| Message ID | 20220322141316.41325-1-jlayton@kernel.org |
|---|---|
| Headers | show |
| Series | ceph+fscrypt : full support | expand |
On Tue, 2022-03-22 at 10:12 -0400, Jeff Layton wrote: > Add support for new version 12 cap messages that carry the new > fscrypt_auth and fscrypt_file fields from the inode. > > Signed-off-by: Jeff Layton <jlayton@kernel.org> > --- > fs/ceph/caps.c | 76 +++++++++++++++++++++++++++++++++++++++++--------- > 1 file changed, 63 insertions(+), 13 deletions(-) > > diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c > index 7d8ef67a1032..b0b7688331b4 100644 > --- a/fs/ceph/caps.c > +++ b/fs/ceph/caps.c > @@ -13,6 +13,7 @@ > #include "super.h" > #include "mds_client.h" > #include "cache.h" > +#include "crypto.h" > #include <linux/ceph/decode.h> > #include <linux/ceph/messenger.h> > > @@ -1214,15 +1215,12 @@ struct cap_msg_args { > umode_t mode; > bool inline_data; > bool wake; > + u32 fscrypt_auth_len; > + u32 fscrypt_file_len; > + u8 fscrypt_auth[sizeof(struct ceph_fscrypt_auth)]; // for context > + u8 fscrypt_file[sizeof(u64)]; // for size > }; > > -/* > - * cap struct size + flock buffer size + inline version + inline data size + > - * osd_epoch_barrier + oldest_flush_tid > - */ > -#define CAP_MSG_SIZE (sizeof(struct ceph_mds_caps) + \ > - 4 + 8 + 4 + 4 + 8 + 4 + 4 + 4 + 8 + 8 + 4) > - > /* Marshal up the cap msg to the MDS */ > static void encode_cap_msg(struct ceph_msg *msg, struct cap_msg_args *arg) > { > @@ -1238,7 +1236,7 @@ static void encode_cap_msg(struct ceph_msg *msg, struct cap_msg_args *arg) > arg->size, arg->max_size, arg->xattr_version, > arg->xattr_buf ? (int)arg->xattr_buf->vec.iov_len : 0); > > - msg->hdr.version = cpu_to_le16(10); > + msg->hdr.version = cpu_to_le16(12); > msg->hdr.tid = cpu_to_le64(arg->flush_tid); > > fc = msg->front.iov_base; > @@ -1309,6 +1307,21 @@ static void encode_cap_msg(struct ceph_msg *msg, struct cap_msg_args *arg) > > /* Advisory flags (version 10) */ > ceph_encode_32(&p, arg->flags); > + > + /* dirstats (version 11) - these are r/o on the client */ > + ceph_encode_64(&p, 0); > + ceph_encode_64(&p, 0); > + > +#if IS_ENABLED(CONFIG_FS_ENCRYPTION) > + /* fscrypt_auth and fscrypt_file (version 12) */ > + ceph_encode_32(&p, arg->fscrypt_auth_len); > + ceph_encode_copy(&p, arg->fscrypt_auth, arg->fscrypt_auth_len); > + ceph_encode_32(&p, arg->fscrypt_file_len); > + ceph_encode_copy(&p, arg->fscrypt_file, arg->fscrypt_file_len); > +#else /* CONFIG_FS_ENCRYPTION */ > + ceph_encode_32(&p, 0); > + ceph_encode_32(&p, 0); > +#endif /* CONFIG_FS_ENCRYPTION */ > } > > /* > @@ -1430,8 +1443,37 @@ static void __prep_cap(struct cap_msg_args *arg, struct ceph_cap *cap, > } > } > arg->flags = flags; > +#if IS_ENABLED(CONFIG_FS_ENCRYPTION) > + if (ci->fscrypt_auth_len && > + WARN_ON_ONCE(ci->fscrypt_auth_len != sizeof(struct ceph_fscrypt_auth))) { The above WARN_ON_ONCE is too strict, and causes the client to reject v1 fscrypt contexts (as well as throw the warning). That should be a ">" instead. I've fixed this in my tree and pushed the fix into wip-fscrypt. > + /* Don't set this if it isn't right size */ > + arg->fscrypt_auth_len = 0; > + } else { > + arg->fscrypt_auth_len = ci->fscrypt_auth_len; > + memcpy(arg->fscrypt_auth, ci->fscrypt_auth, > + min_t(size_t, ci->fscrypt_auth_len, sizeof(arg->fscrypt_auth))); > + } > + /* FIXME: use this to track "real" size */ > + arg->fscrypt_file_len = 0; > +#endif /* CONFIG_FS_ENCRYPTION */ > } > > +#define CAP_MSG_FIXED_FIELDS (sizeof(struct ceph_mds_caps) + \ > + 4 + 8 + 4 + 4 + 8 + 4 + 4 + 4 + 8 + 8 + 4 + 8 + 8 + 4 + 4) > + > +#if IS_ENABLED(CONFIG_FS_ENCRYPTION) > +static inline int cap_msg_size(struct cap_msg_args *arg) > +{ > + return CAP_MSG_FIXED_FIELDS + arg->fscrypt_auth_len + > + arg->fscrypt_file_len; > +} > +#else > +static inline int cap_msg_size(struct cap_msg_args *arg) > +{ > + return CAP_MSG_FIXED_FIELDS; > +} > +#endif /* CONFIG_FS_ENCRYPTION */ > + > /* > * Send a cap msg on the given inode. > * > @@ -1442,7 +1484,7 @@ static void __send_cap(struct cap_msg_args *arg, struct ceph_inode_info *ci) > struct ceph_msg *msg; > struct inode *inode = &ci->vfs_inode; > > - msg = ceph_msg_new(CEPH_MSG_CLIENT_CAPS, CAP_MSG_SIZE, GFP_NOFS, false); > + msg = ceph_msg_new(CEPH_MSG_CLIENT_CAPS, cap_msg_size(arg), GFP_NOFS, false); > if (!msg) { > pr_err("error allocating cap msg: ino (%llx.%llx) flushing %s tid %llu, requeuing cap.\n", > ceph_vinop(inode), ceph_cap_string(arg->dirty), > @@ -1468,10 +1510,6 @@ static inline int __send_flush_snap(struct inode *inode, > struct cap_msg_args arg; > struct ceph_msg *msg; > > - msg = ceph_msg_new(CEPH_MSG_CLIENT_CAPS, CAP_MSG_SIZE, GFP_NOFS, false); > - if (!msg) > - return -ENOMEM; > - > arg.session = session; > arg.ino = ceph_vino(inode).ino; > arg.cid = 0; > @@ -1509,6 +1547,18 @@ static inline int __send_flush_snap(struct inode *inode, > arg.flags = 0; > arg.wake = false; > > + /* > + * No fscrypt_auth changes from a capsnap. It will need > + * to update fscrypt_file on size changes (TODO). > + */ > + arg.fscrypt_auth_len = 0; > + arg.fscrypt_file_len = 0; > + > + msg = ceph_msg_new(CEPH_MSG_CLIENT_CAPS, cap_msg_size(&arg), > + GFP_NOFS, false); > + if (!msg) > + return -ENOMEM; > + > encode_cap_msg(msg, &arg); > ceph_con_send(&arg.session->s_con, msg); > return 0;
On Tue, 2022-03-22 at 10:12 -0400, Jeff Layton wrote: > This patchset represents a (mostly) working prototype of the > ceph+fscrypt work. With this, I'm able run xfstests with > test_dummy_encryption, and most of the tests that pass on ceph without > fscrypt now pass on it. > > When I made the last posting of this series [1], I mentioned that proper > support for sparse read support would be necessary to do this. Thus, the > biggest difference from the v10 set is that this is now based on top of > the patch series that I posted yesterday to implement sparse reads [2]. > > Aside from that, there are also numerous cleanups all over the tree, as > well as an overhaul of the readdir handling by Xiubo. > > This series is not yet bug-free, but it's at a point where it is quite > usable, providing you're running against the Quincy release of ceph > (which should ship sometime in the next few months). > > Next Steps: > =========== > I'm not going to sugar-coat it. This is a huge, invasive patch series > that touches a lot of the most sensitive code in ceph. > > Eric Biggers has acked the changes we need in fscrypt infrastructure. I > still need Al to ack exporting the new_inode_pseudo symbol. The rest is > pretty much all ceph and libceph code. > > The main piece missing at this point is support for sparse reads with > ms_mode settings other than "crc". Once that's complete, I want to merge > that and this series into the ceph "testing" branch so we can start > running tests against it in teuthology with fscrypt enabled. > > If that goes well, I think we could probably merge this into mainline > for v5.20 or v5.21. There is also some incoming support for