[v13,11/59] fscrypt: add fscrypt_context_for_new_inode

Message ID	20220405192030.178326-12-jlayton@kernel.org (mailing list archive)
State	New, archived
Headers	show Return-Path: <ceph-devel-owner@kernel.org> From: Jeff Layton <jlayton@kernel.org> To: idryomov@gmail.com, xiubli@redhat.com Cc: ceph-devel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-kernel@vger.kernel.org, lhenriques@suse.de, Eric Biggers <ebiggers@google.com> Subject: [PATCH v13 11/59] fscrypt: add fscrypt_context_for_new_inode Date: Tue, 5 Apr 2022 15:19:42 -0400 Message-Id: <20220405192030.178326-12-jlayton@kernel.org> In-Reply-To: <20220405192030.178326-1-jlayton@kernel.org> References: <20220405192030.178326-1-jlayton@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	ceph+fscrypt: full support \| expand [v13,00/59] ceph+fscrypt: full support [v13,01/59] libceph: add spinlock around osd->o_requests [v13,02/59] libceph: define struct ceph_sparse_extent and add some helpers [v13,03/59] libceph: add sparse read support to msgr2 crc state machine [v13,04/59] libceph: add sparse read support to OSD client [v13,05/59] libceph: support sparse reads on msgr2 secure codepath [v13,06/59] libceph: add sparse read support to msgr1 [v13,07/59] ceph: add new mount option to enable sparse reads [v13,08/59] fs: change test in inode_insert5 for adding to the sb list [v13,09/59] fscrypt: export fscrypt_base64url_encode and fscrypt_base64url_decode [v13,10/59] fscrypt: export fscrypt_fname_encrypt and fscrypt_fname_encrypted_size [v13,11/59] fscrypt: add fscrypt_context_for_new_inode [v13,12/59] ceph: preallocate inode for ops that may create one [v13,13/59] ceph: fscrypt_auth handling for ceph [v13,14/59] ceph: ensure that we accept a new context from MDS for new inodes [v13,15/59] ceph: add support for fscrypt_auth/fscrypt_file to cap messages [v13,16/59] ceph: implement -o test_dummy_encryption mount option [v13,17/59] ceph: decode alternate_name in lease info [v13,18/59] ceph: add fscrypt ioctls [v13,19/59] ceph: make the ioctl cmd more readable in debug log [v13,20/59] ceph: make ceph_msdc_build_path use ref-walk [v13,21/59] ceph: add encrypted fname handling to ceph_mdsc_build_path [v13,22/59] ceph: send altname in MClientRequest [v13,23/59] ceph: encode encrypted name in dentry release [v13,24/59] ceph: properly set DCACHE_NOKEY_NAME flag in lookup [v13,25/59] ceph: set DCACHE_NOKEY_NAME in atomic open [v13,26/59] ceph: make d_revalidate call fscrypt revalidator for encrypted dentries [v13,27/59] ceph: add helpers for converting names for userland presentation [v13,28/59] ceph: fix base64 encoded name's length check in ceph_fname_to_usr() [v13,29/59] ceph: add fscrypt support to ceph_fill_trace [v13,30/59] ceph: pass the request to parse_reply_info_readdir() [v13,31/59] ceph: add ceph_encode_encrypted_dname() helper [v13,32/59] ceph: add support to readdir for encrypted filenames [v13,33/59] ceph: create symlinks with encrypted and base64-encoded targets [v13,34/59] ceph: make ceph_get_name decrypt filenames [v13,35/59] ceph: add a new ceph.fscrypt.auth vxattr [v13,36/59] ceph: add some fscrypt guardrails [v13,37/59] ceph: don't allow changing layout on encrypted files/directories [v13,38/59] libceph: add CEPH_OSD_OP_ASSERT_VER support [v13,39/59] ceph: size handling for encrypted inodes in cap updates [v13,40/59] ceph: fscrypt_file field handling in MClientRequest messages [v13,41/59] ceph: get file size from fscrypt_file when present in inode traces [v13,42/59] ceph: handle fscrypt fields in cap messages from MDS [v13,43/59] ceph: update WARN_ON message to pr_warn [v13,44/59] ceph: add __ceph_get_caps helper support [v13,45/59] ceph: add __ceph_sync_read helper support [v13,46/59] ceph: add object version support for sync read [v13,47/59] ceph: add infrastructure for file encryption and decryption [v13,48/59] ceph: add truncate size handling support for fscrypt [v13,49/59] libceph: allow ceph_osdc_new_request to accept a multi-op read [v13,50/59] ceph: disable fallocate for encrypted inodes [v13,51/59] ceph: disable copy offload on encrypted inodes [v13,52/59] ceph: don't use special DIO path for encrypted inodes [v13,53/59] ceph: align data in pages in ceph_sync_write [v13,54/59] ceph: add read/modify/write to ceph_sync_write [v13,55/59] ceph: plumb in decryption during sync reads [v13,56/59] ceph: add fscrypt decryption support to ceph_netfs_issue_op [v13,57/59] ceph: set i_blkbits to crypto block size for encrypted inodes [v13,58/59] ceph: add encryption support to writepage [v13,59/59] ceph: fscrypt support for writepages

