From nobody Mon Jun 8 19:46:25 2026 Received: from mail-oa1-f43.google.com (mail-oa1-f43.google.com [209.85.160.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EF394317158 for ; Wed, 27 May 2026 02:59:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.43 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779850762; cv=none; b=oqxE0DFn5EX7PnO1TsmvY3b6Et2CEYV+QsYxUBzaoIIe6BugM6UQo5sCNnj+9scWO2ZuOWNyXLGaOXEA3FBO9hopfejti+PnjElmYNIRQ4cYXShBZr1KwrFcfdlLrVuFDOn/uudo82Rfm9PQq4WrQxIezdVYgu47QixduNGh6g4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779850762; c=relaxed/simple; bh=ENW+Jh9GjVaADer3GH8/vF16gW2KGubnHMr5bU7vLTI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gaTuar75qoxk65tzYHgi1t2K/awAMM8N13CDdppH9PjN4aC365RfueD4NHmj73OBhyHiiI4mXi3lexdnaz5Up40mMg/mnkrEFGWo4oWxZMO74ebioWyiSYHemM6jbLwungRPrjdXpeowg3E30+UY4zceDXeiMMXlyutOIu1+7tY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=nc7qg8Wn; arc=none smtp.client-ip=209.85.160.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="nc7qg8Wn" Received: by mail-oa1-f43.google.com with SMTP id 586e51a60fabf-43bf94534a1so882481fac.2 for ; Tue, 26 May 2026 19:59:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1779850760; x=1780455560; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=t2HVx0cIWNPm75Mm5KDsYNcRwTeRpFNb85G0UNLDiN0=; b=nc7qg8Wn+O5TgItM2FLMBtYEDRZCuiBRSHmFkYTps/Xb0+/eqx0lN4q2U5442HLElT nYOEmgaQIWmupguT69Xsh7/6cvVV2sCSDIFB0T5Y3ecQ8SzDsw/akM5b0QqJevdTE9iu 4RtDSnJmeiF85H2/H/4CavMHjab1saAXNqr2aiVaniV9jxBtwNOdsRWIcNivz9PccLSq YuTHv/YAUo/hhwbEnG6hKV5QazhqrviQtwmlI2s3CsLcqm3fDsCvxKqApUOKtZjzC5qI iA99ZwGzaLGfZMerEn9WBNglcQssJWFVdzScBLp0pJZm6CnErdLpoqtVckg360DClY0R TiUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779850760; x=1780455560; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=t2HVx0cIWNPm75Mm5KDsYNcRwTeRpFNb85G0UNLDiN0=; b=AimOlDJxVsargcXfIMHE3lEGerc3Z4rev2KrGYo5L5Ko4Q6fOP/h4xbVBwU//QcKOl WqW8ZH2FiJqgf9FPAjZ9c7t4UOgX66PQjurak1XEJDxBDEQQPVIwVb9ZmjFLE2tQmnKh afPP0Cdvt03Kz2g89PE2q1daaF3sMzd00Zlytv42NQAY7px8UQABfN8qVcP9SOUwJSFt q4LO12460znSQpUryqI/jbEkErzY4AVXEjupIFuBhYx/6iZ/kzEhRQ7beE+eJ8pp5DGh /rSgeGqOE2QB0H215lgQWTIBrS1H+mJu8mWxtpcXKMijsdI2OwWQtte6LvySlERKnPZY kcPw== X-Forwarded-Encrypted: i=1; AFNElJ8PfNRDWFZgknPnuTyv7GQpqQ9RYVfpXs8NTEGXn80UxySfoMwaeMr/34FnO6r3X8ZdA5bl/tGR/0wLdd8=@vger.kernel.org X-Gm-Message-State: AOJu0YwhsM3IsEXvbzCF7Xes5eFoX0ZFUK4M6NDnRdsL2bLGBg3bUPbi wNXzex9sIQKER8kC1Py+u6Dh5cIs7UJHvVAKcv7YAPve8ppLnUwox9VJ X-Gm-Gg: Acq92OFkPwZlyvhFBqivDumxVmCEx/qmelFauxQhYU/7sAOl3tLXuBHkdvC2Jjhrndp N2UVAHYyQvxme6o6Au0iLAIsIdypZACGCbktk4e4691tSiO/2kx5EfdPJVL8fScadLylXm8KeDm xr0LOn81+G12PMxS6ApCzosY6HSKQ0+o2rOrAqeqODIV3KR5YhYL8CQRyZuRk/7GtY+ms+xwb6+ QstnzcElrGnpjtYiiMKd3LX1eezOUrR0XmfTxMrV2DKWf5EBUjgxZ0ZN7fCjVrBZfBYW9pPlotG q805Lz2bc5gxCSc0PgZI0sCvN1tPBFA19THTGpjVp2byoIFS4NR5m7xx4FrcJ/tCHRwf7QsBpWo CH88vOIV3pym19TWdex3vCZfTmWBprg8qYhrzVCFXRLoHtVRckBbz/bPeWo6SXHf+xtazroiZPp