From 267d3703cea9ebde6dff3f9461b1eadd970ee877 Mon Sep 17 00:00:00 2001 From: Sebastien Buisson Date: Mon, 27 Mar 2023 10:46:07 +0200 Subject: [PATCH] LU-16670 enc: make sure DoM files are correctly decrypted Make sure DoM files are decrypted upon read by loading their associated encryption context, via llcrypt_prepare_readdir()/ llcrypt_get_encryption_info(). Fix sanity-sec test_50 accordingly. Lustre-change: https://review.whamcloud.com/50429 Lustre-commit: 1c424252d37c64e3c223c19dced3cad2649c1f61 Signed-off-by: Sebastien Buisson Change-Id: Ie9ef3cbb08d2295a2fd10b9e9ab0862119c7723e Reviewed-by: Andreas Dilger Reviewed-by: Patrick Farrell Reviewed-by: Mikhail Pershin Reviewed-on: https://review.whamcloud.com/c/ex/lustre-release/+/50431 Tested-by: jenkins Tested-by: Maloo --- lustre/llite/file.c | 11 +++++++---- lustre/llite/namei.c | 4 +--- lustre/tests/sanity-sec.sh | 26 +++++++++++++------------- 3 files changed, 21 insertions(+), 20 deletions(-) diff --git a/lustre/llite/file.c b/lustre/llite/file.c index c7783f2..7a02152 100644 --- a/lustre/llite/file.c +++ b/lustre/llite/file.c @@ -465,15 +465,14 @@ static inline int ll_dom_readpage(void *data, struct page *page) if (lnb->lnb_len < PAGE_SIZE) memset(kaddr + lnb->lnb_len, 0, PAGE_SIZE - lnb->lnb_len); - flush_dcache_page(page); - SetPageUptodate(page); kunmap_atomic(kaddr); if (inode && IS_ENCRYPTED(inode) && S_ISREG(inode->i_mode)) { - if (!ll_has_encryption_key(inode)) + if (!ll_has_encryption_key(inode)) { CDEBUG(D_SEC, "no enc key for "DFID"\n", PFID(ll_inode2fid(inode))); - else { + rc = -ENOKEY; + } else { unsigned int offs = 0; while (offs < PAGE_SIZE) { @@ -493,6 +492,10 @@ static inline int ll_dom_readpage(void *data, struct page *page) } } } + if (!rc) { + flush_dcache_page(page); + SetPageUptodate(page); + } unlock_page(page); return rc; diff --git a/lustre/llite/namei.c b/lustre/llite/namei.c index 4e42f11..f69defc 100644 --- a/lustre/llite/namei.c +++ b/lustre/llite/namei.c @@ -743,8 +743,6 @@ static int ll_lookup_it_finish(struct ptlrpc_request *request, rc = llcrypt_get_encryption_info(inode); if (rc) GOTO(out, rc); - if (!ll_has_encryption_key(inode)) - GOTO(out, rc = -ENOKEY); } } else if (!it_disposition(it, DISP_OPEN_CREATE)) { /* @@ -1333,6 +1331,7 @@ static int ll_atomic_open(struct inode *dir, struct dentry *dentry, rc = llcrypt_get_encryption_info(dir); if (rc) GOTO(out_release, rc); + encrypt = true; if (open_flags & O_CREAT) { /* For migration or mirroring without enc key, we still * need to be able to create a volatile file. @@ -1343,7 +1342,6 @@ static int ll_atomic_open(struct inode *dir, struct dentry *dentry, (open_flags & O_FILE_ENC) != O_FILE_ENC || !