From a70d399013e331290adbb8fd838bee30ad5847fe Mon Sep 17 00:00:00 2001 From: Christopher Hoffman Date: Mon, 2 Jun 2025 18:13:32 +0000 Subject: [PATCH] client, test: Remove FS_IOC_GETFLAGS and STATX_ATTR_ENCRYPTED Remove previous work done to support FSCrypt encrypted in FS_IOC_GETFLAGS which changes the structure of statx ABI. This is due to backward compatibility issues. Signed-off-by: Christopher Hoffman --- src/client/Client.cc | 30 ------------- src/client/Client.h | 3 -- src/client/Inode.cc | 6 +-- src/client/Inode.h | 8 ---- src/client/fuse_ll.cc | 14 ------ src/include/cephfs/ceph_ll_client.h | 19 -------- src/include/cephfs/libcephfs.h | 8 ---- src/libcephfs.cc | 7 --- src/test/libcephfs/fscrypt.cc | 69 ----------------------------- 9 files changed, 1 insertion(+), 163 deletions(-) diff --git a/src/client/Client.cc b/src/client/Client.cc index d67020f57aa14..910f36fbd3627 100644 --- a/src/client/Client.cc +++ b/src/client/Client.cc @@ -9139,10 +9139,6 @@ void Client::fill_statx(Inode *in, unsigned int mask, struct ceph_statx *stx) stx->stx_mask |= (CEPH_STATX_CTIME|CEPH_STATX_VERSION); } - // Check that the flag has no garbage, if is_encrypted() is false - bool en = in->is_encrypted(); - ceph_assert(en || !(stx->stx_attributes & STATX_ATTR_ENCRYPTED)); - stx->stx_attributes |= en ? STATX_ATTR_ENCRYPTED : 0; } void Client::touch_dn(Dentry *dn) @@ -18802,32 +18798,6 @@ SubvolumeMetricTracker::aggregate(bool clean) { } // --- subvolume metrics tracking --- // -int Client::get_inode_flags(const Inode* in, int* file_attr_out) { - ceph_assert(ceph_mutex_is_locked_by_me(client_lock)); - - if (!file_attr_out) - return -EINVAL; - - *file_attr_out = 0; - // set or clear the encryption flag depending on the inode status - if (in->is_encrypted()) { - *file_attr_out |= FS_ENCRYPT_FL; - } else { - *file_attr_out &= ~FS_ENCRYPT_FL; - } - return 0; -} - -int Client::get_inode_flags(int fd, int* file_attr_out) { - std::scoped_lock l{client_lock}; - - Fh *fh = get_filehandle(fd); - if (!fh) { - return -EBADF; - } - return get_inode_flags(fh->inode.get(), file_attr_out); -} - int Client::fcopyfile(const char *spath, const char *dpath, UserPerm& perms, mode_t mode) { ldout(cct, 10) << "fcopyfile spath=" << spath << " dpath=" << dpath << " mode=" << mode << dendl; diff --git a/src/client/Client.h b/src/client/Client.h index d4ab93f97c8cd..a686170563fa3 100644 --- a/src/client/Client.h +++ b/src/client/Client.h @@ -384,9 +384,6 @@ public: int remove_fscrypt_key(fscrypt_remove_key_arg* kid, int user = 0); int get_fscrypt_key_status(fscrypt_get_key_status_arg* arg); - int get_inode_flags(const Inode* in, int* file_attr_out); - int get_inode_flags(int fd, int* file_attr_out); - int fcopyfile(const char *sname, const char *dname, UserPerm& perms, mode_t mode); int set_fscrypt_policy_v2(int fd, const struct fscrypt_policy_v2& policy); diff --git a/src/client/Inode.cc b/src/client/Inode.cc index e637aa6d0e6f0..d115c4ebc9fd9 100644 --- a/src/client/Inode.cc +++ b/src/client/Inode.cc @@ -853,11 +853,7 @@ void Inode::mark_caps_clean() FSCryptContextRef Inode::init_fscrypt_ctx(FSCrypt *fscrypt) { - auto res = fscrypt->init_ctx(fscrypt_auth); - // at this point, if fscrypt is enabled, the fscrypt_auth is not empty - // and we can set the S_ENCRYPTED flag - set_is_encrypted_flag(); - return res; + return fscrypt->init_ctx(fscrypt_auth); } void Inode::gen_inherited_fscrypt_auth(std::vector *fsa) diff --git a/src/client/Inode.h b/src/client/Inode.h index 76dd52fcdfb5e..fc70ce3a662a1 100644 --- a/src/client/Inode.h +++ b/src/client/Inode.h @@ -204,14 +204,6 @@ struct Inode : RefCountedObject { // use i_flags as 1 << 14 will overlap with other mode bits. bool is_encrypted() const { return (i_flags & S_ENCRYPTED) == S_ENCRYPTED; } - // this function sets S_ENCRYPTED bit in i_flag - // is called when the is_fscrypt_enabled - void set_is_encrypted_flag() { - bool en = is_fscrypt_enabled(); - // just to make sure that no garbage is set in the flag, if fscrypt is disabled - ceph_assert(en || !