lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5d43feb5668de88a3667e88e72a3168b299a6533.camel@kernel.org>
Date:   Tue, 22 Mar 2022 10:17:55 -0400
From:   Jeff Layton <jlayton@...nel.org>
To:     idryomov@...il.com, xiubli@...hat.com
Cc:     ceph-devel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        linux-fscrypt@...r.kernel.org, linux-kernel@...r.kernel.org,
        lhenriques@...e.de
Subject: Re: [RFC PATCH v11 00/51] ceph+fscrypt : full support

On Tue, 2022-03-22 at 10:12 -0400, Jeff Layton wrote:
> This patchset represents a (mostly) working prototype of the
> ceph+fscrypt work. With this, I'm able run xfstests with
> test_dummy_encryption, and most of the tests that pass on ceph without
> fscrypt now pass on it.
> 
> When I made the last posting of this series [1], I mentioned that proper
> support for sparse read support would be necessary to do this. Thus, the
> biggest difference from the v10 set is that this is now based on top of
> the patch series that I posted yesterday to implement sparse reads [2].
> 
> Aside from that, there are also numerous cleanups all over the tree, as
> well as an overhaul of the readdir handling by Xiubo.
> 
> This series is not yet bug-free, but it's at a point where it is quite
> usable, providing you're running against the Quincy release of ceph
> (which should ship sometime in the next few months).
> 
> Next Steps:
> ===========
> I'm not going to sugar-coat it. This is a huge, invasive patch series
> that touches a lot of the most sensitive code in ceph.
> 
> Eric Biggers has acked the changes we need in fscrypt infrastructure. I
> still need Al to ack exporting the new_inode_pseudo symbol. The rest is
> pretty much all ceph and libceph code.
> 
> The main piece missing at this point is support for sparse reads with
> ms_mode settings other than "crc". Once that's complete, I want to merge
> that and this series into the ceph "testing" branch so we can start
> running tests against it in teuthology with fscrypt enabled.
> 
> If that goes well, I think we could probably merge this into mainline
> for v5.20 or v5.21. There is also some incoming support for netfs write
> and DIO read helpers that we may want to convert to as well [3]. That
> may alter the timing as well.
> 
> Review, comments and questions are welcome...
> 
> [1]: https://lore.kernel.org/ceph-devel/20220111191608.88762-1-jlayton@kernel.org/
> 
> [2]: https://lore.kernel.org/ceph-devel/20220318135013.43934-1-jlayton@kernel.org/
> 
> [3]: https://lore.kernel.org/ceph-devel/YixWLJXyWtD+STvl@codewreck.org/T/#maec7e3579f13a45171ad23d7a49183d169fcfcca
> 
> Jeff Layton (41):
>   vfs: export new_inode_pseudo
>   fscrypt: export fscrypt_base64url_encode and fscrypt_base64url_decode
>   fscrypt: export fscrypt_fname_encrypt and fscrypt_fname_encrypted_size
>   fscrypt: add fscrypt_context_for_new_inode
>   ceph: preallocate inode for ops that may create one
>   ceph: crypto context handling for ceph
>   ceph: parse new fscrypt_auth and fscrypt_file fields in inode traces
>   ceph: add support for fscrypt_auth/fscrypt_file to cap messages
>   ceph: add ability to set fscrypt_auth via setattr
>   ceph: implement -o test_dummy_encryption mount option
>   ceph: decode alternate_name in lease info
>   ceph: add fscrypt ioctls
>   ceph: make ceph_msdc_build_path use ref-walk
>   ceph: add encrypted fname handling to ceph_mdsc_build_path
>   ceph: send altname in MClientRequest
>   ceph: encode encrypted name in dentry release
>   ceph: properly set DCACHE_NOKEY_NAME flag in lookup
>   ceph: make d_revalidate call fscrypt revalidator for encrypted
>     dentries
>   ceph: add helpers for converting names for userland presentation
