Re: [RFC PATCH v3 00/16] ceph+fscrypt: context, filename and symlink support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2020-09-14 at 19:13 -0700, Eric Biggers wrote:
> On Mon, Sep 14, 2020 at 03:16:51PM -0400, Jeff Layton wrote:
> > This is the third posting of the ceph+fscrypt integration work. This
> > just covers context handling, filename and symlink support.
> > 
> > The main changes since the last set are mainly to address Eric's review
> > comments. Hopefully this will be much closer to mergeable. Some highlights:
> > 
> > 1/ rebase onto Eric's fscrypt-file-creation-v2 tag
> > 
> > 2/ fscrypt_context_for_new_inode now takes a void * to hold the context
> > 
> > 3/ make fscrypt_fname_disk_to_usr designate whether the returned name
> >    is a nokey name. This is necessary to close a potential race in
> >    readdir support
> > 
> > 4/ fscrypt_base64_encode/decode remain in fs/crypto (not moved into lib/)
> > 
> > 5/ test_dummy_encryption handling is moved into a separate patch, and
> >    several bugs fixed that resulted in context not being set up
> >    properly.
> > 
> > 6/ symlink handling now works
> > 
> > Content encryption is the next step, but I want to get the fscache
> > rework done first. It would be nice if we were able to store encrypted
> > files in the cache, for instance.
> > 
> > This set has been tagged as "ceph-fscrypt-rfc.3" in my tree here:
> > 
> >     https://git.kernel.org/pub/scm/linux/kernel/git/jlayton/linux.git
> > 
> > Note that this is still quite preliminary, but my goal is to get a set
> > merged for v5.11.
> 
> A few comments that didn't fit anywhere else:
> 
> I'm looking forward to contents encryption, as that's the most important part.
> 

Me too, but I've got a fairly substantial rework of the buffered
writeback code queued up to handle some fscache changes. We'll probably
need to teach fscache how to deal with encrypted data, so I haven't
really started on that part yet.

> Is there any possibility that the fscrypt xfstests can be run on ceph?
> See: https://www.kernel.org/doc/html/latest/filesystems/fscrypt.html#tests
> 

I've been testing with the xfstests "quick" group as a sanity test, but
it doesn't have the fscrypt tests. I'll try them out soon.

> In fs/ceph/Kconfig, CEPH_FS needs:
> 
> 	select FS_ENCRYPTION_ALGS if FS_ENCRYPTION
> 
> There are compile errors when !CONFIG_FS_ENCRYPTION.
> 

Thanks. I should have added the caveat that this is still _very_ rough
and not at all ready for merge. I'll definitely fix up
the !CONFIG_FS_ENCRYPTION case before I send the next set.

Thanks for the detailed review so far. I'm working through your comments
now and should address most of them in the next set.
-- 
Jeff Layton <jlayton@xxxxxxxxxx>




[Index of Archives]     [linux Cryptography]     [Asterisk App Development]     [PJ SIP]     [Gnu Gatekeeper]     [IETF Sipping]     [Info Cyrus]     [ALSA User]     [Fedora Linux Users]     [Linux SCTP]     [DCCP]     [Gimp]     [Yosemite News]     [Deep Creek Hot Springs]     [Yosemite Campsites]     [ISDN Cause Codes]

  Powered by Linux