diff --git a/lustre/llite/file.c b/lustre/llite/file.c
index 02cc2525006e3460d479cf219446b091959add3e..494b562da25a0b79d1effd3c7df16437c72e70f7 100644
--- a/lustre/llite/file.c
+++ b/lustre/llite/file.c
@@ -1914,6 +1914,10 @@ int ll_setxattr_internal(struct inode *inode, const char *name,
if (strcmp(name, XATTR_NAME_ACL_ACCESS) == 0) {
rc = ll_crypto_get_mac(inode, &attr, (void *)value, size,
&key, &key_size);
+ if (rc) {
+ CERROR("can not get right mac, rc=%d\n", rc);
+ GOTO(out, rc);
+ }
}
OBD_ALLOC(op_data, sizeof(*op_data));
@@ -1927,13 +1931,13 @@ int ll_setxattr_internal(struct inode *inode, const char *name,
(void *)value, size, key, key_size, &request);
OBD_FREE(op_data, sizeof(*op_data));
- if (key && key_size)
- OBD_FREE(key, key_size);
if (rc) {
CDEBUG(D_SEC, "md_setattr fails: rc = %d\n", rc);
GOTO(out, rc);
}
out:
+ if (key && key_size)
+ OBD_FREE(key, key_size);
ptlrpc_req_finished(request);
RETURN(rc);
}
diff --git a/lustre/llite/llite_gs.c b/lustre/llite/llite_gs.c
index b97366e43e33a7ce895a371d440b58c4c4846413..841d349ec24fa319cb3e219418d0dd21aae7cee9 100644
--- a/lustre/llite/llite_gs.c
+++ b/lustre/llite/llite_gs.c
@@ -458,11 +458,11 @@ int ll_gks_get_mac(struct inode *inode, struct iattr *iattr, void *value,
key_size, ckey);
if (rc) {
CERROR("decrypt key error rc %d \n", rc);
+ *key_size = 0;
GOTO(out, rc);
}
*key = ckey;
iattr->ia_valid |= ATTR_MAC;
- EXIT;
out:
if (acl)
posix_acl_release(acl);
@@ -474,7 +474,7 @@ out:
OBD_FREE(kperm, kperm_size);
if (kcontext)
OBD_FREE(kcontext, kcontext_size);
- return rc;
+ RETURN(rc);
}
static int ll_crypt_permission_check(struct lustre_key *lkey,
diff --git a/lustre/llite/llite_lib.c b/lustre/llite/llite_lib.c
index de8f3444d49df60b237e9b1c3d3a5e4e30419d02..8c625cd372f4daacc455e63baf97852bbeb7bb42 100644
--- a/lustre/llite/llite_lib.c
+++ b/lustre/llite/llite_lib.c
@@ -1282,9 +1282,15 @@ int ll_setattr_raw(struct inode *inode, struct iattr *attr)
RETURN(-ENOMEM);
ll_inode2mdc_data(op_data, inode, (OBD_MD_FLID | OBD_MD_MEA));
- if (ia_valid & (ATTR_UID | ATTR_GID)) {
+ if (ia_valid & (ATTR_UID | ATTR_GID | ATTR_MODE)) {
rc = ll_crypto_get_mac(inode, attr, NULL, 0, &key,
&key_size);
+ if (rc) {
+ CERROR("can not get right mac, rc=%d\n", rc);
+ if (key && key_size)
+ OBD_FREE(key, key_size);
+ RETURN(rc);
+ }
}
rc = md_setattr(sbi->ll_md_exp, op_data,
attr, key, key_size, NULL, 0, NULL,
diff --git a/lustre/tests/sanity-crypto.sh b/lustre/tests/sanity-crypto.sh
index ade5a6c0c38000cdc84d32e8999d9b27e4c94106..bfb5841acc0e48fea49db007f0cec02946668958 100755
--- a/lustre/tests/sanity-crypto.sh
+++ b/lustre/tests/sanity-crypto.sh
@@ -170,7 +170,7 @@ test_3a() {
enable_encrypt $MOUNT
diff -u $DIR1/3a0 $DIR2/3a1 || error "files are different"
}
-run_test 3a "write chmod encryption============="
+run_test 3a "write chown encryption============="
test_4a() {
rm -rf $DIR1/4a*
@@ -206,5 +206,23 @@ test_5a() {
}
run_test 5a "write chacl encryption============="
+test_6a() {
+ rm -rf $DIR1/6a*
+ enable_encrypt $MOUNT
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/6a0
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR2/6a1
+ chown 0600 $DIR1/6a0
+ setfacl -m u:bin:rw $DIR1/6a0
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/6a0 || error "chown write error"
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/6a1
+ diff -u $DIR1/6a0 $DIR2/6a1 || error "files are different"
+ echo "enable crypt read success"
+ disable_encrypt $MOUNT
+ diff -u $DIR1/6a0 $DIR2/6a1 && error "write encryption failed"
+ enable_encrypt $MOUNT
+ diff -u $DIR1/6a0 $DIR2/6a1 || error "files are different"
+}
+run_test 6a "write chmod/setfacl encryption============="
+
$CLEANUP