netfs write > and DIO read helpers that we may want to convert to as well [3]. That > may alter the timing as well. > > Review, comments and questions are welcome... > > [1]: https://lore.kernel.org/ceph-devel/20220111191608.88762-1-jlayton@kernel.org/ > > [2]: https://lore.kernel.org/ceph-devel/20220318135013.43934-1-jlayton@kernel.org/ > > [3]: https://lore.kernel.org/ceph-devel/YixWLJXyWtD+STvl@codewreck.org/T/#maec7e3579f13a45171ad23d7a49183d169fcfcca > > Jeff Layton (41): > vfs: export new_inode_pseudo > fscrypt: export fscrypt_base64url_encode and fscrypt_base64url_decode > fscrypt: export fscrypt_fname_encrypt and fscrypt_fname_encrypted_size > fscrypt: add fscrypt_context_for_new_inode > ceph: preallocate inode for ops that may create one > ceph: crypto context handling for ceph > ceph: parse new fscrypt_auth and fscrypt_file fields in inode traces > ceph: add support for fscrypt_auth/fscrypt_file to cap messages > ceph: add ability to set fscrypt_auth via setattr > ceph: implement -o test_dummy_encryption mount option > ceph: decode alternate_name in lease info > ceph: add fscrypt ioctls > ceph: make ceph_msdc_build_path use ref-walk > ceph: add encrypted fname handling to ceph_mdsc_build_path > ceph: send altname in MClientRequest > ceph: encode encrypted name in dentry release > ceph: properly set DCACHE_NOKEY_NAME flag in lookup > ceph: make d_revalidate call fscrypt revalidator for encrypted > dentries > ceph: add helpers for converting names for userland presentation > ceph: add fscrypt support to ceph_fill_trace > ceph: create symlinks with encrypted and base64-encoded targets > ceph: make ceph_get_name decrypt filenames > ceph: add a new ceph.fscrypt.auth vxattr > ceph: add some fscrypt guardrails > libceph: add CEPH_OSD_OP_ASSERT_VER support > ceph: size handling for encrypted inodes in cap updates > ceph: fscrypt_file field handling in MClientRequest messages > ceph: get file size from fscrypt_file when present in inode traces > ceph: handle fscrypt fields in cap messages from MDS > ceph: add infrastructure for file encryption and decryption > libceph: allow ceph_osdc_new_request to accept a multi-op read > ceph: disable fallocate for encrypted inodes > ceph: disable copy offload on encrypted inodes > ceph: don't use special DIO path for encrypted inodes > ceph: align data in pages in ceph_sync_write > ceph: add read/modify/write to ceph_sync_write > ceph: plumb in decryption during sync reads > ceph: add fscrypt decryption support to ceph_netfs_issue_op > ceph: set i_blkbits to crypto block size for encrypted inodes > ceph: add encryption support to writepage > ceph: fscrypt support for writepages > > Luis Henriques (1): > ceph: don't allow changing layout on encrypted files/directories > > Xiubo Li (9): > ceph: make the ioctl cmd more readable in debug log > ceph: fix base64 encoded name's length check in ceph_fname_to_usr() > ceph: pass the request to parse_reply_info_readdir() > ceph: add ceph_encode_encrypted_dname() helper > ceph: add support to readdir for encrypted filenames > ceph: add __ceph_get_caps helper support > ceph: add __ceph_sync_read helper support > ceph: add object version support for sync read > ceph: add truncate size handling support for fscrypt > > fs/ceph/Makefile | 1 + > fs/ceph/acl.c | 4 +- > fs/ceph/addr.c | 128 ++++++-- > fs/ceph/caps.c | 212 +++++++++++-- > fs/ceph/crypto.c | 432 +++++++++++++++++++++++++ > fs/ceph/crypto.h | 256 +++++++++++++++ > fs/ceph/dir.c | 182 ++++++++--- > fs/ceph/export.c | 44 ++- > fs/ceph/file.c | 530 ++++++++++++++++++++++++++----- > fs/ceph/inode.c | 546 +++++++++++++++++++++++++++++--- > fs/ceph/ioctl.c | 126 +++++++- > fs/ceph/mds_client.c | 455 ++++++++++++++++++++++---- > fs/ceph/mds_client.h | 24 +- > fs/ceph/super.c | 91 +++++- > fs/ceph/super.h | 43 ++- > fs/ceph/xattr.c | 29 ++ > fs/crypto/fname.c | 44 ++- > fs/crypto/fscrypt_private.h | 9 +- > fs/crypto/hooks.c | 6 +- > fs/crypto/policy.c | 35 +- > fs/inode.c | 1 + > include/linux/ceph/ceph_fs.h | 21 +- > include/linux/ceph/osd_client.h | 6 +- > include/linux/ceph/rados.h | 4 + > include/linux/fscrypt.h | 10 + > net/ceph/osd_client.c | 32 +- > 26 files changed, 2907 insertions(+), 364 deletions(-) > create mode 100644 fs/ceph/crypto.c > create mode 100644 fs/ceph/crypto.h > I was able to get the sparse reads working on other transports yesterday, and I've gone ahead and updated the wip-fscrypt branch with the newest sparse read and fscrypt changes. For the record, the final diffstat with both patch series is: 30 files changed, 3706 insertions(+), 400 deletions(-) I'll probably plan to move these into the testing branch next week, after I do bit more testing locally today. Another thing we'll need to sort out is how to enable fscrypt for teuthology tests. As always, more testing and review would definitely be welcome. Thanks!
This patchset represents a (mostly) working prototype of the ceph+fscrypt work. With this, I'm able run xfstests with test_dummy_encryption, and most of the tests that pass on ceph without fscrypt now pass on it. When I made the last posting of this series [1], I mentioned that proper support for sparse read support would be necessary to do this. Thus, the biggest difference from the v10 set is that this is now based on top of the patch series that I posted yesterday to implement sparse reads [2]. Aside from that, there are also numerous cleanups all over the tree, as well as an overhaul of the readdir handling by Xiubo. This series is not yet bug-free, but it's at a point where it is quite usable, providing you're running against the Quincy release of ceph (which should ship sometime in the next few months). Next Steps: =========== I'm not going to sugar-coat it. This is a huge, invasive patch series that touches a lot of the most sensitive code in ceph. Eric Biggers has acked the changes we need in fscrypt infrastructure. I still need Al to ack exporting the new_inode_pseudo symbol. The rest is pretty much all ceph and libceph code. The main piece missing at this point is support for sparse reads with ms_mode settings other than "crc". Once that's complete, I want to merge that and this series into the ceph "testing" branch so we can start running tests against it in teuthology with fscrypt enabled. If that goes well, I think we could probably merge this into mainline for v5.20 or v5.21. There is also some incoming support for netfs write and DIO read helpers that we may want to convert to as well [3]. That may alter the timing as well. Review, comments and questions are welcome... [1]: https://lore.kernel.org/ceph-devel/20220111191608.88762-1-jlayton@kernel.org/ [2]: https://lore.kernel.org/ceph-devel/20220318135013.43934-1-jlayton@kernel.org/ [3]: https://lore.kernel.org/ceph-devel/YixWLJXyWtD+STvl@codewreck.org/T/#maec7e3579f13a45171ad23d7a49183d169fcfcca Jeff Layton (41): vfs: export new_inode_pseudo fscrypt: export fscrypt_base64url_encode and fscrypt_base64url_decode fscrypt: export fscrypt_fname_encrypt