Re: [for-linus][PATCH 1/3] eventfs: Have the inodes all for files and directories all be the same

From: Steven Rostedt
Date: Mon Jan 22 2024 - 13:19:51 EST

Next message: Conor Dooley: "Re: [PATCH v12 1/2] dt-bindings: adc: add AD7173"
Previous message: Han Xu: "RE: [PATCH 2/2] dt-bindings: spi: nxp-fspi: support i.MX93 and i.MX95"
In reply to: Mathieu Desnoyers: "Re: [for-linus][PATCH 1/3] eventfs: Have the inodes all for files and directories all be the same"
Next in thread: Mathieu Desnoyers: "Re: [for-linus][PATCH 1/3] eventfs: Have the inodes all for files and directories all be the same"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 22 Jan 2024 12:14:36 -0500
Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx> wrote:

>
> Why use an improvised hashing function (re-purposed from
> scripts/kconfig/symbol.c to a use-case which is exposed through a

That hash is just salt to the real hash function, which is the
siphash_1u32(). I added the name hash so that each file will get a little
different salt to the hash.

The siphash_1u32() is what the rest of the kernel uses for hashing kernel
address space.

> userspace ABI prone to kernel address leaks) rather than simply
> reserving values by setting bits in a bitmap ?
>
> How many inodes do we realistically expect to have there ?

If I only do directories, it is actually significantly less.

>
> On my 6.1.0 kernel:
>
> find /sys/kernel/tracing | wc -l
> 15598
>
> (mainly due to TRACE_EVENT ABI files)
>
> Hashing risks:
>
> - Exposing kernel addresses if the hashing algorithm is broken,

Well this was my biggest concern, but if I truncate at least a nibble, with
the unique salt to the algorithm for each file, how easily does that expose
kernel addresses.

The ei itself, is created from kmalloc() so you would at best get a heap
address. But with the missing nibble (if I mask it with ((1 << 28) - 1),
and much more taken away for 64 bit systems), and the added unique salt, is
it possible for this to expose anything that could be used in an attack?

> - Collisions if users are unlucky (which could trigger those
> 'find' errors).
>
> Those 15598 inode values fit within a single page (bitmap of
> 1922 bytes).
>
> So I would recommend simply adding a bitmap per tracefs filesystem
> instance to keep track of inode number allocation.

And how do I recover this bit after the inode is freed, but then referenced
again?

>
> Creation/removal of files/directories in tracefs should not be
> a fast-path anyway, so who cares about the speed of a find first
> bit within a single page ?
>

When an inode is no longer referenced, it is freed. When it is referenced
again, I want it to be recreated with the same inode number it had
previously. How would having a bitmask help with that? I need a way to map
an ei structure with a unique number without adding another 4 bytes to the
structure itself.

-- Steve

Next message: Conor Dooley: "Re: [PATCH v12 1/2] dt-bindings: adc: add AD7173"
Previous message: Han Xu: "RE: [PATCH 2/2] dt-bindings: spi: nxp-fspi: support i.MX93 and i.MX95"
In reply to: Mathieu Desnoyers: "Re: [for-linus][PATCH 1/3] eventfs: Have the inodes all for files and directories all be the same"
Next in thread: Mathieu Desnoyers: "Re: [for-linus][PATCH 1/3] eventfs: Have the inodes all for files and directories all be the same"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]