From: Jeff Layton <jlayton@kernel.org>
To: Xiubo Li <xiubli@redhat.com>,
ceph-devel@vger.kernel.org, linux-fscrypt@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org, idryomov@gmail.com
Subject: Re: [RFC PATCH v10 07/48] ceph: parse new fscrypt_auth and fscrypt_file fields in inode traces
Date: Thu, 17 Feb 2022 06:39:35 -0500 [thread overview]
Message-ID: <91736a9af23930729a7079dfaf77d3933464fa9f.camel@kernel.org> (raw)
In-Reply-To: <4faa6b1e-1e64-da2e-f722-0fc75fec51b7@redhat.com>
On Thu, 2022-02-17 at 16:25 +0800, Xiubo Li wrote:
> On 1/12/22 3:15 AM, Jeff Layton wrote:
> > ...and store them in the ceph_inode_info.
> >
> > Signed-off-by: Jeff Layton <jlayton@kernel.org>
> > ---
> > fs/ceph/file.c | 2 ++
> > fs/ceph/inode.c | 18 ++++++++++++++-
> > fs/ceph/mds_client.c | 55 ++++++++++++++++++++++++++++++++++++++++++++
> > fs/ceph/mds_client.h | 4 ++++
> > fs/ceph/super.h | 6 +++++
> > 5 files changed, 84 insertions(+), 1 deletion(-)
> >
> > diff --git a/fs/ceph/file.c b/fs/ceph/file.c
> > index ace72a052254..5937a25ddddd 100644
> > --- a/fs/ceph/file.c
> > +++ b/fs/ceph/file.c
> > @@ -597,6 +597,8 @@ static int ceph_finish_async_create(struct inode *dir, struct inode *inode,
> > iinfo.xattr_data = xattr_buf;
> > memset(iinfo.xattr_data, 0, iinfo.xattr_len);
> >
> > + /* FIXME: set fscrypt_auth and fscrypt_file */
> > +
> > in.ino = cpu_to_le64(vino.ino);
> > in.snapid = cpu_to_le64(CEPH_NOSNAP);
> > in.version = cpu_to_le64(1); // ???
> > diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c
> > index 649d7a059d7b..d090fe081093 100644
> > --- a/fs/ceph/inode.c
> > +++ b/fs/ceph/inode.c
> > @@ -609,7 +609,10 @@ struct inode *ceph_alloc_inode(struct super_block *sb)
> > INIT_WORK(&ci->i_work, ceph_inode_work);
> > ci->i_work_mask = 0;
> > memset(&ci->i_btime, '\0', sizeof(ci->i_btime));
> > -
> > +#ifdef CONFIG_FS_ENCRYPTION
> > + ci->fscrypt_auth = NULL;
> > + ci->fscrypt_auth_len = 0;
> > +#endif
> > ceph_fscache_inode_init(ci);
> >
> > return &ci->vfs_inode;
> > @@ -620,6 +623,9 @@ void ceph_free_inode(struct inode *inode)
> > struct ceph_inode_info *ci = ceph_inode(inode);
> >
> > kfree(ci->i_symlink);
> > +#ifdef CONFIG_FS_ENCRYPTION
> > + kfree(ci->fscrypt_auth);
> > +#endif
> > kmem_cache_free(ceph_inode_cachep, ci);
> > }
> >
> > @@ -1020,6 +1026,16 @@ int ceph_fill_inode(struct inode *inode, struct page *locked_page,
> > xattr_blob = NULL;
> > }
> >
> > +#ifdef CONFIG_FS_ENCRYPTION
> > + if (iinfo->fscrypt_auth_len && !ci->fscrypt_auth) {
> > + ci->fscrypt_auth_len = iinfo->fscrypt_auth_len;
> > + ci->fscrypt_auth = iinfo->fscrypt_auth;
> > + iinfo->fscrypt_auth = NULL;
> > + iinfo->fscrypt_auth_len = 0;
> > + inode_set_flags(inode, S_ENCRYPTED, S_ENCRYPTED);
> > + }
> > +#endif
> > +
> > /* finally update i_version */
> > if (le64_to_cpu(info->version) > ci->i_version)
> > ci->i_version = le64_to_cpu(info->version);
> > diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c
> > index 57cf21c9199f..bd824e989449 100644
> > --- a/fs/ceph/mds_client.c
> > +++ b/fs/ceph/mds_client.c
> > @@ -184,8 +184,50 @@ static int parse_reply_info_in(void **p, void *end,
> > info->rsnaps = 0;
> > }
> >
> > + if (struct_v >= 5) {
> > + u32 alen;
> > +
> > + ceph_decode_32_safe(p, end, alen, bad);
> > +
> > + while (alen--) {
> > + u32 len;
> > +
> > + /* key */
> > + ceph_decode_32_safe(p, end, len, bad);
> > + ceph_decode_skip_n(p, end, len, bad);
> > + /* value */
> > + ceph_decode_32_safe(p, end, len, bad);
> > + ceph_decode_skip_n(p, end, len, bad);
> > + }
> > + }
> > +
> > + /* fscrypt flag -- ignore */
> > + if (struct_v >= 6)
> > + ceph_decode_skip_8(p, end, bad);
> > +
> > + info->fscrypt_auth = NULL;
> > + info->fscrypt_file = NULL;
>
> The 'fscrypt_auth_len' and 'fscrypt_file_len' should also be reset here.
