Actions
Bug #65217
opencephfs: add fscrypt protection support from non-fscrypt client
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
Labels (FS):
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
Clients that do not support fscrypt can execute operations that may cause unrecoverable data loss. Add protection on the MDS so that it prevents these clients from executing some operations.
Note, however, that clients will still be able corrupt encrypted files by appending data to them. And they will still be able to read encrypted data from those files.
For the non-fscrypt support client we will allow it to read the encrypted files and directories, but couldn't change the contents of them. For the directories we won't allow to create new sub directories and file under a encrypted file, else in the kclient it will fail to dencrypt the dentry names:
125 <7>[201192.339126] ceph: [9a8fd138-5876-4325-af3b-ba7f972e5776 9426] __prepare_send_request: 0000000071b24ca5 tid 30 readdir (attempt 1) 126 <7>[201192.339144] ceph: [9a8fd138-5876-4325-af3b-ba7f972e5776 9426] set_request_path_attr: inode 0000000039d46bc2 10000007491.fffffffffffffffe 127 <7>[201192.339345] ceph: [9a8fd138-5876-4325-af3b-ba7f972e5776 9426] ceph_encode_inode_release: 0000000039d46bc2 10000007491.fffffffffffffffe mds0 used|dirty p drop Fx unless - 128 <7>[201192.339366] ceph: [9a8fd138-5876-4325-af3b-ba7f972e5776 9426] ceph_encode_inode_release: 0000000039d46bc2 10000007491.fffffffffffffffe cap 00000000b0491451 pAsLsXsFs (force) 129 <7>[201192.339386] ceph: [9a8fd138-5876-4325-af3b-ba7f972e5776 9426] __prepare_send_request: r_parent = 0000000000000000 130 <7>[201192.339448] ceph: [9a8fd138-5876-4325-af3b-ba7f972e5776 9426] ceph_mdsc_wait_request: do_request waiting 131 <7>[201192.342097] ceph: [9a8fd138-5876-4325-af3b-ba7f972e5776 9426] handle_reply: handle_reply 0000000071b24ca5 132 <7>[201192.342118] ceph: [9a8fd138-5876-4325-af3b-ba7f972e5776 9426] __unregister_request: 0000000071b24ca5 tid 30 133 <7>[201192.342134] ceph: [9a8fd138-5876-4325-af3b-ba7f972e5776 9426] handle_reply: tid 30 result 0 134 <7>[201192.342214] ceph: [9a8fd138-5876-4325-af3b-ba7f972e5776 9426] parse_reply_info_readdir: parsed dir dname 'fscrypt_crash_file' 135 <3>[201192.342232] ceph: [9a8fd138-5876-4325-af3b-ba7f972e5776 9426]: unable to decode ~Ç+Ê<9b>pt_crash_file, got -5 136 <3>[201192.342245] ceph: [9a8fd138-5876-4325-af3b-ba7f972e5776 9426]: problem parsing dir contents -5 137 <3>[201192.342256] ceph: [9a8fd138-5876-4325-af3b-ba7f972e5776 9426]: mds parse_reply err -5 138 <7>[201192.342269] header: 00000000: 71 00 00 00 00 00 00 00 1e 00 00 00 00 00 00 00 q............... 139 <7>[201192.342281] header: 00000010: 1a 00 7f 00 01 00 65 03 00 00 00 00 00 00 00 00 ......e......... 140 <7>[201192.342292] header: 00000020: 00 00 00 00 02 00 00 00 00 00 00 00 00 01 00 00 ................ 141 <7>[201192.342299] header: 00000030: 00 00 00 00 00 ..... 142 <7>[201192.342309] front: 00000000: 05 03 00 00 00 00 00 00 f2 00 00 00 01 00 01 7a ...............z 143 <7>[201192.342320] front: 00000010: 01 00 00 07 01 74 01 00 00 91 74 00 00 00 01 00 .....t....t..... 144 <7>[201192.342327] front: 00000020: 00 fe ff ff ff ff ff ff ff 00 00 00 00 0a 0a 0a ................ 145 <7>[201192.342338] front: 00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 55 01 00 .............U.. 146 <7>[201192.342348] front: 00000040: 00 00 00 00 00 01 00 00 00 00 00 00 00 08 00 00 ................ 147 <7>[201192.342359] front: 00000050: 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 ................ 148 <7>[201192.342370] front: 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 149 <7>[201192.342391] front: 00000070: 00 00 00 00 00 00 00 00 00 00 2f f1 03 66 4f 6f ........../..fOo 150 <7>[201192.342402] front: 00000080: c9 2a 2f f1 03 66 4f 6f c9 2a 1c f1 03 66 b7 5c .*/..fOo.*...f.