Whamcloud - gitweb
git://git.whamcloud.com / fs / lustre-release.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
LU-14677 sec: migrate/extend/split on encrypted file
[fs/lustre-release.git] / lustre / llite / namei.c
diff --git a/lustre/llite/namei.c b/lustre/llite/namei.c
index 8b519ff..29d4806 100644 (file)
--- a/lustre/llite/namei.c
+++ b/lustre/llite/namei.c
@@ -27,20 +27,17 @@
  */
 /*
  * This file is part of Lustre, http://www.lustre.org/
- * Lustre is a trademark of Sun Microsystems, Inc.
  */
 
 #include <linux/fs.h>
 #include <linux/sched.h>
 #include <linux/mm.h>
+#include <linux/file.h>
 #include <linux/quotaops.h>
 #include <linux/highmem.h>
 #include <linux/pagemap.h>
-#include <linux/security.h>
 #include <linux/user_namespace.h>
-#ifdef HAVE_UIDGID_HEADER
-# include <linux/uidgid.h>
-#endif
+#include <linux/uidgid.h>
 
 #define DEBUG_SUBSYSTEM S_LLITE
 
@@ -51,7 +48,8 @@
 
 static int ll_create_it(struct inode *dir, struct dentry *dentry,
                        struct lookup_intent *it,
-                       void *secctx, __u32 secctxlen);
+                       void *secctx, __u32 secctxlen, bool encrypt,
+                       void *encctx, __u32 encctxlen);
 
 /* called from iget5_locked->find_inode() under inode_lock spinlock */
 static int ll_test_inode(struct inode *inode, void *opaque)
@@ -156,27 +154,44 @@ struct inode *ll_iget(struct super_block *sb, ino_t hash,
         RETURN(inode);
 }
 
-static void ll_invalidate_negative_children(struct inode *dir)
+/* mark negative sub file dentries invalid and prune unused dentries */
+static void ll_prune_negative_children(struct inode *dir)
 {
-       struct dentry *dentry, *tmp_subdir;
-       DECLARE_LL_D_HLIST_NODE_PTR(p);
+       struct dentry *dentry;
+       struct dentry *child;
+
+       ENTRY;
 
-       ll_lock_dcache(dir);
-       ll_d_hlist_for_each_entry(dentry, p, &dir->i_dentry) {
+restart:
+       spin_lock(&dir->i_lock);
+       hlist_for_each_entry(dentry, &dir->i_dentry, d_alias) {
                spin_lock(&dentry->d_lock);
-               if (!list_empty(&dentry->d_subdirs)) {
-                       struct dentry *child;
-
-                       list_for_each_entry_safe(child, tmp_subdir,
-                                                &dentry->d_subdirs,
-                                                d_child) {
-                               if (child->d_inode == NULL)
-                                       d_lustre_invalidate(child, 1);
+               list_for_each_entry(child, &dentry->d_subdirs, d_child) {
+                       if (child->d_inode)
+                               continue;
+
+                       spin_lock_nested(&child->d_lock, DENTRY_D_LOCK_NESTED);
+                       __d_lustre_invalidate(child);
+                       if (!ll_d_count(child)) {
+                               dget_dlock(child);
+                               __d_drop(child);
+                               spin_unlock(&child->d_lock);
+                               spin_unlock(&dentry->d_lock);
+                               spin_unlock(&dir->i_lock);
+
+                               CDEBUG(D_DENTRY, "prune negative dentry %pd\n",
+                                      child);
+
+                               dput(child);
+                               goto restart;
                        }
+                       spin_unlock(&child->d_lock);
                }
                spin_unlock(&dentry->d_lock);
        }
-       ll_unlock_dcache(dir);
+       spin_unlock(&dir->i_lock);
+
+       EXIT;
 }
 
 int ll_test_inode_by_fid(struct inode *inode, void *opaque)
@@ -184,50 +199,34 @@ int ll_test_inode_by_fid(struct inode *inode, void *opaque)
        return lu_fid_eq(&ll_i2info(inode)->lli_fid, opaque);
 }
 
-int ll_dom_lock_cancel(struct inode *inode, struct ldlm_lock *lock)
+static int ll_dom_lock_cancel(struct inode *inode, struct ldlm_lock *lock)
 {
        struct lu_env *env;
        struct ll_inode_info *lli = ll_i2info(inode);
-       struct cl_layout clt = { .cl_layout_gen = 0, };
-       int rc;
        __u16 refcheck;
-
-
+       int rc;
        ENTRY;
 
-       if (!lli->lli_clob) {
-               /* due to DoM read on open, there may exist pages for Lustre
-                * regular file even though cl_object is not set up yet. */
-               truncate_inode_pages(inode->i_mapping, 0);
-               RETURN(0);
-       }
-
        env = cl_env_get(&refcheck);
        if (IS_ERR(env))
                RETURN(PTR_ERR(env));
 
-       rc = cl_object_layout_get(env, lli->lli_clob, &clt);
-       if (rc) {
-               CDEBUG(D_INODE, "Cannot get layout for "DFID"\n",
-                      PFID(ll_inode2fid(inode)));
-               rc = -ENODATA;
-       } else if (clt.cl_size == 0 || clt.cl_dom_comp_size == 0) {
-               CDEBUG(D_INODE, "DOM lock without DOM layout for "DFID"\n",
-                      PFID(ll_inode2fid(inode)));
-       } else {
-               enum cl_fsync_mode mode;
-               loff_t end = clt.cl_dom_comp_size - 1;
+       OBD_FAIL_TIMEOUT(OBD_FAIL_LDLM_REPLAY_PAUSE, cfs_fail_val);
 
-               mode = ldlm_is_discard_data(lock) ?
-                                       CL_FSYNC_DISCARD : CL_FSYNC_LOCAL;
-               rc = cl_sync_file_range(inode, 0, end, mode, 1);
-               truncate_inode_pages_range(inode->i_mapping, 0, end);
+       /* reach MDC layer to flush data under  the DoM ldlm lock */
+       rc = cl_object_flush(env, lli->lli_clob, lock);
+       if (rc == -ENODATA) {
+               CDEBUG(D_INODE, "inode "DFID" layout has no DoM stripe\n",
+                      PFID(ll_inode2fid(inode)));
+               /* most likely result of layout change, do nothing */
+               rc = 0;
        }
+
        cl_env_put(env, &refcheck);
        RETURN(rc);
 }
 
-void ll_lock_cancel_bits(struct ldlm_lock *lock, __u64 to_cancel)
+static void ll_lock_cancel_bits(struct ldlm_lock *lock, __u64 to_cancel)
 {
        struct inode *inode = ll_inode_from_resource_lock(lock);
        struct ll_inode_info *lli;
@@ -300,9 +299,6 @@ void ll_lock_cancel_bits(struct ldlm_lock *lock, __u64 to_cancel)
                        CDEBUG(D_INODE, "cannot flush DoM data "
                               DFID": rc = %d\n",
                               PFID(ll_inode2fid(inode)), rc);
-               lock_res_and_lock(lock);
-               ldlm_set_kms_ignore(lock);
-               unlock_res_and_lock(lock);
        }
 
        if (bits & MDS_INODELOCK_LAYOUT) {
@@ -321,7 +317,7 @@ void ll_lock_cancel_bits(struct ldlm_lock *lock, __u64 to_cancel)
        lli = ll_i2info(inode);
 
        if (bits & MDS_INODELOCK_UPDATE)
-               lli->lli_update_atime = 1;
+               set_bit(LLIF_UPDATE_ATIME, &lli->lli_flags);
 
        if ((bits & MDS_INODELOCK_UPDATE) && S_ISDIR(inode->i_mode)) {
                CDEBUG(D_INODE, "invalidating inode "DFID" lli = %p, "
@@ -366,18 +362,20 @@ void ll_lock_cancel_bits(struct ldlm_lock *lock, __u64 to_cancel)
                                                        ll_test_inode_by_fid,
                                                        (void *)&lli->lli_pfid);
                        if (master_inode) {
-                               ll_invalidate_negative_children(master_inode);
+                               ll_prune_negative_children(master_inode);
                                iput(master_inode);
                        }
                } else {
-                       ll_invalidate_negative_children(inode);
+                       ll_prune_negative_children(inode);
                }
        }
 
        if ((bits & (MDS_INODELOCK_LOOKUP | MDS_INODELOCK_PERM)) &&
-           inode->i_sb->s_root != NULL &&
-           inode != inode->i_sb->s_root->d_inode)
-               ll_invalidate_aliases(inode);
+           !is_root_inode(inode))
+               ll_prune_aliases(inode);
+
+       if (bits & (MDS_INODELOCK_LOOKUP | MDS_INODELOCK_PERM))
+               forget_all_cached_acls(inode);
 
        iput(inode);
        RETURN_EXIT;
@@ -412,11 +410,13 @@ int ll_md_need_convert(struct ldlm_lock *lock)
        switch (lock->l_req_mode) {
        case LCK_PR:
                mode = LCK_PR;
+               /* fallthrough */
        case LCK_PW:
                mode |= LCK_CR;
                break;
        case LCK_CW:
                mode = LCK_CW;
+               /* fallthrough */
        case LCK_CR:
                mode |= LCK_CR;
                break;
@@ -428,8 +428,7 @@ int ll_md_need_convert(struct ldlm_lock *lock)
        /* is lock is too old to be converted? */
        lock_res_and_lock(lock);
        if (ktime_after(ktime_get(),
-                       ktime_add(lock->l_last_used,
-                                 ktime_set(ns->ns_dirty_age_limit, 0)))) {
+                       ktime_add(lock->l_last_used, ns->ns_dirty_age_limit))) {
                unlock_res_and_lock(lock);
                return 0;
        }
@@ -441,11 +440,10 @@ int ll_md_need_convert(struct ldlm_lock *lock)
        return !!(bits);
 }
 
