From: James Simmons <jsimmons@infradead.org>
To: Andreas Dilger <adilger@whamcloud.com>,
Oleg Drokin <green@whamcloud.com>, NeilBrown <neilb@suse.de>
Cc: Lustre Development List <lustre-devel@lists.lustre.org>
Subject: [lustre-devel] [PATCH 08/13] lustre: sec: fix handling of encrypted file with long name
Date: Wed, 29 Dec 2021 09:51:22 -0500 [thread overview]
Message-ID: <1640789487-22279-9-git-send-email-jsimmons@infradead.org> (raw)
In-Reply-To: <1640789487-22279-1-git-send-email-jsimmons@infradead.org>
From: Sebastien Buisson <sbuisson@ddn.com>
The ciphertext representation of the name of an encrypted file or
directory can be up to 256 bytes of binary data, if the cleartext
name is up to NAME_MAX. But then this ciphertext is encoded via
critical_encode() before being sent to servers. Once encoded, the
length can exceed NAME_MAX because of the escaped critical
characters.
So make sure ll_prep_md_op_data() accepts those too long encoded names
if it is called for lookup or create of an encrypted file or
directory. In the other cases, the 'name' taken as input is the plain
text version, so it must conform to the NAME_MAX limit.
When carrying out operations on an encrypted file with long name, we
manipulate a digested form whose hash needs to be matched against the
content of the LinkEA. The name found in the LinkEA is not NUL
terminated, so this aspect must be taken care of.
Fixes: e4c377fefc ("lustre: sec: filename encryption")
Fixes: 860818695d ("lustre: sec: filename encryption - digest support")
WC-bug-id: https://jira.whamcloud.com/browse/LU-13717
Lustre-commit: 75414af6bf310244d ("LU-13717 sec: fix handling of encrypted file with long name")
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Reviewed-on: https://review.whamcloud.com/45163
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Patrick Farrell <pfarrell@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Signed-off-by: James Simmons <jsimmons@infradead.org>
---
fs/lustre/llite/llite_lib.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/lustre/llite/llite_lib.c b/fs/lustre/llite/llite_lib.c
index c9be5af..11a545a3 100644
--- a/fs/lustre/llite/llite_lib.c
+++ b/fs/lustre/llite/llite_lib.c
@@ -3110,7 +3110,9 @@ struct md_op_data *ll_prep_md_op_data(struct md_op_data *op_data,
if (namelen)
return ERR_PTR(-EINVAL);
} else {
- if (namelen > ll_i2sbi(i1)->ll_namelen)
+ if ((!IS_ENCRYPTED(i1) ||
+ (opc != LUSTRE_OPC_LOOKUP && opc != LUSTRE_OPC_CREATE)) &&
+ namelen > ll_i2sbi(i1)->ll_namelen)
return ERR_PTR(-ENAMETOOLONG);
/* "/" is not valid name, but it's allowed */
--
1.8.3.1
_______________________________________________
lustre-devel mailing list
lustre-devel@lists.lustre.org
http://lists.lustre.org/listinfo.cgi/lustre-devel-lustre.org
next prev parent reply other threads:[~2021-12-29 14:51 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-29 14:51 [lustre-devel] [PATCH 00/13] lustre: port OpenSFS updates Dec 29, 2021 James Simmons
2021-12-29 14:51 ` [lustre-devel] [PATCH 01/13] lustre: sec: filename encryption - digest support James Simmons
2021-12-29 14:51 ` [lustre-devel] [PATCH 02/13] lnet: Revert "lnet: Lock primary NID logic" James Simmons
2021-12-29 14:51 ` [lustre-devel] [PATCH 03/13] lustre: quota: fallocate send UID/GID for quota James Simmons
2021-12-29 14:51 ` [lustre-devel] [PATCH 04/13] lustre: mdc: add client tunable to disable LSOM update James Simmons
2021-12-29 14:51 ` [lustre-devel] [PATCH 05/13] lustre: dne: dir migration in non-recursive mode James Simmons
2021-12-29 14:51 ` [lustre-devel] [PATCH 06/13] lustre: update version to 2.14.56 James Simmons
2021-12-29 14:51 ` [lustre-devel] [PATCH 07/13] lustre: sec: no encryption key migrate/extend/resync/split James Simmons
2021-12-29 14:51 ` James Simmons [this message]
2021-12-29 14:51 ` [lustre-devel] [PATCH 09/13] lnet: socklnd: expect two control connections maximum James Simmons
2021-12-29 14:51 ` [lustre-devel] [PATCH 10/13] lustre: ptlrpc: use a cached value James Simmons
2021-12-29 14:51 ` [lustre-devel] [PATCH 11/13] lnet: Race on discovery queue James Simmons
2021-12-29 14:51 ` [lustre-devel] [PATCH 12/13] lnet: o2iblnd: convert ibp_refcount to a kref James Simmons
2021-12-29 14:51 ` [lustre-devel] [PATCH 13/13] lustre: llite: set ra_pages of backing_dev_info with 0 James Simmons
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1640789487-22279-9-git-send-email-jsimmons@infradead.org \
--to=jsimmons@infradead.org \
--cc=adilger@whamcloud.com \
--cc=green@whamcloud.com \
--cc=lustre-devel@lists.lustre.org \
--cc=neilb@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).