From eecf86131d099242d2e8c1f5d6be241ec1416c9a Mon Sep 17 00:00:00 2001
From: Sebastien Buisson <sbuisson@ddn.com>
Date: Thu, 22 Aug 2019 08:48:19 +0000
Subject: [PATCH 1/1] LU-12275 sec: decryption for read path

With the support for encryption, all files need to be opened with
fscrypt_file_open(). fscrypt will retrieve encryption context if
file is encrypted, or immediately return if not.
Decryption itself is carried out in osc_brw_fini_request(), right
after the reply has been received from the server.

Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I8f8f87eb8e07e35e1a4e6cc157ceddfef6934753
Reviewed-on: https://review.whamcloud.com/36145
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Patrick Farrell <farr0186@gmail.com>
Reviewed-by: John L. Hammond <jhammond@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
---
 lustre/llite/crypto.c    |  3 +++
 lustre/llite/file.c      |  6 ++++++
 lustre/osc/osc_request.c | 31 +++++++++++++++++++++++++++++++
 3 files changed, 40 insertions(+)

diff --git a/lustre/llite/crypto.c b/lustre/llite/crypto.c
index cdaac80..84509dd 100644
--- a/lustre/llite/crypto.c
+++ b/lustre/llite/crypto.c
@@ -45,6 +45,9 @@ static int ll_get_context(struct inode *inode, void *ctx, size_t len)
 	rc = ll_vfs_getxattr(dentry, inode, LL_XATTR_NAME_ENCRYPTION_CONTEXT,
 			     ctx, len);
 
+	/* used as encryption unit size */
+	if (S_ISREG(inode->i_mode))
+		inode->i_blkbits = LUSTRE_ENCRYPTION_BLOCKBITS;
 	return rc;
 }
 
diff --git a/lustre/llite/file.c b/lustre/llite/file.c
index aac8685f..5a543da 100644
--- a/lustre/llite/file.c
+++ b/lustre/llite/file.c
@@ -706,6 +706,12 @@ int ll_file_open(struct inode *inode, struct file *file)
 	it = file->private_data; /* XXX: compat macro */
 	file->private_data = NULL; /* prevent ll_local_open assertion */
 
+	if (S_ISREG(inode->i_mode)) {
+		rc = llcrypt_file_open(inode, file);
+		if (rc)
+			GOTO(out_nofiledata, rc);
+	}
+
 	fd = ll_file_data_get();
 	if (fd == NULL)
 		GOTO(out_nofiledata, rc = -ENOMEM);
diff --git a/lustre/osc/osc_request.c b/lustre/osc/osc_request.c
index fea0c94..cb53cc6 100644
--- a/lustre/osc/osc_request.c
+++ b/lustre/osc/osc_request.c
@@ -1850,6 +1850,7 @@ static int osc_brw_fini_request(struct ptlrpc_request *req, int rc)
 		&req->rq_import->imp_connection->c_peer;
 	struct ost_body *body;
 	u32 client_cksum = 0;
+	struct inode *inode;
 
 	ENTRY;
 
@@ -2037,6 +2038,36 @@ static int osc_brw_fini_request(struct ptlrpc_request *req, int rc)
 	} else {
 		rc = 0;
 	}
+
+	inode = page2inode(aa->aa_ppga[0]->pg);
+	if (inode && IS_ENCRYPTED(inode)) {
+		int idx;
+
+		if (!llcrypt_has_encryption_key(inode)) {
+			CDEBUG(D_SEC, "no enc key for ino %lu\n", inode->i_ino);
+			GOTO(out, rc);
+		}
+		for (idx = 0; idx < aa->aa_page_count; idx++) {
+			struct brw_page *pg = aa->aa_ppga[idx];
+			__u64 *p, *q;
+
+			/* do not decrypt if page is all 0s */
+			p = q = page_address(pg->pg);
+			while (p - q < PAGE_SIZE / sizeof(*p)) {
+				if (*p != 0)
+					break;
+				p++;
+			}
+			if (p - q == PAGE_SIZE / sizeof(*p))
+				continue;
+
+			rc = llcrypt_decrypt_pagecache_blocks(pg->pg,
+							      PAGE_SIZE, 0);
+			if (rc)
+				GOTO(out, rc);
+		}
+	}
+
 out:
 	if (rc >= 0)
 		lustre_get_wire_obdo(&req->rq_import->imp_connect_data,
-- 
1.8.3.1