Re: [RFC PATCH v4 16/17] ceph: create symlinks with encrypted and base64-encoded targets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2021-01-25 at 16:03 +0000, Luis Henriques wrote:
> Jeff Layton <jlayton@xxxxxxxxxx> writes:
> 
> > When creating symlinks in encrypted directories, encrypt and
> > base64-encode the target with the new inode's key before sending to the
> > MDS.
> > 
> > When filling a symlinked inode, base64-decode it into a buffer that
> > we'll keep in ci->i_symlink. When get_link is called, decrypt the buffer
> > into a new one that will hang off i_link.
> > 
> > Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
> > ---
> >  fs/ceph/dir.c   | 50 +++++++++++++++++++++++---
> >  fs/ceph/inode.c | 95 ++++++++++++++++++++++++++++++++++++++++++-------
> >  2 files changed, 128 insertions(+), 17 deletions(-)
> > 
> > diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
> > index cb7ff91a243a..1721b70118b9 100644
> > --- a/fs/ceph/dir.c
> > +++ b/fs/ceph/dir.c
> > @@ -924,6 +924,40 @@ static int ceph_create(struct inode *dir, struct dentry *dentry, umode_t mode,
> >  	return ceph_mknod(dir, dentry, mode, 0);
> >  }
> >  
> > 
> > 
> > 
> > +#if IS_ENABLED(CONFIG_FS_ENCRYPTION)
> > +static int prep_encrypted_symlink_target(struct ceph_mds_request *req, const char *dest)
> > +{
> > +	int err;
> > +	int len = strlen(dest);
> > +	struct fscrypt_str osd_link = FSTR_INIT(NULL, 0);
> > +
> > +	err = fscrypt_prepare_symlink(req->r_parent, dest, len, PATH_MAX, &osd_link);
> > +	if (err)
> > +		goto out;
> > +
> > +	err = fscrypt_encrypt_symlink(req->r_new_inode, dest, len, &osd_link);
> > +	if (err)
> > +		goto out;
> > +
> > +	req->r_path2 = kmalloc(FSCRYPT_BASE64_CHARS(osd_link.len), GFP_KERNEL);
> > +	if (!req->r_path2) {
> > +		err = -ENOMEM;
> > +		goto out;
> > +	}
> > +
> > +	len = fscrypt_base64_encode(osd_link.name, osd_link.len, req->r_path2);
> > +	req->r_path2[len] = '\0';
> > +out:
> > +	fscrypt_fname_free_buffer(&osd_link);
> > +	return err;
> > +}
> > +#else
> > +static int prep_encrypted_symlink_target(struct ceph_mds_request *req, const char *dest)
> > +{
> > +	return -EOPNOTSUPP;
> > +}
> > +#endif
> > +
> >  static int ceph_symlink(struct inode *dir, struct dentry *dentry,
> >  			    const char *dest)
> >  {
> > @@ -955,12 +989,18 @@ static int ceph_symlink(struct inode *dir, struct dentry *dentry,
> >  		goto out_req;
> >  	}
> >  
> > 
> > 
> > 
> > -	req->r_path2 = kstrdup(dest, GFP_KERNEL);
> > -	if (!req->r_path2) {
> > -		err = -ENOMEM;
> > -		goto out_req;
> > -	}
> >  	req->r_parent = dir;
> > +
> > +	if (IS_ENCRYPTED(req->r_new_inode)) {
> > +		err = prep_encrypted_symlink_target(req, dest);
> 
> nit: missing the error handling for this branch.
> 

Thanks! I'll fix this right up.


-- 
Jeff Layton <jlayton@xxxxxxxxxx>




[Index of Archives]     [linux Cryptography]     [Asterisk App Development]     [PJ SIP]     [Gnu Gatekeeper]     [IETF Sipping]     [Info Cyrus]     [ALSA User]     [Fedora Linux Users]     [Linux SCTP]     [DCCP]     [Gimp]     [Yosemite News]     [Deep Creek Hot Springs]     [Yosemite Campsites]     [ISDN Cause Codes]

  Powered by Linux