On Sun, 2021-07-11 at 18:00 -0500, Eric Biggers wrote: > On Fri, Jun 25, 2021 at 09:58:17AM -0400, Jeff Layton wrote: > > Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx> > > --- > > fs/ceph/caps.c | 62 +++++++++++++++++++++++++++++++++++++++----------- > > 1 file changed, 49 insertions(+), 13 deletions(-) > > > > diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c > > index 038f59cc4250..1be6c5148700 100644 > > --- a/fs/ceph/caps.c > > +++ b/fs/ceph/caps.c > > @@ -13,6 +13,7 @@ > > #include "super.h" > > #include "mds_client.h" > > #include "cache.h" > > +#include "crypto.h" > > #include <linux/ceph/decode.h> > > #include <linux/ceph/messenger.h> > > > > @@ -1229,15 +1230,12 @@ struct cap_msg_args { > > umode_t mode; > > bool inline_data; > > bool wake; > > + u32 fscrypt_auth_len; > > + u32 fscrypt_file_len; > > + u8 fscrypt_auth[sizeof(struct ceph_fscrypt_auth)]; // for context > > + u8 fscrypt_file[sizeof(u64)]; // for size > > }; > > The naming of these is confusing to me. If these are the fscrypt context and > the original file size, why aren't they called something like fscrypt_context > and fscrypt_file_size? > > Also does the file size really need to be variable-length, or could it just be a > 64-bit integer? > Fscrypt is really a kernel client-side feature. Both of these new fields are treated as opaque by the MDS and are wholly managed by the client. We need two fields because they are governed by different cephfs capabilities (aka "caps"). AUTH caps for the context and FILE caps for the size. So we have two new fields -- fscrypt_file and fscrypt_auth. The size could be a __le64 or something, but I think it makes sense to allow it to be opaque as we aren't certain what other info we might want to keep in there. We might also want to encrypt the fscrypt_file field to cloak the true size of a file from anyone without the key. Now, all that said, the fact that the MDS largely handles truncation poses some special challenges for the content encryption piece. We may ultimately end up making this more special-purpose than it is now. -- Jeff Layton <jlayton@xxxxxxxxxx>