[RFC,v5,04/19] fscrypt: add fscrypt_context_for_new_inode

Message ID	20210326173227.96363-5-jlayton@kernel.org (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-fsdevel-owner@kernel.org> From: Jeff Layton <jlayton@kernel.org> To: ceph-devel@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org Subject: [RFC PATCH v5 04/19] fscrypt: add fscrypt_context_for_new_inode Date: Fri, 26 Mar 2021 13:32:12 -0400 Message-Id: <20210326173227.96363-5-jlayton@kernel.org> In-Reply-To: <20210326173227.96363-1-jlayton@kernel.org> References: <20210326173227.96363-1-jlayton@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	ceph+fscrypt: context, filename and symlink support \| expand [RFC,v5,00/19] ceph+fscrypt: context, filename and symlink support [RFC,v5,01/19] vfs: export new_inode_pseudo [RFC,v5,02/19] fscrypt: export fscrypt_base64_encode and fscrypt_base64_decode [RFC,v5,03/19] fscrypt: export fscrypt_fname_encrypt and fscrypt_fname_encrypted_size [RFC,v5,04/19] fscrypt: add fscrypt_context_for_new_inode [RFC,v5,05/19] ceph: crypto context handling for ceph [RFC,v5,06/19] ceph: implement -o test_dummy_encryption mount option [RFC,v5,07/19] ceph: preallocate inode for ops that may create one [RFC,v5,08/19] ceph: add routine to create fscrypt context prior to RPC [RFC,v5,09/19] ceph: make ceph_msdc_build_path use ref-walk [RFC,v5,10/19] ceph: add encrypted fname handling to ceph_mdsc_build_path [RFC,v5,11/19] ceph: decode alternate_name in lease info [RFC,v5,12/19] ceph: send altname in MClientRequest [RFC,v5,13/19] ceph: properly set DCACHE_NOKEY_NAME flag in lookup [RFC,v5,14/19] ceph: make d_revalidate call fscrypt revalidator for encrypted dentries [RFC,v5,15/19] ceph: add helpers for converting names for userland presentation [RFC,v5,16/19] ceph: add fscrypt support to ceph_fill_trace [RFC,v5,17/19] ceph: add support to readdir for encrypted filenames [RFC,v5,18/19] ceph: create symlinks with encrypted and base64-encoded targets [RFC,v5,19/19] ceph: add fscrypt ioctls [RFC,v5,20/19] ceph: make ceph_get_name decrypt filenames

Message ID

20210326173227.96363-5-jlayton@kernel.org (mailing list archive)

State

New, archived

Headers

From: Jeff Layton <jlayton@kernel.org>
To: ceph-devel@vger.kernel.org
Cc: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org
Subject: [RFC PATCH v5 04/19] fscrypt: add fscrypt_context_for_new_inode
Date: Fri, 26 Mar 2021 13:32:12 -0400
Message-Id: <20210326173227.96363-5-jlayton@kernel.org>
In-Reply-To: <20210326173227.96363-1-jlayton@kernel.org>
References: <20210326173227.96363-1-jlayton@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

ceph+fscrypt: context, filename and symlink support | expand

Commit Message

Jeff Layton March 26, 2021, 5:32 p.m. UTC

CephFS will need to be able to generate a context for a new "prepared"
inode. Add a new routine for getting the context out of an in-core
inode.

Signed-off-by: Jeff Layton <jlayton@kernel.org>
---
 fs/crypto/policy.c      | 34 ++++++++++++++++++++++++++++------
 include/linux/fscrypt.h |  1 +
 2 files changed, 29 insertions(+), 6 deletions(-)

Comments

Eric Biggers April 8, 2021, 1:21 a.m. UTC | #1

On Fri, Mar 26, 2021 at 01:32:12PM -0400, Jeff Layton wrote:
> CephFS will need to be able to generate a context for a new "prepared"
> inode. Add a new routine for getting the context out of an in-core
> inode.

It would be helpful to briefly mention why fscrypt_set_context() can't be used
instead (like the other filesystems do).

