From a7870fb9568bf753d50eeead71a59dfe07db1d20 Mon Sep 17 00:00:00 2001
From: Sebastien Buisson <sbuisson@ddn.com>
Date: Tue, 30 Jun 2020 13:42:58 +0000
Subject: [PATCH] LU-12275 sec: restrict fallocate on encrypted files

For now, ll_fallocate only supports standard preallocation.
Anyway, encrypted inodes can't handle collapse range or zero range or
insert range since we would need to re-encrypt blocks with a different
IV or XTS tweak (which are based on the logical block number).
So make sure we return -EOPNOTSUPP in this case, like what ext4 does.

Test-Parameters: trivial
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: Ia34cd04df9f297ac54109ed385b037fe282954d7
Reviewed-on: https://review.whamcloud.com/39220
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Arshad Hussain <arshad.super@gmail.com>
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
---
 lustre/include/lustre_compat.h | 12 ++++++++++++
 lustre/llite/file.c            | 11 +++++++++++
 2 files changed, 23 insertions(+)

diff --git a/lustre/include/lustre_compat.h b/lustre/include/lustre_compat.h
index 5defcfd..a39b617 100644
--- a/lustre/include/lustre_compat.h
+++ b/lustre/include/lustre_compat.h
@@ -564,4 +564,16 @@ static inline int ll_vfs_removexattr(struct dentry *dentry, struct inode *inode,
 #endif
 }
 
+#ifndef FALLOC_FL_COLLAPSE_RANGE
+#define FALLOC_FL_COLLAPSE_RANGE 0x08 /* remove a range of a file */
+#endif
+
+#ifndef FALLOC_FL_ZERO_RANGE
+#define FALLOC_FL_ZERO_RANGE 0x10 /* convert range to zeros */
+#endif
+
+#ifndef FALLOC_FL_INSERT_RANGE
+#define FALLOC_FL_INSERT_RANGE 0x20 /* insert space within file */
+#endif
+
 #endif /* _LUSTRE_COMPAT_H */
diff --git a/lustre/llite/file.c b/lustre/llite/file.c
index 2318ab7..bc0f5dd 100644
--- a/lustre/llite/file.c
+++ b/lustre/llite/file.c
@@ -5045,6 +5045,17 @@ long ll_fallocate(struct file *filp, int mode, loff_t offset, loff_t len)
 	int rc;
 
 	/*
+	 * Encrypted inodes can't handle collapse range or zero range or insert
+	 * range since we would need to re-encrypt blocks with a different IV or
+	 * XTS tweak (which are based on the logical block number).
+	 * Similar to what ext4 does.
+	 */
+	if (IS_ENCRYPTED(inode) &&
+	    (mode & (FALLOC_FL_COLLAPSE_RANGE | FALLOC_FL_INSERT_RANGE |
+		     FALLOC_FL_ZERO_RANGE)))
+		RETURN(-EOPNOTSUPP);
+
+	/*
 	 * Only mode == 0 (which is standard prealloc) is supported now.
 	 * Punch is not supported yet.
 	 */
-- 
1.8.3.1