From: Jeff Layton <jlayton@kernel.org>
To: idryomov@gmail.com, xiubli@redhat.com
Cc: ceph-devel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-fscrypt@vger.kernel.org, linux-kernel@vger.kernel.org,
lhenriques@suse.de
Subject: [RFC PATCH v11 32/51] ceph: size handling for encrypted inodes in cap updates
Date: Tue, 22 Mar 2022 10:12:57 -0400 [thread overview]
Message-ID: <20220322141316.41325-33-jlayton@kernel.org> (raw)
In-Reply-To: <20220322141316.41325-1-jlayton@kernel.org>
Transmit the rounded-up size as the normal size, and fill out the
fscrypt_file field with the real file size.
Signed-off-by: Jeff Layton <jlayton@kernel.org>
---
fs/ceph/caps.c | 43 +++++++++++++++++++++++++------------------
fs/ceph/crypto.h | 4 ++++
2 files changed, 29 insertions(+), 18 deletions(-)
diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c
index 55f6ca00aff7..65af0dcf12ec 100644
--- a/fs/ceph/caps.c
+++ b/fs/ceph/caps.c
@@ -1215,10 +1215,9 @@ struct cap_msg_args {
umode_t mode;
bool inline_data;
bool wake;
+ bool encrypted;
u32 fscrypt_auth_len;
- u32 fscrypt_file_len;
u8 fscrypt_auth[sizeof(struct ceph_fscrypt_auth)]; // for context
- u8 fscrypt_file[sizeof(u64)]; // for size
};
/* Marshal up the cap msg to the MDS */
@@ -1253,7 +1252,12 @@ static void encode_cap_msg(struct ceph_msg *msg, struct cap_msg_args *arg)
fc->ino = cpu_to_le64(arg->ino);
fc->snap_follows = cpu_to_le64(arg->follows);
- fc->size = cpu_to_le64(arg->size);
+#if IS_ENABLED(CONFIG_FS_ENCRYPTION)
+ if (arg->encrypted)
+ fc->size = cpu_to_le64(round_up(arg->size, CEPH_FSCRYPT_BLOCK_SIZE));
+ else
+#endif
+ fc->size = cpu_to_le64(arg->size);
fc->max_size = cpu_to_le64(arg->max_size);
ceph_encode_timespec64(&fc->mtime, &arg->mtime);
ceph_encode_timespec64(&fc->atime, &arg->atime);
@@ -1313,11 +1317,17 @@ static void encode_cap_msg(struct ceph_msg *msg, struct cap_msg_args *arg)
ceph_encode_64(&p, 0);
#if IS_ENABLED(CONFIG_FS_ENCRYPTION)
- /* fscrypt_auth and fscrypt_file (version 12) */
+ /*
+ * fscrypt_auth and fscrypt_file (version 12)
+ *
+ * fscrypt_auth holds the crypto context (if any). fscrypt_file
+ * tracks the real i_size as an __le64 field (and we use a rounded-up
+ * i_size in * the traditional size field).
