I haven't posted this in a while and there were some bugs shaken out of
the last posting. This adds (partial) support for fscrypt to kcephfs,
including crypto contexts, filenames and encrypted symlink targets. At
this point, the xfstests quick tests that generally pass without fscrypt
also pass with test_dummy_encryption enabled.
There is one lingering bug that I'm having trouble tracking down: xfstest
generic/477 (an open_by_handle_at test) sometimes throws a "Busy inodes
after umount" warning. I'm narrowed down the issue a bit, but there is
some raciness involved so I haven't quite nailed it down yet.
This set is quite invasive. There is probably some further work to be
done to add common code helpers and the like, but the final diffstat
probably won't look too different.
This set does not include encryption of file contents. That is turning
out to be a bit trickier than first expected owing to the fact that the
MDS is usually what handles truncation, and the i_size no longer
represents the amount of data stored in the backing store. That will
probably require an MDS change to fix, and we're still sorting out the
details.
Jeff Layton (19):
vfs: export new_inode_pseudo
fscrypt: export fscrypt_base64_encode and fscrypt_base64_decode
fscrypt: export fscrypt_fname_encrypt and fscrypt_fname_encrypted_size
fscrypt: add fscrypt_context_for_new_inode
ceph: crypto context handling for ceph
ceph: implement -o test_dummy_encryption mount option
ceph: preallocate inode for ops that may create one
ceph: add routine to create fscrypt context prior to RPC
ceph: make ceph_msdc_build_path use ref-walk
ceph: add encrypted fname handling to ceph_mdsc_build_path
ceph: decode alternate_name in lease info
ceph: send altname in MClientRequest
ceph: properly set DCACHE_NOKEY_NAME flag in lookup
ceph: make d_revalidate call fscrypt revalidator for encrypted
dentries
ceph: add helpers for converting names for userland presentation
ceph: add fscrypt support to ceph_fill_trace
ceph: add support to readdir for encrypted filenames
ceph: create symlinks with encrypted and base64-encoded targets
ceph: add fscrypt ioctls
fs/ceph/Makefile | 1 +
fs/ceph/crypto.c | 185 +++++++++++++++++++++++
fs/ceph/crypto.h | 101 +++++++++++++
fs/ceph/dir.c | 178 ++++++++++++++++++-----
fs/ceph/file.c | 56 ++++---
fs/ceph/inode.c | 255 +++++++++++++++++++++++++++++---
fs/ceph/ioctl.c | 94 ++++++++++++
fs/ceph/mds_client.c | 283 ++++++++++++++++++++++++++++++------
fs/ceph/mds_client.h | 14 +-
fs/ceph/super.c | 80 +++++++++-
fs/ceph/super.h | 16 +-
fs/ceph/xattr.c | 32 ++++
fs/crypto/fname.c | 53 +++++--
fs/crypto/fscrypt_private.h | 9 +-
fs/crypto/hooks.c | 6 +-
fs/crypto/policy.c | 34 ++++-
fs/inode.c | 1 +
include/linux/fscrypt.h | 10 ++
18 files changed, 1246 insertions(+), 162 deletions(-)
create mode 100644 fs/ceph/crypto.c
create mode 100644 fs/ceph/crypto.h
--
2.30.2
