Branch: b_hd_crypto

some fixes about crypto api
1)some debug info fix
2)reorganize the code for mds_set_gskey

diff --git a/lustre/llite/llite_gs.c b/lustre/llite/llite_gs.c
index bc1577a..9f75957 100644 (file)
--- a/lustre/llite/llite_gs.c
+++ b/lustre/llite/llite_gs.c
@@ -477,11 +477,12 @@ static int ll_crypt_cb(struct page *page, __u64 offset, __u64 count,
         CDEBUG(D_INFO, "data_key is "LPU64" \n", data_key);
         /*encrypt the data*/
         ptr = (char *)kmap(page);
+        key_ptr = ptr;
         ptr += offset; 
         CDEBUG(D_INFO, "ptr is %s \n", ptr);
         for (i = 0; i < count; i++) 
-                *ptr++ ^= data_key; 
-        CDEBUG(D_INFO, "encrypted ptr is %s \n", ptr);
+                *ptr++ ^= (__u8)data_key; 
+        CDEBUG(D_INFO, "encrypted ptr is %s \n", key_ptr);
         kunmap(page);
         
         RETURN(0); 
@@ -570,7 +571,8 @@ int ll_mks_create_key(struct inode *inode, struct lookup_intent *it)
                 OBD_FREE(lustre_data->it_key, sizeof(struct crypto_key));
         }
         OBD_ALLOC(crypto_key, sizeof(struct crypto_key));
-        
+       
+        crypto_key->ck_type = MKS_TYPE;
         lustre_data->it_key = crypto_key; 
         lustre_data->it_key_size = sizeof(struct crypto_key); 
         RETURN(rc);

diff --git a/lustre/mds/handler.c b/lustre/mds/handler.c
index 2a9fda7..089e7bc 100644 (file)
--- a/lustre/mds/handler.c
+++ b/lustre/mds/handler.c
@@ -333,7 +333,7 @@ struct dentry *mds_id2dentry(struct obd_device *obd, struct lustre_id *id,
         struct mds_obd *mds = &obd->u.mds;
         struct dentry *result;
         struct inode *inode;
-        unsigned long ino;
+        unsigned long ino = 0;
         __u32 generation;
         char idname[32];
 

diff --git a/lustre/mds/mds_lib.c b/lustre/mds/mds_lib.c
index 4584f1c..a71bc99 100644 (file)
--- a/lustre/mds/mds_lib.c
+++ b/lustre/mds/mds_lib.c
@@ -239,17 +239,12 @@ void mds_inode2id(struct obd_device *obd, struct lustre_id *id,
 int mds_pack_gskey(struct obd_device *obd, struct lustre_msg *repmsg, 
                   int *offset, struct mds_body *body, struct inode *inode)
 {
-        struct mds_obd *mds = &obd->u.mds;
         struct crypto_key_md *md_key;
         struct crypto_key *ckey;
         __u32 buflen, *sizep;
         void *buf;
         int size, rc = 0;
         ENTRY;
- 
-        if ((mds->mds_crypto_type != MKS_TYPE && 
-             mds->mds_crypto_type != GKS_TYPE))
-                RETURN(rc);
 
         sizep = lustre_msg_buf(repmsg, (*offset)++, 4);
         if (!sizep) {
@@ -265,9 +260,10 @@ int mds_pack_gskey(struct obd_device *obd, struct lustre_msg *repmsg,
 
         size = fsfilt_get_md(obd, inode, md_key, sizeof(*md_key), 
                            EA_KEY);
-        if (size < 0) {
-                CERROR("Can not get gskey from MDS ino %lu rc %d\n", 
-                       inode->i_ino, size);
+        if (size <= 0) {
+                if (size < 0) 
+                        CERROR("Can not get gskey from MDS ino %lu rc %d\n",
+                                inode->i_ino, size);
                 GOTO(out, rc = size); 
         }
         if (le32_to_cpu(md_key->md_magic) != MD_KEY_MAGIC) {
@@ -287,12 +283,12 @@ out:
         RETURN(rc);
 }
 
-static int mds_get_gskey(struct inode *inode, struct crypto_key_md *mkey)
+static int mds_get_gskey(struct inode *inode, struct crypto_key *ckey)
 {
-        LASSERT(mkey);
+        LASSERT(ckey);
         /*tmp create gs key here*/
-        get_random_bytes(mkey->md_ck.ck_key, KEY_SIZE);       
-        mkey->md_ck.ck_type = MKS_TYPE; 
+        LASSERT(ckey->ck_type == MKS_TYPE); 
+        get_random_bytes(ckey->ck_key, KEY_SIZE);       
         RETURN(0); 
 }
 
@@ -302,48 +298,44 @@ int mds_set_gskey(struct obd_device *obd, void *handle,
 {
         struct crypto_key_md *md_key = NULL;
         struct crypto_key *ckey = (struct crypto_key *)key; 
-        struct mds_obd *mds = &obd->u.mds;
         int rc = 0;       
         ENTRY;
 
