| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c75e80afbc476dae349f1b5f1cca7a71984e68d9.camel@kernel.org>
Date: Mon, 18 Apr 2022 10:31:20 -0400
From: Jeff Layton <jlayton@...nel.org>
To: Luís Henriques <lhenriques@...e.de>,
Xiubo Li <xiubli@...hat.com>, Ilya Dryomov <idryomov@...il.com>
Cc: ceph-devel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v5 0/5] ceph: add support for snapshot names encryption
On Mon, 2022-04-18 at 14:59 +0100, Luís Henriques wrote:
> Hi!
>
> And here's yet another revision. The main difference from v4 is the
> addition of a patch to prevent the creation of snapshots in directories
> that are encrypted but that are not unlocked (i.e. no key available).
>
> As before, the following ceph PRs are required:
>
> mds: add protection from clients without fscrypt support #45073
> mds: use the whole string as the snapshot long name #45192
> mds: support alternate names for snapshots #45224
> mds: limit the snapshot names to 240 characters #45312
>
> Changes since v4:
>
> - Explicitly added the encoding base for kstrtou64() as we do know that
> the inode numbers are in decimal.
>
> - New patch to prevent the creation of snapshots in encrypted directories
> that do not have the key loaded.
>
> Changes since v3:
>
> - Fixed WARN_ON() in ceph_encode_encrypted_dname()
>
> - Updated documentation and copyright notice for the base64
> encoding/decoding implementaiton which was taken from the fscrypt base.
>
> Changes since v2:
>
> - Use ceph_find_inode() instead of ceph_get_inode() for finding a snapshot
> parent in function parse_longname(). I've also added a fallback to
> ceph_get_inode() in case we fail to find the inode. This may happen if,
> for example, the mount root doesn't include that inode. The iput() was
> also complemented by a discard_new_inode() if the inode is in the I_NEW
> state. (patch 0002)
>
> - Move the check for '_' snapshots further up in the ceph_fname_to_usr()
> and ceph_encode_encrypted_dname(). This fixes the case pointed out by
> Xiubo in v2. (patch 0002)
>
> - Use NAME_MAX for tmp arrays (patch 0002)
>
> - Added an extra patch for replacing the base64url encoding by a different
> encoding standard, the one used for IMAP mailboxes (which uses '+' and
> ',' instead of '-' and '_'). This should fix the issue with snapshot
> names starting with '_'. (patch 0003)
>
> Changes since v1:
>
> - Dropped the dentry->d_flags change in ceph_mkdir(). Thanks to Xiubo
> suggestion, patch 0001 now skips calling ceph_fscrypt_prepare_context()
> if we're handling a snapshot.
>
> - Added error handling to ceph_get_snapdir() in patch 0001 (Jeff had
> already pointed that out but I forgot to include that change in previous
> revision).
>
> - Rebased patch 0002 to the latest wip-fscrypt branch.
>
> - Added some documentation regarding snapshots naming restrictions.
>
>
> Luís Henriques (5):
> ceph: add support for encrypted snapshot names
> ceph: add support for handling encrypted snapshot names
> ceph: update documentation regarding snapshot naming limitations
> ceph: replace base64url by the encoding used for mailbox names
> ceph: prevent snapshots to be created in encrypted locked directories
>
> Documentation/filesystems/ceph.rst | 10 ++
> fs/ceph/crypto.c | 252 +++++++++++++++++++++++++----
> fs/ceph/crypto.h | 14 +-
> fs/ceph/dir.c | 7 +-
> fs/ceph/inode.c | 33 +++-
> 5 files changed, 278 insertions(+), 38 deletions(-)
>
Looks good. I'll plan to merge these into wip-fscrypt later today.
Thanks!
--
Jeff Layton <jlayton@...nel.org>
Powered by blists - more mailing lists