Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp579905pxm; Fri, 25 Feb 2022 14:16:05 -0800 (PST) X-Google-Smtp-Source: ABdhPJw03G2SSPvQZGjGxr9xxWx/kuEOwtZgODbRfhvuKd/dD2S4LaWN0bGYhc/iKtgsWQvaAXBg X-Received: by 2002:a63:30c:0:b0:373:a611:b010 with SMTP id 12-20020a63030c000000b00373a611b010mr7853552pgd.167.1645827365269; Fri, 25 Feb 2022 14:16:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645827365; cv=none; d=google.com; s=arc-20160816; b=opayInmi7y5580OGb50dz5TSoBTqMDAgZf61HvA4ziimVwzENAopxIJ/eaSSfIkkTP mWVrR9UfHegR44RmO2Yhqntut/JkwjjA909+STSo+675YOdiyBz6iT+x/e3CXHb8X5D3 4vBEeaGGRFDMtNSIVoxJamtsGuRu81szLDO0N1zBorjjG+YvDEvxtwzYpY4ZVhhcMWlJ Qty2Md8YadvOG/YWphXN60ZiyQFNHUzq077f0AnqBEfDc1Ift0UGsSqHEWPH05IOOPjT 7akdVbcOa65dH3jwniagqxK9BbCIHkViTIWzZsbaaTZaxVcAcROMWbGq9G2nvxb8AoRI A66g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature; bh=zhlWX8QGPC3R1wmpqIenAY06h+lZsBpFVWMJ4q2zFKc=; b=kLj89HSjc5meBLsB2xZIjDG4DUm6/ue4Pa44HkgWOiUvKL4J4jvVqXXEEwzKosnBEX Qg2+1w+4OkgLIiJzsekElXDI0HpY/jESAUbeRXy85MUxerfbDWcnFh1u7OdHPCFOE8xk 635Xyfaus8J2M2Q4slNaGe6MFRnvI8RzRfsxT6t102VF4SbWY+IdoIQ5zGPsCvBggEp9 /6wDaDGPoZzAsy+2YsuM7sVwJ9psQuJ5ZaTOLMEiLuY31rmz/yWkW1qROUmB6qZcjq+t jnMFoe2pBGE0cSc7sI+911kan7Ei5S2QeWWwgn5VIjJxiSd98a1u37z2OIPaIolRBaj2 1NmQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="a0/b6yQN"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u33-20020a631421000000b003651426b169si2990919pgl.348.2022.02.25.14.15.30; Fri, 25 Feb 2022 14:16:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="a0/b6yQN"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237933AbiBYU6M (ORCPT + 99 others); Fri, 25 Feb 2022 15:58:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35912 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232865AbiBYU6L (ORCPT ); Fri, 25 Feb 2022 15:58:11 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8A949AE62; Fri, 25 Feb 2022 12:57:37 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id DD25A61AC1; Fri, 25 Feb 2022 20:57:36 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BF1B6C340E7; Fri, 25 Feb 2022 20:57:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1645822656; bh=pTLVN6Q36v9FGaQsclC6B9u/5ZBd4A+IfXNUIDYGclo=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=a0/b6yQNvdXyuNjn4EY+Am5w60ieOzKMcnS1N5zJASF4Z+YmBPBB22e8WBj6dLrV7 Hu0Oz04GVrG8Sd/etCpEqvIPoMyzXlgPUD2RGB1IHuDXnAyrfClyyWm4eX06xCe4/f gPye/E/pEHCY3Ys9czH7eYGFyKaPcQJEQ7P3BmQ+EG4JhwIKsGo/rtkJsVDcCs8/uU QzmVWj5p1JM2Cktt0eFzvd7Bv1EewtdOtDUFH0owWT53BTJS1WjnywZL8bElEod3Qy F+YTsbHlj4CTXTrAlM7PlIHfJ2mnaoecrlXOHeMVLriRr4FfUzThR0iqvff693lo1i NmolK5e4C8EAg== Message-ID: <57461c8994f5eb15409ae1cfe452b3d6b2263645.camel@kernel.org> Subject: Re: [RFC PATCH] ceph: add support for encrypted snapshot names From: Jeff Layton To: =?ISO-8859-1?Q?Lu=EDs?