diff mbox series

[v13,51/59] ceph: disable copy offload on encrypted inodes

Message ID	20220405192030.178326-52-jlayton@kernel.org (mailing list archive)
State	Not Applicable
Headers	show Return-Path: <linux-fscrypt-owner@kernel.org> From: Jeff Layton <jlayton@kernel.org> To: idryomov@gmail.com, xiubli@redhat.com Cc: ceph-devel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-kernel@vger.kernel.org, lhenriques@suse.de Subject: [PATCH v13 51/59] ceph: disable copy offload on encrypted inodes Date: Tue, 5 Apr 2022 15:20:22 -0400 Message-Id: <20220405192030.178326-52-jlayton@kernel.org> In-Reply-To: <20220405192030.178326-1-jlayton@kernel.org> References: <20220405192030.178326-1-jlayton@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	ceph+fscrypt: full support \| expand [v13,00/59] ceph+fscrypt: full support [v13,01/59] libceph: add spinlock around osd->o_requests [v13,02/59] libceph: define struct ceph_sparse_extent and add some helpers [v13,03/59] libceph: add sparse read support to msgr2 crc state machine [v13,04/59] libceph: add sparse read support to OSD client [v13,05/59] libceph: support sparse reads on msgr2 secure codepath [v13,06/59] libceph: add sparse read support to msgr1 [v13,07/59] ceph: add new mount option to enable sparse reads [v13,08/59] fs: change test in inode_insert5 for adding to the sb list [v13,09/59] fscrypt: export fscrypt_base64url_encode and fscrypt_base64url_decode [v13,10/59] fscrypt: export fscrypt_fname_encrypt and fscrypt_fname_encrypted_size [v13,11/59] fscrypt: add fscrypt_context_for_new_inode [v13,12/59] ceph: preallocate inode for ops that may create one [v13,13/59] ceph: fscrypt_auth handling for ceph [v13,14/59] ceph: ensure that we accept a new context from MDS for new inodes [v13,15/59] ceph: add support for fscrypt_auth/fscrypt_file to cap messages [v13,16/59] ceph: implement -o test_dummy_encryption mount option [v13,17/59] ceph: decode alternate_name in lease info [v13,18/59] ceph: add fscrypt ioctls [v13,19/59] ceph: make the ioctl cmd more readable in debug log [v13,20/59] ceph: make ceph_msdc_build_path use ref-walk [v13,21/59] ceph: add encrypted fname handling to ceph_mdsc_build_path [v13,22/59] ceph: send altname in MClientRequest [v13,23/59] ceph: encode encrypted name in dentry release [v13,24/59] ceph: properly set DCACHE_NOKEY_NAME flag in lookup [v13,25/59] ceph: set DCACHE_NOKEY_NAME in atomic open [v13,26/59] ceph: make d_revalidate call fscrypt revalidator for encrypted dentries [v13,27/59] ceph: add helpers for converting names for userland presentation [v13,28/59] ceph: fix base64 encoded name's length check in ceph_fname_to_usr() [v13,29/59] ceph: add fscrypt support to ceph_fill_trace [v13,30/59] ceph: pass the request to parse_reply_info_readdir() [v13,31/59] ceph: add ceph_encode_encrypted_dname() helper [v13,32/59] ceph: add support to readdir for encrypted filenames [v13,33/59] ceph: create symlinks with encrypted and base64-encoded targets [v13,34/59] ceph: make ceph_get_name decrypt filenames [v13,35/59] ceph: add a new ceph.fscrypt.auth vxattr [v13,36/59] ceph: add some fscrypt guardrails [v13,37/59] ceph: don't allow changing layout on encrypted files/directories [v13,38/59] libceph: add CEPH_OSD_OP_ASSERT_VER support [v13,39/59] ceph: size handling for encrypted inodes in cap updates [v13,40/59] ceph: fscrypt_file field handling in MClientRequest messages [v13,41/59] ceph: get file size from fscrypt_file when present in inode traces [v13,42/59] ceph: handle fscrypt fields in cap messages from MDS [v13,43/59] ceph: update WARN_ON message to pr_warn [v13,44/59] ceph: add __ceph_get_caps helper support [v13,45/59] ceph: add __ceph_sync_read helper support [v13,46/59] ceph: add object version support for sync read [v13,47/59] ceph: add infrastructure for file encryption and decryption [v13,48/59] ceph: add truncate size handling support for fscrypt [v13,49/59] libceph: allow ceph_osdc_new_request to accept a multi-op read [v13,50/59] ceph: disable fallocate for encrypted inodes [v13,51/59] ceph: disable copy offload on encrypted inodes [v13,52/59] ceph: don't use special DIO path for encrypted inodes [v13,53/59] ceph: align data in pages in ceph_sync_write [v13,54/59] ceph: add read/modify/write to ceph_sync_write [v13,55/59] ceph: plumb in decryption during sync reads [v13,56/59] ceph: add fscrypt decryption support to ceph_netfs_issue_op [v13,57/59] ceph: set i_blkbits to crypto block size for encrypted inodes [v13,58/59] ceph: add encryption support to writepage [v13,59/59] ceph: fscrypt support for writepages

Commit Message

Jeff Layton April 5, 2022, 7:20 p.m. UTC

If we have an encrypted inode, then the client will need to re-encrypt
the contents of the new object. Disable copy offload to or from
encrypted inodes.

Signed-off-by: Jeff Layton <jlayton@kernel.org>
---
 fs/ceph/file.c | 4 ++++
 1 file changed, 4 insertions(+)

diff mbox series

Patch

diff --git a/fs/ceph/file.c b/fs/ceph/file.c
index f74563e11058..f9e775d6cdf0 100644
--- a/fs/ceph/file.c
+++ b/fs/ceph/file.c
@@ -2526,6 +2526,10 @@  static ssize_t __ceph_copy_file_range(struct file *src_file, loff_t src_off,
 		return -EOPNOTSUPP;
 	}
 
+	/* Every encrypted inode gets its own key, so we can't offload them */
+	if (IS_ENCRYPTED(src_inode) || IS_ENCRYPTED(dst_inode))
+		return -EOPNOTSUPP;
+
 	if (len < src_ci->i_layout.object_size)
 		return -EOPNOTSUPP; /* no remote copy will be done */