From: Jeff Layton <jlayton@kernel.org>
To: idryomov@gmail.com, xiubli@redhat.com
Cc: ceph-devel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-fscrypt@vger.kernel.org, linux-kernel@vger.kernel.org,
lhenriques@suse.de
Subject: Re: [RFC PATCH v11 08/51] ceph: add support for fscrypt_auth/fscrypt_file to cap messages
Date: Wed, 23 Mar 2022 12:55:52 -0400 [thread overview]
Message-ID: <9a3dab30b8657351ab6a73de533b7e3f2a41f72a.camel@kernel.org> (raw)
In-Reply-To: <20220322141316.41325-9-jlayton@kernel.org>
On Tue, 2022-03-22 at 10:12 -0400, Jeff Layton wrote:
> Add support for new version 12 cap messages that carry the new
> fscrypt_auth and fscrypt_file fields from the inode.
>
> Signed-off-by: Jeff Layton <jlayton@kernel.org>
> ---
> fs/ceph/caps.c | 76 +++++++++++++++++++++++++++++++++++++++++---------
> 1 file changed, 63 insertions(+), 13 deletions(-)
>
> diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c
> index 7d8ef67a1032..b0b7688331b4 100644
> --- a/fs/ceph/caps.c
> +++ b/fs/ceph/caps.c
> @@ -13,6 +13,7 @@
> #include "super.h"
> #include "mds_client.h"
> #include "cache.h"
> +#include "crypto.h"
> #include <linux/ceph/decode.h>
> #include <linux/ceph/messenger.h>
>
> @@ -1214,15 +1215,12 @@ struct cap_msg_args {
> umode_t mode;
> bool inline_data;
> bool wake;
> + u32 fscrypt_auth_len;
> + u32 fscrypt_file_len;
> + u8 fscrypt_auth[sizeof(struct ceph_fscrypt_auth)]; // for context
> + u8 fscrypt_file[sizeof(u64)]; // for size
> };
>
> -/*
> - * cap struct size + flock buffer size + inline version + inline data size +
> - * osd_epoch_barrier + oldest_flush_tid
> - */
> -#define CAP_MSG_SIZE (sizeof(struct ceph_mds_caps) + \
> - 4 + 8 + 4 + 4 + 8 + 4 + 4 + 4 + 8 + 8 + 4)
> -
> /* Marshal up the cap msg to the MDS */
> static void encode_cap_msg(struct ceph_msg *msg, struct cap_msg_args *arg)
> {
> @@ -1238,7 +1236,7 @@ static void encode_cap_msg(struct ceph_msg *msg, struct cap_msg_args *arg)
> arg->size, arg->max_size, arg->xattr_version,
> arg->xattr_buf ? (int)arg->xattr_buf->vec.iov_len : 0);
>
> - msg->hdr.version = cpu_to_le16(10);
> + msg->hdr.version = cpu_to_le16(12);
> msg->hdr.tid = cpu_to_le64(arg->flush_tid);
>
> fc = msg->front.iov_base;
> @@ -1309,6 +1307,21 @@ static void encode_cap_msg(struct ceph_msg *msg, struct cap_msg_args *arg)
>
> /* Advisory flags (version 10) */
> ceph_encode_32(&p, arg->flags);
> +
> + /* dirstats (version 11) - these are r/o on the client */
> + ceph_encode_64(&p, 0);
> + ceph_encode_64(&p, 0);
> +
> +#if IS_ENABLED(CONFIG_FS_ENCRYPTION)
> + /* fscrypt_auth and fscrypt_file (version 12) */
> + ceph_encode_32(&p, arg->fscrypt_auth_len);
> + ceph_encode_copy(&p, arg->fscrypt_auth, arg->fscrypt_auth_len);
> + ceph_encode_32(&p, arg->fscrypt_file_len);
> + ceph_encode_copy(&p, arg->fscrypt_file, arg->fscrypt_file_len);
> +#else /* CONFIG_FS_ENCRYPTION */
> + ceph_encode_32(&p, 0);
> + ceph_encode_32(&p, 0);
> +#endif /* CONFIG_FS_ENCRYPTION */
> }
>
> /*
> @@ -1430,8 +1443,37 @@ static void __prep_cap(struct cap_msg_args *arg, struct ceph_cap *cap,
> }
> }
> arg->flags = flags;
> +#if IS_ENABLED(CONFIG_FS_ENCRYPTION)
> + if (ci->fscrypt_auth_len &&
> + WARN_ON_ONCE(ci->fscrypt_auth_len != sizeof(struct ceph_fscrypt_auth))) {
The above WARN_ON_ONCE is too strict, and causes the client to reject v1
fscrypt contexts (as well as throw the warning). That should be a ">"
instead. I've fixed this in my tree and pushed the fix into wip-fscrypt.
