From 716675fff642655c4d4715654b0b4880b96139b6 Mon Sep 17 00:00:00 2001
From: Alex Deiter <alex.deiter@gmail.com>
Date: Mon, 6 Mar 2023 13:59:46 +0000
Subject: [PATCH] LU-16621 enc: file names encryption when using secure boot

Secure boot activates lockdown mode in the Linux kernel.
And debugfs is restricted when the kernel is locked down.
This patch moves file names encryption from debugfs to sysfs.

Test-Parameters: trivial testlist=sanity-sec
Signed-off-by: Alex Deiter <alex.deiter@gmail.com>
Change-Id: I434714941ffac2a4694cabd33f613aef70933678
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/50219
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Sebastien Buisson <sbuisson@ddn.com>
Reviewed-by: jsimmons <jsimmons@infradead.org>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
---
 lustre/llite/llite_internal.h |  1 +
 lustre/llite/llite_lib.c      |  7 ++--
 lustre/llite/lproc_llite.c    | 77 ++++++++++++++++++++++---------------------
 3 files changed, 45 insertions(+), 40 deletions(-)

diff --git a/lustre/llite/llite_internal.h b/lustre/llite/llite_internal.h
index 5ce54fc..89edc09 100644
--- a/lustre/llite/llite_internal.h
+++ b/lustre/llite/llite_internal.h
@@ -747,6 +747,7 @@ struct ll_sb_info {
 	spinlock_t		 ll_lock;
 	spinlock_t		 ll_pp_extent_lock; /* pp_extent entry*/
 	spinlock_t		 ll_process_lock; /* ll_rw_process_info */
+	struct lustre_sb_info    *lsi;
 	struct obd_uuid		 ll_sb_uuid;
 	struct obd_export	*ll_md_exp;
 	struct obd_export	*ll_dt_exp;
diff --git a/lustre/llite/llite_lib.c b/lustre/llite/llite_lib.c
index e59c84a..054661e 100644
--- a/lustre/llite/llite_lib.c
+++ b/lustre/llite/llite_lib.c
@@ -86,7 +86,7 @@ static inline unsigned int ll_get_ra_async_max_active(void)
 	return cfs_cpt_weight(cfs_cpt_tab, CFS_CPT_ANY) >> 1;
 }
 
-static struct ll_sb_info *ll_init_sbi(void)
+static struct ll_sb_info *ll_init_sbi(struct lustre_sb_info *lsi)
 {
 	struct ll_sb_info *sbi = NULL;
 	unsigned long pages;
@@ -108,7 +108,8 @@ static struct ll_sb_info *ll_init_sbi(void)
 	mutex_init(&sbi->ll_lco.lco_lock);
 	spin_lock_init(&sbi->ll_pp_extent_lock);
 	spin_lock_init(&sbi->ll_process_lock);
-        sbi->ll_rw_stats_on = 0;
+	sbi->lsi = lsi;
+	sbi->ll_rw_stats_on = 0;
 	sbi->ll_statfs_max_age = OBD_STATFS_CACHE_SECONDS;
 
         si_meminfo(&si);
@@ -1332,7 +1333,7 @@ int ll_fill_super(struct super_block *sb)
 		GOTO(out_free_cfg, err = -ENOMEM);
 
 	/* client additional sb info */
-	lsi->lsi_llsbi = sbi = ll_init_sbi();
+	lsi->lsi_llsbi = sbi = ll_init_sbi(lsi);
 	if (IS_ERR(sbi))
 		GOTO(out_free_cfg, err = PTR_ERR(sbi));
 
diff --git a/lustre/llite/lproc_llite.c b/lustre/llite/lproc_llite.c
index d5e7625..4887946 100644
--- a/lustre/llite/lproc_llite.c
+++ b/lustre/llite/lproc_llite.c
@@ -1643,27 +1643,30 @@ static ssize_t ll_nosquash_nids_seq_write(struct file *file,
 LDEBUGFS_SEQ_FOPS(ll_nosquash_nids);
 
 #if defined(CONFIG_LL_ENCRYPTION)
-static int ll_filename_enc_seq_show(struct seq_file *m, void *v)
+static ssize_t enable_filename_encryption_show(struct kobject *kobj,
+					       struct attribute *attr,
+					       char *buffer)
 {
-	struct super_block *sb = m->private;
-	struct lustre_sb_info *lsi = s2lsi(sb);
+	struct ll_sb_info *sbi = container_of(kobj, struct ll_sb_info,
+					      ll_kset.kobj);
+	struct lustre_sb_info *lsi = sbi->lsi;
 
-	seq_printf(m, "%u\n", lsi->lsi_flags & LSI_FILENAME_ENC ? 1 : 0);
-	return 0;
+	return snprintf(buffer, PAGE_SIZE,  "%u\n",
+			lsi->lsi_flags & LSI_FILENAME_ENC ? 1 : 0);
 }
 
