From 29a5c53dc40366cb27a74151b60526306d9438be Mon Sep 17 00:00:00 2001 From: Sebastien Buisson Date: Sun, 24 Sep 2023 12:07:44 -0400 Subject: [PATCH] LU-16374 enc: rename O_FILE_ENC to O_CIPHERTEXT Rename O_FILE_ENC to O_CIPHERTEXT as per discussion in linux-fscrypt mailing-list. Also change the flag combination to be: O_NOCTTY | O_NDELAY | O_DSYNC to avoid the risk of accidental issues with tar that already opens files with the 'O_NOCTTY | O_NDELAY' combination. O_DSYNC does not make much sense for O_RDONLY files, but will force writes on encrypted restore to be synchronous. With O_DIRECT and large enough writes (32MB?) that might be OK, but not ideal for small files. Lustre-Commit: ac522557b1fe3ea2b7275fa6d5df73691b8d06db Lustre-Change: https://review.whamcloud.com/51640 Fixes: 4869c7a530 ("LU-14677 sec: no encryption key migrate/extend/resync/split") Signed-off-by: Sebastien Buisson Change-Id: I36fed17a413ee690bc445c3e76674ed5fc337de5 Reviewed-by: James Simmons Reviewed-by: Oleg Drokin Reviewed-by: Andreas Dilger Reviewed-on: https://review.whamcloud.com/c/ex/lustre-release/+/53049 Tested-by: jenkins Tested-by: Maloo --- lustre/include/uapi/linux/lustre/lustre_user.h | 4 ++-- lustre/llite/crypto.c | 6 +++--- lustre/llite/namei.c | 4 ++-- lustre/utils/lfs.c | 12 ++++++------ lustre/utils/liblustreapi_layout.c | 4 ++-- lustre/utils/liblustreapi_pcc.c | 4 ++-- 6 files changed, 17 insertions(+), 17 deletions(-) diff --git a/lustre/include/uapi/linux/lustre/lustre_user.h b/lustre/include/uapi/linux/lustre/lustre_user.h index 3122a60..3506508 100644 --- a/lustre/include/uapi/linux/lustre/lustre_user.h +++ b/lustre/include/uapi/linux/lustre/lustre_user.h @@ -693,10 +693,10 @@ struct fsxattr { #define O_LOV_DELAY_CREATE_MASK (O_NOCTTY | FASYNC) #define O_LOV_DELAY_CREATE (O_LOV_DELAY_CREATE_1_8 | \ O_LOV_DELAY_CREATE_MASK) -/* O_FILE_ENC principle is similar to O_LOV_DELAY_CREATE above, +/* O_CIPHERTEXT principle is similar to O_LOV_DELAY_CREATE above, * for access to encrypted files without the encryption key. */ -#define O_FILE_ENC (O_NOCTTY | O_NDELAY) +#define O_CIPHERTEXT (O_NOCTTY | O_NDELAY | O_DSYNC) #define LL_FILE_IGNORE_LOCK 0x00000001 #define LL_FILE_GROUP_LOCKED 0x00000002 diff --git a/lustre/llite/crypto.c b/lustre/llite/crypto.c index ad719b6..81d7d7d 100644 --- a/lustre/llite/crypto.c +++ b/lustre/llite/crypto.c @@ -126,7 +126,7 @@ static int ll_set_context(struct inode *inode, const void *ctx, size_t len, * * This overlay function is necessary to handle encrypted file open without * the key. We allow this access pattern to applications that know what they - * are doing, by using the specific flag O_FILE_ENC. + * are doing, by using the specific flag O_CIPHERTEXT. * This flag is only compatible with O_DIRECT IOs, to make sure ciphertext * data is wiped from page cache once IOs are finished. */ @@ -139,9 +139,9 @@ int ll_file_open_encrypt(struct inode *inode, struct file *filp) return rc; if (rc == -ENOKEY && - (filp->f_flags & O_FILE_ENC) == O_FILE_ENC && + (filp->f_flags & O_CIPHERTEXT) == O_CIPHERTEXT && filp->f_flags & O_DIRECT) - /* allow file open with O_FILE_ENC flag when we have O_DIRECT */ + /* allow open with O_CIPHERTEXT flag when we have O_DIRECT */ rc = 0; return rc; diff --git a/lustre/llite/namei.c b/lustre/llite/namei.c index c64351f..4d7b069 100644 --- a/lustre/llite/namei.c +++ b/lustre/llite/namei.c @@ -1357,7 +1357,7 @@ static int ll_atomic_open(struct inode *dir, struct dentry *dentry, if (!ll_has_encryption_key(dir) && (!filename_is_volatile(dentry->d_name.name, dentry->d_name.len, NULL) || - (open_flags & O_FILE_ENC) != O_FILE_ENC || + (open_flags & O_CIPHERTEXT) != O_CIPHERTEXT || !