Re: [PATCH 1/2] ceph: pass fscrypt `tname` buffers directly

All of lore.kernel.org
 help / color / mirror / Atom feed

From: David Laight <david.laight.linux@gmail.com>
To: Sam Edwards <cfsworks@gmail.com>
Cc: Ilya Dryomov <idryomov@gmail.com>,
	Alex Markuze <amarkuze@redhat.com>,
	Viacheslav Dubeyko <slava@dubeyko.com>,
	Jeff Layton <jlayton@kernel.org>, Xiubo Li <xiubli@redhat.com>,
	Milind Changire <mchangir@redhat.com>,
	ceph-devel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/2] ceph: pass fscrypt `tname` buffers directly
Date: Wed, 27 May 2026 13:00:08 +0100	[thread overview]
Message-ID: <20260527130008.0261fd62@pumpkin> (raw)
In-Reply-To: <20260527025828.5966-2-CFSworks@gmail.com>

On Tue, 26 May 2026 19:58:27 -0700
Sam Edwards <cfsworks@gmail.com> wrote:

> ceph_fname_to_usr() needs a temporary buffer for some operations
> (currently only base64-decoding ciphertext) and it is convenient to
> allow the caller to specify this buffer to avoid a heap allocation, so
> it has a (nullable) `tname` argument. Until now, this argument was a
> `struct fscrypt_str`; however, this is unnecessary for two reasons:
> 
> 1. `tname->len` isn't used anywhere: ceph_fname_to_usr() assumes a
>    buffer large enough to hold the ciphertext, and
>    parse_reply_info_readdir() -- the only caller to use tname -- doesn't
>    set it.
> 2. While the `tname` parameter is documented "may be NULL,"
>    parse_reply_info_readdir() always passes it but with `tname->name`
>    sometimes NULL in violation of the contract, indicating that the
>    unnecessary container creates actual confusion.
> 
> Therefore, change the type to `unsigned char *` and pass the buffer
> directly.
> 
> Signed-off-by: Sam Edwards <CFSworks@gmail.com>
> ---
>  fs/ceph/crypto.c     | 10 +++++-----
>  fs/ceph/crypto.h     |  4 ++--
>  fs/ceph/mds_client.c |  6 +++---
>  3 files changed, 10 insertions(+), 10 deletions(-)
> 
> diff --git a/fs/ceph/crypto.c b/fs/ceph/crypto.c
> index 64d240759277..7515cb251226 100644
> --- a/fs/ceph/crypto.c
> +++ b/fs/ceph/crypto.c
> @@ -300,7 +300,7 @@ int ceph_encode_encrypted_dname(struct inode *parent, char *buf, int elen)
>   *
>   * Returns 0 on success or negative error code on error.
>   */
> -int ceph_fname_to_usr(const struct ceph_fname *fname, struct fscrypt_str *tname,
> +int ceph_fname_to_usr(const struct ceph_fname *fname, unsigned char *tname,

I can't help feeling that the buffer length should also be passed.
Either explicitly or, if constant, implicitly by embedding the array
in a structure.

