#include <obd_support.h>
#include <obd_class.h>
#include <uapi/linux/lustre/lustre_ioctl.h>
+#include <uapi/linux/llcrypt.h>
#include <lustre_lib.h>
#include <lustre_dlm.h>
#include <lustre_fid.h>
strlen(dirname)),
},
};
+ bool encrypt = false;
int err;
ENTRY;
if (IS_ERR(op_data))
RETURN(PTR_ERR(op_data));
+ if (IS_ENCRYPTED(parent) ||
+ unlikely(llcrypt_dummy_context_enabled(parent))) {
+ err = llcrypt_get_encryption_info(parent);
+ if (err)
+ GOTO(out_op_data, err);
+ if (!llcrypt_has_encryption_key(parent))
+ GOTO(out_op_data, err = -ENOKEY);
+ encrypt = true;
+ }
+
if (sbi->ll_flags & LL_SBI_FILE_SECCTX) {
/* selinux_dentry_init_security() uses dentry->d_parent and name
* to determine the security context for the file. So our fake
dentry.d_inode = inode;
if (sbi->ll_flags & LL_SBI_FILE_SECCTX) {
- inode_lock(inode);
+ /* no need to protect selinux_inode_setsecurity() by
+ * inode_lock. Taking it would lead to a client deadlock
+ * LU-13617
+ */
err = security_inode_notifysecctx(inode,
op_data->op_file_secctx,
op_data->op_file_secctx_size);
- inode_unlock(inode);
} else {
err = ll_inode_init_security(&dentry, inode, parent);
}
if (err)
GOTO(out_inode, err);
+ if (encrypt) {
+ err = llcrypt_inherit_context(parent, inode, NULL, false);
+ if (err)
+ GOTO(out_inode, err);
+ }
+
out_inode:
if (inode != NULL)
iput(inode);
RETURN(rc);
}
- case LL_IOC_FSGETXATTR:
+ case FS_IOC_FSGETXATTR:
RETURN(ll_ioctl_fsgetxattr(inode, cmd, arg));
- case LL_IOC_FSSETXATTR:
+ case FS_IOC_FSSETXATTR:
RETURN(ll_ioctl_fssetxattr(inode, cmd, arg));
case LL_IOC_PCC_DETACH_BY_FID: {
struct lu_pcc_detach_fid *detach;
OBD_FREE_PTR(detach);
RETURN(rc);
}
+#ifdef HAVE_LUSTRE_CRYPTO
+ case LL_IOC_SET_ENCRYPTION_POLICY:
+ if (!ll_sbi_has_encrypt(ll_i2sbi(inode)))
+ return -EOPNOTSUPP;
+ return llcrypt_ioctl_set_policy(file, (const void __user *)arg);
+ case LL_IOC_GET_ENCRYPTION_POLICY_EX:
+ if (!ll_sbi_has_encrypt(ll_i2sbi(inode)))
+ return -EOPNOTSUPP;
+ return llcrypt_ioctl_get_policy_ex(file, (void __user *)arg);
+ case LL_IOC_ADD_ENCRYPTION_KEY:
+ if (!ll_sbi_has_encrypt(ll_i2sbi(inode)))
+ return -EOPNOTSUPP;
+ return llcrypt_ioctl_add_key(file, (void __user *)arg);
+ case LL_IOC_REMOVE_ENCRYPTION_KEY:
+ if (!ll_sbi_has_encrypt(ll_i2sbi(inode)))
+ return -EOPNOTSUPP;
+ return llcrypt_ioctl_remove_key(file, (void __user *)arg);
+ case LL_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
+ if (!ll_sbi_has_encrypt(ll_i2sbi(inode)))
+ return -EOPNOTSUPP;
+ return llcrypt_ioctl_remove_key_all_users(file,
+ (void __user *)arg);
+ case LL_IOC_GET_ENCRYPTION_KEY_STATUS:
+ if (!ll_sbi_has_encrypt(ll_i2sbi(inode)))
+ return -EOPNOTSUPP;
+ return llcrypt_ioctl_get_key_status(file, (void __user *)arg);
+#endif
default:
RETURN(obd_iocontrol(cmd, sbi->ll_dt_exp, 0, NULL,
(void __user *)arg));