From ac522557b1fe3ea2b7275fa6d5df73691b8d06db Mon Sep 17 00:00:00 2001
From: Sebastien Buisson <sbuisson@ddn.com>
Date: Wed, 12 Jul 2023 15:32:26 +0200
Subject: [PATCH] LU-16374 enc: rename O_FILE_ENC to O_CIPHERTEXT

Rename O_FILE_ENC to O_CIPHERTEXT as per discussion in linux-fscrypt
mailing-list.
Also change the flag combination to be:
O_NOCTTY | O_NDELAY | O_DSYNC
to avoid the risk of accidental issues with tar that already opens
files with the 'O_NOCTTY | O_NDELAY' combination.

O_DSYNC does not make much sense for O_RDONLY files, but will force
writes on encrypted restore to be synchronous. With O_DIRECT and large
enough writes (32MB?) that might be OK, but not ideal for small files.

Fixes: fdbf2ffd41 ("LU-14677 sec: no encryption key migrate/extend/resync/split")
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I36fed17a413ee690bc445c3e76674ed5fc337de5
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/51640
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: James Simmons <jsimmons@infradead.org>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
---
 lustre/include/uapi/linux/lustre/lustre_user.h |  4 ++--
 lustre/llite/crypto.c                          |  6 +++---
 lustre/llite/namei.c                           |  4 ++--
 lustre/utils/lfs.c                             | 12 ++++++------
 lustre/utils/liblustreapi_layout.c             |  4 ++--
 5 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/lustre/include/uapi/linux/lustre/lustre_user.h b/lustre/include/uapi/linux/lustre/lustre_user.h
index 3b954e3..3bdae7f 100644
--- a/lustre/include/uapi/linux/lustre/lustre_user.h
+++ b/lustre/include/uapi/linux/lustre/lustre_user.h
@@ -686,10 +686,10 @@ struct fsxattr {
 #define O_LOV_DELAY_CREATE_MASK	(O_NOCTTY | FASYNC)
 #define O_LOV_DELAY_CREATE		(O_LOV_DELAY_CREATE_1_8 | \
 					 O_LOV_DELAY_CREATE_MASK)
-/* O_FILE_ENC principle is similar to O_LOV_DELAY_CREATE above,
+/* O_CIPHERTEXT principle is similar to O_LOV_DELAY_CREATE above,
  * for access to encrypted files without the encryption key.
  */
-#define O_FILE_ENC		(O_NOCTTY | O_NDELAY)
+#define O_CIPHERTEXT		(O_NOCTTY | O_NDELAY | O_DSYNC)
 
 #define LL_FILE_IGNORE_LOCK     0x00000001
 #define LL_FILE_GROUP_LOCKED    0x00000002
diff --git a/lustre/llite/crypto.c b/lustre/llite/crypto.c
index d93f22c..728fa81 100644
--- a/lustre/llite/crypto.c
+++ b/lustre/llite/crypto.c
@@ -126,7 +126,7 @@ static int ll_set_context(struct inode *inode, const void *ctx, size_t len,
  *
  * This overlay function is necessary to handle encrypted file open without
  * the key. We allow this access pattern to applications that know what they
- * are doing, by using the specific flag O_FILE_ENC.
+ * are doing, by using the specific flag O_CIPHERTEXT.
  * This flag is only compatible with O_DIRECT IOs, to make sure ciphertext
  * data is wiped from page cache once IOs are finished.
  */
@@ -139,9 +139,9 @@ int ll_file_open_encrypt(struct inode *inode, struct file *filp)
 		return rc;
 
 	if (rc == -ENOKEY &&
-	    (filp->f_flags & O_FILE_ENC) == O_FILE_ENC &&
+	    (filp->f_flags & O_CIPHERTEXT) == O_CIPHERTEXT &&
 	    filp->f_flags & O_DIRECT)
-		/* allow file open with O_FILE_ENC flag when we have O_DIRECT */
+		/* allow open with O_CIPHERTEXT flag when we have O_DIRECT */
 		rc = 0;
 