- Eric

Jeff Layton April 8, 2021, 4:27 p.m. UTC | #2

On Wed, 2021-04-07 at 18:21 -0700, Eric Biggers wrote:
> On Fri, Mar 26, 2021 at 01:32:12PM -0400, Jeff Layton wrote:
> > CephFS will need to be able to generate a context for a new "prepared"
> > inode. Add a new routine for getting the context out of an in-core
> > inode.
> 
> It would be helpful to briefly mention why fscrypt_set_context() can't be used
> instead (like the other filesystems do).
> 

I'll add this to the changelog as well before the next posting, but
basically, when we send a create request to the MDS, we send along a
full set of attributes, including an xattr blob that includes the
encryption.ctx xattr.

If we used fscrypt_set_context then we'd have to make a separate round
trip to set the xattr on the server for every create. We'd also have a
window of time where the inode exists on the MDS but has no encryption
context attached, which could cause race conditions with other clients.

diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c
index ed3d623724cd..6a895a31560f 100644
--- a/fs/crypto/policy.c
+++ b/fs/crypto/policy.c
@@ -664,6 +664,31 @@  const union fscrypt_policy *fscrypt_policy_to_inherit(struct inode *dir)
 	return fscrypt_get_dummy_policy(dir->i_sb);
 }
 
+/**
+ * fscrypt_context_for_new_inode() - create an encryption context for a new inode
+ * @ctx: where context should be written
+ * @inode: inode from which to fetch policy and nonce
+ *
+ * Given an in-core "prepared" (via fscrypt_prepare_new_inode) inode,
+ * generate a new context and write it to ctx. ctx _must_ be at least
+ * FSCRYPT_SET_CONTEXT_MAX_SIZE bytes.
+ *
+ * Returns size of the resulting context or a negative error code.
+ */
+int fscrypt_context_for_new_inode(void *ctx, struct inode *inode)
+{
+	struct fscrypt_info *ci = inode->i_crypt_info;
+
+	BUILD_BUG_ON(sizeof(union fscrypt_context) != FSCRYPT_SET_CONTEXT_MAX_SIZE);
+
+	/* fscrypt_prepare_new_inode() should have set up the key already. */
+	if (WARN_ON_ONCE(!ci))
+		return -ENOKEY;
+
+	return fscrypt_new_context(ctx, &ci->ci_policy, ci->ci_nonce);
+}
+EXPORT_SYMBOL_GPL(fscrypt_context_for_new_inode);
+
 /**
  * fscrypt_set_context() - Set the fscrypt context of a new inode
  * @inode: a new inode
@@ -680,12 +705,9 @@  int fscrypt_set_context(struct inode *inode, void *fs_data)
 	union fscrypt_context ctx;
 	int ctxsize;
 
-	/* fscrypt_prepare_new_inode() should have set up the key already. */
-	if (WARN_ON_ONCE(!ci))
-		return -ENOKEY;
-
-	BUILD_BUG_ON(sizeof(ctx) != FSCRYPT_SET_CONTEXT_MAX_SIZE);
-	ctxsize = fscrypt_new_context(&ctx, &ci->ci_policy, ci->ci_nonce);
+	ctxsize = fscrypt_context_for_new_inode(&ctx, inode);
+	if (ctxsize < 0)
+		return ctxsize;
 
 	/*
 	 * This may be the first time the inode number is available, so do any
diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h
index b5c31baaa8bf..087fa87bca0b 100644
--- a/include/linux/fscrypt.h
+++ b/include/linux/fscrypt.h
@@ -178,6 +178,7 @@  int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg);
 int fscrypt_ioctl_get_policy_ex(struct file *filp, void __user *arg);
 int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg);
 int fscrypt_has_permitted_context(struct inode *parent, struct inode *child);
+int fscrypt_context_for_new_inode(void *ctx, struct inode *inode);
 int fscrypt_set_context(struct inode *inode, void *fs_data);
 
 struct fscrypt_dummy_policy {

[RFC,v5,04/19] fscrypt: add fscrypt_context_for_new_inode

Commit Message

Comments

Patch