From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wr1-f46.google.com (mail-wr1-f46.google.com [209.85.221.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EFA3713DBA0 for ; Wed, 27 May 2026 12:00:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.46 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779883217; cv=none; b=FS3Y6rZBV4kVnMHqYy4zOscpldAfq8vj3YHqME7WIB9nXawHVJN5isaJLBhtEMJf/SvObvKzkU4jG+teNKcemDjWmpJh3O+tjRchC0lY/b9NPRol6xkMLkmtxhg9TFTWvizP7J9jqGRYG/LB/ZNySA2EwOxioob7uAqTA5gMfKU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779883217; c=relaxed/simple; bh=uh5Z6xxP2ViIZSZAYz1zobcE0sSpa6X6JN88q87OluI=; h=Date:From:To:Cc:Subject:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=pgFIGcRHCYVeghz5/xg/DT+sthvkYwYsygl+rr+M/Dbe0i3Qs+ohWJsfleUxODW/qLckwEUwkp37plxqmnnNSgA+vRN2m0sZSQEegJEPkbV8RDGHHpf6Aq8gSTimDAH7sy916vGrm9Cu1mg7GHhuLOtEs9O+dwzFrtKKif05mq0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=EO/G0JaY; arc=none smtp.client-ip=209.85.221.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="EO/G0JaY" Received: by mail-wr1-f46.google.com with SMTP id ffacd0b85a97d-43d7645adbdso7158657f8f.1 for ; Wed, 27 May 2026 05:00:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1779883214; x=1780488014; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=CI1XrbB08fJnj/+Jt7BQ2bALSl2qU1edDmRWW1UIbPs=; b=EO/G0JaYwu9bfZlEqyqQ7HHQBkb/UsVtIUKbJYaQ2I1HtKJdv7X2Z2lXgePJLo19fo aJ7u54kZnZgAIk08a8XdZwd92j9Rpm13tUYMABegx72D9cJhNJJKIpTwQBHtlmyaTEQO Ssixadq+VzR0eWK9Ff2DUn31i/MuUoQjyWRIgAwV+qJ81SOMk8PgM+p8hQUFaGlmv3q4 JVdRJ502QZUmv8AFcX7eRUdlTXTqlitgy/Vy3Hf1c0smaZZopKksXQYNZ02+RYyIPR71 410jvevdr1DCfctDu5QKzB7fmIxF0pQxiusdNF51m745vlsrcW5IVEH3rxipmQoEEomK 0EfQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779883214; x=1780488014; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=CI1XrbB08fJnj/+Jt7BQ2bALSl2qU1edDmRWW1UIbPs=; b=XXI+2eDO7fQ5DA/6M0yRf/cCSdcjTiCqU5jAwxvdwQomy1lFOeQLJszzuGzBB8r2uI fm5rIZswAmHkDNAi++93j07tespSZnibcR3am58hgvY9i8oOqzGQLjru7ZoEDhtXmI5d ehZBtT5YkvWYaP4VDFUAVVBPa7s09hpacoKC3xMgyF3WocL6ZlHgcRFcdqtKfFfVxGfO h5Rvn6hQNaI34mdpbJL0saIxPqXLo5urrSPc6gJVZxKNRHwcL6CBnN9lw+/u6jQ4tGZw GFVJL2g8aM8mIqUjQ5nKEjlJOfqa+GTy0Muicm/5VgDrnLnIle6+lhwbKbAmvq2HlvvD Z9YA== X-Forwarded-Encrypted: i=1; AFNElJ+q6kDwJ5B0uxU6kWLaDM6Dzkj8BzppYbqKYQD48cRznk2qCGzvxWAdaAh+XsQjs/mNfZeto1DFaVzNVWM=@vger.kernel.org X-Gm-Message-State: AOJu0YwpBIr3+ffLGUFL2T6PkSDjkL2uxklIwTR88D/ANGXhe39pOWxH iL9sFAT3Cpe9HLDbye2nvK4xrMknmpZZc6bw+5VkpRlzKGTRN+a19+eh X-Gm-Gg: Acq92OHu8GA6DhYLOByaS5vkUut8ioKIy/rVq0uR/GuGsO4gD6Prhqc+W7yIX2xrVfP AFFoVsc+1dkjyv3G8tgqi6W091G/YXLNwEg7ZI58PHzIY0yq2Q49A36Mr3o4e7OSDYn/8uVwCwM kQpXjhlZDDu5ZlGrXcUhDFNfl0q0GBkFZCW8sO/eCpkcxKBUdYFINi/LluPasW8gjxknw3fErP6 rQK+W4F/kVmHMwgEmvLUz2Wgp9+x1lvnlB7JtbmoaWs+9FQAkh/T1DM4BdtSPyv/i0WWl51AvKy Drt2zv2706AzAcBycfUbK+NgYiwlhrVVVKGSFVq2jq1o8qba9fHU1I+ekZmGQhJwxWYMnuoWDfI 