[mirror_ubuntu-artful-kernel.git] / net / ceph / crypto.c


#include <linux/ceph/ceph_debug.h>

#include <linux/err.h>
#include <linux/scatterlist.h>
#include <linux/sched.h>
#include <linux/slab.h>
#include <crypto/aes.h>
#include <crypto/skcipher.h>
#include <linux/key-type.h>
#include <linux/sched/mm.h>

#include <keys/ceph-type.h>
#include <keys/user-type.h>
#include <linux/ceph/decode.h>
#include "crypto.h"

/*
 * Set ->key and ->tfm.  The rest of the key should be filled in before
 * this function is called.
 */
static int set_secret(struct ceph_crypto_key *key, void *buf)
{
	unsigned int noio_flag;
	int ret;

	key->key = NULL;
	key->tfm = NULL;

	switch (key->type) {
	case CEPH_CRYPTO_NONE:
		return 0; /* nothing to do */
	case CEPH_CRYPTO_AES:
		break;
	default:
		return -ENOTSUPP;
	}

	WARN_ON(!key->len);
	key->key = kmemdup(buf, key->len, GFP_NOIO);
	if (!key->key) {
		ret = -ENOMEM;
		goto fail;
	}

	/* crypto_alloc_skcipher() allocates with GFP_KERNEL */
	noio_flag = memalloc_noio_save();
	key->tfm = crypto_alloc_skcipher("cbc(aes)", 0, CRYPTO_ALG_ASYNC);
	memalloc_noio_restore(noio_flag);
	if (IS_ERR(key->tfm)) {
		ret = PTR_ERR(key->tfm);
		key->tfm = NULL;
		goto fail;
	}

	ret = crypto_skcipher_setkey(key->tfm, key->key, key->len);
	if (ret)
		goto fail;

	return 0;

fail:
	ceph_crypto_key_destroy(key);
	return ret;
}

int ceph_crypto_key_clone(struct ceph_crypto_key *dst,
			  const struct ceph_crypto_key *src)
{
	memcpy(dst, src, sizeof(struct ceph_crypto_key));
	return set_secret(dst, src->key);
}

int ceph_crypto_key_encode(struct ceph_crypto_key *key, void **p, void *end)
{
	if (*p + sizeof(u16) + sizeof(key->created) +
	    sizeof(u16) + key->len > end)
		return -ERANGE;
	ceph_encode_16(p, key->type);
	ceph_encode_copy(p, &key->created, sizeof(key->created));
	ceph_encode_16(p, key->len);
	ceph_encode_copy(p, key->key, key->len);
	return 0;
}

int ceph_crypto_key_decode(struct ceph_crypto_key *key, void **p, void *end)
{
	int ret;

	ceph_decode_need(p, end, 2*sizeof(u16) + sizeof(key->created), bad);
	key->type = ceph_decode_16(p);
	ceph_decode_copy(p, &key->created, sizeof(key->created));
	key->len = ceph_decode_16(p);
	ceph_decode_need(p, end, key->len, bad);
	ret = set_secret(key, *p);
	*p += key->len;
	return ret;

bad:
	dout("failed to decode crypto key\n");
	return -EINVAL;
}

int ceph_crypto_key_unarmor(struct ceph_crypto_key *key, const char *inkey)
{
	int inlen = strlen(inkey);
	int blen = inlen * 3 / 4;
	void *buf, *p;
	int ret;

	dout("crypto_key_unarmor %s\n", inkey);
	buf = kmalloc(blen, GFP_NOFS);
	if (!buf)
		return -ENOMEM;
	blen = ceph_unarmor(buf, inkey, inkey+inlen);
	if (blen < 0) {
		kfree(buf);
		return blen;
	}

	p = buf;
	ret = ceph_crypto_key_decode(key, &p, p + blen);
	kfree(buf);
	if (ret)
		return ret;
	dout("crypto_key_unarmor key %p type %d len %d\n", key,
	     key->type, key->len);
	return 0;
}

void ceph_crypto_key_destroy(struct ceph_crypto_key *key)
{
	if (key) {
		kfree(key->key);
		key->key = NULL;
		crypto_free_skcipher(key->tfm);
		key->tfm = NULL;
	}
}

static const u8 *aes_iv = (u8 *)CEPH_AES_IV;