+ */
ceph_encode_32(&p, arg->fscrypt_auth_len);
ceph_encode_copy(&p, arg->fscrypt_auth, arg->fscrypt_auth_len);
- ceph_encode_32(&p, arg->fscrypt_file_len);
- ceph_encode_copy(&p, arg->fscrypt_file, arg->fscrypt_file_len);
+ ceph_encode_32(&p, sizeof(__le64));
+ ceph_encode_64(&p, arg->size);
#else /* CONFIG_FS_ENCRYPTION */
ceph_encode_32(&p, 0);
ceph_encode_32(&p, 0);
@@ -1389,7 +1399,6 @@ static void __prep_cap(struct cap_msg_args *arg, struct ceph_cap *cap,
arg->follows = flushing ? ci->i_head_snapc->seq : 0;
arg->flush_tid = flush_tid;
arg->oldest_flush_tid = oldest_flush_tid;
-
arg->size = i_size_read(inode);
ci->i_reported_size = arg->size;
arg->max_size = ci->i_wanted_max_size;
@@ -1443,6 +1452,7 @@ static void __prep_cap(struct cap_msg_args *arg, struct ceph_cap *cap,
}
}
arg->flags = flags;
+ arg->encrypted = IS_ENCRYPTED(inode);
#if IS_ENABLED(CONFIG_FS_ENCRYPTION)
if (ci->fscrypt_auth_len &&
WARN_ON_ONCE(ci->fscrypt_auth_len != sizeof(struct ceph_fscrypt_auth))) {
@@ -1453,21 +1463,21 @@ static void __prep_cap(struct cap_msg_args *arg, struct ceph_cap *cap,
memcpy(arg->fscrypt_auth, ci->fscrypt_auth,
min_t(size_t, ci->fscrypt_auth_len, sizeof(arg->fscrypt_auth)));
}
- /* FIXME: use this to track "real" size */
- arg->fscrypt_file_len = 0;
#endif /* CONFIG_FS_ENCRYPTION */
}
+#if IS_ENABLED(CONFIG_FS_ENCRYPTION)
#define CAP_MSG_FIXED_FIELDS (sizeof(struct ceph_mds_caps) + \
- 4 + 8 + 4 + 4 + 8 + 4 + 4 + 4 + 8 + 8 + 4 + 8 + 8 + 4 + 4)
+ 4 + 8 + 4 + 4 + 8 + 4 + 4 + 4 + 8 + 8 + 4 + 8 + 8 + 4 + 4 + 8)
-#if IS_ENABLED(CONFIG_FS_ENCRYPTION)
static inline int cap_msg_size(struct cap_msg_args *arg)
{
- return CAP_MSG_FIXED_FIELDS + arg->fscrypt_auth_len +
- arg->fscrypt_file_len;
+ return CAP_MSG_FIXED_FIELDS + arg->fscrypt_auth_len;
}
#else
+#define CAP_MSG_FIXED_FIELDS (sizeof(struct ceph_mds_caps) + \
+ 4 + 8 + 4 + 4 + 8 + 4 + 4 + 4 + 8 + 8 + 4 + 8 + 8 + 4 + 4)
+
static inline int cap_msg_size(struct cap_msg_args *arg)
{
return CAP_MSG_FIXED_FIELDS;
@@ -1546,13 +1556,10 @@ static inline int __send_flush_snap(struct inode *inode,
arg.inline_data = capsnap->inline_data;
arg.flags = 0;
arg.wake = false;
+ arg.encrypted = IS_ENCRYPTED(inode);
- /*
- * No fscrypt_auth changes from a capsnap. It will need
- * to update fscrypt_file on size changes (TODO).
- */
+ /* No fscrypt_auth changes from a capsnap.*/
arg.fscrypt_auth_len = 0;
- arg.fscrypt_file_len = 0;
msg = ceph_msg_new(CEPH_MSG_CLIENT_CAPS, cap_msg_size(&arg),
GFP_NOFS, false);
diff --git a/fs/ceph/crypto.h b/fs/ceph/crypto.h
index 080905b0c73c..56a61ba64edc 100644
--- a/fs/ceph/crypto.h
+++ b/fs/ceph/crypto.h
@@ -9,6 +9,10 @@
#include <crypto/sha2.h>
#include <linux/fscrypt.h>
+#define CEPH_FSCRYPT_BLOCK_SHIFT 12
+#define CEPH_FSCRYPT_BLOCK_SIZE (_AC(1, UL) << CEPH_FSCRYPT_BLOCK_SHIFT)
+#define CEPH_FSCRYPT_BLOCK_MASK (~(CEPH_FSCRYPT_BLOCK_SIZE-1))
+
struct ceph_fs_client;
struct ceph_acl_sec_ctx;
struct ceph_mds_request;
--
2.35.1
next prev parent reply other threads:[~2022-03-22 14:16 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-22 14:12 [RFC PATCH v11 00/51] ceph+fscrypt : full support Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 01/51] vfs: export new_inode_pseudo Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 02/51] fscrypt: export fscrypt_base64url_encode and fscrypt_base64url_decode Jeff Layton
2022-03-23 14:33 ` Luís Henriques
2022-03-24 17:46 ` Eric Biggers
2022-03-25 9:59 ` Luís Henriques
2022-03-24 18:20 ` Colin Walters
2022-03-22 14:12 ` [RFC PATCH v11 03/51] fscrypt: export fscrypt_fname_encrypt and fscrypt_fname_encrypted_size Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 04/51] fscrypt: add fscrypt_context_for_new_inode Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 05/51] ceph: preallocate inode for ops that may create one Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 06/51] ceph: crypto context handling for ceph Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 07/51] ceph: parse new fscrypt_auth and fscrypt_file fields in inode traces Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 08/51] ceph: add support for fscrypt_auth/fscrypt_file to cap messages Jeff Layton
