fuse client, fscrypt, test: Implement and create tests for S_ENCRYPTED in inode i_flags#319
fuse client, fscrypt, test: Implement and create tests for S_ENCRYPTED in inode i_flags#319salieri11 wants to merge 80 commits intochrisphoffman:wip-fscryptfrom
Conversation
Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
Also send encrypted name when linking file Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
This allows accessing the correct dentry Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
- file gets its parent fscrypt auth with new nonce - handle response trace: decrypt dname Signed-off-by: Yehuda Sadeh <[email protected]>
Send back info about holes in object. When decrypting object we shouldn't try to decrypt these. Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
When we're passed inode structure that doesn't have fscrypt_file defined, don't try to override the existing one. Signed-off-by: Yehuda Sadeh <[email protected]>
align the max size to the end of the block Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
implements that "fscrypt encrypt" functionality Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
Use encrypted name when building path for mds requests Signed-off-by: Yehuda Sadeh <[email protected]>
When opening the snapdir, use its parent fscrypt ctx Signed-off-by: Yehuda Sadeh <[email protected]>
Encryption params are applied dynamically from the policy. Currently only supporting the two default encryption types. Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
when opening encrypted files for write, also get the read cap Signed-off-by: Yehuda Sadeh <[email protected]>
round physical size, and update fscrypt_file to reflect requested size Signed-off-by: Yehuda Sadeh <[email protected]>
Fixes: https://tracker.ceph.com/issues/68233 Signed-off-by: Christopher Hoffman <[email protected]>
Convert existing tests to use teuthology framework. Create tests to test N>1 fscrypt clients Fixes: https://tracker.ceph.com/issues/66577 Signed-off-by: Christopher Hoffman <[email protected]>
Provide various fixes in which size used in multi-fuse client tests. Fixes: https://tracker.ceph.com/issues/68431 Signed-off-by: Christopher Hoffman <[email protected]>
Signed-off-by: Igor Golikov <[email protected]>
chrisphoffman
left a comment
chrisphoffman
left a comment
There was a problem hiding this comment.
I'm having trouble getting this to compile.
error: narrowing conversion of ‘2148034049’ from ‘long unsigned int’ to ‘int’ [-Wnarrowing]
138 | #define FS_IOC_GETFLAGS _IOR('f', 1, long)
What environment are you testing this on that compiles?
Here's some further info that seems to be related: https://lore.kernel.org/all/[email protected]/T/
I am building both on Ubuntu 24 (arm version), and on vossi04 (i guess its debian), with no errors, using do_cmake.sh |
Signed-off-by: Igor Golikov <[email protected]>
Fedora and do_cmake as well. I'll try to take a look more at this this week. |
Signed-off-by: Igor Golikov <[email protected]>
Signed-off-by: Igor Golikov <[email protected]>
I changed it to |
src/client/Client.cc
Outdated
| if (in->is_encrypted()) { | ||
| stx->stx_attributes |= STATX_ATTR_ENCRYPTED; | ||
| } else { | ||
| stx->stx_attributes &= ~STATX_ATTR_ENCRYPTED; |
There was a problem hiding this comment.
I spent some time looking at client code to see the case for this. Did you see a case where clear will be needed?
edit: reworded for clarity
There was a problem hiding this comment.
Well not for now, but in general, I prefer to have clear semantics in such case, without assuming that the flag is clear by default (and not having some garbage that may set the flag to ENCRYPTED)
src/client/Inode.h
Outdated
| if (en) { | ||
| i_flags |= S_ENCRYPTED; | ||
| } else { | ||
| i_flags &= (~S_ENCRYPTED); |
There was a problem hiding this comment.
Is clear explicitly needed? The value will either be default (showing not encrypted) or S_ENCRYPTED. It also shouldn't change should it?
edit: reworded for clarity
There was a problem hiding this comment.
Same as above:) For better semantics and defensive code.
There was a problem hiding this comment.
I see your reasoning on this. I'm concerned that if there's "garbage" in it, we should let it show instead of hiding the issue.
I'm looking at linux kernel ioctl.c and during
fileattr_fill_flags|fileattr_fill_xflags
it sets value and doesn't worry about clearing.
There was a problem hiding this comment.
It makes sense for me now.I think that best will be to assert(false) if is_fscrypt_enabled is false but the S_ENCRYPTED bit is set, before setting the flag.. It wil let us catch the problem, instead of cleaning it.
Same for the previous comment related to. the stx->stx_attributes.
There was a problem hiding this comment.
I like that, let's proceed with that change.
Signed-off-by: Igor Golikov <[email protected]>
Signed-off-by: Igor Golikov <[email protected]>
chrisphoffman
force-pushed
the
wip-fscrypt
branch
3 times, most recently
from
6b620e1 to
33dfe4e
Compare
|
This pull request can no longer be automatically merged: a rebase is needed and changes have to be manually resolved |
Signed-off-by: Igor Golikov <[email protected]>
Signed-off-by: Igor Golikov <[email protected]>
|
Merged into branch manually due to rebase cleanup work. See commit here |
|
This is a test link, pasting this without code annotation d8f6c2c |
3 participants
This PR adds test for
S_ENCRYPTEDbit in thei_flagsfield ofInode.The test implements 2 quering methods: using
FS_IOC_GETFLAGSandSTATX_ATTR_ENCRYPTEDFixes: https://tracker.ceph.com/issues/64129
Contribution Guidelines
To sign and title your commits, please refer to Submitting Patches to Ceph.
If you are submitting a fix for a stable branch (e.g. "quincy"), please refer to Submitting Patches to Ceph - Backports for the proper workflow.
When filling out the below checklist, you may click boxes directly in the GitHub web UI. When entering or editing the entire PR message in the GitHub web UI editor, you may also select a checklist item by adding an
xbetween the brackets:[x]. Spaces and capitalization matter when checking off items this way.Checklist
Show available Jenkins commands
jenkins retest this pleasejenkins test classic perfjenkins test crimson perfjenkins test signedjenkins test make checkjenkins test make check arm64jenkins test submodulesjenkins test dashboardjenkins test dashboard cephadmjenkins test apijenkins test docsjenkins render docsjenkins test ceph-volume alljenkins test ceph-volume toxjenkins test windowsjenkins test rook e2e