[lustre-devel] [PATCH 21/49] lustre: sec: fix migrate for encrypted dir
James Simmons
jsimmons at infradead.org
Wed Apr 14 21:02:13 PDT 2021
From: Sebastien Buisson <sbuisson at ddn.com>
When setting an encryption policy on a directory that we want to
be encrypted, we need to make sure it is empty.
But, in some cases, setting the LL_XATTR_NAME_ENCRYPTION_CONTEXT xattr
should be allowed on non-empty directories, for instance when a
directory is migrated across MDTs into new shard directories.
Also, it is required for the encrpytion key to be available on the
client when migrating a directory so that the filenames can be
properly rehashed for the new MDT directory shard.
And, in any case, we need to prevent explicit setting of
LL_XATTR_NAME_ENCRYPTION_CONTEXT xattr outside of encryption policy
definition.
WC-bug-id: https://jira.whamcloud.com/browse/LU-14401
Lustre-commit: 67c4cffac6dbd30c ("LU-14401 sec: fix migrate for encrypted dir")
Signed-off-by: Sebastien Buisson <sbuisson at ddn.com>
Reviewed-on: https://review.whamcloud.com/41413
Reviewed-by: Andreas Dilger <adilger at whamcloud.com>
Reviewed-by: John L. Hammond <jhammond at whamcloud.com>
Reviewed-by: Oleg Drokin <green at whamcloud.com>
Signed-off-by: James Simmons <jsimmons at infradead.org>
---
fs/lustre/llite/crypto.c | 1 +
fs/lustre/llite/file.c | 12 ++++++++++++
fs/lustre/llite/llite_internal.h | 8 +++++---
fs/lustre/llite/xattr.c | 11 +++++++++++
4 files changed, 29 insertions(+), 3 deletions(-)
diff --git a/fs/lustre/llite/crypto.c b/fs/lustre/llite/crypto.c
index 0598b3c..8bbb766 100644
--- a/fs/lustre/llite/crypto.c
+++ b/fs/lustre/llite/crypto.c
@@ -104,6 +104,7 @@ static int ll_set_context(struct inode *inode, const void *ctx, size_t len,
return -EPERM;
dentry = (struct dentry *)fs_data;
+ set_bit(LLIF_SET_ENC_CTX, &ll_i2info(inode)->lli_flags);
rc = __vfs_setxattr(dentry, inode, LL_XATTR_NAME_ENCRYPTION_CONTEXT,
ctx, len, XATTR_CREATE);
if (rc)
diff --git a/fs/lustre/llite/file.c b/fs/lustre/llite/file.c
index 767eafa..225008e 100644
--- a/fs/lustre/llite/file.c
+++ b/fs/lustre/llite/file.c
@@ -4455,6 +4455,18 @@ int ll_migrate(struct inode *parent, struct file *file, struct lmv_user_md *lum,
goto out_iput;
}
+ if (IS_ENCRYPTED(child_inode)) {
+ rc = llcrypt_get_encryption_info(child_inode);
+ if (rc)
+ goto out_iput;
+ if (!llcrypt_has_encryption_key(child_inode)) {
+ CDEBUG(D_SEC, "no enc key for "DFID"\n",
+ PFID(ll_inode2fid(child_inode)));
+ rc = -ENOKEY;
+ goto out_iput;
+ }
+ }
+
op_data = ll_prep_md_op_data(NULL, parent, NULL, name, namelen,
child_inode->i_mode, LUSTRE_OPC_ANY, NULL);
if (IS_ERR(op_data)) {
diff --git a/fs/lustre/llite/llite_internal.h b/fs/lustre/llite/llite_internal.h
index 0d97253..dc9ea03 100644
--- a/fs/lustre/llite/llite_internal.h
+++ b/fs/lustre/llite/llite_internal.h
@@ -97,12 +97,14 @@ enum ll_file_flags {
LLIF_FILE_RESTORING = 1,
/* Xattr cache is attached to the file */
LLIF_XATTR_CACHE = 2,
+ /* Project inherit */
+ LLIF_PROJECT_INHERIT = 3,
/* update atime from MDS no matter if it's older than
* local inode atime.
*/
- LLIF_UPDATE_ATIME,
- /* Project inherit */
- LLIF_PROJECT_INHERIT = 3,
+ LLIF_UPDATE_ATIME = 4,
+ /* setting encryption context in progress */
+ LLIF_SET_ENC_CTX = 6,
};
/* See comment on trunc_sem_down_read_nowait */
diff --git a/fs/lustre/llite/xattr.c b/fs/lustre/llite/xattr.c
index 119fb26..7004893 100644
--- a/fs/lustre/llite/xattr.c
+++ b/fs/lustre/llite/xattr.c
@@ -133,6 +133,17 @@ static int ll_xattr_set_common(const struct xattr_handler *handler,
return -EPERM;
}
+ /* Setting LL_XATTR_NAME_ENCRYPTION_CONTEXT xattr is only allowed
+ * when defining an encryption policy on a directory, ie when it
+ * comes from ll_set_context().
+ * When new files/dirs are created in an encrypted dir, the xattr
+ * is set directly in the create request.
+ */
+ if (handler->flags == XATTR_SECURITY_T &&
+ !strcmp(name, "c") &&
+ !test_and_clear_bit(LLIF_SET_ENC_CTX, &ll_i2info(inode)->lli_flags))
+ return -EPERM;
+
fullname = kasprintf(GFP_KERNEL, "%s%s", xattr_prefix(handler), name);
if (!fullname)
return -ENOMEM;
--
1.8.3.1
More information about the lustre-devel
mailing list