> + /* Don't set this if it isn't right size */
> + arg->fscrypt_auth_len = 0;
> + } else {
> + arg->fscrypt_auth_len = ci->fscrypt_auth_len;
> + memcpy(arg->fscrypt_auth, ci->fscrypt_auth,
> + min_t(size_t, ci->fscrypt_auth_len, sizeof(arg->fscrypt_auth)));
> + }
> + /* FIXME: use this to track "real" size */
> + arg->fscrypt_file_len = 0;
> +#endif /* CONFIG_FS_ENCRYPTION */
> }
>
> +#define CAP_MSG_FIXED_FIELDS (sizeof(struct ceph_mds_caps) + \
> + 4 + 8 + 4 + 4 + 8 + 4 + 4 + 4 + 8 + 8 + 4 + 8 + 8 + 4 + 4)
> +
> +#if IS_ENABLED(CONFIG_FS_ENCRYPTION)
> +static inline int cap_msg_size(struct cap_msg_args *arg)
> +{
> + return CAP_MSG_FIXED_FIELDS + arg->fscrypt_auth_len +
> + arg->fscrypt_file_len;
> +}
> +#else
> +static inline int cap_msg_size(struct cap_msg_args *arg)
> +{
> + return CAP_MSG_FIXED_FIELDS;
> +}
> +#endif /* CONFIG_FS_ENCRYPTION */
> +
> /*
> * Send a cap msg on the given inode.
> *
> @@ -1442,7 +1484,7 @@ static void __send_cap(struct cap_msg_args *arg, struct ceph_inode_info *ci)
> struct ceph_msg *msg;
> struct inode *inode = &ci->vfs_inode;
>
> - msg = ceph_msg_new(CEPH_MSG_CLIENT_CAPS, CAP_MSG_SIZE, GFP_NOFS, false);
> + msg = ceph_msg_new(CEPH_MSG_CLIENT_CAPS, cap_msg_size(arg), GFP_NOFS, false);
> if (!msg) {
> pr_err("error allocating cap msg: ino (%llx.%llx) flushing %s tid %llu, requeuing cap.\n",
> ceph_vinop(inode), ceph_cap_string(arg->dirty),
> @@ -1468,10 +1510,6 @@ static inline int __send_flush_snap(struct inode *inode,
> struct cap_msg_args arg;
> struct ceph_msg *msg;
>
> - msg = ceph_msg_new(CEPH_MSG_CLIENT_CAPS, CAP_MSG_SIZE, GFP_NOFS, false);
> - if (!msg)
> - return -ENOMEM;
> -
> arg.session = session;
> arg.ino = ceph_vino(inode).ino;
> arg.cid = 0;
> @@ -1509,6 +1547,18 @@ static inline int __send_flush_snap(struct inode *inode,
> arg.flags = 0;
> arg.wake = false;
>
> + /*
> + * No fscrypt_auth changes from a capsnap. It will need
> + * to update fscrypt_file on size changes (TODO).
