client: ll_set_fscrypt_policy_v2 separate "directory empty" logic

Move "directory empty" logic to new method "_is_empty_directory".
Future logic will not be a one-liner, so let's keep it separate.

Resolves: rhbz#2376757
Signed-off-by: Marcus Watts <mwatts@redhat.com>
(cherry picked from commit f0cf85a595876165e2c0eb2ca584e97f44971f9d)

test/pybind/cephfs: add tests for fcopyfile()

Signed-off-by: Rishabh Dave <ridave@redhat.com>

client: in fcopyfile(), update len to read only leftover fragment

fcopyfile() reads 1 MiB of data every time but when a fragment smaller
than 1 MiB is left, it still reads 1 MiB of data, causing to never meet
the condition of "off == size". This leads to an infinity loop which
continues to write until CephFS becomes full.

Resolves: rhbz#2379716
Fixes: https://tracker.ceph.com/issues/72238
Signed-off-by: Rishabh Dave <ridave@redhat.com>

test: Test unsupported fscrypt policy

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Check for supported fscrypt policy

When setting a policy on a directory, check to make sure
policy is supported.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

qa/cephfs: Add test case for enctag too long

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

mgr/volumes: Enforce enctag max size

Introduce enctag max length. Include error messages when
outside of range.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

qa: Add interop testing between fscrypt fuse and kclient

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: make FSCryptDecryptedInodes std::shared_ptr

To help eliminate memory leaks, use std::shared_ptr
for keeping track of FSCryptDecryptedInodes instances.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

libcephfs: Include libcephfs.h def for ceph_get_fscrypt_key_status

The libcephfs api header definition for call ceph_get_fscrypt_key_status
was not defined. Define this api call in libcephfs.h.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

doc/cephfs, qa/cephfs: Reword some documentation.

Reword some documentation for enctag and mount.py
function descriptions.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: During fscrypt write skip unneeded reads

During an fscrypt write a read may be needed to ensure changed
portion of file is merged with an existing data block. No need
to read unnecessarily when writes line up to fscrypt block and
span a whole block or more.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

qa/tasks/vstart_runner.py: remove write_file from LocalRemote

Instead of defining write_file in vstart_runner.py, use write_file
included in remote.py. That way we do not have to maintain two
different versions.

Fixes: https://tracker.ceph.com/issues/72463
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Address misc comments

Removed ifdef for a failure we encountered during rebase against
case sensitive feature
-https://github.com/ceph/ceph/pull/61137#discussion_r2006324762w

Add debug dout when entering WriteEncMgr::read
-https://github.com/ceph/ceph/pull/61137#discussion_r2008140457

Remove FILE_RD mark_caps_dirty
-https://github.com/ceph/ceph/pull/61137#discussion_r2008192250

Add comment to various lines
-https://github.com/ceph/ceph/pull/61137#discussion_r2006301120
-https://github.com/ceph/ceph/pull/61137#discussion_r2006247613
-https://github.com/ceph/ceph/pull/61137#discussion_r2006251232

During write_success mark FILE_WR as dirty
-https://github.com/ceph/ceph/pull/61137#discussion_r2008210365

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: turn is_encrypted into helper

Turn is_encrypted into helper functions. Add test to
validate is_encrypted.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: skip fscrypt decrypt_bl if data bl is empty.

Fixes: https://tracker.ceph.com/issues/72237
Fixes: https://tracker.ceph.com/issues/72192
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Match functionality of nonblocking_read_sync read_sync

If ENOENT is returned from OSDs, set r = 0 to match read_sync
functionality.

Fixes: https://tracker.ceph.com/issues/72143
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: During fscrypt rmw (write) use correct read type

During fscrypt rmw use internal Client::_read to utilize
correct buffered or non buffered reads based on client wide
options. For example, if client_oc = false, use only
non-buffered reads in rmw.

Fixes: https://tracker.ceph.com/issues/72143
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: During fscrypt set policy check null dentries

During the dir empty check in set policy check null dentries.

Fixes: https://tracker.ceph.com/issues/71926
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: During fscrypt set policy bail if policy exists

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client, libcephfs: Expose fscrypt apis as low level

Add low level versions of fscrypt apis to support
protocols such as NFS.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Breakout fscrypt get policy into method

Breakout fscrypt get policy into a method. Add
ceph_get_fscrypt_policy_v2 support.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Rework fscrypt set policy to match fscrypt specification

When an fscrypt policy is set to an existing fscrypt directory
it should only return EEXIST if policy being applied differs

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Fix logic in fscrypt hole optimization

In fscrypt decryption code path, ensure if a data block
is hit when there are holes present in adjacent blocks,
that we exit hole traversal and continue on to decrypt the block.

