summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLuís Henriques <lhenriques@suse.de>2022-11-29 11:39:49 +0100
committerIlya Dryomov <idryomov@gmail.com>2023-08-24 11:24:35 +0200
commit14e034a61c908d4479be1a7ee9fe5b8d3d1f09b8 (patch)
tree5a8a46cbfaed77a5df049eb2036c1aaa58acf2bc
parentceph: allow encrypting a directory while not having Ax caps (diff)
downloadlinux-14e034a61c908d4479be1a7ee9fe5b8d3d1f09b8.tar.xz
linux-14e034a61c908d4479be1a7ee9fe5b8d3d1f09b8.zip
ceph: mark directory as non-complete after loading key
When setting a directory's crypt context, ceph_dir_clear_complete() needs to be called otherwise if it was complete before, any existing (old) dentry will still be valid. This patch adds a wrapper around __fscrypt_prepare_readdir() which will ensure a directory is marked as non-complete if key status changes. [ xiubli: revise commit title per Milind ] Signed-off-by: Luís Henriques <lhenriques@suse.de> Reviewed-by: Xiubo Li <xiubli@redhat.com> Reviewed-by: Milind Changire <mchangir@redhat.com> Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
-rw-r--r--fs/ceph/crypto.c35
-rw-r--r--fs/ceph/crypto.h6
-rw-r--r--fs/ceph/dir.c8
-rw-r--r--fs/ceph/mds_client.c6
4 files changed, 46 insertions, 9 deletions
diff --git a/fs/ceph/crypto.c b/fs/ceph/crypto.c
index a08978a0ed4d..5df2c52b384f 100644
--- a/fs/ceph/crypto.c
+++ b/fs/ceph/crypto.c
@@ -287,8 +287,8 @@ int ceph_fname_to_usr(const struct ceph_fname *fname, struct fscrypt_str *tname,
if (fname->name_len > NAME_MAX || fname->ctext_len > NAME_MAX)
return -EIO;
- ret = __fscrypt_prepare_readdir(fname->dir);
- if (ret)
+ ret = ceph_fscrypt_prepare_readdir(fname->dir);
+ if (ret < 0)
return ret;
/*
@@ -334,3 +334,34 @@ out:
fscrypt_fname_free_buffer(&_tname);
return ret;
}
+
+/**
+ * ceph_fscrypt_prepare_readdir - simple __fscrypt_prepare_readdir() wrapper
+ * @dir: directory inode for readdir prep
+ *
+ * Simple wrapper around __fscrypt_prepare_readdir() that will mark directory as
+ * non-complete if this call results in having the directory unlocked.
+ *
+ * Returns:
+ * 1 - if directory was locked and key is now loaded (i.e. dir is unlocked)
+ * 0 - if directory is still locked
+ * < 0 - if __fscrypt_prepare_readdir() fails
+ */
+int ceph_fscrypt_prepare_readdir(struct inode *dir)
+{
+ bool had_key = fscrypt_has_encryption_key(dir);
+ int err;
+
+ if (!IS_ENCRYPTED(dir))
+ return 0;
+
+ err = __fscrypt_prepare_readdir(dir);
+ if (err)
+ return err;
+ if (!had_key && fscrypt_has_encryption_key(dir)) {
+ /* directory just got unlocked, mark it as not complete */
+ ceph_dir_clear_complete(dir);
+ return 1;
+ }
+ return 0;
+}
diff --git a/fs/ceph/crypto.h b/fs/ceph/crypto.h
index 21694df7dfbf..b5413ec95b1a 100644
--- a/fs/ceph/crypto.h
+++ b/fs/ceph/crypto.h
@@ -103,6 +103,7 @@ static inline void ceph_fname_free_buffer(struct inode *parent,
int ceph_fname_to_usr(const struct ceph_fname *fname, struct fscrypt_str *tname,
struct fscrypt_str *oname, bool *is_nokey);
+int ceph_fscrypt_prepare_readdir(struct inode *dir);
#else /* CONFIG_FS_ENCRYPTION */
@@ -160,6 +161,11 @@ static inline int ceph_fname_to_usr(const struct ceph_fname *fname,
oname->len = fname->name_len;
return 0;
}
+
+static inline int ceph_fscrypt_prepare_readdir(struct inode *dir)
+{
+ return 0;
+}
#endif /* CONFIG_FS_ENCRYPTION */
#endif
diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
index 99fdc777dccd..08504afbe242 100644
--- a/fs/ceph/dir.c
+++ b/fs/ceph/dir.c
@@ -343,8 +343,8 @@ static int ceph_readdir(struct file *file, struct dir_context *ctx)
ctx->pos = 2;
}
- err = fscrypt_prepare_readdir(inode);
- if (err)
+ err = ceph_fscrypt_prepare_readdir(inode);
+ if (err < 0)
return err;
spin_lock(&ci->i_ceph_lock);
@@ -785,8 +785,8 @@ static struct dentry *ceph_lookup(struct inode *dir, struct dentry *dentry,
return ERR_PTR(-ENAMETOOLONG);
if (IS_ENCRYPTED(dir)) {
- err = __fscrypt_prepare_readdir(dir);
- if (err)
+ err = ceph_fscrypt_prepare_readdir(dir);
+ if (err < 0)
return ERR_PTR(err);
if (!fscrypt_has_encryption_key(dir)) {
spin_lock(&dentry->d_lock);
diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c
index 447acc4a0fbd..7de22052ee22 100644
--- a/fs/ceph/mds_client.c
+++ b/fs/ceph/mds_client.c
@@ -2545,8 +2545,8 @@ static u8 *get_fscrypt_altname(const struct ceph_mds_request *req, u32 *plen)
if (!IS_ENCRYPTED(dir))
goto success;
- ret = __fscrypt_prepare_readdir(dir);
- if (ret)
+ ret = ceph_fscrypt_prepare_readdir(dir);
+ if (ret < 0)
return ERR_PTR(ret);
/* No key? Just ignore it. */
@@ -2666,7 +2666,7 @@ retry:
spin_unlock(&cur->d_lock);
parent = dget_parent(cur);
- ret = __fscrypt_prepare_readdir(d_inode(parent));
+ ret = ceph_fscrypt_prepare_readdir(d_inode(parent));
if (ret < 0) {
dput(parent);
dput(cur);