diff mbox series

[25/28] lustre: sec: restrict fallocate on encrypted files

Message ID	1605488401-981-26-git-send-email-jsimmons@infradead.org (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=cglZ=EW=lists.lustre.org=lustre-devel-bounces@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 74EF9206B7 From: James Simmons <jsimmons@infradead.org> To: Andreas Dilger <adilger@whamcloud.com>, Oleg Drokin <green@whamcloud.com>, NeilBrown <neilb@suse.com> Date: Sun, 15 Nov 2020 19:59:58 -0500 Message-Id: <1605488401-981-26-git-send-email-jsimmons@infradead.org> In-Reply-To: <1605488401-981-1-git-send-email-jsimmons@infradead.org> References: <1605488401-981-1-git-send-email-jsimmons@infradead.org> Subject: [lustre-devel] [PATCH 25/28] lustre: sec: restrict fallocate on encrypted files Precedence: list Cc: Lustre Development List <lustre-devel@lists.lustre.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: lustre-devel-bounces@lists.lustre.org Sender: "lustre-devel" <lustre-devel-bounces@lists.lustre.org>
Series	OpenSFS backport for Nov 15 2020 \| expand [00/28] OpenSFS backport for Nov 15 2020 [01/28] llite: remove splice_read handling for PCC [02/28] lustre: llite: disable statahead_agl for sanity test_56ra [03/28] lustre: seq_file .next functions must update *pos [04/28] lustre: llite: ASSERTION( last_oap_count > 0 ) failed [05/28] lnet: o2ib: raise bind cap before resolving address [06/28] lustre: use memalloc_nofs_save() for GFP_NOFS kvmalloc allocations. [07/28] lnet: o2iblnd: Don't retry indefinitely [08/28] lustre: llite: rmdir releases inode on client [09/28] lustre: gss: update sequence in case of target disconnect [10/28] lustre: lov: doesn't check lov_refcount [11/28] lustre: ptlrpc: remove unused code at pinger [12/28] lustre: mdc: remote object support getattr from cache [13/28] lustre: llite: pass name in getattr by FID [14/28] lnet: o2iblnd: 'Timed out tx' error message [15/28] lustre: ldlm: Fix unbounded OBD_FAIL_LDLM_CANCEL_BL_CB_RACE wait [16/28] lustre: ldlm: group locks for DOM IBIT lock [17/28] lustre: ptlrpc: decrease time between reconnection [18/28] lustre: ptlrpc: throttle RPC resend if network error [19/28] lustre: ldlm: BL AST vs failed lock enqueue race [20/28] lustre: ptlrpc: don't log connection 'restored' inappropriately [21/28] lustre: llite: Avoid eternel retry loops with MAP_POPULATE [22/28] lustre: ptlrpc: introduce OST_SEEK RPC [23/28] lustre: clio: SEEK_HOLE/SEEK_DATA on client side [24/28] lustre: sec: O_DIRECT for encrypted file [25/28] lustre: sec: restrict fallocate on encrypted files [26/28] lustre: sec: encryption with different client PAGE_SIZE [27/28] lustre: sec: require enc key in case of O_CREAT only [28/28] lustre: sec: fix O_DIRECT and encrypted files

Commit Message

James Simmons Nov. 16, 2020, 12:59 a.m. UTC

From: Sebastien Buisson <sbuisson@ddn.com>

For now, ll_fallocate only supports standard preallocation.
Anyway, encrypted inodes can't handle collapse range or zero range or
insert range since we would need to re-encrypt blocks with a different
IV or XTS tweak (which are based on the logical block number).
So make sure we return -EOPNOTSUPP in this case, like what ext4 does.

WC-bug-id: https://jira.whamcloud.com/browse/LU-12275
Lustre-commit: a7870fb9568bf ("LU-12275 sec: restrict fallocate on encrypted files")
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Reviewed-on: https://review.whamcloud.com/39220
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Arshad Hussain <arshad.super@gmail.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Signed-off-by: James Simmons <jsimmons@infradead.org>
---
 fs/lustre/llite/file.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff mbox series

Patch

diff --git a/fs/lustre/llite/file.c b/fs/lustre/llite/file.c
index 4a3c534..02cc2d6 100644
--- a/fs/lustre/llite/file.c
+++ b/fs/lustre/llite/file.c
@@ -4927,6 +4927,17 @@  long ll_fallocate(struct file *filp, int mode, loff_t offset, loff_t len)
 	struct inode *inode = filp->f_path.dentry->d_inode;
 
 	/*
+	 * Encrypted inodes can't handle collapse range or zero range or insert
+	 * range since we would need to re-encrypt blocks with a different IV or
+	 * XTS tweak (which are based on the logical block number).
+	 * Similar to what ext4 does.
+	 */
+	if (IS_ENCRYPTED(inode) &&
+	    (mode & (FALLOC_FL_COLLAPSE_RANGE | FALLOC_FL_INSERT_RANGE |
+		     FALLOC_FL_ZERO_RANGE)))
+		return -EOPNOTSUPP;
+
+	/*
 	 * Only mode == 0 (which is standard prealloc) is supported now.
 	 * Punch is not supported yet.
 	 */