Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp2737847pxb;
        Mon, 18 Apr 2022 07:17:39 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyzoTRhJa4V3pVkadQNzwHSQruqQUwkcwlPDLb8UBSXpsYU4Gq8ljhXPIe7ZbSYN36TmqNk
X-Received: by 2002:a17:902:8ec8:b0:154:5ecb:eb05 with SMTP id x8-20020a1709028ec800b001545ecbeb05mr11213051plo.56.1650291458877;
        Mon, 18 Apr 2022 07:17:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1650291458; cv=none;
        d=google.com; s=arc-20160816;
        b=IwFfqPHoVhJvn+YaAz6wwK/b0aCgiJgwyhu5/cOnnmijj3sVHCcrqu9f7G5yiJial0
         Om4GubGYZ3xjgsYZheLVL6BBeUNE2q/rSUyw/dF+5wYRVA8psdWgHEH3jS0GWya+T60j
         hpacrMoeroKWvvh4O3P42DCfL19IIXZEIacL0nUEQmOe4V7kKMuomGX37Q1+VRjPicUF
         UEoLq/JmPhIhDMJ0xAj6/Ef8ANAvmuyzaQzAy+00dLoRftHn2avF1C9kL3b7a52WKpTL
         MuloJKuqAV/b2bVmihdP5HILxFZ6EUWjS7esSUeiJuxyQco8p4O5761wXoxrlZyFjPtH
         dvog==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature:dkim-signature;
        bh=iBYQm7Rp5LG8jKxerzOsfwWsTzE/H7NffrHSL2IyD+s=;
        b=JyL2l+ixqP7nUaGCOKlh8nP6qWt41ATRVmctgPpnxMI05zmW5J3VadSqc17f98XQME
         9kezXCrIKvrWTa8/P/Q+vXjQJEI5kfYNIsDf+8hQUZ78Fd9qvj6m8vLQKOWbC7SPGJg9
         NscnAW1qgumos57zzZ0xCkHdqIPSRZKUlndUWnQuc2X8yaGFMnrbB66s31lwP9AI9GZR
         F+To5eEy23TYD+yC65aPbQ9AEOu0ehFy3mdnFgfNJ3SijCHkeyBg2FGGibkHWf6lnik5
         AeqxZCAF8Pf2doBYQDf5jLxe2cg7X1uHmbfdre2oCJg4uiycV1YY6u9B/syZRT1G0u6D
         sAiw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=TocHSoPX;
       dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=xGtN1dHw;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id s6-20020a056a0008c600b004fa8832da6dsi10411029pfu.76.2022.04.18.07.17.22;
        Mon, 18 Apr 2022 07:17:38 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=TocHSoPX;
       dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=xGtN1dHw;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1345086AbiDROSq (ORCPT <rfc822;alexander.kapshuk@gmail.com>
        + 99 others); Mon, 18 Apr 2022 10:18:46 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56522 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S244924AbiDRN6F (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 18 Apr 2022 09:58:05 -0400
Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6C31726D9;
        Mon, 18 Apr 2022 06:08:15 -0700 (PDT)
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by smtp-out2.suse.de (Postfix) with ESMTPS id D29A81F381;
        Mon, 18 Apr 2022 13:08:13 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa;
        t=1650287293; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=iBYQm7Rp5LG8jKxerzOsfwWsTzE/H7NffrHSL2IyD+s=;
        b=TocHSoPX9e5EcicfNhzjUIFR8D2OXV/K3lKZJSWWVrMF+nTO7p7lqWZukGYiNMgRhCcI2S
        HJTiKL4rTD0OvGEQAOmlFBlwQU9KUgEqfF2NSk75WGi21Uhzu2sWGHOdZf5AjIbAxK3aiV
        lCTohJTbyaE21PBqte+yxlpTjKOPTik=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
        s=susede2_ed25519; t=1650287293;
        h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=iBYQm7Rp5LG8jKxerzOsfwWsTzE/H7NffrHSL2IyD+s=;
        b=xGtN1dHwZEvL/X5HVK+Vrt3cgkkqhFrdYXZs9AO3qJxgafORU/jLMoBegjJTpsRHqcEzFE
        xlEstEnrU2eBGDAg==
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 68C5D13ACB;
        Mon, 18 Apr 2022 13:08:13 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
        by imap2.suse-dmz.suse.de with ESMTPSA
        id Dj9SFr1iXWLcLwAAMHmgww
        (envelope-from <lhenriques@suse.de>); Mon, 18 Apr 2022 13:08:13 +0000
Received: from localhost (brahms.olymp [local])
        by brahms.olymp (OpenSMTPD) with ESMTPA id 150a3546;
        Mon, 18 Apr 2022 13:08:40 +0000 (UTC)
From:   =?UTF-8?q?Lu=C3=ADs=20Henriques?= <lhenriques@suse.de>
To:     Jeff Layton <jlayton@kernel.org>, Xiubo Li <xiubli@redhat.com>,
        Ilya Dryomov <idryomov@gmail.com>
Cc:     ceph-devel@vger.kernel.org, linux-kernel@vger.kernel.org,
        =?UTF-8?q?Lu=C3=ADs=20Henriques?= <lhenriques@suse.de>
Subject: [PATCH] ceph: prevent snapshots to be created in encrypted locked directories
Date:   Mon, 18 Apr 2022 14:08:39 +0100
Message-Id: <20220418130839.9862-1-lhenriques@suse.de>
In-Reply-To: <20220414135122.26821-1-lhenriques@suse.de>
References: <20220414135122.26821-1-lhenriques@suse.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

With snapshot names encryption we can not allow snapshots to be created in
locked directories because the names wouldn't be encrypted.  This patch
forces the directory to be unlocked to allow a snapshot to be created.

Signed-off-by: Luís Henriques <lhenriques@suse.de>
---
 fs/ceph/dir.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
index f48f1ff20927..93e2f08102a1 100644
--- a/fs/ceph/dir.c
+++ b/fs/ceph/dir.c
@@ -1071,6 +1071,10 @@ static int ceph_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
 		err = -EDQUOT;
 		goto out;
 	}
+	if ((op == CEPH_MDS_OP_MKSNAP) && !fscrypt_has_encryption_key(dir)) {
+		err = -ENOKEY;
+		goto out;
+	}
 
 
 	req = ceph_mdsc_create_request(mdsc, op, USE_AUTH_MDS);