Fixes: https://tracker.ceph.com/issues/71602
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

Address misc comments

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Cache client_fscrypt_as config value

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client, test: Remove FS_IOC_GETFLAGS and STATX_ATTR_ENCRYPTED

Remove previous work done to support FSCrypt encrypted in
FS_IOC_GETFLAGS which changes the structure of statx ABI.
This is due to backward compatibility issues.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Skip fscrypt_last_block if in non-fscrypt mode

Skip reading and sending fscrypt_last_block if client_fscrypt_as
is false during do_setattr. Without the key, fscrypt truncate is
not possible on fscrypt block boundary.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Implement cloning fscrypt subvolume snaps

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client, libcephfs: Add fcopyfile bindings

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

pybind/mgr/volumes/fs: Prepare mgr to clone fscrypt snaps

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

qa: Add tests for fscrypt subvolume

Add various tests for fscrypt subvolumes such as
snapshots and verifying clones.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Allow for reading raw written data.

When looking up the effective_size and the client_fscrypt_as
option is false show the inode size value. This will allow for
reading raw encrypted data when no key is provided.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

fuse client: map ENOKEY return value to itself

Signed-off-by: Igor Golikov <igolikov@ibm.com>

client: do not fscrypt encrypt snapshot names

Snapshot names are visible within the .snap directory
as dir entries. They can be created by a client that
has an fscrypt key present and also by the manager who
does not have any key. While the client with the key
can create an encrypted name the manager cannot.
Standardize functionality of these semantics to the
common of the two.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Simplify getting decrypted fname

During unwrap name, get_decrypted_fname parameters accepts
dname/b64 name and altname. If altname holds a value, this means
that a plaintext name will be built from altname. In this
case, dname/b64 name is irrelevant. In the case of empty altname,
build name from b64 name.

Fixes: https://tracker.ceph.com/issues/70995
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Rework vxattr_cb_fscrypt_file_set to assign properly

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: provide fscrypt vxattrs in CapSnap

Fixes: https://tracker.ceph.com/issues/70979
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Only run complete in read_modify_write if finish provided

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: correctly account for Client::WriteEncMgr() ref counts

Signed-off-by: Venky Shankar <vshankar@redhat.com>

client: remove unneeded goto jump

Signed-off-by: Venky Shankar <vshankar@redhat.com>

test: clean up some warnings

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

qa: Add fscrypt unit tests to workunits

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Add additional case for fscrypt enabled setattr

During setattr in fscrypt case, there's two cases that happen
1. A logical size is provided and then a vector must be populated.
2. A request from setxattr is received and fscrypt_file vector
   is already set.

Also rework tests when setting fscrypt_file, to use logical sizes.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Check for dname max len before wrapping name

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Add fscrypt enc support to C_Read_Sync_NonBlocking

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Address misc comments Mar 24

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

Fix Testclient bug

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Add shared_mutex

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: When creating WriteEncMgr take into account client_oc

When determining if a write is buffered or not, take into account
the client_oc config. This option allows non-buffered writes when
caps normally used in buffered writes are present.

Fixes: https://tracker.ceph.com/issues/70568
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Add client_fscrypt_as option

Add option to toggle enforcement of fscrypt access semantics.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: simplify some filepath constructions

And add notes where it could maybe be simplified further.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

client: print readable encrypted names

Replace non-printable characters with '.'.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

client: catch error opening snapdir inside snap

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

client: do not wrap ceph special names

This avoids encrypting .snap which prevents Client::_lookup from opening the
snapdir.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

client: remove remaining fscrypt conflicts

There also seems to be some missing calls to

    gen_inherited_fscrypt_auth

?

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

client: use path walk and on-the-fly enc/dec for fscrypt

The code before would encrypt/decrypt the dentry and store the result as the
dentry name. This would cause the client to have a different view of the dentry
names compared to the MDS. This created an unnecessary and complex divergence
that requires fixing the name in any code path involving the MDS.

Instead, maintain the same view as before with the MDS. The client uses the new
`Client::path_walk`, `Client::_wrap_name`, and `Client::_unwrap_name`
mechanisms to correctly change from the application's namespace (unencrypted /
case insensitve names) to the Client/MDS namespace.

The complication here is that the Client now needs to recompute the
encrypted/decrypted name for any path walk. This can and should be mitigated by
memoizing the results of the decryption/encryption. This is particularly
important as we can keep the decrypted names in a separate memory region that
is protected from core dump / trace inspection.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

client: Use correct sizes in write_success

Write success had some incorrect usage of sizes.
request_[size|offset] refers to logical size
toalwritten + offset refers to written to osd size

Fixes: https://tracker.ceph.com/issues/70193
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Use PATH_MAX for max size of fscrypt enabled symlinks

Fixes: https://tracker.ceph.com/issues/70194
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

cephfs/test_volumes: Create tests for enctag

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

doc: Add documentation for enctag in subvolume

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Add is_encrypted libcephfs api

Given a fd, will return if is encrypted or not.
Optionally, an enctag will be returned if set.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

mgr/volumes: Add enctag to subvol

Add functionality to support enctag for subvols. This
will be useful for app or administrator to know which
master key to use.

