From patchwork Thu Jul 2 00:04:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Simmons X-Patchwork-Id: 11637603 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A62BC92A for ; Thu, 2 Jul 2020 00:06:02 +0000 (UTC) Received: from pdx1-mailman02.dreamhost.com (pdx1-mailman02.dreamhost.com [64.90.62.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8E44B2077D for ; Thu, 2 Jul 2020 00:06:02 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8E44B2077D Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=infradead.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lustre-devel-bounces@lists.lustre.org Received: from pdx1-mailman02.dreamhost.com (localhost [IPv6:::1]) by pdx1-mailman02.dreamhost.com (Postfix) with ESMTP id A4B8521FE1A; Wed, 1 Jul 2020 17:05:32 -0700 (PDT) X-Original-To: lustre-devel@lists.lustre.org Delivered-To: lustre-devel-lustre.org@pdx1-mailman02.dreamhost.com Received: from smtp3.ccs.ornl.gov (smtp3.ccs.ornl.gov [160.91.203.39]) by pdx1-mailman02.dreamhost.com (Postfix) with ESMTP id DB5F221F9ED for ; Wed, 1 Jul 2020 17:05:05 -0700 (PDT) Received: from star.ccs.ornl.gov (star.ccs.ornl.gov [160.91.202.134]) by smtp3.ccs.ornl.gov (Postfix) with ESMTP id 5D54E364; Wed, 1 Jul 2020 20:05:02 -0400 (EDT) Received: by star.ccs.ornl.gov (Postfix, from userid 2004) id 54F1B2BA; Wed, 1 Jul 2020 20:05:02 -0400 (EDT) From: James Simmons To: Andreas Dilger , Oleg Drokin , NeilBrown Date: Wed, 1 Jul 2020 20:04:44 -0400 Message-Id: <1593648298-10571-5-git-send-email-jsimmons@infradead.org> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1593648298-10571-1-git-send-email-jsimmons@infradead.org> References: <1593648298-10571-1-git-send-email-jsimmons@infradead.org> Subject: [lustre-devel] [PATCH 04/18] lustre: sec: decryption for read path X-BeenThere: lustre-devel@lists.lustre.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "For discussing Lustre software development." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Lustre Development List MIME-Version: 1.0 Errors-To: lustre-devel-bounces@lists.lustre.org Sender: "lustre-devel" From: Sebastien Buisson With the support for encryption, all files need to be opened with fscrypt_file_open(). fscrypt will retrieve encryption context if file is encrypted, or immediately return if not. Decryption itself is carried out in osc_brw_fini_request(), right after the reply has been received from the server. WC-bug-id: https://jira.whamcloud.com/browse/LU-12275 Lustre-commit: eecf86131d099 ("LU-12275 sec: decryption for read path") Signed-off-by: Sebastien Buisson Reviewed-on: https://review.whamcloud.com/36145 Reviewed-by: Patrick Farrell Reviewed-by: John L. Hammond Reviewed-by: Andreas Dilger Reviewed-by: Oleg Drokin Signed-off-by: James Simmons --- fs/lustre/llite/crypto.c | 10 ++++++++-- fs/lustre/llite/file.c | 6 ++++++ fs/lustre/osc/osc_request.c | 31 +++++++++++++++++++++++++++++++ 3 files changed, 45 insertions(+), 2 deletions(-) diff --git a/fs/lustre/llite/crypto.c b/fs/lustre/llite/crypto.c index f411343..157017f 100644 --- a/fs/lustre/llite/crypto.c +++ b/fs/lustre/llite/crypto.c @@ -32,6 +32,7 @@ static int ll_get_context(struct inode *inode, void *ctx, size_t len) { struct dentry *dentry; + int rc; if (hlist_empty(&inode->i_dentry)) return -ENODATA; @@ -39,8 +40,13 @@ static int ll_get_context(struct inode *inode, void *ctx, size_t len) hlist_for_each_entry(dentry, &inode->i_dentry, d_u.d_alias) break; - return __vfs_getxattr(dentry, inode, LL_XATTR_NAME_ENCRYPTION_CONTEXT, - ctx, len); + rc = __vfs_getxattr(dentry, inode, LL_XATTR_NAME_ENCRYPTION_CONTEXT, + ctx, len); + + /* used as encryption unit size */ + if (S_ISREG(inode->i_mode)) + inode->i_blkbits = LUSTRE_ENCRYPTION_BLOCKBITS; + return rc; } static int ll_set_context(struct inode *inode, const void *ctx, size_t len, diff --git a/fs/lustre/llite/file.c b/fs/lustre/llite/file.c index 8264b86..3b04952 100644 --- a/fs/lustre/llite/file.c +++ b/fs/lustre/llite/file.c @@ -714,6 +714,12 @@ int ll_file_open(struct inode *inode, struct file *file) it = file->private_data; /* XXX: compat macro */ file->private_data = NULL; /* prevent ll_local_open assertion */ + if (S_ISREG(inode->i_mode)) { + rc = llcrypt_file_open(inode, file); + if (rc) + goto out_nofiledata; + } + fd = ll_file_data_get(); if (!fd) { rc = -ENOMEM; diff --git a/fs/lustre/osc/osc_request.c b/fs/lustre/osc/osc_request.c index db97d37..65d17a8 100644 --- a/fs/lustre/osc/osc_request.c +++ b/fs/lustre/osc/osc_request.c @@ -1865,6 +1865,7 @@ static int osc_brw_fini_request(struct ptlrpc_request *req, int rc) const char *obd_name = cli->cl_import->imp_obd->obd_name; struct ost_body *body; u32 client_cksum = 0; + struct inode *inode; if (rc < 0 && rc != -EDQUOT) { DEBUG_REQ(D_INFO, req, "Failed request: rc = %d", rc); @@ -2055,6 +2056,36 @@ static int osc_brw_fini_request(struct ptlrpc_request *req, int rc) } else { rc = 0; } + + inode = page2inode(aa->aa_ppga[0]->pg); + if (inode && IS_ENCRYPTED(inode)) { + int idx; + + if (!llcrypt_has_encryption_key(inode)) { + CDEBUG(D_SEC, "no enc key for ino %lu\n", inode->i_ino); + goto out; + } + for (idx = 0; idx < aa->aa_page_count; idx++) { + struct brw_page *pg = aa->aa_ppga[idx]; + u64 *p, *q; + + /* do not decrypt if page is all 0s */ + p = q = page_address(pg->pg); + while (p - q < PAGE_SIZE / sizeof(*p)) { + if (*p != 0) + break; + p++; + } + if (p - q == PAGE_SIZE / sizeof(*p)) + continue; + + rc = llcrypt_decrypt_pagecache_blocks(pg->pg, + PAGE_SIZE, 0); + if (rc) + goto out; + } + } + out: if (rc >= 0) lustre_get_wire_obdo(&req->rq_import->imp_connect_data,