-int ll_md_blocking_ast(struct ldlm_lock *lock, struct ldlm_lock_desc *desc,
+int ll_md_blocking_ast(struct ldlm_lock *lock, struct ldlm_lock_desc *ld,
                       void *data, int flag)
 {
        struct lustre_handle lockh;
-       __u64 bits = lock->l_policy_data.l_inodebits.bits;
        int rc;
 
        ENTRY;
@@ -455,17 +453,21 @@ int ll_md_blocking_ast(struct ldlm_lock *lock, struct ldlm_lock_desc *desc,
        {
                __u64 cancel_flags = LCF_ASYNC;
 
-               if (ll_md_need_convert(lock)) {
-                       cancel_flags |= LCF_CONVERT;
-                       /* For lock convert some cancel actions may require
-                        * this lock with non-dropped canceled bits, e.g. page
-                        * flush for DOM lock. So call ll_lock_cancel_bits()
-                        * here while canceled bits are still set.
-                        */
-                       bits = lock->l_policy_data.l_inodebits.cancel_bits;
-                       if (bits & MDS_INODELOCK_DOM)
-                               ll_lock_cancel_bits(lock, MDS_INODELOCK_DOM);
+               /* if lock convert is not needed then still have to
+                * pass lock via ldlm_cli_convert() to keep all states
+                * correct, set cancel_bits to full lock bits to cause
+                * full cancel to happen.
+                */
+               if (!ll_md_need_convert(lock)) {
+                       lock_res_and_lock(lock);
+                       lock->l_policy_data.l_inodebits.cancel_bits =
+                                       lock->l_policy_data.l_inodebits.bits;
+                       unlock_res_and_lock(lock);
                }
+               rc = ldlm_cli_convert(lock, cancel_flags);
+               if (!rc)
+                       RETURN(0);
+               /* continue with cancel otherwise */
                ldlm_lock2handle(lock, &lockh);
                rc = ldlm_cli_cancel(&lockh, cancel_flags);
                if (rc < 0) {
@@ -475,24 +477,34 @@ int ll_md_blocking_ast(struct ldlm_lock *lock, struct ldlm_lock_desc *desc,
                break;
        }
        case LDLM_CB_CANCELING:
+       {
+               __u64 to_cancel = lock->l_policy_data.l_inodebits.bits;
+
                /* Nothing to do for non-granted locks */
                if (!ldlm_is_granted(lock))
                        break;
 
-               if (ldlm_is_converting(lock)) {
-                       /* this is called on already converted lock, so
-                        * ibits has remained bits only and cancel_bits
-                        * are bits that were dropped.
-                        * Note that DOM lock is handled prior lock convert
-                        * and is excluded here.
+               /* If 'ld' is supplied then bits to be cancelled are passed
+                * implicitly by lock converting and cancel_bits from 'ld'
+                * should be used. Otherwise full cancel is being performed
+                * and lock inodebits are used.
+                *
+                * Note: we cannot rely on cancel_bits in lock itself at this
+                * moment because they can be changed by concurrent thread,
+                * so ldlm_cli_inodebits_convert() pass cancel bits implicitly
+                * in 'ld' parameter.
+                */
+               if (ld) {
+                       /* partial bits cancel allowed only during convert */
+                       LASSERT(ldlm_is_converting(lock));
+                       /* mask cancel bits by lock bits so only no any unused
+                        * bits are passed to ll_lock_cancel_bits()
                         */
-                       bits = lock->l_policy_data.l_inodebits.cancel_bits &
-                               ~MDS_INODELOCK_DOM;
-               } else {
-                       LASSERT(ldlm_is_canceling(lock));
+                       to_cancel &= ld->l_policy_data.l_inodebits.cancel_bits;
                }
-               ll_lock_cancel_bits(lock, bits);
+               ll_lock_cancel_bits(lock, to_cancel);
                break;
+       }
        default:
                LBUG();
        }
@@ -536,15 +548,14 @@ void ll_i2gids(__u32 *suppgids, struct inode *i1, struct inode *i2)
 static struct dentry *ll_find_alias(struct inode *inode, struct dentry *dentry)
 {
        struct dentry *alias, *discon_alias, *invalid_alias;
-       DECLARE_LL_D_HLIST_NODE_PTR(p);
 
-       if (ll_d_hlist_empty(&inode->i_dentry))
+       if (hlist_empty(&inode->i_dentry))
                return NULL;
 
        discon_alias = invalid_alias = NULL;
 
-       ll_lock_dcache(inode);
-       ll_d_hlist_for_each_entry(alias, p, &inode->i_dentry) {
+       spin_lock(&inode->i_lock);
+       hlist_for_each_entry(alias, &inode->i_dentry, d_alias) {
                LASSERT(alias != dentry);
 
                spin_lock(&alias->d_lock);
@@ -569,7 +580,7 @@ static struct dentry *ll_find_alias(struct inode *inode, struct dentry *dentry)
                dget_dlock(alias);
                spin_unlock(&alias->d_lock);
        }
-       ll_unlock_dcache(inode);
+       spin_unlock(&inode->i_lock);
 
        return alias;
 }
@@ -603,6 +614,27 @@ struct dentry *ll_splice_alias(struct inode *inode, struct dentry *de)
        if (rc < 0)
                return ERR_PTR(rc);
        d_add(de, inode);
+
+       /* this needs only to be done for foreign symlink dirs as
+        * DCACHE_SYMLINK_TYPE is already set by d_flags_for_inode()
+        * kernel routine for files with symlink ops (ie, real symlink)
+        */
+       if (inode && S_ISDIR(inode->i_mode) &&
+           ll_sbi_has_foreign_symlink(ll_i2sbi(inode)) &&
+#ifdef HAVE_IOP_GET_LINK
+           inode->i_op->get_link) {
+#else
+           inode->i_op->follow_link) {
+#endif
+               CDEBUG(D_INFO, "%s: inode "DFID": faking foreign dir as a symlink\n",
+                      ll_i2sbi(inode)->ll_fsname, PFID(ll_inode2fid(inode)));
+               spin_lock(&de->d_lock);
+               /* like d_flags_for_inode() already does for files */
+               de->d_flags = (de->d_flags & ~DCACHE_ENTRY_TYPE) |
+                             DCACHE_SYMLINK_TYPE;
+               spin_unlock(&de->d_lock);
+       }
+
        CDEBUG(D_DENTRY, "Add dentry %p inode %p refc %d flags %#x\n",
               de, de->d_inode, ll_d_count(de), de->d_flags);
         return de;
@@ -611,7 +643,9 @@ struct dentry *ll_splice_alias(struct inode *inode, struct dentry *de)
 static int ll_lookup_it_finish(struct ptlrpc_request *request,
                               struct lookup_intent *it,
                               struct inode *parent, struct dentry **de,
-                              void *secctx, __u32 secctxlen)
+                              void *secctx, __u32 secctxlen,
+                              void *encctx, __u32 encctxlen,
+                              ktime_t kstart, bool encrypt)
 {
        struct inode             *inode = NULL;
        __u64                     bits = 0;
@@ -628,14 +662,45 @@ static int ll_lookup_it_finish(struct ptlrpc_request *request,
                struct mdt_body *body = req_capsule_server_get(pill,
                                                               &RMF_MDT_BODY);
 
-               rc = ll_prep_inode(&inode, request, (*de)->d_sb, it);
+               rc = ll_prep_inode(&inode, &request->rq_pill, (*de)->d_sb, it);
                if (rc)
                        RETURN(rc);
 
-               if (it->it_op & IT_OPEN)
-                       ll_dom_finish_open(inode, request, it);
+               /* If encryption context was returned by MDT, put it in
+                * inode now to save an extra getxattr and avoid deadlock.
+                */
+               if (body->mbo_valid & OBD_MD_ENCCTX) {
+                       encctx = req_capsule_server_get(pill, &RMF_FILE_ENCCTX);
+                       encctxlen = req_capsule_get_size(pill,
+                                                        &RMF_FILE_ENCCTX,
+                                                        RCL_SERVER);
+
+                       if (encctxlen) {
+                               CDEBUG(D_SEC,
+                                      "server returned encryption ctx for "DFID"\n",
+                                      PFID(ll_inode2fid(inode)));
+                               rc = ll_xattr_cache_insert(inode,
+                                              LL_XATTR_NAME_ENCRYPTION_CONTEXT,
+                                                          encctx, encctxlen);
+                               if (rc)
+                                       CWARN("%s: cannot set enc ctx for "DFID": rc = %d\n",
+                                             ll_i2sbi(inode)->ll_fsname,
+                                             PFID(ll_inode2fid(inode)), rc);
+                               else if (encrypt) {
+                                       rc = llcrypt_get_encryption_info(inode);
+                                       if (rc)
+                                               CDEBUG(D_SEC,
+                                                "cannot get enc info for "DFID": rc = %d\n",
+                                                PFID(ll_inode2fid(inode)), rc);
+                               }
+                       }
+               }
 
                ll_set_lock_data(ll_i2sbi(parent)->ll_md_exp, inode, it, &bits);
+               /* OPEN can return data if lock has DoM+LAYOUT bits set */
+               if (it->it_op & IT_OPEN &&
+                   bits & MDS_INODELOCK_DOM && bits & MDS_INODELOCK_LAYOUT)
+                       ll_dom_finish_open(inode, request);
 
