Re: [RFC PATCH v4 08/17] ceph: add routine to create fscrypt context prior to RPC

From: Jeff Layton <jlayton@kernel.org>
To: Luis Henriques <lhenriques@suse.de>
Cc: ceph-devel@vger.kernel.org, linux-fscrypt@vger.kernel.org,
	linux-fsdevel@vger.kernel.org
Subject: Re: [RFC PATCH v4 08/17] ceph: add routine to create fscrypt context prior to RPC
Date: Fri, 22 Jan 2021 12:32:56 -0500	[thread overview]
Message-ID: <d4f84211f017280cd1dd98bcdee99d11621c5d7f.camel@kernel.org> (raw)
In-Reply-To: <87tur8532c.fsf@suse.de>

On Fri, 2021-01-22 at 16:50 +0000, Luis Henriques wrote:
> Jeff Layton <jlayton@kernel.org> writes:
> 
> > After pre-creating a new inode, do an fscrypt prepare on it, fetch a
> > new encryption context and then marshal that into the security context
> > to be sent along with the RPC.
> > 
> > Signed-off-by: Jeff Layton <jlayton@kernel.org>
> > ---
> >  fs/ceph/crypto.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++++
> >  fs/ceph/crypto.h | 12 ++++++++++
> >  fs/ceph/inode.c  |  9 +++++--
> >  fs/ceph/super.h  |  3 +++
> >  4 files changed, 83 insertions(+), 2 deletions(-)
> > 
> > diff --git a/fs/ceph/crypto.c b/fs/ceph/crypto.c
> > index 879d9a0d3751..f037a4939026 100644
> > --- a/fs/ceph/crypto.c
> > +++ b/fs/ceph/crypto.c
> > @@ -46,3 +46,64 @@ void ceph_fscrypt_set_ops(struct super_block *sb)
> >  {
> >  	fscrypt_set_ops(sb, &ceph_fscrypt_ops);
> >  }
> > +
> > +int ceph_fscrypt_prepare_context(struct inode *dir, struct inode *inode,
> > +				 struct ceph_acl_sec_ctx *as)
> > +{
> > +	int ret, ctxsize;
> > +	size_t name_len;
> > +	char *name;
> > +	struct ceph_pagelist *pagelist = as->pagelist;
> > +	bool encrypted = false;
> > +
> > +	ret = fscrypt_prepare_new_inode(dir, inode, &encrypted);
> > +	if (ret)
> > +		return ret;
> > +	if (!encrypted)
> > +		return 0;
> > +
> > +	inode->i_flags |= S_ENCRYPTED;
> > +
> > +	ctxsize = fscrypt_context_for_new_inode(&as->fscrypt, inode);
> > +	if (ctxsize < 0)
> > +		return ctxsize;
> > +
> > +	/* marshal it in page array */
> > +	if (!pagelist) {
> > +		pagelist = ceph_pagelist_alloc(GFP_KERNEL);
> > +		if (!pagelist)
> > +			return -ENOMEM;
> > +		ret = ceph_pagelist_reserve(pagelist, PAGE_SIZE);
> > +		if (ret)
> > +			goto out;
> > +		ceph_pagelist_encode_32(pagelist, 1);
> > +	}
> > +
> > +	name = CEPH_XATTR_NAME_ENCRYPTION_CONTEXT;
> > +	name_len = strlen(name);
> > +	ret = ceph_pagelist_reserve(pagelist, 4 * 2 + name_len + ctxsize);
> > +	if (ret)
> > +		goto out;
> > +
> > +	if (as->pagelist) {
> > +		BUG_ON(pagelist->length <= sizeof(__le32));
> > +		if (list_is_singular(&pagelist->head)) {
> > +			le32_add_cpu((__le32*)pagelist->mapped_tail, 1);
> > +		} else {
> > +			struct page *page = list_first_entry(&pagelist->head,
> > +							     struct page, lru);
> > +			void *addr = kmap_atomic(page);
> > +			le32_add_cpu((__le32*)addr, 1);
> > +			kunmap_atomic(addr);
> > +		}
> > +	}
> > +
> 
> I've been staring at this function for a bit.  And at this point I would
> expect something like this:
> 
> 	} else
> 		as->pagelist = pagelist;
> 
> as I'm not seeing pagelist being used anywhere if it's allocated in this
> function.
> 

It gets used near the end, in the ceph_pagelist_append calls. Once we've
appended the xattr, we don't need the pagelist anymore and can free it.

That said, the whole way the ceph_pagelist stuff is managed is weird.
I'm not clear why it was done that way, and maybe we ought to rework
this, SELinux and ACL handling to not use them.

I think that's a cleanup for another day.
-- 
Jeff Layton <jlayton@kernel.org>