From: Jeff Layton <jlayton@kernel.org>
To: ceph-devel@vger.kernel.org, linux-fscrypt@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org
Subject: [RFC PATCH v3 08/16] ceph: implement -o test_dummy_encryption mount option
Date: Mon, 14 Sep 2020 15:16:59 -0400 [thread overview]
Message-ID: <20200914191707.380444-9-jlayton@kernel.org> (raw)
In-Reply-To: <20200914191707.380444-1-jlayton@kernel.org>
Signed-off-by: Jeff Layton <jlayton@kernel.org>
---
fs/ceph/crypto.c | 7 ++---
fs/ceph/super.c | 74 +++++++++++++++++++++++++++++++++++++++++++-----
fs/ceph/super.h | 7 ++++-
3 files changed, 76 insertions(+), 12 deletions(-)
diff --git a/fs/ceph/crypto.c b/fs/ceph/crypto.c
index 74f07d44dbe9..879d9a0d3751 100644
--- a/fs/ceph/crypto.c
+++ b/fs/ceph/crypto.c
@@ -29,16 +29,15 @@ static bool ceph_crypt_empty_dir(struct inode *inode)
return ci->i_rsubdirs + ci->i_rfiles == 1;
}
-static const union fscrypt_context *
-ceph_get_dummy_context(struct super_block *sb)
+static const union fscrypt_policy *ceph_get_dummy_policy(struct super_block *sb)
{
- return ceph_sb_to_client(sb)->dummy_enc_ctx.ctx;
+ return ceph_sb_to_client(sb)->dummy_enc_policy.policy;
}
static struct fscrypt_operations ceph_fscrypt_ops = {
.get_context = ceph_crypt_get_context,
.set_context = ceph_crypt_set_context,
- .get_dummy_context = ceph_get_dummy_context,
+ .get_dummy_policy = ceph_get_dummy_policy,
.empty_dir = ceph_crypt_empty_dir,
.max_namelen = NAME_MAX,
};
diff --git a/fs/ceph/super.c b/fs/ceph/super.c
index 055180218224..eefdea360c50 100644
--- a/fs/ceph/super.c
+++ b/fs/ceph/super.c
@@ -45,6 +45,7 @@ static void ceph_put_super(struct super_block *s)
struct ceph_fs_client *fsc = ceph_sb_to_client(s);
dout("put_super\n");
+ fscrypt_free_dummy_policy(&fsc->dummy_enc_policy);
ceph_mdsc_close_sessions(fsc->mdsc);
}
@@ -160,6 +161,7 @@ enum {
Opt_quotadf,
Opt_copyfrom,
Opt_wsync,
+ Opt_test_dummy_encryption,
};
enum ceph_recover_session_mode {
@@ -198,6 +200,8 @@ static const struct fs_parameter_spec ceph_mount_parameters[] = {
fsparam_u32 ("rsize", Opt_rsize),
fsparam_string ("snapdirname", Opt_snapdirname),
fsparam_string ("source", Opt_source),
+ fsparam_flag ("test_dummy_encryption", Opt_test_dummy_encryption),
+ fsparam_string ("test_dummy_encryption", Opt_test_dummy_encryption),
fsparam_u32 ("wsize", Opt_wsize),
fsparam_flag_no ("wsync", Opt_wsync),
{}
@@ -456,6 +460,16 @@ static int ceph_parse_mount_param(struct fs_context *fc,
else
fsopt->flags |= CEPH_MOUNT_OPT_ASYNC_DIROPS;
break;
+ case Opt_test_dummy_encryption:
+ kfree(fsopt->test_dummy_encryption);
+#ifdef CONFIG_FS_ENCRYPTION
+ fsopt->test_dummy_encryption = param->string;
+ param->string = NULL;
+ fsopt->flags |= CEPH_MOUNT_OPT_TEST_DUMMY_ENC;
+#else
+ warnfc(fc, "FS encryption not supported: test_dummy_encryption mount option ignored");
+#endif
+ break;
default:
BUG();
}
@@ -475,6 +489,7 @@ static void destroy_mount_options(struct ceph_mount_options *args)
kfree(args->mds_namespace);
kfree(args->server_path);
kfree(args->fscache_uniq);
+ kfree(args->test_dummy_encryption);
kfree(args);
}
@@ -582,6 +597,8 @@ static int ceph_show_options(struct seq_file *m, struct dentry *root)
if (fsopt->flags & CEPH_MOUNT_OPT_ASYNC_DIROPS)
seq_puts(m, ",nowsync");
+ fscrypt_show_test_dummy_encryption(m, ',', root->d_sb);
+
if (fsopt->wsize != CEPH_MAX_WRITE_SIZE)
seq_printf(m, ",wsize=%u", fsopt->wsize);
if (fsopt->rsize != CEPH_MAX_READ_SIZE)
@@ -964,6 +981,43 @@ static struct dentry *ceph_real_mount(struct ceph_fs_client *fsc,
return ERR_PTR(err);
}
+#ifdef CONFIG_FS_ENCRYPTION
+static int ceph_set_test_dummy_encryption(struct super_block *sb, struct fs_context *fc,
+ struct ceph_mount_options *fsopt)
+{
+ struct ceph_fs_client *fsc = sb->s_fs_info;
+
+ if (fsopt->flags & CEPH_MOUNT_OPT_TEST_DUMMY_ENC) {
+ substring_t arg = { };
+
+ /*
+ * No changing encryption context on remount. Note that
+ * fscrypt_set_test_dummy_encryption will validate the version
+ * string passed in (if any).
+ */
+ if (fc->purpose == FS_CONTEXT_FOR_RECONFIGURE && !fsc->dummy_enc_policy.policy)
+ return -EEXIST;
+
+ /* Ewwwwwwww */
+ if (fsc->mount_options->test_dummy_encryption) {
+ arg.from = fsc->mount_options->test_dummy_encryption;
+ arg.to = arg.from + strlen(arg.from) - 1;
+ }
+ return fscrypt_set_test_dummy_encryption(sb, &arg, &fsc->dummy_enc_policy);
+ } else {
+ if (fc->purpose == FS_CONTEXT_FOR_RECONFIGURE && fsc->dummy_enc_policy.policy)
+ return -EEXIST;
+ }
+ return 0;
+}
+#else
+static inline int ceph_set_test_dummy_encryption(struct super_block *sb, struct fs_context *fc,
+ struct ceph_mount_options *fsopt)
+{
+ return 0;
+}
+#endif
+
static int ceph_set_super(struct super_block *s, struct fs_context *fc)
{
struct ceph_fs_client *fsc = s->s_fs_info;
@@ -985,12 +1039,12 @@ static int ceph_set_super(struct super_block *s, struct fs_context *fc)
s->s_time_min = 0;
s->s_time_max = U32_MAX;
- ret = ceph_fscrypt_set_ops(s);
- if (ret)
- goto out;
+ ceph_fscrypt_set_ops(s);
- ret = set_anon_super_fc(s, fc);
- if (ret != 0)
+ ret = ceph_set_test_dummy_encryption(s, fc, fsc->mount_options);
+ if (!ret)
+ ret = set_anon_super_fc(s, fc);
+ if (ret)
fsc->sb = NULL;
return ret;
}
@@ -1136,16 +1190,22 @@ static void ceph_free_fc(struct fs_context *fc)
static int ceph_reconfigure_fc(struct fs_context *fc)
{
+ int err;
struct ceph_parse_opts_ctx *pctx = fc->fs_private;
struct ceph_mount_options *fsopt = pctx->opts;
- struct ceph_fs_client *fsc = ceph_sb_to_client(fc->root->d_sb);
+ struct super_block *sb = fc->root->d_sb;
+ struct ceph_fs_client *fsc = ceph_sb_to_client(sb);
if (fsopt->flags & CEPH_MOUNT_OPT_ASYNC_DIROPS)
ceph_set_mount_opt(fsc, ASYNC_DIROPS);
else
ceph_clear_mount_opt(fsc, ASYNC_DIROPS);
- sync_filesystem(fc->root->d_sb);
+ err = ceph_set_test_dummy_encryption(sb, fc, fsopt);
+ if (err)
+ return err;
+
+ sync_filesystem(sb);
return 0;
}
diff --git a/fs/ceph/super.h b/fs/ceph/super.h
index cc39cc36de77..11032b30a14f 100644
--- a/fs/ceph/super.h
+++ b/fs/ceph/super.h
@@ -17,6 +17,7 @@
#include <linux/posix_acl.h>
#include <linux/refcount.h>
#include <linux/security.h>
+#include <linux/fscrypt.h>
#include <linux/ceph/libceph.h>
@@ -44,6 +45,7 @@
#define CEPH_MOUNT_OPT_NOQUOTADF (1<<13) /* no root dir quota in statfs */
#define CEPH_MOUNT_OPT_NOCOPYFROM (1<<14) /* don't use RADOS 'copy-from' op */
#define CEPH_MOUNT_OPT_ASYNC_DIROPS (1<<15) /* allow async directory ops */
+#define CEPH_MOUNT_OPT_TEST_DUMMY_ENC (1<<16) /* enable dummy encryption (for testing) */
#define CEPH_MOUNT_OPT_DEFAULT \
(CEPH_MOUNT_OPT_DCACHE | \
@@ -96,6 +98,7 @@ struct ceph_mount_options {
char *mds_namespace; /* default NULL */
char *server_path; /* default NULL (means "/") */
char *fscache_uniq; /* default NULL */
+ char *test_dummy_encryption; /* default NULL */
};
struct ceph_fs_client {
@@ -135,9 +138,11 @@ struct ceph_fs_client {
#ifdef CONFIG_CEPH_FSCACHE
struct fscache_cookie *fscache;
#endif
+#ifdef CONFIG_FS_ENCRYPTION
+ struct fscrypt_dummy_policy dummy_enc_policy;
+#endif
};
-
/*
* File i/o capability. This tracks shared state with the metadata