045p5+SrbRLY6gAv6FzTPF7A4bqIJj/JH6BIzY1zt8pBqMIlSOOkhZfaYqRiUhkJjEKwJZvF483 15G06/1UDYV/TtxIwg3bhcw3OcNshE6n66g1Iuub7uvgUvHujnOWB6j6bCEfsNumkW X-Received: by 2002:a05:6000:430b:b0:45e:8526:7dd1 with SMTP id ffacd0b85a97d-45eb39e1f12mr36501519f8f.22.1779883212294; Wed, 27 May 2026 05:00:12 -0700 (PDT) Received: from pumpkin (82-69-66-36.dsl.in-addr.zen.co.uk. [82.69.66.36]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-45edb549addsm5519489f8f.5.2026.05.27.05.00.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 May 2026 05:00:11 -0700 (PDT) Date: Wed, 27 May 2026 13:00:08 +0100 From: David Laight To: Sam Edwards Cc: Ilya Dryomov , Alex Markuze , Viacheslav Dubeyko , Jeff Layton , Xiubo Li , Milind Changire , ceph-devel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 1/2] ceph: pass fscrypt `tname` buffers directly Message-ID: <20260527130008.0261fd62@pumpkin> In-Reply-To: <20260527025828.5966-2-CFSworks@gmail.com> References: <20260527025828.5966-1-CFSworks@gmail.com> <20260527025828.5966-2-CFSworks@gmail.com> X-Mailer: Claws Mail 4.1.1 (GTK 3.24.38; arm-unknown-linux-gnueabihf) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Tue, 26 May 2026 19:58:27 -0700 Sam Edwards wrote: > ceph_fname_to_usr() needs a temporary buffer for some operations > (currently only base64-decoding ciphertext) and it is convenient to > allow the caller to specify this buffer to avoid a heap allocation, so > it has a (nullable) `tname` argument. Until now, this argument was a > `struct fscrypt_str`; however, this is unnecessary for two reasons: > > 1. `tname->len` isn't used anywhere: ceph_fname_to_usr() assumes a > buffer large enough to hold the ciphertext, and > parse_reply_info_readdir() -- the only caller to use tname -- doesn't > set it. > 2. While the `tname` parameter is documented "may be NULL," > parse_reply_info_readdir() always passes it but with `tname->name` > sometimes NULL in violation of the contract, indicating that the > unnecessary container creates actual confusion. > > Therefore, change the type to `unsigned char *` and pass the buffer > directly. > > Signed-off-by: Sam Edwards > --- > fs/ceph/crypto.c | 10 +++++----- > fs/ceph/crypto.h | 4 ++-- > fs/ceph/mds_client.c | 6 +++--- > 3 files changed, 10 insertions(+), 10 deletions(-) > > diff --git a/fs/ceph/crypto.c b/fs/ceph/crypto.c > index 64d240759277..7515cb251226 100644 > --- a/fs/ceph/crypto.c > +++ b/fs/ceph/crypto.c > @@ -300,7 +300,7 @@ int ceph_encode_encrypted_dname(struct inode *parent, char *buf, int elen) > * > * Returns 0 on success or negative error code on error. > */ > -int ceph_fname_to_usr(const struct ceph_fname *fname, struct fscrypt_str *tname, > +int ceph_fname_to_usr(const struct ceph_fname *fname, unsigned char *tname, I can't help feeling that the buffer length should also be