Whamcloud - gitweb
git://git.whamcloud.com / fs / lustre-release.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5ba2cc6) | patch
LU-12275 sec: add llcrypt as file encryption library 27/38127/6
authorSebastien Buisson <sbuisson@ddn.com>
Wed, 25 Mar 2020 16:43:33 +0000 (16:43 +0000)
committerOleg Drokin <green@whamcloud.com>
Fri, 1 May 2020 04:26:36 +0000 (04:26 +0000)
commita813e81870096bcfecbe12aeeed8e1b0114cd474
treebf49170f62c6967b543fcfe9092832d48f025963tree | snapshot
parent5ba2cc615ba9e60075412cecbce9edaaf3eea2e3commit | diff
LU-12275 sec: add llcrypt as file encryption library

Include fscrypt sources from Linux 5.4 into libcfs kernel module.
All fscrypt_ prefixes have been replaced with llcrypt_ to avoid
collision. For the exact transformations carried out, please see
script contrib/scripts/fscrypt_inclusion.sh, and patches under
contrib/scripts/crypto_patches/.

This llcrypt library will be built if kernel provides minimum
encryption support, ie IS_ENCRYPTED and S_ENCRYPTED.
If kernel provides support for encryption policies v2 (included in
Linux 5.4), then llcrypt library will not be built, and in-kernel
fscrypt will be used instead.

To be independent as much as possible from the kernel, llcrypt relies
on a new 'lsi_cop' field added to struct lustre_sb_info, to point to
struct llcrypt_operations, and makes use of the new 'lsi_master_keys'
field to store file system keys. llcrypt also uses i_private field on
struct inode to store file-specific enryption info.

Test-Parameters: trivial
Test-Parameters: clientdistro=ubuntu1804 testgroup=review-ldiskfs
Test-Parameters: clientdistro=el8.1 testgroup=review-ldiskfs
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: Ide2431b0c3381214aed2e54dd3084132e9545ca8
Reviewed-on: https://review.whamcloud.com/38127
Tested-by: jenkins <devops@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Yang Sheng <ys@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
52 files changed:
MAINTAINERS diff | blob | history
autoMakefile.am diff | blob | history
config/lustre-build-ldiskfs.m4 diff | blob | history
config/lustre-build.m4 diff | blob | history
contrib/scripts/crypto_patches/0001_llcrypt_private_include.patch [new file with mode: 0644] blob
contrib/scripts/crypto_patches/0002_dcache_encrypted_name.patch [new file with mode: 0644] blob
contrib/scripts/crypto_patches/0003_keyring_search_4args.patch [new file with mode: 0644] blob
contrib/scripts/crypto_patches/0004_master_keys.patch [new file with mode: 0644] blob
contrib/scripts/crypto_patches/0005_crypto_tfm_req_forbid_weak_keys.patch [new file with mode: 0644] blob
contrib/scripts/crypto_patches/0006_bvec_iter_all.patch [new file with mode: 0644] blob
contrib/scripts/crypto_patches/0007_crypto_init.patch [new file with mode: 0644] blob
contrib/scripts/crypto_patches/0008_key_desc_prefix.patch [new file with mode: 0644] blob
contrib/scripts/crypto_patches/0009_lsi_cop.patch [new file with mode: 0644] blob
contrib/scripts/crypto_patches/0010_llcrypt_info.patch [new file with mode: 0644] blob
contrib/scripts/crypto_patches/0011_llcrypt_cleanup.patch [new file with mode: 0644] blob
contrib/scripts/crypto_patches/0012_igrab.patch [new file with mode: 0644] blob
contrib/scripts/crypto_patches/0013_dentry_path_raw.patch [new file with mode: 0644] blob
contrib/scripts/crypto_patches/0014_cdebug.patch [new file with mode: 0644] blob
contrib/scripts/crypto_patches/0015_llcrypt_include.patch [new file with mode: 0644] blob
contrib/scripts/crypto_patches/series [new file with mode: 0644] blob
contrib/scripts/fscrypt_inclusion.sh [new file with mode: 0755] blob
debian/rules diff | blob | history
libcfs/autoconf/lustre-libcfs.m4 diff | blob | history
libcfs/include/Makefile.am diff | blob | history
libcfs/include/libcfs/Makefile.am diff | blob | history
libcfs/include/libcfs/crypto/.gitignore [new file with mode: 0644] blob
libcfs/include/libcfs/crypto/Makefile.am [new file with mode: 0644] blob
libcfs/include/libcfs/crypto/llcrypt.h [new file with mode: 0644] blob
libcfs/include/uapi/.gitignore [new file with mode: 0644] blob
libcfs/include/uapi/Makefile.am [new file with mode: 0644] blob
libcfs/include/uapi/linux/.gitignore [new file with mode: 0644] blob
libcfs/include/uapi/linux/Makefile.am [new file with mode: 0644] blob
libcfs/include/uapi/linux/llcrypt.h [new file with mode: 0644] blob
libcfs/libcfs/Makefile.in diff | blob | history
libcfs/libcfs/autoMakefile.am diff | blob | history
libcfs/libcfs/crypto/.gitignore [new file with mode: 0644] blob
libcfs/libcfs/crypto/ChangeLog [new file with mode: 0644] blob
libcfs/libcfs/crypto/Makefile.am [new file with mode: 0644] blob
libcfs/libcfs/crypto/bio.c [new file with mode: 0644] blob
libcfs/libcfs/crypto/crypto.c [new file with mode: 0644] blob
libcfs/libcfs/crypto/fname.c [new file with mode: 0644] blob
libcfs/libcfs/crypto/hkdf.c [new file with mode: 0644] blob
libcfs/libcfs/crypto/hooks.c [new file with mode: 0644] blob
libcfs/libcfs/crypto/keyring.c [new file with mode: 0644] blob
libcfs/libcfs/crypto/keysetup.c [new file with mode: 0644] blob
libcfs/libcfs/crypto/keysetup_v1.c [new file with mode: 0644] blob
libcfs/libcfs/crypto/llcrypt_private.h [new file with mode: 0644] blob
libcfs/libcfs/crypto/policy.c [new file with mode: 0644] blob
libcfs/libcfs/module.c diff | blob | history
lustre/autoconf/lustre-core.m4 diff | blob | history
lustre/include/lustre_disk.h diff | blob | history
lustre/obdclass/obd_mount.c diff | blob | history
Lustre primary development and releases