git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Jeff Layton <jlayton@kernel.org>
	Thu, 1 Jul 2021 18:40:51 +0000 (14:40 -0400)
committer	Ilya Dryomov <idryomov@gmail.com>
	Thu, 24 Aug 2023 09:24:35 +0000 (11:24 +0200)
commit	94af0470924c6368b07f9125fde29d6698ed1558
tree	e57d43966918a93ab86b2110e4c1ea4f90690529	tree \| snapshot
parent	79f2f6ad878c1f2cb9edc674c6a263ff2ef6d1fd	commit \| diff

ceph: add some fscrypt guardrails

Add the appropriate calls into fscrypt for various actions, including
link, rename, setattr, and the open codepaths.

Disable fallocate for encrypted inodes -- hopefully, just for now.

If we have an encrypted inode, then the client will need to re-encrypt
the contents of the new object. Disable copy offload to or from
encrypted inodes.

Set i_blkbits to crypto block size for encrypted inodes -- some of the
underlying infrastructure for fscrypt relies on i_blkbits being aligned
to crypto blocksize.

Report STATX_ATTR_ENCRYPTED on encrypted inodes.

[ lhenriques: forbid encryption with striped layouts ]

Signed-off-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Reviewed-and-tested-by: Luís Henriques <lhenriques@suse.de>
Reviewed-by: Milind Changire <mchangir@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>

fs/ceph/crypto.h		diff \| blob \| blame \| history
fs/ceph/dir.c		diff \| blob \| blame \| history
fs/ceph/file.c		diff \| blob \| blame \| history
fs/ceph/inode.c		diff \| blob \| blame \| history
fs/ceph/ioctl.c		diff \| blob \| blame \| history