-
Sebastien Buisson authoredEncryption layer needs to set an encryption context on files and dirs that are encrypted. This context is stored as an extended attribute, that then needs to be fetched upon metadata ops like lookup, getattr, open, truncate, and layout. With this patch we send encryption context to the MDT along with create RPCs. This closes the insecure window between creation and setting of the encryption context, and saves a setxattr request. This patch also introduces a way to have the MDT return encryption context upon granted lock reply, making the encryption context retrieval atomic, and sparing the client an additional getxattr request. Test-Parameters: testlist=sanity-sec envdefinitions=ONLY="36 37 38 39 40 41 42 43 44 45 46 47 48 49" clientdistro=el8.1 fstype=ldiskfs mdscount=2 mdtcount=4 Test-Parameters: testlist=sanity-sec envdefinitions=ONLY="36 37 38 39 40 41 42 43 44 45 46 47 48 49" clientdistro=el8.1 fstype=zfs mdscount=2 mdtcount=4 Test-Parameters: clientversion=2.12 env=SANITY_EXCEPT="27M 56ra 151 156 802" Test-Parameters: serverversion=2.12 env=SANITY_EXCEPT="56oc 56od 165a 165b 165d 205b" Test-Parameters: serverversion=2.12 clientdistro=el8.1 env=SANITYN_EXCEPT=106,SANITY_EXCEPT="56oc 56od 165a 165b 165d 205b" Signed-off-by:
Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I45599cdff13d5587103aff6edd699abcda6cb8f4
Reviewed-on: https://review.whamcloud.com/38430
Tested-by: jenkins <devops@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Mike Pershin <mpershin@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>40d91eaf