LU-15217 pcc: disable PCC for encrypted files

When files are encrypted in Lustre using fscrypt, they should
normally not be accessible to users without the proper encyrption
key. However, if a user has then encryption key loaded when they
read a file, it may be decrypted in memory and saved to the PCC
backend in unencrypted form.

Due to the above reason, we just disable PCC caching for encrypted
files.

DDN-bug-id: EX-3571
Signed-off-by: Qian Yingjin <qian@ddn.com>
Change-Id: I6c363dcad7a6bc8520350c0295f6e221bec3abb0
Reviewed-on: https://review.whamcloud.com/45545
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

diff --git a/lustre/llite/file.c b/lustre/llite/file.c
index 8903c2d..c87deda 100644 (file)
--- a/lustre/llite/file.c
+++ b/lustre/llite/file.c
@@ -3680,6 +3680,9 @@ static long ll_file_unlock_lease(struct file *file, struct ll_ioc_lease *ioc,
                if (ioc->lil_count != 1)
                        RETURN(-EINVAL);
 
+               if (IS_ENCRYPTED(inode))
+                       RETURN(-EOPNOTSUPP);
+
                arg += sizeof(*ioc);
                if (copy_from_user(&param.pa_archive_id, (void __user *)arg,
                                   sizeof(__u32)))

diff --git a/lustre/llite/pcc.c b/lustre/llite/pcc.c
index a8dc228..ab451c4 100644 (file)
--- a/lustre/llite/pcc.c
+++ b/lustre/llite/pcc.c
@@ -1451,6 +1451,9 @@ int pcc_file_open(struct inode *inode, struct file *file)
        if (!S_ISREG(inode->i_mode))
                RETURN(0);
 
+       if (IS_ENCRYPTED(inode))
+               RETURN(0);
+
        pcc_inode_lock(inode);
        pcci = ll_i2pcci(inode);