ceph: prevent snapshots to be created in encrypted locked directories

[PATCH] ceph: prevent snapshots to be created in encrypted locked directories

Posted by Luís Henriques 4 years ago

With snapshot names encryption we can not allow snapshots to be created in
locked directories because the names wouldn't be encrypted.  This patch
forces the directory to be unlocked to allow a snapshot to be created.

Signed-off-by: Luís Henriques <lhenriques@suse.de>
---
 fs/ceph/dir.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
index f48f1ff20927..93e2f08102a1 100644
--- a/fs/ceph/dir.c
+++ b/fs/ceph/dir.c
@@ -1071,6 +1071,10 @@ static int ceph_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
 		err = -EDQUOT;
 		goto out;
 	}
+	if ((op == CEPH_MDS_OP_MKSNAP) && !fscrypt_has_encryption_key(dir)) {
+		err = -ENOKEY;
+		goto out;
+	}
 
 
 	req = ceph_mdsc_create_request(mdsc, op, USE_AUTH_MDS);

Re: [PATCH] ceph: prevent snapshots to be created in encrypted locked directories

Posted by Jeff Layton 4 years ago

On Mon, 2022-04-18 at 14:08 +0100, Luís Henriques wrote:
> With snapshot names encryption we can not allow snapshots to be created in
> locked directories because the names wouldn't be encrypted.  This patch
> forces the directory to be unlocked to allow a snapshot to be created.
> 
> Signed-off-by: Luís Henriques <lhenriques@suse.de>
> ---
>  fs/ceph/dir.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
> index f48f1ff20927..93e2f08102a1 100644
> --- a/fs/ceph/dir.c
> +++ b/fs/ceph/dir.c
> @@ -1071,6 +1071,10 @@ static int ceph_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
>  		err = -EDQUOT;
>  		goto out;
>  	}
> +	if ((op == CEPH_MDS_OP_MKSNAP) && !fscrypt_has_encryption_key(dir)) {
> +		err = -ENOKEY;
> +		goto out;
> +	}
>  
>  
>  	req = ceph_mdsc_create_request(mdsc, op, USE_AUTH_MDS);

Looks good. I'll pull this and the v4 series into the wip-fscrypt later
todat.  
-- 
Jeff Layton <jlayton@kernel.org>

Re: [PATCH] ceph: prevent snapshots to be created in encrypted locked directories

Posted by Jeff Layton 4 years ago

On Mon, 2022-04-18 at 09:17 -0400, Jeff Layton wrote:
> On Mon, 2022-04-18 at 14:08 +0100, Luís Henriques wrote:
> > With snapshot names encryption we can not allow snapshots to be created in
> > locked directories because the names wouldn't be encrypted.  This patch
> > forces the directory to be unlocked to allow a snapshot to be created.
> > 
> > Signed-off-by: Luís Henriques <lhenriques@suse.de>
> > ---
> >  fs/ceph/dir.c | 4 ++++
> >  1 file changed, 4 insertions(+)
> > 
> > diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
> > index f48f1ff20927..93e2f08102a1 100644
> > --- a/fs/ceph/dir.c
> > +++ b/fs/ceph/dir.c
> > @@ -1071,6 +1071,10 @@ static int ceph_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
> >  		err = -EDQUOT;
> >  		goto out;
> >  	}
> > +	if ((op == CEPH_MDS_OP_MKSNAP) && !fscrypt_has_encryption_key(dir)) {
> > +		err = -ENOKEY;
> > +		goto out;
> > +	}
> >  
> >  
> >  	req = ceph_mdsc_create_request(mdsc, op, USE_AUTH_MDS);
> 
> Looks good. I'll pull this and the v4 series into the wip-fscrypt later
> todat.  

Actually, I take it back...

This check doesn't test whether the parent is encrypted. Doesn't it need
to do that too before checking for the key?
-- 
Jeff Layton <jlayton@kernel.org>