On Fri, Mar 26, 2021 at 01:32:11PM -0400, Jeff Layton wrote: > For ceph, we want to use our own scheme for handling filenames that are > are longer than NAME_MAX after encryption and base64 encoding. This > allows us to have a consistent view of the encrypted filenames for > clients that don't support fscrypt and clients that do but that don't > have the key. > > Export fscrypt_fname_encrypt. Rename fscrypt_fname_encrypted_size to > __fscrypt_fname_encrypted_size and add a new wrapper called > fscrypt_fname_encrypted_size that takes an inode argument rahter than > a pointer to a fscrypt_policy union. This explanation seems to be missing a logical connection between the first and second paragraphs. I think it's missing something along the lines of: "Currently, fs/crypto/ only supports filenames encryption using fscrypt_setup_filename(), which also handles decoding no-key names. Ceph can't use that because it needs to handle no-key names in a different way. So, we need to export the functions needed to encrypt filenames separately." (I might have gotten the explanation a bit wrong... Point is, it's the type of thing that seems to be missing here.) - Eric
