From: Jeff Layton <jlayton@kernel.org>
To: Xiubo Li <xiubli@redhat.com>, ceph-devel@vger.kernel.org
Cc: lhenriques@suse.de, linux-fsdevel@vger.kernel.org,
linux-fscrypt@vger.kernel.org, dhowells@redhat.com
Subject: Re: [RFC PATCH v7 08/24] ceph: add ability to set fscrypt_auth via setattr
Date: Wed, 07 Jul 2021 08:10:23 -0400 [thread overview]
Message-ID: <0851e6b29825cd428bdeab6275638e1a463b153e.camel@kernel.org> (raw)
In-Reply-To: <4bb32761-93b5-16fb-b8ab-36897d469a39@redhat.com>
On Wed, 2021-07-07 at 16:11 +0800, Xiubo Li wrote:
> On 6/25/21 9:58 PM, Jeff Layton wrote:
> > Signed-off-by: Jeff Layton <jlayton@kernel.org>
> > ---
> > fs/ceph/acl.c | 4 ++--
> > fs/ceph/inode.c | 30 ++++++++++++++++++++++++++++--
> > fs/ceph/mds_client.c | 31 ++++++++++++++++++++++++++-----
> > fs/ceph/mds_client.h | 3 +++
> > fs/ceph/super.h | 7 ++++++-
> > include/linux/ceph/ceph_fs.h | 21 +++++++++++++--------
> > 6 files changed, 78 insertions(+), 18 deletions(-)
> >
> > diff --git a/fs/ceph/acl.c b/fs/ceph/acl.c
> > index 529af59d9fd3..6e716f142022 100644
> > --- a/fs/ceph/acl.c
> > +++ b/fs/ceph/acl.c
> > @@ -136,7 +136,7 @@ int ceph_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
> > newattrs.ia_ctime = current_time(inode);
> > newattrs.ia_mode = new_mode;
> > newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
> > - ret = __ceph_setattr(inode, &newattrs);
> > + ret = __ceph_setattr(inode, &newattrs, NULL);
> > if (ret)
> > goto out_free;
> > }
> > @@ -147,7 +147,7 @@ int ceph_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
> > newattrs.ia_ctime = old_ctime;
> > newattrs.ia_mode = old_mode;
> > newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
> > - __ceph_setattr(inode, &newattrs);
> > + __ceph_setattr(inode, &newattrs, NULL);
> > }
> > goto out_free;
> > }
> > diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c
> > index b620281ea65b..7821ba04eef3 100644
> > --- a/fs/ceph/inode.c
> > +++ b/fs/ceph/inode.c
> > @@ -2086,7 +2086,7 @@ static const struct inode_operations ceph_symlink_iops = {
> > .listxattr = ceph_listxattr,
> > };
> >
> > -int __ceph_setattr(struct inode *inode, struct iattr *attr)
> > +int __ceph_setattr(struct inode *inode, struct iattr *attr, struct ceph_iattr *cia)
> > {
> > struct ceph_inode_info *ci = ceph_inode(inode);
> > unsigned int ia_valid = attr->ia_valid;
> > @@ -2127,6 +2127,32 @@ int __ceph_setattr(struct inode *inode, struct iattr *attr)
> >
> > dout("setattr %p issued %s\n", inode, ceph_cap_string(issued));
> >
> > + if (cia && cia->fscrypt_auth) {
> > + u32 len = offsetof(struct ceph_fscrypt_auth, cfa_blob) +
> > + le32_to_cpu(cia->fscrypt_auth->cfa_blob_len);
> > +
> > + if (len > sizeof(*cia->fscrypt_auth))
> > + return -EINVAL;
> > +
>
> Possibly we can remove this check here since in the patch followed will
> make sure the 'cia' is valid.
>
>
Good point. I'll plan to clean that up.
