kernel/linux.git/fs/ceph/crypto.c, branch v6.18.22

ceph: fix oops due to invalid pointer for kfree() in parse_longname()

2026-02-11T12:41:42+00:00

commit bc8dedae022ce3058659c3addef3ec4b41d15e00 upstream. This fixes a kernel oops when reading ceph snapshot directories (.snap), for example by simply running `ls /mnt/my_ceph/.snap`. The variable str is guarded by __free(kfree), but advanced by one for skipping the initial '_' in snapshot names. Thus, kfree() is called with an invalid pointer. This patch removes the need for advancing the pointer so kfree() is called with correct memory pointer. Steps to reproduce: 1. Create snapshots on a cephfs volume (I've 63 snaps in my testcase) 2. Add cephfs mount to fstab $ echo "samba-fileserver@.files=/volumes/datapool/stuff/3461082b-ecc9-4e82-8549-3fd2590d3fb6 /mnt/test/stuff ceph acl,noatime,_netdev 0 0" >> /etc/fstab 3. Reboot the system $ systemctl reboot 4. Check if it's really mounted $ mount | grep stuff 5. List snapshots (expected 63 snapshots on my system) $ ls /mnt/test/stuff/.snap Now ls hangs forever and the kernel log shows the oops. Cc: stable@vger.kernel.org Fixes: 101841c38346 ("[ceph] parse_longname(): strrchr() expects NUL-terminated string") Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220807 Suggested-by: Helge Deller Signed-off-by: Daniel Vogelbacher Reviewed-by: Viacheslav Dubeyko Signed-off-by: Ilya Dryomov Signed-off-by: Greg Kroah-Hartman

ceph: move crypt info pointer to fs-specific part of inode

2025-08-21T11:58:07+00:00

Move the fscrypt_inode_info pointer into the filesystem-specific part of the inode by adding the field ceph_inode_info::i_crypt_info and configuring fscrypt_operations::inode_info_offs accordingly. This is a prerequisite for a later commit that removes inode::i_crypt_info, saving memory and improving cache efficiency with filesystems that don't support fscrypt. Co-developed-by: Christian Brauner Signed-off-by: Eric Biggers Link: https://lore.kernel.org/20250810075706.172910-7-ebiggers@kernel.org Signed-off-by: Christian Brauner

Merge tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/linux

2025-07-29T01:07:38+00:00

Pull fscrypt updates from Eric Biggers: "Simplify how fscrypt uses the crypto API, resulting in some significant performance improvements: - Drop the incomplete and problematic support for asynchronous algorithms. These drivers are bug-prone, and it turns out they are actually much slower than the CPU-based code as well. - Allocate crypto requests on the stack instead of the heap. This improves encryption and decryption performance, especially for filenames. This also eliminates a point of failure during I/O" * tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/linux: ceph: Remove gfp_t argument from ceph_fscrypt_encrypt_*() fscrypt: Remove gfp_t argument from fscrypt_encrypt_block_inplace() fscrypt: Remove gfp_t argument from fscrypt_crypt_data_unit() fscrypt: Switch to sync_skcipher and on-stack requests fscrypt: Drop FORBID_WEAK_KEYS flag for AES-ECB fscrypt: Don't use asynchronous CryptoAPI algorithms fscrypt: Don't use problematic non-inline crypto engines fscrypt: Drop obsolete recommendation to enable optimized SHA-512 fscrypt: Explicitly include

ceph: Remove gfp_t argument from ceph_fscrypt_encrypt_*()

2025-07-10T19:33:17+00:00

This argument is no longer used, so remove it. Reviewed-by: Alex Markuze Link: https://lore.kernel.org/r/20250710060754.637098-7-ebiggers@kernel.org Signed-off-by: Eric Biggers

fscrypt: Remove gfp_t argument from fscrypt_encrypt_block_inplace()

