[lustre-devel] [PATCH 11/12] lustre: pcc: disable PCC for encrypted files

James Simmons jsimmons at infradead.org
Sun Dec 12 07:08:02 PST 2021

From: Qian Yingjin <qian at ddn.com>

When files are encrypted in Lustre using fscrypt, they should
normally not be accessible to users without the proper encyrption
key. However, if a user has then encryption key loaded when they
read a file, it may be decrypted in memory and saved to the PCC
backend in unencrypted form.

Due to the above reason, we just disable PCC caching for encrypted

DDN-bug-id: EX-3571
WC-bug-id: https://jira.whamcloud.com/browse/LU-15217
Lustre-commit: f8c79eea11ac96019 ("LU-15217 pcc: disable PCC for encrypted files")
Signed-off-by: Qian Yingjin <qian at ddn.com>
Reviewed-on: https://review.whamcloud.com/45545
Reviewed-by: Andreas Dilger <adilger at whamcloud.com>
Reviewed-by: Oleg Drokin <green at whamcloud.com>
Signed-off-by: James Simmons <jsimmons at infradead.org>
 fs/lustre/llite/file.c | 3 +++
 fs/lustre/llite/pcc.c  | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/fs/lustre/llite/file.c b/fs/lustre/llite/file.c
index d3374232..898db80 100644
--- a/fs/lustre/llite/file.c
+++ b/fs/lustre/llite/file.c
@@ -3598,6 +3598,9 @@ static long ll_file_unlock_lease(struct file *file, struct ll_ioc_lease *ioc,
 		if (ioc->lil_count != 1)
 			return -EINVAL;
+		if (IS_ENCRYPTED(inode))
+			return -EOPNOTSUPP;
 		arg += sizeof(*ioc);
 		if (copy_from_user(&param.pa_archive_id, (void __user *)arg,
 				   sizeof(u32))) {
diff --git a/fs/lustre/llite/pcc.c b/fs/lustre/llite/pcc.c
index 8430fff..85114b8 100644
--- a/fs/lustre/llite/pcc.c
+++ b/fs/lustre/llite/pcc.c
@@ -1472,6 +1472,9 @@ int pcc_file_open(struct inode *inode, struct file *file)
 	if (!S_ISREG(inode->i_mode))
 		return 0;
+	if (IS_ENCRYPTED(inode))
+		return 0;
 	pcci = ll_i2pcci(inode);

More information about the lustre-devel mailing list