(i_flags & S_ENCRYPTED)); - i_flags |= en ? S_ENCRYPTED : 0; - } bool has_dir_layout() const { return layout != file_layout_t(); diff --git a/src/client/fuse_ll.cc b/src/client/fuse_ll.cc index 5e7a3d6d3e7cd..9b448349dcef2 100644 --- a/src/client/fuse_ll.cc +++ b/src/client/fuse_ll.cc @@ -1121,20 +1121,6 @@ static void fuse_ll_ioctl(fuse_req_t req, fuse_ino_t ino, fuse_reply_ioctl(req, 0, arg, sizeof(*arg)); } break; - case FS_IOC_GETFLAGS: { - generic_dout(10) << __FILE__ << ":" << __LINE__ << ": FS_IOC_GETFLAGS ioctl" << dendl; - - int file_attr = 0; - if (out_bufsz < sizeof(file_attr)) { - fuse_reply_err(req, ERANGE); - break; - } - - Fh *fh = (Fh*)fi->fh; - cfuse->client->get_inode_flags(fh->inode.get(), &file_attr); - fuse_reply_ioctl(req, 0, &file_attr, sizeof(file_attr)); -} -break; default: fuse_reply_err(req, EINVAL); } diff --git a/src/include/cephfs/ceph_ll_client.h b/src/include/cephfs/ceph_ll_client.h index ca793b3743439..0bc08d221b47b 100644 --- a/src/include/cephfs/ceph_ll_client.h +++ b/src/include/cephfs/ceph_ll_client.h @@ -72,7 +72,6 @@ struct ceph_statx { struct timespec stx_mtime; struct timespec stx_btime; uint64_t stx_version; - uint64_t stx_attributes; }; #define CEPH_STATX_MODE 0x00000001U /* Want/got stx_mode */ @@ -91,13 +90,6 @@ struct ceph_statx { #define CEPH_STATX_VERSION 0x00001000U /* Want/got stx_version */ #define CEPH_STATX_ALL_STATS 0x00001fffU /* All supported stats */ -// the value of STATX_ATTR_ENCRYPTED on most systems is equal to FS_ENCRYPT_FL -// to identify encrypted files uniformly, -// simplifying operations that need to check encryption status. -#ifndef STATX_ATTR_ENCRYPTED -#define STATX_ATTR_ENCRYPTED 0x00000800 /* File requires key to decrypt in fs */ -#endif - /* * Compatibility macros until these defines make their way into glibc */ @@ -131,17 +123,6 @@ struct ceph_statx { #define FALLOC_FL_PUNCH_HOLE 0x02 #endif -/* fscrypt IOCTL flags*/ -// the value of FS_ENCRYPT_FL on most systems is equal to STATX_ATTR_ENCRYPTED -// to identify encrypted files uniformly, -// simplifying operations that need to check encryption status. -#ifndef FS_ENCRYPT_FL -#define FS_ENCRYPT_FL 0x00000800 /* Encrypted file */ -#endif -#ifndef FS_IOC_GETFLAGS -#define FS_IOC_GETFLAGS _IOR('f', 1, int32_t) -#endif - /** ceph_deleg_cb_t: Delegation recalls * * Called when there is an outstanding Delegation and there is conflicting diff --git a/src/include/cephfs/libcephfs.h b/src/include/cephfs/libcephfs.h index a320bd01e2942..0c13463537176 100644 --- a/src/include/cephfs/libcephfs.h +++ b/src/include/cephfs/libcephfs.h @@ -2049,14 +2049,6 @@ int ceph_set_fscrypt_policy_v2(struct ceph_mount_info *cmount, */ int ceph_is_encrypted(struct ceph_mount_info *cmount, int fd, char* enctag); -/** - * Fill file_attr_out with content of i_flags - * @param cmount the ceph mount handle to use. - * @param fd open directory file descriptor - * @param file_attr_out will have result bits set - * @returns zero on success, other