[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220418135957.12056-1-lhenriques@suse.de>
Date: Mon, 18 Apr 2022 14:59:52 +0100
From: Luís Henriques <lhenriques@...e.de>
To: Jeff Layton <jlayton@...nel.org>, Xiubo Li <xiubli@...hat.com>,
Ilya Dryomov <idryomov@...il.com>
Cc: ceph-devel@...r.kernel.org, linux-kernel@...r.kernel.org,
Luís Henriques <lhenriques@...e.de>
Subject: [PATCH v5 0/5] ceph: add support for snapshot names encryption
Hi!
And here's yet another revision. The main difference from v4 is the
addition of a patch to prevent the creation of snapshots in directories
that are encrypted but that are not unlocked (i.e. no key available).
As before, the following ceph PRs are required:
mds: add protection from clients without fscrypt support #45073
mds: use the whole string as the snapshot long name #45192
mds: support alternate names for snapshots #45224
mds: limit the snapshot names to 240 characters #45312
Changes since v4:
- Explicitly added the encoding base for kstrtou64() as we do know that
the inode numbers are in decimal.
- New patch to prevent the creation of snapshots in encrypted directories
that do not have the key loaded.
Changes since v3:
- Fixed WARN_ON() in ceph_encode_encrypted_dname()
- Updated documentation and copyright notice for the base64
encoding/decoding implementaiton which was taken from the fscrypt base.
Changes since v2:
- Use ceph_find_inode() instead of ceph_get_inode() for finding a snapshot
parent in function parse_longname(). I've also added a fallback to
ceph_get_inode() in case we fail to find the inode. This may happen if,
for example, the mount root doesn't include that inode. The iput() was
also complemented by a discard_new_inode() if the inode is in the I_NEW
state. (patch 0002)
- Move the check for '_' snapshots further up in the ceph_fname_to_usr()
and ceph_encode_encrypted_dname(). This fixes the case pointed out by
Xiubo in v2. (patch 0002)
- Use NAME_MAX for tmp arrays (patch 0002)
- Added an extra patch for replacing the base64url encoding by a different
encoding standard, the one used for IMAP mailboxes (which uses '+' and
',' instead of '-' and '_'). This should fix the issue with snapshot
names starting with '_'. (patch 0003)
Changes since v1:
- Dropped the dentry->d_flags change in ceph_mkdir(). Thanks to Xiubo
suggestion, patch 0001 now skips calling ceph_fscrypt_prepare_context()
if we're handling a snapshot.
- Added error handling to ceph_get_snapdir() in patch 0001 (Jeff had
already pointed that out but I forgot to include that change in previous
revision).
- Rebased patch 0002 to the latest wip-fscrypt branch.
- Added some documentation regarding snapshots naming restrictions.
Luís Henriques (5):
ceph: add support for encrypted snapshot names
ceph: add support for handling encrypted snapshot names
ceph: update documentation regarding snapshot naming limitations
ceph: replace base64url by the encoding used for mailbox names
ceph: prevent snapshots to be created in encrypted locked directories
Documentation/filesystems/ceph.rst | 10 ++
fs/ceph/crypto.c | 252 +++++++++++++++++++++++++----
fs/ceph/crypto.h | 14 +-
fs/ceph/dir.c | 7 +-
fs/ceph/inode.c | 33 +++-
5 files changed, 278 insertions(+), 38 deletions(-)
Powered by blists - more mailing lists