>
> > + dout("setattr %llx:%llx fscrypt_auth len %u to %u)\n",
> > + ceph_vinop(inode), ci->fscrypt_auth_len, len);
> > +
> > + /* It should never be re-set once set */
> > + WARN_ON_ONCE(ci->fscrypt_auth);
> > +
> > + if (issued & CEPH_CAP_AUTH_EXCL) {
> > + dirtied |= CEPH_CAP_AUTH_EXCL;
> > + kfree(ci->fscrypt_auth);
> > + ci->fscrypt_auth = (u8 *)cia->fscrypt_auth;
> > + ci->fscrypt_auth_len = len;
> > + } else if ((issued & CEPH_CAP_AUTH_SHARED) == 0) {
> > + req->r_fscrypt_auth = cia->fscrypt_auth;
> > + mask |= CEPH_SETATTR_FSCRYPT_AUTH;
> > + release |= CEPH_CAP_AUTH_SHARED;
> > + }
> > + cia->fscrypt_auth = NULL;
> > + }
> > +
> > if (ia_valid & ATTR_UID) {
> > dout("setattr %p uid %d -> %d\n", inode,
> > from_kuid(&init_user_ns, inode->i_uid),
> > @@ -2324,7 +2350,7 @@ int ceph_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
> > ceph_quota_is_max_bytes_exceeded(inode, attr->ia_size))
> > return -EDQUOT;
> >
> > - err = __ceph_setattr(inode, attr);
> > + err = __ceph_setattr(inode, attr, NULL);
> >
> > if (err >= 0 && (attr->ia_valid & ATTR_MODE))
> > err = posix_acl_chmod(&init_user_ns, inode, attr->ia_mode);
> > diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c
> > index 9c994effc51d..4aca8ce1c135 100644
> > --- a/fs/ceph/mds_client.c
> > +++ b/fs/ceph/mds_client.c
> > @@ -2529,8 +2529,7 @@ static int set_request_path_attr(struct inode *rinode, struct dentry *rdentry,
> > return r;
> > }
> >
> > -static void encode_timestamp_and_gids(void **p,
> > - const struct ceph_mds_request *req)
> > +static void encode_mclientrequest_tail(void **p, const struct ceph_mds_request *req)
> > {
> > struct ceph_timespec ts;
> > int i;
> > @@ -2543,6 +2542,21 @@ static void encode_timestamp_and_gids(void **p,
> > for (i = 0; i < req->r_cred->group_info->ngroups; i++)
> > ceph_encode_64(p, from_kgid(&init_user_ns,
> > req->r_cred->group_info->gid[i]));
> > +
> > + /* v5: altname (TODO: skip for now) */
> > + ceph_encode_32(p, 0);
> > +
> > + /* v6: fscrypt_auth and fscrypt_file */
> > + if (req->r_fscrypt_auth) {
> > + u32 authlen = le32_to_cpu(req->r_fscrypt_auth->cfa_blob_len);
> > +
> > + authlen += offsetof(struct ceph_fscrypt_auth, cfa_blob);
>
> For the authlen calculating, maybe we could add one helper ? I found
> there have some other places are also doing this.
>
>
Yes. I'll plan to do that.
> > + ceph_encode_32(p, authlen);
> > + ceph_encode_copy(p, req->r_fscrypt_auth, authlen);
> > + } else {
> > + ceph_encode_32(p, 0);
> > + }
> > + ceph_encode_32(p, 0); // fscrypt_file for now
> > }
> >
> > /*
> > @@ -2591,6 +2605,13 @@ static struct ceph_msg *create_request_message(struct ceph_mds_session *session,
> > len += pathlen1 + pathlen2 + 2*(1 + sizeof(u32) + sizeof(u64)) +
> > sizeof(struct ceph_timespec);
> > len += sizeof(u32) + (sizeof(u64) * req->r_cred->group_info->ngroups);
> > + len += sizeof(u32); // altname
> > + len += sizeof(u32); // fscrypt_auth
> > + if (req->r_fscrypt_auth) {
> > + len += offsetof(struct ceph_fscrypt_auth, cfa_blob);
> > + len += le32_to_cpu(req->r_fscrypt_auth->cfa_blob_len);
> > + }
> > + len += sizeof(u32); // fscrypt_file
> >
> > /* calculate (max) length for cap releases */
> > len += sizeof(struct ceph_mds_request_release) *
> > @@ -2621,7 +2642,7 @@ static struct ceph_msg *create_request_message(struct ceph_mds_session *session,
> > } else {
> > struct ceph_mds_request_head *new_head = msg->front.iov_base;