                /* We used to query real size from OSTs here, but actually
                 * this is not needed. For stat() calls size would be updated
@@ -664,14 +729,17 @@ static int ll_lookup_it_finish(struct ptlrpc_request *request,
                }
 
                if (secctx != NULL && secctxlen != 0) {
-                       inode_lock(inode);
+                       /* no need to protect selinux_inode_setsecurity() by
+                        * inode_lock. Taking it would lead to a client deadlock
+                        * LU-13617
+                        */
                        rc = security_inode_notifysecctx(inode, secctx,
                                                         secctxlen);
-                       inode_unlock(inode);
                        if (rc)
-                               CWARN("cannot set security context for "
-                                     DFID": rc = %d\n",
-                                     PFID(ll_inode2fid(inode)), rc);
+                               CWARN("%s: cannot set security context for "DFID": rc = %d\n",
+                                     ll_i2sbi(inode)->ll_fsname,
+                                     PFID(ll_inode2fid(inode)),
+                                     rc);
                }
        }
 
@@ -688,6 +756,14 @@ static int ll_lookup_it_finish(struct ptlrpc_request *request,
                /* we have lookup look - unhide dentry */
                if (bits & MDS_INODELOCK_LOOKUP)
                        d_lustre_revalidate(*de);
+
+               if (encrypt) {
+                       rc = llcrypt_get_encryption_info(inode);
+                       if (rc)
+                               GOTO(out, rc);
+                       if (!llcrypt_has_encryption_key(inode))
+                               GOTO(out, rc = -ENOKEY);
+               }
        } else if (!it_disposition(it, DISP_OPEN_CREATE)) {
                /*
                 * If file was created on the server, the dentry is revalidated
@@ -716,25 +792,30 @@ static int ll_lookup_it_finish(struct ptlrpc_request *request,
                }
        }
 
+       if (it_disposition(it, DISP_OPEN_CREATE)) {
+               ll_stats_ops_tally(ll_i2sbi(parent), LPROC_LL_MKNOD,
+                                  ktime_us_delta(ktime_get(), kstart));
+       }
+
        GOTO(out, rc = 0);
 
 out:
-       if (rc != 0 && it->it_op & IT_OPEN)
-               ll_open_cleanup((*de)->d_sb, request);
+       if (rc != 0 && it->it_op & IT_OPEN) {
+               ll_intent_drop_lock(it);
+               ll_open_cleanup((*de)->d_sb, &request->rq_pill);
+       }
 
        return rc;
 }
 
-struct pcc_create_attach {
-       struct pcc_dataset *pca_dataset;
-       struct dentry *pca_dentry;
-};
-
 static struct dentry *ll_lookup_it(struct inode *parent, struct dentry *dentry,
                                   struct lookup_intent *it,
                                   void **secctx, __u32 *secctxlen,
-                                  struct pcc_create_attach *pca)
+                                  struct pcc_create_attach *pca,
+                                  bool encrypt,
+                                  void **encctx, __u32 *encctxlen)
 {
+       ktime_t kstart = ktime_get();
        struct lookup_intent lookup_it = { .it_op = IT_LOOKUP };
        struct dentry *save = dentry, *retval;
        struct ptlrpc_request *req = NULL;
@@ -746,21 +827,20 @@ static struct dentry *ll_lookup_it(struct inode *parent, struct dentry *dentry,
 
        ENTRY;
 
-        if (dentry->d_name.len > ll_i2sbi(parent)->ll_namelen)
-                RETURN(ERR_PTR(-ENAMETOOLONG));
+       if (dentry->d_name.len > ll_i2sbi(parent)->ll_namelen)
+               RETURN(ERR_PTR(-ENAMETOOLONG));
 
-       CDEBUG(D_VFSTRACE, "VFS Op:name=%.*s, dir="DFID"(%p), intent=%s\n",
-              dentry->d_name.len, dentry->d_name.name,
-              PFID(ll_inode2fid(parent)), parent, LL_IT2STR(it));
+       CDEBUG(D_VFSTRACE, "VFS Op:name=%pd, dir="DFID"(%p), intent=%s\n",
+              dentry, PFID(ll_inode2fid(parent)), parent, LL_IT2STR(it));
 
-        if (d_mountpoint(dentry))
-                CERROR("Tell Peter, lookup on mtpt, it %s\n", LL_IT2STR(it));
+       if (d_mountpoint(dentry))
+               CERROR("Tell Peter, lookup on mtpt, it %s\n", LL_IT2STR(it));
 
        if (it == NULL || it->it_op == IT_GETXATTR)
                it = &lookup_it;
 
        if (it->it_op == IT_GETATTR && dentry_may_statahead(parent, dentry)) {
-               rc = ll_statahead(parent, &dentry, 0);
+               rc = ll_revalidate_statahead(parent, &dentry, 0);
                if (rc == 1)
                        RETURN(dentry == save ? NULL : dentry);
        }
@@ -802,6 +882,101 @@ static struct dentry *ll_lookup_it(struct inode *parent, struct dentry *dentry,
                if (secctxlen != NULL)
                        *secctxlen = 0;
        }
+       if (it->it_op & IT_CREAT && encrypt) {
+               /* Volatile file name may look like:
+                * <parent>/LUSTRE_VOLATILE_HDR:<mdt_index>:<random>:fd=<fd>
+                * where fd is opened descriptor of reference file.
+                */
+               if (unlikely(filename_is_volatile(dentry->d_name.name,
+                                                 dentry->d_name.len, NULL))) {
+                       int ctx_size = LLCRYPT_ENC_CTX_SIZE;
+                       struct lustre_sb_info *lsi;
+                       struct file *ref_file;
+                       struct inode *ref_inode;
+                       char *p, *q, *fd_str;
+                       void *ctx;
+                       int fd;
+
+                       p = strnstr(dentry->d_name.name, ":fd=",
+                                   dentry->d_name.len);
+                       if (!p || strlen(p + 4) == 0)
+                               GOTO(out, retval = ERR_PTR(-EINVAL));
+
+                       q = strchrnul(p + 4, ':');
+                       fd_str = kstrndup(p + 4, q - p - 4, GFP_NOFS);
+                       if (!fd_str)
+                               GOTO(out, retval = ERR_PTR(-ENOMEM));
+                       rc = kstrtouint(fd_str, 10, &fd);
+                       kfree(fd_str);
+                       if (rc)
+                               GOTO(inherit, rc = -EINVAL);
+
+                       ref_file = fget(fd);
+                       if (!ref_file)
+                               GOTO(inherit, rc = -EINVAL);
+
+                       ref_inode = file_inode(ref_file);
+                       if (!ref_inode) {
+                               fput(ref_file);
+                               GOTO(inherit, rc = -EINVAL);
+                       }
+
+                       lsi = s2lsi(ref_inode->i_sb);
+
+getctx:
+                       OBD_ALLOC(ctx, ctx_size);
+                       if (!ctx)
+                               GOTO(out, retval = ERR_PTR(-ENOMEM));
+
+#ifdef CONFIG_LL_ENCRYPTION
+                       rc = lsi->lsi_cop->get_context(ref_inode,
+                                                      ctx, ctx_size);
+#else
+                       rc = -ENODATA;
+#endif
+                       if (rc == -ERANGE) {
+                               OBD_FREE(ctx, ctx_size);
+                               ctx_size *= 2;
+                               goto getctx;
+                       }
+                       fput(ref_file);
+                       if (rc < 0) {
+                               OBD_FREE(ctx, ctx_size);
+                               GOTO(inherit, rc);
+                       }
+
+                       op_data->op_file_encctx_size = rc;
+                       if (rc == ctx_size) {
+                               op_data->op_file_encctx = ctx;
+                       } else {
+                               OBD_ALLOC(op_data->op_file_encctx,
+                                         op_data->op_file_encctx_size);
+                               if (!op_data->op_file_encctx) {
+                                       OBD_FREE(ctx, ctx_size);
+                                       GOTO(out, retval = ERR_PTR(-ENOMEM));
+                               }
+                               memcpy(op_data->op_file_encctx, ctx,
+                                      op_data->op_file_encctx_size);
+                               OBD_FREE(ctx, ctx_size);
+                       }
+
+               } else {
+inherit:
+                       rc = llcrypt_inherit_context(parent, NULL, op_data,
+                                                    false);
+                       if (rc)
+                               GOTO(out, retval = ERR_PTR(rc));
+               }
+               if (encctx != NULL)
+                       *encctx = op_data->op_file_encctx;
+               if (encctxlen != NULL)
+                       *encctxlen = op_data->op_file_encctx_size;
+       } else {
+               if (encctx != NULL)
+                       *encctx = NULL;
+               if (encctxlen != NULL)
+                       *encctxlen = 0;
+       }
 
