Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp409773pxb; Wed, 18 Aug 2021 05:23:49 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyWPuWJz0UlrgqUKLC0rGuX9UA7m1Nf4z1IRrVBYMak+illUC1hbx97cBJulx3kNtZm1Ceg X-Received: by 2002:a17:907:a078:: with SMTP id ia24mr9382733ejc.207.1629289429586; Wed, 18 Aug 2021 05:23:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629289429; cv=none; d=google.com; s=arc-20160816; b=hDhmBlFPAiPriet6p0DRJXICni1qBy+5j8tftb+nRe3Rc/4IWAJpWZA5Nwg7WLq8M7 nFkkykA6hvmBcP9uKrgWirfap8Y8sT5Nr8d+goXzcU9K8X0TDjZqhmzFZprPJET22lDk /fWf5ouSv8NgIfV5cRGepfq4yO23GlCj3i3pXHJZpjTpR4LaLDH89H5lJcV5swTJULfo bHKS4Rw4zVPNwXD66F9YXILT5GRT/n4sezh852W9QMxFBo0V0a3TxvuRrsGR+WFxYcmv QZCdiyp/6HZCTIr+ZDR4qz/yMawblOfFIX/cuePqNFf9m5tB4xDnAkS1w+eY4IzHGEvH tcyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature; bh=u30qyGB0icRx5O3WL/r+54FTrdH+1xzOYuv0EK0uW6Q=; b=ZslUiYFg3MH4x7U+4ulbD8qwLF1BXzeFZbdATDwI81ckDxyWyltMNacCROWAurQ3iA 9HtfZXjA5b/17s31fUSJDdtvoR5LmPmEEh8BYuAYf3CXGeqhEah7SsGhvn+R3981eYGH XDes7bHacopiUDzaGHWAXEp9qjZaD6SvKM+rY1fO6ssOilVjPtnRp+zOCl8Iyf7dKDLh ixpm52plCK1VGf3bp/5WoPoSiMaBxVtIq/YWCTCbywo4NCQnCi5U47C+2Xhb1/7HIO+b /Jipdlzu6yCD2mgmyqEgI+PES/fX86Gl+fHfaeOh7QfqP5iOtPwpzsXk/k24px00yTiA hR7w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=qlAFXXqJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z19si5113225edc.428.2021.08.18.05.23.25; Wed, 18 Aug 2021 05:23:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=qlAFXXqJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235854AbhHRMVc (ORCPT + 99 others); Wed, 18 Aug 2021 08:21:32 -0400 Received: from mail.kernel.org ([198.145.29.99]:48704 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235606AbhHRMVc (ORCPT ); Wed, 18 Aug 2021 08:21:32 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 7F40361051; Wed, 18 Aug 2021 12:20:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1629289257; bh=r76n+lUH1cjChAlZYjOsIQBwKYMBDvkY61lTq1hdo0s=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=qlAFXXqJ8CIvbTD+B9Wznqp0KHrM21Hrj3U+WANCdxmAG+DZnJZhoXq7aSvK78sk4 HkT3gAIybYnb3T/PPHBH3m7JT08xTxGwvzK+3J0bd5URxHAuFM3Nu7UYVd1cePpt0O AEsD2aO4TqIKGWMN3Eosys16xZtAUKjt4IK5ZnCd73sG1Mn+1OP8H90SQb61FrecfG DQE9IvlPgD0Vs7UUeUZJ2oh5+e/kGs+OLWMt2SzmGKcK+q2na6VJp11lfPDLYZeO// egd8ioK/OotRXb+P+CCF39PDHppoq+1o1hcH98Vbu4gfPXpbXOqyAP0sjw0cUY0XdV Xp+5F6y0eVC1Q== Message-ID: <3e0961dec832a54bc6a59776831e5467ed231333.camel@kernel.org> Subject: Re: [fscrypt][RFC PATCH v2] ceph: don't allow changing layout on encrypted files/directories From: Jeff Layton To: Luis Henriques Cc: ceph-devel@vger.kernel.org, linux-kernel@vger.kernel.org Date: Wed, 18 Aug 2021 08:20:55 -0400 In-Reply-To: <20210817140439.1442-1-lhenriques@suse.de> References: <20210817140439.1442-1-lhenriques@suse.de> Content-Type: text/plain; charset="ISO-8859-15" User-Agent: Evolution 3.40.3 (3.40.3-1.fc34) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2021-08-17 at 15:04 +0100, Luis Henriques wrote: > Encryption is currently only supported on files/directories with layouts > where stripe_count=1. Forbid changing layouts when encryption is involved. > > Signed-off-by: Luis Henriques > --- > Changes since v1: > - dropped changes to ceph_sync_setxattr(), MDS shall be responsible for > preventing layout changes on encrypted dirs/files > > fs/ceph/ioctl.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/fs/ceph/ioctl.c b/fs/ceph/ioctl.c > index 477ecc667aee..480d18bb2ff0 100644 > --- a/fs/ceph/ioctl.c > +++ b/fs/ceph/ioctl.c > @@ -294,6 +294,10 @@ static long ceph_set_encryption_policy(struct file *file, unsigned long arg) > struct inode *inode = file_inode(file); > struct ceph_inode_info *ci = ceph_inode(inode); > > + /* encrypted directories can't have striped layout */ > + if (ci->i_layout.stripe_count > 1) > + return -EINVAL; > + > ret = vet_mds_for_fscrypt(file); > if (ret) > return ret; Thanks Luis. I've gone ahead and merged this into my fscrypt pile. -- Jeff Layton