fuse client, fscrypt, test: Implement and create tests for S_ENCRYPTED in inode i_flags#319
fuse client, fscrypt, test: Implement and create tests for S_ENCRYPTED in inode i_flags#319salieri11 wants to merge 80 commits intochrisphoffman:wip-fscryptfrom
Conversation
Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
Also send encrypted name when linking file Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
This allows accessing the correct dentry Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
- file gets its parent fscrypt auth with new nonce - handle response trace: decrypt dname Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
Send back info about holes in object. When decrypting object we shouldn't try to decrypt these. Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
When we're passed inode structure that doesn't have fscrypt_file defined, don't try to override the existing one. Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
align the max size to the end of the block Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
implements that "fscrypt encrypt" functionality Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
Use encrypted name when building path for mds requests Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
When opening the snapdir, use its parent fscrypt ctx Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
Encryption params are applied dynamically from the policy. Currently only supporting the two default encryption types. Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
when opening encrypted files for write, also get the read cap Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
round physical size, and update fscrypt_file to reflect requested size Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
Fixes: https://tracker.ceph.com/issues/68233 Signed-off-by: Christopher Hoffman <choffman@redhat.com>
Convert existing tests to use teuthology framework. Create tests to test N>1 fscrypt clients Fixes: https://tracker.ceph.com/issues/66577 Signed-off-by: Christopher Hoffman <choffman@redhat.com>
Provide various fixes in which size used in multi-fuse client tests. Fixes: https://tracker.ceph.com/issues/68431 Signed-off-by: Christopher Hoffman <choffman@redhat.com>
Fixes: https://tracker.ceph.com/issues/68798 Fixes: https://tracker.ceph.com/issues/68831 Signed-off-by: Christopher Hoffman <choffman@redhat.com>
Signed-off-by: Igor Golikov <igolikov@ibm.com>
chrisphoffman
left a comment
There was a problem hiding this comment.
I'm having trouble getting this to compile.
error: narrowing conversion of ‘2148034049’ from ‘long unsigned int’ to ‘int’ [-Wnarrowing]
138 | #define FS_IOC_GETFLAGS _IOR('f', 1, long)
What environment are you testing this on that compiles?
Here's some further info that seems to be related: https://lore.kernel.org/all/20131126200559.GH20559@hall.aurel32.net/T/
I am building both on Ubuntu 24 (arm version), and on vossi04 (i guess its debian), with no errors, using do_cmake.sh |
Signed-off-by: Igor Golikov <igolikov@ibm.com>
Fedora and do_cmake as well. I'll try to take a look more at this this week. |
Signed-off-by: Igor Golikov <igolikov@ibm.com>
Signed-off-by: Igor Golikov <igolikov@ibm.com>
I changed it to |
src/client/Client.cc
Outdated
| if (in->is_encrypted()) { | ||
| stx->stx_attributes |= STATX_ATTR_ENCRYPTED; | ||
| } else { | ||
| stx->stx_attributes &= ~STATX_ATTR_ENCRYPTED; |
There was a problem hiding this comment.
I spent some time looking at client code to see the case for this. Did you see a case where clear will be needed?
edit: reworded for clarity
There was a problem hiding this comment.
Well not for now, but in general, I prefer to have clear semantics in such case, without assuming that the flag is clear by default (and not having some garbage that may set the flag to ENCRYPTED)
src/client/Inode.h
Outdated
| if (en) { | ||
| i_flags |= S_ENCRYPTED; | ||
| } else { | ||
| i_flags &= (~S_ENCRYPTED); |
There was a problem hiding this comment.
Is clear explicitly needed? The value will either be default (showing not encrypted) or S_ENCRYPTED. It also shouldn't change should it?
edit: reworded for clarity
There was a problem hiding this comment.
Same as above:) For better semantics and defensive code.
There was a problem hiding this comment.
I see your reasoning on this. I'm concerned that if there's "garbage" in it, we should let it show instead of hiding the issue.
I'm looking at linux kernel ioctl.c and during
fileattr_fill_flags|fileattr_fill_xflags
it sets value and doesn't worry about clearing.
There was a problem hiding this comment.
It makes sense for me now.I think that best will be to assert(false) if is_fscrypt_enabled is false but the S_ENCRYPTED bit is set, before setting the flag.. It wil let us catch the problem, instead of cleaning it.
Same for the previous comment related to. the stx->stx_attributes.
There was a problem hiding this comment.
I like that, let's proceed with that change.
Signed-off-by: Igor Golikov <igolikov@ibm.com>
6b620e1 to
33dfe4e
Compare
|
This pull request can no longer be automatically merged: a rebase is needed and changes have to be manually resolved |
Signed-off-by: Igor Golikov <igolikov@ibm.com>
Signed-off-by: Igor Golikov <igolikov@ibm.com>
|
Merged into branch manually due to rebase cleanup work. See commit here |
|
This is a test link, pasting this without code annotation d8f6c2c |
This PR adds test for
S_ENCRYPTEDbit in thei_flagsfield ofInode.The test implements 2 quering methods: using
FS_IOC_GETFLAGSandSTATX_ATTR_ENCRYPTEDFixes: https://tracker.ceph.com/issues/64129
Contribution Guidelines
To sign and title your commits, please refer to Submitting Patches to Ceph.
If you are submitting a fix for a stable branch (e.g. "quincy"), please refer to Submitting Patches to Ceph - Backports for the proper workflow.
When filling out the below checklist, you may click boxes directly in the GitHub web UI. When entering or editing the entire PR message in the GitHub web UI editor, you may also select a checklist item by adding an
xbetween the brackets:[x]. Spaces and capitalization matter when checking off items this way.Checklist
Show available Jenkins commands
jenkins retest this pleasejenkins test classic perfjenkins test crimson perfjenkins test signedjenkins test make checkjenkins test make check arm64jenkins test submodulesjenkins test dashboardjenkins test dashboard cephadmjenkins test apijenkins test docsjenkins render docsjenkins test ceph-volume alljenkins test ceph-volume toxjenkins test windowsjenkins test rook e2e