        /* ask for security context upon intent */
        if (it->it_op & (IT_LOOKUP | IT_GETATTR | IT_OPEN)) {
@@ -821,8 +996,6 @@ static struct dentry *ll_lookup_it(struct inode *parent, struct dentry *dentry,
        }
 
        if (pca && pca->pca_dataset) {
-               struct pcc_dataset *dataset = pca->pca_dataset;
-
                OBD_ALLOC_PTR(lum);
                if (lum == NULL)
                        GOTO(out, retval = ERR_PTR(-ENOMEM));
@@ -831,18 +1004,7 @@ static struct dentry *ll_lookup_it(struct inode *parent, struct dentry *dentry,
                lum->lmm_pattern = LOV_PATTERN_F_RELEASED | LOV_PATTERN_RAID0;
                op_data->op_data = lum;
                op_data->op_data_size = sizeof(*lum);
-               op_data->op_archive_id = dataset->pccd_rwid;
-
-               rc = obd_fid_alloc(NULL, ll_i2mdexp(parent), &op_data->op_fid2,
-                                  op_data);
-               if (rc)
-                       GOTO(out, retval = ERR_PTR(rc));
-
-               rc = pcc_inode_create(parent->i_sb, dataset, &op_data->op_fid2,
-                                     &pca->pca_dentry);
-               if (rc)
-                       GOTO(out, retval = ERR_PTR(rc));
-
+               op_data->op_archive_id = pca->pca_dataset->pccd_rwid;
                it->it_flags |= MDS_OPEN_PCC;
        }
 
@@ -877,22 +1039,33 @@ static struct dentry *ll_lookup_it(struct inode *parent, struct dentry *dentry,
        if (rc < 0)
                GOTO(out, retval = ERR_PTR(rc));
 
+       if (pca && pca->pca_dataset) {
+               rc = pcc_inode_create(parent->i_sb, pca->pca_dataset,
+                                     &op_data->op_fid2,
+                                     &pca->pca_dentry);
+               if (rc)
+                       GOTO(out, retval = ERR_PTR(rc));
+       }
+
        /* dir layout may change */
        ll_unlock_md_op_lsm(op_data);
        rc = ll_lookup_it_finish(req, it, parent, &dentry,
                                 secctx != NULL ? *secctx : NULL,
-                                secctxlen != NULL ? *secctxlen : 0);
-        if (rc != 0) {
-                ll_intent_release(it);
-                GOTO(out, retval = ERR_PTR(rc));
-        }
-
-        if ((it->it_op & IT_OPEN) && dentry->d_inode &&
-            !S_ISREG(dentry->d_inode->i_mode) &&
-            !S_ISDIR(dentry->d_inode->i_mode)) {
-                ll_release_openhandle(dentry, it);
-        }
-        ll_lookup_finish_locks(it, dentry);
+                                secctxlen != NULL ? *secctxlen : 0,
+                                encctx != NULL ? *encctx : NULL,
+                                encctxlen != NULL ? *encctxlen : 0,
+                                kstart, encrypt);
+       if (rc != 0) {
+               ll_intent_release(it);
+               GOTO(out, retval = ERR_PTR(rc));
+       }
+
+       if ((it->it_op & IT_OPEN) && dentry->d_inode &&
+           !S_ISREG(dentry->d_inode->i_mode) &&
+           !S_ISDIR(dentry->d_inode->i_mode)) {
+               ll_release_openhandle(dentry, it);
+       }
+       ll_lookup_finish_locks(it, dentry);
 
        GOTO(out, retval = (dentry == save) ? NULL : dentry);
 
@@ -904,6 +1077,14 @@ out:
                        op_data->op_file_secctx = NULL;
                        op_data->op_file_secctx_size = 0;
                }
+               if (encctx != NULL && encctxlen != NULL &&
+                   it->it_op & IT_CREAT && encrypt) {
+                       /* caller needs enc ctx info, so reset it in op_data to
+                        * prevent it from being freed
+                        */
+                       op_data->op_file_encctx = NULL;
+                       op_data->op_file_encctx_size = 0;
+               }
                ll_finish_md_op_data(op_data);
        }
 
@@ -914,16 +1095,14 @@ out:
        return retval;
 }
 
-#ifdef HAVE_IOP_ATOMIC_OPEN
 static struct dentry *ll_lookup_nd(struct inode *parent, struct dentry *dentry,
                                   unsigned int flags)
 {
        struct lookup_intent *itp, it = { .it_op = IT_GETATTR };
        struct dentry *de;
 
-       CDEBUG(D_VFSTRACE, "VFS Op:name=%.*s, dir="DFID"(%p), flags=%u\n",
-              dentry->d_name.len, dentry->d_name.name,
-              PFID(ll_inode2fid(parent)), parent, flags);
+       CDEBUG(D_VFSTRACE, "VFS Op:name=%pd, dir="DFID"(%p), flags=%u\n",
+              dentry, PFID(ll_inode2fid(parent)), parent, flags);
 
        /*
         * Optimize away (CREATE && !OPEN). Let .create handle the race.
@@ -938,7 +1117,8 @@ static struct dentry *ll_lookup_nd(struct inode *parent, struct dentry *dentry,
                itp = NULL;
        else
                itp = &it;
-       de = ll_lookup_it(parent, dentry, itp, NULL, NULL, NULL);
+       de = ll_lookup_it(parent, dentry, itp, NULL, NULL, NULL, false,
+                         NULL, NULL);
 
        if (itp != NULL)
                ll_intent_release(itp);
@@ -979,16 +1159,17 @@ static int ll_atomic_open(struct inode *dir, struct dentry *dentry,
        long long lookup_flags = LOOKUP_OPEN;
        void *secctx = NULL;
        __u32 secctxlen = 0;
-       struct ll_sb_info *sbi;
-       struct pcc_create_attach pca = {NULL, NULL};
-       struct pcc_dataset *dataset = NULL;
+       void *encctx = NULL;
+       __u32 encctxlen = 0;
+       struct ll_sb_info *sbi = NULL;
+       struct pcc_create_attach pca = { NULL, NULL };
+       bool encrypt = false;
        int rc = 0;
        ENTRY;
 
-       CDEBUG(D_VFSTRACE, "VFS Op:name=%.*s, dir="DFID"(%p), file %p,"
-                          "open_flags %x, mode %x opened %d\n",
-              dentry->d_name.len, dentry->d_name.name,
-              PFID(ll_inode2fid(dir)), dir, file, open_flags, mode,
+       CDEBUG(D_VFSTRACE,
+              "VFS Op:name=%pd, dir="DFID"(%p), file %p, open_flags %x, mode %x opened %d\n",
+              dentry, PFID(ll_inode2fid(dir)), dir, file, open_flags, mode,
               ll_is_opened(opened, file));
 
        /* Only negative dentries enter here */
@@ -1022,6 +1203,7 @@ static int ll_atomic_open(struct inode *dir, struct dentry *dentry,
                if (!filename_is_volatile(dentry->d_name.name,
                                          dentry->d_name.len, NULL)) {
                        struct pcc_matcher item;
+                       struct pcc_dataset *dataset;
 
                        item.pm_uid = from_kuid(&init_user_ns, current_uid());
                        item.pm_gid = from_kgid(&init_user_ns, current_gid());
@@ -1036,8 +1218,34 @@ static int ll_atomic_open(struct inode *dir, struct dentry *dentry,
        it->it_flags = (open_flags & ~O_ACCMODE) | OPEN_FMODE(open_flags);
        it->it_flags &= ~MDS_OPEN_FL_INTERNAL;
 
+       if (ll_sbi_has_encrypt(ll_i2sbi(dir)) && IS_ENCRYPTED(dir)) {
+               /* in case of create, this is going to be a regular file because
+                * we set S_IFREG bit on it->it_create_mode above
+                */
+               rc = llcrypt_get_encryption_info(dir);
+               if (rc)
+                       GOTO(out_release, rc);
+               if (open_flags & O_CREAT) {
+                       if (!llcrypt_has_encryption_key(dir))
+                               GOTO(out_release, rc = -ENOKEY);
+                       encrypt = true;
+               }
+       }
+
+       OBD_FAIL_TIMEOUT(OBD_FAIL_LLITE_CREATE_FILE_PAUSE2, cfs_fail_val);
+
+       /* We can only arrive at this path when we have no inode, so
+        * we only need to request open lock if it was requested
+        * for every open
+        */
+       if (ll_i2sbi(dir)->ll_oc_thrsh_count == 1 &&
+           exp_connect_flags2(ll_i2mdexp(dir)) &
+           OBD_CONNECT2_ATOMIC_OPEN_LOCK)
+               it->it_flags |= MDS_OPEN_LOCK;
+
        /* Dentry added to dcache tree in ll_lookup_it */
-       de = ll_lookup_it(dir, dentry, it, &secctx, &secctxlen, &pca);
+       de = ll_lookup_it(dir, dentry, it, &secctx, &secctxlen, &pca, encrypt,
+                         &encctx, &encctxlen);
        if (IS_ERR(de))
                rc = PTR_ERR(de);
        else if (de != NULL)
@@ -1048,28 +1256,54 @@ static int ll_atomic_open(struct inode *dir, struct dentry *dentry,
        if (!rc) {
                if (it_disposition(it, DISP_OPEN_CREATE)) {
                        /* Dentry instantiated in ll_create_it. */
-                       rc = ll_create_it(dir, dentry, it, secctx, secctxlen);
-                       security_release_secctx(secctx, secctxlen);
+                       rc = ll_create_it(dir, dentry, it, secctx, secctxlen,
+                                         encrypt, encctx, encctxlen);
+                       ll_security_release_secctx(secctx, secctxlen);
+                       llcrypt_free_ctx(encctx, encctxlen);
                        if (rc) {
                                /* We dget in ll_splice_alias. */
                                if (de != NULL)
                                        dput(de);
                                goto out_release;
                        }
-                       if (dataset != NULL && dentry->d_inode) {
-                               rc = pcc_inode_create_fini(dataset,
-                                                          dentry->d_inode,
-                                                          pca.pca_dentry);
-                               if (rc) {
-                                       if (de != NULL)
-                                               dput(de);
-                                       GOTO(out_release, rc);
-                               }
+
+                       rc = pcc_inode_create_fini(dentry->d_inode, &pca);
+                       if (rc) {
+                               if (de != NULL)
+                                       dput(de);
+                               GOTO(out_release, rc);
                        }
+
                        ll_set_created(opened, file);
+               } else {
+                       /* Open the file with O_CREAT, but the file already
+                        * existed on MDT. This may happend in the case that
+                        * the LOOKUP ibits lock is revoked and the
+                        * corresponding dentry cache is deleted.
+                        * i.e. In the current Lustre, the truncate operation
+                        * will revoke the LOOKUP ibits lock, and the file
+                        * dentry cache will be invalidated. The following open
+                        * with O_CREAT flag will call into ->atomic_open, the
+                        * file was wrongly though as newly created file and
+                        * try to auto cache the file. So after client knows it
+                        * is not a DISP_OPEN_CREATE, it should cleanup the
+                        * already created PCC copy.
+                        */
+                       pcc_create_attach_cleanup(dir->i_sb, &pca);
+
+                       if (open_flags & O_CREAT && encrypt &&
+                           dentry->d_inode) {
+                               rc = ll_set_encflags(dentry->d_inode, encctx,
+                                                    encctxlen, true);
+                               llcrypt_free_ctx(encctx, encctxlen);
+                               if (rc)
+                                       GOTO(out_release, rc);
+                       }
                }
 