 	return rc;
diff --git a/lustre/llite/namei.c b/lustre/llite/namei.c
index 763dca5..5f5dc12 100644
--- a/lustre/llite/namei.c
+++ b/lustre/llite/namei.c
@@ -1247,7 +1247,7 @@ static int ll_atomic_open(struct inode *dir, struct dentry *dentry,
 			if (!llcrypt_has_encryption_key(dir) &&
 			    (!filename_is_volatile(dentry->d_name.name,
 						   dentry->d_name.len, NULL) ||
-			    (open_flags & O_FILE_ENC) != O_FILE_ENC ||
+			    (open_flags & O_CIPHERTEXT) != O_CIPHERTEXT ||
 			    !(open_flags & O_DIRECT)))
 				GOTO(out_release, rc = -ENOKEY);
 		}
@@ -1450,7 +1450,7 @@ static int ll_create_it(struct inode *dir, struct dentry *dentry,
 		if (!llcrypt_has_encryption_key(dir) &&
 		    filename_is_volatile(dentry->d_name.name,
 					 dentry->d_name.len, NULL) &&
-		    (open_flags & O_FILE_ENC) == O_FILE_ENC &&
+		    (open_flags & O_CIPHERTEXT) == O_CIPHERTEXT &&
 		    open_flags & O_DIRECT)
 			preload = false;
 		rc = ll_set_encflags(inode, encctx, encctxlen, preload);
diff --git a/lustre/utils/lfs.c b/lustre/utils/lfs.c
index 54b7a23..1e10042 100644
--- a/lustre/utils/lfs.c
+++ b/lustre/utils/lfs.c
@@ -663,7 +663,7 @@ migrate_open_files(const char *name, __u64 migration_flags,
 	 * layout swap on fd
 	 */
 	/* Allow migrating even without the key on encrypted files */
-	rflags = O_RDWR | O_NOATIME | O_FILE_ENC;
+	rflags = O_RDWR | O_NOATIME | O_CIPHERTEXT;
 	if (!(migration_flags & LLAPI_MIGRATION_NONDIRECT))
 		rflags |= O_DIRECT;
 source_open:
@@ -691,7 +691,7 @@ source_open:
 	do {
 		int open_flags = O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW |
 			/* Allow migrating without the key on encrypted files */
-			O_FILE_ENC;
+			O_CIPHERTEXT;
 		mode_t open_mode = S_IRUSR | S_IWUSR;
 
 		if (rflags & O_DIRECT)
@@ -2326,7 +2326,7 @@ static int mirror_split(const char *fname, __u32 id, const char *pool,
 		 * and in this case of a 'split -d', open file with O_DIRECT
 		 * (no IOs will be done).
 		 */
-		fd = open(fname, O_RDWR | O_DIRECT | O_FILE_ENC);
+		fd = open(fname, O_RDWR | O_DIRECT | O_CIPHERTEXT);
 	else
 		fd = open(fname, O_RDWR);
 
@@ -2417,7 +2417,7 @@ again:
 					     /* O_DIRECT for mirror split -d */
 					     O_DIRECT |
 					     /* Allow split without the key */
-					     O_FILE_ENC;
+					     O_CIPHERTEXT;
 					fdv = open(file_path, open_flags,
 						   S_IRUSR | S_IWUSR);
 					if (fdv < 0)
@@ -11208,7 +11208,7 @@ int lfs_mirror_resync_file(const char *fname, struct ll_ioc_lease *ioc,
 	}
 
 	/* Allow mirror resync even without the key on encrypted files */
-	fd = open(fname, O_DIRECT | O_RDWR | O_FILE_ENC);
+	fd = open(fname, O_DIRECT | O_RDWR | O_CIPHERTEXT);
 	if (fd < 0) {
 		fprintf(stderr, "%s: cannot open '%s': %s.\n",
 			progname, fname, strerror(errno));
@@ -12507,7 +12507,7 @@ int lfs_mirror_verify_file(const char *fname, __u16 *mirror_ids, int ids_nr,
 	}
 
 	/* Allow mirror verify even without the key on encrypted files */
-	fd = open(fname, O_DIRECT | O_RDONLY | O_FILE_ENC);
+	fd = open(fname, O_DIRECT | O_RDONLY | O_CIPHERTEXT);
 	if (fd < 0) {
 		fprintf(stderr, "%s: cannot open '%s': %s.\n",
 			progname, fname, strerror(errno));
diff --git a/lustre/utils/liblustreapi_layout.c b/lustre/utils/liblustreapi_layout.c
index 8b91e87..47b354e 100644
--- a/lustre/utils/liblustreapi_layout.c
+++ b/lustre/utils/liblustreapi_layout.c
@@ -1079,14 +1079,14 @@ struct llapi_layout *llapi_layout_get_by_path(const char *path,
 
 	/* Always get layout in O_DIRECT */
 	/* Allow fetching layout even without the key on encrypted files */
-	open_flags = O_RDONLY | O_DIRECT | O_FILE_ENC;
+	open_flags = O_RDONLY | O_DIRECT | O_CIPHERTEXT;
 do_open:
 	fd = open(path, open_flags);
 	if (fd < 0) {
 		if (errno != EINVAL || failed)
 			return layout;
 		/* EINVAL is because a directory cannot be opened in O_DIRECT */
-		open_flags = O_RDONLY | O_FILE_ENC;
+		open_flags = O_RDONLY | O_CIPHERTEXT;
 		failed = true;
 		goto do_open;
 	}
-- 
1.8.3.1