linux-fscrypt.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jeff Layton <jlayton@kernel.org>
To: Luis Henriques <lhenriques@suse.de>
Cc: ceph-devel@vger.kernel.org, linux-fscrypt@vger.kernel.org,
	linux-fsdevel@vger.kernel.org
Subject: Re: [RFC PATCH v4 16/17] ceph: create symlinks with encrypted and base64-encoded targets
Date: Mon, 25 Jan 2021 13:31:58 -0500	[thread overview]
Message-ID: <07d886e24308119c672f705f000a0a44f8ffe0e8.camel@kernel.org> (raw)
In-Reply-To: <87bldd57hc.fsf@suse.de>

On Mon, 2021-01-25 at 16:03 +0000, Luis Henriques wrote:
> Jeff Layton <jlayton@kernel.org> writes:
> 
> > When creating symlinks in encrypted directories, encrypt and
> > base64-encode the target with the new inode's key before sending to the
> > MDS.
> > 
> > When filling a symlinked inode, base64-decode it into a buffer that
> > we'll keep in ci->i_symlink. When get_link is called, decrypt the buffer
> > into a new one that will hang off i_link.
> > 
> > Signed-off-by: Jeff Layton <jlayton@kernel.org>
> > ---
> >  fs/ceph/dir.c   | 50 +++++++++++++++++++++++---
> >  fs/ceph/inode.c | 95 ++++++++++++++++++++++++++++++++++++++++++-------
> >  2 files changed, 128 insertions(+), 17 deletions(-)
> > 
> > diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
> > index cb7ff91a243a..1721b70118b9 100644
> > --- a/fs/ceph/dir.c
> > +++ b/fs/ceph/dir.c
> > @@ -924,6 +924,40 @@ static int ceph_create(struct inode *dir, struct dentry *dentry, umode_t mode,
> >  	return ceph_mknod(dir, dentry, mode, 0);
> >  }
> >  
> > 
> > 
> > 
> > +#if IS_ENABLED(CONFIG_FS_ENCRYPTION)
> > +static int prep_encrypted_symlink_target(struct ceph_mds_request *req, const char *dest)
> > +{
> > +	int err;
> > +	int len = strlen(dest);
> > +	struct fscrypt_str osd_link = FSTR_INIT(NULL, 0);
> > +
> > +	err = fscrypt_prepare_symlink(req->r_parent, dest, len, PATH_MAX, &osd_link);
> > +	if (err)
> > +		goto out;
> > +
> > +	err = fscrypt_encrypt_symlink(req->r_new_inode, dest, len, &osd_link);
> > +	if (err)
> > +		goto out;
> > +
> > +	req->r_path2 = kmalloc(FSCRYPT_BASE64_CHARS(osd_link.len), GFP_KERNEL);
> > +	if (!req->r_path2) {
> > +		err = -ENOMEM;
> > +		goto out;
> > +	}
> > +
> > +	len = fscrypt_base64_encode(osd_link.name, osd_link.len, req->r_path2);
> > +	req->r_path2[len] = '\0';
> > +out:
> > +	fscrypt_fname_free_buffer(&osd_link);
> > +	return err;
> > +}
> > +#else
> > +static int prep_encrypted_symlink_target(struct ceph_mds_request *req, const char *dest)
> > +{
> > +	return -EOPNOTSUPP;
> > +}
> > +#endif
> > +
> >  static int ceph_symlink(struct inode *dir, struct dentry *dentry,
> >  			    const char *dest)
> >  {
> > @@ -955,12 +989,18 @@ static int ceph_symlink(struct inode *dir, struct dentry *dentry,
> >  		goto out_req;
> >  	}
> >  
> > 
> > 
> > 
> > -	req->r_path2 = kstrdup(dest, GFP_KERNEL);
> > -	if (!req->r_path2) {
> > -		err = -ENOMEM;
> > -		goto out_req;
> > -	}
> >  	req->r_parent = dir;
> > +
> > +	if (IS_ENCRYPTED(req->r_new_inode)) {
> > +		err = prep_encrypted_symlink_target(req, dest);
> 
> nit: missing the error handling for this branch.
> 

Thanks! I'll fix this right up.


-- 
Jeff Layton <jlayton@kernel.org>


  reply	other threads:[~2021-01-25 18:33 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-01-20 18:28 [RFC PATCH v4 00/17] ceph+fscrypt: context, filename and symlink support Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 01/17] vfs: export new_inode_pseudo Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 02/17] fscrypt: export fscrypt_base64_encode and fscrypt_base64_decode Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 03/17] fscrypt: export fscrypt_fname_encrypt and fscrypt_fname_encrypted_size Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 04/17] fscrypt: add fscrypt_context_for_new_inode Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 05/17] ceph: crypto context handling for ceph Jeff Layton
2021-01-22 16:41   ` Luis Henriques
2021-01-22 17:26     ` Jeff Layton
2021-01-25 10:14       ` Luis Henriques
2021-01-20 18:28 ` [RFC PATCH v4 06/17] ceph: implement -o test_dummy_encryption mount option Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 07/17] ceph: preallocate inode for ops that may create one Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 08/17] ceph: add routine to create fscrypt context prior to RPC Jeff Layton
2021-01-22 16:50   ` Luis Henriques
2021-01-22 17:32     ` Jeff Layton
2021-01-25 10:14       ` Luis Henriques
2021-01-20 18:28 ` [RFC PATCH v4 09/17] ceph: make ceph_msdc_build_path use ref-walk Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 10/17] ceph: add encrypted fname handling to ceph_mdsc_build_path Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 11/17] ceph: decode alternate_name in lease info Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 12/17] ceph: send altname in MClientRequest Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 13/17] ceph: add support to readdir for encrypted filenames Jeff Layton
2021-01-28 11:33   ` Luis Henriques
2021-01-28 13:41     ` Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 14/17] ceph: add fscrypt support to ceph_fill_trace Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 15/17] ceph: make d_revalidate call fscrypt revalidator for encrypted dentries Jeff Layton
2021-02-01 17:18   ` Luis Henriques
2021-02-01 18:41     ` Jeff Layton
2021-01-20 18:28 ` [RFC PATCH v4 16/17] ceph: create symlinks with encrypted and base64-encoded targets Jeff Layton
2021-01-25 16:03   ` Luis Henriques
2021-01-25 18:31     ` Jeff Layton [this message]
2021-01-20 18:28 ` [RFC PATCH v4 17/17] ceph: add fscrypt ioctls Jeff Layton
2021-01-28 12:22   ` Luis Henriques
2021-01-28 13:44     ` Jeff Layton
2021-01-28 14:09       ` Luis Henriques

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=07d886e24308119c672f705f000a0a44f8ffe0e8.camel@kernel.org \
    --to=jlayton@kernel.org \
    --cc=ceph-devel@vger.kernel.org \
    --cc=lhenriques@suse.de \
    --cc=linux-fscrypt@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).