(hash == libxfs_da_hashname(comp, namelen)); > > comp += namelen + 1; > > len -= namelen + 1; > > > > here, why is "is_dirent" false? Shouldn't a symlink path component match the > associated dirents, and be obsucated the same way? Name obfuscation replaces every byte except for the last five bytes with a random printable character, and then flips bits in those last five bytes to make the hash match. Chances are good that calling obfuscate_name() twice on the same name will return different results, which means that symlink targets won't point anywhere useful after the obfuscation. One could make metadump remember the (input -> output) pairs instead of regenerating the names every time, but this comes at a cost of higher memory consumption. I actually did this for parent pointers so that obfuscated dumped pptrs are still verifiable by xfs_repair. However, symlink targets aren't required to point to a valid path, so there doesn't seem to be much reason to add that overhead. --D > -Eric
