From 8ae34bec92bf961004c780334ebe5198edf70dff Mon Sep 17 00:00:00 2001 From: Sebastien Buisson Date: Wed, 18 Oct 2023 17:34:02 +0200 Subject: [PATCH] EX-7331 sec: disable compression for encrypted files In case a read-modify-write io pattern is carried out on a compressed file, it has to be handled on server side. But because encryption cannot be done on server side for security reasons, we are not able to handle that kind of io pattern if the file is encrypted + compressed. So just disable compression for all encrypted files. Fixes: eb70ba19e9 ("EX-7331 sec: add support for encryption plus compression") Signed-off-by: Sebastien Buisson Change-Id: I84881fb1235f015d022751d4cce2d43a7231c2b4 Reviewed-on: https://review.whamcloud.com/c/ex/lustre-release/+/52746 Reviewed-by: Artem Blagodarenko Reviewed-by: Andreas Dilger Tested-by: jenkins Tested-by: Maloo --- lustre/osc/osc_request.c | 24 +++++++++++++++++++----- lustre/tests/sanity-sec.sh | 4 +--- lustre/utils/liblustreapi_layout.c | 2 +- 3 files changed, 21 insertions(+), 9 deletions(-) diff --git a/lustre/osc/osc_request.c b/lustre/osc/osc_request.c index 75a3a36..2cca646 100644 --- a/lustre/osc/osc_request.c +++ b/lustre/osc/osc_request.c @@ -1577,12 +1577,26 @@ osc_brw_prep_request(int cmd, struct client_obd *cli, struct obdo *oa, if (req == NULL) RETURN(-ENOMEM); - if (opc == OST_WRITE && inode && IS_ENCRYPTED(inode) && - llcrypt_has_encryption_key(inode)) { - struct osc_async_page *oap = brw_page2oap(pga[page_count - 1]); + if (opc == OST_WRITE && inode && IS_ENCRYPTED(inode)) { + if (compressed) { + static time64_t next_print; + + if (unlikely(next_print < ktime_get_seconds())) { + next_print = ktime_get_seconds() + 24 * 3600; + CWARN("%s: encrypted file "DFID" will not be compressed\n", + obd_name, oa->o_parent_seq, + oa->o_parent_oid, + oa->o_parent_ver); + } + compressed = 0; + } + if (llcrypt_has_encryption_key(inode)) { + struct osc_async_page *oap; - oa->o_size = oap->oap_count + oap->oap_obj_off + - oap->oap_page_off; + oap = brw_page2oap(pga[page_count - 1]); + oa->o_size = oap->oap_count + oap->oap_obj_off + + oap->oap_page_off; + } } if (compressed && !page_access_allowed) diff --git a/lustre/tests/sanity-sec.sh b/lustre/tests/sanity-sec.sh index c26e8f9..96f06e2 100755 --- a/lustre/tests/sanity-sec.sh +++ b/lustre/tests/sanity-sec.sh @@ -15,9 +15,7 @@ init_test_env $@ init_logging ALWAYS_EXCEPT="$SANITY_SEC_EXCEPT " -# bug number for skipped test: -ALWAYS_EXCEPT+=" " -# UPDATE THE COMMENT ABOVE WITH BUG NUMBERS WHEN CHANGING ALWAYS_EXCEPT! +always_except EX-7601 66 [ "$SLOW" = "no" ] && EXCEPT_SLOW="26" diff --git a/lustre/utils/liblustreapi_layout.c b/lustre/utils/liblustreapi_layout.c index 5580850..77f066d 100644 --- a/lustre/utils/liblustreapi_layout.c +++ b/lustre/utils/liblustreapi_layout.c @@ -1593,7 +1593,7 @@ int llapi_layout_compress_set(struct llapi_layout *layout, if (getenv("LFS_SETSTRIPE_COMPR_OK") == NULL) { fprintf(stderr, - "WARNING: File compression is a technology preview feature and is not yet intended for production use.\n"); + "WARNING: File compression is a technology preview feature and is not yet intended for production use. Compression is skipped for encrypted files.\n"); } for (i = 0; i < ARRAY_SIZE(compr_type_table); i++) { -- 1.8.3.1