[lustre-devel] [PATCH 25/28] lustre: sec: restrict fallocate on encrypted files
jsimmons at infradead.org
Sun Nov 15 16:59:58 PST 2020
From: Sebastien Buisson <sbuisson at ddn.com>
For now, ll_fallocate only supports standard preallocation.
Anyway, encrypted inodes can't handle collapse range or zero range or
insert range since we would need to re-encrypt blocks with a different
IV or XTS tweak (which are based on the logical block number).
So make sure we return -EOPNOTSUPP in this case, like what ext4 does.
Lustre-commit: a7870fb9568bf ("LU-12275 sec: restrict fallocate on encrypted files")
Signed-off-by: Sebastien Buisson <sbuisson at ddn.com>
Reviewed-by: Andreas Dilger <adilger at whamcloud.com>
Reviewed-by: Arshad Hussain <arshad.super at gmail.com>
Reviewed-by: Oleg Drokin <green at whamcloud.com>
Signed-off-by: James Simmons <jsimmons at infradead.org>
fs/lustre/llite/file.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/fs/lustre/llite/file.c b/fs/lustre/llite/file.c
index 4a3c534..02cc2d6 100644
@@ -4927,6 +4927,17 @@ long ll_fallocate(struct file *filp, int mode, loff_t offset, loff_t len)
struct inode *inode = filp->f_path.dentry->d_inode;
+ * Encrypted inodes can't handle collapse range or zero range or insert
+ * range since we would need to re-encrypt blocks with a different IV or
+ * XTS tweak (which are based on the logical block number).
+ * Similar to what ext4 does.
+ if (IS_ENCRYPTED(inode) &&
+ (mode & (FALLOC_FL_COLLAPSE_RANGE | FALLOC_FL_INSERT_RANGE |
+ return -EOPNOTSUPP;
* Only mode == 0 (which is standard prealloc) is supported now.
* Punch is not supported yet.
More information about the lustre-devel