ceph-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jeff Layton <jlayton@kernel.org>
To: Eric Biggers <ebiggers@kernel.org>
Cc: ceph-devel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	linux-fscrypt@vger.kernel.org, Xiubo Li <xiubli@redhat.com>
Subject: Re: [RFC PATCH v2 06/18] fscrypt: move nokey_name conversion to separate function and export it
Date: Wed, 09 Sep 2020 12:02:41 -0400	[thread overview]
Message-ID: <f83c73a44627da462928eb8ebd69e7425cddba26.camel@kernel.org> (raw)
In-Reply-To: <20200908225303.GC3760467@gmail.com>

On Tue, 2020-09-08 at 15:53 -0700, Eric Biggers wrote:
> On Tue, Sep 08, 2020 at 08:50:04AM -0400, Jeff Layton wrote:
> > > > +EXPORT_SYMBOL(fscrypt_encode_nokey_name);
> > > 
> > > Why does this need to be exported?
> > > 
> > > There's no user of this function introduced in this patchset.
> > > 
> > > - Eric
> > 
> > Yeah, I probably should have dropped this from the series for now as
> > nothing uses it yet, but eventually we may need this. I did a fairly
> > detailed writeup of the problem here:
> > 
> >     https://tracker.ceph.com/issues/47162
> > 
> > Basically, we still need to allow clients to look up dentries in the MDS
> > even when they don't have the key.
> > 
> > There are a couple of different approaches, but the simplest is to just
> > have the client always store long dentry names using the nokey_name, and
> > then keep the full name in a new field in the dentry representation that
> > is sent across the wire.
> > 
> > This requires some changes to the Ceph MDS (which is what that tracker
> > bug is about), and will mean enshrining the nokey name in perpetuity.
> > We're still looking at this for now though, and we're open to other
> > approaches if you've got any to suggest.
> 
> The (persistent) directory entries have to include the full ciphertext
> filenames.  If they only included the no-key names, then it wouldn't always be
> possible to translate them back into the original plaintext filenames.
> 
> It's also required that the filesystem can find a specific directory entry given
> its corresponding no-key name.  For a network filesystem, that can be done
> either on the client (request all filenames in the directory, then check all of
> them...), or on the server (give it the no-key name and have it do the matching;
> it would need to know the specifics of how the no-key names work).
> 
> The no-key names aren't currently stable, and it would be nice to keep them that
> way since we might want to improve how they work later.  But if you need to
> stabilize a version of the no-key name format for use in the ceph protocol so
> that the server can do the matching, it would be possible to do that.  It
> wouldn't even necessarily have to be what fscrypt currently uses; e.g. if it
> were to simplify things a lot for you to simply use SHA-256(ciphertext_name)
> instead of the current 'struct fscrypt_nokey_name', you could do that.
> 

(cc'ing Xiubo since he's working on the MDS part)

We probably will need to make a stable representation. I think the nokey
name scheme as it stands would be fine for this purpose, particularly as
the representation is only different for really long filenames. We'd
only need to carry an alternate name for dentries with names longer than
~150 chars, and those are somewhat rare.

Much of this depends on the MDS though, and I'm a lot less familiar with
that part. So for now, no need to do anything. We'll reach out once we
have a more solid plan of how we want to handle this.

Thanks!
-- 
Jeff Layton <jlayton@kernel.org>


  reply	other threads:[~2020-09-09 16:02 UTC|newest]