-               if (dentry->d_inode && it_disposition(it, DISP_OPEN_OPEN)) {
+               /* check also if a foreign file is openable */
+               if (dentry->d_inode && it_disposition(it, DISP_OPEN_OPEN) &&
+                   ll_foreign_is_openable(dentry, open_flags)) {
                        /* Open dentry. */
                        if (S_ISFIFO(dentry->d_inode->i_mode)) {
                                /* We cannot call open here as it might
@@ -1088,122 +1322,17 @@ static int ll_atomic_open(struct inode *dir, struct dentry *dentry,
                } else {
                        rc = finish_no_open(file, de);
                }
+       } else {
+               pcc_create_attach_cleanup(dir->i_sb, &pca);
        }
 
 out_release:
-       if (dataset != NULL)
-               pcc_dataset_put(dataset);
        ll_intent_release(it);
        OBD_FREE(it, sizeof(*it));
 
        RETURN(rc);
 }
 
-#else /* !HAVE_IOP_ATOMIC_OPEN */
-static struct lookup_intent *
-ll_convert_intent(struct open_intent *oit, int lookup_flags, bool is_readonly)
-{
-       struct lookup_intent *it;
-
-       OBD_ALLOC_PTR(it);
-       if (!it)
-               return ERR_PTR(-ENOMEM);
-
-       if (lookup_flags & LOOKUP_OPEN) {
-               it->it_op = IT_OPEN;
-               /* Avoid file creation for ro bind mount point(is_readonly) */
-               if ((lookup_flags & LOOKUP_CREATE) && !is_readonly)
-                       it->it_op |= IT_CREAT;
-               it->it_create_mode = (oit->create_mode & S_IALLUGO) | S_IFREG;
-               it->it_flags = ll_namei_to_lookup_intent_flag(oit->flags &
-                                               ~(is_readonly ? O_CREAT : 0));
-               it->it_flags &= ~MDS_OPEN_FL_INTERNAL;
-       } else {
-               it->it_op = IT_GETATTR;
-       }
-
-       return it;
-}
-
-static struct dentry *ll_lookup_nd(struct inode *parent, struct dentry *dentry,
-                                   struct nameidata *nd)
-{
-       struct dentry *de;
-       ENTRY;
-
-       if (nd && !(nd->flags & (LOOKUP_CONTINUE|LOOKUP_PARENT))) {
-               struct lookup_intent *it;
-
-               if (ll_d2d(dentry) && ll_d2d(dentry)->lld_it) {
-                       it = ll_d2d(dentry)->lld_it;
-                       ll_d2d(dentry)->lld_it = NULL;
-               } else {
-                       /*
-                        * Optimize away (CREATE && !OPEN). Let .create handle
-                        * the race. But only if we have write permissions
-                        * there, otherwise we need to proceed with lookup.
-                        * LU-4185
-                        */
-                       if ((nd->flags & LOOKUP_CREATE) &&
-                           !(nd->flags & LOOKUP_OPEN) &&
-                           (inode_permission(parent,
-                                             MAY_WRITE | MAY_EXEC) == 0))
-                               RETURN(NULL);
-
-                       it = ll_convert_intent(&nd->intent.open, nd->flags,
-                               (nd->path.mnt->mnt_flags & MNT_READONLY) ||
-                               (nd->path.mnt->mnt_sb->s_flags & SB_RDONLY));
-                       if (IS_ERR(it))
-                               RETURN((struct dentry *)it);
-               }
-
-               de = ll_lookup_it(parent, dentry, it, NULL, NULL, NULL);
-               if (de)
-                       dentry = de;
-               if ((nd->flags & LOOKUP_OPEN) && !IS_ERR(dentry)) { /* Open */
-                       if (dentry->d_inode &&
-                           it_disposition(it, DISP_OPEN_OPEN)) { /* nocreate */
-                               if (S_ISFIFO(dentry->d_inode->i_mode)) {
-                                       /* We cannot call open here as it might
-                                        * deadlock. This case is unreachable in
-                                        * practice because of
-                                        * OBD_CONNECT_NODEVOH. */
-                               } else {
-                                       struct file *filp;
-
-                                       nd->intent.open.file->private_data = it;
-                                       filp = lookup_instantiate_filp(nd,
-                                                                      dentry,
-                                                                      NULL);
-                                       if (IS_ERR(filp)) {
-                                               if (de)
-                                                       dput(de);
-                                               de = (struct dentry *)filp;
-                                       }
-                               }
-                       } else if (it_disposition(it, DISP_OPEN_CREATE)) {
-                               /* XXX This can only reliably work on assumption
-                                * that there are NO hashed negative dentries.*/
-                               ll_d2d(dentry)->lld_it = it;
-                               it = NULL; /* Will be freed in ll_create_nd */
-                               /* We absolutely depend on ll_create_nd to be
-                                * called to not leak this intent and possible
-                                * data attached to it */
-                       }
-               }
-
-               if (it) {
-                       ll_intent_release(it);
-                       OBD_FREE(it, sizeof(*it));
-               }
-       } else {
-               de = ll_lookup_it(parent, dentry, NULL, NULL, NULL, NULL);
-       }
-
-       RETURN(de);
-}
-#endif /* HAVE_IOP_ATOMIC_OPEN */
-
 /* We depend on "mode" being set with the proper file type/umask by now */
 static struct inode *ll_create_node(struct inode *dir, struct lookup_intent *it)
 {
@@ -1217,10 +1346,10 @@ static struct inode *ll_create_node(struct inode *dir, struct lookup_intent *it)
 
        LASSERT(it_disposition(it, DISP_ENQ_CREATE_REF));
        request = it->it_request;
-        it_clear_disposition(it, DISP_ENQ_CREATE_REF);
-        rc = ll_prep_inode(&inode, request, dir->i_sb, it);
-        if (rc)
-                GOTO(out, inode = ERR_PTR(rc));
+       it_clear_disposition(it, DISP_ENQ_CREATE_REF);
+       rc = ll_prep_inode(&inode, &request->rq_pill, dir->i_sb, it);
+       if (rc)
+               GOTO(out, inode = ERR_PTR(rc));
 
        /* Pause to allow for a race with concurrent access by fid */
        OBD_FAIL_TIMEOUT(OBD_FAIL_LLITE_CREATE_NODE_PAUSE, cfs_fail_val);
@@ -1253,16 +1382,16 @@ static struct inode *ll_create_node(struct inode *dir, struct lookup_intent *it)
  */
 static int ll_create_it(struct inode *dir, struct dentry *dentry,
                        struct lookup_intent *it,
-                       void *secctx, __u32 secctxlen)
+                       void *secctx, __u32 secctxlen, bool encrypt,
+                       void *encctx, __u32 encctxlen)
 {
        struct inode *inode;
        __u64 bits = 0;
        int rc = 0;
        ENTRY;
 
-       CDEBUG(D_VFSTRACE, "VFS Op:name=%.*s, dir="DFID"(%p), intent=%s\n",
-              dentry->d_name.len, dentry->d_name.name,
-              PFID(ll_inode2fid(dir)), dir, LL_IT2STR(it));
+       CDEBUG(D_VFSTRACE, "VFS Op:name=%pd, dir="DFID"(%p), intent=%s\n",
+              dentry, PFID(ll_inode2fid(dir)), dir, LL_IT2STR(it));
 
        rc = it_open_error(DISP_OPEN_CREATE, it);
        if (rc)
@@ -1274,18 +1403,26 @@ static int ll_create_it(struct inode *dir, struct dentry *dentry,
 
        if ((ll_i2sbi(inode)->ll_flags & LL_SBI_FILE_SECCTX) &&
            secctx != NULL) {
-               inode_lock(inode);
                /* must be done before d_instantiate, because it calls
                 * security_d_instantiate, which means a getxattr if security
                 * context is not set yet */
+               /* no need to protect selinux_inode_setsecurity() by
+                * inode_lock. Taking it would lead to a client deadlock
+                * LU-13617
+                */
                rc = security_inode_notifysecctx(inode, secctx, secctxlen);
-               inode_unlock(inode);
                if (rc)
                        RETURN(rc);
        }
 
        d_instantiate(dentry, inode);
 
