[11/12] lustre: pcc: disable PCC for encrypted files

Commit Message

James Simmons Dec. 12, 2021, 3:08 p.m. UTC

From: Qian Yingjin <qian@ddn.com>

When files are encrypted in Lustre using fscrypt, they should
normally not be accessible to users without the proper encyrption
key. However, if a user has then encryption key loaded when they
read a file, it may be decrypted in memory and saved to the PCC
backend in unencrypted form.

Due to the above reason, we just disable PCC caching for encrypted
files.

DDN-bug-id: EX-3571
WC-bug-id: https://jira.whamcloud.com/browse/LU-15217
Lustre-commit: f8c79eea11ac96019 ("LU-15217 pcc: disable PCC for encrypted files")
Signed-off-by: Qian Yingjin <qian@ddn.com>
Reviewed-on: https://review.whamcloud.com/45545
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Signed-off-by: James Simmons <jsimmons@infradead.org>
---
 fs/lustre/llite/file.c | 3 +++
 fs/lustre/llite/pcc.c  | 3 +++
 2 files changed, 6 insertions(+)

Patch

diff --git a/fs/lustre/llite/file.c b/fs/lustre/llite/file.c
index d3374232..898db80 100644
--- a/fs/lustre/llite/file.c
+++ b/fs/lustre/llite/file.c
@@ -3598,6 +3598,9 @@  static long ll_file_unlock_lease(struct file *file, struct ll_ioc_lease *ioc,
 		if (ioc->lil_count != 1)
 			return -EINVAL;
 
+		if (IS_ENCRYPTED(inode))
+			return -EOPNOTSUPP;
+
 		arg += sizeof(*ioc);
 		if (copy_from_user(&param.pa_archive_id, (void __user *)arg,
 				   sizeof(u32))) {
diff --git a/fs/lustre/llite/pcc.c b/fs/lustre/llite/pcc.c
index 8430fff..85114b8 100644
--- a/fs/lustre/llite/pcc.c
+++ b/fs/lustre/llite/pcc.c
@@ -1472,6 +1472,9 @@  int pcc_file_open(struct inode *inode, struct file *file)
 	if (!S_ISREG(inode->i_mode))
 		return 0;
 
+	if (IS_ENCRYPTED(inode))
+		return 0;
+
 	pcc_inode_lock(inode);
 	pcci = ll_i2pcci(inode);