Message ID | 20220331153130.41287-9-jlayton@kernel.org (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | ceph+fscrypt: fully-working prototype | expand |
On Thu, Mar 31, 2022 at 11:30:44AM -0400, Jeff Layton wrote: > static struct fscrypt_operations ceph_fscrypt_ops = { > .key_prefix = "ceph:", > .get_context = ceph_crypt_get_context, > .set_context = ceph_crypt_set_context, > .empty_dir = ceph_crypt_empty_dir, > + .has_stable_inodes = ceph_crypt_has_stable_inodes, > }; What is the use case for implementing this? Note the comment in the struct definition: /* * Check whether the filesystem's inode numbers and UUID are stable, * meaning that they will never be changed even by offline operations * such as filesystem shrinking and therefore can be used in the * encryption without the possibility of files becoming unreadable. * * Filesystems only need to implement this function if they want to * support the FSCRYPT_POLICY_FLAG_IV_INO_LBLK_{32,64} flags. These * flags are designed to work around the limitations of UFS and eMMC * inline crypto hardware, and they shouldn't be used in scenarios where * such hardware isn't being used. * * Leaving this NULL is equivalent to always returning false. */ bool (*has_stable_inodes)(struct super_block *sb); I think you should just leave this NULL for now. - Eric
On Thu, 2022-03-31 at 20:03 +0000, Eric Biggers wrote: > On Thu, Mar 31, 2022 at 11:30:44AM -0400, Jeff Layton wrote: > > static struct fscrypt_operations ceph_fscrypt_ops = { > > .key_prefix = "ceph:", > > .get_context = ceph_crypt_get_context, > > .set_context = ceph_crypt_set_context, > > .empty_dir = ceph_crypt_empty_dir, > > + .has_stable_inodes = ceph_crypt_has_stable_inodes, > > }; > > What is the use case for implementing this? Note the comment in the struct > definition: > > /* > * Check whether the filesystem's inode numbers and UUID are stable, > * meaning that they will never be changed even by offline operations > * such as filesystem shrinking and therefore can be used in the > * encryption without the possibility of files becoming unreadable. > * > * Filesystems only need to implement this function if they want to > * support the FSCRYPT_POLICY_FLAG_IV_INO_LBLK_{32,64} flags. These > * flags are designed to work around the limitations of UFS and eMMC > * inline crypto hardware, and they shouldn't be used in scenarios where > * such hardware isn't being used. > * > * Leaving this NULL is equivalent to always returning false. > */ > bool (*has_stable_inodes)(struct super_block *sb); > > I think you should just leave this NULL for now. > Mostly we were just looking for ways to make all of the -g encrypt xfstests pass. I'll plan to drop this patch and 07/54. I don't see any need to support legacy modes or stuff that involves special storage hw. - Jeff Layton <jlayton@kernel.org>
On Fri, Apr 01, 2022 at 06:37:10AM -0400, Jeff Layton wrote: > On Thu, 2022-03-31 at 20:03 +0000, Eric Biggers wrote: > > On Thu, Mar 31, 2022 at 11:30:44AM -0400, Jeff Layton wrote: > > > static struct fscrypt_operations ceph_fscrypt_ops = { > > > .key_prefix = "ceph:", > > > .get_context = ceph_crypt_get_context, > > > .set_context = ceph_crypt_set_context, > > > .empty_dir = ceph_crypt_empty_dir, > > > + .has_stable_inodes = ceph_crypt_has_stable_inodes, > > > }; > > > > What is the use case for implementing this? Note the comment in the struct > > definition: > > > > /* > > * Check whether the filesystem's inode numbers and UUID are stable, > > * meaning that they will never be changed even by offline operations > > * such as filesystem shrinking and therefore can be used in the > > * encryption without the possibility of files becoming unreadable. > > * > > * Filesystems only need to implement this function if they want to > > * support the FSCRYPT_POLICY_FLAG_IV_INO_LBLK_{32,64} flags. These > > * flags are designed to work around the limitations of UFS and eMMC > > * inline crypto hardware, and they shouldn't be used in scenarios where > > * such hardware isn't being used. > > * > > * Leaving this NULL is equivalent to always returning false. > > */ > > bool (*has_stable_inodes)(struct super_block *sb); > > > > I think you should just leave this NULL for now. > > > > Mostly we were just looking for ways to make all of the -g encrypt > xfstests pass. I'll plan to drop this patch and 07/54. I don't see any > need to support legacy modes or stuff that involves special storage hw. Do generic/592 and generic/602 fail without this patch? If so, that would be a test bug, since they should be skipped if the filesystem doesn't support FSCRYPT_POLICY_FLAG_IV_INO_LBLK_{64,32}. I think that _require_encryption_policy_support() should be already taking care of that, though? - Eric
