diff mbox series

[v19,52/70] ceph: disable copy offload on encrypted inodes

Message ID	20230417032654.32352-53-xiubli@redhat.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <ceph-devel-owner@vger.kernel.org> From: xiubli@redhat.com To: idryomov@gmail.com, ceph-devel@vger.kernel.org Cc: jlayton@kernel.org, vshankar@redhat.com, lhenriques@suse.de, mchangir@redhat.com, Xiubo Li <xiubli@redhat.com> Subject: [PATCH v19 52/70] ceph: disable copy offload on encrypted inodes Date: Mon, 17 Apr 2023 11:26:36 +0800 Message-Id: <20230417032654.32352-53-xiubli@redhat.com> In-Reply-To: <20230417032654.32352-1-xiubli@redhat.com> References: <20230417032654.32352-1-xiubli@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	ceph+fscrypt: full support \| expand [v19,00/70] ceph+fscrypt: full support [v19,01/70] libceph: add spinlock around osd->o_requests [v19,02/70] libceph: define struct ceph_sparse_extent and add some helpers [v19,03/70] libceph: add sparse read support to msgr2 crc state machine [v19,04/70] libceph: add sparse read support to OSD client [v19,05/70] libceph: support sparse reads on msgr2 secure codepath [v19,06/70] libceph: add sparse read support to msgr1 [v19,07/70] ceph: add new mount option to enable sparse reads [v19,08/70] ceph: preallocate inode for ops that may create one [v19,09/70] ceph: make ceph_msdc_build_path use ref-walk [v19,10/70] libceph: add new iov_iter-based ceph_msg_data_type and ceph_osd_data_type [v19,11/70] ceph: use osd_req_op_extent_osd_iter for netfs reads [v19,12/70] ceph: fscrypt_auth handling for ceph [v19,13/70] ceph: ensure that we accept a new context from MDS for new inodes [v19,14/70] ceph: add support for fscrypt_auth/fscrypt_file to cap messages [v19,15/70] ceph: implement -o test_dummy_encryption mount option [v19,16/70] ceph: decode alternate_name in lease info [v19,17/70] ceph: add fscrypt ioctls [v19,18/70] ceph: make the ioctl cmd more readable in debug log [v19,19/70] ceph: add base64 endcoding routines for encrypted names [v19,20/70] ceph: add encrypted fname handling to ceph_mdsc_build_path [v19,21/70] ceph: send altname in MClientRequest [v19,22/70] ceph: encode encrypted name in dentry release [v19,23/70] ceph: properly set DCACHE_NOKEY_NAME flag in lookup [v19,24/70] ceph: set DCACHE_NOKEY_NAME in atomic open [v19,25/70] ceph: make d_revalidate call fscrypt revalidator for encrypted dentries [v19,26/70] ceph: add helpers for converting names for userland presentation [v19,27/70] ceph: fix base64 encoded name's length check in ceph_fname_to_usr() [v19,28/70] ceph: add fscrypt support to ceph_fill_trace [v19,29/70] ceph: pass the request to parse_reply_info_readdir() [v19,30/70] ceph: add ceph_encode_encrypted_dname() helper [v19,31/70] ceph: add support to readdir for encrypted filenames [v19,32/70] ceph: create symlinks with encrypted and base64-encoded targets [v19,33/70] ceph: make ceph_get_name decrypt filenames [v19,34/70] ceph: add a new ceph.fscrypt.auth vxattr [v19,35/70] ceph: add some fscrypt guardrails [v19,36/70] ceph: allow encrypting a directory while not having Ax caps [v19,37/70] ceph: mark directory as non-complete after loading key [v19,38/70] ceph: don't allow changing layout on encrypted files/directories [v19,39/70] libceph: add CEPH_OSD_OP_ASSERT_VER support [v19,40/70] ceph: size handling for encrypted inodes in cap updates [v19,41/70] ceph: fscrypt_file field handling in MClientRequest messages [v19,42/70] ceph: get file size from fscrypt_file when present in inode traces [v19,43/70] ceph: handle fscrypt fields in cap messages from MDS [v19,44/70] ceph: update WARN_ON message to pr_warn [v19,45/70] ceph: add __ceph_get_caps helper support [v19,46/70] ceph: add __ceph_sync_read helper support [v19,47/70] ceph: add object version support for sync read [v19,48/70] ceph: add infrastructure for file encryption and decryption [v19,49/70] ceph: add truncate size handling support for fscrypt [v19,50/70] libceph: allow ceph_osdc_new_request to accept a multi-op read [v19,51/70] ceph: disable fallocate for encrypted inodes [v19,52/70] ceph: disable copy offload on encrypted inodes [v19,53/70] ceph: don't use special DIO path for encrypted inodes [v19,54/70] ceph: align data in pages in ceph_sync_write [v19,55/70] ceph: add read/modify/write to ceph_sync_write [v19,56/70] ceph: plumb in decryption during sync reads [v19,57/70] ceph: add fscrypt decryption support to ceph_netfs_issue_op [v19,58/70] ceph: set i_blkbits to crypto block size for encrypted inodes [v19,59/70] ceph: add encryption support to writepage [v19,60/70] ceph: fscrypt support for writepages [v19,61/70] ceph: invalidate pages when doing direct/sync writes [v19,62/70] ceph: add support for encrypted snapshot names [v19,63/70] ceph: add support for handling encrypted snapshot names [v19,64/70] ceph: update documentation regarding snapshot naming limitations [v19,65/70] ceph: prevent snapshots to be created in encrypted locked directories [v19,66/70] ceph: report STATX_ATTR_ENCRYPTED on encrypted inodes [v19,67/70] ceph: drop the messages from MDS when unmounting [v19,68/70] ceph: fix updating the i_truncate_pagecache_size for fscrypt [v19,69/70] ceph: switch ceph_open() to use new fscrypt helper [v19,70/70] ceph: switch ceph_open_atomic() to use the new fscrypt helper

Commit Message

Xiubo Li April 17, 2023, 3:26 a.m. UTC

From: Jeff Layton <jlayton@kernel.org>

If we have an encrypted inode, then the client will need to re-encrypt
the contents of the new object. Disable copy offload to or from
encrypted inodes.

Tested-by: Luís Henriques <lhenriques@suse.de>
Tested-by: Venky Shankar <vshankar@redhat.com>
Reviewed-by: Luís Henriques <lhenriques@suse.de>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Signed-off-by: Jeff Layton <jlayton@kernel.org>
---
 fs/ceph/file.c | 4 ++++
 1 file changed, 4 insertions(+)

diff mbox series

Patch

diff --git a/fs/ceph/file.c b/fs/ceph/file.c
index e3d07f4049df..f621f733898e 100644
--- a/fs/ceph/file.c
+++ b/fs/ceph/file.c
@@ -2519,6 +2519,10 @@  static ssize_t __ceph_copy_file_range(struct file *src_file, loff_t src_off,
 		return -EOPNOTSUPP;
 	}
 
+	/* Every encrypted inode gets its own key, so we can't offload them */
+	if (IS_ENCRYPTED(src_inode) || IS_ENCRYPTED(dst_inode))
+		return -EOPNOTSUPP;
+
 	if (len < src_ci->i_layout.object_size)
 		return -EOPNOTSUPP; /* no remote copy will be done */