>   ceph: add fscrypt support to ceph_fill_trace
>   ceph: create symlinks with encrypted and base64-encoded targets
>   ceph: make ceph_get_name decrypt filenames
>   ceph: add a new ceph.fscrypt.auth vxattr
>   ceph: add some fscrypt guardrails
>   libceph: add CEPH_OSD_OP_ASSERT_VER support
>   ceph: size handling for encrypted inodes in cap updates
>   ceph: fscrypt_file field handling in MClientRequest messages
>   ceph: get file size from fscrypt_file when present in inode traces
>   ceph: handle fscrypt fields in cap messages from MDS
>   ceph: add infrastructure for file encryption and decryption
>   libceph: allow ceph_osdc_new_request to accept a multi-op read
>   ceph: disable fallocate for encrypted inodes
>   ceph: disable copy offload on encrypted inodes
>   ceph: don't use special DIO path for encrypted inodes
>   ceph: align data in pages in ceph_sync_write
>   ceph: add read/modify/write to ceph_sync_write
>   ceph: plumb in decryption during sync reads
>   ceph: add fscrypt decryption support to ceph_netfs_issue_op
>   ceph: set i_blkbits to crypto block size for encrypted inodes
>   ceph: add encryption support to writepage
>   ceph: fscrypt support for writepages
> 
> Luis Henriques (1):
>   ceph: don't allow changing layout on encrypted files/directories
> 
> Xiubo Li (9):
>   ceph: make the ioctl cmd more readable in debug log
>   ceph: fix base64 encoded name's length check in ceph_fname_to_usr()
>   ceph: pass the request to parse_reply_info_readdir()
>   ceph: add ceph_encode_encrypted_dname() helper
>   ceph: add support to readdir for encrypted filenames
>   ceph: add __ceph_get_caps helper support
>   ceph: add __ceph_sync_read helper support
>   ceph: add object version support for sync read
>   ceph: add truncate size handling support for fscrypt
> 
>  fs/ceph/Makefile                |   1 +
>  fs/ceph/acl.c                   |   4 +-
>  fs/ceph/addr.c                  | 128 ++++++--
>  fs/ceph/caps.c                  | 212 +++++++++++--
>  fs/ceph/crypto.c                | 432 +++++++++++++++++++++++++
>  fs/ceph/crypto.h                | 256 +++++++++++++++
>  fs/ceph/dir.c                   | 182 ++++++++---
>  fs/ceph/export.c                |  44 ++-
>  fs/ceph/file.c                  | 530 ++++++++++++++++++++++++++-----
>  fs/ceph/inode.c                 | 546 +++++++++++++++++++++++++++++---
>  fs/ceph/ioctl.c                 | 126 +++++++-
>  fs/ceph/mds_client.c            | 455 ++++++++++++++++++++++----
>  fs/ceph/mds_client.h            |  24 +-
>  fs/ceph/super.c                 |  91 +++++-
>  fs/ceph/super.h                 |  43 ++-
>  fs/ceph/xattr.c                 |  29 ++
>  fs/crypto/fname.c               |  44 ++-
>  fs/crypto/fscrypt_private.h     |   9 +-
>  fs/crypto/hooks.c               |   6 +-
>  fs/crypto/policy.c              |  35 +-
>  fs/inode.c                      |   1 +
>  include/linux/ceph/ceph_fs.h    |  21 +-
>  include/linux/ceph/osd_client.h |   6 +-
>  include/linux/ceph/rados.h      |   4 +
>  include/linux/fscrypt.h         |  10 +
>  net/ceph/osd_client.c           |  32 +-
>  26 files changed, 2907 insertions(+), 364 deletions(-)
>  create mode 100644 fs/ceph/crypto.c
>  create mode 100644 fs/ceph/crypto.h
> 

I'm going to go ahead and update the wip-fscrypt branch in the ceph
kernel tree to use this series. Please note that for now, that branch
won't work correctly when the ms_mode=secure or ms_mode=legacy transport
modes are used.

Once the sparse read support is updated to include those, we should be
able to use other transports with it.

Cheers,
-- 
Jeff Layton <jlayton@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