/*
 * Should be used for buffers allocated with ceph_kvmalloc().
 * Currently these are encrypt out-buffer (ceph_buffer) and decrypt
 * in-buffer (msg front).
 *
 * Dispose of @sgt with teardown_sgtable().
 *
 * @prealloc_sg is to avoid memory allocation inside sg_alloc_table()
 * in cases where a single sg is sufficient.  No attempt to reduce the
 * number of sgs by squeezing physically contiguous pages together is
 * made though, for simplicity.
 */
static int setup_sgtable(struct sg_table *sgt, struct scatterlist *prealloc_sg,
			 const void *buf, unsigned int buf_len)
{
	struct scatterlist *sg;
	const bool is_vmalloc = is_vmalloc_addr(buf);
	unsigned int off = offset_in_page(buf);
	unsigned int chunk_cnt = 1;
	unsigned int chunk_len = PAGE_ALIGN(off + buf_len);
	int i;
	int ret;

	if (buf_len == 0) {
		memset(sgt, 0, sizeof(*sgt));
		return -EINVAL;
	}

	if (is_vmalloc) {
		chunk_cnt = chunk_len >> PAGE_SHIFT;
		chunk_len = PAGE_SIZE;
	}

	if (chunk_cnt > 1) {
		ret = sg_alloc_table(sgt, chunk_cnt, GFP_NOFS);
		if (ret)
			return ret;
	} else {
		WARN_ON(chunk_cnt != 1);
		sg_init_table(prealloc_sg, 1);
		sgt->sgl = prealloc_sg;
		sgt->nents = sgt->orig_nents = 1;
	}

	for_each_sg(sgt->sgl, sg, sgt->orig_nents, i) {
		struct page *page;
		unsigned int len = min(chunk_len - off, buf_len);

		if (is_vmalloc)
			page = vmalloc_to_page(buf);
		else
			page = virt_to_page(buf);

		sg_set_page(sg, page, len, off);

		off = 0;
		buf += len;
		buf_len -= len;
	}
	WARN_ON(buf_len != 0);

	return 0;
}

static void teardown_sgtable(struct sg_table *sgt)
{
	if (sgt->orig_nents > 1)
		sg_free_table(sgt);
}

static int ceph_aes_crypt(const struct ceph_crypto_key *key, bool encrypt,
			  void *buf, int buf_len, int in_len, int *pout_len)
{
	SKCIPHER_REQUEST_ON_STACK(req, key->tfm);
	struct sg_table sgt;
	struct scatterlist prealloc_sg;
	char iv[AES_BLOCK_SIZE] __aligned(8);
	int pad_byte = AES_BLOCK_SIZE - (in_len & (AES_BLOCK_SIZE - 1));
	int crypt_len = encrypt ? in_len + pad_byte : in_len;
	int ret;

	WARN_ON(crypt_len > buf_len);
	if (encrypt)
		memset(buf + in_len, pad_byte, pad_byte);
	ret = setup_sgtable(&sgt, &prealloc_sg, buf, crypt_len);
	if (ret)
		return ret;

	memcpy(iv, aes_iv, AES_BLOCK_SIZE);
	skcipher_request_set_tfm(req, key->tfm);
	skcipher_request_set_callback(req, 0, NULL, NULL);
	skcipher_request_set_crypt(req, sgt.sgl, sgt.sgl, crypt_len, iv);

	/*
	print_hex_dump(KERN_ERR, "key: ", DUMP_PREFIX_NONE, 16, 1,
		       key->key, key->len, 1);
	print_hex_dump(KERN_ERR, " in: ", DUMP_PREFIX_NONE, 16, 1,
		       buf, crypt_len, 1);
	*/
	if (encrypt)
		ret = crypto_skcipher_encrypt(req);
	else
		ret = crypto_skcipher_decrypt(req);
	skcipher_request_zero(req);
	if (ret) {
		pr_err("%s %scrypt failed: %d\n", __func__,
		       encrypt ? "en" : "de", ret);
		goto out_sgt;
	}
	/*
	print_hex_dump(KERN_ERR, "out: ", DUMP_PREFIX_NONE, 16, 1,
		       buf, crypt_len, 1);
	*/

