Add support for decryption faults in zinject

This patch adds the ability for zinject to trigger decryption
and authentication faults in the ZIO and ARC layers. This
functionality is exposed via the new "decrypt" error type, which
may be provided for "data" object types.

This patch also refactors some of the core encryption / decryption
functions so that they have consistent prototypes, handle errors
consistently, and do not have unused arguments.

Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Tom Caputi <[email protected]>
Closes #7474 

3 files changed, 57 insertions, 1 deletions

diff --git a/tests/runfiles/linux.run b/tests/runfiles/linux.run
index 62dfcf44e..1d0b2ef91 100644
--- a/tests/runfiles/linux.run
+++ b/tests/runfiles/linux.run
@@ -518,7 +518,7 @@ tags = ['functional', 'exec']
 [tests/functional/fault]
 tests = ['auto_online_001_pos', 'auto_replace_001_pos', 'auto_spare_001_pos',
     'auto_spare_002_pos', 'auto_spare_ashift', 'auto_spare_multiple',
-    'scrub_after_resilver']
+    'scrub_after_resilver', 'decrypt_fault']
 tags = ['functional', 'fault']
 
 [tests/functional/features/async_destroy]
diff --git a/tests/zfs-tests/tests/functional/fault/Makefile.am b/tests/zfs-tests/tests/functional/fault/Makefile.am
index 3c0e31d2a..1153ad8d6 100644
--- a/tests/zfs-tests/tests/functional/fault/Makefile.am
+++ b/tests/zfs-tests/tests/functional/fault/Makefile.am
@@ -8,6 +8,7 @@ dist_pkgdata_SCRIPTS = \
 	auto_spare_002_pos.ksh \
 	auto_spare_ashift.ksh \
 	auto_spare_multiple.ksh \
+	decrypt_fault.ksh \
 	scrub_after_resilver.ksh
 
 dist_pkgdata_DATA = \
diff --git a/tests/zfs-tests/tests/functional/fault/decrypt_fault.ksh b/tests/zfs-tests/tests/functional/fault/decrypt_fault.ksh
new file mode 100755
index 000000000..10008f22e
--- /dev/null
+++ b/tests/zfs-tests/tests/functional/fault/decrypt_fault.ksh
@@ -0,0 +1,55 @@
+#!/bin/ksh -p
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2018 by Lawrence Livermore National Security, LLC.
+# All rights reserved.
+#
+
+. $STF_SUITE/include/libtest.shlib
+. $STF_SUITE/tests/functional/fault/fault.cfg
+
+#
+# DESCRIPTION:
+# Test that injected decryption errors are handled correctly.
+#
+# STRATEGY:
+# 1. Create an encrypted dataset with an test file
+# 2. Inject decryption errors on the file 20% of the time
+# 3. Read the file to confirm that errors are handled correctly
+# 4. Confirm that the decryption injection was added to the ZED logs
+#
+
+log_assert "Testing that injected decryption errors are handled correctly"
+
+function cleanup
+{
+	log_must zinject -c all
+	default_cleanup_noexit
+}
+
+log_onexit cleanup
+
+default_mirror_setup_noexit $DISK1 $DISK2
+log_must eval "echo 'password' | zfs create -o encryption=on \
+	-o keyformat=passphrase -o keylocation=prompt $TESTPOOL/fs"
+mntpt=$(get_prop mountpoint $TESTPOOL/fs)
+log_must mkfile 32M $mntpt/file1
+
+log_must zinject -a -t data -e decrypt -f 20 $mntpt/file1
+log_must zfs umount $TESTPOOL/fs
+log_must zfs mount $TESTPOOL/fs
+
+log_mustnot eval "cat $mntpt/file1 > /dev/null"
+log_must eval "zpool events $TESTPOOL | grep -q 'authentication'"
+
+log_pass "Injected decryption errors are handled correctly"