From 9d98d1f7739e05bb4decf2614899ccb99b34826c Mon Sep 17 00:00:00 2001 From: Sebastien Buisson Date: Tue, 4 Jan 2022 18:16:47 +0100 Subject: [PATCH] LU-15408 sec: confirm encrypted file's hash It is a good practice to always confirm on server side the encrypted file's hash included in the digested form sent by the client. Fixes: ed4a625d88 ("LU-13717 sec: filename encryption - digest support") Signed-off-by: Sebastien Buisson Change-Id: I42212a36b23e4e6e41184a78fa8244c5e2d8dd1f Reviewed-on: https://review.whamcloud.com/45964 Tested-by: jenkins Reviewed-by: Andreas Dilger Tested-by: Maloo Reviewed-by: Patrick Farrell Reviewed-by: John L. Hammond Reviewed-by: Oleg Drokin --- lustre/mdt/mdt_handler.c | 24 ++++++++---------------- lustre/mdt/mdt_internal.h | 3 +-- lustre/mdt/mdt_reint.c | 2 +- 3 files changed, 10 insertions(+), 19 deletions(-) diff --git a/lustre/mdt/mdt_handler.c b/lustre/mdt/mdt_handler.c index cc5a870..50abf84 100644 --- a/lustre/mdt/mdt_handler.c +++ b/lustre/mdt/mdt_handler.c @@ -1914,15 +1914,13 @@ lookup: * \param lname encoded hash to find * \param parent parent object * \param child object to search with LinkEA - * \param force_check true to check hash even if LinkEA has only one entry * * \retval 1 match found * \retval 0 no match found * \retval -ev negative errno upon error */ int find_name_matching_hash(struct mdt_thread_info *info, struct lu_name *lname, - struct mdt_object *parent, struct mdt_object *child, - bool force_check) + struct mdt_object *parent, struct mdt_object *child) { /* Here, lname is an encoded hash of on-disk name, and * client is doing access without encryption key. @@ -1936,7 +1934,7 @@ int find_name_matching_hash(struct mdt_thread_info *info, struct lu_name *lname, struct link_ea_header *leh; struct link_ea_entry *lee; struct lu_buf link = { 0 }; - char *hash = NULL; + char *hash; int reclen, count, rc; ENTRY; @@ -1953,21 +1951,15 @@ int find_name_matching_hash(struct mdt_thread_info *info, struct lu_name *lname, if (rc < 0) RETURN(rc); + hash = kmalloc(lname->ln_namelen, GFP_NOFS); + if (!hash) + RETURN(-ENOMEM); + rc = critical_decode(lname->ln_name, lname->ln_namelen, hash); + leh = buf->lb_buf; - if (force_check || leh->leh_reccount > 1) { - hash = kmalloc(lname->ln_namelen, GFP_NOFS); - if (!hash) - RETURN(-ENOMEM); - rc = critical_decode(lname->ln_name, lname->ln_namelen, hash); - } lee = (struct link_ea_entry *)(leh + 1); for (count = 0; count < leh->leh_reccount; count++) { linkea_entry_unpack(lee, &reclen, &name, &pfid); - if (!force_check && leh->leh_reccount == 1) { - /* if there is only one rec, it has to be it */ - *lname = name; - break; - } if (!parent || lu_fid_eq(&pfid, mdt_object_fid(parent))) { lu_buf_check_and_alloc(&link, name.ln_namelen); if (!link.lb_buf) @@ -2238,7 +2230,7 @@ static int mdt_getattr_name_lock(struct mdt_thread_info *info, * So we need to compare name hash with the one in the request. */ if (!find_name_matching_hash(info, lname, parent, - child, true)) { + child)) { mdt_set_disposition(info, ldlm_rep, DISP_LOOKUP_NEG); mdt_clear_disposition(info, ldlm_rep, DISP_LOOKUP_POS); GOTO(out_child, rc = -ENOENT); diff --git a/lustre/mdt/mdt_internal.h b/lustre/mdt/mdt_internal.h index 3812e9e..2726f86 100644 --- a/lustre/mdt/mdt_internal.h +++ b/lustre/mdt/mdt_internal.h @@ -925,8 +925,7 @@ int mdt_layout_change(struct mdt_thread_info *info, struct mdt_object *obj, struct mdt_lock_handle *lhc, struct md_layout_change *spec); int find_name_matching_hash(struct mdt_thread_info *info, struct lu_name *lname, - struct mdt_object *parent, struct mdt_object *child, - bool force_check); + struct mdt_object *parent, struct mdt_object *child); int mdt_device_sync(const struct lu_env *env, struct mdt_device *mdt); struct lu_buf *mdt_buf(const struct lu_env *env, void *area, ssize_t len); diff --git a/lustre/mdt/mdt_reint.c b/lustre/mdt/mdt_reint.c index 8b36314..07b8818 100644 --- a/lustre/mdt/mdt_reint.c +++ b/lustre/mdt/mdt_reint.c @@ -1185,7 +1185,7 @@ relock: * hash. So find name that matches provided hash. */ if (!find_name_matching_hash(info, &rr->rr_name, - NULL, mc, false)) + NULL, mc)) GOTO(put_child, rc = -ENOENT); } -- 1.8.3.1