Message ID

20220405192030.178326-12-jlayton@kernel.org (mailing list archive)

State

New, archived

Headers

From: Jeff Layton <jlayton@kernel.org>
To: idryomov@gmail.com, xiubli@redhat.com
Cc: ceph-devel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
        linux-fscrypt@vger.kernel.org, linux-kernel@vger.kernel.org,
        lhenriques@suse.de, Eric Biggers <ebiggers@google.com>
Subject: [PATCH v13 11/59] fscrypt: add fscrypt_context_for_new_inode
Date: Tue,  5 Apr 2022 15:19:42 -0400
Message-Id: <20220405192030.178326-12-jlayton@kernel.org>
In-Reply-To: <20220405192030.178326-1-jlayton@kernel.org>
References: <20220405192030.178326-1-jlayton@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

ceph+fscrypt: full support | expand

Commit Message

Jeff Layton April 5, 2022, 7:19 p.m. UTC

Most filesystems just call fscrypt_set_context on new inodes, which
usually causes a setxattr. That's a bit late for ceph, which can send
along a full set of attributes with the create request.

Doing so allows it to avoid race windows that where the new inode could
be seen by other clients without the crypto context attached. It also
avoids the separate round trip to the server.

Refactor the fscrypt code a bit to allow us to create a new crypto
context, attach it to the inode, and write it to the buffer, but without
calling set_context on it. ceph can later use this to marshal the
context into the attributes we send along with the create request.

Acked-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Jeff Layton <jlayton@kernel.org>
---
 fs/crypto/policy.c      | 35 +++++++++++++++++++++++++++++------
 include/linux/fscrypt.h |  1 +
 2 files changed, 30 insertions(+), 6 deletions(-)

diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c
index ed3d623724cd..ec861af96252 100644
--- a/fs/crypto/policy.c
+++ b/fs/crypto/policy.c
@@ -664,6 +664,32 @@  const union fscrypt_policy *fscrypt_policy_to_inherit(struct inode *dir)
 	return fscrypt_get_dummy_policy(dir->i_sb);
 }
 
+/**
+ * fscrypt_context_for_new_inode() - create an encryption context for a new inode
+ * @ctx: where context should be written
+ * @inode: inode from which to fetch policy and nonce
+ *
+ * Given an in-core "prepared" (via fscrypt_prepare_new_inode) inode,
+ * generate a new context and write it to ctx. ctx _must_ be at least
+ * FSCRYPT_SET_CONTEXT_MAX_SIZE bytes.
+ *
+ * Return: size of the resulting context or a negative error code.
+ */
+int fscrypt_context_for_new_inode(void *ctx, struct inode *inode)
+{
+	struct fscrypt_info *ci = inode->i_crypt_info;
+
+	BUILD_BUG_ON(sizeof(union fscrypt_context) !=
+			FSCRYPT_SET_CONTEXT_MAX_SIZE);
+
+	/* fscrypt_prepare_new_inode() should have set up the key already. */
+	if (WARN_ON_ONCE(!ci))
+		return -ENOKEY;
+
+	return fscrypt_new_context(ctx, &ci->ci_policy, ci->ci_nonce);
+}
+EXPORT_SYMBOL_GPL(fscrypt_context_for_new_inode);
+
 /**
  * fscrypt_set_context() - Set the fscrypt context of a new inode
  * @inode: a new inode
@@ -680,12 +706,9 @@  int fscrypt_set_context(struct inode *inode, void *fs_data)
 	union fscrypt_context ctx;
 	int ctxsize;
 
-	/* fscrypt_prepare_new_inode() should have set up the key already. */
-	if (WARN_ON_ONCE(!ci))
-		return -ENOKEY;
-
-	BUILD_BUG_ON(sizeof(ctx) != FSCRYPT_SET_CONTEXT_MAX_SIZE);
-	ctxsize = fscrypt_new_context(&ctx, &ci->ci_policy, ci->ci_nonce);
+	ctxsize = fscrypt_context_for_new_inode(&ctx, inode);
+	if (ctxsize < 0)
+		return ctxsize;
 
 	/*
 	 * This may be the first time the inode number is available, so do any
diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h
index 84b363665162..ebe908b20d94 100644
--- a/include/linux/fscrypt.h
+++ b/include/linux/fscrypt.h
@@ -276,6 +276,7 @@  int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg);
 int fscrypt_ioctl_get_policy_ex(struct file *filp, void __user *arg);
 int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg);
 int fscrypt_has_permitted_context(struct inode *parent, struct inode *child);
+int fscrypt_context_for_new_inode(void *ctx, struct inode *inode);
 int fscrypt_set_context(struct inode *inode, void *fs_data);
 
 struct fscrypt_dummy_policy {

[v13,11/59] fscrypt: add fscrypt_context_for_new_inode

Commit Message

Patch