From f8c79eea11ac960191df846cb9c95ed6eb6385fb Mon Sep 17 00:00:00 2001 From: Qian Yingjin Date: Fri, 30 Jul 2021 16:47:55 +0800 Subject: [PATCH] LU-15217 pcc: disable PCC for encrypted files When files are encrypted in Lustre using fscrypt, they should normally not be accessible to users without the proper encyrption key. However, if a user has then encryption key loaded when they read a file, it may be decrypted in memory and saved to the PCC backend in unencrypted form. Due to the above reason, we just disable PCC caching for encrypted files. DDN-bug-id: EX-3571 Signed-off-by: Qian Yingjin Change-Id: I6c363dcad7a6bc8520350c0295f6e221bec3abb0 Reviewed-on: https://review.whamcloud.com/45545 Reviewed-by: Andreas Dilger Tested-by: jenkins Tested-by: Maloo Reviewed-by: Oleg Drokin --- lustre/llite/file.c | 3 +++ lustre/llite/pcc.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/lustre/llite/file.c b/lustre/llite/file.c index 8903c2d..c87deda 100644 --- a/lustre/llite/file.c +++ b/lustre/llite/file.c @@ -3680,6 +3680,9 @@ static long ll_file_unlock_lease(struct file *file, struct ll_ioc_lease *ioc, if (ioc->lil_count != 1) RETURN(-EINVAL); + if (IS_ENCRYPTED(inode)) + RETURN(-EOPNOTSUPP); + arg += sizeof(*ioc); if (copy_from_user(¶m.pa_archive_id, (void __user *)arg, sizeof(__u32))) diff --git a/lustre/llite/pcc.c b/lustre/llite/pcc.c index a8dc228..ab451c4 100644 --- a/lustre/llite/pcc.c +++ b/lustre/llite/pcc.c @@ -1451,6 +1451,9 @@ int pcc_file_open(struct inode *inode, struct file *file) if (!S_ISREG(inode->i_mode)) RETURN(0); + if (IS_ENCRYPTED(inode)) + RETURN(0); + pcc_inode_lock(inode); pcci = ll_i2pcci(inode); -- 1.8.3.1