2025-07-10T19:33:13+00:00

This argument is no longer used, so remove it. Reviewed-by: Alex Markuze Link: https://lore.kernel.org/r/20250710060754.637098-6-ebiggers@kernel.org Signed-off-by: Eric Biggers

ceph: fix a race with rename() in ceph_mdsc_build_path()

2025-06-17T21:58:14+00:00

Lift copying the name into callers of ceph_encode_encrypted_dname() that do not have it already copied; ceph_encode_encrypted_fname() disappears. That fixes a UAF in ceph_mdsc_build_path() - while the initial copy of plaintext into buf is done under ->d_lock, we access the original name again in ceph_encode_encrypted_fname() and that is done without any locking. With ceph_encode_encrypted_dname() using the stable copy the problem goes away. Tested-by: Viacheslav Dubeyko Reviewed-by: Viacheslav Dubeyko Signed-off-by: Al Viro

prep for ceph_encode_encrypted_fname() fixes

2025-06-17T21:57:49+00:00

ceph_encode_encrypted_dname() would be better off with plaintext name already copied into buffer; we'll lift that into the callers on the next step, which will allow to fix UAF on races with rename; for now copy it in the very beginning of ceph_encode_encrypted_dname(). That has a pleasant side benefit - we don't need to mess with tmp_buf anymore (i.e. that's 256 bytes off the stack footprint). Tested-by: Viacheslav Dubeyko Reviewed-by: Viacheslav Dubeyko Signed-off-by: Al Viro

[ceph] parse_longname(): strrchr() expects NUL-terminated string

2025-06-17T21:57:14+00:00

... and parse_longname() is not guaranteed that. That's the reason why it uses kmemdup_nul() to build the argument for kstrtou64(); the problem is, kstrtou64() is not the only thing that need it. Just get a NUL-terminated copy of the entire thing and be done with that... Fixes: dd66df0053ef "ceph: add support for encrypted snapshot names" Tested-by: Viacheslav Dubeyko Reviewed-by: Viacheslav Dubeyko Signed-off-by: Al Viro

Merge tag 'ceph-for-6.7-rc1' of https://github.com/ceph/ceph-client

2023-11-10T17:52:56+00:00

Pull ceph updates from Ilya Dryomov: - support for idmapped mounts in CephFS (Christian Brauner, Alexander Mikhalitsyn). The series was originally developed by Christian and later picked up and brought over the finish line by Alexander, who also contributed an enabler on the MDS side (separate owner_{u,g}id fields on the wire). The required exports for mnt_idmap_{get,put}() in VFS have been acked by Christian and received no objection from Christoph. - a churny change in CephFS logging to include cluster and client identifiers in log and debug messages (Xiubo Li). This would help in scenarios with dozens of CephFS mounts on the same node which are getting increasingly common, especially in the Kubernetes world. * tag 'ceph-for-6.7-rc1' of https://github.com/ceph/ceph-client: ceph: allow idmapped mounts ceph: allow idmapped atomic_open inode op ceph: allow idmapped set_acl inode op ceph: allow idmapped setattr inode op ceph: pass idmap to __ceph_setattr ceph: allow idmapped permission inode op ceph: allow idmapped getattr inode op ceph: pass an idmapping to mknod/symlink/mkdir ceph: add enable_unsafe_idmap module parameter ceph: handle idmapped mounts in create_request_message() ceph: stash idmapping in mdsc request fs: export mnt_idmap_get/mnt_idmap_put libceph, ceph: move mdsmap.h to fs/ceph ceph: print cluster fsid and client global_id in all debug logs ceph: rename _to_client() to _to_fs_client() ceph: pass the mdsc to several helpers libceph: add doutc and *_client debug macros support

ceph: pass idmap to __ceph_setattr

2023-11-03T22:28:34+00:00

Just pass down the mount's idmapping to __ceph_setattr, because we will need it later. Signed-off-by: Alexander Mikhalitsyn Acked-by: Christian Brauner Reviewed-by: Xiubo Li Signed-off-by: Ilya Dryomov