From: Sebastien Buisson Date: Tue, 3 May 2022 15:30:18 +0000 (+0200) Subject: LU-15810 sec: fix enc dir migration X-Git-Url: https://git.whamcloud.com/?a=commitdiff_plain;h=55d2ef39621a035d5d7923cb9492483173d7f6f9;p=fs%2Flustre-release.git LU-15810 sec: fix enc dir migration Now that the encryption context is stored in an xattr named "encryption.c" instead of "security.c", we need to fetch this xattr explicitly in case of encrypted directory migration. Indeed, there is no xattr handler in ldiskfs for this "encryption." xattr type, so it is not returned when listing all xattrs to migrate. Lustre-change: https://review.whamcloud.com/47201 Lustre-commit: TBD (540f9208a9f6edcf6fdd1711e86fc182dfb92298) Fixes: 4231fab66e ("LU-13717 sec: make client encryption compatible with ext4") Signed-off-by: Sebastien Buisson Change-Id: I628f9b253e86343db0b71f6a5b1ad2c5728ca38d Reviewed-on: https://review.whamcloud.com/47207 Tested-by: jenkins Tested-by: Maloo Reviewed-by: Andreas Dilger --- diff --git a/lustre/mdd/mdd_dir.c b/lustre/mdd/mdd_dir.c index f6f83e9..fcb1394 100644 --- a/lustre/mdd/mdd_dir.c +++ b/lustre/mdd/mdd_dir.c @@ -3424,7 +3424,10 @@ static int mdd_xattrs_migrate_prep(const struct lu_env *env, bool skip_linkea, bool skip_dmv) { + struct lu_attr *attr = MDD_ENV_VAR(env, cattr); struct mdd_xattr_entry *entry; + bool needencxattr = false; + bool encxattrfound = false; char *xname; int list_xsize; int xlen; @@ -3441,6 +3444,13 @@ static int mdd_xattrs_migrate_prep(const struct lu_env *env, if (list_xsize < 0) RETURN(list_xsize); + if (attr->la_valid & LA_FLAGS && + attr->la_flags & LUSTRE_ENCRYPT_FL) { + needencxattr = true; + list_xsize += + strlen(LL_XATTR_NAME_ENCRYPTION_CONTEXT) + 1; + } + lu_buf_alloc(&xattrs->mx_namebuf, list_xsize); if (xattrs->mx_namebuf.lb_buf == NULL) RETURN(-ENOMEM); @@ -3452,7 +3462,11 @@ static int mdd_xattrs_migrate_prep(const struct lu_env *env, rem = rc; rc = 0; xname = xattrs->mx_namebuf.lb_buf; +reloop: for (; rem > 0; xname += xlen, rem -= xlen) { + if (needencxattr && + strcmp(xname, LL_XATTR_NAME_ENCRYPTION_CONTEXT) == 0) + encxattrfound = true; xlen = strnlen(xname, rem - 1) + 1; if (strcmp(XATTR_NAME_LMA, xname) == 0 || strcmp(XATTR_NAME_LMV, xname) == 0) @@ -3495,6 +3509,13 @@ static int mdd_xattrs_migrate_prep(const struct lu_env *env, list_add_tail(&entry->mxe_linkage, &xattrs->mx_list); } + if (needencxattr && !encxattrfound) { + xlen = strlen(LL_XATTR_NAME_ENCRYPTION_CONTEXT) + 1; + strncpy(xname, LL_XATTR_NAME_ENCRYPTION_CONTEXT, xlen); + rem = xlen; + GOTO(reloop, 0); + } + RETURN(0); fini: mdd_xattrs_fini(xattrs); diff --git a/lustre/tests/sanity-sec.sh b/lustre/tests/sanity-sec.sh index cd001ab..4628fa8 100755 --- a/lustre/tests/sanity-sec.sh +++ b/lustre/tests/sanity-sec.sh @@ -3831,6 +3831,9 @@ test_49() { sync ; sync ; echo 3 > /proc/sys/vm/drop_caches # migrate a non-empty encrypted dir trace_cmd $LFS migrate -m 1 $dirname/d2 + sync ; sync ; echo 3 > /proc/sys/vm/drop_caches + [ -f $dirname/d2/subf ] || error "migrate failed (1)" + [ $(cat $dirname/d2/subf) == "b" ] || error "migrate failed (2)" $LFS setdirstripe -i 1 -c 1 $dirname/d3 dirname=$dirname/d3/subdir @@ -4836,6 +4839,13 @@ test_59c() { stripe=$($LFS getdirstripe -i $scrambleddir) [ $stripe -eq 1 ] || error "migrate $scrambleddir between MDTs failed (2)" + + # now, with the key + insert_enc_key + [ -f $dirname/subf ] || + error "migrate $scrambleddir between MDTs failed (3)" + [ $(cat $dirname/subf) == "b" ] || + error "migrate $scrambleddir between MDTs failed (4)" } run_test 59c "MDT migrate of encrypted files without key"