diff mbox series

[v16,52/68] ceph: disable copy offload on encrypted inodes

Message ID	20230227032813.337906-53-xiubli@redhat.com
State	Superseded
Headers	show Return-Path: <ceph-devel-owner@vger.kernel.org> From: xiubli@redhat.com To: idryomov@gmail.com, ceph-devel@vger.kernel.org Cc: jlayton@kernel.org, lhenriques@suse.de, vshankar@redhat.com, mchangir@redhat.com, Xiubo Li <xiubli@redhat.com> Subject: [PATCH v16 52/68] ceph: disable copy offload on encrypted inodes Date: Mon, 27 Feb 2023 11:27:57 +0800 Message-Id: <20230227032813.337906-53-xiubli@redhat.com> In-Reply-To: <20230227032813.337906-1-xiubli@redhat.com> References: <20230227032813.337906-1-xiubli@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	ceph+fscrypt: full support \| expand [v16,00/68] ceph+fscrypt: full support [v16,01/68] libceph: add spinlock around osd->o_requests [v16,02/68] libceph: define struct ceph_sparse_extent and add some helpers [v16,03/68] libceph: add sparse read support to msgr2 crc state machine [v16,04/68] libceph: add sparse read support to OSD client [v16,05/68] libceph: support sparse reads on msgr2 secure codepath [v16,06/68] libceph: add sparse read support to msgr1 [v16,07/68] ceph: add new mount option to enable sparse reads [v16,08/68] ceph: preallocate inode for ops that may create one [v16,09/68] ceph: make ceph_msdc_build_path use ref-walk [v16,10/68] libceph: add new iov_iter-based ceph_msg_data_type and ceph_osd_data_type [v16,11/68] ceph: use osd_req_op_extent_osd_iter for netfs reads [v16,12/68] ceph: fscrypt_auth handling for ceph [v16,13/68] ceph: ensure that we accept a new context from MDS for new inodes [v16,14/68] ceph: add support for fscrypt_auth/fscrypt_file to cap messages [v16,15/68] ceph: implement -o test_dummy_encryption mount option [v16,16/68] ceph: decode alternate_name in lease info [v16,17/68] ceph: add fscrypt ioctls [v16,18/68] ceph: make the ioctl cmd more readable in debug log [v16,19/68] ceph: add base64 endcoding routines for encrypted names [v16,20/68] ceph: add encrypted fname handling to ceph_mdsc_build_path [v16,21/68] ceph: send altname in MClientRequest [v16,22/68] ceph: encode encrypted name in dentry release [v16,23/68] ceph: properly set DCACHE_NOKEY_NAME flag in lookup [v16,24/68] ceph: set DCACHE_NOKEY_NAME in atomic open [v16,25/68] ceph: make d_revalidate call fscrypt revalidator for encrypted dentries [v16,26/68] ceph: add helpers for converting names for userland presentation [v16,27/68] ceph: fix base64 encoded name's length check in ceph_fname_to_usr() [v16,28/68] ceph: add fscrypt support to ceph_fill_trace [v16,29/68] ceph: pass the request to parse_reply_info_readdir() [v16,30/68] ceph: add ceph_encode_encrypted_dname() helper [v16,31/68] ceph: add support to readdir for encrypted filenames [v16,32/68] ceph: create symlinks with encrypted and base64-encoded targets [v16,33/68] ceph: make ceph_get_name decrypt filenames [v16,34/68] ceph: add a new ceph.fscrypt.auth vxattr [v16,35/68] ceph: add some fscrypt guardrails [v16,36/68] ceph: allow encrypting a directory while not having Ax caps [v16,37/68] ceph: mark directory as non-complete after loading key [v16,38/68] ceph: don't allow changing layout on encrypted files/directories [v16,39/68] libceph: add CEPH_OSD_OP_ASSERT_VER support [v16,40/68] ceph: size handling for encrypted inodes in cap updates [v16,41/68] ceph: fscrypt_file field handling in MClientRequest messages [v16,42/68] ceph: get file size from fscrypt_file when present in inode traces [v16,43/68] ceph: handle fscrypt fields in cap messages from MDS [v16,44/68] ceph: update WARN_ON message to pr_warn [v16,45/68] ceph: add __ceph_get_caps helper support [v16,46/68] ceph: add __ceph_sync_read helper support [v16,47/68] ceph: add object version support for sync read [v16,48/68] ceph: add infrastructure for file encryption and decryption [v16,49/68] ceph: add truncate size handling support for fscrypt [v16,50/68] libceph: allow ceph_osdc_new_request to accept a multi-op read [v16,51/68] ceph: disable fallocate for encrypted inodes [v16,52/68] ceph: disable copy offload on encrypted inodes [v16,53/68] ceph: don't use special DIO path for encrypted inodes [v16,54/68] ceph: align data in pages in ceph_sync_write [v16,55/68] ceph: add read/modify/write to ceph_sync_write [v16,56/68] ceph: plumb in decryption during sync reads [v16,57/68] ceph: add fscrypt decryption support to ceph_netfs_issue_op [v16,58/68] ceph: set i_blkbits to crypto block size for encrypted inodes [v16,59/68] ceph: add encryption support to writepage [v16,60/68] ceph: fscrypt support for writepages [v16,61/68] ceph: invalidate pages when doing direct/sync writes [v16,62/68] ceph: add support for encrypted snapshot names [v16,63/68] ceph: add support for handling encrypted snapshot names [v16,64/68] ceph: update documentation regarding snapshot naming limitations [v16,65/68] ceph: prevent snapshots to be created in encrypted locked directories [v16,66/68] ceph: report STATX_ATTR_ENCRYPTED on encrypted inodes [v16,67/68] libceph: defer removing the req from osdc just after req->r_callback [v16,68/68] ceph: drop the messages from MDS when unmounting

Commit Message

Xiubo Li Feb. 27, 2023, 3:27 a.m. UTC

From: Jeff Layton <jlayton@kernel.org>

If we have an encrypted inode, then the client will need to re-encrypt
the contents of the new object. Disable copy offload to or from
encrypted inodes.

Reviewed-by: Xiubo Li <xiubli@redhat.com>
Signed-off-by: Jeff Layton <jlayton@kernel.org>
---
 fs/ceph/file.c | 4 ++++
 1 file changed, 4 insertions(+)

diff mbox series

Patch

diff --git a/fs/ceph/file.c b/fs/ceph/file.c
index a9d4e4492420..a0c54058c634 100644
--- a/fs/ceph/file.c
+++ b/fs/ceph/file.c
@@ -2523,6 +2523,10 @@  static ssize_t __ceph_copy_file_range(struct file *src_file, loff_t src_off,
 		return -EOPNOTSUPP;
 	}
 
+	/* Every encrypted inode gets its own key, so we can't offload them */
+	if (IS_ENCRYPTED(src_inode) || IS_ENCRYPTED(dst_inode))
+		return -EOPNOTSUPP;
+
 	if (len < src_ci->i_layout.object_size)
 		return -EOPNOTSUPP; /* no remote copy will be done */