Fixes: https://tracker.ceph.com/issues/69693
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Use new errno identifiers

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: use fscrypt headers provided by linux

Fixes: https://tracker.ceph.com/issues/68116
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Fix up a few things in read_sync path

Fix up a few things in read_sync path
1. File size may not be updated locally, do not check for trim read
2. Do not get_cap before RMW, each do_write takes care of having proper caps

Fixes: https://tracker.ceph.com/issues/69796
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Calculate len before prepare_data_read

Fixes: https://tracker.ceph.com/issues/69797
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: During fscrypt write, ensure we get Fr cap

During fscrypt write will require Fr cap. It's best to ensure
this requirement is handled at the cap level instead of at the mode
level. Otherwise, O_WRONLY flag won't be enforced.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

test/libcephfs: Add skips to tests where mount root is a subdir

When dir_prefix is a subdir, skip tests that expect
behavior of "/" to be on root of filesystem.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Use enc_name when linking a fscrypt enabled inode

Fixes: https://tracker.ceph.com/issues/64163
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Do not encrypt '.' or '..'

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Use symlink_plain for decrypted fscrypt name

Use symlink_plain for only the value of a decrypted fscrypt
dname.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: fscrypt last block

Support two edge cases in fscrypt last block.

1. When fscrypt last block is not the first block
2. Make sure to clean up SaferCond, allowing for successive
   truncates utilizing lastblock.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Do not decrypt bl on trim read

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: set symlink dest to proper value

Fixes: https://tracker.ceph.com/issues/69442
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

test: Add function policy populator for reuse in fscrypt tests.

Fixes: https://tracker.ceph.com/issues/69161
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: change conditional to check for is locked.

Fixes: https://tracker.ceph.com/issues/64137
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

fuse client, fscrypt, test: Implement and create tests for S_ENCRYPTED in inode i_flags

This PR adds test for S_ENCRYPTED bit in the i_flags field of Inode.
The test implements 2 quering methods: using FS_IOC_GETFLAGS and STATX_ATTR_ENCRYPTED

Fixes: https://tracker.ceph.com/issues/64129
Author: Igor Golikov <igolikov@ibm.com>
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Use correct sizes on write_success

Fixes: https://tracker.ceph.com/issues/69302
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: clear logical size on open(O_TRUNC)

Fixes: https://tracker.ceph.com/issues/65613
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

test, client: implement tests for not supported FALLOC ops, use policy to determine the padding size for encrypted filename

Adding test for not supported FALLOC ops on the encypted tree
Using policy to determine the padding length for encrypted file names and symlinks

Fixes: https://tracker.ceph.com/issues/64162
https://tracker.ceph.com/issues/64131
Author: Igor Golikov <igolikov@ibm.com>
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Add fscrypt last block

Add logic to support fscrypt last block. Includes sending
truncated last block data (decrypted->trunc->encrypted)
from client to mds. The server then writes the last block
on successful truncate.

Fixes: https://tracker.ceph.com/issues/69160
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Ensure file_cache cap is released.

Fixes: https://tracker.ceph.com/issues/68798
Fixes: https://tracker.ceph.com/issues/68831
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Various fixes to fix multi-fuse client

Provide various fixes in which size used in
multi-fuse client tests.

Fixes: https://tracker.ceph.com/issues/68431
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

qa: Convert and create tests for libcephfs fscrypt

Convert existing tests to use teuthology framework.
Create tests to test N>1 fscrypt clients

Fixes: https://tracker.ceph.com/issues/66577
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Update fscrypt_file when mds info is newer

Fixes: https://tracker.ceph.com/issues/68233
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

qa: Add tests of interopability of fscrypt between fuse/kernel

Fixes: https://tracker.ceph.com/issues/66577
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

ObjectCacher: handle nullptr hole case

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

ObjectCacher: On RetryRead, ensure "hole" value is used

On C_RetryRead, ensure "hole" value instead of pointer
to a pointer is used to allow populating vector of holes.

Fixes: https://tracker.ceph.com/issues/67659
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: When calling update_inode_file_size, provide correct size

Fixes: https://tracker.ceph.com/issues/67559
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Use effective_size in eof read

Fixes: https://tracker.ceph.com/issues/67347
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client/FSCrypt: securely erase crypto key

Fixes: https://tracker.ceph.com/issues/64136
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Implement status for fscrypt key status

Fixes: https://tracker.ceph.com/issues/64130
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: Add busy case on key removal

Fixes: https://tracker.ceph.com/issues/64159
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

fuse: enable ioctl on dir for fscrypt

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

src/test/libcephfs: add test cases for fscrypt key removal busy case

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

qa: Added workunits for testing problem snippets on rmw workloads

Fixes: https://tracker.ceph.com/issues/66038
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

qa: Allow fscrypt testing on fuse

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: fix non-encrypted case in read_sync

Only append pbl to bl if encrypted case.

Fixes: https://tracker.ceph.com/issues/65964
Signed-off-by: Christopher Hoffman <choffman@redhat.com>

client: fscrypt rmw fails when endoff end of block or file
Fscrypt rmw fails when end of a write lines up with end of
a block or end of the file.

Fixes: https://tracker.ceph.com/issues/65745
Signed-off-by: Christopher Hoffman <choffman@redhat.com>