From: Sebastien Buisson Date: Mon, 21 Sep 2020 12:45:49 +0000 (+0000) Subject: LU-13975 sec: require enc key in case of O_CREAT only X-Git-Tag: 2.13.57~136 X-Git-Url: https://git.whamcloud.com/?p=fs%2Flustre-release.git;a=commitdiff_plain;h=f6daee15b2c8ecc0c994b6ad0ebf4fdb58738bd9 LU-13975 sec: require enc key in case of O_CREAT only In ll_atomic_open(), do not return -ENOKEY when trying to open either a directory or a file without the encryption key, unless O_CREAT flag is specified. Indeed, listing directory content is allowed even without the key. And in case of regular file, ll_file_open() already checks for the presence of an encryption key. Improve sanity-sec test_54 to verify this is working properly. Test-Parameters: testlist=sanity-sec envdefinitions=ONLY="36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 52 53 54" clientdistro=el8.1 fstype=ldiskfs mdscount=2 mdtcount=4 Test-Parameters: testlist=sanity-sec envdefinitions=ONLY="36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 52 53 54" clientdistro=el8.1 fstype=zfs mdscount=2 mdtcount=4 Signed-off-by: Sebastien Buisson Change-Id: I813d4ec938e00c8463b1d3ee9766d180806b40ba Reviewed-on: https://review.whamcloud.com/39983 Tested-by: jenkins Reviewed-by: John L. Hammond Tested-by: Maloo Reviewed-by: Andreas Dilger Reviewed-by: Oleg Drokin --- diff --git a/lustre/llite/namei.c b/lustre/llite/namei.c index ab6285c..b84dfd7 100644 --- a/lustre/llite/namei.c +++ b/lustre/llite/namei.c @@ -1122,16 +1122,17 @@ static int ll_atomic_open(struct inode *dir, struct dentry *dentry, it->it_flags &= ~MDS_OPEN_FL_INTERNAL; if (ll_sbi_has_encrypt(ll_i2sbi(dir)) && IS_ENCRYPTED(dir)) { - /* we know that we are going to create a regular file because + /* in case of create, this is going to be a regular file because * we set S_IFREG bit on it->it_create_mode above */ rc = llcrypt_get_encryption_info(dir); if (rc) GOTO(out_release, rc); - if (!llcrypt_has_encryption_key(dir)) - GOTO(out_release, rc = -ENOKEY); - encrypt = true; - rc = 0; + if (open_flags & O_CREAT) { + if (!llcrypt_has_encryption_key(dir)) + GOTO(out_release, rc = -ENOKEY); + encrypt = true; + } } OBD_FAIL_TIMEOUT(OBD_FAIL_LLITE_CREATE_FILE_PAUSE2, cfs_fail_val); diff --git a/lustre/tests/sanity-sec.sh b/lustre/tests/sanity-sec.sh index a866b66..e678c95 100755 --- a/lustre/tests/sanity-sec.sh +++ b/lustre/tests/sanity-sec.sh @@ -4010,13 +4010,22 @@ test_54() { cp $testfile $tmpfile $RUNAS dd if=/dev/urandom of=$testfile2 bs=127 count=1 conv=fsync || error "write to encrypted file $testfile2 failed" + $RUNAS mkdir $testdir/subdir || error "mkdir subdir failed" + $RUNAS touch $testdir/subdir/subfile || error "mkdir subdir failed" $RUNAS fscrypt lock --verbose $testdir || error "fscrypt lock $testdir failed (1)" + $RUNAS ls -R $testdir || error "ls -R $testdir failed" + local filecount=$($RUNAS find $testdir -type f | wc -l) + [ $filecount -eq 3 ] || error "found $filecount files" + $RUNAS hexdump -C $testfile && error "reading $testfile should have failed without key" + $RUNAS touch ${testfile}.nokey && + error "touch ${testfile}.nokey should have failed without key" + echo mypass | $RUNAS fscrypt unlock --verbose $testdir || error "fscrypt unlock $testdir failed (1)"