Rename O_FILE_ENC to O_CIPHERTEXT as per discussion in linux-fscrypt
mailing-list.
Also change the flag combination to be:
O_NOCTTY | O_NDELAY | O_DSYNC
to avoid the risk of accidental issues with tar that already opens
files with the 'O_NOCTTY | O_NDELAY' combination.
O_DSYNC does not make much sense for O_RDONLY files, but will force
writes on encrypted restore to be synchronous. With O_DIRECT and large
enough writes (32MB?) that might be OK, but not ideal for small files.
Lustre-Commit:
ac522557b1fe3ea2b7275fa6d5df73691b8d06db
Lustre-Change: https://review.whamcloud.com/51640
Fixes:
4869c7a530 ("LU-14677 sec: no encryption key migrate/extend/resync/split")
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I36fed17a413ee690bc445c3e76674ed5fc337de5
Reviewed-by: James Simmons <jsimmons@infradead.org>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-on: https://review.whamcloud.com/c/ex/lustre-release/+/53049
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
#define O_LOV_DELAY_CREATE_MASK (O_NOCTTY | FASYNC)
#define O_LOV_DELAY_CREATE (O_LOV_DELAY_CREATE_1_8 | \
O_LOV_DELAY_CREATE_MASK)
-/* O_FILE_ENC principle is similar to O_LOV_DELAY_CREATE above,
+/* O_CIPHERTEXT principle is similar to O_LOV_DELAY_CREATE above,
* for access to encrypted files without the encryption key.
*/
-#define O_FILE_ENC (O_NOCTTY | O_NDELAY)
+#define O_CIPHERTEXT (O_NOCTTY | O_NDELAY | O_DSYNC)
#define LL_FILE_IGNORE_LOCK 0x00000001
#define LL_FILE_GROUP_LOCKED 0x00000002
*
* This overlay function is necessary to handle encrypted file open without
* the key. We allow this access pattern to applications that know what they
- * are doing, by using the specific flag O_FILE_ENC.
+ * are doing, by using the specific flag O_CIPHERTEXT.
* This flag is only compatible with O_DIRECT IOs, to make sure ciphertext
* data is wiped from page cache once IOs are finished.
*/
return rc;
if (rc == -ENOKEY &&
- (filp->f_flags & O_FILE_ENC) == O_FILE_ENC &&
+ (filp->f_flags & O_CIPHERTEXT) == O_CIPHERTEXT &&
filp->f_flags & O_DIRECT)
- /* allow file open with O_FILE_ENC flag when we have O_DIRECT */
+ /* allow open with O_CIPHERTEXT flag when we have O_DIRECT */
rc = 0;
return rc;
if (!ll_has_encryption_key(dir) &&
(!filename_is_volatile(dentry->d_name.name,
dentry->d_name.len, NULL) ||
- (open_flags & O_FILE_ENC) != O_FILE_ENC ||
+ (open_flags & O_CIPHERTEXT) != O_CIPHERTEXT ||
!(open_flags & O_DIRECT)))
GOTO(out_release, rc = -ENOKEY);
}
if (!llcrypt_has_encryption_key(dir) &&
filename_is_volatile(dentry->d_name.name,
dentry->d_name.len, NULL) &&
- (open_flags & O_FILE_ENC) == O_FILE_ENC &&
+ (open_flags & O_CIPHERTEXT) == O_CIPHERTEXT &&
open_flags & O_DIRECT)
preload = false;
rc = ll_set_encflags(inode, encctx, encctxlen, preload);
* layout swap on fd
*/
/* Allow migrating even without the key on encrypted files */
- rflags = O_RDWR | O_FILE_ENC | O_NOATIME;
+ rflags = O_RDWR | O_CIPHERTEXT | O_NOATIME;
if (!(migration_flags & LLAPI_MIGRATION_NONDIRECT))
rflags |= O_DIRECT;
source_open:
do {
int open_flags = O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW |
/* Allow migrating without the key on encrypted files */
- O_FILE_ENC;
+ O_CIPHERTEXT;
mode_t open_mode = S_IRUSR | S_IWUSR;
if (rflags & O_DIRECT)
* and in this case of a 'split -d', open file with O_DIRECT
* (no IOs will be done).
*/
- fd = open(fname, O_RDWR | O_DIRECT | O_FILE_ENC);
+ fd = open(fname, O_RDWR | O_DIRECT | O_CIPHERTEXT);
else
fd = open(fname, O_RDWR);
/* O_DIRECT for mirror split -d */
O_DIRECT |
/* Allow split without the key */
- O_FILE_ENC;
+ O_CIPHERTEXT;
fdv = open(file_path, open_flags,
S_IRUSR | S_IWUSR);
if (fdv < 0)
}
/* Allow mirror resync even without the key on encrypted files */
- fd = open(fname, O_DIRECT | O_RDWR | O_FILE_ENC);
+ fd = open(fname, O_DIRECT | O_RDWR | O_CIPHERTEXT);
if (fd < 0) {
fprintf(stderr, "%s: cannot open '%s': %s.\n",
progname, fname, strerror(errno));
}
/* Allow mirror verify even without the key on encrypted files */
- fd = open(fname, O_DIRECT | O_RDONLY | O_FILE_ENC);
+ fd = open(fname, O_DIRECT | O_RDONLY | O_CIPHERTEXT);
if (fd < 0) {
fprintf(stderr, "%s: cannot open '%s': %s.\n",
progname, fname, strerror(errno));
/* Always get layout in O_DIRECT */
/* Allow fetching layout even without the key on encrypted files */
- open_flags = O_RDONLY | O_DIRECT | O_FILE_ENC;
+ open_flags = O_RDONLY | O_DIRECT | O_CIPHERTEXT;
do_open:
fd = open(path, open_flags);
if (fd < 0) {
if (errno != EINVAL || failed)
return layout;
/* EINVAL is because a directory cannot be opened in O_DIRECT */
- open_flags = O_RDONLY | O_FILE_ENC;
+ open_flags = O_RDONLY | O_CIPHERTEXT;
failed = true;
goto do_open;
}
int rc;
int fd;
- /* Specify O_FILE_ENC | O_DIRECT flags to allow pcc detach
+ /* Specify O_CIPHERTEXT | O_DIRECT flags to allow pcc detach
* on encrypted file without the key.
*/
- fd = open(path, O_RDONLY | O_NONBLOCK | O_FILE_ENC | O_DIRECT);
+ fd = open(path, O_RDONLY | O_NONBLOCK | O_CIPHERTEXT | O_DIRECT);
if (fd < 0) {
rc = -errno;
llapi_error(LLAPI_MSG_ERROR, rc, "cannot open '%s'",
git://git.whamcloud.com / fs / lustre-release.git / commitdiff