[LU-15406] Using the native fscrypt for Ubuntu20 5.4 kernel fails several migration test Created: 03/Jan/22  Updated: 21/Mar/22  Resolved: 18/Jan/22

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: Lustre 2.15.0
Fix Version/s: Lustre 2.15.0

Type: Bug Priority: Critical
Reporter: James A Simmons Assignee: Sebastien Buisson
Resolution: Fixed Votes: 0
Labels: None
Environment:

Ubuntu20 client running 5.4 kernel.

Issue Links:
Related
is related to LU-13717 Client-side encryption - support file... Resolved
Severity: 3
Rank (Obsolete): 9223372036854775807

 Description   

To validate the port of fscrypt for RHEL8 which is from a 5.4 kernel I changed the build system to automatically use the native fscrypt for the Ubuntu 5.4 kernel. In theory it should have identical results. This is not the case which you can see the test failures with patch https://review.whamcloud.com/#/c/45907.

 Comments   
Comment by Peter Jones [ 04/Jan/22 ]

Seb

Could you please investigate?

Thanks

Peter

Comment by Gerrit Updater [ 06/Jan/22 ]

"Sebastien Buisson <sbuisson@ddn.com>" uploaded a new patch: https://review.whamcloud.com/45987
Subject: LU-15406 sec: fix in-kernel fscrypt support
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 6eda4575b6f9bf678c2036d25d500f9e3d9ec335

Comment by Sebastien Buisson [ 06/Jan/22 ]

This problem seen with the in-kernel fscrypt library is limited to file migration (sanity-sec test_52 and test_59b). In this use case, Lustre creates a temporary, volatile file to migrate data. For encrypted files, we explicitly set the encryption context of the volatile file (directly on server side) to be the same as the original file, so that data is encrypted with the same key. Problem is the encryption context of the original file is simply not retrieved when using the in-kernel fscrypt lib. So the volatile file has its own encryption context, which makes the migrated content encrypted with a different key. And this key is trashed. As a consequence, the content of the file after migration cannot just be decrypted properly.

I have pushed https://review.whamcloud.com/45987 to fix this issue.

Comment by James A Simmons [ 06/Jan/22 ]

Thank you. I will test.

Comment by Gerrit Updater [ 18/Jan/22 ]

"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/45987/
Subject: LU-15406 sec: fix in-kernel fscrypt support
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: 2169aed82a32df47be9aef2f249178ede6c7fadd

Comment by Peter Jones [ 18/Jan/22 ]

Landed for 2.15

Generated at Sat Feb 10 03:18:02 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.