android_kernel_xiaomi_sm8350/include
Eric Biggers 228a4203d8 fscrypt: add fscrypt_symlink_getattr() for computing st_size
commit d18760560593e5af921f51a8c9b64b6109d634c2 upstream.

Add a helper function fscrypt_symlink_getattr() which will be called
from the various filesystems' ->getattr() methods to read and decrypt
the target of encrypted symlinks in order to report the correct st_size.

Detailed explanation:

As required by POSIX and as documented in various man pages, st_size for
a symlink is supposed to be the length of the symlink target.
Unfortunately, st_size has always been wrong for encrypted symlinks
because st_size is populated from i_size from disk, which intentionally
contains the length of the encrypted symlink target.  That's slightly
greater than the length of the decrypted symlink target (which is the
symlink target that userspace usually sees), and usually won't match the
length of the no-key encoded symlink target either.

This hadn't been fixed yet because reporting the correct st_size would
require reading the symlink target from disk and decrypting or encoding
it, which historically has been considered too heavyweight to do in
->getattr().  Also historically, the wrong st_size had only broken a
test (LTP lstat03) and there were no known complaints from real users.
(This is probably because the st_size of symlinks isn't used too often,
and when it is, typically it's for a hint for what buffer size to pass
to readlink() -- which a slightly-too-large size still works for.)

However, a couple things have changed now.  First, there have recently
been complaints about the current behavior from real users:

- Breakage in rpmbuild:
  https://github.com/rpm-software-management/rpm/issues/1682
  https://github.com/google/fscrypt/issues/305

- Breakage in toybox cpio:
  https://www.mail-archive.com/toybox@lists.landley.net/msg07193.html

- Breakage in libgit2: https://issuetracker.google.com/issues/189629152
  (on Android public issue tracker, requires login)

Second, we now cache decrypted symlink targets in ->i_link.  Therefore,
taking the performance hit of reading and decrypting the symlink target
in ->getattr() wouldn't be as big a deal as it used to be, since usually
it will just save having to do the same thing later.

Also note that eCryptfs ended up having to read and decrypt symlink
targets in ->getattr() as well, to fix this same issue; see
commit 3a60a1686f ("eCryptfs: Decrypt symlink target for stat size").

So, let's just bite the bullet, and read and decrypt the symlink target
in ->getattr() in order to report the correct st_size.  Add a function
fscrypt_symlink_getattr() which the filesystems will call to do this.

(Alternatively, we could store the decrypted size of symlinks on-disk.
But there isn't a great place to do so, and encryption is meant to hide
the original size to some extent; that property would be lost.)

Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210702065350.209646-2-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-09-12 08:56:38 +02:00
..
acpi ACPI: fix NULL pointer dereference 2021-08-08 09:04:08 +02:00
asm-generic vmlinux.lds.h: Handle clang's module.{c,d}tor sections 2021-08-18 08:57:04 +02:00
clocksource
crypto crypto: shash - avoid comparing pointers to exported functions under CFI 2021-07-14 16:53:13 +02:00
drm drm: Return -ENOTTY for non-drm ioctls 2021-07-28 13:31:01 +02:00
dt-bindings clk: imx8mn: Fix incorrect clock defines 2020-03-18 07:17:55 +01:00
keys certs: Add EFI_CERT_X509_GUID support for dbx entries 2021-06-30 08:47:55 -04:00
kvm
linux fscrypt: add fscrypt_symlink_getattr() for computing st_size 2021-09-12 08:56:38 +02:00
math-emu
media media: subdev: disallow ioctl for saa6588/davinci 2021-07-19 08:53:17 +02:00
misc
net psample: Add a fwd declaration for skbuff 2021-08-18 08:56:59 +02:00
pcmcia
ras
rdma RDMA/umem: Fix signature of stub ib_umem_find_best_pgsz() 2020-10-29 09:57:47 +01:00
scsi scsi: iscsi: Fix conn use after free during resets 2021-07-20 16:10:43 +02:00
soc irqchip/eznps: Fix build error for !ARC700 builds 2020-09-17 13:47:47 +02:00
sound ALSA: hda: intel-nhlt: verify config type 2021-03-09 11:09:39 +01:00
target scsi: target: core: Add cmd length set before cmd complete 2021-03-17 17:03:45 +01:00
trace afs: Fix tracepoint string placement with built-in AFS 2021-07-28 13:30:58 +02:00
uapi net: fix mistake path for netdev_features_strings 2021-07-19 08:53:11 +02:00
vdso
video
xen Xen/gntdev: correct error checking in gntdev_map_grant_pages() 2021-02-23 15:02:26 +01:00