[lustre-devel] [PATCH 07/32] lustre: enc: enc-unaware clients get ENOKEY if file not found
James Simmons
jsimmons at infradead.org
Wed Aug 3 18:37:52 PDT 2022
From: Sebastien Buisson <sbuisson at ddn.com>
To reduce issues with applications running on clients without keys
or without fscrypt support that check for the existence of a file in
an encrypted directory, return -ENOKEY instead of -ENOENT.
For encryption-unaware clients, this is done on server side in the
mdt layer, by checking if clients have the OBD_CONNECT2_ENCRYPT
connection flag.
For clients without the key, this is done in llite when the searched
filename is not in encoded form.
WC-bug-id: https://jira.whamcloud.com/browse/LU-15855
Lustre-commit: 00898697f998c095e ("LU-15855 enc: enc-unaware clients get ENOKEY if file not found")
Signed-off-by: Sebastien Buisson <sbuisson at ddn.com>
Reviewed-on: https://review.whamcloud.com/47349
Reviewed-by: Andreas Dilger <adilger at whamcloud.com>
Reviewed-by: John L. Hammond <jhammond at whamcloud.com>
Reviewed-by: James Simmons <jsimmons at infradead.org>
Reviewed-by: Oleg Drokin <green at whamcloud.com>
Signed-off-by: James Simmons <jsimmons at infradead.org>
---
fs/lustre/llite/crypto.c | 35 ++++++++++++++++++++---------------
1 file changed, 20 insertions(+), 15 deletions(-)
diff --git a/fs/lustre/llite/crypto.c b/fs/lustre/llite/crypto.c
index f075b9a..ad045c3 100644
--- a/fs/lustre/llite/crypto.c
+++ b/fs/lustre/llite/crypto.c
@@ -233,21 +233,26 @@ int ll_setup_filename(struct inode *dir, const struct qstr *iname,
fid->f_ver = 0;
}
rc = fscrypt_setup_filename(dir, &dname, lookup, fname);
- if (rc == -ENOENT && lookup &&
- ((is_root_inode(dir) && iname->len == strlen(dot_fscrypt_name) &&
- strncmp(iname->name, dot_fscrypt_name, iname->len) == 0) ||
- (!fscrypt_has_encryption_key(dir) &&
- unlikely(filename_is_volatile(iname->name, iname->len, NULL))))) {
- /* In case of subdir mount of an encrypted directory, we allow
- * lookup of /.fscrypt directory.
- */
- /* For purpose of migration or mirroring without enc key, we
- * allow lookup of volatile file without enc context.
- */
- memset(fname, 0, sizeof(struct fscrypt_name));
- fname->disk_name.name = (unsigned char *)iname->name;
- fname->disk_name.len = iname->len;
- rc = 0;
+ if (rc == -ENOENT && lookup) {
+ if (((is_root_inode(dir) &&
+ iname->len == strlen(dot_fscrypt_name) &&
+ strncmp(iname->name, dot_fscrypt_name, iname->len) == 0) ||
+ (!fscrypt_has_encryption_key(dir) &&
+ unlikely(filename_is_volatile(iname->name,
+ iname->len, NULL))))) {
+ /* In case of subdir mount of an encrypted directory,
+ * we allow lookup of /.fscrypt directory.
+ */
+ /* For purpose of migration or mirroring without enc key,
+ * we allow lookup of volatile file without enc context.
+ */
+ memset(fname, 0, sizeof(struct fscrypt_name));
+ fname->disk_name.name = (unsigned char *)iname->name;
+ fname->disk_name.len = iname->len;
+ rc = 0;
+ } else if (!fscrypt_has_encryption_key(dir)) {
+ rc = -ENOKEY;
+ }
}
if (rc)
return rc;
--
1.8.3.1
More information about the lustre-devel
mailing list