On Mon, Sep 14, 2020 at 03:16:57PM -0400, Jeff Layton wrote: > Boilerplate ioctls for controlling encryption. > > Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx> > --- > fs/ceph/ioctl.c | 25 +++++++++++++++++++++++++ > 1 file changed, 25 insertions(+) > > diff --git a/fs/ceph/ioctl.c b/fs/ceph/ioctl.c > index 6e061bf62ad4..381e44b2d60a 100644 > --- a/fs/ceph/ioctl.c > +++ b/fs/ceph/ioctl.c > @@ -6,6 +6,7 @@ > #include "mds_client.h" > #include "ioctl.h" > #include <linux/ceph/striper.h> > +#include <linux/fscrypt.h> > > /* > * ioctls > @@ -289,6 +290,30 @@ long ceph_ioctl(struct file *file, unsigned int cmd, unsigned long arg) > > case CEPH_IOC_SYNCIO: > return ceph_ioctl_syncio(file); > + > + case FS_IOC_SET_ENCRYPTION_POLICY: > + return fscrypt_ioctl_set_policy(file, (const void __user *)arg); > + > + case FS_IOC_GET_ENCRYPTION_POLICY: > + return fscrypt_ioctl_get_policy(file, (void __user *)arg); > + > + case FS_IOC_GET_ENCRYPTION_POLICY_EX: > + return fscrypt_ioctl_get_policy_ex(file, (void __user *)arg); > + > + case FS_IOC_ADD_ENCRYPTION_KEY: > + return fscrypt_ioctl_add_key(file, (void __user *)arg); > + > + case FS_IOC_REMOVE_ENCRYPTION_KEY: > + return fscrypt_ioctl_remove_key(file, (void __user *)arg); > + > + case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS: > + return fscrypt_ioctl_remove_key_all_users(file, (void __user *)arg); > + > + case FS_IOC_GET_ENCRYPTION_KEY_STATUS: > + return fscrypt_ioctl_get_key_status(file, (void __user *)arg); > + > + case FS_IOC_GET_ENCRYPTION_NONCE: > + return fscrypt_ioctl_get_nonce(file, (void __user *)arg); Will you be implementing an encryption feature flag for ceph, similar to what ext4 and f2fs have? E.g., ext4 doesn't allow these ioctls unless the filesystem was formatted with '-O encrypt' (or 'tune2fs -O encrypt' was run later). There would be various problems if we didn't do that; for example, old versions of e2fsck would consider encrypted directories to be corrupted. - Eric
