ceph-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jeff Layton <jlayton@kernel.org>
To: ceph-devel@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org, linux-fscrypt@vger.kernel.org,
	dhowells@redhat.com, xiubli@redhat.com, lhenriques@suse.de,
	khiremat@redhat.com, ebiggers@kernel.org
Subject: [RFC PATCH v8 11/24] ceph: add fscrypt ioctls
Date: Thu, 26 Aug 2021 12:20:01 -0400	[thread overview]
Message-ID: <20210826162014.73464-12-jlayton@kernel.org> (raw)
In-Reply-To: <20210826162014.73464-1-jlayton@kernel.org>

We gate most of the ioctls on MDS feature support. The exception is the
key removal and status functions that we still want to work if the MDS's
were to (inexplicably) lose the feature.

For the set_policy ioctl, we take Fcx caps to ensure that nothing can
create files in the directory while the ioctl is running. That should
be enough to ensure that the "empty_dir" check is reliable.

Signed-off-by: Jeff Layton <jlayton@kernel.org>
---
 fs/ceph/ioctl.c | 83 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 83 insertions(+)

diff --git a/fs/ceph/ioctl.c b/fs/ceph/ioctl.c
index 6e061bf62ad4..477ecc667aee 100644
--- a/fs/ceph/ioctl.c
+++ b/fs/ceph/ioctl.c
@@ -6,6 +6,7 @@
 #include "mds_client.h"
 #include "ioctl.h"
 #include <linux/ceph/striper.h>
+#include <linux/fscrypt.h>
 
 /*
  * ioctls
@@ -268,8 +269,54 @@ static long ceph_ioctl_syncio(struct file *file)
 	return 0;
 }
 
+static int vet_mds_for_fscrypt(struct file *file)
+{
+	int i, ret = -EOPNOTSUPP;
+	struct ceph_mds_client	*mdsc = ceph_sb_to_mdsc(file_inode(file)->i_sb);
+
+	mutex_lock(&mdsc->mutex);
+	for (i = 0; i < mdsc->max_sessions; i++) {
+		struct ceph_mds_session *s = mdsc->sessions[i];
+
+		if (!s)
+			continue;
+		if (test_bit(CEPHFS_FEATURE_ALTERNATE_NAME, &s->s_features))
+			ret = 0;
+		break;
+	}
+	mutex_unlock(&mdsc->mutex);
+	return ret;
+}
+
+static long ceph_set_encryption_policy(struct file *file, unsigned long arg)
+{
+	int ret, got = 0;
+	struct inode *inode = file_inode(file);
+	struct ceph_inode_info *ci = ceph_inode(inode);
+
+	ret = vet_mds_for_fscrypt(file);
+	if (ret)
+		return ret;
+
+	/*
+	 * Ensure we hold these caps so that we _know_ that the rstats check
+	 * in the empty_dir check is reliable.
+	 */
+	ret = ceph_get_caps(file, CEPH_CAP_FILE_SHARED, 0, -1, &got);
+	if (ret)
+		return ret;
+
+	ret = fscrypt_ioctl_set_policy(file, (const void __user *)arg);
+	if (got)
+		ceph_put_cap_refs(ci, got);
+
+	return ret;
+}
+
 long ceph_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 {
+	int ret;
+
 	dout("ioctl file %p cmd %u arg %lu\n", file, cmd, arg);
 	switch (cmd) {
 	case CEPH_IOC_GET_LAYOUT:
@@ -289,6 +336,42 @@ long ceph_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 
 	case CEPH_IOC_SYNCIO:
 		return ceph_ioctl_syncio(file);
+
+	case FS_IOC_SET_ENCRYPTION_POLICY:
+		return ceph_set_encryption_policy(file, arg);
+
+	case FS_IOC_GET_ENCRYPTION_POLICY:
+		ret = vet_mds_for_fscrypt(file);
+		if (ret)
+			return ret;
+		return fscrypt_ioctl_get_policy(file, (void __user *)arg);
+
+	case FS_IOC_GET_ENCRYPTION_POLICY_EX:
+		ret = vet_mds_for_fscrypt(file);
+		if (ret)
+			return ret;
+		return fscrypt_ioctl_get_policy_ex(file, (void __user *)arg);
+
+	case FS_IOC_ADD_ENCRYPTION_KEY:
+		ret = vet_mds_for_fscrypt(file);
+		if (ret)
+			return ret;
+		return fscrypt_ioctl_add_key(file, (void __user *)arg);
+
+	case FS_IOC_REMOVE_ENCRYPTION_KEY:
+		return fscrypt_ioctl_remove_key(file, (void __user *)arg);
+
+	case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
+		return fscrypt_ioctl_remove_key_all_users(file, (void __user *)arg);
+
+	case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
+		return fscrypt_ioctl_get_key_status(file, (void __user *)arg);
+
+	case FS_IOC_GET_ENCRYPTION_NONCE:
+		ret = vet_mds_for_fscrypt(file);
+		if (ret)
+			return ret;
+		return fscrypt_ioctl_get_nonce(file, (void __user *)arg);
 	}
 
