Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp3607690pxp; Wed, 23 Mar 2022 02:03:03 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyKUTNar30V7zFjhGLaYydIRUceChV6SDfEG2E+KfpgAmz39wY7xHzpYWE8n8h0kATYsPyi X-Received: by 2002:a17:902:da86:b0:154:522b:342d with SMTP id j6-20020a170902da8600b00154522b342dmr15504875plx.46.1648026182785; Wed, 23 Mar 2022 02:03:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648026182; cv=none; d=google.com; s=arc-20160816; b=cyQztjSVb2RqCqoyRyt5/hmrOIc4BUj0PtEb/1jqyjAaiGY7hbA5Cci/7VOsOUgx6d 9Tezx9tmYfeyT85EXLQUL3DAA/G7m4wa4XIGfaL/lnymV2W72jUZxkUFarrRuy+Psdht UEbFtNhRIT7JlBVGOsvMUUygrnGwlMtN+CGuvSYBSap8yiQBdN02KIf3O1hjeC+MwPEz hEoGuVNWHz+d2qRStYuGhbHIcGaBoBhhL0bhmpL2vYBasIuVwfuJi0GCD+9oGWXChYoy 1ALe5hW2BuvlW2vQx11WyPk3KJfnDFKvfeuNGDSF8hD7EprHr51T2yhiu3VXs54SOgVy H2Wg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=kan8rQiyDo3RBlvrcV/sSd4rRd8Q09sgYbkLUQBycxY=; b=nxB5+AJUHMWp9dcaKKhV5BMS27yFKFon8Bu/CqcdYbNH+tFr3Yrs/viLWE9Nj4E7Vo 50roJQ6+BHTgJTRM5bDqBZjOjhTFdl8LRRBsvxAexObrOFB4lm7rNuH53SNjCkt0C1Bs Dxd/nv7e2M1kN74rZtgHiHFe3Aboitz2lrrxikDZf0Ob7xZv8AlLbsOTRkG0BOz7iL3t yPo2UUNAeHpul2AZVhRJP0dvSWy1wJWxs638wBAkPvRRXXnJELZhrJfsSyHvXjJUBC3p HhNN8G90kkcEaUmmsu6Jvu57HNJonOCE0yETbptCsCzUYPoqkyOSF0X803czY+A2RGZW n93g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=bykfwKHV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id cq15-20020a056a00330f00b004fa3a8e009csi13030727pfb.339.2022.03.23.02.02.46; Wed, 23 Mar 2022 02:03:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=bykfwKHV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236732AbiCVOPV (ORCPT + 99 others); Tue, 22 Mar 2022 10:15:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51472 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236523AbiCVOPB (ORCPT ); Tue, 22 Mar 2022 10:15:01 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 10A417E095; Tue, 22 Mar 2022 07:13:24 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A44CE615C7; Tue, 22 Mar 2022 14:13:23 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 503B8C340EE; Tue, 22 Mar 2022 14:13:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1647958403; bh=/2A2k4sWEd7IyWPle/TZYZqgjUZDsDQ1CyNMqfDq1zc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=bykfwKHV/ZX94pknTW/itFhIgQ2rt+odpgr1wd3rNYNva6LJVYF0z3lknag4u4QUa Cvzbr1WghtbYcaSr2+9HHEczf6b1oKE5eetgO+tYl6Jjwz2abolkBHvYrDrbY6zbZj zN031jBW/G27622qZ7gFnuFxmGbH+KwaDbbQblfa9kLki3L8jUnqvGrXoXaw218rPC fJ7wqI3PCMoupX0/BxtiITY1F9X62ndtbF2BcAG2xvQKHC+nmtNpFP9/WOVILneQRW 9Mnc24ysg1l44XFHiMsY2Qfw/e05Zyw8365XIn6SbWBDzgoQ4n1rqRNMNkxVeZZN+I IaCdFgKUqQpGw== From: Jeff Layton To: idryomov@gmail.com, xiubli@redhat.com Cc: ceph-devel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-kernel@vger.kernel.org, lhenriques@suse.de, Eric Biggers Subject: [RFC PATCH v11 04/51] fscrypt: add fscrypt_context_for_new_inode Date: Tue, 22 Mar 2022 10:12:29 -0400 Message-Id: <20220322141316.41325-5-jlayton@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220322141316.41325-1-jlayton@kernel.org> References: <20220322141316.41325-1-jlayton@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.9 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Most filesystems just