\ 151 <7>[201192.342412] front: 00000090: ec 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 152 <7>[201192.342423] front: 000000a0: 00 00 00 00 00 00 ff ff ff ff ff ff ff ff 01 00 ................ 153 <7>[201192.342433] front: 000000b0: 00 00 ed 41 00 00 e8 03 00 00 e8 03 00 00 01 00 ...A............ 154 <7>[201192.342444] front: 000000c0: 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 155 <7>[201192.342454] front: 000000d0: 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 ................ 156 <7>[201192.342465] front: 000000e0: 00 00 01 00 00 00 00 00 00 00 2f f1 03 66 54 18 ........../..fT. 157 <7>[201192.342475] front: 000000f0: c0 2b 00 00 00 00 00 00 00 00 02 00 00 00 00 00 .+.............. 158 <7>[201192.342486] front: 00000100: 00 00 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 ................ 159 <7>[201192.342497] front: 00000110: 00 00 01 01 10 00 00 00 00 00 00 00 00 00 00 00 ................ 160 <7>[201192.342507] front: 00000120: 00 00 00 00 00 00 00 00 00 00 00 00 1c f1 03 66 ...............f 161 <7>[201192.342518] front: 00000130: b7 5c ec 2e 01 00 00 00 00 00 00 00 ff ff ff ff .\.............. 162 <7>[201192.342529] front: 00000140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 163 <7>[201192.342539] front: 00000150: 00 00 00 00 01 30 00 00 00 01 00 00 00 28 00 00 .....0.......(.. 164 <7>[201192.342550] front: 00000160: 00 02 01 04 00 00 00 00 00 81 66 70 7d 58 e2 3b ..........fp}X.; 165 <7>[201192.342560] front: 00000170: 91 3b bc 4d 82 30 5b 68 a2 fd 80 c0 16 ac cb f5 .;.M.0[h........ 166 <7>[201192.342570] front: 00000180: 38 bd ea de e4 f3 c4 e3 57 00 00 00 00 90 01 00 8.......W....... 167 <7>[201192.342581] front: 00000190: 00 01 01 0c 00 00 00 00 00 00 00 ff ff ff ff 00 ................ 168 <7>[201192.342591] front: 000001a0: 00 00 00 01 00 00 00 01 07 12 00 00 00 7e c7 2b .............~.+ 169 <7>[201192.342602] front: 000001b0: ca 9b 70 74 5f 63 72 61 73 68 5f 66 69 6c 65 02 ..pt_crash_file. 170 <7>[201192.342611] front: 000001c0: 01 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 171 <7>[201192.342618] front: 000001d0: 00 00 00 07 01 48 01 00 00 df 7a 00 00 00 01 00 .....H....z..... 172 <7>[201192.342624] front: 000001e0: 00 fe ff ff ff ff ff ff ff 00 00 00 00 08 00 00 ................ 173 <7>[201192.342632] front: 000001f0: 00 00 00 00 00 01 00 00 00 00 00 00 00 55 0d 00 .............U.. 174 <7>[201192.342640] front: 00000200: 00 00 00 00 00 d2 18 00 00 00 00 00 00 03 00 00 ................ 175 <7>[201192.342646] front: 00000210: 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 ................ 176 <7>[201192.342651] front: 00000220: 40 00 01 00 00 00 00 00 40 00 00 00 00 00 00 00 @.......@....... 177 <7>[201192.342657] front: 00000230: 00 00 00 00 00 00 03 00 00 00 2f f1 03 66 54 18 ........../..fT. 178 <7>[201192.342663] front: 00000240: c0 2b 2f f1 03 66 d7 26 73 2b 2f f1 03 66 d7 26 .+/..f.&s+/..f.& 179 <7>[201192.342668] front: 00000250: 73 2b 02 00 00 00 00 00 00 00 00 00 00 00 00 00 s+.............. 180 <7>[201192.342674] front: 00000260: 00 00 00 00 00 00 ff ff ff ff ff ff ff ff 01 00 ................ 181 <7>[201192.342680] front: 00000270: 00 00 a4 81 00 00 e8 03 00 00 e8 03 00 00 01 00 ................ 182 <7>[201192.342685] front: 00000280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 183 <7>[201192.342691] front: 00000290: 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 ................ 184 <7>[201192.342696] front: 000002a0: 00 00 00 00 00 00 00 00 00 00 2f f1 03 66 54 18 ........../..fT. 185 <7>[201192.342702] front: 000002b0: c0 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .+.............. 186 <7>[201192.342707] front: 000002c0: 00 00 04 00 00 00 00 00 00 00 ff ff ff ff ff ff ................ 187 <7>[201192.342713] front: 000002d0: ff ff 00 00 00 00 01 01 10 00 00 00 00 00 00 00 ................ 188 <7>[201192.342719] front: 000002e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 189 <7>[201192.342724] front: 000002f0: 2f f1 03 66 4f 6f c9 2a 01 00 00 00 00 00 00 00 /..fOo.