> >
> > - msg->hdr.version = cpu_to_le16(4);
> > + msg->hdr.version = cpu_to_le16(6);
> > new_head->version = cpu_to_le16(CEPH_MDS_REQUEST_HEAD_VERSION);
> > head = (struct ceph_mds_request_head_old *)&new_head->oldest_client_tid;
> > p = msg->front.iov_base + sizeof(*new_head);
> > @@ -2672,7 +2693,7 @@ static struct ceph_msg *create_request_message(struct ceph_mds_session *session,
> >
> > head->num_releases = cpu_to_le16(releases);
> >
> > - encode_timestamp_and_gids(&p, req);
> > + encode_mclientrequest_tail(&p, req);
> >
> > if (WARN_ON_ONCE(p > end)) {
> > ceph_msg_put(msg);
> > @@ -2781,7 +2802,7 @@ static int __prepare_send_request(struct ceph_mds_session *session,
> > rhead->num_releases = 0;
> >
> > p = msg->front.iov_base + req->r_request_release_offset;
> > - encode_timestamp_and_gids(&p, req);
> > + encode_mclientrequest_tail(&p, req);
> >
> > msg->front.iov_len = p - msg->front.iov_base;
> > msg->hdr.front_len = cpu_to_le32(msg->front.iov_len);
> > diff --git a/fs/ceph/mds_client.h b/fs/ceph/mds_client.h
> > index 0c3cc61fd038..800eed49c2fd 100644
> > --- a/fs/ceph/mds_client.h
> > +++ b/fs/ceph/mds_client.h
> > @@ -278,6 +278,9 @@ struct ceph_mds_request {
> > struct mutex r_fill_mutex;
> >
> > union ceph_mds_request_args r_args;
> > +
> > + struct ceph_fscrypt_auth *r_fscrypt_auth;
> > +
> > int r_fmode; /* file mode, if expecting cap */
> > const struct cred *r_cred;
> > int r_request_release_offset;
> > diff --git a/fs/ceph/super.h b/fs/ceph/super.h
> > index e032737fe472..ad62cde30e0b 100644
> > --- a/fs/ceph/super.h
> > +++ b/fs/ceph/super.h
> > @@ -1035,7 +1035,12 @@ static inline int ceph_do_getattr(struct inode *inode, int mask, bool force)
> > }
> > extern int ceph_permission(struct user_namespace *mnt_userns,
> > struct inode *inode, int mask);
> > -extern int __ceph_setattr(struct inode *inode, struct iattr *attr);
> > +
> > +struct ceph_iattr {
> > + struct ceph_fscrypt_auth *fscrypt_auth;
> > +};
> > +
> > +extern int __ceph_setattr(struct inode *inode, struct iattr *attr, struct ceph_iattr *cia);
> > extern int ceph_setattr(struct user_namespace *mnt_userns,
> > struct dentry *dentry, struct iattr *attr);
> > extern int ceph_getattr(struct user_namespace *mnt_userns,
> > diff --git a/include/linux/ceph/ceph_fs.h b/include/linux/ceph/ceph_fs.h
> > index e41a811026f6..a45a82c7d432 100644
> > --- a/include/linux/ceph/ceph_fs.h
> > +++ b/include/linux/ceph/ceph_fs.h
> > @@ -355,14 +355,19 @@ enum {
> >
> > extern const char *ceph_mds_op_name(int op);
> >
> > -
> > -#define CEPH_SETATTR_MODE 1
> > -#define CEPH_SETATTR_UID 2
> > -#define CEPH_SETATTR_GID 4
> > -#define CEPH_SETATTR_MTIME 8
> > -#define CEPH_SETATTR_ATIME 16
> > -#define CEPH_SETATTR_SIZE 32
> > -#define CEPH_SETATTR_CTIME 64
> > +#define CEPH_SETATTR_MODE (1 << 0)
> > +#define CEPH_SETATTR_UID (1 << 1)
> > +#define CEPH_SETATTR_GID (1 << 2)
> > +#define CEPH_SETATTR_MTIME (1 << 3)
> > +#define CEPH_SETATTR_ATIME (1 << 4)
> > +#define CEPH_SETATTR_SIZE (1 << 5)
> > +#define CEPH_SETATTR_CTIME (1 << 6)
> > +#define CEPH_SETATTR_MTIME_NOW (1 << 7)
> > +#define CEPH_SETATTR_ATIME_NOW (1 << 8)
> > +#define CEPH_SETATTR_BTIME (1 << 9)
> > +#define CEPH_SETATTR_KILL_SGUID (1 << 10)
> > +#define CEPH_SETATTR_FSCRYPT_AUTH (1 << 11)
> > +#define CEPH_SETATTR_FSCRYPT_FILE (1 << 12)
> >
> > /*
> > * Ceph setxattr request flags.
