Re: [RFC PATCH v3 06/16] ceph: add fscrypt ioctls

Jeff Layton <jlayton@xxxxxxxxxx> · Tue, 15 Sep 2020 08:08:06 -0400

On Mon, 2020-09-14 at 17:45 -0700, Eric Biggers wrote:
> On Mon, Sep 14, 2020 at 03:16:57PM -0400, Jeff Layton wrote:
> > Boilerplate ioctls for controlling encryption.
> > 
> > Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
> > ---
> >  fs/ceph/ioctl.c | 25 +++++++++++++++++++++++++
> >  1 file changed, 25 insertions(+)
> > 
> > diff --git a/fs/ceph/ioctl.c b/fs/ceph/ioctl.c
> > index 6e061bf62ad4..381e44b2d60a 100644
> > --- a/fs/ceph/ioctl.c
> > +++ b/fs/ceph/ioctl.c
> > @@ -6,6 +6,7 @@
> >  #include "mds_client.h"
> >  #include "ioctl.h"
> >  #include <linux/ceph/striper.h>
> > +#include <linux/fscrypt.h>
> >  
> >  /*
> >   * ioctls
> > @@ -289,6 +290,30 @@ long ceph_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
> >  
> >  	case CEPH_IOC_SYNCIO:
> >  		return ceph_ioctl_syncio(file);
> > +
> > +	case FS_IOC_SET_ENCRYPTION_POLICY:
> > +		return fscrypt_ioctl_set_policy(file, (const void __user *)arg);
> > +
> > +	case FS_IOC_GET_ENCRYPTION_POLICY:
> > +		return fscrypt_ioctl_get_policy(file, (void __user *)arg);
> > +
> > +	case FS_IOC_GET_ENCRYPTION_POLICY_EX:
> > +		return fscrypt_ioctl_get_policy_ex(file, (void __user *)arg);
> > +
> > +	case FS_IOC_ADD_ENCRYPTION_KEY:
> > +		return fscrypt_ioctl_add_key(file, (void __user *)arg);
> > +
> > +	case FS_IOC_REMOVE_ENCRYPTION_KEY:
> > +		return fscrypt_ioctl_remove_key(file, (void __user *)arg);
> > +
> > +	case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
> > +		return fscrypt_ioctl_remove_key_all_users(file, (void __user *)arg);
> > +
> > +	case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
> > +		return fscrypt_ioctl_get_key_status(file, (void __user *)arg);
> > +
> > +	case FS_IOC_GET_ENCRYPTION_NONCE:
> > +		return fscrypt_ioctl_get_nonce(file, (void __user *)arg);
> 
> Will you be implementing an encryption feature flag for ceph, similar to what
> ext4 and f2fs have?  E.g., ext4 doesn't allow these ioctls unless the filesystem
> was formatted with '-O encrypt' (or 'tune2fs -O encrypt' was run later).  There
> would be various problems if we didn't do that; for example, old versions of
> e2fsck would consider encrypted directories to be corrupted.
> 

Yes, we'll probably have something like that once the MDS support has
settled. We'll want to disallow encryption when dealing with MDS's that
don't support it, so I suspect we'll need to add a check for that in
these ioctl calls.

That feature bit hasn't been declared yet though, and this patchset is
still _really_ rough. I'll add a comment to that effect for now though.

Thanks!
-- 
Jeff Layton <jlayton@xxxxxxxxxx>