> Or we will hit the issue I mentioned as bellow:
>
>
> cp: cannot access './dir___683': No buffer space available
> cp: cannot access './dir___686': No buffer space available
>
> The dmesg logs:
>
> <7>[ 1256.918250] ceph: readdir 0000000089964a71 file 00000000065cb689
> pos 0
> <7>[ 1256.918254] ceph: readdir off 0 -> '.'
> <7>[ 1256.918258] ceph: readdir off 1 -> '..'
> <4>[ 1256.918262] fscrypt (ceph, inode 1099511630270): Error -105
> getting encryption context
> <7>[ 1256.918269] ceph: readdir 0000000089964a71 file 00000000065cb689
> pos 2
> <4>[ 1256.918273] fscrypt (ceph, inode 1099511630270): Error -105
> getting encryption context
>
>
> This can be reproduced when using an old ceph cluster without fscrypt
> support.
>
> And also I have sent out one fix to zero the memory when allocating it
> in ceph_readdir() to fix the potential bug like this.
>
> Thanks
>
> BRs
>
> -- Xiubo
>
>
Good catch, Xiubo.
I merged your patch into the testing branch, and fixed this patch to
also zero out the fscrypt_auth_len and fscrypt_file_len. I've also
rebased the wip-fscrypt branch onto the current testing branch.
> > + if (struct_v >= 7) {
> > + ceph_decode_32_safe(p, end, info->fscrypt_auth_len, bad);
> > + if (info->fscrypt_auth_len) {
> > + info->fscrypt_auth = kmalloc(info->fscrypt_auth_len, GFP_KERNEL);
> > + if (!info->fscrypt_auth)
> > + return -ENOMEM;
> > + ceph_decode_copy_safe(p, end, info->fscrypt_auth,
> > + info->fscrypt_auth_len, bad);
> > + }
> > + ceph_decode_32_safe(p, end, info->fscrypt_file_len, bad);
> > + if (info->fscrypt_file_len) {
> > + info->fscrypt_file = kmalloc(info->fscrypt_file_len, GFP_KERNEL);
> > + if (!info->fscrypt_file)
> > + return -ENOMEM;
> > + ceph_decode_copy_safe(p, end, info->fscrypt_file,
> > + info->fscrypt_file_len, bad);
> > + }
> > + }
> > *p = end;
> > } else {
> > + /* legacy (unversioned) struct */
> > if (features & CEPH_FEATURE_MDS_INLINE_DATA) {
> > ceph_decode_64_safe(p, end, info->inline_version, bad);
> > ceph_decode_32_safe(p, end, info->inline_len, bad);
> > @@ -626,8 +668,21 @@ static int parse_reply_info(struct ceph_mds_session *s, struct ceph_msg *msg,
> >
> > static void destroy_reply_info(struct ceph_mds_reply_info_parsed *info)
> > {
> > + int i;
> > +
> > + kfree(info->diri.fscrypt_auth);
> > + kfree(info->diri.fscrypt_file);
> > + kfree(info->targeti.fscrypt_auth);
> > + kfree(info->targeti.fscrypt_file);
> > if (!info->dir_entries)
> > return;
> > +
> > + for (i = 0; i < info->dir_nr; i++) {
> > + struct ceph_mds_reply_dir_entry *rde = info->dir_entries + i;
> > +
> > + kfree(rde->inode.fscrypt_auth);
> > + kfree(rde->inode.fscrypt_file);
> > + }
> > free_pages((unsigned long)info->dir_entries, get_order(info->dir_buf_size));
> > }
> >
> > diff --git a/fs/ceph/mds_client.h b/fs/ceph/mds_client.h
> > index c3986a412fb5..98a8710807d1 100644
> > --- a/fs/ceph/mds_client.h
> > +++ b/fs/ceph/mds_client.h
> > @@ -88,6 +88,10 @@ struct ceph_mds_reply_info_in {
> > s32 dir_pin;
> > struct ceph_timespec btime;
> > struct ceph_timespec snap_btime;
> > + u8 *fscrypt_auth;
> > + u8 *fscrypt_file;
> > + u32 fscrypt_auth_len;
> > + u32 fscrypt_file_len;
> > u64 rsnaps;
> > u64 change_attr;
> > };
> > diff --git a/fs/ceph/super.h b/fs/ceph/super.h
> > index 532ee9fca878..5b4092e5f291 100644
> > --- a/fs/ceph/super.h
> > +++ b/fs/ceph/super.h
> > @@ -433,6 +433,12 @@ struct ceph_inode_info {
> > struct work_struct i_work;
> > unsigned long i_work_mask;
> >
> > +#ifdef CONFIG_FS_ENCRYPTION
> > + u32 fscrypt_auth_len;
> > + u32 fscrypt_file_len;
> > + u8 *fscrypt_auth;
> > + u8 *fscrypt_file;
> > +#endif
> > #ifdef CONFIG_CEPH_FSCACHE
> > struct fscache_cookie *fscache;
> > #endif
>
--
Jeff Layton <jlayton@kernel.org>
next prev parent reply other threads:[~2022-02-17 11:39 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-11 19:15 [RFC PATCH v10 00/48] ceph+fscrypt: full support Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 01/48] vfs: export new_inode_pseudo Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 02/48] fscrypt: export fscrypt_base64url_encode and fscrypt_base64url_decode Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 03/48] fscrypt: export fscrypt_fname_encrypt and fscrypt_fname_encrypted_size Jeff Layton
2022-01-27 1:58 ` Eric Biggers
2022-01-11 19:15 ` [RFC PATCH v10 04/48] fscrypt: add fscrypt_context_for_new_inode Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 05/48] ceph: preallocate inode for ops that may create one Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 06/48] ceph: crypto context handling for ceph Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 07/48] ceph: parse new fscrypt_auth and fscrypt_file fields in inode traces Jeff Layton
2022-02-17 8:25 ` Xiubo Li
2022-02-17 11:39 ` Jeff Layton [this message]
2022-02-18 1:09 ` Xiubo Li
2022-01-11 19:15 ` [RFC PATCH v10 08/48] ceph: add fscrypt_* handling to caps.c Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 09/48] ceph: add ability to set fscrypt_auth via setattr Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 10/48] ceph: implement -o test_dummy_encryption mount option Jeff Layton
2022-02-11 13:50 ` Luís Henriques
2022-02-11 14:52 ` Jeff Layton
2022-02-14 9:29 ` Luís Henriques
2022-01-11 19:15 ` [RFC PATCH v10 11/48] ceph: decode alternate_name in lease info Jeff Layton
2022-03-01 10:57 ` Xiubo Li
2022-03-01 11:18 ` Xiubo Li
2022-03-01 13:10 ` Jeff Layton
2022-03-01 13:51 ` Xiubo Li
2022-03-01 13:57 ` Jeff Layton
2022-03-01 14:07 ` Xiubo Li
2022-03-01 14:14 ` Jeff Layton
2022-03-01 14:30 ` Xiubo Li
2022-01-11 19:15 ` [RFC PATCH v10 12/48] ceph: add fscrypt ioctls Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 13/48] ceph: make ceph_msdc_build_path use ref-walk Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 14/48] ceph: add encrypted fname handling to ceph_mdsc_build_path Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 15/48] ceph: send altname in MClientRequest Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 16/48] ceph: encode encrypted name in dentry release Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 17/48] ceph: properly set DCACHE_NOKEY_NAME flag in lookup Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 18/48] ceph: make d_revalidate call fscrypt revalidator for encrypted dentries Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 19/48] ceph: add helpers for converting names for userland presentation Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 20/48] ceph: add fscrypt support to ceph_fill_trace Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 21/48] ceph: add support to readdir for encrypted filenames Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 22/48] ceph: create symlinks with encrypted and base64-encoded targets Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 23/48] ceph: make ceph_get_name decrypt filenames Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 24/48] ceph: add a new ceph.fscrypt.auth