On Fri, 2022-04-01 at 18:16 +0000, Eric Biggers wrote: > On Fri, Apr 01, 2022 at 06:37:10AM -0400, Jeff Layton wrote: > > On Thu, 2022-03-31 at 20:03 +0000, Eric Biggers wrote: > > > On Thu, Mar 31, 2022 at 11:30:44AM -0400, Jeff Layton wrote: > > > > static struct fscrypt_operations ceph_fscrypt_ops = { > > > > .key_prefix = "ceph:", > > > > .get_context = ceph_crypt_get_context, > > > > .set_context = ceph_crypt_set_context, > > > > .empty_dir = ceph_crypt_empty_dir, > > > > + .has_stable_inodes = ceph_crypt_has_stable_inodes, > > > > }; > > > > > > What is the use case for implementing this? Note the comment in the struct > > > definition: > > > > > > /* > > > * Check whether the filesystem's inode numbers and UUID are stable, > > > * meaning that they will never be changed even by offline operations > > > * such as filesystem shrinking and therefore can be used in the > > > * encryption without the possibility of files becoming unreadable. > > > * > > > * Filesystems only need to implement this function if they want to > > > * support the FSCRYPT_POLICY_FLAG_IV_INO_LBLK_{32,64} flags. These > > > * flags are designed to work around the limitations of UFS and eMMC > > > * inline crypto hardware, and they shouldn't be used in scenarios where > > > * such hardware isn't being used. > > > * > > > * Leaving this NULL is equivalent to always returning false. > > > */ > > > bool (*has_stable_inodes)(struct super_block *sb); > > > > > > I think you should just leave this NULL for now. > > > > > > > Mostly we were just looking for ways to make all of the -g encrypt > > xfstests pass. I'll plan to drop this patch and 07/54. I don't see any > > need to support legacy modes or stuff that involves special storage hw. > > Do generic/592 and generic/602 fail without this patch? If so, that would be a > test bug, since they should be skipped if the filesystem doesn't support > FSCRYPT_POLICY_FLAG_IV_INO_LBLK_{64,32}. I think that > _require_encryption_policy_support() should be already taking care of that, > though? > My mistake. Those are just skipped with that patch dropped. Thanks,
diff --git a/fs/ceph/crypto.c b/fs/ceph/crypto.c index d1a6595a810f..3ec01702e7be 100644 --- a/fs/ceph/crypto.c +++ b/fs/ceph/crypto.c @@ -57,6 +57,11 @@ static int ceph_crypt_set_context(struct inode *inode, const void *ctx, size_t l return ret; } +static const union fscrypt_policy *ceph_get_dummy_policy(struct super_block *sb) +{ + return ceph_sb_to_client(sb)->dummy_enc_policy.policy; +} + static bool ceph_crypt_empty_dir(struct inode *inode) { struct ceph_inode_info *ci = ceph_inode(inode); @@ -64,11 +69,17 @@ static bool ceph_crypt_empty_dir(struct inode *inode) return ci->i_rsubdirs + ci->i_rfiles == 1; } +static bool ceph_crypt_has_stable_inodes(struct super_block *sb) +{ + return true; +} + static struct fscrypt_operations ceph_fscrypt_ops = { .key_prefix = "ceph:", .get_context = ceph_crypt_get_context, .set_context = ceph_crypt_set_context, .empty_dir = ceph_crypt_empty_dir, + .has_stable_inodes = ceph_crypt_has_stable_inodes, }; void ceph_fscrypt_set_ops(struct super_block *sb) diff --git a/fs/ceph/file.c b/fs/ceph/file.c index cccf729b55a8..5832dcea2d8c 100644 --- a/fs/ceph/file.c +++ b/fs/ceph/file.c @@ -629,6 +629,8 @@ static int ceph_finish_async_create(struct inode *dir, struct inode *inode, iinfo.xattr_data = xattr_buf; memset(iinfo.xattr_data, 0, iinfo.xattr_len); + /* FIXME: set fscrypt_auth and fscrypt_file */ + in.ino = cpu_to_le64(vino.ino); in.snapid = cpu_to_le64(CEPH_NOSNAP); in.version = cpu_to_le64(1); // ??? diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c index 