returns a negative error code. - */ -int get_inode_flags(struct ceph_mount_info *cmount, int fd, int* file_attr_out); /* Low Level */ struct Inode *ceph_ll_get_inode(struct ceph_mount_info *cmount, diff --git a/src/libcephfs.cc b/src/libcephfs.cc index 386f54d673aef..b39bbd38b8362 100644 --- a/src/libcephfs.cc +++ b/src/libcephfs.cc @@ -2633,13 +2633,6 @@ extern "C" int ceph_get_perf_counters(struct ceph_mount_info *cmount, char **per return outbl.length(); } -extern "C" int get_inode_flags(struct ceph_mount_info *cmount, int fd, int* file_attr_out) { - if (!cmount->is_mounted()) - return -ENOTCONN; - - return cmount->get_client()->get_inode_flags(fd, file_attr_out); -} - extern "C" int ceph_fcopyfile(struct ceph_mount_info *cmount, const char *spath, const char *dpath, mode_t mode) { if (!cmount->is_mounted()) diff --git a/src/test/libcephfs/fscrypt.cc b/src/test/libcephfs/fscrypt.cc index b076e512133a6..339953af1c3ca 100644 --- a/src/test/libcephfs/fscrypt.cc +++ b/src/test/libcephfs/fscrypt.cc @@ -912,75 +912,6 @@ TEST(FSCrypt, RemoveBusyCreate) { ceph_shutdown(cmount); } -TEST(FSCrypt, QuerySEncryptFlag) { - struct ceph_fscrypt_key_identifier kid; - - struct ceph_mount_info *cmount; - int r = init_mount(&cmount); - ASSERT_EQ(0, r); - - //add dir - string dir_path = "sencrypt_test_dir1"; - ceph_mkdir(cmount, dir_path.c_str(), 0777); - int fd1 = ceph_open(cmount, dir_path.c_str(), O_DIRECTORY, 0); - - //query S_ENCRYPTED flag with statx on non encrypted directory - struct ceph_statx stx; - r = ceph_statx(cmount, dir_path.c_str(), &stx, - CEPH_STATX_ALL_STATS, - 0); - ASSERT_EQ(0, r); - ASSERT_EQ(0, stx.stx_attributes & STATX_ATTR_ENCRYPTED); - - //query S_ENCRYPTED flag with ioctl on non encr directory - int file_attr_out; - r = get_inode_flags(cmount, fd1, &file_attr_out); - ASSERT_EQ(0, r); - ASSERT_EQ(0, file_attr_out & FS_ENCRYPT_FL); - - // enable fscrypt - r = ceph_add_fscrypt_key(cmount, fscrypt_key, sizeof(fscrypt_key), &kid, 1299); - ASSERT_EQ(0, r); - struct fscrypt_policy_v2 policy; - populate_policy(kid, &policy); - - r = ceph_set_fscrypt_policy_v2(cmount, fd1, &policy); - ASSERT_EQ(0, r); - - //add file to encrypted directory - string file_path = "sencrypt_test_file"; - string path = ""; - path.append(dir_path); - path.append("/"); - path.append(file_path); - int fd2 = ceph_open(cmount, path.c_str(), O_RDWR|O_CREAT|O_TRUNC, 0600); - r = ceph_write(cmount, fd2, fscrypt_key, sizeof(fscrypt_key), 0); - ASSERT_EQ(32, r); - ceph_close(cmount, fd1); - - //query S_ENCRYPTED flag with statx on encrypted file - r = ceph_statx(cmount, path.c_str(), &stx, - CEPH_STATX_ALL_STATS, - 0); - ASSERT_EQ(0, r); - ASSERT_EQ(STATX_ATTR_ENCRYPTED, stx.stx_attributes & STATX_ATTR_ENCRYPTED); - - //query S_ENCRYPTED flag with ioctl on encrypted file - r = get_inode_flags(cmount, fd2, &file_attr_out); - ASSERT_EQ(FS_ENCRYPT_FL, file_attr_out & FS_ENCRYPT_FL); - - // cleanup - ceph_close(cmount, fd2); - ceph_unlink(cmount, file_path.c_str()); - ceph_rmdir(cmount, dir_path.c_str()); - fscrypt_remove_key_arg arg; - generate_remove_key_arg(kid, &arg); - r = ceph_remove_fscrypt_key(cmount, &arg, 1299); - ASSERT_EQ(0, r); - ASSERT_EQ(0, arg.removal_status_flags); - ceph_shutdown(cmount); -} - // this test verifies that fuse client doesn't support falloate ops // FALLOC_FL_COLLAPSE_RANGE, FALLOC_FL_COLLAPSE_RANGE, FALLOC_FL_INSERT_RANGE // if this test fails, it means that these ops has been impleneted AND we must reject these ops for encrypted files -- 2.39.5