[38/50] lustre: sec: present .fscrypt in subdir mount

Message ID	1647783064-20688-39-git-send-email-jsimmons@infradead.org (mailing list archive)
State	New, archived
Headers	show Return-Path: <lustre-devel-bounces@lists.lustre.org> From: James Simmons <jsimmons@infradead.org> To: Andreas Dilger <adilger@whamcloud.com>, Oleg Drokin <green@whamcloud.com>, NeilBrown <neilb@suse.de> Date: Sun, 20 Mar 2022 09:30:52 -0400 Message-Id: <1647783064-20688-39-git-send-email-jsimmons@infradead.org> In-Reply-To: <1647783064-20688-1-git-send-email-jsimmons@infradead.org> References: <1647783064-20688-1-git-send-email-jsimmons@infradead.org> Subject: [lustre-devel] [PATCH 38/50] lustre: sec: present .fscrypt in subdir mount Precedence: list Cc: Lustre Development List <lustre-devel@lists.lustre.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: lustre-devel-bounces@lists.lustre.org Sender: "lustre-devel" <lustre-devel-bounces@lists.lustre.org>
Series	lustre: update to OpenSFS tree as of March 20, 2022 \| expand [00/50] lustre: update to OpenSFS tree as of March 20, 2022 [01/50] lustre: type cleanups and remove debug statements [02/50] lustre: osc: Fix grant test for ARM [03/50] lnet: extend nids in struct lnet_msg [04/50] lnet: Change lnet_send() to take large-addr nids [05/50] lnet: use large nids in struct lnet_event [06/50] lnet: socklnd: prepare for new KSOCK_MSG type [07/50] lnet: socklnd: don't deref lnet_hdr in LNDs [08/50] lustre: sec: make client encryption compatible with ext4 [09/50] lustre: sec: allow subdir mount of encrypted dir [10/50] lustre: fld: repeat rpc in fld_client_rpc after EAGAIN [11/50] lustre: fld: don't obtain a slot for fld request [12/50] lustre: update version to 2.14.57 [13/50] lustre: llite: deadlock in ll_new_node() [14/50] lnet: o2iblnd: avoid static allocation for msg tx [15/50] lnet: separate lnet_hdr in msg from that in lnd. [16/50] lnet: change lnet_hdr to store large nids. [17/50] lnet: change lnet_prep_send to take net_processid [18/50] lnet: convert to struct lnet_process_id in lib-move [19/50] lnet: convert LNetGetID to return an large-addr pid [20/50] lnet: alter lnd_notify_peer_down() to take lnet_nid [21/50] lnet: socklnd: move lnet_hdr unpack into ->pro_unpack [22/50] lnet: socklnd: Change ksock_hello_msg to struct lnet_nid [23/50] lnet: socklnd: add hello message version 4 [24/50] lnet: Convert ping to support 16-bytes address [25/50] lnet: convert nids in lnet_parse to lnet_nid [26/50] lnet: change src_nid arg to lnet_parse() to 16byte [27/50] lnet: Fix NULL-deref in lnet_nidstr_r() [28/50] lnet: change lnet_del_route() to take lnet_nid [29/50] lustre: llite: Move free user pages [30/50] lustre: llite: Do not get/put DIO pages [31/50] lustre: llite: Remove unnecessary page get/put [32/50] lustre: llite: LL_IOC_LMV_GETSTRIPE 'default' shows inherit layout [33/50] lustre: hsm: update size upon completion of data version [34/50] lustre: llite: Delay dput in ll_dirty_page_discard_warn [35/50] lnet: libcfs: Use FAIL_CHECK_QUIET for fake i/o [36/50] lnet: Avoid peer NI recovery for local interface [37/50] lustre: osc: add OBD_IOC_GETATTR support for osc [38/50] lustre: sec: present .fscrypt in subdir mount [39/50] lnet: improve hash distribution across CPTs [40/50] lustre: osc: osc_extent_wait() deadlock [41/50] lustre: quota: delete unused quota ID [42/50] lnet: Check LNET_NID_IS_ANY in LNET_NID_NET [43/50] lustre: llite: clear async errors on write commit sync [44/50] lnet: lnet_peer_data_present() memory leak [45/50] lnet: Don't use pref NI for reserved portal [46/50] lnet: o2iblnd: avoid memory copy for short msg [47/50] lustre: llite: set default LMV hash type with 2.12 MDS [48/50] lnet: Stop discovery on deleted peer NI [49/50] lustre: sec: fix DIO for encrypted files [50/50] lustre: ptlrpc: Use after free of 'conn' in rhashtable retry

Message ID

1647783064-20688-39-git-send-email-jsimmons@infradead.org (mailing list archive)

State

New, archived

Headers

From: James Simmons <jsimmons@infradead.org>
To: Andreas Dilger <adilger@whamcloud.com>, Oleg Drokin <green@whamcloud.com>,
 NeilBrown <neilb@suse.de>
Date: Sun, 20 Mar 2022 09:30:52 -0400
Message-Id: <1647783064-20688-39-git-send-email-jsimmons@infradead.org>
In-Reply-To: <1647783064-20688-1-git-send-email-jsimmons@infradead.org>
References: <1647783064-20688-1-git-send-email-jsimmons@infradead.org>
Subject: [lustre-devel] [PATCH 38/50] lustre: sec: present .fscrypt in
 subdir mount
Precedence: list
Cc: Lustre Development List <lustre-devel@lists.lustre.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: lustre-devel-bounces@lists.lustre.org
Sender: "lustre-devel" <lustre-devel-bounces@lists.lustre.org>

Series

lustre: update to OpenSFS tree as of March 20, 2022 | expand

Commit Message

James Simmons March 20, 2022, 1:30 p.m. UTC

From: Sebastien Buisson <sbuisson@ddn.com>

fscrypt userspace tool works with a .fscrypt directory at the root of
the file system. In case of subdirectory mount, we virtually present
this .fscrypt directory at the root of the mount point so that fscrypt
can be used. This makes it possible to even do a subdirectory mount of
an encrypted directory, making clients access encrypted content only.
Internally, the .fscrypt directory is always stored at the root of
Lustre.

