4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 only,
8 * as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License version 2 for more details (a copy is included
14 * in the LICENSE file that accompanied this code).
16 * You should have received a copy of the GNU General Public License
17 * version 2 along with this program; If not, see
18 * http://www.gnu.org/licenses/gpl-2.0.html
23 * Copyright (c) 2019, 2020, Whamcloud.
26 * This file is part of Lustre, http://www.lustre.org/
29 #include "llite_internal.h"
31 #ifdef HAVE_LUSTRE_CRYPTO
33 static int ll_get_context(struct inode *inode, void *ctx, size_t len)
35 struct dentry *dentry;
38 if (hlist_empty(&inode->i_dentry))
41 hlist_for_each_entry(dentry, &inode->i_dentry, d_alias) {
45 rc = ll_vfs_getxattr(dentry, inode, LL_XATTR_NAME_ENCRYPTION_CONTEXT,
48 /* used as encryption unit size */
49 if (S_ISREG(inode->i_mode))
50 inode->i_blkbits = LUSTRE_ENCRYPTION_BLOCKBITS;
54 int ll_set_encflags(struct inode *inode, void *encctx, __u32 encctxlen,
57 unsigned int ext_flags;
60 /* used as encryption unit size */
61 if (S_ISREG(inode->i_mode))
62 inode->i_blkbits = LUSTRE_ENCRYPTION_BLOCKBITS;
63 ext_flags = ll_inode_to_ext_flags(inode->i_flags) | LUSTRE_ENCRYPT_FL;
64 ll_update_inode_flags(inode, ext_flags);
66 if (encctx && encctxlen)
67 rc = ll_xattr_cache_insert(inode,
68 LL_XATTR_NAME_ENCRYPTION_CONTEXT,
73 return preload ? llcrypt_get_encryption_info(inode) : 0;
76 /* ll_set_context has 2 distinct behaviors, depending on the value of inode
79 * passed fs_data is a struct md_op_data *. We need to store enc ctx in
80 * op_data, so that it will be sent along to the server with the request that
81 * the caller is preparing, thus saving a setxattr request.
82 * - inode is not NULL:
83 * normal case in which passed fs_data is a struct dentry *, letting proceed
84 * with setxattr operation.
85 * This use case should only be used when explicitly setting a new encryption
86 * policy on an existing, empty directory.
88 static int ll_set_context(struct inode *inode, const void *ctx, size_t len,
91 struct dentry *dentry;
95 struct md_op_data *op_data = (struct md_op_data *)fs_data;
100 OBD_ALLOC(op_data->op_file_encctx, len);
101 if (op_data->op_file_encctx == NULL)
103 op_data->op_file_encctx_size = len;
104 memcpy(op_data->op_file_encctx, ctx, len);
108 /* Encrypting the root directory is not allowed */
109 if (inode->i_ino == inode->i_sb->s_root->d_inode->i_ino)
112 dentry = (struct dentry *)fs_data;
113 rc = ll_vfs_setxattr(dentry, inode, LL_XATTR_NAME_ENCRYPTION_CONTEXT,
114 ctx, len, XATTR_CREATE);
118 return ll_set_encflags(inode, (void *)ctx, len, false);
121 inline void llcrypt_free_ctx(void *encctx, __u32 size)
124 OBD_FREE(encctx, size);
127 inline bool ll_sbi_has_test_dummy_encryption(struct ll_sb_info *sbi)
129 return unlikely(sbi->ll_flags & LL_SBI_TEST_DUMMY_ENCRYPTION);
132 static bool ll_dummy_context(struct inode *inode)
134 struct ll_sb_info *sbi = ll_i2sbi(inode);
136 return sbi ? ll_sbi_has_test_dummy_encryption(sbi) : false;
139 inline bool ll_sbi_has_encrypt(struct ll_sb_info *sbi)
141 return sbi->ll_flags & LL_SBI_ENCRYPT;
144 inline void ll_sbi_set_encrypt(struct ll_sb_info *sbi, bool set)
147 sbi->ll_flags |= LL_SBI_ENCRYPT;
150 ~(LL_SBI_ENCRYPT | LL_SBI_TEST_DUMMY_ENCRYPTION);
153 static bool ll_empty_dir(struct inode *inode)
155 /* used by llcrypt_ioctl_set_policy(), because a policy can only be set
158 /* Here we choose to return true, meaning we always call .set_context.
159 * Then we rely on server side, with mdd_fix_attr() that calls
160 * mdd_dir_is_empty() when setting encryption flag on directory.
165 const struct llcrypt_operations lustre_cryptops = {
166 .key_prefix = "lustre:",
167 .get_context = ll_get_context,
168 .set_context = ll_set_context,
169 .dummy_context = ll_dummy_context,
170 .empty_dir = ll_empty_dir,
171 .max_namelen = NAME_MAX,
173 #else /* !HAVE_LUSTRE_CRYPTO */
174 int ll_set_encflags(struct inode *inode, void *encctx, __u32 encctxlen,
180 inline void llcrypt_free_ctx(void *encctx, __u32 size)
184 inline bool ll_sbi_has_test_dummy_encryption(struct ll_sb_info *sbi)
189 inline bool ll_sbi_has_encrypt(struct ll_sb_info *sbi)
194 inline void ll_sbi_set_encrypt(struct ll_sb_info *sbi, bool set)