client: Cache client_fscrypt_as config value

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client, test: Remove FS_IOC_GETFLAGS and STATX_ATTR_ENCRYPTED

Remove previous work done to support FSCrypt encrypted in
FS_IOC_GETFLAGS which changes the structure of statx ABI.
This is due to backward compatibility issues.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Skip fscrypt_last_block if in non-fscrypt mode

Skip reading and sending fscrypt_last_block if client_fscrypt_as
is false during do_setattr. Without the key, fscrypt truncate is
not possible on fscrypt block boundary.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Implement cloning fscrypt subvolume snaps

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client, libcephfs: Add fcopyfile bindings

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

pybind/mgr/volumes/fs: Prepare mgr to clone fscrypt snaps

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

qa: Add tests for fscrypt subvolume

Add various tests for fscrypt subvolumes such as
snapshots and verifying clones.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Allow for reading raw written data.

When looking up the effective_size and the client_fscrypt_as
option is false show the inode size value. This will allow for
reading raw encrypted data when no key is provided.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

fuse client: map ENOKEY return value to itself

Signed-off-by: Igor Golikov <igolikov@ibm.com>

client: do not fscrypt encrypt snapshot names

Snapshot names are visible within the .snap directory
as dir entries. They can be created by a client that
has an fscrypt key present and also by the manager who
does not have any key. While the client with the key
can create an encrypted name the manager cannot.
Standardize functionality of these semantics to the
common of the two.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Simplify getting decrypted fname

During unwrap name, get_decrypted_fname parameters accepts
dname/b64 name and altname. If altname holds a value, this means
that a plaintext name will be built from altname. In this
case, dname/b64 name is irrelevant. In the case of empty altname,
build name from b64 name.

Fixes: https://tracker.ceph.com/issues/70995
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Rework vxattr_cb_fscrypt_file_set to assign properly

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: provide fscrypt vxattrs in CapSnap

Fixes: https://tracker.ceph.com/issues/70979
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Only run complete in read_modify_write if finish provided

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: correctly account for Client::WriteEncMgr() ref counts

Signed-off-by: Venky Shankar <vshankar@redhat.com>

client: remove unneeded goto jump

Signed-off-by: Venky Shankar <vshankar@redhat.com>

test: clean up some warnings

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

qa: Add fscrypt unit tests to workunits

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Add additional case for fscrypt enabled setattr

During setattr in fscrypt case, there's two cases that happen
1. A logical size is provided and then a vector must be populated.
2. A request from setxattr is received and fscrypt_file vector
   is already set.

Also rework tests when setting fscrypt_file, to use logical sizes.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Check for dname max len before wrapping name

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Add fscrypt enc support to C_Read_Sync_NonBlocking

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Address misc comments Mar 24

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

Fix Testclient bug

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Add shared_mutex

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: When creating WriteEncMgr take into account client_oc

When determining if a write is buffered or not, take into account
the client_oc config. This option allows non-buffered writes when
caps normally used in buffered writes are present.

Fixes: https://tracker.ceph.com/issues/70568
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Add client_fscrypt_as option

Add option to toggle enforcement of fscrypt access semantics.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: simplify some filepath constructions

And add notes where it could maybe be simplified further.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

client: print readable encrypted names

Replace non-printable characters with '.'.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

client: catch error opening snapdir inside snap

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

client: do not wrap ceph special names

This avoids encrypting .snap which prevents Client::_lookup from opening the
snapdir.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

client: remove remaining fscrypt conflicts

There also seems to be some missing calls to

    gen_inherited_fscrypt_auth

?

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

client: use path walk and on-the-fly enc/dec for fscrypt

The code before would encrypt/decrypt the dentry and store the result as the
dentry name. This would cause the client to have a different view of the dentry
names compared to the MDS. This created an unnecessary and complex divergence
that requires fixing the name in any code path involving the MDS.

Instead, maintain the same view as before with the MDS. The client uses the new
`Client::path_walk`, `Client::_wrap_name`, and `Client::_unwrap_name`
mechanisms to correctly change from the application's namespace (unencrypted /
case insensitve names) to the Client/MDS namespace.

The complication here is that the Client now needs to recompute the
encrypted/decrypted name for any path walk. This can and should be mitigated by
memoizing the results of the decryption/encryption. This is particularly
important as we can keep the decrypted names in a separate memory region that
is protected from core dump / trace inspection.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

client: Use correct sizes in write_success

Write success had some incorrect usage of sizes.
request_[size|offset] refers to logical size
toalwritten + offset refers to written to osd size

Fixes: https://tracker.ceph.com/issues/70193
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Use PATH_MAX for max size of fscrypt enabled symlinks

Fixes: https://tracker.ceph.com/issues/70194
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

cephfs/test_volumes: Create tests for enctag

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

doc: Add documentation for enctag in subvolume

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Add is_encrypted libcephfs api

Given a fd, will return if is encrypted or not.
Optionally, an enctag will be returned if set.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

mgr/volumes: Add enctag to subvol

Add functionality to support enctag for subvols. This
will be useful for app or administrator to know which
master key to use.