+       if (encrypt) {
+               rc = ll_set_encflags(inode, encctx, encctxlen, true);
+               if (rc)
+                       RETURN(rc);
+       }
+
        if (!(ll_i2sbi(inode)->ll_flags & LL_SBI_FILE_SECCTX)) {
                rc = ll_inode_init_security(dentry, inode, dir);
                if (rc)
@@ -1323,16 +1460,17 @@ static int ll_new_node(struct inode *dir, struct dentry *dchild,
                       const char *tgt, umode_t mode, int rdev, __u32 opc)
 {
        struct qstr *name = &dchild->d_name;
-        struct ptlrpc_request *request = NULL;
-        struct md_op_data *op_data;
-        struct inode *inode = NULL;
-        struct ll_sb_info *sbi = ll_i2sbi(dir);
-        int tgt_len = 0;
-        int err;
+       struct ptlrpc_request *request = NULL;
+       struct md_op_data *op_data = NULL;
+       struct inode *inode = NULL;
+       struct ll_sb_info *sbi = ll_i2sbi(dir);
+       int tgt_len = 0;
+       bool encrypt = false;
+       int err;
 
-        ENTRY;
-        if (unlikely(tgt != NULL))
-                tgt_len = strlen(tgt) + 1;
+       ENTRY;
+       if (unlikely(tgt != NULL))
+               tgt_len = strlen(tgt) + 1;
 
 again:
        op_data = ll_prep_md_op_data(NULL, dir, NULL, name->name,
@@ -1349,6 +1487,24 @@ again:
                        GOTO(err_exit, err);
        }
 
+       if (ll_sbi_has_encrypt(sbi) &&
+           ((IS_ENCRYPTED(dir) &&
+           (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode))) ||
+           (unlikely(llcrypt_dummy_context_enabled(dir)) && S_ISDIR(mode)))) {
+               err = llcrypt_get_encryption_info(dir);
+               if (err)
+                       GOTO(err_exit, err);
+               if (!llcrypt_has_encryption_key(dir))
+                       GOTO(err_exit, err = -ENOKEY);
+               encrypt = true;
+       }
+
+       if (encrypt) {
+               err = llcrypt_inherit_context(dir, NULL, op_data, false);
+               if (err)
+                       GOTO(err_exit, err);
+       }
+
        err = md_create(sbi->ll_md_exp, op_data, tgt, tgt_len, mode,
                        from_kuid(&init_user_ns, current_fsuid()),
                        from_kgid(&init_user_ns, current_fsgid()),
@@ -1389,6 +1545,10 @@ again:
                        md.default_lmv->lsm_md_master_mdt_index =
                                lum->lum_stripe_offset;
                        md.default_lmv->lsm_md_hash_type = lum->lum_hash_type;
+                       md.default_lmv->lsm_md_max_inherit =
+                               lum->lum_max_inherit;
+                       md.default_lmv->lsm_md_max_inherit_rr =
+                               lum->lum_max_inherit_rr;
 
                        err = ll_update_inode(dir, &md);
                        md_free_lustre_md(sbi->ll_md_exp, &md);
@@ -1422,25 +1582,34 @@ again:
 
        CFS_FAIL_TIMEOUT(OBD_FAIL_LLITE_NEWNODE_PAUSE, cfs_fail_val);
 
-       err = ll_prep_inode(&inode, request, dchild->d_sb, NULL);
+       err = ll_prep_inode(&inode, &request->rq_pill, dchild->d_sb, NULL);
        if (err)
                GOTO(err_exit, err);
 
        if (sbi->ll_flags & LL_SBI_FILE_SECCTX) {
-               inode_lock(inode);
                /* must be done before d_instantiate, because it calls
                 * security_d_instantiate, which means a getxattr if security
                 * context is not set yet */
+               /* no need to protect selinux_inode_setsecurity() by
+                * inode_lock. Taking it would lead to a client deadlock
+                * LU-13617
+                */
                err = security_inode_notifysecctx(inode,
                                                  op_data->op_file_secctx,
                                                  op_data->op_file_secctx_size);
-               inode_unlock(inode);
                if (err)
                        GOTO(err_exit, err);
        }
 
        d_instantiate(dchild, inode);
 
+       if (encrypt) {
+               err = ll_set_encflags(inode, op_data->op_file_encctx,
+                                     op_data->op_file_encctx_size, true);
+               if (err)
+                       GOTO(err_exit, err);
+       }
+
        if (!(sbi->ll_flags & LL_SBI_FILE_SECCTX)) {
                err = ll_inode_init_security(dchild, inode, dir);
                if (err)
@@ -1455,144 +1624,95 @@ err_exit:
        if (!IS_ERR_OR_NULL(op_data))
                ll_finish_md_op_data(op_data);
 
-       return err;
+       RETURN(err);
 }
 
-static int ll_mknod(struct inode *dir, struct dentry *dchild, ll_umode_t mode,
+static int ll_mknod(struct inode *dir, struct dentry *dchild, umode_t mode,
                    dev_t rdev)
 {
-       struct qstr *name = &dchild->d_name;
+       ktime_t kstart = ktime_get();
        int err;
-        ENTRY;
+       ENTRY;
 
-       CDEBUG(D_VFSTRACE, "VFS Op:name=%.*s, dir="DFID"(%p) mode %o dev %x\n",
-              name->len, name->name, PFID(ll_inode2fid(dir)), dir,
-               mode, rdev);
+       CDEBUG(D_VFSTRACE, "VFS Op:name=%pd, dir="DFID"(%p) mode %o dev %x\n",
+              dchild, PFID(ll_inode2fid(dir)), dir, mode, rdev);
 
        if (!IS_POSIXACL(dir) || !exp_connect_umask(ll_i2mdexp(dir)))
                mode &= ~current_umask();
 
-        switch (mode & S_IFMT) {
-        case 0:
-                mode |= S_IFREG; /* for mode = 0 case, fallthrough */
-        case S_IFREG:
-        case S_IFCHR:
-        case S_IFBLK:
-        case S_IFIFO:
-        case S_IFSOCK:
+       switch (mode & S_IFMT) {
+       case 0:
+               mode |= S_IFREG;
+               /* fallthrough */
+       case S_IFREG:
+       case S_IFCHR:
+       case S_IFBLK:
+       case S_IFIFO:
+       case S_IFSOCK:
                err = ll_new_node(dir, dchild, NULL, mode, old_encode_dev(rdev),
                                  LUSTRE_OPC_MKNOD);
-                break;
-        case S_IFDIR:
-                err = -EPERM;
-                break;
-        default:
-                err = -EINVAL;
-        }
-
-        if (!err)
-                ll_stats_ops_tally(ll_i2sbi(dir), LPROC_LL_MKNOD, 1);
-
-        RETURN(err);
+               break;
+       case S_IFDIR:
+               err = -EPERM;
+               break;
+       default:
+               err = -EINVAL;
+       }
+
+       if (!err)
+               ll_stats_ops_tally(ll_i2sbi(dir), LPROC_LL_MKNOD,
+                                  ktime_us_delta(ktime_get(), kstart));
+
+       RETURN(err);
 }
 
-#ifdef HAVE_IOP_ATOMIC_OPEN
 /*
  * Plain create. Intent create is handled in atomic_open.
  */
 static int ll_create_nd(struct inode *dir, struct dentry *dentry,
                        umode_t mode, bool want_excl)
 {
+       ktime_t kstart = ktime_get();
        int rc;
 
        CFS_FAIL_TIMEOUT(OBD_FAIL_LLITE_CREATE_FILE_PAUSE, cfs_fail_val);
 
-       CDEBUG(D_VFSTRACE, "VFS Op:name=%.*s, dir="DFID"(%p), "
-                          "flags=%u, excl=%d\n", dentry->d_name.len,
-              dentry->d_name.name, PFID(ll_inode2fid(dir)),
-              dir, mode, want_excl);
+       CDEBUG(D_VFSTRACE,
+              "VFS Op:name=%pd, dir="DFID"(%p), flags=%u, excl=%d\n",
+              dentry, PFID(ll_inode2fid(dir)), dir, mode, want_excl);
 
        /* Using mknod(2) to create a regular file is designed to not recognize
         * volatile file name, so we use ll_mknod() here. */
        rc = ll_mknod(dir, dentry, mode, 0);
 
-       ll_stats_ops_tally(ll_i2sbi(dir), LPROC_LL_CREATE, 1);
+       CDEBUG(D_VFSTRACE, "VFS Op:name=%pd, unhashed %d\n",
+              dentry, d_unhashed(dentry));
 
