lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <c75e80afbc476dae349f1b5f1cca7a71984e68d9.camel@kernel.org>
Date:   Mon, 18 Apr 2022 10:31:20 -0400
From:   Jeff Layton <jlayton@...nel.org>
To:     Luís Henriques <lhenriques@...e.de>,
        Xiubo Li <xiubli@...hat.com>, Ilya Dryomov <idryomov@...il.com>
Cc:     ceph-devel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v5 0/5] ceph: add support for snapshot names encryption

On Mon, 2022-04-18 at 14:59 +0100, Luís Henriques wrote:
> Hi!
> 
> And here's yet another revision.  The main difference from v4 is the
> addition of a patch to prevent the creation of snapshots in directories
> that are encrypted but that are not unlocked (i.e. no key available).
> 
> As before, the following ceph PRs are required:
> 
>   mds: add protection from clients without fscrypt support #45073
>   mds: use the whole string as the snapshot long name #45192
>   mds: support alternate names for snapshots #45224
>   mds: limit the snapshot names to 240 characters #45312
> 
> Changes since v4:
> 
> - Explicitly added the encoding base for kstrtou64() as we do know that
>   the inode numbers are in decimal.
> 
> - New patch to prevent the creation of snapshots in encrypted directories
>   that do not have the key loaded.
> 
> Changes since v3:
> 
> - Fixed WARN_ON() in ceph_encode_encrypted_dname()
> 
> - Updated documentation and copyright notice for the base64
>   encoding/decoding implementaiton which was taken from the fscrypt base.
> 
> Changes since v2:
> 
> - Use ceph_find_inode() instead of ceph_get_inode() for finding a snapshot
>   parent in function parse_longname().  I've also added a fallback to
>   ceph_get_inode() in case we fail to find the inode.  This may happen if,
>   for example, the mount root doesn't include that inode.  The iput() was
>   also complemented by a discard_new_inode() if the inode is in the I_NEW
>   state. (patch 0002)
> 
> - Move the check for '_' snapshots further up in the ceph_fname_to_usr()
>   and ceph_encode_encrypted_dname().  This fixes the case pointed out by
>   Xiubo in v2. (patch 0002)
> 
> - Use NAME_MAX for tmp arrays (patch 0002)
> 
> - Added an extra patch for replacing the base64url encoding by a different
>   encoding standard, the one used for IMAP mailboxes (which uses '+' and
>   ',' instead of '-' and '_').  This should fix the issue with snapshot
>   names starting with '_'. (patch 0003)
> 
> Changes since v1:
> 
> - Dropped the dentry->d_flags change in ceph_mkdir().  Thanks to Xiubo
>   suggestion, patch 0001 now skips calling ceph_fscrypt_prepare_context()
>   if we're handling a snapshot.
> 
> - Added error handling to ceph_get_snapdir() in patch 0001 (Jeff had
>   already pointed that out but I forgot to include that change in previous
>   revision).
> 
> - Rebased patch 0002 to the latest wip-fscrypt branch.
> 
> - Added some documentation regarding snapshots naming restrictions.
> 
> 
> Luís Henriques (5):
>   ceph: add support for encrypted snapshot names
>   ceph: add support for handling encrypted snapshot names
>   ceph: update documentation regarding snapshot naming limitations
>   ceph: replace base64url by the encoding used for mailbox names
>   ceph: prevent snapshots to be created in encrypted locked directories
> 
>  Documentation/filesystems/ceph.rst |  10 ++
>  fs/ceph/crypto.c                   | 252 +++++++++++++++++++++++++----
>  fs/ceph/crypto.h                   |  14 +-
>  fs/ceph/dir.c                      |   7 +-
>  fs/ceph/inode.c                    |  33 +++-
>  5 files changed, 278 insertions(+), 38 deletions(-)
> 

Looks good. I'll plan to merge these into wip-fscrypt later today.

Thanks!
-- 
Jeff Layton <jlayton@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