(open_flags & O_DIRECT))) GOTO(out_release, rc = -ENOKEY); } @@ -1568,7 +1568,7 @@ static int ll_create_it(struct inode *dir, struct dentry *dentry, if (!llcrypt_has_encryption_key(dir) && filename_is_volatile(dentry->d_name.name, dentry->d_name.len, NULL) && - (open_flags & O_FILE_ENC) == O_FILE_ENC && + (open_flags & O_CIPHERTEXT) == O_CIPHERTEXT && open_flags & O_DIRECT) preload = false; rc = ll_set_encflags(inode, encctx, encctxlen, preload); diff --git a/lustre/utils/lfs.c b/lustre/utils/lfs.c index c4c9561..cce5371 100644 --- a/lustre/utils/lfs.c +++ b/lustre/utils/lfs.c @@ -858,7 +858,7 @@ migrate_open_files(const char *name, __u64 migration_flags, * layout swap on fd */ /* Allow migrating even without the key on encrypted files */ - rflags = O_RDWR | O_FILE_ENC | O_NOATIME; + rflags = O_RDWR | O_CIPHERTEXT | O_NOATIME; if (!(migration_flags & LLAPI_MIGRATION_NONDIRECT)) rflags |= O_DIRECT; source_open: @@ -886,7 +886,7 @@ source_open: do { int open_flags = O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW | /* Allow migrating without the key on encrypted files */ - O_FILE_ENC; + O_CIPHERTEXT; mode_t open_mode = S_IRUSR | S_IWUSR; if (rflags & O_DIRECT) @@ -2521,7 +2521,7 @@ static int mirror_split(const char *fname, __u32 id, const char *pool, * and in this case of a 'split -d', open file with O_DIRECT * (no IOs will be done). */ - fd = open(fname, O_RDWR | O_DIRECT | O_FILE_ENC); + fd = open(fname, O_RDWR | O_DIRECT | O_CIPHERTEXT); else fd = open(fname, O_RDWR); @@ -2600,7 +2600,7 @@ static int mirror_split(const char *fname, __u32 id, const char *pool, /* O_DIRECT for mirror split -d */ O_DIRECT | /* Allow split without the key */ - O_FILE_ENC; + O_CIPHERTEXT; fdv = open(file_path, open_flags, S_IRUSR | S_IWUSR); if (fdv < 0) @@ -11168,7 +11168,7 @@ int lfs_mirror_resync_file(const char *fname, struct ll_ioc_lease *ioc, } /* Allow mirror resync even without the key on encrypted files */ - fd = open(fname, O_DIRECT | O_RDWR | O_FILE_ENC); + fd = open(fname, O_DIRECT | O_RDWR | O_CIPHERTEXT); if (fd < 0) { fprintf(stderr, "%s: cannot open '%s': %s.\n", progname, fname, strerror(errno)); @@ -12488,7 +12488,7 @@ int lfs_mirror_verify_file(const char *fname, __u16 *mirror_ids, int ids_nr, } /* Allow mirror verify even without the key on encrypted files */ - fd = open(fname, O_DIRECT | O_RDONLY | O_FILE_ENC); + fd = open(fname, O_DIRECT | O_RDONLY | O_CIPHERTEXT); if (fd < 0) { fprintf(stderr, "%s: cannot open '%s': %s.\n", progname, fname, strerror(errno)); diff --git a/lustre/utils/liblustreapi_layout.c b/lustre/utils/liblustreapi_layout.c index ba26268..dc27a41 100644 --- a/lustre/utils/liblustreapi_layout.c +++ b/lustre/utils/liblustreapi_layout.c @@ -1220,14 +1220,14 @@ struct llapi_layout *llapi_layout_get_by_path(const char *path, uint32_t flags) /* Always get layout in O_DIRECT */ /* Allow fetching layout even without the key on encrypted files */ - open_flags = O_RDONLY | O_DIRECT | O_FILE_ENC; + open_flags = O_RDONLY | O_DIRECT | O_CIPHERTEXT; do_open: fd = open(path, open_flags); if (fd < 0) { if (errno != EINVAL || failed) return layout; /* EINVAL is because a directory cannot be opened in O_DIRECT */ - open_flags = O_RDONLY | O_FILE_ENC; + open_flags = O_RDONLY | O_CIPHERTEXT; failed = true; goto do_open; } diff --git a/lustre/utils/liblustreapi_pcc.c b/lustre/utils/liblustreapi_pcc.c index 78230a7..4d5d66e 100644 --- a/lustre/utils/liblustreapi_pcc.c +++ b/lustre/utils/liblustreapi_pcc.c @@ -366,10 +366,10 @@ int llapi_pcc_detach_file(const char *path, __u32 flags) int rc; int fd; - /* Specify O_FILE_ENC | O_DIRECT flags to allow pcc detach + /* Specify O_CIPHERTEXT | O_DIRECT flags to allow pcc detach * on encrypted file without the key. */ - fd = open(path, O_RDONLY | O_NONBLOCK | O_FILE_ENC | O_DIRECT); + fd = open(path, O_RDONLY | O_NONBLOCK | O_CIPHERTEXT | O_DIRECT); if (fd < 0) { rc = -errno; llapi_error(LLAPI_MSG_ERROR, rc, "cannot open '%s'", -- 1.8.3.1