	if (encrypt) {
		*pout_len = crypt_len;
	} else {
		pad_byte = *(char *)(buf + in_len - 1);
		if (pad_byte > 0 && pad_byte <= AES_BLOCK_SIZE &&
		    in_len >= pad_byte) {
			*pout_len = in_len - pad_byte;
		} else {
			pr_err("%s got bad padding %d on in_len %d\n",
			       __func__, pad_byte, in_len);
			ret = -EPERM;
			goto out_sgt;
		}
	}

out_sgt:
	teardown_sgtable(&sgt);
	return ret;
}

int ceph_crypt(const struct ceph_crypto_key *key, bool encrypt,
	       void *buf, int buf_len, int in_len, int *pout_len)
{
	switch (key->type) {
	case CEPH_CRYPTO_NONE:
		*pout_len = in_len;
		return 0;
	case CEPH_CRYPTO_AES:
		return ceph_aes_crypt(key, encrypt, buf, buf_len, in_len,
				      pout_len);
	default:
		return -ENOTSUPP;
	}
}

static int ceph_key_preparse(struct key_preparsed_payload *prep)
{
	struct ceph_crypto_key *ckey;
	size_t datalen = prep->datalen;
	int ret;
	void *p;

	ret = -EINVAL;
	if (datalen <= 0 || datalen > 32767 || !prep->data)
		goto err;

	ret = -ENOMEM;
	ckey = kmalloc(sizeof(*ckey), GFP_KERNEL);
	if (!ckey)
		goto err;

	/* TODO ceph_crypto_key_decode should really take const input */
	p = (void *)prep->data;
	ret = ceph_crypto_key_decode(ckey, &p, (char*)prep->data+datalen);
	if (ret < 0)
		goto err_ckey;

	prep->payload.data[0] = ckey;
	prep->quotalen = datalen;
	return 0;

err_ckey:
	kfree(ckey);
err:
	return ret;
}

static void ceph_key_free_preparse(struct key_preparsed_payload *prep)
{
	struct ceph_crypto_key *ckey = prep->payload.data[0];
	ceph_crypto_key_destroy(ckey);
	kfree(ckey);
}

static void ceph_key_destroy(struct key *key)
{
	struct ceph_crypto_key *ckey = key->payload.data[0];

	ceph_crypto_key_destroy(ckey);
	kfree(ckey);
}

struct key_type key_type_ceph = {
	.name		= "ceph",
	.preparse	= ceph_key_preparse,
	.free_preparse	= ceph_key_free_preparse,
	.instantiate	= generic_key_instantiate,
	.destroy	= ceph_key_destroy,
};

