From: Jeff Layton <jlayton@kernel.org>
To: Eric Biggers <ebiggers@kernel.org>
Cc: ceph-devel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-fscrypt@vger.kernel.org
Subject: Re: [RFC PATCH v2 09/18] ceph: crypto context handling for ceph
Date: Tue, 08 Sep 2020 12:14:59 -0400 [thread overview]
Message-ID: <f3b006d348545e83b8ae7d2eaef210627fd38a6b.camel@kernel.org> (raw)
In-Reply-To: <20200908042925.GI68127@sol.localdomain>
On Mon, 2020-09-07 at 21:29 -0700, Eric Biggers wrote:
> On Fri, Sep 04, 2020 at 12:05:28PM -0400, Jeff Layton wrote:
> > Store the fscrypt context for an inode as an encryption.ctx xattr.
> >
> > Also add support for "dummy" encryption (useful for testing with
> > automated test harnesses like xfstests).
>
> Can you put the test_dummy_encryption support in a separate patch?
>
> > +static int ceph_crypt_get_context(struct inode *inode, void *ctx, size_t len)
> > +{
> > + int ret = __ceph_getxattr(inode, CEPH_XATTR_NAME_ENCRYPTION_CONTEXT, ctx, len);
> > +
> > + if (ret > 0)
> > + inode_set_flags(inode, S_ENCRYPTED, S_ENCRYPTED);
> > + return ret;
> > +}
> > +
> > +static int ceph_crypt_set_context(struct inode *inode, const void *ctx, size_t len, void *fs_data)
> > +{
> > + int ret;
> > +
> > + WARN_ON_ONCE(fs_data);
> > + ret = __ceph_setxattr(inode, CEPH_XATTR_NAME_ENCRYPTION_CONTEXT, ctx, len, XATTR_CREATE);
> > + if (ret == 0)
> > + inode_set_flags(inode, S_ENCRYPTED, S_ENCRYPTED);
> > + return ret;
> > +}
>
> get_context() shouldn't be setting the S_ENCRYPTED inode flag.
> Only set_context() should be doing that.
>
> > +
> > +static bool ceph_crypt_empty_dir(struct inode *inode)
> > +{
> > + struct ceph_inode_info *ci = ceph_inode(inode);
> > +
> > + return ci->i_rsubdirs + ci->i_rfiles == 1;
> > +}
> > +
> > +static const union fscrypt_context *
> > +ceph_get_dummy_context(struct super_block *sb)
> > +{
> > + return ceph_sb_to_client(sb)->dummy_enc_ctx.ctx;
> > +}
> > +
> > +static struct fscrypt_operations ceph_fscrypt_ops = {
> > + .key_prefix = "ceph:",
>
> IMO you shouldn't set .key_prefix here, since it's deprecated.
> Just leave it unset so that ceph will only support the generic prefix "fscrypt:"
> as well as FS_IOC_ADD_ENCRYPTION_KEY.
>
> > enum ceph_recover_session_mode {
> > @@ -197,6 +200,8 @@ static const struct fs_parameter_spec ceph_mount_parameters[] = {
> > fsparam_u32 ("rsize", Opt_rsize),
> > fsparam_string ("snapdirname", Opt_snapdirname),
> > fsparam_string ("source", Opt_source),
> > + fsparam_flag_no ("test_dummy_encryption", Opt_test_dummy_encryption),
> > + fsparam_string ("test_dummy_encryption", Opt_test_dummy_encryption),
>
> I think you should use fsparam_flag instead of fsparam_flag_no, since otherwise
> "notest_dummy_encryption" will be recognized. There's not a problem with it
> per se, but none of the other filesystems that support "test_dummy_encryption"
> allow "notest_dummy_encryption". It's nice to keep things consistent.
>
> I.e. if "notest_dummy_encryption" is really something that would be useful
> (presumably only for remount, since it's a test-only option that will never be
> on by default), then we should add it to ext4, f2fs, and ceph -- not just ceph.
>
> > + /* Don't allow test_dummy_encryption to change on remount */
> > + if (fsopt->flags & CEPH_MOUNT_OPT_TEST_DUMMY_ENC) {
> > + if (!ceph_test_mount_opt(fsc, TEST_DUMMY_ENC))
> > + return -EEXIST;
> > + } else {
> > + if (ceph_test_mount_opt(fsc, TEST_DUMMY_ENC))
> > + return -EEXIST;
> > + }
> > +
>
> Can you check what ext4 and f2fs do for this? test_dummy_encryption isn't just
> a boolean flag anymore, so this logic isn't sufficient to prevent it from
> changing during remount. For example someone could mount with
> test_dummy_encryption=v1, then try to remount with test_dummy_encryption=v2.
> On ext4 and f2fs, that intentionally fails.
Ok, I'll see what I can do. Note that those fs' all use the old mount
API (so far) and ceph has been converted to the new one. We may need to
rework a bit of the fscrypt infrastructure to handle the new mount API.