Fixes: https://tracker.ceph.com/issues/69693
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Use new errno identifiers

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: use fscrypt headers provided by linux

Fixes: https://tracker.ceph.com/issues/68116
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Fix up a few things in read_sync path

Fix up a few things in read_sync path
1. File size may not be updated locally, do not check for trim read
2. Do not get_cap before RMW, each do_write takes care of having proper caps

Fixes: https://tracker.ceph.com/issues/69796
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Calculate len before prepare_data_read

Fixes: https://tracker.ceph.com/issues/69797
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: During fscrypt write, ensure we get Fr cap

During fscrypt write will require Fr cap. It's best to ensure
this requirement is handled at the cap level instead of at the mode
level. Otherwise, O_WRONLY flag won't be enforced.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

test/libcephfs: Add skips to tests where mount root is a subdir

When dir_prefix is a subdir, skip tests that expect
behavior of "/" to be on root of filesystem.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Use enc_name when linking a fscrypt enabled inode

Fixes: https://tracker.ceph.com/issues/64163
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Do not encrypt '.' or '..'

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Use symlink_plain for decrypted fscrypt name

Use symlink_plain for only the value of a decrypted fscrypt
dname.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: fscrypt last block

Support two edge cases in fscrypt last block.

1. When fscrypt last block is not the first block
2. Make sure to clean up SaferCond, allowing for successive
   truncates utilizing lastblock.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Do not decrypt bl on trim read

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: set symlink dest to proper value

Fixes: https://tracker.ceph.com/issues/69442
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

test: Add function policy populator for reuse in fscrypt tests.

Fixes: https://tracker.ceph.com/issues/69161
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: change conditional to check for is locked.

Fixes: https://tracker.ceph.com/issues/64137
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

fuse client, fscrypt, test: Implement and create tests for S_ENCRYPTED in inode i_flags

This PR adds test for S_ENCRYPTED bit in the i_flags field of Inode.
The test implements 2 quering methods: using FS_IOC_GETFLAGS and STATX_ATTR_ENCRYPTED

Fixes: https://tracker.ceph.com/issues/64129
Author: Igor Golikov <igolikov@ibm.com>
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Use correct sizes on write_success

Fixes: https://tracker.ceph.com/issues/69302
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: clear logical size on open(O_TRUNC)

Fixes: https://tracker.ceph.com/issues/65613
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

test, client: implement tests for not supported FALLOC ops, use policy to determine the padding size for encrypted filename

Adding test for not supported FALLOC ops on the encypted tree
Using policy to determine the padding length for encrypted file names and symlinks

Fixes: https://tracker.ceph.com/issues/64162
https://tracker.ceph.com/issues/64131
Author: Igor Golikov <igolikov@ibm.com>
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Add fscrypt last block

Add logic to support fscrypt last block. Includes sending
truncated last block data (decrypted->trunc->encrypted)
from client to mds. The server then writes the last block
on successful truncate.

Fixes: https://tracker.ceph.com/issues/69160
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Ensure file_cache cap is released.

Fixes: https://tracker.ceph.com/issues/68798
Fixes: https://tracker.ceph.com/issues/68831
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Various fixes to fix multi-fuse client

Provide various fixes in which size used in
multi-fuse client tests.

Fixes: https://tracker.ceph.com/issues/68431
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

qa: Convert and create tests for libcephfs fscrypt

Convert existing tests to use teuthology framework.
Create tests to test N>1 fscrypt clients

Fixes: https://tracker.ceph.com/issues/66577
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Update fscrypt_file when mds info is newer

Fixes: https://tracker.ceph.com/issues/68233
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

qa: Add tests of interopability of fscrypt between fuse/kernel

Fixes: https://tracker.ceph.com/issues/66577
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

ObjectCacher: handle nullptr hole case

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

ObjectCacher: On RetryRead, ensure "hole" value is used

On C_RetryRead, ensure "hole" value instead of pointer
to a pointer is used to allow populating vector of holes.