a03Se4mApLLPw6RqPQ0SGU3wk8sMppW12wqtNhdzXWyeSkcDXmTS14wTJj+80jl9vUPqmKag== X-Received: by 2002:a05:687c:20b:b0:43b:5d42:ac34 with SMTP id 586e51a60fabf-43b5d4c15c3mr9548737fac.36.1779850759891; Tue, 26 May 2026 19:59:19 -0700 (PDT) Received: from localhost (static-23-234-115-121.cust.tzulo.com. [23.234.115.121]) by smtp.gmail.com with UTF8SMTPSA id 586e51a60fabf-43b63976dacsm14863732fac.11.2026.05.26.19.59.18 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 26 May 2026 19:59:19 -0700 (PDT) From: Sam Edwards X-Google-Original-From: Sam Edwards To: Ilya Dryomov , Alex Markuze , Viacheslav Dubeyko Cc: Jeff Layton , Xiubo Li , Milind Changire , ceph-devel@vger.kernel.org, linux-kernel@vger.kernel.org, Sam Edwards Subject: [PATCH 1/2] ceph: pass fscrypt `tname` buffers directly Date: Tue, 26 May 2026 19:58:27 -0700 Message-ID: <20260527025828.5966-2-CFSworks@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260527025828.5966-1-CFSworks@gmail.com> References: <20260527025828.5966-1-CFSworks@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" ceph_fname_to_usr() needs a temporary buffer for some operations (currently only base64-decoding ciphertext) and it is convenient to allow the caller to specify this buffer to avoid a heap allocation, so it has a (nullable) `tname` argument. Until now, this argument was a `struct fscrypt_str`; however, this is unnecessary for two reasons: 1. `tname->len` isn't used anywhere: ceph_fname_to_usr() assumes a buffer large enough to hold the ciphertext, and parse_reply_info_readdir() -- the only caller to use tname -- doesn't set it. 2. While the `tname` parameter is documented "may be NULL," parse_reply_info_readdir() always passes it but with `tname->name` sometimes NULL in violation of the contract, indicating that the unnecessary container creates actual confusion. Therefore, change the type to `unsigned char *` and pass the buffer directly. Signed-off-by: Sam Edwards --- fs/ceph/crypto.c | 10 +++++----- fs/ceph/crypto.h | 4 ++-- fs/ceph/mds_client.c | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/fs/ceph/crypto.c b/fs/ceph/crypto.c index 64d240759277..7515cb251226 100644 --- a/fs/ceph/crypto.c +++ b/fs/ceph/crypto.c @@ -300,7 +300,7 @@ int ceph_encode_encrypted_dname(struct inode *parent, c= har *buf, int elen) * * Returns 0 on success or negative error code on error. */ -int ceph_fname_to_usr(const struct ceph_fname *fname, struct fscrypt_str *= tname, +int ceph_fname_to_usr(const struct ceph_fname *fname, unsigned char *tname, struct fscrypt_str *oname, bool *is_nokey) { struct inode *dir =3D fname->dir; @@ -357,16 +357,16 @@ int ceph_fname_to_usr(const struct ceph_fname *fname,= struct fscrypt_str *tname, ret =3D fscrypt_fname_alloc_buffer(NAME_MAX, &_tname); if (ret) goto out_inode; - tname =3D &_tname; + tname =3D _tname.name; } =20 - declen =3D base64_decode(name, name_len, - tname->name, false, BASE64_IMAP); + declen =3D base64_decode(name, name_len, tname, false, + BASE64_IMAP); if (declen <=3D 0) { ret =3D -EIO; goto out; } - iname.name =3D tname->name; + iname.name =3D tname; iname.len =3D declen; } else { iname.name =3D fname->ctext; diff --git a/fs/ceph/crypto.h b/fs/ceph/crypto.h index b748e2060bc9..79cb563fd887 100644 --- a/fs/ceph/crypto.h +++ b/fs/ceph/crypto.h @@ -115,7 +115,7 @@ static inline void ceph_fname_free_buffer(struct inode = *parent, fscrypt_fname_free_buffer(fname); } =20 -int ceph_fname_to_usr(const struct ceph_fname *fname, struct fscrypt_str *= tname, +int ceph_fname_to_usr(const struct ceph_fname *fname, unsigned char *tname, struct fscrypt_str *oname, bool *is_nokey); int ceph_fscrypt_prepare_readdir(struct inode *dir); =20 @@ -204,7 +204,7 @@ static inline void ceph_fname_free_buffer(struct inode = *parent, } =20 static inline int ceph_fname_to_usr(const struct ceph_fname *fname, - struct fscrypt_str *tname, + unsigned char *tname, struct fscrypt_str *oname, bool *is_nokey) { oname->name =3D fname->name; diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c index ed17e0023705..aa6730b48e97 100644 --- a/fs/ceph/mds_client.c +++ b/fs/ceph/mds_client.c @@ -488,11 +488,11 @@ static int parse_reply_info_readdir(void **p, void *e= nd, struct inode *inode =3D d_inode(req->r_dentry); struct ceph_inode_info *ci =3D ceph_inode(inode); struct ceph_mds_reply_dir_entry *rde =3D info->dir_entries + i; - struct fscrypt_str tname =3D FSTR_INIT(NULL, 0); struct fscrypt_str oname =3D FSTR_INIT(NULL, 0); struct ceph_fname fname; u32 altname_len, _name_len; u8 *altname, *_name; + u8 *tname =3D NULL; =20 /* dentry */ ceph_decode_32_safe(p, end, _name_len, bad); @@ -540,7 +540,7 @@ static int parse_reply_info_readdir(void **p, void *end, * always be shorter, which is 3/4 of origin * string. */ - tname.name =3D _name; + tname =3D _name; =20 /* * Set oname to _name too, and this will be @@ -557,7 +557,7 @@ static int parse_reply_info_readdir(void **p, void *end, oname.len =3D altname_len; } rde->is_nokey =3D false; - err =3D ceph_fname_to_usr(&fname, &tname, &oname, &rde->is_nokey); + err =3D ceph_fname_to_usr(&fname, tname, &oname, &rde->is_nokey); if (err) { pr_err_client(cl, "unable to decode %.*s, got %d\n", _name_len, _name, err); --=20 2.53.0 From nobody Mon Jun 8 19:46:25 2026 Received: from mail-oi1-f170.google.com (mail-oi1-f170.google.com [209.85.167.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3F43F378838 for ; Wed, 27 May 2026 02:59:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779850765; cv=none; b=ht6/jQvgBVJhs4BIbZ1rblH2XZHfSMuQR6VauUB5JfLIqKoKmYvyUHB5l82iRnadIOss5YFyK85aIXxjBPTRTFX88WnjLRdUxgVUPVKvLOWi770qp8NLHoqEO954uCTZ70/N8XD+/z3RGh5Mf57vPB8wWJxsgKYzyjiV4qvtE+w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779850765; c=relaxed/simple; bh=kjicujkA5E7r76arGyOQ0yL2KoWTZqaFbfby1uBLO1Y=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=hkpI/dgGnBlk5SYlf1x9R1o4ANZ/9EgXu1jqB8S0R129rDmUDbq+RJdTXs2wkCu6kyoARxnC+tUdVsWSwXF2LUGjRyZ200wf3vNvuUN+MXdnEBcrXpxlB4WnSCoKCXwVZBDtuGNpMFv1w4Flsr4BOjSHP3rX7pdIBQ5k8h8n6nk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=UysuvIhR; arc=none smtp.client-ip=209.85.167.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="UysuvIhR" Received: by mail-oi1-f170.google.com with SMTP id 5614622812f47-484df1dce93so7531002b6e.2 for ; Tue, 26 May 2026 19:59:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1779850762; x=1780455562; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Zegv+ZZxpEC4mW2h/ysZZnf1Sps69/IlZUIElRjQ8+k=; b=UysuvIhRG5IcrkrkpEDoV7+WWk473J0TvePpbTuLr4pyCyi3y+WiFjewZzZyIaC7E2 eTpnoPuO2p644Z4CtwWcpeZWfXP63vY3rCyz+sK8DUYhBgK9yCFT394aTpsDDivGCWyi 94AIkY7STXGsywlqEia4Gp3RSsj4iJmeXGffnHQqFJh8Upz6r2eEFDAVJNjc9LeLFmA8 4UWvlBoJbNTQLwNymFdBcEN6aykfLIwxaWDtU1PoI1E7Eo3qCDpTOI+IazY7gPfYLwL8 1D4PuDk6vRN3jVED6WEYpSIXspyNOl4z5zjyOzHiMfwsXAO9IOJ9ypNosxMzFOk3AqsI kpcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779850762; x=1780455562; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Zegv+ZZxpEC4mW2h/ysZZnf1Sps69/IlZUIElRjQ8+k=; b=KDkVS6OpZiAjwE3tU1uzAyfDXDb77yhuMZTMtqYkl/il37fcFq9u9M48FqlrOd2dDA abHXBS6ViE5ujSg7S9jwObRnUMhxlJGhKkL7n6JbI8yYIAwyP1GbPbxdg6A/dArht+gB mUzS2vu8gBdKDV7zC9PZbKbxH2jLBnJjYG7Mux5xzN0mw8cx00FySK3a7a0fSDUBVwWx N6rzTpWo6PlIqTtzki+GNuaYhNZgIp5zmIEIBKGEu5ngjpJMLMx7dIz+Fd9i7kSBzRuc JTGfIiMgE6cekC2FnXpgVtL+bUe0VrqSsWOUaL+oGyrcpSDWDaES4+eDj2eUeU+hkr1U 211w== X-Forwarded-Encrypted: i=1; AFNElJ/A5sz9hP+s7nVeiyLn91Qh57Zmw7ZI186DJAXHW37tKw3MvQAsUN3lNw3oHmMBVY8PmINKJaTM1Au8xPw=@vger.kernel.org X-Gm-Message-State: AOJu0Yw+eGF2cMAFeS+hfmvy1Fqzhz59yTup9KPJKKqEGezzXFpN0WQf lbi3TkzHEcqytIZD0wSI4J1GmQnNw3X++zy3CHne6D3ri/5KOQ4eVl+Y X-Gm-Gg: Acq92OGfgc5OSLlb7RcO4ZE3Yv1Q5/q12+McFS6HzaHVUZe2raMkwgtfyVoDvVccTs3 une36m5FB+/MjdVNBmUrHc8IHy182uk9ZORfPk5Mo011Zyr1voyBe6VVNLuU8hxObZvc8/LnYMK EV6AhnrsfR/7E3Si6vypTN/i1ci5Cgcpri7zAvCAbq1JIPdZm0Q85F3zh6CeX47s7XzoCubcnOb x+qu8/8ABfhERhm5i/Yn573Z9nPe45NgaITBVcXB51NogNgShz+oIuqFiimmT+cdjb87CZdqDzd JF+t+j8y17Co3/E/80SmPOR4VYfAB4p/sjxz1Z8zrysIxsSaGNTf0GuWYr7tEqGGm9r0fTuVBlI aLwmiUUYUwt3mqFLbPvvC6xUMMLYwYxqn/tIVr80EQOC7ugPbHXMIaPocqWhgymAGoxEoSjXHjl uO394upOAX82Wu3ptbSD7xDANDCE+s83+JqhWk35mHmX42ej/ouNyNAOtdDN8= X-Received: by 2002:a05:6820:1748:b0:696:17a6:c06f with SMTP id 006d021491bc7-69d7ead4fa3mr11345857eaf.12.1779850762129; Tue, 26 May 2026 19:59:22 -0700 (PDT) Received: from localhost (static-23-234-115-121.cust.tzulo.com. [23.234.115.121]) by smtp.gmail.com with UTF8SMTPSA id 586e51a60fabf-43b63976d57sm15305313fac.9.2026.05.26.19.59.20 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 26 May 2026 19:59:21 -0700 (PDT) From: Sam Edwards X-Google-Original-From: Sam Edwards To: Ilya Dryomov , Alex Markuze , Viacheslav Dubeyko Cc: Jeff Layton , Xiubo Li , Milind Changire , ceph-devel@vger.kernel.org, linux-kernel@vger.kernel.org, Sam Edwards , stable@vger.kernel.org Subject: [PATCH 2/2] ceph: properly decrypt filenames in vmalloc() buffers Date: Tue, 26 May 2026 19:58:28 -0700 Message-ID: <20260527025828.5966-3-CFSworks@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260527025828.5966-1-CFSworks@gmail.com> References: <20260527025828.5966-1-CFSworks@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The fscrypt subsystem uses the scatterlist crypto API, inheriting its requirement that any buffers are in the linear mapping region. However, the messenger client uses kvmalloc() to create buffers for messages, which will occasionally place those buffers in the vmalloc() region when physical memory fragmentation doesn't permit a large enough kmalloc(). The various callers of ceph_fname_to_usr() directly pass (slices of) raw messages from the MDS without considering that the messages may be in vmalloc() buffers, resulting in oopses especially on non-x86 platforms (see 'Closes:' for more details and a reproducer). Make ceph_fname_to_usr() explicitly tolerant of vmalloc()-allocated fname->ctext, fname->name, and/or oname->name buffers, using `tname` (which, when non-null, must be a linear address; when null, is briefly allocated as necessary) as a bounce buffer to avoid passing any inappropriate addresses to fscrypt_fname_disk_to_usr(). Additionally change parse_reply_info_readdir() -- the only function to supply its own `tname` -- to follow the new "tname must never come from vmalloc()" rule by passing NULL when the message is not in the linear region. Though this causes a per-dentry kmalloc()+kfree(), this overhead exists only when processing the minority of messages that spill into vmalloc(). My (crude) testing puts this at only about 1 in 8,000 readdir messages. Still, if the overhead proves unreasonable in the future, it is easy enough to mitigate: a future change could allocate a bounce buffer in parse_reply_info_readdir() and use that as `tname` instead. Fixes: 457117f077c67 ("ceph: add helpers for converting names for userland = presentation") Closes: https://lore.kernel.org/ceph-devel/CAH5Ym4ga7miUQE0K-cJA93Ya7w62P69= MAN27R5cBiYnudoOHdA@mail.gmail.com/T/ Cc: stable@vger.kernel.org # v6.6+ Signed-off-by: Sam Edwards --- fs/ceph/crypto.c | 37 +++++++++++++++++++++++++++++-------- fs/ceph/mds_client.c | 8 ++++++-- 2 files changed, 35 insertions(+), 10 deletions(-) diff --git a/fs/ceph/crypto.c b/fs/ceph/crypto.c index 7515cb251226..61d6830d16bc 100644 --- a/fs/ceph/crypto.c +++ b/fs/ceph/crypto.c @@ -298,6 +298,10 @@ int ceph_encode_encrypted_dname(struct inode *parent, = char *buf, int elen) * Otherwise, base64 decode the string, and then ask fscrypt to format it * for userland presentation. * + * Though the fscrypt/crypto subsystems broadly expect all buffers to be i= n the + * linear-mapped region, this function slightly relaxes those requirements: + * fname->ctext, fname->name, and oname->name may be vmalloc(), but not tn= ame. + * * Returns 0 on success or negative error code on error. */ int ceph_fname_to_usr(const struct ceph_fname *fname, unsigned char *tname, @@ -305,11 +309,15 @@ int ceph_fname_to_usr(const struct ceph_fname *fname,= unsigned char *tname, { struct inode *dir =3D fname->dir; struct fscrypt_str _tname =3D FSTR_INIT(NULL, 0); + struct fscrypt_str _oname; struct fscrypt_str iname; char *name =3D fname->name; int name_len =3D fname->name_len; int ret; =20 + if (WARN_ON_ONCE(tname && is_vmalloc_addr(tname))) + return -EIO; + /* Sanity check that the resulting name will fit in the buffer */ if (fname->name_len > NAME_MAX || fname->ctext_len > NAME_MAX) return -EIO; @@ -350,16 +358,18 @@ int ceph_fname_to_usr(const struct ceph_fname *fname,= unsigned char *tname, goto out_inode; } =20 + if (!tname && (fname->ctext_len =3D=3D 0 || + unlikely(is_vmalloc_addr(fname->ctext)) || + unlikely(is_vmalloc_addr(oname->name)))) { + ret =3D fscrypt_fname_alloc_buffer(NAME_MAX, &_tname); + if (ret) + goto out_inode; + tname =3D _tname.name; + } + if (fname->ctext_len =3D=3D 0) { int declen; =20 - if (!tname) { - ret =3D fscrypt_fname_alloc_buffer(NAME_MAX, &_tname); - if (ret) - goto out_inode; - tname =3D _tname.name; - } - declen =3D base64_decode(name, name_len, tname, false, BASE64_IMAP); if (declen <=3D 0) { @@ -368,12 +378,21 @@ int ceph_fname_to_usr(const struct ceph_fname *fname,= unsigned char *tname, } iname.name =3D tname; iname.len =3D declen; + } else if (unlikely(is_vmalloc_addr(fname->ctext))) { + memcpy(tname, fname->ctext, fname->ctext_len); + + iname.name =3D tname; + iname.len =3D fname->ctext_len; } else { iname.name =3D fname->ctext; iname.len =3D fname->ctext_len; } =20 - ret =3D fscrypt_fname_disk_to_usr(dir, 0, 0, &iname, oname); + _oname.name =3D unlikely(is_vmalloc_addr(oname->name)) ? + tname : oname->name; + _oname.len =3D oname->len; + ret =3D fscrypt_fname_disk_to_usr(dir, 0, 0, &iname, &_oname); + oname->len =3D _oname.len; if (!ret && (dir !=3D fname->dir)) { char tmp_buf[BASE64_CHARS(NAME_MAX)]; =20 @@ -381,6 +400,8 @@ int ceph_fname_to_usr(const struct ceph_fname *fname, u= nsigned char *tname, oname->len, oname->name, dir->i_ino); memcpy(oname->name, tmp_buf, name_len); oname->len =3D name_len; + } else if (!ret && unlikely(is_vmalloc_addr(oname->name))) { + memcpy(oname->name, _oname.name, _oname.len); } =20 out: diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c index aa6730b48e97..8fcf185e3a82 100644 --- a/fs/ceph/mds_client.c +++ b/fs/ceph/mds_client.c @@ -538,9 +538,13 @@ static int parse_reply_info_readdir(void **p, void *en= d, * to do the base64_decode in-place. It's * safe because the decoded string should * always be shorter, which is 3/4 of origin - * string. + * string. If this message was allocated with + * vmalloc() (happens, but rarely), leave it + * NULL and let ceph_fname_to_usr() allocate + * suitable temporary working space instead. */ - tname =3D _name; + if (likely(!is_vmalloc_addr(_name))) + tname =3D _name; =20 /* * Set oname to _name too, and this will be --=20 2.53.0