passed. Either explicitly or, if constant, implicitly by embedding the array in a structure. -- David > struct fscrypt_str *oname, bool *is_nokey) > { > struct inode *dir = fname->dir; > @@ -357,16 +357,16 @@ int ceph_fname_to_usr(const struct ceph_fname *fname, struct fscrypt_str *tname, > ret = fscrypt_fname_alloc_buffer(NAME_MAX, &_tname); > if (ret) > goto out_inode; > - tname = &_tname; > + tname = _tname.name; > } > > - declen = base64_decode(name, name_len, > - tname->name, false, BASE64_IMAP); > + declen = base64_decode(name, name_len, tname, false, > + BASE64_IMAP); > if (declen <= 0) { > ret = -EIO; > goto out; > } > - iname.name = tname->name; > + iname.name = tname; > iname.len = declen; > } else { > iname.name = fname->ctext; > diff --git a/fs/ceph/crypto.h b/fs/ceph/crypto.h > index b748e2060bc9..79cb563fd887 100644 > --- a/fs/ceph/crypto.h > +++ b/fs/ceph/crypto.h > @@ -115,7 +115,7 @@ static inline void ceph_fname_free_buffer(struct inode *parent, > fscrypt_fname_free_buffer(fname); > } > > -int ceph_fname_to_usr(const struct ceph_fname *fname, struct fscrypt_str *tname, > +int ceph_fname_to_usr(const struct ceph_fname *fname, unsigned char *tname, > struct fscrypt_str *oname, bool *is_nokey); > int ceph_fscrypt_prepare_readdir(struct inode *dir); > > @@ -204,7 +204,7 @@ static inline void ceph_fname_free_buffer(struct inode *parent, > } > > static inline int ceph_fname_to_usr(const struct ceph_fname *fname, > - struct fscrypt_str *tname, > + unsigned char *tname, > struct fscrypt_str *oname, bool *is_nokey) > { > oname->name = fname->name; > diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c > index ed17e0023705..aa6730b48e97 100644 > --- a/fs/ceph/mds_client.c > +++ b/fs/ceph/mds_client.c > @@ -488,11 +488,11 @@ static int parse_reply_info_readdir(void **p, void *end, > struct inode *inode = d_inode(req->r_dentry); > struct ceph_inode_info *ci = ceph_inode(inode); > struct ceph_mds_reply_dir_entry *rde = info->dir_entries + i; > - struct fscrypt_str tname = FSTR_INIT(NULL, 0); > struct fscrypt_str oname = FSTR_INIT(NULL, 0); > struct ceph_fname fname; > u32 altname_len, _name_len; > u8 *altname, *_name; > + u8 *tname = NULL; > > /* dentry */ > ceph_decode_32_safe(p, end, _name_len, bad); > @@ -540,7 +540,7 @@ static int parse_reply_info_readdir(void **p, void *end, > * always be shorter, which is 3/4 of origin > * string. > */ > - tname.name = _name; > + tname = _name; > > /* > * Set oname to _name too, and this will be > @@ -557,7 +557,7 @@ static int parse_reply_info_readdir(void **p, void *end, > oname.len = altname_len; > } > rde->is_nokey = false; > - err = ceph_fname_to_usr(&fname, &tname, &oname, &rde->is_nokey); > + err = ceph_fname_to_usr(&fname, tname, &oname, &rde->is_nokey); > if (err) { > pr_err_client(cl, "unable to decode %.*s, got %d\n", > _name_len, _name, err);