-- David


>  		      struct fscrypt_str *oname, bool *is_nokey)
>  {
>  	struct inode *dir = fname->dir;
> @@ -357,16 +357,16 @@ int ceph_fname_to_usr(const struct ceph_fname *fname, struct fscrypt_str *tname,
>  			ret = fscrypt_fname_alloc_buffer(NAME_MAX, &_tname);
>  			if (ret)
>  				goto out_inode;
> -			tname = &_tname;
> +			tname = _tname.name;
>  		}
>  
> -		declen = base64_decode(name, name_len,
> -				       tname->name, false, BASE64_IMAP);
> +		declen = base64_decode(name, name_len, tname, false,
> +				       BASE64_IMAP);
>  		if (declen <= 0) {
>  			ret = -EIO;
>  			goto out;
>  		}
> -		iname.name = tname->name;
> +		iname.name = tname;
>  		iname.len = declen;
>  	} else {
>  		iname.name = fname->ctext;
> diff --git a/fs/ceph/crypto.h b/fs/ceph/crypto.h
> index b748e2060bc9..79cb563fd887 100644
> --- a/fs/ceph/crypto.h
> +++ b/fs/ceph/crypto.h
> @@ -115,7 +115,7 @@ static inline void ceph_fname_free_buffer(struct inode *parent,
>  		fscrypt_fname_free_buffer(fname);
>  }
>  
> -int ceph_fname_to_usr(const struct ceph_fname *fname, struct fscrypt_str *tname,
> +int ceph_fname_to_usr(const struct ceph_fname *fname, unsigned char *tname,
>  		      struct fscrypt_str *oname, bool *is_nokey);
>  int ceph_fscrypt_prepare_readdir(struct inode *dir);
>  
> @@ -204,7 +204,7 @@ static inline void ceph_fname_free_buffer(struct inode *parent,
>  }
>  
>  static inline int ceph_fname_to_usr(const struct ceph_fname *fname,
> -				    struct fscrypt_str *tname,
> +				    unsigned char *tname,
>  				    struct fscrypt_str *oname, bool *is_nokey)
>  {
>  	oname->name = fname->name;
> diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c
> index ed17e0023705..aa6730b48e97 100644
> --- a/fs/ceph/mds_client.c
> +++ b/fs/ceph/mds_client.c
> @@ -488,11 +488,11 @@ static int parse_reply_info_readdir(void **p, void *end,
>  		struct inode *inode = d_inode(req->r_dentry);
>  		struct ceph_inode_info *ci = ceph_inode(inode);
>  		struct ceph_mds_reply_dir_entry *rde = info->dir_entries + i;
> -		struct fscrypt_str tname = FSTR_INIT(NULL, 0);
>  		struct fscrypt_str oname = FSTR_INIT(NULL, 0);
>  		struct ceph_fname fname;
>  		u32 altname_len, _name_len;
>  		u8 *altname, *_name;
> +		u8 *tname = NULL;
>  
>  		/* dentry */
>  		ceph_decode_32_safe(p, end, _name_len, bad);
> @@ -540,7 +540,7 @@ static int parse_reply_info_readdir(void **p, void *end,
>  			 * always be shorter, which is 3/4 of origin
>  			 * string.
>  			 */
> -			tname.name = _name;
> +			tname = _name;
>  
>  			/*
>  			 * Set oname to _name too, and this will be
> @@ -557,7 +557,7 @@ static int parse_reply_info_readdir(void **p, void *end,
>  			oname.len = altname_len;
>  		}
>  		rde->is_nokey = false;
> -		err = ceph_fname_to_usr(&fname, &tname, &oname, &rde->is_nokey);
> +		err = ceph_fname_to_usr(&fname, tname, &oname, &rde->is_nokey);
>  		if (err) {
>  			pr_err_client(cl, "unable to decode %.*s, got %d\n",
>  				      _name_len, _name, err);

next prev parent reply	other threads:[~2026-05-27 12:00 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-27  2:58 [PATCH 0/2] Bounce buffer for mds client decryption when vmalloc() Sam Edwards
2026-05-27  2:58 ` [PATCH 1/2] ceph: pass fscrypt `tname` buffers directly Sam Edwards
2026-05-27 12:00   ` David Laight [this message]
2026-05-27 18:06     ` Sam Edwards
2026-05-27 22:13       ` David Laight
2026-05-27 22:44         ` Sam Edwards
2026-05-27  2:58 ` [PATCH 2/2] ceph: properly decrypt filenames in vmalloc() buffers Sam Edwards
2026-05-29 20:50   ` Viacheslav Dubeyko
2026-05-30  0:59     ` Sam Edwards

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260527130008.0261fd62@pumpkin \
    --to=david.laight.linux@gmail.com \
    --cc=amarkuze@redhat.com \
    --cc=ceph-devel@vger.kernel.org \
    --cc=cfsworks@gmail.com \
    --cc=idryomov@gmail.com \
    --cc=jlayton@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mchangir@redhat.com \
    --cc=slava@dubeyko.com \
    --cc=xiubli@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.