Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp2202598pxm;
        Fri, 4 Mar 2022 11:16:25 -0800 (PST)
X-Google-Smtp-Source: ABdhPJyxbIvvc5ExGnrbJEGZYvtE1cPhsISmwhDOe9ROw19CgFP8ooZhUnrvvJVQsTfw8cKjbVEO
X-Received: by 2002:a17:90a:7885:b0:1be:d757:fa73 with SMTP id x5-20020a17090a788500b001bed757fa73mr12231620pjk.169.1646421385483;
        Fri, 04 Mar 2022 11:16:25 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1646421385; cv=none;
        d=google.com; s=arc-20160816;
        b=MfL8GhaIFfFgdRdrh8cHMX3aGztoE8Og9UMLIhbFNlyPnZUYwnFWiSn5vzbrTR8I5+
         77Tz1t9B5hSFysfbhrB10yQ9YvaZVPAK8/40dWoAj5p6tzTvCYmVa9PpJTwv3HC0Ctby
         tRglEkTKJ/wO9sdKsR9suuUqzebRJT9tAbJnCeujBdO3zum3xxiGHLqrFKPpx+o9CxUx
         3wWl0yDqCsSNxzVFoyB83V5i1TlixU4tBtThu6HGMYmOaOPWkDCEyNagBqbXyXo465SH
         YLKxRl5a4xZrCwnsi4ms+CJaafYs4hK2UTHDdD2qJzSZKi/eoq/BXQRFfEwTJ0mvBV4W
         GgZA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:date:cc:to:from:subject
         :message-id:dkim-signature;
        bh=ohZ8Q2HDvN+r/a/WvG3346kSkB0u4f28lvsJlYkVAtU=;
        b=sNeRytphIOWv8/v/Tv8lmlvvJwx177G/DKUmDnXAQmx9uhQTKkAnMJkRwj5lWvi4IG
         2oD4wAHWyYYkzfG+ZXmVMLGLYN681EkyD7eS+YNkNQGHh5tx90Oc2N3INRtMJOb0yyeL
         za7EKxc/atjzUA4K7VV+tSqJPN2HH6xKDu5ZwnIIam2k8Uh+lknhvF2HQJdsMPP9YhhH
         s+yQOEL78VbZPSs/xgs/AMNNR/n2Rj2NhTVHaXeb8luWwxBT/HwCQWOcsyVEp+rYYbbN
         z5Zqu5b5+2fbnhR+0OoRcQNmT9Yd9t4bwNLSn15S9koyMbzaN0y5gIbv+Btm/mi53rvW
         sPqg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=pnxKiSLZ;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19])
        by mx.google.com with ESMTPS id s10-20020a170902ea0a00b00151952f409fsi5467242plg.167.2022.03.04.11.16.24
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 04 Mar 2022 11:16:25 -0800 (PST)
Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=pnxKiSLZ;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id 09ABBB94;
	Fri,  4 Mar 2022 11:07:28 -0800 (PST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241694AbiCDSbo (ORCPT <rfc822;anothersharkwizard@gmail.com>
        + 99 others); Fri, 4 Mar 2022 13:31:44 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50492 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S241672AbiCDSbn (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 4 Mar 2022 13:31:43 -0500
Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0446B1D3D89;
        Fri,  4 Mar 2022 10:30:54 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id 9C263B827FA;
        Fri,  4 Mar 2022 18:30:53 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id CA989C340EE;
        Fri,  4 Mar 2022 18:30:51 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1646418652;
        bh=C+X/aD4OLdI4XG9yzbc4VuND9rs+OIvUqRV8tAkZSpI=;
        h=Subject:From:To:Cc:Date:In-Reply-To:References:From;
        b=pnxKiSLZgzRT33vPCes9z31ENwlmFQiiaZaecuWomvEVNxLIBfCjR2YJ4aDF5Hkoe
         1Bx+arm+V0dsjHBQBjrzLdfIhia4Ulo5r4JDUzy5+TRxPvfAs2AS7yGjlstRml5349
         SCR6qAroFI8/cYngMDyizjeqlO5yaSfqtHxADABgfb+2iXFPKSMrfJag+l0mGN6oDa
         6sPfjMioiUQO8jzCPiNhCHkkglS+gCm3jbj6Q5xvPqIUQx5KHUlC7QpsElOzXlDe2M
         LrVAlHgPrxwxVPdWG0ZtsNj3SBdUmT7uVT/TskwmAtA8OXy8FPZtaH3YA4L4MZDd+u
         ugilkfIY8ZrnA==
Message-ID: <e7f91d0be0f41320e5a4f38ded1bde166626a17f.camel@kernel.org>
Subject: Re: [PATCH 0/3] ceph: minor fixes and encrypted snapshot names
From:   Jeff Layton <jlayton@kernel.org>
To:     =?ISO-8859-1?Q?Lu=EDs?= Henriques <lhenriques@suse.de>
Cc:     Xiubo Li <xiubli@redhat.com>, Ilya Dryomov <idryomov@gmail.com>,
        ceph-devel@vger.kernel.org, linux-kernel@vger.kernel.org
Date:   Fri, 04 Mar 2022 13:30:50 -0500
In-Reply-To: <87fsnx4rb3.fsf@brahms.olymp>
References: <20220304161403.19295-1-lhenriques@suse.de>
         <87fsnx4rb3.fsf@brahms.olymp>
Content-Type: text/plain; charset="ISO-8859-15"
User-Agent: Evolution 3.42.4 (3.42.4-1.fc35) 
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,
	RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable
	autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, 2022-03-04 at 16:26 +0000, Lu?s Henriques wrote:
> Lu?s Henriques <lhenriques@suse.de> writes:
> 
> > Hi!
> > 
> > I'm sending another iteration of the encrypted snapshot names patch.  This
> > patch assumes PR#45224 [1] to be merged as it adds support for the
> > alternate names.
> > 
> > Two notes:
> > 
> > 1. Patch 0001 is just a small fix from another fscrypt patch.  It's
> >    probably better to simply squash it.
> > 
> > 2. I'm not sure how easy it is to hit the UAF fixed by patch 0002.  I can
> >    reproduce it easily by commenting the code that adds the
> >    DCACHE_NOKEY_NAME flag in patch 0003.
> 
> Obviously, immediately after sending this patchset I realized I failed to
> mention a very (*VERY*) important note:
> 
> Snapshot names can not start with a '_'.  I think the reason is related
> with the 'long snapshot names', but I can't really remember the details
> anymore.  The point is that an encrypted snapshot name base64-encoded
> *may* end-up starting with an '_' as we're using the base64-url variant.
> 
> I really don't know if it's possible to fix that.  I guess that in that
> case the user will get an error and fail to create the snapshot but he'll
> be clueless because the reason.  Probably a warning can be added to the
> kernel logs, but maybe there are other ideas.
> 


Ouch. Is that imposed by the MDS? It'd be best if we could remove that
limitation from it altogether if we can.

If we can't, then we might be able to get away with prepending all the
encrypted names with some legal characte. Then when we go to decrypt it
we just strip that off.

We could also consider changing the base64 routine to use something else
in lieu of '_' but that's more of a hassle.
-- 
Jeff Layton <jlayton@kernel.org>