LU-16374 enc: rename O_FILE_ENC to O_CIPHERTEXT

Rename O_FILE_ENC to O_CIPHERTEXT as per discussion in linux-fscrypt
mailing-list.
Also change the flag combination to be:
O_NOCTTY | O_NDELAY | O_DSYNC
to avoid the risk of accidental issues with tar that already opens
files with the 'O_NOCTTY | O_NDELAY' combination.

O_DSYNC does not make much sense for O_RDONLY files, but will force
writes on encrypted restore to be synchronous. With O_DIRECT and large
enough writes (32MB?) that might be OK, but not ideal for small files.

Fixes: fdbf2ffd41 ("LU-14677 sec: no encryption key migrate/extend/resync/split")
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I36fed17a413ee690bc445c3e76674ed5fc337de5
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/51640
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: James Simmons <jsimmons@infradead.org>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>

diff --git a/lustre/include/uapi/linux/lustre/lustre_user.h b/lustre/include/uapi/linux/lustre/lustre_user.h
index 3b954e3..3bdae7f 100644 (file)
--- a/lustre/include/uapi/linux/lustre/lustre_user.h
+++ b/lustre/include/uapi/linux/lustre/lustre_user.h
@@ -686,10 +686,10 @@ struct fsxattr {
 #define O_LOV_DELAY_CREATE_MASK        (O_NOCTTY | FASYNC)
 #define O_LOV_DELAY_CREATE             (O_LOV_DELAY_CREATE_1_8 | \
                                         O_LOV_DELAY_CREATE_MASK)
-/* O_FILE_ENC principle is similar to O_LOV_DELAY_CREATE above,
+/* O_CIPHERTEXT principle is similar to O_LOV_DELAY_CREATE above,
  * for access to encrypted files without the encryption key.
  */
-#define O_FILE_ENC             (O_NOCTTY | O_NDELAY)
+#define O_CIPHERTEXT           (O_NOCTTY | O_NDELAY | O_DSYNC)
 
 #define LL_FILE_IGNORE_LOCK     0x00000001
 #define LL_FILE_GROUP_LOCKED    0x00000002

diff --git a/lustre/llite/crypto.c b/lustre/llite/crypto.c
index d93f22c..728fa81 100644 (file)
--- a/lustre/llite/crypto.c
+++ b/lustre/llite/crypto.c
@@ -126,7 +126,7 @@ static int ll_set_context(struct inode *inode, const void *ctx, size_t len,
  *
  * This overlay function is necessary to handle encrypted file open without
  * the key. We allow this access pattern to applications that know what they
- * are doing, by using the specific flag O_FILE_ENC.
+ * are doing, by using the specific flag O_CIPHERTEXT.
  * This flag is only compatible with O_DIRECT IOs, to make sure ciphertext
  * data is wiped from page cache once IOs are finished.
  */
@@ -139,9 +139,9 @@ int ll_file_open_encrypt(struct inode *inode, struct file *filp)
                return rc;
 
        if (rc == -ENOKEY &&
-           (filp->f_flags & O_FILE_ENC) == O_FILE_ENC &&
+           (filp->f_flags & O_CIPHERTEXT) == O_CIPHERTEXT &&
            filp->f_flags & O_DIRECT)
-               /* allow file open with O_FILE_ENC flag when we have O_DIRECT */
+               /* allow open with O_CIPHERTEXT flag when we have O_DIRECT */
                rc = 0;
 
        return rc;

diff --git a/lustre/llite/namei.c b/lustre/llite/namei.c
index 763dca5..5f5dc12 100644 (file)
--- a/lustre/llite/namei.c
+++ b/lustre/llite/namei.c
@@ -1247,7 +1247,7 @@ static int ll_atomic_open(struct inode *dir, struct dentry *dentry,
                        if (!llcrypt_has_encryption_key(dir) &&
                            (!filename_is_volatile(dentry->d_name.name,
                                                   dentry->d_name.len, NULL) ||
-                           (open_flags & O_FILE_ENC) != O_FILE_ENC ||
+                           (open_flags & O_CIPHERTEXT) != O_CIPHERTEXT ||
                            !(open_flags & O_DIRECT)))
                                GOTO(out_release, rc = -ENOKEY);
                }
@@ -1450,7 +1450,7 @@ static int ll_create_it(struct inode *dir, struct dentry *dentry,
                if (!llcrypt_has_encryption_key(dir) &&
                    filename_is_volatile(dentry->d_name.name,
                                         dentry->d_name.len, NULL) &&
-                   (open_flags & O_FILE_ENC) == O_FILE_ENC &&
+                   (open_flags & O_CIPHERTEXT) == O_CIPHERTEXT &&
                    open_flags & O_DIRECT)
                        preload = false;
                rc = ll_set_encflags(inode, encctx, encctxlen, preload);