vxattr Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 25/48] ceph: add some fscrypt guardrails Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 26/48] ceph: don't allow changing layout on encrypted files/directories Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 27/48] libceph: add CEPH_OSD_OP_ASSERT_VER support Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 28/48] ceph: size handling for encrypted inodes in cap updates Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 29/48] ceph: fscrypt_file field handling in MClientRequest messages Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 30/48] ceph: get file size from fscrypt_file when present in inode traces Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 31/48] ceph: handle fscrypt fields in cap messages from MDS Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 32/48] ceph: add __ceph_get_caps helper support Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 33/48] ceph: add __ceph_sync_read " Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 34/48] ceph: add object version support for sync read Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 35/48] ceph: add infrastructure for file encryption and decryption Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 36/48] ceph: add truncate size handling support for fscrypt Jeff Layton
2022-01-12 8:41 ` Xiubo Li
2022-01-11 19:15 ` [RFC PATCH v10 37/48] libceph: allow ceph_osdc_new_request to accept a multi-op read Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 38/48] ceph: disable fallocate for encrypted inodes Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 39/48] ceph: disable copy offload on " Jeff Layton
2022-01-11 19:16 ` [RFC PATCH v10 40/48] ceph: don't use special DIO path for " Jeff Layton
2022-01-11 19:16 ` [RFC PATCH v10 41/48] ceph: set encryption context on open Jeff Layton
2022-01-11 19:16 ` [RFC PATCH v10 42/48] ceph: align data in pages in ceph_sync_write Jeff Layton
2022-01-11 19:16 ` [RFC PATCH v10 43/48] ceph: add read/modify/write to ceph_sync_write Jeff Layton
2022-01-19 3:21 ` Xiubo Li
2022-01-19 5:08 ` Xiubo Li
2022-01-19 11:06 ` Jeff Layton
2022-01-11 19:16 ` [RFC PATCH v10 44/48] ceph: plumb in decryption during sync reads Jeff Layton
2022-01-19 5:18 ` Xiubo Li
2022-01-19 18:49 ` Jeff Layton
2022-01-11 19:16 ` [RFC PATCH v10 45/48] ceph: set i_blkbits to crypto block size for encrypted inodes Jeff Layton
2022-01-11 19:16 ` [RFC PATCH v10 46/48] ceph: add fscrypt decryption support to ceph_netfs_issue_op Jeff Layton
2022-01-11 19:16 ` [RFC PATCH v10 47/48] ceph: add encryption support to writepage Jeff Layton
2022-01-11 19:16 ` [RFC PATCH v10 48/48] ceph: fscrypt support for writepages Jeff Layton
2022-01-11 19:26 ` [RFC PATCH v10 00/48] ceph+fscrypt: full support Jeff Layton
2022-01-27 2:14 ` Eric Biggers
2022-01-27 11:08 ` Jeff Layton
2022-01-28 20:39 ` Eric Biggers
2022-01-28 20:47 ` Jeff Layton
2022-02-14 9:37 ` Xiubo Li
2022-02-14 11:33 ` Jeff Layton
2022-02-14 12:08 ` Xiubo Li
2022-02-15 0:44 ` Xiubo Li
2022-02-14 17:57 ` Luís Henriques
2022-02-14 18:39 ` Jeff Layton
2022-02-14 21:00 ` Luís Henriques
2022-02-14 21:10 ` Jeff Layton
2022-02-16 16:13 ` Luís Henriques
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=91736a9af23930729a7079dfaf77d3933464fa9f.camel@kernel.org \
--to=jlayton@kernel.org \
--cc=ceph-devel@vger.kernel.org \
--cc=idryomov@gmail.com \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=xiubli@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).