[lustre-devel] [PATCH 13/40] lustre: sec: Lustre/HSM on enc file with enc key

James Simmons jsimmons at infradead.org
Sun Apr 9 05:12:53 PDT 2023 

From: Sebastien Buisson <sbuisson at ddn.com>

Support for Lustre/HSM on encrypted files when the encryption key is
available requires similar attention as with file migration.
The volatile file used for HSM restore must have the same encryption
context as the Lustre file being restored, so that file content
remains accessible after the layout swap at the end of the restore
procedure.

Please note that using Lustre/HSM with the encryption key creates
clear text copies of encrypted files on the HSM backend storage.

WC-bug-id: https://jira.whamcloud.com/browse/LU-16310
Lustre-commit: df7a8d92d2378e236 ("LU-16310 sec: Lustre/HSM on enc file with enc key")
Signed-off-by: Sebastien Buisson <sbuisson at ddn.com>
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/49153
Reviewed-by: Oleg Drokin <green at whamcloud.com>
Reviewed-by: jsimmons <jsimmons at infradead.org>
Reviewed-by: Andreas Dilger <adilger at whamcloud.com>
Reviewed-by: Etienne AUJAMES <eaujames at ddn.com>
Signed-off-by: James Simmons <jsimmons at infradead.org>
---
 fs/lustre/llite/crypto.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/fs/lustre/llite/crypto.c b/fs/lustre/llite/crypto.c
index 5fb7f4d..61b85c8 100644
--- a/fs/lustre/llite/crypto.c
+++ b/fs/lustre/llite/crypto.c
@@ -246,7 +246,16 @@ int ll_setup_filename(struct inode *dir, const struct qstr *iname,
 		fid->f_oid = 0;
 		fid->f_ver = 0;
 	}
-	rc = fscrypt_setup_filename(dir, &dname, lookup, fname);
+	if (unlikely(filename_is_volatile(iname->name,
+					  iname->len, NULL))) {
+		/* keep volatile name as-is, matters for server side */
+		memset(fname, 0, sizeof(struct fscrypt_name));
+		fname->disk_name.name = (unsigned char *)iname->name;
+		fname->disk_name.len = iname->len;
+		rc = 0;
+	} else {
+		rc = fscrypt_setup_filename(dir, &dname, lookup, fname);
+	}
 	if (rc == -ENOENT && lookup) {
 		if (((is_root_inode(dir) &&
 		     iname->len == strlen(dot_fscrypt_name) &&
-- 
1.8.3.1

More information about the lustre-devel mailing list