int ceph_crypto_init(void) {
	return register_key_type(&key_type_ceph);
}

void ceph_crypto_shutdown(void) {
	unregister_key_type(&key_type_ceph);
}
Commit	Line	Data
8b6e4f2d	1
3d14c5d2	2	#include <linux/ceph/ceph_debug.h>
8b6e4f2d SW	3
	4	#include <linux/err.h>
	5	#include <linux/scatterlist.h>
7fea24c6	6	#include <linux/sched.h>
5a0e3ad6	7	#include <linux/slab.h>
e59dd982 HX	8	#include <crypto/aes.h>
e59dd982 HX	9	#include <crypto/skcipher.h>
4b2a58ab	10	#include <linux/key-type.h>
5b3cc15a	11	#include <linux/sched/mm.h>
8b6e4f2d	12
4b2a58ab	13	#include <keys/ceph-type.h>
7c3bec0a	14	#include <keys/user-type.h>
3d14c5d2	15	#include <linux/ceph/decode.h>
8b6e4f2d	16	#include "crypto.h"
8b6e4f2d	17
7af3ea18 ID	18	/*
	19	* Set ->key and ->tfm. The rest of the key should be filled in before
	20	* this function is called.
	21	*/
	22	static int set_secret(struct ceph_crypto_key key, void buf)
	23	{
	24	unsigned int noio_flag;
	25	int ret;
	26
	27	key->key = NULL;
	28	key->tfm = NULL;
	29
	30	switch (key->type) {
	31	case CEPH_CRYPTO_NONE:
	32	return 0; /* nothing to do */
	33	case CEPH_CRYPTO_AES:
	34	break;
	35	default:
	36	return -ENOTSUPP;
	37	}
	38
	39	WARN_ON(!key->len);
	40	key->key = kmemdup(buf, key->len, GFP_NOIO);
	41	if (!key->key) {
	42	ret = -ENOMEM;
	43	goto fail;
	44	}
	45
	46	/* crypto_alloc_skcipher() allocates with GFP_KERNEL */
	47	noio_flag = memalloc_noio_save();
	48	key->tfm = crypto_alloc_skcipher("cbc(aes)", 0, CRYPTO_ALG_ASYNC);
	49	memalloc_noio_restore(noio_flag);
	50	if (IS_ERR(key->tfm)) {
	51	ret = PTR_ERR(key->tfm);
	52	key->tfm = NULL;
	53	goto fail;
	54	}
	55
	56	ret = crypto_skcipher_setkey(key->tfm, key->key, key->len);
	57	if (ret)
	58	goto fail;
	59
	60	return 0;
	61
	62	fail:
	63	ceph_crypto_key_destroy(key);
	64	return ret;
	65	}
	66
8323c3aa TV	67	int ceph_crypto_key_clone(struct ceph_crypto_key *dst,
	68	const struct ceph_crypto_key *src)
	69	{
	70	memcpy(dst, src, sizeof(struct ceph_crypto_key));
7af3ea18	71	return set_secret(dst, src->key);
8323c3aa TV	72	}
8323c3aa TV	73
8b6e4f2d SW	74	int ceph_crypto_key_encode(struct ceph_crypto_key key, void p, void end)
	75	{
	76	if (*p + sizeof(u16) + sizeof(key->created) +
	77	sizeof(u16) + key->len > end)
	78	return -ERANGE;
	79	ceph_encode_16(p, key->type);
	80	ceph_encode_copy(p, &key->created, sizeof(key->created));
	81	ceph_encode_16(p, key->len);
	82	ceph_encode_copy(p, key->key, key->len);
	83	return 0;
	84	}
	85
	86	int ceph_crypto_key_decode(struct ceph_crypto_key key, void p, void end)
	87	{
7af3ea18 ID	88	int ret;
7af3ea18 ID	89
8b6e4f2d SW	90	ceph_decode_need(p, end, 2*sizeof(u16) + sizeof(key->created), bad);
	91	key->type = ceph_decode_16(p);
	92	ceph_decode_copy(p, &key->created, sizeof(key->created));
	93	key->len = ceph_decode_16(p);
	94	ceph_decode_need(p, end, key->len, bad);
7af3ea18 ID	95	ret = set_secret(key, *p);
	96	*p += key->len;
	97	return ret;
8b6e4f2d SW	98
	99	bad:
	100	dout("failed to decode crypto key\n");
	101	return -EINVAL;
	102	}
	103
	104	int ceph_crypto_key_unarmor(struct ceph_crypto_key key, const char inkey)
	105	{
	106	int inlen = strlen(inkey);
	107	int blen = inlen * 3 / 4;
	108	void buf, p;
	109	int ret;
	110
	111	dout("crypto_key_unarmor %s\n", inkey);
	112	buf = kmalloc(blen, GFP_NOFS);
	113	if (!buf)
	114	return -ENOMEM;
	115	blen = ceph_unarmor(buf, inkey, inkey+inlen);
	116	if (blen < 0) {