Thread overview: 59+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-04 16:05 [RFC PATCH v2 00/18] ceph+fscrypt: context, filename and symlink support Jeff Layton
2020-09-04 16:05 ` [RFC PATCH v2 01/18] vfs: export new_inode_pseudo Jeff Layton
2020-09-08  3:38   ` Eric Biggers
2020-09-08 11:27     ` Jeff Layton
2020-09-08 22:31       ` Eric Biggers
2020-09-09 10:47         ` Jeff Layton
2020-09-09 16:12           ` Eric Biggers
2020-09-09 16:51             ` Jeff Layton
2020-09-09 18:49               ` Eric Biggers
2020-09-09 19:24                 ` Jeff Layton
2020-09-04 16:05 ` [RFC PATCH v2 02/18] fscrypt: drop unused inode argument from fscrypt_fname_alloc_buffer Jeff Layton
2020-09-04 16:05 ` [RFC PATCH v2 03/18] fscrypt: export fscrypt_d_revalidate Jeff Layton
2020-09-04 16:05 ` [RFC PATCH v2 04/18] fscrypt: add fscrypt_new_context_from_inode Jeff Layton
2020-09-08  3:48   ` Eric Biggers
2020-09-08 11:29     ` Jeff Layton
2020-09-08 12:29     ` Jeff Layton
2020-09-08 22:34       ` Eric Biggers
2020-09-04 16:05 ` [RFC PATCH v2 05/18] fscrypt: don't balk when inode is already marked encrypted Jeff Layton
2020-09-08  3:52   ` Eric Biggers
2020-09-08 12:54     ` Jeff Layton
2020-09-08 23:08       ` Eric Biggers
2020-09-04 16:05 ` [RFC PATCH v2 06/18] fscrypt: move nokey_name conversion to separate function and export it Jeff Layton
2020-09-08  3:55   ` Eric Biggers
2020-09-08 12:50     ` Jeff Layton
2020-09-08 22:53       ` Eric Biggers
2020-09-09 16:02         ` Jeff Layton [this message]
2020-09-04 16:05 ` [RFC PATCH v2 07/18] lib: lift fscrypt base64 conversion into lib/ Jeff Layton
2020-09-08  3:59   ` Eric Biggers
2020-09-08 12:51     ` Jeff Layton
2020-09-04 16:05 ` [RFC PATCH v2 08/18] ceph: add fscrypt ioctls Jeff Layton
2020-09-04 16:05 ` [RFC PATCH v2 09/18] ceph: crypto context handling for ceph Jeff Layton
2020-09-08  4:29   ` Eric Biggers
2020-09-08 16:14     ` Jeff Layton
2020-09-04 16:05 ` [RFC PATCH v2 10/18] ceph: preallocate inode for ops that may create one Jeff Layton
2020-09-04 16:05 ` [RFC PATCH v2 11/18] ceph: add routine to create context prior to RPC Jeff Layton
2020-09-08  4:43   ` Eric Biggers
2020-09-04 16:05 ` [RFC PATCH v2 12/18] ceph: set S_ENCRYPTED bit if new inode has encryption.ctx xattr Jeff Layton
2020-09-08  4:57   ` Eric Biggers
2020-09-09 12:20     ` Jeff Layton
2020-09-09 15:53     ` Jeff Layton
2020-09-09 16:33       ` Eric Biggers
2020-09-09 17:19         ` Jeff Layton
2020-09-04 16:05 ` [RFC PATCH v2 13/18] ceph: make ceph_msdc_build_path use ref-walk Jeff Layton
2020-09-04 16:05 ` [RFC PATCH v2 14/18] ceph: add encrypted fname handling to ceph_mdsc_build_path Jeff Layton
2020-09-08  5:06   ` Eric Biggers
2020-09-09 12:24     ` Jeff Layton
2020-09-04 16:05 ` [RFC PATCH v2 15/18] ceph: make d_revalidate call fscrypt revalidator for encrypted dentries Jeff Layton
2020-09-08  5:12   ` Eric Biggers
2020-09-09 12:26     ` Jeff Layton
2020-09-09 16:18       ` Eric Biggers
2020-09-04 16:05 ` [RFC PATCH v2 16/18] ceph: add support to readdir for encrypted filenames Jeff Layton
2020-09-08  5:34   ` Eric Biggers
2020-09-09 13:02     ` Jeff Layton
2020-09-04 16:05 ` [RFC PATCH v2 17/18] ceph: add fscrypt support to ceph_fill_trace Jeff Layton
2020-09-04 16:05 ` [RFC PATCH v2 18/18] ceph: create symlinks with encrypted and base64-encoded targets Jeff Layton
2020-09-04 16:11   ` Jeff Layton
2020-09-08  5:43   ` Eric Biggers
2020-09-08  5:54 ` [RFC PATCH v2 00/18] ceph+fscrypt: context, filename and symlink support Eric Biggers
2020-09-08 12:09   ` Jeff Layton

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=f83c73a44627da462928eb8ebd69e7425cddba26.camel@kernel.org \
    --to=jlayton@kernel.org \
    --cc=ceph-devel@vger.kernel.org \
    --cc=ebiggers@kernel.org \
    --cc=linux-fscrypt@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=xiubli@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).