-        if ((mds->mds_crypto_type != MKS_TYPE && 
-             mds->mds_crypto_type != GKS_TYPE)) {
-                CDEBUG(D_INFO, "mds_crypto_type %d \n", mds->mds_crypto_type); 
-                RETURN(rc);
-        }        
+        if (!ckey) 
+                RETURN(0);
+
+        LASSERT(ckey->ck_type == MKS_TYPE || ckey->ck_type == GKS_TYPE);   
+        
         OBD_ALLOC(md_key, sizeof(*md_key)); 
-        if (mds->mds_crypto_type == MKS_TYPE) { 
-                mds_get_gskey(inode, md_key);
-        } else {
-                LASSERT(ckey != NULL);
-        }
+        if (ckey->ck_type == MKS_TYPE) { 
+                mds_get_gskey(inode, ckey);
+        } 
+
         rc = fsfilt_get_md(obd, inode, md_key, sizeof(*md_key), 
                            EA_KEY);
         if (rc < 0)
                 GOTO(free, rc);
         LASSERT(le32_to_cpu(md_key->md_magic) == MD_KEY_MAGIC || 
                 md_key->md_magic == 0);
+        
         if (le32_to_cpu(md_key->md_magic) == MD_KEY_MAGIC) {
                 CDEBUG(D_INFO, "reset key %s mac %s", md_key->md_ck.ck_mac,
                        md_key->md_ck.ck_key);
         } 
  
         md_key->md_magic = cpu_to_le32(MD_KEY_MAGIC);
-        if (mds->mds_crypto_type == GKS_TYPE) {
                 /*get key and mac from request buffer*/
-                if (valid & ATTR_MAC) { 
-                        memcpy(md_key->md_ck.ck_mac, ckey->ck_mac, MAC_SIZE);
+        if (valid & ATTR_MAC) { 
+                memcpy(md_key->md_ck.ck_mac, ckey->ck_mac, MAC_SIZE);
                         CDEBUG(D_INFO, "set mac %s for ino %lu \n",
                                         md_key->md_ck.ck_mac, inode->i_ino);
-                }
-                if (valid & ATTR_KEY) { 
-                        memcpy(md_key->md_ck.ck_key, ckey->ck_key, KEY_SIZE);
-                        CDEBUG(D_INFO, "set key %s for ino %lu \n",
+        }
+        if (valid & ATTR_KEY) { 
+                memcpy(md_key->md_ck.ck_key, ckey->ck_key, KEY_SIZE);
+                       CDEBUG(D_INFO, "set key %s for ino %lu \n",
                                         md_key->md_ck.ck_key, inode->i_ino);
-                }
         }
-        rc = fsfilt_set_md(obd, inode, handle, md_key,
-                           sizeof(*md_key), EA_KEY);
+        rc = fsfilt_set_md(obd, inode, handle, md_key, sizeof(*md_key), EA_KEY);
 free:
         if (md_key)
                 OBD_FREE(md_key, sizeof(*md_key));
@@ -354,7 +346,6 @@ int mds_set_crypto_type(struct obd_device *obd, void *val, __u32 vallen)
 {
         struct mds_obd *mds = &obd->u.mds;
         ENTRY;       
- 
         if (vallen >= strlen("mks") &&
              memcmp(val, "mks", vallen) == 0) {
                 mds->mds_crypto_type = MKS_TYPE;         

diff --git a/lustre/mds/mds_open.c b/lustre/mds/mds_open.c
index 7486ce1..3174e82 100644 (file)
--- a/lustre/mds/mds_open.c
+++ b/lustre/mds/mds_open.c
@@ -1228,8 +1228,7 @@ got_child:
                 mds_inode2id(obd, &body->id1, inode, fid);
                 mds_update_inode_ids(obd, dchild->d_inode, handle, &body->id1, &sid);
 
-                if ((rec->ur_flags & MDS_OPEN_HAS_KEY) || 
-                     mds->mds_crypto_type == MKS_TYPE) {
+                if ((rec->ur_flags & MDS_OPEN_HAS_KEY)) { 
                         rc = mds_set_gskey(obd, handle, dchild->d_inode, 
                                            rec->ur_ea2data, rec->ur_ea2datalen, 
                                            ATTR_KEY | ATTR_MAC);

diff --git a/lustre/tests/cfg/lmv.sh b/lustre/tests/cfg/lmv.sh
index 6f896d8..ea68251 100644 (file)
--- a/lustre/tests/cfg/lmv.sh
+++ b/lustre/tests/cfg/lmv.sh
@@ -17,7 +17,7 @@ MOUNT=${MOUNT:-"/mnt/lustre"}
 MOUNT1=${MOUNT1:-$MOUNT}
 MOUNT2=${MOUNT2:-${MOUNT}2}
 DIR=${DIR:-$MOUNT}
-DIR2=${DIR2:-$MOUNT1}
+DIR2=${DIR2:-$MOUNT2}
 PTLDEBUG=${PTLDEBUG:-0x3f0400}
 SUBSYSTEM=${SUBSYSTEM:- 0xffb7e3ff}
 PDSH=${PDSH:-no_dsh}

