diff options
| author | Jeff Layton <jlayton@kernel.org> | 2021-07-01 14:40:51 -0400 |
|---|---|---|
| committer | Ilya Dryomov <idryomov@gmail.com> | 2023-08-24 11:24:35 +0200 |
| commit | 94af0470924c6368b07f9125fde29d6698ed1558 (patch) | |
| tree | e57d43966918a93ab86b2110e4c1ea4f90690529 /fs/ceph/dir.c | |
| parent | 79f2f6ad878c1f2cb9edc674c6a263ff2ef6d1fd (diff) | |
ceph: add some fscrypt guardrails
Add the appropriate calls into fscrypt for various actions, including
link, rename, setattr, and the open codepaths.
Disable fallocate for encrypted inodes -- hopefully, just for now.
If we have an encrypted inode, then the client will need to re-encrypt
the contents of the new object. Disable copy offload to or from
encrypted inodes.
Set i_blkbits to crypto block size for encrypted inodes -- some of the
underlying infrastructure for fscrypt relies on i_blkbits being aligned
to crypto blocksize.
Report STATX_ATTR_ENCRYPTED on encrypted inodes.
[ lhenriques: forbid encryption with striped layouts ]
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Reviewed-and-tested-by: Luís Henriques <lhenriques@suse.de>
Reviewed-by: Milind Changire <mchangir@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Diffstat (limited to 'fs/ceph/dir.c')
| -rw-r--r-- | fs/ceph/dir.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c index 7e064c024d2a..99fdc777dccd 100644 --- a/fs/ceph/dir.c +++ b/fs/ceph/dir.c @@ -1148,6 +1148,10 @@ static int ceph_link(struct dentry *old_dentry, struct inode *dir, if (ceph_snap(dir) != CEPH_NOSNAP) return -EROFS; + err = fscrypt_prepare_link(old_dentry, dir, dentry); + if (err) + return err; + dout("link in dir %p %llx.%llx old_dentry %p:'%pd' dentry %p:'%pd'\n", dir, ceph_vinop(dir), old_dentry, old_dentry, dentry, dentry); req = ceph_mdsc_create_request(mdsc, CEPH_MDS_OP_LINK, USE_AUTH_MDS); @@ -1395,6 +1399,11 @@ static int ceph_rename(struct mnt_idmap *idmap, struct inode *old_dir, if (err) return err; + err = fscrypt_prepare_rename(old_dir, old_dentry, new_dir, new_dentry, + flags); + if (err) + return err; + dout("rename dir %p dentry %p to dir %p dentry %p\n", old_dir, old_dentry, new_dir, new_dentry); req = ceph_mdsc_create_request(mdsc, op, USE_AUTH_MDS); |