--
Jeff Layton <jlayton@kernel.org>
next prev parent reply other threads:[~2020-09-08 16:59 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-04 16:05 [RFC PATCH v2 00/18] ceph+fscrypt: context, filename and symlink support Jeff Layton
2020-09-04 16:05 ` [RFC PATCH v2 01/18] vfs: export new_inode_pseudo Jeff Layton
2020-09-08 3:38 ` Eric Biggers
2020-09-08 11:27 ` Jeff Layton
2020-09-08 22:31 ` Eric Biggers
2020-09-09 10:47 ` Jeff Layton
2020-09-09 16:12 ` Eric Biggers
2020-09-09 16:51 ` Jeff Layton
2020-09-09 18:49 ` Eric Biggers
2020-09-09 19:24 ` Jeff Layton
2020-09-04 16:05 ` [RFC PATCH v2 02/18] fscrypt: drop unused inode argument from fscrypt_fname_alloc_buffer Jeff Layton
2020-09-04 16:05 ` [RFC PATCH v2 03/18] fscrypt: export fscrypt_d_revalidate Jeff Layton
2020-09-04 16:05 ` [RFC PATCH v2 04/18] fscrypt: add fscrypt_new_context_from_inode Jeff Layton
2020-09-08 3:48 ` Eric Biggers
2020-09-08 11:29 ` Jeff Layton
2020-09-08 12:29 ` Jeff Layton
2020-09-08 22:34 ` Eric Biggers
2020-09-04 16:05 ` [RFC PATCH v2 05/18] fscrypt: don't balk when inode is already marked encrypted Jeff Layton
2020-09-08 3:52 ` Eric Biggers
2020-09-08 12:54 ` Jeff Layton
2020-09-08 23:08 ` Eric Biggers
2020-09-04 16:05 ` [RFC PATCH v2 06/18] fscrypt: move nokey_name conversion to separate function and export it Jeff Layton
2020-09-08 3:55 ` Eric Biggers
2020-09-08 12:50 ` Jeff Layton
2020-09-08 22:53 ` Eric Biggers
2020-09-09 16:02 ` Jeff Layton
2020-09-04 16:05 ` [RFC PATCH v2 07/18] lib: lift fscrypt base64 conversion into lib/ Jeff Layton
2020-09-08 3:59 ` Eric Biggers
2020-09-08 12:51 ` Jeff Layton
2020-09-04 16:05 ` [RFC PATCH v2 08/18] ceph: add fscrypt ioctls Jeff Layton
2020-09-04 16:05 ` [RFC PATCH v2 09/18] ceph: crypto context handling for ceph Jeff Layton
2020-09-08 4:29 ` Eric Biggers
2020-09-08 16:14 ` Jeff Layton [this message]
2020-09-04 16:05 ` [RFC PATCH v2 10/18] ceph: preallocate inode for ops that may create one Jeff Layton
2020-09-04 16:05 ` [RFC PATCH v2 11/18] ceph: add routine to create context prior to RPC Jeff Layton
2020-09-08 4:43 ` Eric Biggers
2020-09-04 16:05 ` [RFC PATCH v2 12/18] ceph: set S_ENCRYPTED bit if new inode has encryption.ctx xattr Jeff Layton
2020-09-08 4:57 ` Eric Biggers
2020-09-09 12:20 ` Jeff Layton
2020-09-09 15:53 ` Jeff Layton
2020-09-09 16:33 ` Eric Biggers
2020-09-09 17:19 ` Jeff Layton
2020-09-04 16:05 ` [RFC PATCH v2 13/18] ceph: make ceph_msdc_build_path use ref-walk Jeff Layton
2020-09-04 16:05 ` [RFC PATCH v2 14/18] ceph: add encrypted fname handling to ceph_mdsc_build_path Jeff Layton
2020-09-08 5:06 ` Eric Biggers
2020-09-09 12:24 ` Jeff Layton
2020-09-04 16:05 ` [RFC PATCH v2 15/18] ceph: make d_revalidate call fscrypt revalidator for encrypted dentries Jeff Layton
2020-09-08 5:12 ` Eric Biggers
2020-09-09 12:26 ` Jeff Layton
2020-09-09 16:18 ` Eric Biggers
2020-09-04 16:05 ` [RFC PATCH v2 16/18] ceph: add support to readdir for encrypted filenames Jeff Layton
2020-09-08 5:34 ` Eric Biggers
2020-09-09 13:02 ` Jeff Layton
2020-09-04 16:05 ` [RFC PATCH v2 17/18] ceph: add fscrypt support to ceph_fill_trace Jeff Layton
2020-09-04 16:05 ` [RFC PATCH v2 18/18] ceph: create symlinks with encrypted and base64-encoded targets Jeff Layton
2020-09-04 16:11 ` Jeff Layton
2020-09-08 5:43 ` Eric Biggers
2020-09-08 5:54 ` [RFC PATCH v2 00/18] ceph+fscrypt: context, filename and symlink support Eric Biggers
2020-09-08 12:09 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f3b006d348545e83b8ae7d2eaef210627fd38a6b.camel@kernel.org \
--to=jlayton@kernel.org \
--cc=ceph-devel@vger.kernel.org \
--cc=ebiggers@kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).