>
--
Jeff Layton <jlayton@kernel.org>
next prev parent reply other threads:[~2021-07-07 12:10 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-25 13:58 [RFC PATCH v7 00/24] ceph+fscrypt: context, filename and symlink support Jeff Layton
2021-06-25 13:58 ` [RFC PATCH v7 01/24] vfs: export new_inode_pseudo Jeff Layton
2021-06-25 13:58 ` [RFC PATCH v7 02/24] fscrypt: export fscrypt_base64_encode and fscrypt_base64_decode Jeff Layton
2021-07-11 17:40 ` Eric Biggers
2021-07-12 11:55 ` Jeff Layton
2021-07-12 14:22 ` Eric Biggers
2021-07-12 14:32 ` Jeff Layton
2021-06-25 13:58 ` [RFC PATCH v7 03/24] fscrypt: export fscrypt_fname_encrypt and fscrypt_fname_encrypted_size Jeff Layton
2021-07-11 17:43 ` Eric Biggers
2021-06-25 13:58 ` [RFC PATCH v7 04/24] fscrypt: add fscrypt_context_for_new_inode Jeff Layton
2021-07-11 17:44 ` Eric Biggers
2021-06-25 13:58 ` [RFC PATCH v7 05/24] ceph: preallocate inode for ops that may create one Jeff Layton
2021-07-07 3:37 ` Xiubo Li
2021-07-07 12:05 ` Jeff Layton
2021-06-25 13:58 ` [RFC PATCH v7 06/24] ceph: parse new fscrypt_auth and fscrypt_file fields in inode traces Jeff Layton
2021-07-07 3:53 ` Xiubo Li
2021-07-07 12:09 ` Jeff Layton
2021-07-07 12:46 ` Xiubo Li
2021-07-07 10:47 ` Luis Henriques
2021-07-07 11:19 ` Xiubo Li
2021-07-07 12:19 ` Jeff Layton
2021-07-07 14:32 ` Luis Henriques
2021-07-07 14:56 ` Luis Henriques
2021-07-08 2:56 ` Xiubo Li
2021-07-08 11:26 ` Jeff Layton
2021-06-25 13:58 ` [RFC PATCH v7 07/24] ceph: add fscrypt_* handling to caps.c Jeff Layton
2021-07-07 7:20 ` Xiubo Li
2021-07-07 12:02 ` Jeff Layton
2021-07-07 12:47 ` Xiubo Li
2021-07-11 23:00 ` Eric Biggers
2021-07-12 13:22 ` Jeff Layton
2021-06-25 13:58 ` [RFC PATCH v7 08/24] ceph: add ability to set fscrypt_auth via setattr Jeff Layton
2021-07-07 8:11 ` Xiubo Li
2021-07-07 12:10 ` Jeff Layton [this message]
2021-07-07 10:47 ` Luis Henriques
2021-07-07 12:25 ` Jeff Layton
2021-06-25 13:58 ` [RFC PATCH v7 09/24] ceph: crypto context handling for ceph Jeff Layton
2021-06-25 13:58 ` [RFC PATCH v7 10/24] ceph: implement -o test_dummy_encryption mount option Jeff Layton
2021-06-25 13:58 ` [RFC PATCH v7 11/24] ceph: add routine to create fscrypt context prior to RPC Jeff Layton
2021-07-07 10:48 ` Luis Henriques
2021-07-07 12:29 ` Jeff Layton
2021-06-25 13:58 ` [RFC PATCH v7 12/24] ceph: add fscrypt ioctls Jeff Layton
2021-07-08 7:30 ` Xiubo Li
2021-07-08 11:26 ` Jeff Layton
2021-07-08 11:32 ` Xiubo Li
2021-06-25 13:58 ` [RFC PATCH v7 13/24] ceph: decode alternate_name in lease info Jeff Layton
2021-06-25 13:58 ` [RFC PATCH v7 14/24] ceph: make ceph_msdc_build_path use ref-walk Jeff Layton
2021-06-25 13:58 ` [RFC PATCH v7 15/24] ceph: add encrypted fname handling to ceph_mdsc_build_path Jeff Layton
2021-07-11 22:53 ` Eric Biggers
2021-07-12 12:36 ` Jeff Layton
2021-06-25 13:58 ` [RFC PATCH v7 16/24] ceph: send altname in MClientRequest Jeff Layton
2021-06-25 13:58 ` [RFC PATCH v7 17/24] ceph: properly set DCACHE_NOKEY_NAME flag in lookup Jeff Layton
2021-06-25 13:58 ` [RFC PATCH v7 18/24] ceph: make d_revalidate call fscrypt revalidator for encrypted dentries Jeff Layton
2021-06-25 13:58 ` [RFC PATCH v7 19/24] ceph: add helpers for converting names for userland presentation Jeff Layton
2021-06-25 13:58 ` [RFC PATCH v7 20/24] ceph: add fscrypt support to ceph_fill_trace Jeff Layton
2021-06-25 13:58 ` [RFC PATCH v7 21/24] ceph: add support to readdir for encrypted filenames Jeff Layton
2021-06-25 13:58 ` [RFC PATCH v7 22/24] ceph: create symlinks with encrypted and base64-encoded targets Jeff Layton
2021-06-25 13:58 ` [RFC PATCH v7 23/24] ceph: make ceph_get_name decrypt filenames Jeff Layton
2021-06-25 13:58 ` [RFC PATCH v7 24/24] ceph: add a new ceph.fscrypt.auth vxattr Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0851e6b29825cd428bdeab6275638e1a463b153e.camel@kernel.org \
--to=jlayton@kernel.org \
--cc=ceph-devel@vger.kernel.org \
--cc=dhowells@redhat.com \
--cc=lhenriques@suse.de \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=xiubli@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).