 	return -ENOTTY;
-- 
2.31.1


  parent reply	other threads:[~2021-08-26 16:20 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-26 16:19 [RFC PATCH v8 00/24] ceph+fscrypt: context, filename and symlink support Jeff Layton
2021-08-26 16:19 ` [RFC PATCH v8 01/24] vfs: export new_inode_pseudo Jeff Layton
2021-08-26 16:19 ` [RFC PATCH v8 02/24] fscrypt: export fscrypt_base64url_encode and fscrypt_base64url_decode Jeff Layton
2021-08-26 16:19 ` [RFC PATCH v8 03/24] fscrypt: export fscrypt_fname_encrypt and fscrypt_fname_encrypted_size Jeff Layton
2021-08-26 16:19 ` [RFC PATCH v8 04/24] fscrypt: add fscrypt_context_for_new_inode Jeff Layton
2021-08-26 16:19 ` [RFC PATCH v8 05/24] ceph: preallocate inode for ops that may create one Jeff Layton
2021-08-26 16:19 ` [RFC PATCH v8 06/24] ceph: parse new fscrypt_auth and fscrypt_file fields in inode traces Jeff Layton
2021-08-26 16:19 ` [RFC PATCH v8 07/24] ceph: add fscrypt_* handling to caps.c Jeff Layton
2021-08-26 16:19 ` [RFC PATCH v8 08/24] ceph: crypto context handling for ceph Jeff Layton
2021-08-26 16:19 ` [RFC PATCH v8 09/24] ceph: add ability to set fscrypt_auth via setattr Jeff Layton
2021-08-31  5:06   ` Xiubo Li
2021-08-31 12:43     ` Jeff Layton
2021-08-31 13:22       ` Xiubo Li
2021-08-31 13:50         ` Jeff Layton
2021-08-31 17:54           ` Eric Biggers
2021-09-01  0:53             ` Xiubo Li
2021-09-01  1:13           ` Xiubo Li
2021-09-01 12:02             ` Jeff Layton
2021-09-02  1:54               ` Xiubo Li
2021-08-26 16:20 ` [RFC PATCH v8 10/24] ceph: implement -o test_dummy_encryption mount option Jeff Layton
2021-08-26 16:20 ` Jeff Layton [this message]
2021-08-26 16:20 ` [RFC PATCH v8 12/24] ceph: decode alternate_name in lease info Jeff Layton
2021-08-26 16:20 ` [RFC PATCH v8 13/24] ceph: make ceph_msdc_build_path use ref-walk Jeff Layton
2021-08-26 16:20 ` [RFC PATCH v8 14/24] ceph: add encrypted fname handling to ceph_mdsc_build_path Jeff Layton
2021-08-26 16:20 ` [RFC PATCH v8 15/24] ceph: send altname in MClientRequest Jeff Layton
2021-08-26 16:20 ` [RFC PATCH v8 16/24] ceph: encode encrypted name in dentry release Jeff Layton
2021-08-26 16:20 ` [RFC PATCH v8 17/24] ceph: properly set DCACHE_NOKEY_NAME flag in lookup Jeff Layton
2021-08-26 16:20 ` [RFC PATCH v8 18/24] ceph: make d_revalidate call fscrypt revalidator for encrypted dentries Jeff Layton
2021-08-26 16:20 ` [RFC PATCH v8 19/24] ceph: add helpers for converting names for userland presentation Jeff Layton
2021-08-26 16:20 ` [RFC PATCH v8 20/24] ceph: add fscrypt support to ceph_fill_trace Jeff Layton
2021-08-26 16:20 ` [RFC PATCH v8 21/24] ceph: add support to readdir for encrypted filenames Jeff Layton
2021-08-26 16:20 ` [RFC PATCH v8 22/24] ceph: create symlinks with encrypted and base64-encoded targets Jeff Layton
2021-08-26 16:20 ` [RFC PATCH v8 23/24] ceph: make ceph_get_name decrypt filenames Jeff Layton
2021-08-26 16:20 ` [RFC PATCH v8 24/24] ceph: add a new ceph.fscrypt.auth vxattr Jeff Layton

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210826162014.73464-12-jlayton@kernel.org \
    --to=jlayton@kernel.org \
    --cc=ceph-devel@vger.kernel.org \
    --cc=dhowells@redhat.com \
    --cc=ebiggers@kernel.org \
    --cc=khiremat@redhat.com \
    --cc=lhenriques@suse.de \
    --cc=linux-fscrypt@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=xiubli@redhat.com \
    --subject='Re: [RFC PATCH v8 11/24] ceph: add fscrypt ioctls' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).