From patchwork Mon Nov 21 18:00:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Luis Henriques X-Patchwork-Id: 13051513 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D770CC4332F for ; Mon, 21 Nov 2022 17:59:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231440AbiKUR76 (ORCPT ); Mon, 21 Nov 2022 12:59:58 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50328 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231429AbiKUR7e (ORCPT ); Mon, 21 Nov 2022 12:59:34 -0500 Received: from smtp-out2.suse.de (smtp-out2.suse.de [IPv6:2001:67c:2178:6::1d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3C5F9D92F2; Mon, 21 Nov 2022 09:59:05 -0800 (PST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 892041F8AC; Mon, 21 Nov 2022 17:59:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1669053543; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=44EUHZK2+7LroGLrO/sdeQ2g9vjpmkmO6JfvjGdqyUY=; b=kmH/CJRWgUfNkoHM0QIGHup6M/jnRjyzoMSLtgCcaoMyZ7u+cybdbLx2j9ZAedBTj/6ru/ Akn0gj03DF5mZ0qg0ehU9xtmxHO3vV3Yyjvbps1Qo1xyFoUzcSYvNVHGcsZS1TsKXi63NW 3rvoczDcjRdsg3KFqV+aZg1rPO4w5K4= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1669053543; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=44EUHZK2+7LroGLrO/sdeQ2g9vjpmkmO6JfvjGdqyUY=; b=XWuXEq0g41TSz1G1aKWdeLnw4eXiZQ6uHaF2s2XjLIx2fLf/PYHMfZVNcNfmxjZGh/pQly 5e8jwTlO15hqAPBg== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 246C71376E; Mon, 21 Nov 2022 17:59:03 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id /lbfBWe8e2OBEwAAMHmgww (envelope-from ); Mon, 21 Nov 2022 17:59:03 +0000 Received: from localhost (brahms.olymp [local]) by brahms.olymp (OpenSMTPD) with ESMTPA id 8d21cd82; Mon, 21 Nov 2022 18:00:04 +0000 (UTC) From: =?utf-8?q?Lu=C3=ADs_Henriques?= To: Xiubo Li , Ilya Dryomov , Jeff Layton Cc: ceph-devel@vger.kernel.org, linux-kernel@vger.kernel.org, =?utf-8?q?Lu?= =?utf-8?q?=C3=ADs_Henriques?= Subject: [PATCH v2] ceph: make sure directories aren't complete after setting crypt context Date: Mon, 21 Nov 2022 18:00:04 +0000 Message-Id: <20221121180004.8038-1-lhenriques@suse.de> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org When setting a directory's crypt context, __ceph_dir_clear_complete() needs to be used otherwise, if it was complete before, any old dentry that's still around will be valid. Signed-off-by: Luís Henriques --- Hi Xiubo! I've added the __fscrypt_prepare_readdir() wrapper as you suggested, but I had to change it slightly because we also need to handle the error cases. Changes since v1: - Moved the __ceph_dir_clear_complete() call from ceph_crypt_get_context() to ceph_lookup(). - Added an __fscrypt_prepare_readdir() wrapper to check key status changes fs/ceph/dir.c | 31 ++++++++++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c index edc2bf0aab83..2cac7e3ab352 100644 --- a/fs/ceph/dir.c +++ b/fs/ceph/dir.c @@ -763,6 +763,27 @@ static bool is_root_ceph_dentry(struct inode *inode, struct dentry *dentry) strncmp(dentry->d_name.name, ".ceph", 5) == 0; } +/* + * Simple wrapper around __fscrypt_prepare_readdir() that will return: + * + * - '1' if directory was locked and key is now loaded (i.e. dir is unlocked), + * - '0' if directory is still locked, or + * - an error (< 0) if __fscrypt_prepare_readdir() fails. + */ +static int ceph_fscrypt_prepare_readdir(struct inode *dir) +{ + bool had_key = fscrypt_has_encryption_key(dir); + int err; + + err = __fscrypt_prepare_readdir(dir); + if (err) + return err; + /* is directory now unlocked? */ + if (!had_key && fscrypt_has_encryption_key(dir)) + return 1; + return 0; +} + /* * Look up a single dir entry. If there is a lookup intent, inform * the MDS so that it gets our 'caps wanted' value in a single op. @@ -784,10 +805,14 @@ static struct dentry *ceph_lookup(struct inode *dir, struct dentry *dentry, return ERR_PTR(-ENAMETOOLONG); if (IS_ENCRYPTED(dir)) { - err = __fscrypt_prepare_readdir(dir); - if (err) + err = ceph_fscrypt_prepare_readdir(dir); + if (err < 0) return ERR_PTR(err); - if (!fscrypt_has_encryption_key(dir)) { + if (err) { + /* directory just got unlocked */ + __ceph_dir_clear_complete(ceph_inode(dir)); + } else { + /* no encryption key */ spin_lock(&dentry->d_lock); dentry->d_flags |= DCACHE_NOKEY_NAME; spin_unlock(&dentry->d_lock);