From: "Luís Henriques" <lhenriques@suse.de>
To: Jeff Layton <jlayton@kernel.org>, Xiubo Li <xiubli@redhat.com>,
Ilya Dryomov <idryomov@gmail.com>
Cc: ceph-devel@vger.kernel.org, linux-kernel@vger.kernel.org,
"Luís Henriques" <lhenriques@suse.de>
Subject: [PATCH 3/3] ceph: add support for encrypted snapshot names
Date: Fri, 4 Mar 2022 16:14:03 +0000 [thread overview]
Message-ID: <20220304161403.19295-4-lhenriques@suse.de> (raw)
In-Reply-To: <20220304161403.19295-1-lhenriques@suse.de>
Since filenames in encrypted directories are already encrypted and shown
as a base64-encoded string when the directory is locked, snapshot names
should show a similar behaviour.
Signed-off-by: Luís Henriques <lhenriques@suse.de>
---
fs/ceph/dir.c | 9 +++++++++
fs/ceph/inode.c | 13 +++++++++++++
2 files changed, 22 insertions(+)
diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
index 934402f5e9e6..17d2f18a1fd1 100644
--- a/fs/ceph/dir.c
+++ b/fs/ceph/dir.c
@@ -1069,6 +1069,15 @@ static int ceph_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
op = CEPH_MDS_OP_MKSNAP;
dout("mksnap dir %p snap '%pd' dn %p\n", dir,
dentry, dentry);
+ /*
+ * Encrypted snapshots require d_revalidate to force a
+ * LOOKUPSNAP to cleanup dcache
+ */
+ if (IS_ENCRYPTED(dir)) {
+ spin_lock(&dentry->d_lock);
+ dentry->d_flags |= DCACHE_NOKEY_NAME;
+ spin_unlock(&dentry->d_lock);
+ }
} else if (ceph_snap(dir) == CEPH_NOSNAP) {
dout("mkdir dir %p dn %p mode 0%ho\n", dir, dentry, mode);
op = CEPH_MDS_OP_MKDIR;
diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c
index 8b0832271fdf..357335a11384 100644
--- a/fs/ceph/inode.c
+++ b/fs/ceph/inode.c
@@ -182,6 +182,19 @@ struct inode *ceph_get_snapdir(struct inode *parent)
ci->i_rbytes = 0;
ci->i_btime = ceph_inode(parent)->i_btime;
+ /* if encrypted, just borrow fscrypt_auth from parent */
+ if (IS_ENCRYPTED(parent)) {
+ struct ceph_inode_info *pci = ceph_inode(parent);
+
+ ci->fscrypt_auth = kmemdup(pci->fscrypt_auth,
+ pci->fscrypt_auth_len,
+ GFP_KERNEL);
+ if (ci->fscrypt_auth) {
+ inode->i_flags |= S_ENCRYPTED;
+ ci->fscrypt_auth_len = pci->fscrypt_auth_len;
+ } else
+ dout("Failed to alloc memory for fscrypt_auth in snapdir\n");
+ }
if (inode->i_state & I_NEW) {
inode->i_op = &ceph_snapdir_iops;
inode->i_fop = &ceph_snapdir_fops;
next prev parent reply other threads:[~2022-03-04 16:14 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-04 16:14 [PATCH 0/3] ceph: minor fixes and encrypted snapshot names Luís Henriques
2022-03-04 16:14 ` [PATCH 1/3] ceph: fix error path in ceph_readdir() Luís Henriques
2022-03-04 18:17 ` Jeff Layton
2022-03-05 14:30 ` Luís Henriques
2022-03-04 16:14 ` [PATCH 2/3] ceph: fix use-after-free in ceph_readdir Luís Henriques
2022-03-04 18:20 ` Jeff Layton
2022-03-05 12:43 ` Xiubo Li
2022-03-05 14:32 ` Luís Henriques
2022-03-04 16:14 ` Luís Henriques [this message]
2022-03-04 18:25 ` [PATCH 3/3] ceph: add support for encrypted snapshot names Jeff Layton
2022-03-05 14:34 ` Luís Henriques
2022-03-05 12:43 ` Xiubo Li
2022-03-04 16:26 ` [PATCH 0/3] ceph: minor fixes and " Luís Henriques
2022-03-04 18:30 ` Jeff Layton
2022-03-05 14:56 ` Luís Henriques
2022-03-07 0:49 ` Xiubo Li
2022-03-07 14:20 ` Luís Henriques
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220304161403.19295-4-lhenriques@suse.de \
--to=lhenriques@suse.de \
--cc=ceph-devel@vger.kernel.org \
--cc=idryomov@gmail.com \
--cc=jlayton@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=xiubli@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.