From: Luis Henriques <luis@igalia.com>
To: Al Viro <viro@zeniv.linux.org.uk>
Cc: "Jeff Layton" <jlayton@kernel.org>,
"Luís Henriques" <lhenriques@suse.de>,
ceph-devel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
"Ilya Dryomov" <idryomov@gmail.com>
Subject: Re: [RFC] odd check in ceph_encode_encrypted_dname()
Date: Fri, 14 Feb 2025 14:05:18 +0000 [thread overview]
Message-ID: <87jz9s7hb5.fsf@igalia.com> (raw)
In-Reply-To: <20250214032820.GZ1977892@ZenIV> (Al Viro's message of "Fri, 14 Feb 2025 03:28:20 +0000")
On Fri, Feb 14 2025, Al Viro wrote:
> On Fri, Feb 14, 2025 at 02:47:56AM +0000, Al Viro wrote:
>
> [snip]
>
>> Am I missing something subtle here? Can elen be non-positive at that point?
It has been a while since I last looked into this code, so the details are
quite foggy. I don't think you're missing something and that '(elen > 0)'
test could be dropped. Unfortunately, I can only tell that through code
analysis -- I don't have a test environment anymore where I could try
that.
> Another fun question: for dentries with name of form _<something>_<inumber>
> we end up looking at fscrypt_has_encryption_key() not for the parent,
> but for inode with inumber encoded in dentry name. Fair enough, but...
> what happens if we run into such dentry in ceph_mdsc_build_path()?
>
> There the call of ceph_encode_encrypted_fname() is under
> if (fscrypt_has_encryption_key(d_inode(parent)))
>
> Do we need the keys for both?
I'm not sure I totally understand your question, but here are my thoughts:
if we have the key for the parent, then we *do* have the key for an inode
under that encrypted subtree. This is because AFAIR we can not have
nested encryption. Thus, the call to ceph_encode_encrypted_fname()
*should* be OK.
But I'm CC'ing Jeff as he wrote most of the cephfs fscrypt code and he
might correct me. Or maybe he has a better memory than I do.
Cheers,
--
Luís
next prev parent reply other threads:[~2025-02-14 14:05 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-14 2:47 [RFC] odd check in ceph_encode_encrypted_dname() Al Viro
2025-02-14 3:28 ` Al Viro
2025-02-14 14:05 ` Luis Henriques [this message]
2025-02-14 15:41 ` Jeff Layton
2025-02-14 16:05 ` Luis Henriques
2025-02-15 4:46 ` Al Viro
2025-02-15 4:47 ` [PATCH 1/2] prep for ceph_encode_encrypted_fname() fixes Al Viro
2025-02-15 12:41 ` Jeff Layton
2025-02-15 4:47 ` [PATCH 2/2] ceph: fix a race with rename() in ceph_mdsc_build_path() Al Viro
2025-02-15 12:42 ` Jeff Layton
2025-02-15 15:39 ` [RFC] odd check in ceph_encode_encrypted_dname() Luis Henriques
2025-02-17 17:56 ` Viacheslav Dubeyko
2025-02-17 18:48 ` Luis Henriques
2025-02-17 22:04 ` Viacheslav Dubeyko
2025-02-18 1:21 ` Al Viro
2025-02-18 23:52 ` Al Viro
2025-02-19 0:58 ` Viacheslav Dubeyko
2025-02-19 2:18 ` Al Viro
2025-02-19 23:22 ` Viacheslav Dubeyko
2025-02-21 1:21 ` Viacheslav Dubeyko
2025-02-14 15:30 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87jz9s7hb5.fsf@igalia.com \
--to=luis@igalia.com \
--cc=ceph-devel@vger.kernel.org \
--cc=idryomov@gmail.com \
--cc=jlayton@kernel.org \
--cc=lhenriques@suse.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.