From: Jeff Layton <jlayton@kernel.org>
To: Luis Henriques <lhenriques@suse.de>
Cc: ceph-devel@vger.kernel.org, linux-fscrypt@vger.kernel.org,
linux-fsdevel@vger.kernel.org
Subject: Re: [RFC PATCH v4 16/17] ceph: create symlinks with encrypted and base64-encoded targets
Date: Mon, 25 Jan 2021 13:31:58 -0500 [thread overview]
Message-ID: <07d886e24308119c672f705f000a0a44f8ffe0e8.camel@kernel.org> (raw)
In-Reply-To: <87bldd57hc.fsf@suse.de>
On Mon, 2021-01-25 at 16:03 +0000, Luis Henriques wrote:
> Jeff Layton <jlayton@kernel.org> writes:
>
> > When creating symlinks in encrypted directories, encrypt and
> > base64-encode the target with the new inode's key before sending to the
> > MDS.
> >
> > When filling a symlinked inode, base64-decode it into a buffer that
> > we'll keep in ci->i_symlink. When get_link is called, decrypt the buffer
> > into a new one that will hang off i_link.
> >
> > Signed-off-by: Jeff Layton <jlayton@kernel.org>
> > ---
> > fs/ceph/dir.c | 50 +++++++++++++++++++++++---
> > fs/ceph/inode.c | 95 ++++++++++++++++++++++++++++++++++++++++++-------
> > 2 files changed, 128 insertions(+), 17 deletions(-)
> >
> > diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
> > index cb7ff91a243a..1721b70118b9 100644
> > --- a/fs/ceph/dir.c
> > +++ b/fs/ceph/dir.c
> > @@ -924,6 +924,40 @@ static int ceph_create(struct inode *dir, struct dentry *dentry, umode_t mode,
> > return ceph_mknod(dir, dentry, mode, 0);
> > }
> >
> >
> >
> >
> > +#if IS_ENABLED(CONFIG_FS_ENCRYPTION)
> > +static int prep_encrypted_symlink_target(struct ceph_mds_request *req, const char *dest)
> > +{
> > + int err;
> > + int len = strlen(dest);
> > + struct fscrypt_str osd_link = FSTR_INIT(NULL, 0);
> > +
> > + err = fscrypt_prepare_symlink(req->r_parent, dest, len, PATH_MAX, &osd_link);
> > + if (err)
> > + goto out;
> > +
> > + err = fscrypt_encrypt_symlink(req->r_new_inode, dest, len, &osd_link);
> > + if (err)
> > + goto out;
> > +
> > + req->r_path2 = kmalloc(FSCRYPT_BASE64_CHARS(osd_link.len), GFP_KERNEL);
> > + if (!req->r_path2) {
> > + err = -ENOMEM;
> > + goto out;
> > + }
> > +
> > + len = fscrypt_base64_encode(osd_link.name, osd_link.len, req->r_path2);
> > + req->r_path2[len] = '\0';
> > +out:
> > + fscrypt_fname_free_buffer(&osd_link);
> > + return err;
> > +}
> > +#else
> > +static int prep_encrypted_symlink_target(struct ceph_mds_request *req, const char *dest)
> > +{
> > + return -EOPNOTSUPP;
> > +}
> > +#endif
> > +
> > static int ceph_symlink(struct inode *dir, struct dentry *dentry,
> > const char *dest)
> > {
> > @@ -955,12 +989,18 @@ static int ceph_symlink(struct inode *dir, struct dentry *dentry,
> > goto out_req;
> > }
> >
> >
> >
> >
> > - req->r_path2 = kstrdup(dest, GFP_KERNEL);
> > - if (!req->r_path2) {
> > - err = -ENOMEM;
> > - goto out_req;
> > - }
> > req->r_parent = dir;
> > +
> > + if (IS_ENCRYPTED(req->r_new_inode)) {
> > + err = prep_encrypted_symlink_target(req, dest);
>
> nit: missing the error handling for this branch.
>
Thanks! I'll fix this right up.
--
Jeff Layton <jlayton@kernel.org>
next prev parent reply other threads:[~2021-01-25 18:33 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-20 18:28 [RFC PATCH v4 00/17] ceph+fscrypt: context, filename and symlink support Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 01/17] vfs: export new_inode_pseudo Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 02/17] fscrypt: export fscrypt_base64_encode and fscrypt_base64_decode Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 03/17] fscrypt: export fscrypt_fname_encrypt and fscrypt_fname_encrypted_size Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 04/17] fscrypt: add fscrypt_context_for_new_inode Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 05/17] ceph: crypto context handling for ceph Jeff Layton
2021-01-22 16:41 ` Luis Henriques
2021-01-22 17:26 ` Jeff Layton
2021-01-25 10:14 ` Luis Henriques
2021-01-20 18:28 ` [RFC PATCH v4 06/17] ceph: implement -o test_dummy_encryption mount option Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 07/17] ceph: preallocate inode for ops that may create one Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 08/17] ceph: add routine to create fscrypt context prior to RPC Jeff Layton
2021-01-22 16:50 ` Luis Henriques
2021-01-22 17:32 ` Jeff Layton
2021-01-25 10:14 ` Luis Henriques
2021-01-20 18:28 ` [RFC PATCH v4 09/17] ceph: make ceph_msdc_build_path use ref-walk Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 10/17] ceph: add encrypted fname handling to ceph_mdsc_build_path Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 11/17] ceph: decode alternate_name in lease info Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 12/17] ceph: send altname in MClientRequest Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 13/17] ceph: add support to readdir for encrypted filenames Jeff Layton
2021-01-28 11:33 ` Luis Henriques
2021-01-28 13:41 ` Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 14/17] ceph: add fscrypt support to ceph_fill_trace Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 15/17] ceph: make d_revalidate call fscrypt revalidator for encrypted dentries Jeff Layton
2021-02-01 17:18 ` Luis Henriques
2021-02-01 18:41 ` Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 16/17] ceph: create symlinks with encrypted and base64-encoded targets Jeff Layton
2021-01-25 16:03 ` Luis Henriques
2021-01-25 18:31 ` Jeff Layton [this message]
2021-01-20 18:28 ` [RFC PATCH v4 17/17] ceph: add fscrypt ioctls Jeff Layton
2021-01-28 12:22 ` Luis Henriques
2021-01-28 13:44 ` Jeff Layton
2021-01-28 14:09 ` Luis Henriques
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=07d886e24308119c672f705f000a0a44f8ffe0e8.camel@kernel.org \
--to=jlayton@kernel.org \
--cc=ceph-devel@vger.kernel.org \
--cc=lhenriques@suse.de \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).