Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E9A95C6FD1D for ; Mon, 20 Mar 2023 11:21:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229920AbjCTLVF (ORCPT ); Mon, 20 Mar 2023 07:21:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47466 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230330AbjCTLUk (ORCPT ); Mon, 20 Mar 2023 07:20:40 -0400 Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 597D5A24B; Mon, 20 Mar 2023 04:20:23 -0700 (PDT) Received: by mail-ed1-x530.google.com with SMTP id w9so45274857edc.3; Mon, 20 Mar 2023 04:20:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1679311221; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=b8sVUk19mi0ENvLdXL4dc1wi5Y68vF33xYYUnM/Y+b4=; b=N36boUDV7HOoTgzqioSkm3MXbjJim3un5x5Tc4BDS8kRe5KapgmG1MzBV5/fqDHOrt gjkwhj9Kiwl0tAC092PoPiXbj65Zq9nMmopzLx2l37FweObx8iP3kF1447u/o5uAIr7M 0tuHkoqwfJ6bkcrpG03/MWj5Z8oSLns7vB/8nrge2aBmOApfAtMcnA9sA+muvrbHi/pg lmyril4EWypXHCmtxI9qV8ViFrUFSfTiTpRxMj+viAkITnUHm5iC41mcflXOdQoFT+4F 7mStUaalQYY6B9QnrC/NyrnuYIBbmzo+vL3slEAYVvWcM10jIHHw0Aj7G+Sh4Xs4iymw MXHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679311221; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=b8sVUk19mi0ENvLdXL4dc1wi5Y68vF33xYYUnM/Y+b4=; b=3ZYgolYdKqm26Zkabm69bLKvlajhUSaoAGJUvqYccgTE+i0O69dXDb7X38wSk50od0 GBjvDoB3cH9xcY2buEd34dLLOI8If5wYNyLXa0fjDRpVvAfSkX7a4AjcF3DW+WTWVpjw Q8gILcXJg3S1+6tOow+yL8rm3DsQiw4sX2Y1f8tgOVn0WD4jUIvLmK0Nffrt1QZfg0Av rFPzbNZpKRDr5EMfPVEpRz38xqCeGjv0+2QIe7n/ugbanyTtZIbq1vJFVj1w/zwHeYGb 7baCM3evQVtw4t7PtxIxxatnrLhD0/1qBElrS3VtFpoSo12ZMhfc3M0SKriWcLq9rbjY FYww== X-Gm-Message-State: AO0yUKVg4a0AHCGNokRjLxJMsjfHx+CyPB7tkMVvSG8u5dtfuIKU1uWj MRHyDRWB+Duh2OsOBd/rv3GsMF067TmXcHJOHAw= X-Google-Smtp-Source: AK7set+Dn0AjhRJZc+MJf6gW1KJa8DUjZI/Fdxn0cmVGoZtVMjB0+zAMJOTRvehR3gk8I4LRsO6hF1LdLh2+y2Yp78c= X-Received: by 2002:a50:8756:0:b0:4be:f5a0:a80f with SMTP id 22-20020a508756000000b004bef5a0a80fmr6107654edv.0.1679311221362; Mon, 20 Mar 2023 04:20:21 -0700 (PDT) MIME-Version: 1.0 References: <20230316181413.26916-1-lhenriques@suse.de> <568da52f-18a6-5f96-cd51-5b07dedefb2d@redhat.com> In-Reply-To: <568da52f-18a6-5f96-cd51-5b07dedefb2d@redhat.com> From: Ilya Dryomov Date: Mon, 20 Mar 2023 12:20:09 +0100 Message-ID: Subject: Re: [PATCH v3 0/3] ceph: fscrypt: fix atomic open bug for encrypted directories To: Xiubo Li Cc: =?UTF-8?Q?Lu=C3=ADs_Henriques?= , Eric Biggers , Jeff Layton , "Theodore Y. Ts'o" , Jaegeuk Kim , linux-fscrypt@vger.kernel.org, ceph-devel@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 20, 2023 at 2:07=E2=80=AFAM Xiubo Li wrote: > > > On 17/03/2023 02:14, Lu=C3=ADs Henriques wrote: > > Hi! > > > > I started seeing fstest generic/123 failing in ceph fscrypt, when runni= ng it > > with 'test_dummy_encryption'. This test is quite simple: > > > > 1. Creates a directory with write permissions for root only > > 2. Writes into a file in that directory > > 3. Uses 'su' to try to modify that file as a different user, and > > gets -EPERM > > > > All the test steps succeed, but the test fails to cleanup: 'rm -rf ' > > will fail with -ENOTEMPTY. 'strace' shows that calling unlinkat() to r= emove > > the file got a -ENOENT and then -ENOTEMPTY for the directory. > > > > This is because 'su' does a drop_caches ('su (874): drop_caches: 2' in > > dmesg), and ceph's atomic open will do: > > > > if (IS_ENCRYPTED(dir)) { > > set_bit(CEPH_MDS_R_FSCRYPT_FILE, &req->r_req_flags); > > if (!fscrypt_has_encryption_key(dir)) { > > spin_lock(&dentry->d_lock); > > dentry->d_flags |=3D DCACHE_NOKEY_NAME; > > spin_unlock(&dentry->d_lock); > > } > > } > > > > Although 'dir' has the encryption key available, fscrypt_has_encryption= _key() > > will return 'false' because fscrypt info isn't yet set after the cache > > cleanup. > > > > The first patch will add a new helper for the atomic_open that will for= ce > > the fscrypt info to be loaded into an inode that has been evicted recen= tly > > but for which the key is still available. > > > > The second patch switches ceph atomic_open to use the new fscrypt helpe= r. > > > > Cheers, > > -- > > Lu=C3=ADs > > > > Changes since v2: > > - Make helper more generic and to be used both in lookup and atomic ope= n > > operations > > - Modify ceph_lookup (patch 0002) and ceph_atomic_open (patch 0003) to = use > > the new helper > > > > Changes since v1: > > - Dropped IS_ENCRYPTED() from helper function because kerneldoc says > > already that it applies to encrypted directories and, most important= ly, > > because it would introduce a different behaviour for > > CONFIG_FS_ENCRYPTION and !CONFIG_FS_ENCRYPTION. > > - Rephrased helper kerneldoc > > > > Changes since initial RFC (after Eric's review): > > - Added kerneldoc comments to the new fscrypt helper > > - Dropped '__' from helper name (now fscrypt_prepare_atomic_open()) > > - Added IS_ENCRYPTED() check in helper > > - DCACHE_NOKEY_NAME is not set if fscrypt_get_encryption_info() returns= an > > error > > - Fixed helper for !CONFIG_FS_ENCRYPTION (now defined 'static inline') > > This series looks good to me. > > And I have run the test locally and worked well. > > > > Lu=C3=ADs Henriques (3): > > fscrypt: new helper function - fscrypt_prepare_lookup_partial() > > Eric, > > If possible I we can pick this together to ceph repo and need your ack > about this. Or you can pick it to the crypto repo then please feel free > to add: > > Tested-by: Xiubo Li and Reviewed-by: Xiubo Li > I would prefer the fscrypt helper to go through the fscrypt tree. Thanks, Ilya