*........ 190 <7>[201192.342730] front: 00000300: ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 ................ 191 <7>[201192.342736] front: 00000310: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 192 <7>[201192.342741] front: 00000320: 00 40 00 00 00 01 00 00 00 00 00 00 00 03 00 00 .@.............. 193 <7>[201192.342747] front: 00000330: 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ................ 194 <7>[201192.342752] front: 00000340: 00 00 00 00 00 03 00 00 00 00 00 00 00 02 00 00 ................ 195 <7>[201192.342758] front: 00000350: 00 00 00 00 00 03 00 00 00 00 00 00 00 02 00 00 ................ 196 <7>[201192.342763] front: 00000360: 00 00 00 00 00 ..... 197 <7>[201192.342769] footer: 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 198 <7>[201192.342775] footer: 00000010: 00 00 00 00 00 ..... 199 <3>[201192.342780] ceph: [9a8fd138-5876-4325-af3b-ba7f972e5776 9426]: got corrupt reply mds0(tid:30) 200 <7>[201192.342788] header: 00000000: 71 00 00 00 00 00 00 00 1e 00 00 00 00 00 00 00 q............... 201 <7>[201192.342793] header: 00000010: 1a 00 7f 00 01 00 65 03 00 00 00 00 00 00 00 00 ......e......... 202 <7>[201192.342799] header: 00000020: 00 00 00 00 02 00 00 00 00 00 00 00 00 01 00 00 ................ 203 <7>[201192.342804] header: 00000030: 00 00 00 00 00 ..... 204 <7>[201192.342810] front: 00000000: 05 03 00 00 00 00 00 00 f2 00 00 00 01 00 01 7a ...............z 205 <7>[201192.342815] front: 00000010: 01 00 00 07 01 74 01 00 00 91 74 00 00 00 01 00 .....t....t..... 206 <7>[201192.342821] front: 00000020: 00 fe ff ff ff ff ff ff ff 00 00 00 00 0a 0a 0a ................ 207 <7>[201192.342827] front: 00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 55 01 00 .............U.. 208 <7>[201192.342832] front: 00000040: 00 00 00 00 00 01 00 00 00 00 00 00 00 08 00 00 ................ 209 <7>[201192.342838] front: 00000050: 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 ................ 210 <7>[201192.342843] front: 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 211 <7>[201192.342849] front: 00000070: 00 00 00 00 00 00 00 00 00 00 2f f1 03 66 4f 6f ........../..fOo 212 <7>[201192.342855] front: 00000080: c9 2a 2f f1 03 66 4f 6f c9 2a 1c f1 03 66 b7 5c .*/..fOo.*...f.\ 213 <7>[201192.342860] front: 00000090: ec 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 214 <7>[201192.342866] front: 000000a0: 00 00 00 00 00 00 ff ff ff ff ff ff ff ff 01 00 ................ 215 <7>[201192.342871] front: 000000b0: 00 00 ed 41 00 00 e8 03 00 00 e8 03 00 00 01 00 ...A............ 216 <7>[201192.342877] front: 000000c0: 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 217 <7>[201192.342883] front: 000000d0: 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 ................ 218 <7>[201192.342888] front: 000000e0: 00 00 01 00 00 00 00 00 00 00 2f f1 03 66 54 18 ........../..fT. 219 <7>[201192.342894] front: 000000f0: c0 2b 00 00 00 00 00 00 00 00 02 00 00 00 00 00 .+.............. 220 <7>[201192.342900] front: 00000100: 00 00 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 ................ 221 <7>[201192.342905] front: 00000110: 00 00 01 01 10 00 00 00 00 00 00 00 00 00 00 00 ................ 222 <7>[201192.342911] front: 00000120: 00 00 00 00 00 00 00 00 00 00 00 00 1c f1 03 66 ...............f 223 <7>[201192.342916] front: 00000130: b7 5c ec 2e 01 00 00 00 00 00 00 00 ff ff ff ff .\.............. 224 <7>[201192.342922] front: 00000140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 225 <7>[201192.342928] front: 00000150: 00 00 00 00 01 30 00 00 00 01 00 00 00 28 00 00 .....0.......(.. 226 <7>[201192.342933] front: 00000160: 00 02 01 04 00 00 00 00 00 81 66 70 7d 58 e2 3b ..........fp}X.; 227 <7>[201192.342939] front: 00000170: 91 3b bc 4d 82 30 5b 68 a2 fd 80 c0 16 ac cb f5 .;.M.0[h........ 228 <7>[201192.342945] front: 00000180: 38 bd ea de e4 f3 c4 e3 57 00 00 00 00 90 01 00 8.......W....... 229 <7>[201192.342950] front: 00000190: 00 01 01 0c 00 00 00 00 00 00 00 ff ff ff ff 00 ................ 