* server that allows us to cache or writeback attributes or to read
--
2.26.2
next prev parent reply other threads:[~2020-09-14 19:18 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-14 19:16 [RFC PATCH v3 00/16] ceph+fscrypt: context, filename and symlink support Jeff Layton
2020-09-14 19:16 ` [RFC PATCH v3 01/16] vfs: export new_inode_pseudo Jeff Layton
2020-09-14 23:33 ` Eric Biggers
2020-09-23 3:41 ` Al Viro
2020-09-23 11:19 ` Jeff Layton
2020-09-14 19:16 ` [RFC PATCH v3 02/16] fscrypt: export fscrypt_base64_encode and fscrypt_base64_decode Jeff Layton
2020-09-14 23:44 ` Eric Biggers
2020-09-14 19:16 ` [RFC PATCH v3 03/16] fscrypt: export fscrypt_d_revalidate Jeff Layton
2020-09-15 0:04 ` Eric Biggers
2020-09-14 19:16 ` [RFC PATCH v3 04/16] fscrypt: add fscrypt_context_for_new_inode Jeff Layton
2020-09-15 0:15 ` Eric Biggers
2020-09-14 19:16 ` [RFC PATCH v3 05/16] fscrypt: make fscrypt_fname_disk_to_usr return whether result is nokey name Jeff Layton
2020-09-15 0:23 ` Eric Biggers
2020-09-14 19:16 ` [RFC PATCH v3 06/16] ceph: add fscrypt ioctls Jeff Layton
2020-09-15 0:45 ` Eric Biggers
2020-09-15 12:08 ` Jeff Layton
2020-09-14 19:16 ` [RFC PATCH v3 07/16] ceph: crypto context handling for ceph Jeff Layton
2020-09-15 1:00 ` Eric Biggers
2020-09-14 19:16 ` Jeff Layton [this message]
2020-09-15 1:23 ` [RFC PATCH v3 08/16] ceph: implement -o test_dummy_encryption mount option Eric Biggers
2020-09-16 12:49 ` Jeff Layton
2020-09-14 19:17 ` [RFC PATCH v3 09/16] ceph: preallocate inode for ops that may create one Jeff Layton
2020-09-15 1:30 ` Eric Biggers
2020-09-16 12:41 ` Jeff Layton
2020-09-14 19:17 ` [RFC PATCH v3 10/16] ceph: add routine to create context prior to RPC Jeff Layton
2020-09-15 1:37 ` Eric Biggers
2020-09-16 12:18 ` Jeff Layton
2020-09-14 19:17 ` [RFC PATCH v3 11/16] ceph: make ceph_msdc_build_path use ref-walk Jeff Layton
2020-09-14 19:17 ` [RFC PATCH v3 12/16] ceph: add encrypted fname handling to ceph_mdsc_build_path Jeff Layton
2020-09-15 1:41 ` Eric Biggers
2020-09-16 12:30 ` Jeff Layton
2020-09-16 17:36 ` Eric Biggers
2020-09-16 18:04 ` Jeff Layton
2020-09-16 18:42 ` Eric Biggers
2020-09-14 19:17 ` [RFC PATCH v3 13/16] ceph: make d_revalidate call fscrypt revalidator for encrypted dentries Jeff Layton
2020-09-14 19:17 ` [RFC PATCH v3 14/16] ceph: add support to readdir for encrypted filenames Jeff Layton
2020-09-15 1:57 ` Eric Biggers
2020-09-15 13:27 ` Jeff Layton
2020-09-15 20:40 ` Eric Biggers
2020-09-16 12:16 ` Jeff Layton
2020-09-14 19:17 ` [RFC PATCH v3 15/16] ceph: add fscrypt support to ceph_fill_trace Jeff Layton
2020-09-14 19:17 ` [RFC PATCH v3 16/16] ceph: create symlinks with encrypted and base64-encoded targets Jeff Layton
2020-09-15 2:07 ` Eric Biggers
2020-09-15 14:05 ` Jeff Layton
2020-09-15 20:49 ` Eric Biggers
2020-09-16 12:15 ` Jeff Layton
2020-09-15 2:13 ` [RFC PATCH v3 00/16] ceph+fscrypt: context, filename and symlink support Eric Biggers
2020-09-15 13:38 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200914191707.380444-9-jlayton@kernel.org \
--to=jlayton@kernel.org \
--cc=ceph-devel@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).