-       CDEBUG(D_VFSTRACE, "VFS Op:name=%.*s, unhashed %d\n",
-              dentry->d_name.len, dentry->d_name.name, d_unhashed(dentry));
+       if (!rc)
+               ll_stats_ops_tally(ll_i2sbi(dir), LPROC_LL_CREATE,
+                                  ktime_us_delta(ktime_get(), kstart));
 
        return rc;
 }
-#else /* !HAVE_IOP_ATOMIC_OPEN */
-static int ll_create_nd(struct inode *dir, struct dentry *dentry,
-                       ll_umode_t mode, struct nameidata *nd)
-{
-       struct ll_dentry_data *lld = ll_d2d(dentry);
-       struct lookup_intent *it = NULL;
-       int rc;
-
-       CFS_FAIL_TIMEOUT(OBD_FAIL_LLITE_CREATE_FILE_PAUSE, cfs_fail_val);
-
-       if (lld != NULL)
-               it = lld->lld_it;
-
-       if (!it) {
-               /* LU-8559: use LUSTRE_OPC_CREATE for non atomic open case
-                * so that volatile file name is recoginized.
-                * Mknod(2), however, is designed to not recognize volatile
-                * file name to avoid inode leak under orphan directory until
-                * MDT reboot */
-               return ll_new_node(dir, dentry, NULL, mode, 0,
-                                  LUSTRE_OPC_CREATE);
-       }
-
-       lld->lld_it = NULL;
-
-       /* Was there an error? Propagate it! */
-       if (it->it_status) {
-               rc = it->it_status;
-               goto out;
-       }
-
-       rc = ll_create_it(dir, dentry, it, NULL, 0);
-       if (nd && (nd->flags & LOOKUP_OPEN) && dentry->d_inode) { /* Open */
-               struct file *filp;
-
-               nd->intent.open.file->private_data = it;
-               filp = lookup_instantiate_filp(nd, dentry, NULL);
-               if (IS_ERR(filp))
-                       rc = PTR_ERR(filp);
-        }
-
-out:
-        ll_intent_release(it);
-        OBD_FREE(it, sizeof(*it));
-
-        if (!rc)
-                ll_stats_ops_tally(ll_i2sbi(dir), LPROC_LL_CREATE, 1);
-
-        return rc;
-}
-#endif /* HAVE_IOP_ATOMIC_OPEN */
 
 static int ll_symlink(struct inode *dir, struct dentry *dchild,
                      const char *oldpath)
 {
-       struct qstr *name = &dchild->d_name;
+       ktime_t kstart = ktime_get();
        int err;
        ENTRY;
 
-       CDEBUG(D_VFSTRACE, "VFS Op:name=%.*s, dir="DFID"(%p), target=%.*s\n",
-              name->len, name->name, PFID(ll_inode2fid(dir)),
-              dir, 3000, oldpath);
+       CDEBUG(D_VFSTRACE, "VFS Op:name=%pd, dir="DFID"(%p), target=%.*s\n",
+              dchild, PFID(ll_inode2fid(dir)), dir, 3000, oldpath);
 
        err = ll_new_node(dir, dchild, oldpath, S_IFLNK | S_IRWXUGO, 0,
                          LUSTRE_OPC_SYMLINK);
 
-        if (!err)
-                ll_stats_ops_tally(ll_i2sbi(dir), LPROC_LL_SYMLINK, 1);
+       if (!err)
+               ll_stats_ops_tally(ll_i2sbi(dir), LPROC_LL_SYMLINK,
+                                  ktime_us_delta(ktime_get(), kstart));
 
-        RETURN(err);
+       RETURN(err);
 }
 
 static int ll_link(struct dentry *old_dentry, struct inode *dir,
@@ -1603,39 +1723,46 @@ static int ll_link(struct dentry *old_dentry, struct inode *dir,
        struct ll_sb_info *sbi = ll_i2sbi(dir);
        struct ptlrpc_request *request = NULL;
        struct md_op_data *op_data;
+       ktime_t kstart = ktime_get();
        int err;
 
        ENTRY;
-       CDEBUG(D_VFSTRACE, "VFS Op: inode="DFID"(%p), dir="DFID"(%p), "
-              "target=%.*s\n", PFID(ll_inode2fid(src)), src,
-              PFID(ll_inode2fid(dir)), dir, name->len, name->name);
-
-        op_data = ll_prep_md_op_data(NULL, src, dir, name->name, name->len,
-                                     0, LUSTRE_OPC_ANY, NULL);
-        if (IS_ERR(op_data))
-                RETURN(PTR_ERR(op_data));
-
-        err = md_link(sbi->ll_md_exp, op_data, &request);
-        ll_finish_md_op_data(op_data);
-        if (err)
-                GOTO(out, err);
-
-        ll_update_times(request, dir);
-        ll_stats_ops_tally(sbi, LPROC_LL_LINK, 1);
-        EXIT;
+       CDEBUG(D_VFSTRACE,
+              "VFS Op: inode="DFID"(%p), dir="DFID"(%p), target=%pd\n",
+              PFID(ll_inode2fid(src)), src,
+              PFID(ll_inode2fid(dir)), dir, new_dentry);
+
+       err = llcrypt_prepare_link(old_dentry, dir, new_dentry);
+       if (err)
+               RETURN(err);
+
+       op_data = ll_prep_md_op_data(NULL, src, dir, name->name, name->len,
+                                    0, LUSTRE_OPC_ANY, NULL);
+       if (IS_ERR(op_data))
+               RETURN(PTR_ERR(op_data));
+
+       err = md_link(sbi->ll_md_exp, op_data, &request);
+       ll_finish_md_op_data(op_data);
+       if (err)
+               GOTO(out, err);
+
+       ll_update_times(request, dir);
+       ll_stats_ops_tally(sbi, LPROC_LL_LINK,
+                          ktime_us_delta(ktime_get(), kstart));
+       EXIT;
 out:
-        ptlrpc_req_finished(request);
-        RETURN(err);
+       ptlrpc_req_finished(request);
+       RETURN(err);
 }
 
-static int ll_mkdir(struct inode *dir, struct dentry *dchild, ll_umode_t mode)
+static int ll_mkdir(struct inode *dir, struct dentry *dchild, umode_t mode)
 {
-       struct qstr *name = &dchild->d_name;
-        int err;
-        ENTRY;
+       ktime_t kstart = ktime_get();
+       int err;
+       ENTRY;
 
-       CDEBUG(D_VFSTRACE, "VFS Op:name=%.*s, dir="DFID"(%p)\n",
-              name->len, name->name, PFID(ll_inode2fid(dir)), dir);
+       CDEBUG(D_VFSTRACE, "VFS Op:name=%pd, dir="DFID"(%p)\n",
+              dchild, PFID(ll_inode2fid(dir)), dir);
 
        if (!IS_POSIXACL(dir) || !exp_connect_umask(ll_i2mdexp(dir)))
                mode &= ~current_umask();
@@ -1644,7 +1771,8 @@ static int ll_mkdir(struct inode *dir, struct dentry *dchild, ll_umode_t mode)
 
        err = ll_new_node(dir, dchild, NULL, mode, 0, LUSTRE_OPC_MKDIR);
        if (err == 0)
-               ll_stats_ops_tally(ll_i2sbi(dir), LPROC_LL_MKDIR, 1);
+               ll_stats_ops_tally(ll_i2sbi(dir), LPROC_LL_MKDIR,
+                                  ktime_us_delta(ktime_get(), kstart));
 
        RETURN(err);
 }
@@ -1652,35 +1780,54 @@ static int ll_mkdir(struct inode *dir, struct dentry *dchild, ll_umode_t mode)
 static int ll_rmdir(struct inode *dir, struct dentry *dchild)
 {
        struct qstr *name = &dchild->d_name;
-        struct ptlrpc_request *request = NULL;
-        struct md_op_data *op_data;
-        int rc;
-        ENTRY;
+       struct ptlrpc_request *request = NULL;
+       struct md_op_data *op_data;
+       ktime_t kstart = ktime_get();
+       int rc;
 
-       CDEBUG(D_VFSTRACE, "VFS Op:name=%.*s, dir="DFID"(%p)\n",
-              name->len, name->name, PFID(ll_inode2fid(dir)), dir);
+       ENTRY;
+
+       CDEBUG(D_VFSTRACE, "VFS Op:name=%pd, dir="DFID"(%p)\n",
+              dchild, PFID(ll_inode2fid(dir)), dir);
 
        if (unlikely(d_mountpoint(dchild)))
                 RETURN(-EBUSY);
 
-        op_data = ll_prep_md_op_data(NULL, dir, NULL, name->name, name->len,
-                                     S_IFDIR, LUSTRE_OPC_ANY, NULL);
-        if (IS_ERR(op_data))
-                RETURN(PTR_ERR(op_data));
+       /* some foreign dir may not be allowed to be removed */
+       if (!ll_foreign_is_removable(dchild, false))
+               RETURN(-EPERM);
+
+       op_data = ll_prep_md_op_data(NULL, dir, NULL, name->name, name->len,
+                                    S_IFDIR, LUSTRE_OPC_ANY, NULL);
+       if (IS_ERR(op_data))
+               RETURN(PTR_ERR(op_data));
 
        if (dchild->d_inode != NULL)
                op_data->op_fid3 = *ll_inode2fid(dchild->d_inode);
 
        op_data->op_fid2 = op_data->op_fid3;
-        rc = md_unlink(ll_i2sbi(dir)->ll_md_exp, op_data, &request);
-        ll_finish_md_op_data(op_data);
-        if (rc == 0) {
-                ll_update_times(request, dir);
-                ll_stats_ops_tally(ll_i2sbi(dir), LPROC_LL_RMDIR, 1);
-        }
+       rc = md_unlink(ll_i2sbi(dir)->ll_md_exp, op_data, &request);
+       ll_finish_md_op_data(op_data);
+       if (!rc) {
+               struct mdt_body *body;
 
