Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp3071610pxp; Tue, 22 Mar 2022 11:26:03 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw3V0xtHnWu+crGFxKyrVDz5RGWjHxMN0OJn2OCtTUTxrcc2LeO3Uotvg102Kv+o3c7PuHn X-Received: by 2002:a17:906:6a08:b0:6df:d511:3760 with SMTP id qw8-20020a1709066a0800b006dfd5113760mr16964089ejc.682.1647973563080; Tue, 22 Mar 2022 11:26:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1647973563; cv=none; d=google.com; s=arc-20160816; b=FeEJ28KSJy0R7w99yrxt2wwO8cPtwlfUTA5EHqtZlNZu5BbFu1mJOZqND4zfMulNZz wdFWz2od5Y7340NCIqYxHsaPjFi+ihU0sWVemG0uRMrlx7sHdgGHaO7GQEDsRZ+21qzR BXEcY0MUEQhlcnfvRLzYgXhehn9nxUfT04mwdDEGxlm4adtFTLawfrvGsL84U3RlMCTE VRLX2azcINEw9pgkkVD7U32iw5F9agjor2nIlkbPg4LfZxZFf7DhlU/kb7o+NV0LSJtV 5xbIvQa8r+w1hGdh91sflwgrPHA7AvE9E9TNf7JGUoD9KSV+MK4wVw9+0YhL/oTJIZ4U at4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=f8cVG706VU73eWn606EYPLBDpPO8gFHfnSgUxIM2x8Q=; b=Nb2N99V0HhV8b/M8j/wbv+6sxHkuFWB2yHfDeWqD1BsPzT1JEso6YkruLF5OOVBde5 tcC3/b1RNUdxVAiYLOaolqsFUgdNS61XZ+HQIyPX/VgBPBTMKImy3whD5BMW7GQdV4Uw pEmrosirqdyeUoRHLFDjjqZQP+HEaGlSqP5DOBf5OL73/jTF6vQKMQ1hMT11uGi9clxY /71Kfq/BOunqWyI1JWvNzunvG9aBKzBCJkUp93aR9DWPIL1PmWxYsfHxczyRQn4m4MEQ UxCUu0Y596Zur7uLDGTzgnV7Sbm07lVDoDbnUHmxg6QcjbJkt0W1AGxT1HuKwcpjEh5A Edvg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=NMkadCmj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 14-20020a50874e000000b0041953d28471si2902595edv.235.2022.03.22.11.25.36; Tue, 22 Mar 2022 11:26:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=NMkadCmj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237221AbiCVOQK (ORCPT + 99 others); Tue, 22 Mar 2022 10:16:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49670 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235684AbiCVOPG (ORCPT ); Tue, 22 Mar 2022 10:15:06 -0400 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9DFEF140A1; Tue, 22 Mar 2022 07:13:37 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sin.source.kernel.org (Postfix) with ESMTPS id EB8A4CE1CB6; Tue, 22 Mar 2022 14:13:35 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B3448C340EE; Tue, 22 Mar 2022 14:13:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1647958414; bh=5+UxEVrMwHCPe6z9DWY2NEEpJxyOtrcpCVFxZSyshkc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NMkadCmjuzE7FPd0T2TF4o1JMpaka7EKaO4ec94IDTEoIno258/GbmH7P3aHVNamg TEiqAimVniBL3Rx+CxlO5ZXGd82Ar7BJ7gyQXsq1scbJZIVvmLU0wbnE6v61CWW7u2 u3hLj4xqXZEmS8qurdrlqOs9qA9teNkDHX4nrfDR+2+NI5/hzwHOb/x8UwtFfMV2m5 Kx7l4/EzAe653Sh9tne8d9tPqW0FFY/GedDJv2UQi+MdDQTeSHZ0Ypv/0ilxXj0dIz MSdnVsZvwJumcWbgLxRUhSaC+g/C2yrPuScG9Kg91isBnHj1jdzCQOwyVmcugonNtJ C+no9srWCMfCA== From: Jeff Layton To: idryomov@gmail.com, xiubli@redhat.com Cc: ceph-devel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-kernel@vger.kernel.org, lhenriques@suse.de Subject: [RFC PATCH v11 16/51] ceph: send altname in MClientRequest Date: Tue, 22 Mar 2022 10:12:41 -0400 Message-Id: <20220322141316.41325-17-jlayton@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220322141316.41325-1-jlayton@kernel.org> References: <20220322141316.41325-1-jlayton@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.9 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In the event that we have a filename longer than CEPH_NOHASH_NAME_MAX, we'll need to hash the tail of the filename. The client however will still need to know the full name of the file if it has a key. To support this, the MClientRequest field has grown a new alternate_name field that we populate with the full (binary) crypttext of the filename. This is then transmitted to the clients in readdir or traces as part of the dentry lease. Add support for populating this field when the filenames are very long. Signed-off-by: Jeff Layton --- fs/ceph/mds_client.c | 75 +++++++++++++++++++++++++++++++++++++++++--- fs/ceph/mds_client.h | 3 ++ 2 files changed, 73 insertions(+), 5 deletions(-) diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c index ff80f09fbc12..e5f569f9d6a0 100644 --- a/fs/ceph/mds_client.c +++ b/fs/ceph/mds_client.c @@ -972,6 +972,7 @@ void ceph_mdsc_release_request(struct kref *kref) if (req->r_pagelist) ceph_pagelist_release(req->r_pagelist); kfree(req->r_fscrypt_auth); + kfree(req->r_altname); put_request_session(req); ceph_unreserve_caps(req->r_mdsc, &req->r_caps_reservation); WARN_ON_ONCE(!list_empty(&req->r_wait)); @@ -2386,6 +2387,63 @@ static inline u64 __get_oldest_tid(struct ceph_mds_client *mdsc) return mdsc->oldest_tid; } +#if IS_ENABLED(CONFIG_FS_ENCRYPTION) +static u8 *get_fscrypt_altname(const struct ceph_mds_request *req, u32 *plen) +{ + struct inode *dir = req->r_parent; + struct dentry *dentry = req->r_dentry; + u8 *cryptbuf = NULL; + u32 len = 0; + int ret = 0; + + /* only encode if we have parent and dentry */ + if (!dir || !dentry) + goto success; + + /* No-op unless this is encrypted */ + if (!IS_ENCRYPTED(dir)) + goto success; + + ret = __fscrypt_prepare_readdir(dir); + if (ret) + return ERR_PTR(ret); + + /* No key? Just ignore it. */ + if (!fscrypt_has_encryption_key(dir)) + goto success; + + if (!fscrypt_fname_encrypted_size(dir, dentry->d_name.len, NAME_MAX, &len)) { + WARN_ON_ONCE(1); + return ERR_PTR(-ENAMETOOLONG); + } + + /* No need to append altname if name is short enough */ + if (len <= CEPH_NOHASH_NAME_MAX) { + len = 0; + goto success; + } + + cryptbuf = kmalloc(len, GFP_KERNEL); + if (!cryptbuf) + return ERR_PTR(-ENOMEM); + + ret = fscrypt_fname_encrypt(dir, &dentry->d_name, cryptbuf, len); + if (ret) { + kfree(cryptbuf); + return ERR_PTR(ret); + } +success: + *plen = len; + return cryptbuf; +} +#else +static u8 *get_fscrypt_altname(const struct ceph_mds_request *req, u32 *plen) +{ + *plen = 0; + return NULL; +} +#endif + /** * ceph_mdsc_build_path - build a path string to a given dentry * @dentry: dentry to which path should be built @@ -2606,14 +2664,15 @@ static void encode_mclientrequest_tail(void **p, const struct ceph_mds_request * ceph_encode_timespec64(&ts, &req->r_stamp); ceph_encode_copy(p, &ts, sizeof(ts)); - /* gid_list */ + /* v4: gid_list */ ceph_encode_32(p, req->r_cred->group_info->ngroups); for (i = 0; i < req->r_cred->group_info->ngroups; i++) ceph_encode_64(p, from_kgid(&init_user_ns, req->r_cred->group_info->gid[i])); - /* v5: altname (TODO: skip for now) */ - ceph_encode_32(p, 0); + /* v5: altname */ + ceph_encode_32(p, req->r_altname_len); + ceph_encode_copy(p, req->r_altname, req->r_altname_len); /* v6: fscrypt_auth and fscrypt_file */ if (req->r_fscrypt_auth) { @@ -2669,7 +2728,13 @@ static struct ceph_msg *create_request_message(struct ceph_mds_session *session, goto out_free1; } - /* head */ + req->r_altname = get_fscrypt_altname(req, &req->r_altname_len); + if (IS_ERR(req->r_altname)) { + msg = ERR_CAST(req->r_altname); + req->r_altname = NULL; + goto out_free2; + } + len = legacy ? sizeof(*head) : sizeof(struct ceph_mds_request_head); /* filepaths */ @@ -2695,7 +2760,7 @@ static struct ceph_msg *create_request_message(struct ceph_mds_session *session, len += sizeof(u32) + (sizeof(u64) * req->r_cred->group_info->ngroups); /* alternate name */ - len += sizeof(u32); // TODO + len += sizeof(u32) + req->r_altname_len; /* fscrypt_auth */ len += sizeof(u32); // fscrypt_auth diff --git a/fs/ceph/mds_client.h b/fs/ceph/mds_client.h index 2cc75f9ae7c7..cd719691a86d 100644 --- a/fs/ceph/mds_client.h +++ b/fs/ceph/mds_client.h @@ -290,6 +290,9 @@ struct ceph_mds_request { struct ceph_fscrypt_auth *r_fscrypt_auth; + u8 *r_altname; /* fscrypt binary crypttext for long filenames */ + u32 r_altname_len; /* length of r_altname */ + int r_fmode; /* file mode, if expecting cap */ int r_request_release_offset; const struct cred *r_cred; -- 2.35.1