2022-03-23 16:55 ` Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 09/51] ceph: add ability to set fscrypt_auth via setattr Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 10/51] ceph: implement -o test_dummy_encryption mount option Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 11/51] ceph: decode alternate_name in lease info Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 12/51] ceph: add fscrypt ioctls Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 13/51] ceph: make the ioctl cmd more readable in debug log Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 14/51] ceph: make ceph_msdc_build_path use ref-walk Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 15/51] ceph: add encrypted fname handling to ceph_mdsc_build_path Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 16/51] ceph: send altname in MClientRequest Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 17/51] ceph: encode encrypted name in dentry release Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 18/51] ceph: properly set DCACHE_NOKEY_NAME flag in lookup Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 19/51] ceph: make d_revalidate call fscrypt revalidator for encrypted dentries Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 20/51] ceph: add helpers for converting names for userland presentation Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 21/51] ceph: fix base64 encoded name's length check in ceph_fname_to_usr() Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 22/51] ceph: add fscrypt support to ceph_fill_trace Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 23/51] ceph: pass the request to parse_reply_info_readdir() Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 24/51] ceph: add ceph_encode_encrypted_dname() helper Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 25/51] ceph: add support to readdir for encrypted filenames Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 26/51] ceph: create symlinks with encrypted and base64-encoded targets Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 27/51] ceph: make ceph_get_name decrypt filenames Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 28/51] ceph: add a new ceph.fscrypt.auth vxattr Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 29/51] ceph: add some fscrypt guardrails Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 30/51] ceph: don't allow changing layout on encrypted files/directories Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 31/51] libceph: add CEPH_OSD_OP_ASSERT_VER support Jeff Layton
2022-03-22 14:12 ` Jeff Layton [this message]
2022-03-22 14:12 ` [RFC PATCH v11 33/51] ceph: fscrypt_file field handling in MClientRequest messages Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 34/51] ceph: get file size from fscrypt_file when present in inode traces Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 35/51] ceph: handle fscrypt fields in cap messages from MDS Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 36/51] ceph: add __ceph_get_caps helper support Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 37/51] ceph: add __ceph_sync_read " Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 38/51] ceph: add object version support for sync read Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 39/51] ceph: add infrastructure for file encryption and decryption Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 40/51] ceph: add truncate size handling support for fscrypt Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 41/51] libceph: allow ceph_osdc_new_request to accept a multi-op read Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 42/51] ceph: disable fallocate for encrypted inodes Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 43/51] ceph: disable copy offload on " Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 44/51] ceph: don't use special DIO path for " Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 45/51] ceph: align data in pages in ceph_sync_write Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 46/51] ceph: add read/modify/write to ceph_sync_write Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 47/51] ceph: plumb in decryption during sync reads Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 48/51] ceph: add fscrypt decryption support to ceph_netfs_issue_op Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 49/51] ceph: set i_blkbits to crypto block size for encrypted inodes Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 50/51] ceph: add encryption support to writepage Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 51/51] ceph: fscrypt support for writepages Jeff Layton
2022-03-22 14:17 ` [RFC PATCH v11 00/51] ceph+fscrypt : full support Jeff Layton
2022-03-25 9:57 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220322141316.41325-33-jlayton@kernel.org \
--to=jlayton@kernel.org \
--cc=ceph-devel@vger.kernel.org \
--cc=idryomov@gmail.com \
--cc=lhenriques@suse.de \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=xiubli@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).