-        ptlrpc_req_finished(request);
-        RETURN(rc);
+               ll_update_times(request, dir);
+               ll_stats_ops_tally(ll_i2sbi(dir), LPROC_LL_RMDIR,
+                                  ktime_us_delta(ktime_get(), kstart));
+
+               /*
+                * The server puts attributes in on the last unlink, use them
+                * to update the link count so the inode can be freed
+                * immediately.
+                */
+               body = req_capsule_server_get(&request->rq_pill, &RMF_MDT_BODY);
+               if (body->mbo_valid & OBD_MD_FLNLINK)
+                       set_nlink(dchild->d_inode, body->mbo_nlink);
+       }
+
+       ptlrpc_req_finished(request);
+
+       RETURN(rc);
 }
 
 /**
@@ -1690,6 +1837,7 @@ int ll_rmdir_entry(struct inode *dir, char *name, int namelen)
 {
        struct ptlrpc_request *request = NULL;
        struct md_op_data *op_data;
+       ktime_t kstart = ktime_get();
        int rc;
        ENTRY;
 
@@ -1703,12 +1851,13 @@ int ll_rmdir_entry(struct inode *dir, char *name, int namelen)
        op_data->op_cli_flags |= CLI_RM_ENTRY;
        rc = md_unlink(ll_i2sbi(dir)->ll_md_exp, op_data, &request);
        ll_finish_md_op_data(op_data);
-       if (rc == 0) {
+       if (!rc)
                ll_update_times(request, dir);
-               ll_stats_ops_tally(ll_i2sbi(dir), LPROC_LL_RMDIR, 1);
-       }
 
        ptlrpc_req_finished(request);
+       if (!rc)
+               ll_stats_ops_tally(ll_i2sbi(dir), LPROC_LL_RMDIR,
+                                  ktime_us_delta(ktime_get(), kstart));
        RETURN(rc);
 }
 
@@ -1718,10 +1867,13 @@ static int ll_unlink(struct inode *dir, struct dentry *dchild)
        struct ptlrpc_request *request = NULL;
        struct md_op_data *op_data;
        struct mdt_body *body;
+       ktime_t kstart = ktime_get();
        int rc;
+
        ENTRY;
-       CDEBUG(D_VFSTRACE, "VFS Op:name=%.*s, dir="DFID"(%p)\n",
-              name->len, name->name, PFID(ll_inode2fid(dir)), dir);
+
+       CDEBUG(D_VFSTRACE, "VFS Op:name=%pd, dir="DFID"(%p)\n",
+              dchild, PFID(ll_inode2fid(dir)), dir);
 
        /*
         * XXX: unlink bind mountpoint maybe call to here,
@@ -1730,13 +1882,21 @@ static int ll_unlink(struct inode *dir, struct dentry *dchild)
        if (unlikely(d_mountpoint(dchild)))
                RETURN(-EBUSY);
 
+       /* some foreign file/dir may not be allowed to be unlinked */
+       if (!ll_foreign_is_removable(dchild, false))
+               RETURN(-EPERM);
+
        op_data = ll_prep_md_op_data(NULL, dir, NULL, name->name, name->len, 0,
                                     LUSTRE_OPC_ANY, NULL);
        if (IS_ERR(op_data))
                RETURN(PTR_ERR(op_data));
 
        op_data->op_fid3 = *ll_inode2fid(dchild->d_inode);
-
+       /* notify lower layer if inode has dirty pages */
+       if (S_ISREG(dchild->d_inode->i_mode) &&
+           ll_i2info(dchild->d_inode)->lli_clob &&
+           dirty_cnt(dchild->d_inode))
+               op_data->op_cli_flags |= CLI_DIRTY_DATA;
        op_data->op_fid2 = op_data->op_fid3;
        rc = md_unlink(ll_i2sbi(dir)->ll_md_exp, op_data, &request);
        ll_finish_md_op_data(op_data);
@@ -1752,10 +1912,12 @@ static int ll_unlink(struct inode *dir, struct dentry *dchild)
                set_nlink(dchild->d_inode, body->mbo_nlink);
 
        ll_update_times(request, dir);
-       ll_stats_ops_tally(ll_i2sbi(dir), LPROC_LL_UNLINK, 1);
 
 out:
        ptlrpc_req_finished(request);
+       if (!rc)
+               ll_stats_ops_tally(ll_i2sbi(dir), LPROC_LL_UNLINK,
+                                  ktime_us_delta(ktime_get(), kstart));
        RETURN(rc);
 }
 
@@ -1771,6 +1933,8 @@ static int ll_rename(struct inode *src, struct dentry *src_dchild,
        struct ptlrpc_request *request = NULL;
        struct ll_sb_info *sbi = ll_i2sbi(src);
        struct md_op_data *op_data;
+       ktime_t kstart = ktime_get();
+       umode_t mode = 0;
        int err;
        ENTRY;
 
@@ -1779,49 +1943,67 @@ static int ll_rename(struct inode *src, struct dentry *src_dchild,
                return -EINVAL;
 #endif
 
-       CDEBUG(D_VFSTRACE, "VFS Op:oldname=%.*s, src_dir="DFID
-              "(%p), newname=%.*s, tgt_dir="DFID"(%p)\n",
-              src_name->len, src_name->name,
-              PFID(ll_inode2fid(src)), src, tgt_name->len,
-              tgt_name->name, PFID(ll_inode2fid(tgt)), tgt);
+       CDEBUG(D_VFSTRACE,
+              "VFS Op:oldname=%pd, src_dir="DFID"(%p), newname=%pd, tgt_dir="DFID"(%p)\n",
+              src_dchild, PFID(ll_inode2fid(src)), src,
+              tgt_dchild, PFID(ll_inode2fid(tgt)), tgt);
 
        if (unlikely(d_mountpoint(src_dchild) || d_mountpoint(tgt_dchild)))
                RETURN(-EBUSY);
 
-       op_data = ll_prep_md_op_data(NULL, src, tgt, NULL, 0, 0,
+#ifdef HAVE_IOPS_RENAME_WITH_FLAGS
+       err = llcrypt_prepare_rename(src, src_dchild, tgt, tgt_dchild, flags);
+#else
+       err = llcrypt_prepare_rename(src, src_dchild, tgt, tgt_dchild, 0);
+#endif
+       if (err)
+               RETURN(err);
+       /* we prevent an encrypted file from being renamed
+        * into an unencrypted dir
+        */
+       if (IS_ENCRYPTED(src) && !IS_ENCRYPTED(tgt))
+               RETURN(-EXDEV);
+
+       if (src_dchild->d_inode)
+               mode = src_dchild->d_inode->i_mode;
+
+       if (tgt_dchild->d_inode)
+               mode = tgt_dchild->d_inode->i_mode;
+
+       op_data = ll_prep_md_op_data(NULL, src, tgt, NULL, 0, mode,
                                     LUSTRE_OPC_ANY, NULL);
        if (IS_ERR(op_data))
                RETURN(PTR_ERR(op_data));
 
-       if (src_dchild->d_inode != NULL)
+       if (src_dchild->d_inode)
                op_data->op_fid3 = *ll_inode2fid(src_dchild->d_inode);
 
-       if (tgt_dchild->d_inode != NULL)
+       if (tgt_dchild->d_inode)
                op_data->op_fid4 = *ll_inode2fid(tgt_dchild->d_inode);
 
-        err = md_rename(sbi->ll_md_exp, op_data,
-                        src_name->name, src_name->len,
-                        tgt_name->name, tgt_name->len, &request);
-        ll_finish_md_op_data(op_data);
-        if (!err) {
-                ll_update_times(request, src);
-                ll_update_times(request, tgt);
-                ll_stats_ops_tally(sbi, LPROC_LL_RENAME, 1);
-        }
+       err = md_rename(sbi->ll_md_exp, op_data,
+                       src_name->name, src_name->len,
+                       tgt_name->name, tgt_name->len, &request);
+       ll_finish_md_op_data(op_data);
+       if (!err) {
+               ll_update_times(request, src);
+               ll_update_times(request, tgt);
+       }
 
-        ptlrpc_req_finished(request);
+       ptlrpc_req_finished(request);
 
-       if (err == 0)
+       if (!err) {
                d_move(src_dchild, tgt_dchild);
+               ll_stats_ops_tally(sbi, LPROC_LL_RENAME,
+                                  ktime_us_delta(ktime_get(), kstart));
+       }
 
        RETURN(err);
 }
 
 const struct inode_operations ll_dir_inode_operations = {
        .mknod          = ll_mknod,
-#ifdef HAVE_IOP_ATOMIC_OPEN
        .atomic_open    = ll_atomic_open,
-#endif
        .lookup         = ll_lookup_nd,
        .create         = ll_create_nd,
        /* We need all these non-raw things for NFSD, to not patch it. */
@@ -1840,9 +2022,7 @@ const struct inode_operations ll_dir_inode_operations = {
        .removexattr    = ll_removexattr,
 #endif
        .listxattr      = ll_listxattr,
-#ifdef HAVE_IOP_GET_ACL
        .get_acl        = ll_get_acl,
-#endif
 #ifdef HAVE_IOP_SET_ACL
        .set_acl        = ll_set_acl,
 #endif
@@ -1858,9 +2038,7 @@ const struct inode_operations ll_special_inode_operations = {
        .removexattr    = ll_removexattr,
 #endif
        .listxattr      = ll_listxattr,
-#ifdef HAVE_IOP_GET_ACL
        .get_acl        = ll_get_acl,
-#endif
 #ifdef HAVE_IOP_SET_ACL
        .set_acl        = ll_set_acl,
 #endif
Lustre primary development and releases