	117	kfree(buf);
	118	return blen;
	119	}
	120
	121	p = buf;
	122	ret = ceph_crypto_key_decode(key, &p, p + blen);
	123	kfree(buf);
	124	if (ret)
	125	return ret;
	126	dout("crypto_key_unarmor key %p type %d len %d\n", key,
	127	key->type, key->len);
	128	return 0;
	129	}
	130
6db2304a ID	131	void ceph_crypto_key_destroy(struct ceph_crypto_key *key)
	132	{
	133	if (key) {
	134	kfree(key->key);
	135	key->key = NULL;
7af3ea18 ID	136	crypto_free_skcipher(key->tfm);
7af3ea18 ID	137	key->tfm = NULL;
6db2304a ID	138	}
	139	}
	140
cbbfe499	141	static const u8 aes_iv = (u8 )CEPH_AES_IV;
8b6e4f2d	142
aaef3170 ID	143	/*
	144	* Should be used for buffers allocated with ceph_kvmalloc().
	145	* Currently these are encrypt out-buffer (ceph_buffer) and decrypt
	146	* in-buffer (msg front).
	147	*
	148	* Dispose of @sgt with teardown_sgtable().
	149	*
	150	* @prealloc_sg is to avoid memory allocation inside sg_alloc_table()
	151	* in cases where a single sg is sufficient. No attempt to reduce the
	152	* number of sgs by squeezing physically contiguous pages together is
	153	* made though, for simplicity.
	154	*/
	155	static int setup_sgtable(struct sg_table sgt, struct scatterlist prealloc_sg,
	156	const void *buf, unsigned int buf_len)
	157	{
	158	struct scatterlist *sg;
	159	const bool is_vmalloc = is_vmalloc_addr(buf);
	160	unsigned int off = offset_in_page(buf);
	161	unsigned int chunk_cnt = 1;
	162	unsigned int chunk_len = PAGE_ALIGN(off + buf_len);
	163	int i;
	164	int ret;
	165
	166	if (buf_len == 0) {
	167	memset(sgt, 0, sizeof(*sgt));
	168	return -EINVAL;
	169	}
	170
	171	if (is_vmalloc) {
	172	chunk_cnt = chunk_len >> PAGE_SHIFT;
	173	chunk_len = PAGE_SIZE;
	174	}
	175
	176	if (chunk_cnt > 1) {
	177	ret = sg_alloc_table(sgt, chunk_cnt, GFP_NOFS);
	178	if (ret)
	179	return ret;
	180	} else {
	181	WARN_ON(chunk_cnt != 1);
	182	sg_init_table(prealloc_sg, 1);
	183	sgt->sgl = prealloc_sg;
	184	sgt->nents = sgt->orig_nents = 1;
	185	}
	186
	187	for_each_sg(sgt->sgl, sg, sgt->orig_nents, i) {
	188	struct page *page;
	189	unsigned int len = min(chunk_len - off, buf_len);
	190
	191	if (is_vmalloc)
	192	page = vmalloc_to_page(buf);
	193	else
	194	page = virt_to_page(buf);
	195
	196	sg_set_page(sg, page, len, off);
	197
	198	off = 0;
	199	buf += len;
	200	buf_len -= len;
	201	}
	202	WARN_ON(buf_len != 0);
	203
	204	return 0;
	205	}
	206
207	static void teardown_sgtable(struct sg_table *sgt)
208	{
209	if (sgt->orig_nents > 1)
210	sg_free_table(sgt);
211	}
212
a45f795c ID	213	static int ceph_aes_crypt(const struct ceph_crypto_key *key, bool encrypt,
	214	void buf, int buf_len, int in_len, int pout_len)
	215	{
7af3ea18	216	SKCIPHER_REQUEST_ON_STACK(req, key->tfm);
a45f795c ID	217	struct sg_table sgt;
a45f795c ID	218	struct scatterlist prealloc_sg;
124f930b	219	char iv[AES_BLOCK_SIZE] __aligned(8);
a45f795c ID	220	int pad_byte = AES_BLOCK_SIZE - (in_len & (AES_BLOCK_SIZE - 1));
	221	int crypt_len = encrypt ? in_len + pad_byte : in_len;
	222	int ret;
	223
a45f795c ID	224	WARN_ON(crypt_len > buf_len);
	225	if (encrypt)
	226	memset(buf + in_len, pad_byte, pad_byte);
	227	ret = setup_sgtable(&sgt, &prealloc_sg, buf, crypt_len);
	228	if (ret)
7af3ea18	229	return ret;
a45f795c	230
a45f795c	231	memcpy(iv, aes_iv, AES_BLOCK_SIZE);
7af3ea18	232	skcipher_request_set_tfm(req, key->tfm);
a45f795c ID	233	skcipher_request_set_callback(req, 0, NULL, NULL);
