[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220317154521.6615-1-lhenriques@suse.de>
Date: Thu, 17 Mar 2022 15:45:17 +0000
From: Luís Henriques <lhenriques@...e.de>
To: Jeff Layton <jlayton@...nel.org>, Xiubo Li <xiubli@...hat.com>,
Ilya Dryomov <idryomov@...il.com>
Cc: ceph-devel@...r.kernel.org, linux-kernel@...r.kernel.org,
Luís Henriques <lhenriques@...e.de>
Subject: [RFC PATCH v3 0/4] ceph: add support for snapshot names encryption
Hi!
Here's another iteration on my encrypted snapshot names series. And
here's the changes since v1:
- Use ceph_find_inode() instead of ceph_get_inode() for finding a snapshot
parent in function parse_longname(). I've also added a fallback to
ceph_get_inode() in case we fail to find the inode. This may happen if,
for example, the mount root doesn't include that inode. The iput() was
also complemented by a discard_new_inode() if the inode is in the I_NEW
state. (patch 0002)
- Move the check for '_' snapshots further up in the ceph_fname_to_usr()
and ceph_encode_encrypted_dname(). This fixes the case pointed out by
Xiubo in v2. (patch 0002)
- Use NAME_MAX for tmp arrays (patch 0002)
- Added an extra patch for replacing the base64url encoding by a different
encoding standard, the one used for IMAP mailboxes (which uses '+' and
',' instead of '-' and '_'). This should fix the issue with snapshot
names starting with '_'. (patch 0003)
Regarding this last patch, there are other alternatives:
1. Simply replace any initial '_' in snapshot names by another character
(I was using the '='). This was a bit more hacky because this name
could never be sent as-is to the base64 functions, so the '=' would
need to be replace back by an '_'.
2. Append an extra (known) char to every snapshot name. This would also
be hacky because it would need to be removed again for base64
operations. And the snapshot name size limitations would need to be
adjusted too.
3. Modify the fscrypt base64 encoding/decoding functions to receive an
alternative table to use in these operations. This would need to be
accepted by the fscrypt maintainers, of course.
As before, in order to test this code the following PRs are required:
mds: add protection from clients without fscrypt support #45073
mds: use the whole string as the snapshot long name #45192
mds: support alternate names for snapshots #45224
mds: limit the snapshot names to 240 characters #45312
Changes since v1:
- Dropped the dentry->d_flags change in ceph_mkdir(). Thanks to Xiubo
suggestion, patch 0001 now skips calling ceph_fscrypt_prepare_context()
if we're handling a snapshot.
- Added error handling to ceph_get_snapdir() in patch 0001 (Jeff had
already pointed that out but I forgot to include that change in previous
revision).
- Rebased patch 0002 to the latest wip-fscrypt branch.
- Added some documentation regarding snapshots naming restrictions.
Luís Henriques (4):
ceph: add support for encrypted snapshot names
ceph: handle encrypted snapshot names in subdirectories
ceph: update documentation regarding snapshot naming limitations
ceph: replace base64url by the encoding used for mailbox names
Documentation/filesystems/ceph.rst | 10 ++
fs/ceph/crypto.c | 238 +++++++++++++++++++++++++----
fs/ceph/crypto.h | 14 +-
fs/ceph/dir.c | 2 +-
fs/ceph/inode.c | 33 +++-
5 files changed, 259 insertions(+), 38 deletions(-)
Powered by blists - more mailing lists