Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1725993rwb; Thu, 17 Nov 2022 00:40:33 -0800 (PST) X-Google-Smtp-Source: AA0mqf7wZp+2b+Brk5ugSk1fJjXqgGms7tKlJWH2H322Dp2U092lERwkb6VrCa+6HWnaP52zI5ru X-Received: by 2002:a05:6402:1f87:b0:468:7df:c38c with SMTP id c7-20020a0564021f8700b0046807dfc38cmr1249951edc.150.1668674433441; Thu, 17 Nov 2022 00:40:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668674433; cv=none; d=google.com; s=arc-20160816; b=HN3Dvq2drfJ0L2XWfWlQR2sAgKjLtnvWrnrhFMT3G70inzNOhnp5+UWGBKrxToKjbF puJDvnxMs8aY9K++Bk4XW/yy4fhS2fN7FWCDtCPq+rjclW6WrHC/GWeF6xx82jJdOyYQ CQsegS6PuPh5uivkgvmY5f7+1Gb8qveZA2t5cwWNH1Rn2UA4rdS+kmHE6+QNgIY+u5Qs 9bQEwky5sRH4C6D2teCBZHa3LugYj3i0QFhC77PlVUncQ9xx4qVJsKPsaCHcCnV4W0rb GDBY0TsfDzpr38HGkJ1x7QT7ycbt8kyyEtYPNFcVl3IUj/ZyqFkRgVqZqOIqcyOy5Jcb 3KvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-language:content-transfer-encoding :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=Lc6aO2jeVqUhMYtAzgGQ94NvGNINHdDrt/788aNpceE=; b=e6I4J3Z9l0DK3rI7I0fnsHvj5k8Ovr0uSAeRG9eazLQY7Bpq5hJLYuDyOo1UYHviZw CW4K+ANQL8ANp8At/TzPfHBLS9Oq3zclCyZvemJgtbELpU1Y6XgF3umaKITqMcLj+Fn4 jzC/8zXZ17pYWLfdcjOezLxeNoyTE30fVrMkid1fxM5dX7ya0XkamjA0JHXmkkGAMKgA hhYtbEkDlJ84KZgGkfS/JKRIYlw3cpdkDB/2JpqBtuiwnNSRMewS7R0IyymMxoWyGl+D cgjF0yxP3Q3yAnNUJULaugd+G136FY+03TPr2RVtBcF+cQntrpXZfvBP+kZAlFSrl6Yt wjcg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=NwMMr7Lt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id et19-20020a170907295300b0078d9cec6a5asi105216ejc.191.2022.11.17.00.40.11; Thu, 17 Nov 2022 00:40:33 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=NwMMr7Lt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239345AbiKQIE4 (ORCPT + 92 others); Thu, 17 Nov 2022 03:04:56 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50978 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229658AbiKQIEw (ORCPT ); Thu, 17 Nov 2022 03:04:52 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EAC02D2F2 for ; Thu, 17 Nov 2022 00:03:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1668672231; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Lc6aO2jeVqUhMYtAzgGQ94NvGNINHdDrt/788aNpceE=; b=NwMMr7LtvV8Ar471pthin4uHN4z+FZHJn2hflIwkR9UngWSws34ZWhMpAYHccjWMM0dsBg +Bni5N8cVikq/PQPZ4z/abQShqGpxfMRHBX/yRiixJvOfvPT4NEYJ+HcnaimDL/hYT0tDS aOLZrz9YaokW3MC7pdla6cxJPAUO1V0= Received: from mail-pj1-f71.google.com (mail-pj1-f71.google.com [209.85.216.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-628-XV58rmmCNEuC-WS-8TFzNw-1; Thu, 17 Nov 2022 03:03:42 -0500 X-MC-Unique: XV58rmmCNEuC-WS-8TFzNw-1 Received: by mail-pj1-f71.google.com with SMTP id mj8-20020a17090b368800b002137a506927so704092pjb.1 for ; Thu, 17 Nov 2022 00:03:41 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-language:content-transfer-encoding:in-reply-to:mime-version :user-agent:date:message-id:from:references:cc:to:subject :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Lc6aO2jeVqUhMYtAzgGQ94NvGNINHdDrt/788aNpceE=; b=2BlZ52L+pJr2+sY+/PkYBw2XstYPfYzoK8ktwWk0+Ecr+vVp9JxONoN5bCPiwtoEmG erg1ZP8sNbSm7W5ta6kO0IamC+/sb2AwcNnrW7pYyJSMIv98duJFZGgAqwbGNU0AntkY O6IFV7FfjAmfVmr/zTgmreSoV7LJatE3aEXMefSo1WkzN77oeCgPSeT4hA2F1a+bBCNd uHt1f1ROgj1MJe44+ciVDsRZhyhylbzFG0qeXZpa9Hqekz/D4pj2JNjhN3HqXWYxux20 ++AvEN48YWR3nx7g0on8ONKflT5my68MT0TCf7/1U0Zf2SyAadlmkmX/+cAqxJfLjVdy r4Zg== X-Gm-Message-State: ANoB5pnHGAu4d7hD4ua/+iK8X/vqIa7ZnpX0zIZCjhwJgyiyXl4F4yP7 LGmSIcTn2wXTwpcgaSaY5CPF7NEQyHzQ4K7QLDohMqm6aDUlSPStpruj3AVf/bwui+s9qvQfZ0B 6IBQxyzzesYCfLQoje0gywqmaip/uZhBY+m+ez9bQshyxNo2mNx5dkyhthD/HJPX3g4TavoF8eA == X-Received: by 2002:aa7:9243:0:b0:56d:dd2a:f6b6 with SMTP id 3-20020aa79243000000b0056ddd2af6b6mr1848188pfp.30.1668672220757; Thu, 17 Nov 2022 00:03:40 -0800 (PST) X-Received: by 2002:aa7:9243:0:b0:56d:dd2a:f6b6 with SMTP id 3-20020aa79243000000b0056ddd2af6b6mr1848156pfp.30.1668672220340; Thu, 17 Nov 2022 00:03:40 -0800 (PST) Received: from [10.72.12.148] ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id f7-20020a170902684700b00186c5e8b1d0sm547141pln.149.2022.11.17.00.03.37 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 17 Nov 2022 00:03:40 -0800 (PST) Subject: Re: [PATCH] ceph: make sure directories aren't complete after setting crypt context To: =?UTF-8?Q?Lu=c3=ads_Henriques?= , Ilya Dryomov , Jeff Layton Cc: ceph-devel@vger.kernel.org, linux-kernel@vger.kernel.org References: <20221116153703.27292-1-lhenriques@suse.de> From: Xiubo Li Message-ID: <5de0ae69-5e3d-2ccb-64a3-971db66477f8@redhat.com> Date: Thu, 17 Nov 2022 16:03:35 +0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.10.1 MIME-Version: 1.0 In-Reply-To: <20221116153703.27292-1-lhenriques@suse.de> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 16/11/2022 23:37, Luís Henriques wrote: > When setting a directory's crypt context, __ceph_dir_clear_complete() needs > to be used otherwise, if it was complete before, any old dentry that's still > around will be valid. > > Signed-off-by: Luís Henriques > --- > Hi! > > Here's a simple way to trigger the bug this patch is fixing: > > # cd /cephfs > # ls mydir > nKRhofOAVNsAwVLvDw7a0c9ypsjbZfK3n0Npnmni6j0 > # ls mydir/nKRhofOAVNsAwVLvDw7a0c9ypsjbZfK3n0Npnmni6j0/ > Cyuer5xT+kBlEPgtwAqSj0WK2taEljP5vHZ,D8VXCJ8 u+46b2XVCt7Obpz0gznZyNLRj79Q2l4KmkwbKOzdQKw > # fscrypt unlock mydir > # touch /mnt/test/mydir/mysubdir/file > touch: cannot touch '/mnt/test/mydir/mysubdir/file': No such file or directory > > fs/ceph/crypto.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/fs/ceph/crypto.c b/fs/ceph/crypto.c > index 35a2ccfe6899..dc1557967032 100644 > --- a/fs/ceph/crypto.c > +++ b/fs/ceph/crypto.c > @@ -87,6 +87,10 @@ static int ceph_crypt_get_context(struct inode *inode, void *ctx, size_t len) > return -ERANGE; > > memcpy(ctx, cfa->cfa_blob, ctxlen); > + > + /* Directory isn't complete anymore */ > + if (S_ISDIR(inode->i_mode) && __ceph_dir_is_complete(ci)) > + __ceph_dir_clear_complete(ci); Hi Luis, Good catch! BTW, why do this in the ceph_crypt_get_context() ? As my understanding is that we should mark 'mydir' as incomplete when unlocking it. While as I remembered the unlock operation will do: Step1: get_encpolicy via 'mydir' as ctx Step2: rm_enckey of ctx from the superblock Since I am still running the test cases for the file lock patches, so I didn't catch logs to confirm the above steps yet. If I am right IMO then we should mark the dir as incomplete in the Step2 instead, because for non-unlock operations they may also do the Step1. Thanks! - Xiubo > return ctxlen; > } > >