}
if (bits & MDS_INODELOCK_XATTR) {
- ll_xattr_cache_destroy(inode);
+ ll_xattr_cache_empty(inode);
bits &= ~MDS_INODELOCK_XATTR;
}
int rc;
char secctx_name[XATTR_NAME_MAX + 1];
struct llcrypt_name fname;
-
+ struct lu_fid fid;
ENTRY;
if (dentry->d_name.len > ll_i2sbi(parent)->ll_namelen)
* not exported function) and call it from ll_revalidate_dentry(), to
* ensure we do not cache stale dentries after a key has been added.
*/
- rc = ll_setup_filename(parent, &dentry->d_name, 1, &fname);
+ rc = ll_setup_filename(parent, &dentry->d_name, 1, &fname, &fid);
if ((!rc || rc == -ENOENT) && fname.is_ciphertext_name) {
spin_lock(&dentry->d_lock);
dentry->d_flags |= DCACHE_ENCRYPTED_NAME;
llcrypt_free_filename(&fname);
RETURN(ERR_CAST(op_data));
}
+ if (!fid_is_zero(&fid)) {
+ op_data->op_fid2 = fid;
+ op_data->op_bias = MDS_FID_OP;
+ if (it->it_op & IT_OPEN)
+ it->it_flags |= MDS_OPEN_BY_FID;
+ }
/* enforce umask if acl disabled or MDS doesn't support umask */
if (!IS_POSIXACL(parent) || !exp_connect_umask(ll_i2mdexp(parent)))
it->it_create_mode &= ~current_umask();
if (it->it_op & IT_CREAT &&
- ll_i2sbi(parent)->ll_flags & LL_SBI_FILE_SECCTX) {
+ test_bit(LL_SBI_FILE_SECCTX, ll_i2sbi(parent)->ll_flags)) {
rc = ll_dentry_init_security(dentry, it->it_create_mode,
&dentry->d_name,
&op_data->op_file_secctx_name,
if (IS_ERR(inode))
RETURN(PTR_ERR(inode));
- if ((ll_i2sbi(inode)->ll_flags & LL_SBI_FILE_SECCTX) &&
- secctx != NULL) {
+ if (test_bit(LL_SBI_FILE_SECCTX, ll_i2sbi(inode)->ll_flags) &&
+ secctx) {
/* must be done before d_instantiate, because it calls
* security_d_instantiate, which means a getxattr if security
* context is not set yet */
RETURN(rc);
}
- if (!(ll_i2sbi(inode)->ll_flags & LL_SBI_FILE_SECCTX)) {
+ if (!test_bit(LL_SBI_FILE_SECCTX, ll_i2sbi(inode)->ll_flags)) {
rc = ll_inode_init_security(dentry, inode, dir);
if (rc)
RETURN(rc);
}
static int ll_new_node(struct inode *dir, struct dentry *dchild,
- const char *tgt, umode_t mode, int rdev, __u32 opc)
+ const char *tgt, umode_t mode, __u64 rdev, __u32 opc)
{
struct qstr *name = &dchild->d_name;
struct ptlrpc_request *request = NULL;
struct md_op_data *op_data = NULL;
struct inode *inode = NULL;
struct ll_sb_info *sbi = ll_i2sbi(dir);
- int tgt_len = 0;
+ struct llcrypt_str *disk_link = NULL;
bool encrypt = false;
int err;
ENTRY;
- if (unlikely(tgt != NULL))
- tgt_len = strlen(tgt) + 1;
+ if (unlikely(tgt != NULL)) {
+ disk_link = (struct llcrypt_str *)rdev;
+ rdev = 0;
+ if (!disk_link)
+ RETURN(-EINVAL);
+ }
again:
op_data = ll_prep_md_op_data(NULL, dir, NULL, name->name,
if (S_ISDIR(mode))
ll_qos_mkdir_prep(op_data, dir);
- if (sbi->ll_flags & LL_SBI_FILE_SECCTX) {
+ if (test_bit(LL_SBI_FILE_SECCTX, sbi->ll_flags)) {
err = ll_dentry_init_security(dchild, mode, &dchild->d_name,
&op_data->op_file_secctx_name,
&op_data->op_file_secctx,
err = llcrypt_inherit_context(dir, NULL, op_data, false);
if (err)
GOTO(err_exit, err);
+
+ if (S_ISLNK(mode)) {
+ /* llcrypt needs inode to encrypt target name, so create
+ * a fake inode and associate encryption context got
+ * from llcrypt_inherit_context.
