ceph: prevent snapshots to be created in encrypted locked directories

With snapshot names encryption we can not allow snapshots to be created in
locked directories because the names wouldn't be encrypted.  This patch
forces the directory to be unlocked to allow a snapshot to be created.

Signed-off-by: Luís Henriques <lhenriques@suse.de>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Signed-off-by: Jeff Layton <jlayton@kernel.org>

diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
index 59df878a4df785e5d4b676d7d2b9b074128dd1da..edc2bf0aab8338bc677c6ff634e2263681dcc35d 100644 (file)
--- a/fs/ceph/dir.c
+++ b/fs/ceph/dir.c
@@ -1084,6 +1084,11 @@ static int ceph_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
                err = -EDQUOT;
                goto out;
        }
+       if ((op == CEPH_MDS_OP_MKSNAP) && IS_ENCRYPTED(dir) &&
+           !fscrypt_has_encryption_key(dir)) {
+               err = -ENOKEY;
+               goto out;
+       }
 
 
        req = ceph_mdsc_create_request(mdsc, op, USE_AUTH_MDS);