On Thu, May 27, 2021 at 04:52:36PM -0700, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@xxxxxxxxxx>
>
> When initializing a no-key name, fscrypt_fname_disk_to_usr() sets the
> minor_hash to 0 if the (major) hash is 0.
>
> This doesn't make sense because 0 is a valid hash code, so we shouldn't
> ignore the filesystem-provided minor_hash in that case. Fix this by
> removing the special case for 'hash == 0'.
>
> This is an old bug that appears to have originated when the encryption
> code in ext4 and f2fs was moved into fs/crypto/. The original ext4 and
> f2fs code passed the hash by pointer instead of by value. So
> 'if (hash)' actually made sense then, as it was checking whether a
> pointer was NULL. But now the hashes are passed by value, and
> filesystems just pass 0 for any hashes they don't have. There is no
> need to handle this any differently from the hashes actually being 0.
>
> It is difficult to reproduce this bug, as it only made a difference in
> the case where a filename's 32-bit major hash happened to be 0.
> However, it probably had the largest chance of causing problems on
> ubifs, since ubifs uses minor_hash to do lookups of no-key names, in
> addition to using it as a readdir cookie. ext4 only uses minor_hash as
> a readdir cookie, and f2fs doesn't use minor_hash at all.
>
> Fixes: 0b81d0779072 ("fs crypto: move per-file encryption from f2fs tree to fs/crypto")
> Cc: <stable@xxxxxxxxxxxxxxx> # v4.6+
> Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
> ---
> fs/crypto/fname.c | 10 +++-------
> 1 file changed, 3 insertions(+), 7 deletions(-)
>
Applied to fscrypt.git#master for 5.14.
- Eric
