mbox series

[RFC,v7,00/24] ceph+fscrypt: context, filename and symlink support

Message ID 20210625135834.12934-1-jlayton@kernel.org (mailing list archive)
Headers show
Series ceph+fscrypt: context, filename and symlink support | expand

Message

Jeffrey Layton June 25, 2021, 1:58 p.m. UTC 
This patchset is a fairly substantial rework since the last set. Rather
than storing the crypto context in an xattr, this one stores it in a new
field associated with AUTH caps. That ensures that it's always
available whenever an inode is instantiated, and should prevent the
deadlock that Luis reported. This means that we need to do a setattr
request to set the context now, so support for that is also added.

The required MDS patches are currently here:

    https://github.com/ceph/ceph/pull/41284

...but it's marked as draft for now. I don't want to merge this until
the content encryption piece is more clearly defined. These patches are
also available in my git tree under the ceph-fscrypt-fnames-v7 tag:

    https://git.kernel.org/pub/scm/linux/kernel/git/jlayton/linux.git/

This seems to be reasonably robust in testing. The next step is content
encryption. I have a start on some of those patches, but it's still very
much a WIP.

Jeff Layton (24):
  vfs: export new_inode_pseudo
  fscrypt: export fscrypt_base64_encode and fscrypt_base64_decode
  fscrypt: export fscrypt_fname_encrypt and fscrypt_fname_encrypted_size
  fscrypt: add fscrypt_context_for_new_inode
  ceph: preallocate inode for ops that may create one
  ceph: parse new fscrypt_auth and fscrypt_file fields in inode traces
  ceph: add fscrypt_* handling to caps.c
  ceph: add ability to set fscrypt_auth via setattr
  ceph: crypto context handling for ceph
  ceph: implement -o test_dummy_encryption mount option
  ceph: add routine to create fscrypt context prior to RPC
  ceph: add fscrypt ioctls
  ceph: decode alternate_name in lease info
  ceph: make ceph_msdc_build_path use ref-walk
  ceph: add encrypted fname handling to ceph_mdsc_build_path
  ceph: send altname in MClientRequest
  ceph: properly set DCACHE_NOKEY_NAME flag in lookup
  ceph: make d_revalidate call fscrypt revalidator for encrypted
    dentries
  ceph: add helpers for converting names for userland presentation
  ceph: add fscrypt support to ceph_fill_trace
  ceph: add support to readdir for encrypted filenames
  ceph: create symlinks with encrypted and base64-encoded targets
  ceph: make ceph_get_name decrypt filenames
  ceph: add a new ceph.fscrypt.auth vxattr

 fs/ceph/Makefile             |   1 +
 fs/ceph/acl.c                |   4 +-
 fs/ceph/caps.c               |  62 +++++--
 fs/ceph/crypto.c             | 206 +++++++++++++++++++++
 fs/ceph/crypto.h             | 119 ++++++++++++
 fs/ceph/dir.c                | 198 +++++++++++++++-----
 fs/ceph/export.c             |  44 +++--
 fs/ceph/file.c               |  64 ++++---
 fs/ceph/inode.c              | 302 +++++++++++++++++++++++++++---
 fs/ceph/ioctl.c              |  83 +++++++++
 fs/ceph/mds_client.c         | 345 ++++++++++++++++++++++++++++++-----
 fs/ceph/mds_client.h         |  22 ++-
 fs/ceph/super.c              |  80 +++++++-
 fs/ceph/super.h              |  32 +++-
 fs/ceph/xattr.c              |  20 ++
 fs/crypto/fname.c            |  53 ++++--
 fs/crypto/fscrypt_private.h  |   9 +-
 fs/crypto/hooks.c            |   6 +-
 fs/crypto/policy.c           |  34 +++-
 fs/inode.c                   |   1 +
 include/linux/ceph/ceph_fs.h |  21 ++-
 include/linux/fscrypt.h      |  10 +
 22 files changed, 1498 insertions(+), 218 deletions(-)
 create mode 100644 fs/ceph/crypto.c
 create mode 100644 fs/ceph/crypto.h