+ */
+ struct inode *fakeinode =
+ dchild->d_sb->s_op->alloc_inode(dchild->d_sb);
+
+ if (!fakeinode)
+ GOTO(err_exit, err = -ENOMEM);
+ fakeinode->i_sb = dchild->d_sb;
+ fakeinode->i_mode |= S_IFLNK;
+#ifdef IOP_XATTR
+ fakeinode->i_opflags |= IOP_XATTR;
+#endif
+ ll_lli_init(ll_i2info(fakeinode));
+ err = ll_set_encflags(fakeinode,
+ op_data->op_file_encctx,
+ op_data->op_file_encctx_size,
+ true);
+ if (!err)
+ err = __llcrypt_encrypt_symlink(fakeinode, tgt,
+ strlen(tgt),
+ disk_link);
+
+ ll_xattr_cache_destroy(fakeinode);
+ llcrypt_put_encryption_info(fakeinode);
+ dchild->d_sb->s_op->destroy_inode(fakeinode);
+ if (err)
+ GOTO(err_exit, err);
+ }
}
- err = md_create(sbi->ll_md_exp, op_data, tgt, tgt_len, mode,
+ err = md_create(sbi->ll_md_exp, op_data, tgt ? disk_link->name : NULL,
+ tgt ? disk_link->len : 0, mode,
from_kuid(&init_user_ns, current_fsuid()),
from_kgid(&init_user_ns, current_fsgid()),
current_cap(), rdev, &request);
if (err)
GOTO(err_exit, err);
- if (sbi->ll_flags & LL_SBI_FILE_SECCTX) {
+ if (test_bit(LL_SBI_FILE_SECCTX, sbi->ll_flags)) {
/* must be done before d_instantiate, because it calls
* security_d_instantiate, which means a getxattr if security
* context is not set yet */
op_data->op_file_encctx_size, true);
if (err)
GOTO(err_exit, err);
+
+ if (S_ISLNK(mode)) {
+ struct ll_inode_info *lli = ll_i2info(inode);
+
+ /* Cache the plaintext symlink target
+ * for later use by get_link()
+ */
+ OBD_ALLOC(lli->lli_symlink_name, strlen(tgt) + 1);
+ /* do not return an error if we cannot
+ * cache the symlink locally
+ */
+ if (lli->lli_symlink_name)
+ memcpy(lli->lli_symlink_name,
+ tgt, strlen(tgt) + 1);
+ }
}
- if (!(sbi->ll_flags & LL_SBI_FILE_SECCTX)) {
+ if (!test_bit(LL_SBI_FILE_SECCTX, sbi->ll_flags)) {
err = ll_inode_init_security(dchild, inode, dir);
if (err)
GOTO(err_exit, err);
const char *oldpath)
{
ktime_t kstart = ktime_get();
+ int len = strlen(oldpath);
+ struct llcrypt_str disk_link;
int err;
ENTRY;
CDEBUG(D_VFSTRACE, "VFS Op:name=%pd, dir="DFID"(%p), target=%.*s\n",
dchild, PFID(ll_inode2fid(dir)), dir, 3000, oldpath);
- err = ll_new_node(dir, dchild, oldpath, S_IFLNK | S_IRWXUGO, 0,
- LUSTRE_OPC_SYMLINK);
+ err = llcrypt_prepare_symlink(dir, oldpath, len, dir->i_sb->s_blocksize,
+ &disk_link);
+ if (err)
+ RETURN(err);
+
+ err = ll_new_node(dir, dchild, oldpath, S_IFLNK | S_IRWXUGO,
+ (__u64)&disk_link, LUSTRE_OPC_SYMLINK);
+
+ if (disk_link.name != (unsigned char *)oldpath)
+ kfree(disk_link.name);
if (!err)
ll_stats_ops_tally(ll_i2sbi(dir), LPROC_LL_SYMLINK,
if (dchild->d_inode != NULL)
op_data->op_fid3 = *ll_inode2fid(dchild->d_inode);
- op_data->op_fid2 = op_data->op_fid3;
+ if (fid_is_zero(&op_data->op_fid2))
+ op_data->op_fid2 = op_data->op_fid3;
rc = md_unlink(ll_i2sbi(dir)->ll_md_exp, op_data, &request);
ll_finish_md_op_data(op_data);
if (!rc) {
ll_i2info(dchild->d_inode)->lli_clob &&
dirty_cnt(dchild->d_inode))
op_data->op_cli_flags |= CLI_DIRTY_DATA;
- op_data->op_fid2 = op_data->op_fid3;
+ if (fid_is_zero(&op_data->op_fid2))
+ op_data->op_fid2 = op_data->op_fid3;
rc = md_unlink(ll_i2sbi(dir)->ll_md_exp, op_data, &request);
ll_finish_md_op_data(op_data);
if (rc)
if (tgt_dchild->d_inode)
op_data->op_fid4 = *ll_inode2fid(tgt_dchild->d_inode);
- err = ll_setup_filename(src, &src_dchild->d_name, 1, &foldname);
+ err = ll_setup_filename(src, &src_dchild->d_name, 1, &foldname, NULL);
if (err)
RETURN(err);
- err = ll_setup_filename(tgt, &tgt_dchild->d_name, 1, &fnewname);
+ err = ll_setup_filename(tgt, &tgt_dchild->d_name, 1, &fnewname, NULL);
if (err) {
llcrypt_free_filename(&foldname);
RETURN(err);