WC-bug-id: https://jira.whamcloud.com/browse/LU-15176
Lustre-commit: c12378fba7f0aa2f2 ("LU-15176 sec: present .fscrypt in subdir mount")
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Reviewed-on: https://review.whamcloud.com/46167
Reviewed-by: Patrick Farrell <pfarrell@whamcloud.com>
Reviewed-by: James Simmons <jsimmons@infradead.org>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Signed-off-by: James Simmons <jsimmons@infradead.org>
---
 fs/lustre/llite/crypto.c                |  9 +++++++--
 fs/lustre/llite/llite_lib.c             | 11 ++++++++++-
 fs/lustre/llite/namei.c                 |  9 +++++++++
 include/uapi/linux/lustre/lustre_user.h |  1 +
 4 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/fs/lustre/llite/crypto.c b/fs/lustre/llite/crypto.c
index f310d4c..b0e4f76 100644
--- a/fs/lustre/llite/crypto.c
+++ b/fs/lustre/llite/crypto.c
@@ -233,8 +233,13 @@  int ll_setup_filename(struct inode *dir, const struct qstr *iname,
 	}
 	rc = fscrypt_setup_filename(dir, &dname, lookup, fname);
 	if (rc == -ENOENT && lookup &&
-	    !fscrypt_has_encryption_key(dir) &&
-	    unlikely(filename_is_volatile(iname->name, iname->len, NULL))) {
+	    ((is_root_inode(dir) && iname->len == strlen(dot_fscrypt_name) &&
+	      strncmp(iname->name, dot_fscrypt_name, iname->len) == 0) ||
+	     (!fscrypt_has_encryption_key(dir) &&
+	      unlikely(filename_is_volatile(iname->name, iname->len, NULL))))) {
+		/* In case of subdir mount of an encrypted directory, we allow
+		 * lookup of /.fscrypt directory.
+		 */
 		/* For purpose of migration or mirroring without enc key, we
 		 * allow lookup of volatile file without enc context.
 		 */
diff --git a/fs/lustre/llite/llite_lib.c b/fs/lustre/llite/llite_lib.c
index 423c531..8c0a3e0 100644
--- a/fs/lustre/llite/llite_lib.c
+++ b/fs/lustre/llite/llite_lib.c
@@ -3157,7 +3157,16 @@  struct md_op_data *ll_prep_md_op_data(struct md_op_data *op_data,
 		return ERR_PTR(-ENOMEM);
 
 	ll_i2gids(op_data->op_suppgids, i1, i2);
-	op_data->op_fid1 = *ll_inode2fid(i1);
+	/* If the client is using a subdir mount and looks at what it sees as
+	 * /.fscrypt, interpret it as the .fscrypt dir at the root of the fs.
+	 */
+	if (unlikely(i1->i_sb && i1->i_sb->s_root && is_root_inode(i1) &&
+		     !fid_is_root(ll_inode2fid(i1)) &&
+		     name && namelen == strlen(dot_fscrypt_name) &&
+		     strncmp(name, dot_fscrypt_name, namelen) == 0))
+		lu_root_fid(&op_data->op_fid1);
+	else
+		op_data->op_fid1 = *ll_inode2fid(i1);
 
 	if (S_ISDIR(i1->i_mode)) {
 		down_read_non_owner(&ll_i2info(i1)->lli_lsm_sem);
diff --git a/fs/lustre/llite/namei.c b/fs/lustre/llite/namei.c
index 1e3a4fd..c05e3bf 100644
--- a/fs/lustre/llite/namei.c
+++ b/fs/lustre/llite/namei.c
@@ -2068,6 +2068,15 @@  static int ll_rename(struct inode *src, struct dentry *src_dchild,
 	if (IS_ERR(op_data))
 		return PTR_ERR(op_data);
 
+	/* If the client is using a subdir mount and does a rename to what it
+	 * sees as /.fscrypt, interpret it as the .fscrypt dir at fs root.
+	 */
+	if (unlikely(is_root_inode(tgt) && !fid_is_root(ll_inode2fid(tgt)) &&
+		     tgt_dchild->d_name.len == strlen(dot_fscrypt_name) &&
+		     strncmp(tgt_dchild->d_name.name, dot_fscrypt_name,
+			     tgt_dchild->d_name.len) == 0))
+		lu_root_fid(&op_data->op_fid2);
+
 	if (src_dchild->d_inode)
 		op_data->op_fid3 = *ll_inode2fid(src_dchild->d_inode);
 	if (tgt_dchild->d_inode)
diff --git a/include/uapi/linux/lustre/lustre_user.h b/include/uapi/linux/lustre/lustre_user.h
index 2fdd7df..96efdf0 100644
--- a/include/uapi/linux/lustre/lustre_user.h
+++ b/include/uapi/linux/lustre/lustre_user.h
@@ -1856,6 +1856,7 @@  enum ioc_data_version_flags {
 #endif
 
 #define dot_lustre_name ".lustre"
+#define dot_fscrypt_name ".fscrypt"
 
 /********* HSM **********/

[38/50] lustre: sec: present .fscrypt in subdir mount

Commit Message

Patch