= Henriques , Xiubo Li , Ilya Dryomov Cc: ceph-devel@vger.kernel.org, linux-kernel@vger.kernel.org Date: Fri, 25 Feb 2022 15:57:34 -0500 In-Reply-To: <20220224112142.18052-1-lhenriques@suse.de> References: <20220224112142.18052-1-lhenriques@suse.de> Content-Type: text/plain; charset="ISO-8859-15" User-Agent: Evolution 3.42.4 (3.42.4-1.fc35) MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 2022-02-24 at 11:21 +0000, Lu?s Henriques wrote: > Since filenames in encrypted directories are already encrypted and shown > as a base64-encoded string when the directory is locked, snapshot names > should show a similar behaviour. > > Signed-off-by: Lu?s Henriques > --- > fs/ceph/dir.c | 15 +++++++++++++++ > fs/ceph/inode.c | 10 +++++++++- > 2 files changed, 24 insertions(+), 1 deletion(-) > > Support on the MDS for names that'll be > MAX_NAME when base64 encoded is > still TBD. I thought it would be something easy to do, but snapshots > don't seem to make use of the CDir/CDentry (which is where alternate_name > is stored on the MDS). I'm still looking into this, but I may need some > help there :-( > > Cheers, > -- > Lu?s > > diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c > index a449f4a07c07..20ae600ee7cd 100644 > --- a/fs/ceph/dir.c > +++ b/fs/ceph/dir.c > @@ -1065,6 +1065,13 @@ static int ceph_mkdir(struct user_namespace *mnt_userns, struct inode *dir, > op = CEPH_MDS_OP_MKSNAP; > dout("mksnap dir %p snap '%pd' dn %p\n", dir, > dentry, dentry); > + /* XXX missing support for alternate_name in snapshots */ > + if (IS_ENCRYPTED(dir) && (dentry->d_name.len >= 189)) { > + dout("encrypted snapshot name too long: %pd len: %d\n", > + dentry, dentry->d_name.len); > + err = -ENAMETOOLONG; > + goto out; > + } Where does 189 come from? You probably want to use CEPH_NOHASH_NAME_MAX. > } else if (ceph_snap(dir) == CEPH_NOSNAP) { > dout("mkdir dir %p dn %p mode 0%ho\n", dir, dentry, mode); > op = CEPH_MDS_OP_MKDIR; > @@ -1109,6 +1116,14 @@ static int ceph_mkdir(struct user_namespace *mnt_userns, struct inode *dir, > !req->r_reply_info.head->is_target && > !req->r_reply_info.head->is_dentry) > err = ceph_handle_notrace_create(dir, dentry); > + > + /* > + * If we have created a snapshot we need to clear the cache, otherwise > + * snapshot will show encrypted filenames in readdir. > + */ > + if (ceph_snap(dir) == CEPH_SNAPDIR) > + d_drop(dentry); > + This looks hacky, but I just caught up on the discussion between you and Xiubo, so I assume you're addressing that. > out_req: > ceph_mdsc_put_request(req); > out: > diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c > index 8b0832271fdf..080824610b73 100644 > --- a/fs/ceph/inode.c > +++ b/fs/ceph/inode.c > @@ -182,6 +182,13 @@ struct inode *ceph_get_snapdir(struct inode *parent) > ci->i_rbytes = 0; > ci->i_btime = ceph_inode(parent)->i_btime; > > + /* if encrypted, just borough fscrypt_auth from parent */ > + if (IS_ENCRYPTED(parent)) { > + struct ceph_inode_info *pci = ceph_inode(parent); > + inode->i_flags |= S_ENCRYPTED; > + ci->fscrypt_auth_len = pci->fscrypt_auth_len; > + ci->fscrypt_auth = pci->fscrypt_auth; > + } > if (inode->i_state & I_NEW) { > inode->i_op = &ceph_snapdir_iops; > inode->i_fop = &ceph_snapdir_fops; > @@ -632,7 +639,8 @@ void ceph_free_inode(struct inode *inode) > > kfree(ci->i_symlink); > #ifdef CONFIG_FS_ENCRYPTION > - kfree(ci->fscrypt_auth); > + if (ceph_snap(inode) != CEPH_SNAPDIR) > + kfree(ci->fscrypt_auth); Can a snapdir inode outlive its parent? > #endif > fscrypt_free_inode(inode); > kmem_cache_free(ceph_inode_cachep, ci); -- Jeff Layton