X-Git-Url: https://git.whamcloud.com/?p=fs%2Flustre-release.git;a=blobdiff_plain;f=lustre%2Fllite%2Fdir.c;h=a452779dba814f1a3af6a1a69360e5c8a89653f7;hp=da837911f873c86e2ec76719a3e1a3927564e658;hb=f87359b51f61a4baa9bf62faebb6625d518d23b4;hpb=186b97e68abbc45c0e8d5ae7e2a0d10aaa918db6

diff --git a/lustre/llite/dir.c b/lustre/llite/dir.c
index da83791..a452779 100644
--- a/lustre/llite/dir.c
+++ b/lustre/llite/dir.c
@@ -50,6 +50,7 @@
 #include <obd_support.h>
 #include <obd_class.h>
 #include <uapi/linux/lustre/lustre_ioctl.h>
+#include <uapi/linux/llcrypt.h>
 #include <lustre_lib.h>
 #include <lustre_dlm.h>
 #include <lustre_fid.h>
@@ -175,29 +176,6 @@ void ll_release_page(struct inode *inode, struct page *page,
 	put_page(page);
 }
 
-/**
- * return IF_* type for given lu_dirent entry.
- * IF_* flag shld be converted to particular OS file type in
- * platform llite module.
- */
-static u16 ll_dirent_type_get(struct lu_dirent *ent)
-{
-	u16 type = 0;
-	struct luda_type *lt;
-	int len = 0;
-
-	if (le32_to_cpu(ent->lde_attrs) & LUDA_TYPE) {
-		const unsigned align = sizeof(struct luda_type) - 1;
-
-		len = le16_to_cpu(ent->lde_namelen);
-		len = (len + align) & ~align;
-		lt = (void *)ent->lde_name + len;
-		type = IFTODT(le16_to_cpu(lt->lt_type));
-	}
-
-	return type;
-}
-
 #ifdef HAVE_DIR_CONTEXT
 int ll_dir_read(struct inode *inode, __u64 *ppos, struct md_op_data *op_data,
 		struct dir_context *ctx)
@@ -256,7 +234,7 @@ int ll_dir_read(struct inode *inode, __u64 *ppos, struct md_op_data *op_data,
 				lhash = hash;
 			fid_le_to_cpu(&fid, &ent->lde_fid);
 			ino = cl_fid_build_ino(&fid, is_api32);
-			type = ll_dirent_type_get(ent);
+			type = IFTODT(lu_dirent_type_get(ent));
 			/* For ll_nfs_get_name_filldir(), it will try to access
 			 * 'ent' through 'lde_name', so the parameter 'name'
 			 * for 'filldir()' must be part of the 'ent'. */
@@ -440,6 +418,7 @@ static int ll_dir_setdirstripe(struct dentry *dparent, struct lmv_user_md *lump,
 						  strlen(dirname)),
 		},
 	};
+	bool encrypt = false;
 	int err;
 	ENTRY;
 
@@ -499,6 +478,16 @@ static int ll_dir_setdirstripe(struct dentry *dparent, struct lmv_user_md *lump,
 	if (IS_ERR(op_data))
 		RETURN(PTR_ERR(op_data));
 
+	if (IS_ENCRYPTED(parent) ||
+	    unlikely(llcrypt_dummy_context_enabled(parent))) {
+		err = llcrypt_get_encryption_info(parent);
+		if (err)
+			GOTO(out_op_data, err);
+		if (!llcrypt_has_encryption_key(parent))
+			GOTO(out_op_data, err = -ENOKEY);
+		encrypt = true;
+	}
+
 	if (sbi->ll_flags & LL_SBI_FILE_SECCTX) {
 		/* selinux_dentry_init_security() uses dentry->d_parent and name
 		 * to determine the security context for the file. So our fake
@@ -528,17 +517,25 @@ static int ll_dir_setdirstripe(struct dentry *dparent, struct lmv_user_md *lump,
 	dentry.d_inode = inode;
 
