From: "Luís Henriques" <lhenriques@suse.de>
To: Jeff Layton <jlayton@kernel.org>, Xiubo Li <xiubli@redhat.com>,
Ilya Dryomov <idryomov@gmail.com>
Cc: ceph-devel@vger.kernel.org, linux-kernel@vger.kernel.org,
"Luís Henriques" <lhenriques@suse.de>
Subject: [PATCH v4 0/4] ceph: add support for snapshot names encryption
Date: Thu, 14 Apr 2022 14:51:18 +0100 [thread overview]
Message-ID: <20220414135122.26821-1-lhenriques@suse.de> (raw)
Hi!
Time for another iteration on the encrypted snapshots names, which is
mostly a rebase to the wip-fscrypt branch. To test this, I've used ceph
with the following PRs:
mds: add protection from clients without fscrypt support #45073
mds: use the whole string as the snapshot long name #45192
mds: support alternate names for snapshots #45224
mds: limit the snapshot names to 240 characters #45312
Changes since v3:
- Fixed WARN_ON() in ceph_encode_encrypted_dname()
- Updated documentation and copyright notice for the base64
encoding/decoding implementaiton which was taken from the fscrypt base.
Changes since v2:
- Use ceph_find_inode() instead of ceph_get_inode() for finding a snapshot
parent in function parse_longname(). I've also added a fallback to
ceph_get_inode() in case we fail to find the inode. This may happen if,
for example, the mount root doesn't include that inode. The iput() was
also complemented by a discard_new_inode() if the inode is in the I_NEW
state. (patch 0002)
- Move the check for '_' snapshots further up in the ceph_fname_to_usr()
and ceph_encode_encrypted_dname(). This fixes the case pointed out by
Xiubo in v2. (patch 0002)
- Use NAME_MAX for tmp arrays (patch 0002)
- Added an extra patch for replacing the base64url encoding by a different
encoding standard, the one used for IMAP mailboxes (which uses '+' and
',' instead of '-' and '_'). This should fix the issue with snapshot
names starting with '_'. (patch 0003)
Changes since v1:
- Dropped the dentry->d_flags change in ceph_mkdir(). Thanks to Xiubo
suggestion, patch 0001 now skips calling ceph_fscrypt_prepare_context()
if we're handling a snapshot.
- Added error handling to ceph_get_snapdir() in patch 0001 (Jeff had
already pointed that out but I forgot to include that change in previous
revision).
- Rebased patch 0002 to the latest wip-fscrypt branch.
- Added some documentation regarding snapshots naming restrictions.
Luís Henriques (4):
ceph: add support for encrypted snapshot names
ceph: add support for handling encrypted snapshot names
ceph: update documentation regarding snapshot naming limitations
ceph: replace base64url by the encoding used for mailbox names
Documentation/filesystems/ceph.rst | 10 ++
fs/ceph/crypto.c | 252 +++++++++++++++++++++++++----
fs/ceph/crypto.h | 14 +-
fs/ceph/dir.c | 2 +-
fs/ceph/inode.c | 33 +++-
5 files changed, 273 insertions(+), 38 deletions(-)
next reply other threads:[~2022-04-14 15:20 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-14 13:51 Luís Henriques [this message]
2022-04-14 13:51 ` [PATCH v4 1/4] ceph: add support for encrypted snapshot names Luís Henriques
2022-04-14 13:51 ` [PATCH v4 2/4] ceph: add support for handling " Luís Henriques
2022-04-18 12:45 ` Jeff Layton
2022-04-14 13:51 ` [PATCH v4 3/4] ceph: update documentation regarding snapshot naming limitations Luís Henriques
2022-04-14 13:51 ` [PATCH v4 4/4] ceph: replace base64url by the encoding used for mailbox names Luís Henriques
2022-04-18 2:08 ` [PATCH v4 0/4] ceph: add support for snapshot names encryption Xiubo Li
2022-04-18 13:08 ` [PATCH] ceph: prevent snapshots to be created in encrypted locked directories Luís Henriques
2022-04-18 13:17 ` Jeff Layton
2022-04-18 13:19 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220414135122.26821-1-lhenriques@suse.de \
--to=lhenriques@suse.de \
--cc=ceph-devel@vger.kernel.org \
--cc=idryomov@gmail.com \
--cc=jlayton@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=xiubli@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.