call fscrypt_set_context on new inodes, which usually causes a setxattr. That's a bit late for ceph, which can send along a full set of attributes with the create request. Doing so allows it to avoid race windows that where the new inode could be seen by other clients without the crypto context attached. It also avoids the separate round trip to the server. Refactor the fscrypt code a bit to allow us to create a new crypto context, attach it to the inode, and write it to the buffer, but without calling set_context on it. ceph can later use this to marshal the context into the attributes we send along with the create request. Acked-by: Eric Biggers Signed-off-by: Jeff Layton --- fs/crypto/policy.c | 35 +++++++++++++++++++++++++++++------ include/linux/fscrypt.h | 1 + 2 files changed, 30 insertions(+), 6 deletions(-) diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c index ed3d623724cd..ec861af96252 100644 --- a/fs/crypto/policy.c +++ b/fs/crypto/policy.c @@ -664,6 +664,32 @@ const union fscrypt_policy *fscrypt_policy_to_inherit(struct inode *dir) return fscrypt_get_dummy_policy(dir->i_sb); } +/** + * fscrypt_context_for_new_inode() - create an encryption context for a new inode + * @ctx: where context should be written + * @inode: inode from which to fetch policy and nonce + * + * Given an in-core "prepared" (via fscrypt_prepare_new_inode) inode, + * generate a new context and write it to ctx. ctx _must_ be at least + * FSCRYPT_SET_CONTEXT_MAX_SIZE bytes. + * + * Return: size of the resulting context or a negative error code. + */ +int fscrypt_context_for_new_inode(void *ctx, struct inode *inode) +{ + struct fscrypt_info *ci = inode->i_crypt_info; + + BUILD_BUG_ON(sizeof(union fscrypt_context) != + FSCRYPT_SET_CONTEXT_MAX_SIZE); + + /* fscrypt_prepare_new_inode() should have set up the key already. */ + if (WARN_ON_ONCE(!ci)) + return -ENOKEY; + + return fscrypt_new_context(ctx, &ci->ci_policy, ci->ci_nonce); +} +EXPORT_SYMBOL_GPL(fscrypt_context_for_new_inode); + /** * fscrypt_set_context() - Set the fscrypt context of a new inode * @inode: a new inode @@ -680,12 +706,9 @@ int fscrypt_set_context(struct inode *inode, void *fs_data) union fscrypt_context ctx; int ctxsize; - /* fscrypt_prepare_new_inode() should have set up the key already. */ - if (WARN_ON_ONCE(!ci)) - return -ENOKEY; - - BUILD_BUG_ON(sizeof(ctx) != FSCRYPT_SET_CONTEXT_MAX_SIZE); - ctxsize = fscrypt_new_context(&ctx, &ci->ci_policy, ci->ci_nonce); + ctxsize = fscrypt_context_for_new_inode(&ctx, inode); + if (ctxsize < 0) + return ctxsize; /* * This may be the first time the inode number is available, so do any diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index c90e176b5843..530433098f82 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -276,6 +276,7 @@ int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg); int fscrypt_ioctl_get_policy_ex(struct file *filp, void __user *arg); int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg); int fscrypt_has_permitted_context(struct inode *parent, struct inode *child); +int fscrypt_context_for_new_inode(void *ctx, struct inode *inode); int fscrypt_set_context(struct inode *inode, void *fs_data); struct fscrypt_dummy_policy { -- 2.35.1