From 8ef8b6604bd1af2de9ca6254c5b9007a847d5683 Mon Sep 17 00:00:00 2001 From: Sebastien Buisson Date: Tue, 3 May 2022 17:30:18 +0200 Subject: [PATCH] LU-15810 sec: fix enc dir migration Now that the encryption context is stored in an xattr named "encryption.c" instead of "security.c", we need to fetch this xattr explicitly in case of encrypted directory migration. Indeed, there is no xattr handler in ldiskfs for this "encryption." xattr type, so it is not returned when listing all xattrs to migrate. Fixes: 4231fab66e ("LU-13717 sec: make client encryption compatible with ext4") Signed-off-by: Sebastien Buisson Change-Id: I628f9b253e86343db0b71f6a5b1ad2c5728ca38d Reviewed-on: https://review.whamcloud.com/47201 Reviewed-by: Andreas Dilger Tested-by: jenkins Tested-by: Maloo Reviewed-by: Lai Siyao Reviewed-by: Oleg Drokin --- lustre/mdd/mdd_dir.c | 21 +++++++++++++++++++++ lustre/tests/sanity-sec.sh | 10 ++++++++++ 2 files changed, 31 insertions(+) diff --git a/lustre/mdd/mdd_dir.c b/lustre/mdd/mdd_dir.c index 51f5a7e..2d32826 100644 --- a/lustre/mdd/mdd_dir.c +++ b/lustre/mdd/mdd_dir.c @@ -3437,7 +3437,10 @@ static int mdd_xattrs_migrate_prep(const struct lu_env *env, bool skip_linkea, bool skip_dmv) { + struct lu_attr *attr = MDD_ENV_VAR(env, cattr); struct mdd_xattr_entry *entry; + bool needencxattr = false; + bool encxattrfound = false; char *xname; int list_xsize; int xlen; @@ -3454,6 +3457,13 @@ static int mdd_xattrs_migrate_prep(const struct lu_env *env, if (list_xsize < 0) RETURN(list_xsize); + if (attr->la_valid & LA_FLAGS && + attr->la_flags & LUSTRE_ENCRYPT_FL) { + needencxattr = true; + list_xsize += + strlen(LL_XATTR_NAME_ENCRYPTION_CONTEXT) + 1; + } + lu_buf_alloc(&xattrs->mx_namebuf, list_xsize); if (xattrs->mx_namebuf.lb_buf == NULL) RETURN(-ENOMEM); @@ -3465,7 +3475,11 @@ static int mdd_xattrs_migrate_prep(const struct lu_env *env, rem = rc; rc = 0; xname = xattrs->mx_namebuf.lb_buf; +reloop: for (; rem > 0; xname += xlen, rem -= xlen) { + if (needencxattr && + strcmp(xname, LL_XATTR_NAME_ENCRYPTION_CONTEXT) == 0) + encxattrfound = true; xlen = strnlen(xname, rem - 1) + 1; if (strcmp(XATTR_NAME_LMA, xname) == 0 || strcmp(XATTR_NAME_LMV, xname) == 0) @@ -3508,6 +3522,13 @@ static int mdd_xattrs_migrate_prep(const struct lu_env *env, list_add_tail(&entry->mxe_linkage, &xattrs->mx_list); } + if (needencxattr && !encxattrfound) { + xlen = strlen(LL_XATTR_NAME_ENCRYPTION_CONTEXT) + 1; + strncpy(xname, LL_XATTR_NAME_ENCRYPTION_CONTEXT, xlen); + rem = xlen; + GOTO(reloop, 0); + } + RETURN(0); fini: mdd_xattrs_fini(xattrs); diff --git a/lustre/tests/sanity-sec.sh b/lustre/tests/sanity-sec.sh index a0c608d..9bf0284 100755 --- a/lustre/tests/sanity-sec.sh +++ b/lustre/tests/sanity-sec.sh @@ -3832,6 +3832,9 @@ test_49() { sync ; sync ; echo 3 > /proc/sys/vm/drop_caches # migrate a non-empty encrypted dir trace_cmd $LFS migrate -m 1 $dirname/d2 + sync ; sync ; echo 3 > /proc/sys/vm/drop_caches + [ -f $dirname/d2/subf ] || error "migrate failed (1)" + [ $(cat $dirname/d2/subf) == "b" ] || error "migrate failed (2)" $LFS setdirstripe -i 1 -c 1 $dirname/d3 dirname=$dirname/d3/subdir @@ -4865,6 +4868,13 @@ test_59c() { stripe=$($LFS getdirstripe -i $scrambleddir) [ $stripe -eq 1 ] || error "migrate $scrambleddir between MDTs failed (2)" + + # now, with the key + insert_enc_key + [ -f $dirname/subf ] || + error "migrate $scrambleddir between MDTs failed (3)" + [ $(cat $dirname/subf) == "b" ] || + error "migrate $scrambleddir between MDTs failed (4)" } run_test 59c "MDT migrate of encrypted files without key" -- 1.8.3.1