9b333e9966f0..216e90779a55 100644 --- a/fs/ceph/inode.c +++ b/fs/ceph/inode.c @@ -615,7 +615,10 @@ struct inode *ceph_alloc_inode(struct super_block *sb) INIT_WORK(&ci->i_work, ceph_inode_work); ci->i_work_mask = 0; memset(&ci->i_btime, '\0', sizeof(ci->i_btime)); - +#ifdef CONFIG_FS_ENCRYPTION + ci->fscrypt_auth = NULL; + ci->fscrypt_auth_len = 0; +#endif ceph_fscache_inode_init(ci); return &ci->vfs_inode; @@ -626,6 +629,9 @@ void ceph_free_inode(struct inode *inode) struct ceph_inode_info *ci = ceph_inode(inode); kfree(ci->i_symlink); +#ifdef CONFIG_FS_ENCRYPTION + kfree(ci->fscrypt_auth); +#endif kmem_cache_free(ceph_inode_cachep, ci); } @@ -1026,6 +1032,16 @@ int ceph_fill_inode(struct inode *inode, struct page *locked_page, xattr_blob = NULL; } +#ifdef CONFIG_FS_ENCRYPTION + if (iinfo->fscrypt_auth_len && !ci->fscrypt_auth) { + ci->fscrypt_auth_len = iinfo->fscrypt_auth_len; + ci->fscrypt_auth = iinfo->fscrypt_auth; + iinfo->fscrypt_auth = NULL; + iinfo->fscrypt_auth_len = 0; + inode_set_flags(inode, S_ENCRYPTED, S_ENCRYPTED); + } +#endif + /* finally update i_version */ if (le64_to_cpu(info->version) > ci->i_version) ci->i_version = le64_to_cpu(info->version); diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c index 7aa253be7edc..cd7ad033492b 100644 --- a/fs/ceph/mds_client.c +++ b/fs/ceph/mds_client.c @@ -184,8 +184,52 @@ static int parse_reply_info_in(void **p, void *end, info->rsnaps = 0; } + if (struct_v >= 5) { + u32 alen; + + ceph_decode_32_safe(p, end, alen, bad); + + while (alen--) { + u32 len; + + /* key */ + ceph_decode_32_safe(p, end, len, bad); + ceph_decode_skip_n(p, end, len, bad); + /* value */ + ceph_decode_32_safe(p, end, len, bad); + ceph_decode_skip_n(p, end, len, bad); + } + } + + /* fscrypt flag -- ignore */ + if (struct_v >= 6) + ceph_decode_skip_8(p, end, bad); + + info->fscrypt_auth = NULL; + info->fscrypt_auth_len = 0; + info->fscrypt_file = NULL; + info->fscrypt_file_len = 0; + if (struct_v >= 7) { + ceph_decode_32_safe(p, end, info->fscrypt_auth_len, bad); + if (info->fscrypt_auth_len) { + info->fscrypt_auth = kmalloc(info->fscrypt_auth_len, GFP_KERNEL); + if (!info->fscrypt_auth) + return -ENOMEM; + ceph_decode_copy_safe(p, end, info->fscrypt_auth, + info->fscrypt_auth_len, bad); + } + ceph_decode_32_safe(p, end, info->fscrypt_file_len, bad); + if (info->fscrypt_file_len) { + info->fscrypt_file = kmalloc(info->fscrypt_file_len, GFP_KERNEL); + if (!info->fscrypt_file) + return -ENOMEM; + ceph_decode_copy_safe(p, end, info->fscrypt_file, + info->fscrypt_file_len, bad); + } + } *p = end; } else { + /* legacy (unversioned) struct */ if (features & CEPH_FEATURE_MDS_INLINE_DATA) { ceph_decode_64_safe(p, end, info->inline_version, bad); ceph_decode_32_safe(p, end, info->inline_len, bad); @@ -650,8 +694,21 @@ static int parse_reply_info(struct ceph_mds_session *s, struct ceph_msg *msg, static void destroy_reply_info(struct ceph_mds_reply_info_parsed *info) { + int i; + + kfree(info->diri.fscrypt_auth); + kfree(info->diri.fscrypt_file); + kfree(info->targeti.fscrypt_auth); + kfree(info->targeti.fscrypt_file); if (!info->dir_entries) return; + + for (i = 0; i < info->dir_nr; i++) { + struct ceph_mds_reply_dir_entry *rde = info->dir_entries + i; + + kfree(rde->inode.fscrypt_auth); + kfree(rde->inode.fscrypt_file); + } free_pages((unsigned long)info->dir_entries, get_order(info->dir_buf_size)); } diff --git a/fs/ceph/mds_client.h b/fs/ceph/mds_client.h index 2e945979a2e0..96d726ee5250 100644 --- a/fs/ceph/mds_client.h +++ b/fs/ceph/mds_client.h @@ -88,6 +88,10 @@ struct ceph_mds_reply_info_in { s32 dir_pin; struct ceph_timespec btime; struct ceph_timespec snap_btime; + u8 *fscrypt_auth; + u8 *fscrypt_file; + u32 fscrypt_auth_len; + u32 fscrypt_file_len; u64 rsnaps; u64 change_attr; }; diff --git a/fs/ceph/super.h b/fs/ceph/super.h index f23e49f46440..e12e5b484564 100644 --- a/fs/ceph/super.h +++ b/fs/ceph/super.h @@ -438,6 +438,12 @@ struct ceph_inode_info { struct work_struct i_work; unsigned long i_work_mask; +#ifdef CONFIG_FS_ENCRYPTION + u32 fscrypt_auth_len; + u32 fscrypt_file_len; + u8 *fscrypt_auth; + u8 *fscrypt_file; +#endif #ifdef CONFIG_CEPH_FSCACHE struct fscache_cookie *fscache; #endif