Re: [RFC PATCH v2 06/18] fscrypt: move nokey_name conversion to separate function and export it

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Sep 08, 2020 at 08:50:04AM -0400, Jeff Layton wrote:
> > > +EXPORT_SYMBOL(fscrypt_encode_nokey_name);
> > 
> > Why does this need to be exported?
> > 
> > There's no user of this function introduced in this patchset.
> > 
> > - Eric
> 
> Yeah, I probably should have dropped this from the series for now as
> nothing uses it yet, but eventually we may need this. I did a fairly
> detailed writeup of the problem here:
> 
>     https://tracker.ceph.com/issues/47162
> 
> Basically, we still need to allow clients to look up dentries in the MDS
> even when they don't have the key.
> 
> There are a couple of different approaches, but the simplest is to just
> have the client always store long dentry names using the nokey_name, and
> then keep the full name in a new field in the dentry representation that
> is sent across the wire.
> 
> This requires some changes to the Ceph MDS (which is what that tracker
> bug is about), and will mean enshrining the nokey name in perpetuity.
> We're still looking at this for now though, and we're open to other
> approaches if you've got any to suggest.

The (persistent) directory entries have to include the full ciphertext
filenames.  If they only included the no-key names, then it wouldn't always be
possible to translate them back into the original plaintext filenames.

It's also required that the filesystem can find a specific directory entry given
its corresponding no-key name.  For a network filesystem, that can be done
either on the client (request all filenames in the directory, then check all of
them...), or on the server (give it the no-key name and have it do the matching;
it would need to know the specifics of how the no-key names work).

The no-key names aren't currently stable, and it would be nice to keep them that
way since we might want to improve how they work later.  But if you need to
stabilize a version of the no-key name format for use in the ceph protocol so
that the server can do the matching, it would be possible to do that.  It
wouldn't even necessarily have to be what fscrypt currently uses; e.g. if it
were to simplify things a lot for you to simply use SHA-256(ciphertext_name)
instead of the current 'struct fscrypt_nokey_name', you could do that.

- Eric
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux