diff options
| author | Jeff Layton <jlayton@kernel.org> | 2021-07-01 21:40:51 +0300 |
|---|---|---|
| committer | Ilya Dryomov <idryomov@gmail.com> | 2023-08-24 12:24:35 +0300 |
| commit | 94af0470924c6368b07f9125fde29d6698ed1558 (patch) | |
| tree | e57d43966918a93ab86b2110e4c1ea4f90690529 /fs/ceph/ioctl.c | |
| parent | 79f2f6ad878c1f2cb9edc674c6a263ff2ef6d1fd (diff) | |
| download | linux-94af0470924c6368b07f9125fde29d6698ed1558.tar.xz | |
ceph: add some fscrypt guardrails
Add the appropriate calls into fscrypt for various actions, including
link, rename, setattr, and the open codepaths.
Disable fallocate for encrypted inodes -- hopefully, just for now.
If we have an encrypted inode, then the client will need to re-encrypt
the contents of the new object. Disable copy offload to or from
encrypted inodes.
Set i_blkbits to crypto block size for encrypted inodes -- some of the
underlying infrastructure for fscrypt relies on i_blkbits being aligned
to crypto blocksize.
Report STATX_ATTR_ENCRYPTED on encrypted inodes.
[ lhenriques: forbid encryption with striped layouts ]
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Reviewed-and-tested-by: Luís Henriques <lhenriques@suse.de>
Reviewed-by: Milind Changire <mchangir@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Diffstat (limited to 'fs/ceph/ioctl.c')
| -rw-r--r-- | fs/ceph/ioctl.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/ceph/ioctl.c b/fs/ceph/ioctl.c index 11d37d307382..91a84917d203 100644 --- a/fs/ceph/ioctl.c +++ b/fs/ceph/ioctl.c @@ -294,6 +294,10 @@ static long ceph_set_encryption_policy(struct file *file, unsigned long arg) struct inode *inode = file_inode(file); struct ceph_inode_info *ci = ceph_inode(inode); + /* encrypted directories can't have striped layout */ + if (ci->i_layout.stripe_count > 1) + return -EINVAL; + ret = vet_mds_for_fscrypt(file); if (ret) return ret; |