All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Luís Henriques" <lhenriques@suse.de>
To: Xiubo Li <xiubli@redhat.com>
Cc: Ilya Dryomov <idryomov@gmail.com>,
	Jeff Layton <jlayton@kernel.org>,
	ceph-devel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] ceph: make sure directories aren't complete after setting crypt context
Date: Thu, 17 Nov 2022 18:02:41 +0000	[thread overview]
Message-ID: <87o7t5mpby.fsf@suse.de> (raw)
In-Reply-To: <41710b3d-b37f-8c65-d55d-c4137a366efd@redhat.com> (Xiubo Li's message of "Thu, 17 Nov 2022 19:08:02 +0800")

Xiubo Li <xiubli@redhat.com> writes:

> On 17/11/2022 16:03, Xiubo Li wrote:
>>
>> On 16/11/2022 23:37, Luís Henriques wrote:
>>> When setting a directory's crypt context, __ceph_dir_clear_complete() needs
>>> to be used otherwise, if it was complete before, any old dentry that's still
>>> around will be valid.
>>>
>>> Signed-off-by: Luís Henriques <lhenriques@suse.de>
>>> ---
>>> Hi!
>>>
>>> Here's a simple way to trigger the bug this patch is fixing:
>>>
>>> # cd /cephfs
>>> # ls mydir
>>> nKRhofOAVNsAwVLvDw7a0c9ypsjbZfK3n0Npnmni6j0
>>> # ls mydir/nKRhofOAVNsAwVLvDw7a0c9ypsjbZfK3n0Npnmni6j0/
>>> Cyuer5xT+kBlEPgtwAqSj0WK2taEljP5vHZ,D8VXCJ8
>>> u+46b2XVCt7Obpz0gznZyNLRj79Q2l4KmkwbKOzdQKw
>>> # fscrypt unlock mydir
>>> # touch /mnt/test/mydir/mysubdir/file
>>> touch: cannot touch '/mnt/test/mydir/mysubdir/file': No such file or
>>> directory
>>>
>>>   fs/ceph/crypto.c | 4 ++++
>>>   1 file changed, 4 insertions(+)
>>>
>>> diff --git a/fs/ceph/crypto.c b/fs/ceph/crypto.c
>>> index 35a2ccfe6899..dc1557967032 100644
>>> --- a/fs/ceph/crypto.c
>>> +++ b/fs/ceph/crypto.c
>>> @@ -87,6 +87,10 @@ static int ceph_crypt_get_context(struct inode *inode,
>>> void *ctx, size_t len)
>>>           return -ERANGE;
>>>         memcpy(ctx, cfa->cfa_blob, ctxlen);
>>> +
>>> +    /* Directory isn't complete anymore */
>>> +    if (S_ISDIR(inode->i_mode) && __ceph_dir_is_complete(ci))
>>> +        __ceph_dir_clear_complete(ci);
>>
>> Hi Luis,
>>
>> Good catch!
>>
>> BTW, why do this in the ceph_crypt_get_context() ? As my understanding is that
>> we should mark 'mydir' as incomplete when unlocking it. While as I remembered
>> the unlock operation will do:
>>
>>
>> Step1: get_encpolicy via 'mydir' as ctx
>> Step2: rm_enckey of ctx from the superblock
>>
> Sorry, it should be add_enckey.
>>
>> Since I am still running the test cases for the file lock patches, so I didn't
>> catch logs to confirm the above steps yet.
>>
>> If I am right IMO then we should mark the dir as incomplete in the Step2
>> instead, because for non-unlock operations they may also do the Step1.
>>
> Your patch will work. But probably we should do this just around
> __fscrypt_prepare_readdir() or fscrypt_prepare_readdir() instead ? We need to
> detect that once the 'inode->i_crypt_info' changed then mark the dir as
> incomplete.
>
> For now for the lock operation it will evict the inode, which will help do this
> for us already. But for unlock case, we need to handle it by ourself.

OK, that makes sense and to be honest I thought that there should be
another place for doing this. Unfortunately, I didn't found it: in the
test case I have the fscrypt_prepare_readdir() isn't called:

   # cd /cephfs
   # ls mydir
   nKRhofOAVNsAwVLvDw7a0c9ypsjbZfK3n0Npnmni6j0
   # ls mydir/nKRhofOAVNsAwVLvDw7a0c9ypsjbZfK3n0Npnmni6j0/
   Cyuer5xT+kBlEPgtwAqSj0WK2taEljP5vHZ,D8VXCJ8 u+46b2XVCt7Obpz0gznZyNLRj79Q2l4KmkwbKOzdQKw

At this point readdir was executed, of course.  And
__ceph_dir_set_complete() is also used to indicate that we have the full
contents.  However, executing the following commands won't result in any
new readdir():

   # fscrypt unlock mydir
   # touch /mnt/test/mydir/mysubdir/file

and since the encryption key is set at the sb level, I couldn't find a way
to detect changes in inode->i_crypt_info.  ceph_d_revalidate() is invoked
but at that point I don't thing we have a way to know what is changing.

Any ideas?

Cheers,
-- 
Luís

>
> Thanks!
>
> - Xiubo
>
>
>> Thanks!
>>
>> - Xiubo
>>
>>>       return ctxlen;
>>>   }
>>>
>


  reply	other threads:[~2022-11-17 18:01 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-16 15:37 [PATCH] ceph: make sure directories aren't complete after setting crypt context Luís Henriques
2022-11-17  8:03 ` Xiubo Li
2022-11-17 11:08   ` Xiubo Li
2022-11-17 18:02     ` Luís Henriques [this message]
2022-11-18  5:24       ` Xiubo Li
2022-11-18 11:12         ` Luís Henriques
2022-11-21  0:53           ` Xiubo Li
2022-11-21 13:52             ` Luís Henriques

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87o7t5mpby.fsf@suse.de \
    --to=lhenriques@suse.de \
    --cc=ceph-devel@vger.kernel.org \
    --cc=idryomov@gmail.com \
    --cc=jlayton@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=xiubli@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.