diff --git a/lustre/utils/lfs.c b/lustre/utils/lfs.c
index 54b7a23..1e10042 100644 (file)
--- a/lustre/utils/lfs.c
+++ b/lustre/utils/lfs.c
@@ -663,7 +663,7 @@ migrate_open_files(const char *name, __u64 migration_flags,
         * layout swap on fd
         */
        /* Allow migrating even without the key on encrypted files */
-       rflags = O_RDWR | O_NOATIME | O_FILE_ENC;
+       rflags = O_RDWR | O_NOATIME | O_CIPHERTEXT;
        if (!(migration_flags & LLAPI_MIGRATION_NONDIRECT))
                rflags |= O_DIRECT;
 source_open:
@@ -691,7 +691,7 @@ source_open:
        do {
                int open_flags = O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW |
                        /* Allow migrating without the key on encrypted files */
-                       O_FILE_ENC;
+                       O_CIPHERTEXT;
                mode_t open_mode = S_IRUSR | S_IWUSR;
 
                if (rflags & O_DIRECT)
@@ -2326,7 +2326,7 @@ static int mirror_split(const char *fname, __u32 id, const char *pool,
                 * and in this case of a 'split -d', open file with O_DIRECT
                 * (no IOs will be done).
                 */
-               fd = open(fname, O_RDWR | O_DIRECT | O_FILE_ENC);
+               fd = open(fname, O_RDWR | O_DIRECT | O_CIPHERTEXT);
        else
                fd = open(fname, O_RDWR);
 
@@ -2417,7 +2417,7 @@ again:
                                             /* O_DIRECT for mirror split -d */
                                             O_DIRECT |
                                             /* Allow split without the key */
-                                            O_FILE_ENC;
+                                            O_CIPHERTEXT;
                                        fdv = open(file_path, open_flags,
                                                   S_IRUSR | S_IWUSR);
                                        if (fdv < 0)
@@ -11208,7 +11208,7 @@ int lfs_mirror_resync_file(const char *fname, struct ll_ioc_lease *ioc,
        }
 
        /* Allow mirror resync even without the key on encrypted files */
-       fd = open(fname, O_DIRECT | O_RDWR | O_FILE_ENC);
+       fd = open(fname, O_DIRECT | O_RDWR | O_CIPHERTEXT);
        if (fd < 0) {
                fprintf(stderr, "%s: cannot open '%s': %s.\n",
                        progname, fname, strerror(errno));
@@ -12507,7 +12507,7 @@ int lfs_mirror_verify_file(const char *fname, __u16 *mirror_ids, int ids_nr,
        }
 
        /* Allow mirror verify even without the key on encrypted files */
-       fd = open(fname, O_DIRECT | O_RDONLY | O_FILE_ENC);
+       fd = open(fname, O_DIRECT | O_RDONLY | O_CIPHERTEXT);
        if (fd < 0) {
                fprintf(stderr, "%s: cannot open '%s': %s.\n",
                        progname, fname, strerror(errno));

diff --git a/lustre/utils/liblustreapi_layout.c b/lustre/utils/liblustreapi_layout.c
index 8b91e87..47b354e 100644 (file)
--- a/lustre/utils/liblustreapi_layout.c
+++ b/lustre/utils/liblustreapi_layout.c
@@ -1079,14 +1079,14 @@ struct llapi_layout *llapi_layout_get_by_path(const char *path,
 
        /* Always get layout in O_DIRECT */
        /* Allow fetching layout even without the key on encrypted files */
-       open_flags = O_RDONLY | O_DIRECT | O_FILE_ENC;
+       open_flags = O_RDONLY | O_DIRECT | O_CIPHERTEXT;
 do_open:
        fd = open(path, open_flags);
        if (fd < 0) {
                if (errno != EINVAL || failed)
                        return layout;
                /* EINVAL is because a directory cannot be opened in O_DIRECT */
-               open_flags = O_RDONLY | O_FILE_ENC;
+               open_flags = O_RDONLY | O_CIPHERTEXT;
                failed = true;
                goto do_open;
        }