From: James Simmons <jsimmons@infradead.org>
To: Andreas Dilger <adilger@whamcloud.com>,
Oleg Drokin <green@whamcloud.com>, NeilBrown <neilb@suse.de>
Cc: Lustre Development List <lustre-devel@lists.lustre.org>
Subject: [lustre-devel] [PATCH 11/12] lustre: pcc: disable PCC for encrypted files
Date: Sun, 12 Dec 2021 10:08:02 -0500 [thread overview]
Message-ID: <1639321683-22909-12-git-send-email-jsimmons@infradead.org> (raw)
In-Reply-To: <1639321683-22909-1-git-send-email-jsimmons@infradead.org>
From: Qian Yingjin <qian@ddn.com>
When files are encrypted in Lustre using fscrypt, they should
normally not be accessible to users without the proper encyrption
key. However, if a user has then encryption key loaded when they
read a file, it may be decrypted in memory and saved to the PCC
backend in unencrypted form.
Due to the above reason, we just disable PCC caching for encrypted
files.
DDN-bug-id: EX-3571
WC-bug-id: https://jira.whamcloud.com/browse/LU-15217
Lustre-commit: f8c79eea11ac96019 ("LU-15217 pcc: disable PCC for encrypted files")
Signed-off-by: Qian Yingjin <qian@ddn.com>
Reviewed-on: https://review.whamcloud.com/45545
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Signed-off-by: James Simmons <jsimmons@infradead.org>
---
fs/lustre/llite/file.c | 3 +++
fs/lustre/llite/pcc.c | 3 +++
2 files changed, 6 insertions(+)
diff --git a/fs/lustre/llite/file.c b/fs/lustre/llite/file.c
index d3374232..898db80 100644
--- a/fs/lustre/llite/file.c
+++ b/fs/lustre/llite/file.c
@@ -3598,6 +3598,9 @@ static long ll_file_unlock_lease(struct file *file, struct ll_ioc_lease *ioc,
if (ioc->lil_count != 1)
return -EINVAL;
+ if (IS_ENCRYPTED(inode))
+ return -EOPNOTSUPP;
+
arg += sizeof(*ioc);
if (copy_from_user(¶m.pa_archive_id, (void __user *)arg,
sizeof(u32))) {
diff --git a/fs/lustre/llite/pcc.c b/fs/lustre/llite/pcc.c
index 8430fff..85114b8 100644
--- a/fs/lustre/llite/pcc.c
+++ b/fs/lustre/llite/pcc.c
@@ -1472,6 +1472,9 @@ int pcc_file_open(struct inode *inode, struct file *file)
if (!S_ISREG(inode->i_mode))
return 0;
+ if (IS_ENCRYPTED(inode))
+ return 0;
+
pcc_inode_lock(inode);
pcci = ll_i2pcci(inode);
--
1.8.3.1
_______________________________________________
lustre-devel mailing list
lustre-devel@lists.lustre.org
http://lists.lustre.org/listinfo.cgi/lustre-devel-lustre.org
next prev parent reply other threads:[~2021-12-12 15:08 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-12 15:07 [lustre-devel] [PATCH 00/12] lustre: backport OpenSFS work Dec 12, 2021 James Simmons
2021-12-12 15:07 ` [lustre-devel] [PATCH 01/12] lustre: llite: do not take mod rpc slot for getxattr James Simmons
2021-12-12 15:07 ` [lustre-devel] [PATCH 02/12] lnet: uapi: move out kernel only code James Simmons
2021-12-12 15:07 ` [lustre-devel] [PATCH 03/12] lustre: ptlrpc: Do not unlink difficult reply until sent James Simmons
2021-12-12 15:07 ` [lustre-devel] [PATCH 04/12] lustre: obdclass: make niduuid for lustre_stop_mgc() static James Simmons
2021-12-12 15:07 ` [lustre-devel] [PATCH 05/12] lnet: Allow specifying a source NID for lnetctl ping James Simmons
2021-12-12 15:07 ` [lustre-devel] [PATCH 06/12] lnet: Fix source specified send to different net James Simmons
2021-12-12 15:07 ` [lustre-devel] [PATCH 07/12] lnet: Fix source specified to routed destination James Simmons
2021-12-12 15:07 ` [lustre-devel] [PATCH 08/12] lustre: obdclass: cosmetic changes in pool handling James Simmons
2021-12-12 15:08 ` [lustre-devel] [PATCH 09/12] lustre: llite: properly detect SELinux disabled case James Simmons
2021-12-12 15:08 ` [lustre-devel] [PATCH 10/12] lnet: o2iblnd: Default map_on_demand to 1 James Simmons
2021-12-12 15:08 ` James Simmons [this message]
2021-12-12 15:08 ` [lustre-devel] [PATCH 12/12] lustre: llite: avoid needless large stats alloc James Simmons
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1639321683-22909-12-git-send-email-jsimmons@infradead.org \
--to=jsimmons@infradead.org \
--cc=adilger@whamcloud.com \
--cc=green@whamcloud.com \
--cc=lustre-devel@lists.lustre.org \
--cc=neilb@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).