-static ssize_t ll_filename_enc_seq_write(struct file *file,
-					 const char __user *buffer,
-					 size_t count, loff_t *off)
+static ssize_t enable_filename_encryption_store(struct kobject *kobj,
+						struct attribute *attr,
+						const char *buffer,
+						size_t count)
 {
-	struct seq_file *m = file->private_data;
-	struct super_block *sb = m->private;
-	struct lustre_sb_info *lsi = s2lsi(sb);
-	struct ll_sb_info *sbi = ll_s2sbi(sb);
+	struct ll_sb_info *sbi = container_of(kobj, struct ll_sb_info,
+					      ll_kset.kobj);
+	struct lustre_sb_info *lsi = sbi->lsi;
 	bool val;
 	int rc;
 
-	rc = kstrtobool_from_user(buffer, count, &val);
+	rc = kstrtobool(buffer, &val);
 	if (rc)
 		return rc;
 
@@ -1686,32 +1689,34 @@ static ssize_t ll_filename_enc_seq_write(struct file *file,
 	return count;
 }
 
-LDEBUGFS_SEQ_FOPS(ll_filename_enc);
+LUSTRE_RW_ATTR(enable_filename_encryption);
 #endif /* CONFIG_LL_ENCRYPTION */
 
 #if defined(CONFIG_LL_ENCRYPTION) || defined(HAVE_LUSTRE_CRYPTO)
-static int ll_old_b64_enc_seq_show(struct seq_file *m, void *v)
+static ssize_t filename_enc_use_old_base64_show(struct kobject *kobj,
+						struct attribute *attr,
+						char *buffer)
 {
-	struct super_block *sb = m->private;
-	struct lustre_sb_info *lsi = s2lsi(sb);
+	struct ll_sb_info *sbi = container_of(kobj, struct ll_sb_info,
+					      ll_kset.kobj);
+	struct lustre_sb_info *lsi = sbi->lsi;
 
-	seq_printf(m, "%u\n",
-		   lsi->lsi_flags & LSI_FILENAME_ENC_B64_OLD_CLI ? 1 : 0);
-	return 0;
+	return snprintf(buffer, PAGE_SIZE, "%u\n",
+			lsi->lsi_flags & LSI_FILENAME_ENC_B64_OLD_CLI ? 1 : 0);
 }
 
-static ssize_t ll_old_b64_enc_seq_write(struct file *file,
-					 const char __user *buffer,
-					 size_t count, loff_t *off)
+static ssize_t filename_enc_use_old_base64_store(struct kobject *kobj,
+						 struct attribute *attr,
+						 const char *buffer,
+						 size_t count)
 {
-	struct seq_file *m = file->private_data;
-	struct super_block *sb = m->private;
-	struct lustre_sb_info *lsi = s2lsi(sb);
-	struct ll_sb_info *sbi = ll_s2sbi(sb);
+	struct ll_sb_info *sbi = container_of(kobj, struct ll_sb_info,
+					      ll_kset.kobj);
+	struct lustre_sb_info *lsi = sbi->lsi;
 	bool val;
 	int rc;
 
-	rc = kstrtobool_from_user(buffer, count, &val);
+	rc = kstrtobool(buffer, &val);
 	if (rc)
 		return rc;
 
@@ -1735,7 +1740,7 @@ static ssize_t ll_old_b64_enc_seq_write(struct file *file,
 	return count;
 }
 
-LDEBUGFS_SEQ_FOPS(ll_old_b64_enc);
+LUSTRE_RW_ATTR(filename_enc_use_old_base64);
 #endif /* CONFIG_LL_ENCRYPTION || HAVE_LUSTRE_CRYPTO */
 
 static int ll_pcc_seq_show(struct seq_file *m, void *v)
@@ -1792,14 +1797,6 @@ struct ldebugfs_vars lprocfs_llite_obd_vars[] = {
 	  .fops	=	&ll_nosquash_nids_fops			},
 	{ .name =	"pcc",
 	  .fops =	&ll_pcc_fops,				},
-#ifdef CONFIG_LL_ENCRYPTION
-	{ .name =	"enable_filename_encryption",
-	  .fops =	&ll_filename_enc_fops,			},
-#endif
-#if defined(CONFIG_LL_ENCRYPTION) || defined(HAVE_LUSTRE_CRYPTO)
-	{ .name =	"filename_enc_use_old_base64",
-	  .fops =	&ll_old_b64_enc_fops,			},
-#endif
 	{ NULL }
 };
 
@@ -1849,6 +1846,12 @@ static struct attribute *llite_attrs[] = {
 	&lustre_attr_opencache_threshold_ms.attr,
 	&lustre_attr_opencache_max_ms.attr,
 	&lustre_attr_inode_cache.attr,
+#ifdef CONFIG_LL_ENCRYPTION
+	&lustre_attr_enable_filename_encryption.attr,
+#endif
+#if defined(CONFIG_LL_ENCRYPTION) || defined(HAVE_LUSTRE_CRYPTO)
+	&lustre_attr_filename_enc_use_old_base64.attr,
+#endif
 	NULL,
 };
 
-- 
1.8.3.1