230 <7>[201192.342956] front: 000001a0: 00 00 00 01 00 00 00 01 07 12 00 00 00 7e c7 2b .............~.+ 231 <7>[201192.342962] front: 000001b0: ca 9b 70 74 5f 63 72 61 73 68 5f 66 69 6c 65 02 ..pt_crash_file. 232 <7>[201192.342967] front: 000001c0: 01 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 233 <7>[201192.342973] front: 000001d0: 00 00 00 07 01 48 01 00 00 df 7a 00 00 00 01 00 .....H....z..... 234 <7>[201192.342978] front: 000001e0: 00 fe ff ff ff ff ff ff ff 00 00 00 00 08 00 00 ................ 235 <7>[201192.342984] front: 000001f0: 00 00 00 00 00 01 00 00 00 00 00 00 00 55 0d 00 .............U.. 236 <7>[201192.342990] front: 00000200: 00 00 00 00 00 d2 18 00 00 00 00 00 00 03 00 00 ................ 237 <7>[201192.342996] front: 00000210: 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 ................ 238 <7>[201192.343001] front: 00000220: 40 00 01 00 00 00 00 00 40 00 00 00 00 00 00 00 @.......@....... 239 <7>[201192.343007] front: 00000230: 00 00 00 00 00 00 03 00 00 00 2f f1 03 66 54 18 ........../..fT. 240 <7>[201192.343012] front: 00000240: c0 2b 2f f1 03 66 d7 26 73 2b 2f f1 03 66 d7 26 .+/..f.&s+/..f.& 241 <7>[201192.343018] front: 00000250: 73 2b 02 00 00 00 00 00 00 00 00 00 00 00 00 00 s+.............. 242 <7>[201192.343024] front: 00000260: 00 00 00 00 00 00 ff ff ff ff ff ff ff ff 01 00 ................ 243 <7>[201192.343029] front: 00000270: 00 00 a4 81 00 00 e8 03 00 00 e8 03 00 00 01 00 ................ 244 <7>[201192.343035] front: 00000280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 245 <7>[201192.343041] front: 00000290: 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 ................ 246 <7>[201192.343047] front: 000002a0: 00 00 00 00 00 00 00 00 00 00 2f f1 03 66 54 18 ........../..fT. 247 <7>[201192.343053] front: 000002b0: c0 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .+.............. 248 <7>[201192.343058] front: 000002c0: 00 00 04 00 00 00 00 00 00 00 ff ff ff ff ff ff ................ 249 <7>[201192.343064] front: 000002d0: ff ff 00 00 00 00 01 01 10 00 00 00 00 00 00 00 ................ 250 <7>[201192.343069] front: 000002e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 251 <7>[201192.343075] front: 000002f0: 2f f1 03 66 4f 6f c9 2a 01 00 00 00 00 00 00 00 /..fOo.*........ 252 <7>[201192.343083] front: 00000300: ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 ................ 253 <7>[201192.343088] front: 00000310: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 254 <7>[201192.343094] front: 00000320: 00 40 00 00 00 01 00 00 00 00 00 00 00 03 00 00 .@.............. 255 <7>[201192.343100] front: 00000330: 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ................ 256 <7>[201192.343105] front: 00000340: 00 00 00 00 00 03 00 00 00 00 00 00 00 02 00 00 ................ 257 <7>[201192.343111] front: 00000350: 00 00 00 00 00 03 00 00 00 00 00 00 00 02 00 00 ................ 258 <7>[201192.343116] front: 00000360: 00 00 00 00 00 ..... 259 <7>[201192.343122] footer: 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 260 <7>[201192.343128] footer: 00000010: 00 00 00 00 00 ..... 261 <7>[201192.343195] ceph: [9a8fd138-5876-4325-af3b-ba7f972e5776 9426] ceph_mdsc_wait_request: do_request waited, got 0 262 <7>[201192.343206] ceph: [9a8fd138-5876-4325-af3b-ba7f972e5776 9426] ceph_mdsc_do_request: do_request 0000000071b24ca5 done, result -5 263 <7>[201192.343289] ceph: [9a8fd138-5876-4325-af3b-ba7f972e5776 9426] __ceph_put_cap_refs: 0000000039d46bc2 10000007491.fffffffffffffffe had p 264 <7>[201192.343302] ceph: [9a8fd138-5876-4325-af3b-ba7f972e5776 9426] ceph_unreserve_caps: ctx=000000008741ca3c count=20 265 <7>[201192.343311] ceph: [9a8fd138-5876-4325-af3b-ba7f972e5776 9426] __ceph_unreserve_caps: caps 25 = 5 used + 0 resv + 20 avail
No data to display
Actions