> + */
> + arg.fscrypt_auth_len = 0;
> + arg.fscrypt_file_len = 0;
> +
> + msg = ceph_msg_new(CEPH_MSG_CLIENT_CAPS, cap_msg_size(&arg),
> + GFP_NOFS, false);
> + if (!msg)
> + return -ENOMEM;
> +
> encode_cap_msg(msg, &arg);
> ceph_con_send(&arg.session->s_con, msg);
> return 0;
--
Jeff Layton <jlayton@kernel.org>
next prev parent reply other threads:[~2022-03-23 16:56 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-22 14:12 [RFC PATCH v11 00/51] ceph+fscrypt : full support Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 01/51] vfs: export new_inode_pseudo Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 02/51] fscrypt: export fscrypt_base64url_encode and fscrypt_base64url_decode Jeff Layton
2022-03-23 14:33 ` Luís Henriques
2022-03-24 17:46 ` Eric Biggers
2022-03-25 9:59 ` Luís Henriques
2022-03-24 18:20 ` Colin Walters
2022-03-22 14:12 ` [RFC PATCH v11 03/51] fscrypt: export fscrypt_fname_encrypt and fscrypt_fname_encrypted_size Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 04/51] fscrypt: add fscrypt_context_for_new_inode Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 05/51] ceph: preallocate inode for ops that may create one Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 06/51] ceph: crypto context handling for ceph Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 07/51] ceph: parse new fscrypt_auth and fscrypt_file fields in inode traces Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 08/51] ceph: add support for fscrypt_auth/fscrypt_file to cap messages Jeff Layton
2022-03-23 16:55 ` Jeff Layton [this message]
2022-03-22 14:12 ` [RFC PATCH v11 09/51] ceph: add ability to set fscrypt_auth via setattr Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 10/51] ceph: implement -o test_dummy_encryption mount option Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 11/51] ceph: decode alternate_name in lease info Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 12/51] ceph: add fscrypt ioctls Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 13/51] ceph: make the ioctl cmd more readable in debug log Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 14/51] ceph: make ceph_msdc_build_path use ref-walk Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 15/51] ceph: add encrypted fname handling to ceph_mdsc_build_path Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 16/51] ceph: send altname in MClientRequest Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 17/51] ceph: encode encrypted name in dentry release Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 18/51] ceph: properly set DCACHE_NOKEY_NAME flag in lookup Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 19/51] ceph: make d_revalidate call fscrypt revalidator for encrypted dentries Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 20/51] ceph: add helpers for converting names for userland presentation Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 21/51] ceph: fix base64 encoded name's length check in ceph_fname_to_usr() Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 22/51] ceph: add fscrypt support to ceph_fill_trace Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 23/51] ceph: pass the request to parse_reply_info_readdir() Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 24/51] ceph: add ceph_encode_encrypted_dname() helper Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 25/51] ceph: add support to readdir for encrypted filenames Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 26/51] ceph: create symlinks with encrypted and base64-encoded targets Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 27/51] ceph: make ceph_get_name decrypt filenames Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 28/51] ceph: add a new ceph.fscrypt.auth vxattr Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 29/51] ceph: add some fscrypt guardrails Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 30/51] ceph: don't allow changing layout on encrypted files/directories Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 31/51] libceph: add CEPH_OSD_OP_ASSERT_VER support Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 32/51] ceph: size handling for encrypted inodes in cap updates Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 33/51] ceph: fscrypt_file field handling in MClientRequest messages Jeff Layton
2022-03-22 14:12 ` [RFC PATCH v11 34/51] ceph: get file size from fscrypt_file when present in inode traces Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 35/51] ceph: handle fscrypt fields in cap messages from MDS Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 36/51] ceph: add __ceph_get_caps helper support Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 37/51] ceph: add __ceph_sync_read " Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 38/51] ceph: add object version support for sync read Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 39/51] ceph: add infrastructure for file encryption and decryption Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 40/51] ceph: add truncate size handling support for fscrypt Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 41/51] libceph: allow ceph_osdc_new_request to accept a multi-op read Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 42/51] ceph: disable fallocate for encrypted inodes Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 43/51] ceph: disable copy offload on " Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 44/51] ceph: don't use special DIO path for " Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 45/51] ceph: align data in pages in ceph_sync_write Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 46/51] ceph: add read/modify/write to ceph_sync_write Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 47/51] ceph: plumb in decryption during sync reads Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 48/51] ceph: add fscrypt decryption support to ceph_netfs_issue_op Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 49/51] ceph: set i_blkbits to crypto block size for encrypted inodes Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 50/51] ceph: add encryption support to writepage Jeff Layton
2022-03-22 14:13 ` [RFC PATCH v11 51/51] ceph: fscrypt support for writepages Jeff Layton
2022-03-22 14:17 ` [RFC PATCH v11 00/51] ceph+fscrypt : full support Jeff Layton
2022-03-25 9:57 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9a3dab30b8657351ab6a73de533b7e3f2a41f72a.camel@kernel.org \
--to=jlayton@kernel.org \
--cc=ceph-devel@vger.kernel.org \
--cc=idryomov@gmail.com \
--cc=lhenriques@suse.de \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=xiubli@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).