diff --git a/lustre/tests/sanity-crypto.sh b/lustre/tests/sanity-crypto.sh
index c5ab848..936220f 100755 (executable)
--- a/lustre/tests/sanity-crypto.sh
+++ b/lustre/tests/sanity-crypto.sh
@@ -17,11 +17,17 @@ build_test_filter
 
 assert_env MDSCOUNT
 
+SETUP=${SETUP:-"setup"}
+CLEANUP=${CLEANUP:-"cleanup"}
+
+DIR1=${DIR1:-$MOUNT1}
+DIR2=${DIR2:-$MOUNT2}
+CRYPT_TYPE=${CRYPT_TYPE:-"gks"}
+RUN_UID=${RUN_UID:-1000}
 if [ `using_krb5_sec $SECURITY` == 'n' ] ; then
     ALWAYS_EXCEPT="0c $ALWAYS_EXCEPT"
 fi
 
-
 gen_config() {
     rm -f $XMLCONFIG
 
@@ -79,8 +85,6 @@ if [ "$ONLY" == "cleanup" ]; then
     exit
 fi
 
-SETUP=${SETUP:-"setup"}
-CLEANUP=${CLEANUP:-"cleanup"}
 
 setup() {
     gen_config
@@ -106,7 +110,85 @@ $SETUP
 if [ "$ONLY" == "setup" ]; then
     exit 0
 fi
+disable_encrypt() {
+       NAME=$1
+       grep " $MOUNT " /proc/mounts && umount  $MOUNT
+       zconf_mount `hostname` $NAME    
+}
+enable_encrypt() {
+       NAME=$1
+       grep " $MOUNT " /proc/mounts || zconf_mount `hostname` $MOUNT
+       $LCTL set_crypt $MOUNT $CRYPT_TYPE
+}
 
 mkdir -p $DIR
+
+test_1a() {
+       rm -rf $DIR1/1a*
+       enable_encrypt $MOUNT
+       echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/1a0
+       echo aaaaaaaaaaaaaaaaaaaa >> $DIR2/1a1
+       diff -u $DIR1/1a0 $DIR2/1a1 || error "files are different"
+       disable_encrypt $MOUNT
+       diff -u $DIR1/1a0 $DIR2/1a1 && error "write encryption failed"
+}
+run_test 1a "read/write encryption============="
+
+test_2a() {
+       rm -rf $DIR1/2a*
+       enable_encrypt $MOUNT
+       touch $DIR1/2a0
+        setfacl -m u:bin:rw $DIR1/2a0
+       echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/2a0
+       echo aaaaaaaaaaaaaaaaaaaa >> $DIR2/2a1
+       diff -u $DIR1/2a0 $DIR2/2a1 || error "files are different"
+       disable_encrypt $MOUNT
+       diff -u $DIR1/2a0 $DIR2/2a1 && error "write encryption failed"
+}
+run_test 2a "read/write encryption with acl============="
+
+test_3a() {
+       rm -rf $DIR1/3a*
+       enable_encrypt $MOUNT   
+       echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/3a0
+       echo aaaaaaaaaaaaaaaaaaaa >> $DIR2/3a1
+       chown $RUN_UID $DIR1/3a0
+       echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/3a0 || error "chown write error"
+       echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/3a1  
+       diff -u $DIR1/3a0 $DIR2/3a1 || error "files are different"
+       disable_encrypt $MOUNT
+       diff -u $DIR1/3a0 $DIR2/3a1 && error "write encryption failed"
+}
+run_test 3a "write chmod encryption============="
+
+test_4a() {
+       rm -rf $DIR1/4a*
+       enable_encrypt $MOUNT   
+       echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/4a0
+       echo aaaaaaaaaaaaaaaaaaaa >> $DIR2/4a1
+        setfacl -m u:bin:rw $DIR1/4a0
+       echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/4a0 || error "chown write error"
+       echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/4a1  
+       diff -u $DIR1/4a0 $DIR2/4a1 || error "files are different"
+       disable_encrypt $MOUNT
+       diff -u $DIR1/4a0 $DIR2/4a1 && error "write encryption failed"
+}
+run_test 4a "write chacl encryption============="
+
+test_5a() {
+       rm -rf $DIR1/5a*
+       enable_encrypt $MOUNT   
+       echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/5a0
+       echo aaaaaaaaaaaaaaaaaaaa >> $DIR2/5a1
+        setfacl -m u:bin:rw $DIR1/5a0
+       chown $RUN_UID $DIR1/3a0
+       echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/5a0 || error "chown write error"
+       echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/5a1  
+       diff -u $DIR1/5a0 $DIR2/5a1 || error "files are different"
+       disable_encrypt $MOUNT
+       diff -u $DIR1/5a0 $DIR2/5a1 && error "write encryption failed"
+}
+run_test 5a "write chacl encryption============="
+
 $CLEANUP