	234	skcipher_request_set_crypt(req, sgt.sgl, sgt.sgl, crypt_len, iv);
	235
	236	/*
	237	print_hex_dump(KERN_ERR, "key: ", DUMP_PREFIX_NONE, 16, 1,
	238	key->key, key->len, 1);
	239	print_hex_dump(KERN_ERR, " in: ", DUMP_PREFIX_NONE, 16, 1,
	240	buf, crypt_len, 1);
	241	*/
	242	if (encrypt)
	243	ret = crypto_skcipher_encrypt(req);
	244	else
	245	ret = crypto_skcipher_decrypt(req);
	246	skcipher_request_zero(req);
	247	if (ret) {
	248	pr_err("%s %scrypt failed: %d\n", __func__,
	249	encrypt ? "en" : "de", ret);
	250	goto out_sgt;
	251	}
	252	/*
	253	print_hex_dump(KERN_ERR, "out: ", DUMP_PREFIX_NONE, 16, 1,
	254	buf, crypt_len, 1);
	255	*/
	256
	257	if (encrypt) {
	258	*pout_len = crypt_len;
	259	} else {
	260	pad_byte = (char )(buf + in_len - 1);
	261	if (pad_byte > 0 && pad_byte <= AES_BLOCK_SIZE &&
	262	in_len >= pad_byte) {
	263	*pout_len = in_len - pad_byte;
	264	} else {
	265	pr_err("%s got bad padding %d on in_len %d\n",
	266	__func__, pad_byte, in_len);
	267	ret = -EPERM;
	268	goto out_sgt;
	269	}
	270	}
	271
	272	out_sgt:
	273	teardown_sgtable(&sgt);
a45f795c ID	274	return ret;
	275	}
	276
	277	int ceph_crypt(const struct ceph_crypto_key *key, bool encrypt,
	278	void buf, int buf_len, int in_len, int pout_len)
	279	{
	280	switch (key->type) {
	281	case CEPH_CRYPTO_NONE:
	282	*pout_len = in_len;
	283	return 0;
	284	case CEPH_CRYPTO_AES:
	285	return ceph_aes_crypt(key, encrypt, buf, buf_len, in_len,
	286	pout_len);
	287	default:
	288	return -ENOTSUPP;
	289	}
	290	}
	291
efa64c09	292	static int ceph_key_preparse(struct key_preparsed_payload *prep)
4b2a58ab TV	293	{
4b2a58ab TV	294	struct ceph_crypto_key *ckey;
cf7f601c	295	size_t datalen = prep->datalen;
4b2a58ab TV	296	int ret;
	297	void *p;
	298
	299	ret = -EINVAL;
cf7f601c	300	if (datalen <= 0 \|\| datalen > 32767 \|\| !prep->data)
4b2a58ab TV	301	goto err;
4b2a58ab TV	302
4b2a58ab TV	303	ret = -ENOMEM;
	304	ckey = kmalloc(sizeof(*ckey), GFP_KERNEL);
	305	if (!ckey)
	306	goto err;
	307
	308	/* TODO ceph_crypto_key_decode should really take const input */
cf7f601c DH	309	p = (void *)prep->data;
cf7f601c DH	310	ret = ceph_crypto_key_decode(ckey, &p, (char*)prep->data+datalen);
4b2a58ab TV	311	if (ret < 0)
	312	goto err_ckey;
	313
146aa8b1	314	prep->payload.data[0] = ckey;
efa64c09	315	prep->quotalen = datalen;
4b2a58ab TV	316	return 0;
	317
	318	err_ckey:
	319	kfree(ckey);
	320	err:
	321	return ret;
	322	}
	323
efa64c09 DH	324	static void ceph_key_free_preparse(struct key_preparsed_payload *prep)
efa64c09 DH	325	{
146aa8b1	326	struct ceph_crypto_key *ckey = prep->payload.data[0];
efa64c09 DH	327	ceph_crypto_key_destroy(ckey);
	328	kfree(ckey);
	329	}
	330
efa64c09 DH	331	static void ceph_key_destroy(struct key *key)
efa64c09 DH	332	{
146aa8b1	333	struct ceph_crypto_key *ckey = key->payload.data[0];
4b2a58ab TV	334
4b2a58ab TV	335	ceph_crypto_key_destroy(ckey);
f0666b1a	336	kfree(ckey);
4b2a58ab TV	337	}
	338
	339	struct key_type key_type_ceph = {
	340	.name = "ceph",
efa64c09 DH	341	.preparse = ceph_key_preparse,
	342	.free_preparse = ceph_key_free_preparse,
	343	.instantiate = generic_key_instantiate,
4b2a58ab TV	344	.destroy = ceph_key_destroy,
	345	};
	346
	347	int ceph_crypto_init(void) {
	348	return register_key_type(&key_type_ceph);
	349	}
	350
	351	void ceph_crypto_shutdown(void) {
	352	unregister_key_type(&key_type_ceph);
	353	}