(open_flags & O_DIRECT))) GOTO(out_release, rc = -ENOKEY); - encrypt = true; } } diff --git a/lustre/tests/sanity-sec.sh b/lustre/tests/sanity-sec.sh index b449e2b..d12b65c 100755 --- a/lustre/tests/sanity-sec.sh +++ b/lustre/tests/sanity-sec.sh @@ -3991,7 +3991,7 @@ test_50() { cmp -bl $tmpfile $testfile || error "file $testfile is corrupted in memory" - cancel_lru_locks osc ; cancel_lru_locks mdc + remove_enc_key ; insert_enc_key # check that file read from server is correct cmp -bl $tmpfile $testfile || @@ -4000,7 +4000,7 @@ test_50() { # decrease size: truncate to PAGE_SIZE $TRUNCATE $tmpfile $pagesz $TRUNCATE $testfile $pagesz - cancel_lru_locks osc ; cancel_lru_locks mdc + remove_enc_key ; insert_enc_key cmp -bl $tmpfile $testfile || error "file $testfile is corrupted (1)" @@ -4008,7 +4008,7 @@ test_50() { sz=$((pagesz*2)) $TRUNCATE $tmpfile $sz $TRUNCATE $testfile $sz - cancel_lru_locks osc ; cancel_lru_locks mdc + remove_enc_key ; insert_enc_key cmp -bl $tmpfile $testfile || error "file $testfile is corrupted (2)" @@ -4016,7 +4016,7 @@ test_50() { sz=$((pagesz/2)) $TRUNCATE $tmpfile $sz $TRUNCATE $testfile $sz - cancel_lru_locks osc ; cancel_lru_locks mdc + remove_enc_key ; insert_enc_key cmp -bl $tmpfile $testfile || error "file $testfile is corrupted (3)" @@ -4024,7 +4024,7 @@ test_50() { sz=$((sz-7)) $TRUNCATE $tmpfile $sz $TRUNCATE $testfile $sz - cancel_lru_locks osc ; cancel_lru_locks mdc + remove_enc_key ; insert_enc_key cmp -bl $tmpfile $testfile || error "file $testfile is corrupted (4)" @@ -4032,7 +4032,7 @@ test_50() { sz=$((sz+18)) $TRUNCATE $tmpfile $sz $TRUNCATE $testfile $sz - cancel_lru_locks osc ; cancel_lru_locks mdc + remove_enc_key ; insert_enc_key cmp -bl $tmpfile $testfile || error "file $testfile is corrupted (5)" @@ -4040,12 +4040,12 @@ test_50() { sz=$((sz+pagesz+30)) $TRUNCATE $tmpfile $sz $TRUNCATE $testfile $sz - cancel_lru_locks osc ; cancel_lru_locks mdc + remove_enc_key ; insert_enc_key cmp -bl $tmpfile $testfile || error "file $testfile is corrupted (6)" rm -f $testfile - cancel_lru_locks osc ; cancel_lru_locks mdc + remove_enc_key ; insert_enc_key # write hole in file, data spread on MDT and OST tr '\0' '2' < /dev/zero | @@ -4057,7 +4057,7 @@ test_50() { cmp -bl $tmpfile $testfile || error "file $testfile is corrupted in memory" - cancel_lru_locks osc ; cancel_lru_locks mdc + remove_enc_key ; insert_enc_key # check that file read from server is correct cmp -bl $tmpfile $testfile || @@ -4068,7 +4068,7 @@ test_50() { sz=$((1024*1024+13)) $TRUNCATE $tmpfile $sz $TRUNCATE $testfile $sz - cancel_lru_locks osc ; cancel_lru_locks mdc + remove_enc_key ; insert_enc_key cmp -bl $tmpfile $testfile || error "file $testfile is corrupted (7)" @@ -4077,7 +4077,7 @@ test_50() { sz=7 $TRUNCATE $tmpfile $sz $TRUNCATE $testfile $sz - cancel_lru_locks osc ; cancel_lru_locks mdc + remove_enc_key ; insert_enc_key cmp -bl $tmpfile $testfile || error "file $testfile is corrupted (8)" @@ -4086,7 +4086,7 @@ test_50() { sz=$((1024*1024-13)) $TRUNCATE $tmpfile $sz $TRUNCATE $testfile $sz - cancel_lru_locks osc ; cancel_lru_locks mdc + remove_enc_key ; insert_enc_key cmp -bl $tmpfile $testfile || error "file $testfile is corrupted (9)" @@ -4095,7 +4095,7 @@ test_50() { sz=$((1024*1024+7)) $TRUNCATE $tmpfile $sz $TRUNCATE $testfile $sz - cancel_lru_locks osc ; cancel_lru_locks mdc + remove_enc_key ; insert_enc_key cmp -bl $tmpfile $testfile || error "file $testfile is corrupted (10)" -- 1.8.3.1