mds: convert fscrypt flag to two opaque fields

A flag isn't sufficient as we can't reasonably use an xattr to store the
context. Switch the fscrypt fields to two vectors of opaque bytes, one
governed by AUTH caps and the other by FILE.

Also remove the special handling for encryption.ctx xattr, since we
won't be using that going forward anyway.

Signed-off-by: Jeff Layton <jlayton@redhat.com>

diff --git a/src/client/Client.cc b/src/client/Client.cc
index 7e461411f36e940534900639103a37fc70cf3ef5..1ebe73cb3bcee678efc105c5a2b06496ecf313a4 100644 (file)
--- a/src/client/Client.cc
+++ b/src/client/Client.cc
@@ -954,6 +954,7 @@ Inode * Client::add_update_inode(InodeStat *st, utime_t from,
     in->btime = st->btime;
     in->snap_btime = st->snap_btime;
     in->snap_metadata = st->snap_metadata;
+    in->fscrypt_auth = st->fscrypt_auth;
   }
 
   if ((new_version || (new_issued & CEPH_CAP_LINK_SHARED)) &&
@@ -969,6 +970,7 @@ Inode * Client::add_update_inode(InodeStat *st, utime_t from,
   if (new_version ||
       (new_issued & (CEPH_CAP_ANY_FILE_RD | CEPH_CAP_ANY_FILE_WR))) {
     in->layout = st->layout;
+    in->fscrypt_file = st->fscrypt_file;
     update_inode_file_size(in, issued, st->size, st->truncate_seq, st->truncate_size);
   }
 
@@ -1050,7 +1052,6 @@ Inode * Client::add_update_inode(InodeStat *st, utime_t from,
     in->snap_caps |= st->cap.caps;
   }
 
-  in->fscrypt = st->fscrypt;
   return in;
 }
 

diff --git a/src/client/Inode.h b/src/client/Inode.h
index eddfb6da9a69a4875b16aea15b7b819c6b59e0b3..72b8c0a2fb908dbe072cbe9fe9f736a0a2de310d 100644 (file)
--- a/src/client/Inode.h
+++ b/src/client/Inode.h
@@ -163,7 +163,8 @@ struct Inode : RefCountedObject {
   version_t  inline_version = 0;
   bufferlist inline_data;
 
-  bool fscrypt = false; // fscrypt enabled ?
+  std::vector<uint8_t> fscrypt_auth;
+  std::vector<uint8_t> fscrypt_file;
 
   bool is_root()    const { return ino == CEPH_INO_ROOT; }
   bool is_symlink() const { return (mode & S_IFMT) == S_IFLNK; }

diff --git a/src/mds/CInode.cc b/src/mds/CInode.cc
index 370fdfbd47f632563d95f74c2eab214accd72b98..23e98e7fb15cac1e4ea71ffa735b89b4cf03ee63 100644 (file)
--- a/src/mds/CInode.cc
+++ b/src/mds/CInode.cc
@@ -4055,7 +4055,7 @@ int CInode::encode_inodestat(bufferlist& bl, Session *session,
     encode(snap_btime, bl);
     encode(file_i->rstat.rsnaps, bl);
     encode(snap_metadata, bl);
-    encode(file_i->fscrypt, bl);
+    encode(!file_i->fscrypt_auth.empty(), bl);
     ENCODE_FINISH(bl);
   }
   else {

diff --git a/src/mds/Server.cc b/src/mds/Server.cc
index dbeb882c74c44f12147ef72a071ecf93478fe729..62d0a473a300a1375cc0a4956d20f741e9522625 100644 (file)
--- a/src/mds/Server.cc
+++ b/src/mds/Server.cc
@@ -3374,9 +3374,6 @@ CInode* Server::prepare_new_inode(MDRequestRef& mdr, CDir *dir, inodeno_t useino
     auto _xattrs = CInode::allocate_xattr_map();
     decode_noshare(*_xattrs, p);
     dout(10) << "prepare_new_inode setting xattrs " << *_xattrs << dendl;
-    if (_xattrs->count("encryption.ctx")) {
-      _inode->fscrypt = true;
-    }
     in->reset_xattrs(std::move(_xattrs));
   }
 
@@ -6200,8 +6197,6 @@ void Server::handle_client_setxattr(MDRequestRef& mdr)
   pi.inode->ctime = mdr->get_op_stamp();
   if (mdr->get_op_stamp() > pi.inode->rstat.rctime)
     pi.inode->rstat.rctime = mdr->get_op_stamp();
-  if (name == "encryption.ctx"sv)
-    pi.inode->fscrypt = true;
   pi.inode->change_attr++;
   pi.inode->xattr_version++;
 

diff --git a/src/mds/mdstypes.h b/src/mds/mdstypes.h
index bfb27910846b2ed6c7d87d4e4f833dc206b6af9f..bc49fe3f9212386563cc171e05f4fbaf22a5bff3 100644 (file)
--- a/src/mds/mdstypes.h
+++ b/src/mds/mdstypes.h
@@ -624,7 +624,8 @@ struct inode_t {
 
   std::basic_string<char,std::char_traits<char>,Allocator<char>> stray_prior_path; //stores path before unlink
 
-  bool fscrypt = false; // fscrypt enabled ?
+  std::vector<uint8_t> fscrypt_auth;
+  std::vector<uint8_t> fscrypt_file;
 
 private:
   bool older_is_consistent(const inode_t &other) const;
@@ -689,7 +690,7 @@ void inode_t<Allocator>::encode(ceph::buffer::list &bl, uint64_t features) const
   encode(export_ephemeral_random_pin, bl);
   encode(export_ephemeral_distributed_pin, bl);
 
-  encode(fscrypt, bl);
+  encode(!fscrypt_auth.empty(), bl);
 
   ENCODE_FINISH(bl);
 }
@@ -796,9 +797,8 @@ void inode_t<Allocator>::decode(ceph::buffer::list::const_iterator &p)
   }
 
   if (struct_v >= 17) {
-    decode(fscrypt, p);
-  } else {
-    fscrypt = 0;
+    bool fscrypt_flag;
+    decode(fscrypt_flag, p);
   }
 
   DECODE_FINISH(p);

diff --git a/src/messages/MClientReply.h b/src/messages/MClientReply.h
index 5606b8ced9595c7013ebfcd67837af458a6abb20..b5a99a5f9d8922a8c842215e5ad4f6ea79e32b96 100644 (file)
--- a/src/messages/MClientReply.h
+++ b/src/messages/MClientReply.h
@@ -146,7 +146,8 @@ struct InodeStat {
   mds_rank_t dir_pin;
   std::map<std::string,std::string> snap_metadata;
 
-  bool fscrypt = false; // fscrypt enabled ?
+  std::vector<uint8_t> fscrypt_auth;
+  std::vector<uint8_t> fscrypt_file;
 
  public:
   InodeStat() {}
@@ -212,7 +213,9 @@ struct InodeStat {
         decode(snap_metadata, p);
       }
       if (struct_v >= 6) {
-        decode(fscrypt, p);
+        bool fscrypt_flag;
+
+        decode(fscrypt_flag, p);
       }
       DECODE_FINISH(p);
     }