 	if (sbi->ll_flags & LL_SBI_FILE_SECCTX) {
-		inode_lock(inode);
+		/* no need to protect selinux_inode_setsecurity() by
+		 * inode_lock. Taking it would lead to a client deadlock
+		 * LU-13617
+		 */
 		err = security_inode_notifysecctx(inode,
 						  op_data->op_file_secctx,
 						  op_data->op_file_secctx_size);
-		inode_unlock(inode);
 	} else {
 		err = ll_inode_init_security(&dentry, inode, parent);
 	}
 	if (err)
 		GOTO(out_inode, err);
 
+	if (encrypt) {
+		err = llcrypt_inherit_context(parent, inode, NULL, false);
+		if (err)
+			GOTO(out_inode, err);
+	}
+
 out_inode:
 	if (inode != NULL)
 		iput(inode);
@@ -1043,7 +1040,7 @@ static int copy_and_ct_start(int cmd, struct obd_export *exp,
 
 		count = 0;
 		for (i = 0; i < sizeof(archive_mask) * 8; i++) {
-			if ((1 << i) & archive_mask) {
+			if (BIT(i) & archive_mask) {
 				lk->lk_data[count] = i + 1;
 				count++;
 			}
@@ -2105,9 +2102,9 @@ migrate_free:
 
 		RETURN(rc);
 	}
-	case LL_IOC_FSGETXATTR:
+	case FS_IOC_FSGETXATTR:
 		RETURN(ll_ioctl_fsgetxattr(inode, cmd, arg));
-	case LL_IOC_FSSETXATTR:
+	case FS_IOC_FSSETXATTR:
 		RETURN(ll_ioctl_fssetxattr(inode, cmd, arg));
 	case LL_IOC_PCC_DETACH_BY_FID: {
 		struct lu_pcc_detach_fid *detach;
@@ -2146,6 +2143,33 @@ out_detach:
 		OBD_FREE_PTR(detach);
 		RETURN(rc);
 	}
+#ifdef HAVE_LUSTRE_CRYPTO
+	case LL_IOC_SET_ENCRYPTION_POLICY:
+		if (!ll_sbi_has_encrypt(ll_i2sbi(inode)))
+			return -EOPNOTSUPP;
+		return llcrypt_ioctl_set_policy(file, (const void __user *)arg);
+	case LL_IOC_GET_ENCRYPTION_POLICY_EX:
+		if (!ll_sbi_has_encrypt(ll_i2sbi(inode)))
+			return -EOPNOTSUPP;
+		return llcrypt_ioctl_get_policy_ex(file, (void __user *)arg);
+	case LL_IOC_ADD_ENCRYPTION_KEY:
+		if (!ll_sbi_has_encrypt(ll_i2sbi(inode)))
+			return -EOPNOTSUPP;
+		return llcrypt_ioctl_add_key(file, (void __user *)arg);
+	case LL_IOC_REMOVE_ENCRYPTION_KEY:
+		if (!ll_sbi_has_encrypt(ll_i2sbi(inode)))
+			return -EOPNOTSUPP;
+		return llcrypt_ioctl_remove_key(file, (void __user *)arg);
+	case LL_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
+		if (!ll_sbi_has_encrypt(ll_i2sbi(inode)))
+			return -EOPNOTSUPP;
+		return llcrypt_ioctl_remove_key_all_users(file,
+							  (void __user *)arg);
+	case LL_IOC_GET_ENCRYPTION_KEY_STATUS:
+		if (!ll_sbi_has_encrypt(ll_i2sbi(inode)))
+			return -EOPNOTSUPP;
+		return llcrypt_ioctl_get_key_status(file, (void __user *)arg);
+#endif
 	default:
 		RETURN(obd_iocontrol(cmd, sbi->ll_dt_exp, 0, NULL,
 				     (void __user *)arg));