and fscrypt_fname_encrypted_size fscrypt: add fscrypt_context_for_new_inode ceph: preallocate inode for ops that may create one ceph: crypto context handling for ceph ceph: parse new fscrypt_auth and fscrypt_file fields in inode traces ceph: add support for fscrypt_auth/fscrypt_file to cap messages ceph: add ability to set fscrypt_auth via setattr ceph: implement -o test_dummy_encryption mount option ceph: decode alternate_name in lease info ceph: add fscrypt ioctls ceph: make ceph_msdc_build_path use ref-walk ceph: add encrypted fname handling to ceph_mdsc_build_path ceph: send altname in MClientRequest ceph: encode encrypted name in dentry release ceph: properly set DCACHE_NOKEY_NAME flag in lookup ceph: make d_revalidate call fscrypt revalidator for encrypted dentries ceph: add helpers for converting names for userland presentation ceph: add fscrypt support to ceph_fill_trace ceph: create symlinks with encrypted and base64-encoded targets ceph: make ceph_get_name decrypt filenames ceph: add a new ceph.fscrypt.auth vxattr ceph: add some fscrypt guardrails libceph: add CEPH_OSD_OP_ASSERT_VER support ceph: size handling for encrypted inodes in cap updates ceph: fscrypt_file field handling in MClientRequest messages ceph: get file size from fscrypt_file when present in inode traces ceph: handle fscrypt fields in cap messages from MDS ceph: add infrastructure for file encryption and decryption libceph: allow ceph_osdc_new_request to accept a multi-op read ceph: disable fallocate for encrypted inodes ceph: disable copy offload on encrypted inodes ceph: don't use special DIO path for encrypted inodes ceph: align data in pages in ceph_sync_write ceph: add read/modify/write to ceph_sync_write ceph: plumb in decryption during sync reads ceph: add fscrypt decryption support to ceph_netfs_issue_op ceph: set i_blkbits to crypto block size for encrypted inodes ceph: add encryption support to writepage ceph: fscrypt support for writepages Luis Henriques (1): ceph: don't allow changing layout on encrypted files/directories Xiubo Li (9): ceph: make the ioctl cmd more readable in debug log ceph: fix base64 encoded name's length check in ceph_fname_to_usr() ceph: pass the request to parse_reply_info_readdir() ceph: add ceph_encode_encrypted_dname() helper ceph: add support to readdir for encrypted filenames ceph: add __ceph_get_caps helper support ceph: add __ceph_sync_read helper support ceph: add object version support for sync read ceph: add truncate size handling support for fscrypt fs/ceph/Makefile | 1 + fs/ceph/acl.c | 4 +- fs/ceph/addr.c | 128 ++++++-- fs/ceph/caps.c | 212 +++++++++++-- fs/ceph/crypto.c | 432 +++++++++++++++++++++++++ fs/ceph/crypto.h | 256 +++++++++++++++ fs/ceph/dir.c | 182 ++++++++--- fs/ceph/export.c | 44 ++- fs/ceph/file.c | 530 ++++++++++++++++++++++++++----- fs/ceph/inode.c | 546 +++++++++++++++++++++++++++++--- fs/ceph/ioctl.c | 126 +++++++- fs/ceph/mds_client.c | 455 ++++++++++++++++++++++---- fs/ceph/mds_client.h | 24 +- fs/ceph/super.c | 91 +++++- fs/ceph/super.h | 43 ++- fs/ceph/xattr.c | 29 ++ fs/crypto/fname.c | 44 ++- fs/crypto/fscrypt_private.h | 9 +- fs/crypto/hooks.c | 6 +- fs/crypto/policy.c | 35 +- fs/inode.c | 1 + include/linux/ceph/ceph_fs.h | 21 +- include/linux/ceph/osd_client.h | 6 +- include/linux/ceph/rados.h | 4 + include/linux/fscrypt.h | 10 + net/ceph/osd_client.c | 32 +- 26 files changed, 2907 insertions(+), 364 deletions(-) create mode 100644 fs/ceph/crypto.c create mode 100644 fs/ceph/crypto.h