Fixes: https://tracker.ceph.com/issues/67659
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: When calling update_inode_file_size, provide correct size

Fixes: https://tracker.ceph.com/issues/67559
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Use effective_size in eof read

Fixes: https://tracker.ceph.com/issues/67347
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client/FSCrypt: securely erase crypto key

Fixes: https://tracker.ceph.com/issues/64136
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Implement status for fscrypt key status

Fixes: https://tracker.ceph.com/issues/64130
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Add busy case on key removal

Fixes: https://tracker.ceph.com/issues/64159
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

fuse: enable ioctl on dir for fscrypt

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

src/test/libcephfs: add test cases for fscrypt key removal busy case

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

qa: Added workunits for testing problem snippets on rmw workloads

Fixes: https://tracker.ceph.com/issues/66038
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

qa: Allow fscrypt testing on fuse

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: fix non-encrypted case in read_sync

Only append pbl to bl if encrypted case.

Fixes: https://tracker.ceph.com/issues/65964
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: fscrypt rmw fails when endoff end of block or file
Fscrypt rmw fails when end of a write lines up with end of
a block or end of the file.

Fixes: https://tracker.ceph.com/issues/65745
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: During lookup of fscrypt symlink, use target fscrypt info.

During a lookup of fscrypt enabled symlink, use target fscrypt
info. This must be used because enc key for each file is derived
from master_key+nonce.

Fixes: https://tracker.ceph.com/issues/65615
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Fix logic in need read start/end to account for fscrypt.

Fix the logic in need read start/end. We need to make sure that a
whole block is read when a rmw is issued, regardless if it starts
at offset 0 or not. Change size that may be read from where offset
starts to the whole fscrypt block.

Fixes: https://tracker.ceph.com/issues/64819
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: After a rebase, no lock is necessary.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

Client: fix O_TRUNC issue

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Ensure symlink plaintext is set

When creating symlink, ensure symlink_plain is set in fscrypt and
non-fscrypt cases.

Fixes: https://tracker.ceph.com/issues/64691
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: rmw doesn't get_cap_ref like it should. After rmw,
it put_cap_ref and it didn't happen. Issue with bool need_read.

Fixes: https://tracker.ceph.com/issues/64307
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

Populate add key return

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

test: Add test for semantics

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: On fscrypt enabled directories, only allow read/write to files
in dir when unlocked. Client should not be able to read/write the encrypted payload.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

fscrypt: Add tests for add key, remove key, set policy.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Allow setpolicy only on dir and when it is empty.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

Add multi user support on a unlock claim.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client,test,osdc: add beginnings of fscrypt support

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>

Merge pull request #64981 from zdover23/wip-doc-2025-08-12-cephfs-troubleshooting

doc/cephfs: edit troubleshooting.rst

Reviewed-by: Anthony D'Atri <anthony.datri@gmail.com>

Merge pull request #64930 from zdover23/wip-doc-2025-08-10-cephfs-troubleshooting-3

doc/cephfs: edit troubleshooting.rst

Reviewed-by: Anthony D'Atri <anthony.datri@gmail.com>

Merge pull request #64923 from zdover23/wip-doc-2025-08-09-cephfs-troubleshooting-3

doc/cephfs: edit troubleshooting.rst

Reviewed-by: Anthony D'Atri <anthony.datri@gmail.com>

Merge pull request #64922 from zdover23/wip-doc-2025-08-09-cephfs-troubleshooting-2

doc/cephfs: edit troubleshooting.rst

Reviewed-by: Anthony D'Atri <anthony.datri@gmail.com>

Merge pull request #64811 from ceph/fix-dependabot_dashboard_upgrades-main

dependabot: stop dashboard npm upgrade PRs

doc/cephfs: edit troubleshooting.rst

Edit the "Mount 5 Error" and "Mount 12 Error" sections of
doc/cephfs/troubleshooting.rst.

Signed-off-by: Zac Dover <zac.dover@proton.me>

Merge pull request #64982 from zdover23/wip-doc-2025-08-12-cephfs-troubleshooting-2

doc/cephfs: edit troubleshooting.rst

Reviewed-by: Anthony D'Atri <anthony.datri@gmail.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>

Merge pull request #65008 from chanyoung/omap-fast-check-mappings

test/crimson/seastore/test_omap_manager: faster check mappings

Reviewed-by: Samuel Just <sjust@redhat.com>

Merge pull request #65013 from Naveenaidu/wip-naveen-update-cephadm-docs

doc/man/cephadm: update `--orphan-initial-daemons` argument description

Merge pull request #63938 from tchaikov/wip-osd-recalc-decode

osd: recalculate coll_t::_str during decode() to fix stale values

Reviewed-by: Samuel Just <sjust@redhat.com>

Merge pull request #61770 from rkachach/fix_issue_69484

Prometheus configuration generation improvements

Reviewed-by: nizamial09 <nia@redhat.com>

doc/man/cephadm: update --orphan-initial-daemons argument description

Signed-off-by: Naveen Naidu <naveen.naidu@ibm.com>