[RFC PATCH v4 00/17] ceph+fscrypt: context, filename and symlink support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



It's been a while (September!) since my last posting of this series.
Main notable changes since then:

- adapt to latest version of fscrypt API in mainline
- take advantage of alternate_name feature in MDS to handle long names
- gate ioctls on MDS support
- many bugfixes

The set starts by exporting new_inode_pseudo and a few fscrypt
functions.  Hopefully those aren't too controversial, but please let me
know if they are. From there, it adds support for crypto contexts in an
xattr, and then filenames and symlinks.

The alternate name is just an extra field that gets stored in the dentry
on the MDS on creation and transmitted to clients as part of the dentry
lease. For fscrypt, we're using it to store the full binary crypttext
name when it's too long to store without hashing the last characters in
the name. This allows us to handle long filenames properly, while still
making the underlying filesystem accessible to clients that don't
support fscrypt.

Note that we use our own encoding scheme for "nokey names" that is
similar to the usual fscrypt one but lacks the dirhash fields (which we
don't use). We don't want to enshrine the fscrypt_nokey_name format onto
stable storage, and this scheme allows us to avoid that, and preserve
compatibility with legacy clients that don't support fscrypt.

For now, this is still a RFC. This all works pretty well so far, but
I don't want to merge any of it until we can handle encrypting the file
contents as well. I'll (hopefully!) be working toward that end in the
near future.

Jeff Layton (17):
  vfs: export new_inode_pseudo
  fscrypt: export fscrypt_base64_encode and fscrypt_base64_decode
  fscrypt: export fscrypt_fname_encrypt and fscrypt_fname_encrypted_size
  fscrypt: add fscrypt_context_for_new_inode
  ceph: crypto context handling for ceph
  ceph: implement -o test_dummy_encryption mount option
  ceph: preallocate inode for ops that may create one
  ceph: add routine to create fscrypt context prior to RPC
  ceph: make ceph_msdc_build_path use ref-walk
  ceph: add encrypted fname handling to ceph_mdsc_build_path
  ceph: decode alternate_name in lease info
  ceph: send altname in MClientRequest
  ceph: add support to readdir for encrypted filenames
  ceph: add fscrypt support to ceph_fill_trace
  ceph: make d_revalidate call fscrypt revalidator for encrypted
    dentries
  ceph: create symlinks with encrypted and base64-encoded targets
  ceph: add fscrypt ioctls

 fs/ceph/Makefile            |   1 +
 fs/ceph/crypto.c            | 185 ++++++++++++++++++++++++
 fs/ceph/crypto.h            | 101 +++++++++++++
 fs/ceph/dir.c               | 161 ++++++++++++++++-----
 fs/ceph/file.c              |  56 +++++---
 fs/ceph/inode.c             | 246 +++++++++++++++++++++++++++++---
 fs/ceph/ioctl.c             |  61 ++++++++
 fs/ceph/mds_client.c        | 275 ++++++++++++++++++++++++++++++------
 fs/ceph/mds_client.h        |  14 +-
 fs/ceph/super.c             |  80 ++++++++++-
 fs/ceph/super.h             |  16 ++-
 fs/ceph/xattr.c             |  32 +++++
 fs/crypto/fname.c           |  53 +++++--
 fs/crypto/fscrypt_private.h |   9 +-
 fs/crypto/hooks.c           |   6 +-
 fs/crypto/policy.c          |  34 ++++-
 fs/inode.c                  |   1 +
 include/linux/fscrypt.h     |  10 ++
 18 files changed, 1181 insertions(+), 160 deletions(-)
 create mode 100644 fs/ceph/crypto.c
 create mode 100644 fs/ceph/crypto.h

-- 
2.29.2




[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux