Either the existing fscache usecase or the upcoming page cache sharing case, the `domain_id` should be protected as sensitive information, so we use the safer helpers to allocate, free and display domain_id.
Signed-off-by: Hongbo Li <[email protected]> Reviewed-by: Gao Xiang <[email protected]> --- Documentation/filesystems/erofs.rst | 5 +++-- fs/erofs/fscache.c | 4 ++-- fs/erofs/super.c | 10 ++++------ 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/Documentation/filesystems/erofs.rst b/Documentation/filesystems/erofs.rst index 08194f194b94..40dbf3b6a35f 100644 --- a/Documentation/filesystems/erofs.rst +++ b/Documentation/filesystems/erofs.rst @@ -126,8 +126,9 @@ dax={always,never} Use direct access (no page cache). See dax A legacy option which is an alias for ``dax=always``. device=%s Specify a path to an extra device to be used together. fsid=%s Specify a filesystem image ID for Fscache back-end. -domain_id=%s Specify a domain ID in fscache mode so that different images - with the same blobs under a given domain ID can share storage. +domain_id=%s Specify a trusted domain ID for fscache mode so that + different images with the same blobs, identified by blob IDs, + can share storage within the same trusted domain. fsoffset=%llu Specify block-aligned filesystem offset for the primary device. =================== ========================================================= diff --git a/fs/erofs/fscache.c b/fs/erofs/fscache.c index f4937b025038..a2cc0f3fa9d0 100644 --- a/fs/erofs/fscache.c +++ b/fs/erofs/fscache.c @@ -379,7 +379,7 @@ static void erofs_fscache_domain_put(struct erofs_domain *domain) } fscache_relinquish_volume(domain->volume, NULL, false); mutex_unlock(&erofs_domain_list_lock); - kfree(domain->domain_id); + kfree_sensitive(domain->domain_id); kfree(domain); return; } @@ -446,7 +446,7 @@ static int erofs_fscache_init_domain(struct super_block *sb) sbi->domain = domain; return 0; out: - kfree(domain->domain_id); + kfree_sensitive(domain->domain_id); kfree(domain); return err; } diff --git a/fs/erofs/super.c b/fs/erofs/super.c index dca1445f6c92..38be26ba04bb 100644 --- a/fs/erofs/super.c +++ b/fs/erofs/super.c @@ -525,10 +525,8 @@ static int erofs_fc_parse_param(struct fs_context *fc, return -ENOMEM; break; case Opt_domain_id: - kfree(sbi->domain_id); - sbi->domain_id = kstrdup(param->string, GFP_KERNEL); - if (!sbi->domain_id) - return -ENOMEM; + kfree_sensitive(sbi->domain_id); + sbi->domain_id = no_free_ptr(param->string); break; #else case Opt_fsid: @@ -624,7 +622,7 @@ static void erofs_set_sysfs_name(struct super_block *sb) { struct erofs_sb_info *sbi = EROFS_SB(sb); - if (sbi->domain_id) + if (sbi->domain_id && sbi->fsid) super_set_sysfs_name_generic(sb, "%s,%s", sbi->domain_id, sbi->fsid); else if (sbi->fsid) @@ -852,7 +850,7 @@ static void erofs_sb_free(struct erofs_sb_info *sbi) { erofs_free_dev_context(sbi->devs); kfree(sbi->fsid); - kfree(sbi->domain_id); + kfree_sensitive(sbi->domain_id); if (sbi->dif0.file) fput(sbi->dif0.file); kfree(sbi->volume_name); -- 2.22.0
