On Fri, 2021-12-10 at 11:33 -0800, Eric Biggers wrote: > On Thu, Dec 09, 2021 at 10:36:11AM -0500, Jeff Layton wrote: > > I've not posted this in a while, so I figured it was a good time to do > > so. This patchset is a pile of the mostly settled parts of the fscrypt > > integration series. With this, pretty much everything but the actual > > content encryption in files now works. > > There have been a lot of versions of this sent out without contents encryption > support, which is the most important part. Is there a path forward for that? > Yeah, it has taken a lot longer than expected. I'm really hoping to wrap this up in time for a merge in v5.18. The big problem that we just solved recently was truncate, which in cephfs is handled by the MDS. We ended up extending the MDS protocol with a truncate-and-write-last-block op, that gets gated on the object version acquired from the read. That allows us to do a read-modify-write cycle in a race free way. I have patches that convert the non-pagecache I/O codepaths in ceph to handle content encryption. They mostly work, but there are some bugs I'm still hunting, so I'm not ready to post them just yet. Adding support for buffered I/O should be fairly straightforward in comparison, but we'll probably want to plumb support into the netfs layer which may be a bit more work, as that should allow us to store encrypted data in the fscache as well. -- Jeff Layton <jlayton@xxxxxxxxxx>
