From 1a593e1c3babf50a1c15161e348f617aabfceced Mon Sep 17 00:00:00 2001
From: Jeff Layton <jlayton@redhat.com>
Date: Thu, 29 Apr 2021 13:33:53 -0400
Subject: [PATCH] mds: convert fscrypt flag to two opaque fields

A flag isn't sufficient as we can't reasonably use an xattr to store the
context. Switch the fscrypt fields to two vectors of opaque bytes, one
governed by AUTH caps and the other by FILE.

Also remove the special handling for encryption.ctx xattr, since we
won't be using that going forward anyway.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
---
 src/client/Client.cc        |  3 ++-
 src/client/Inode.h          |  3 ++-
 src/mds/CInode.cc           |  2 +-
 src/mds/Server.cc           |  5 -----
 src/mds/mdstypes.h          | 10 +++++-----
 src/messages/MClientReply.h |  7 +++++--
 6 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/src/client/Client.cc b/src/client/Client.cc
index 7e461411f36..1ebe73cb3bc 100644
--- a/src/client/Client.cc
+++ b/src/client/Client.cc
@@ -954,6 +954,7 @@ Inode * Client::add_update_inode(InodeStat *st, utime_t from,
     in->btime = st->btime;
     in->snap_btime = st->snap_btime;
     in->snap_metadata = st->snap_metadata;
+    in->fscrypt_auth = st->fscrypt_auth;
   }
 
   if ((new_version || (new_issued & CEPH_CAP_LINK_SHARED)) &&
@@ -969,6 +970,7 @@ Inode * Client::add_update_inode(InodeStat *st, utime_t from,
   if (new_version ||
       (new_issued & (CEPH_CAP_ANY_FILE_RD | CEPH_CAP_ANY_FILE_WR))) {
     in->layout = st->layout;
+    in->fscrypt_file = st->fscrypt_file;
     update_inode_file_size(in, issued, st->size, st->truncate_seq, st->truncate_size);
   }
 
@@ -1050,7 +1052,6 @@ Inode * Client::add_update_inode(InodeStat *st, utime_t from,
     in->snap_caps |= st->cap.caps;
   }
 
-  in->fscrypt = st->fscrypt;
   return in;
 }
 
diff --git a/src/client/Inode.h b/src/client/Inode.h
index eddfb6da9a6..72b8c0a2fb9 100644
--- a/src/client/Inode.h
+++ b/src/client/Inode.h
@@ -163,7 +163,8 @@ struct Inode : RefCountedObject {
   version_t  inline_version = 0;
   bufferlist inline_data;
 
-  bool fscrypt = false; // fscrypt enabled ?
+  std::vector<uint8_t> fscrypt_auth;
+  std::vector<uint8_t> fscrypt_file;
 
   bool is_root()    const { return ino == CEPH_INO_ROOT; }
   bool is_symlink() const { return (mode & S_IFMT) == S_IFLNK; }
diff --git a/src/mds/CInode.cc b/src/mds/CInode.cc
index 370fdfbd47f..23e98e7fb15 100644
--- a/src/mds/CInode.cc
+++ b/src/mds/CInode.cc
@@ -4055,7 +4055,7 @@ int CInode::encode_inodestat(bufferlist& bl, Session *session,
     encode(snap_btime, bl);
     encode(file_i->rstat.rsnaps, bl);
     encode(snap_metadata, bl);
-    encode(file_i->fscrypt, bl);
+    encode(!file_i->fscrypt_auth.empty(), bl);
     ENCODE_FINISH(bl);
   }
   else {
diff --git a/src/mds/Server.cc b/src/mds/Server.cc
index dbeb882c74c..62d0a473a30 100644
--- a/src/mds/Server.cc
+++ b/src/mds/Server.cc
@@ -3374,9 +3374,6 @@ CInode* Server::prepare_new_inode(MDRequestRef& mdr, CDir *dir, inodeno_t useino
     auto _xattrs = CInode::allocate_xattr_map();
     decode_noshare(*_xattrs, p);
     dout(10) << "prepare_new_inode setting xattrs " << *_xattrs << dendl;
-    if (_xattrs->count("encryption.ctx")) {
-      _inode->fscrypt = true;
-    }
     in->reset_xattrs(std::move(_xattrs));
   }
 
@@ -6200,8 +6197,6 @@ void Server::handle_client_setxattr(MDRequestRef& mdr)
   pi.inode->ctime = mdr->get_op_stamp();
   if (mdr->get_op_stamp() > pi.inode->rstat.rctime)
     pi.inode->rstat.rctime = mdr->get_op_stamp();
-  if (name == "encryption.ctx"sv)
-    pi.inode->fscrypt = true;
   pi.inode->change_attr++;
   pi.inode->xattr_version++;
 
diff --git a/src/mds/mdstypes.h b/src/mds/mdstypes.h
index bfb27910846..bc49fe3f921 100644
--- a/src/mds/mdstypes.h
+++ b/src/mds/mdstypes.h
@@ -624,7 +624,8 @@ struct inode_t {
 
   std::basic_string<char,std::char_traits<char>,Allocator<char>> stray_prior_path; //stores path before unlink
 
-  bool fscrypt = false; // fscrypt enabled ?
+  std::vector<uint8_t> fscrypt_auth;
+  std::vector<uint8_t> fscrypt_file;
 
 private:
   bool older_is_consistent(const inode_t &other) const;
@@ -689,7 +690,7 @@ void inode_t<Allocator>::encode(ceph::buffer::list &bl, uint64_t features) const
   encode(export_ephemeral_random_pin, bl);
   encode(export_ephemeral_distributed_pin, bl);
 
-  encode(fscrypt, bl);
+  encode(!fscrypt_auth.empty(), bl);
 
   ENCODE_FINISH(bl);
 }
@@ -796,9 +797,8 @@ void inode_t<Allocator>::decode(ceph::buffer::list::const_iterator &p)
   }
 
   if (struct_v >= 17) {
-    decode(fscrypt, p);
-  } else {
-    fscrypt = 0;
+    bool fscrypt_flag;
+    decode(fscrypt_flag, p);
   }
 
   DECODE_FINISH(p);
diff --git a/src/messages/MClientReply.h b/src/messages/MClientReply.h
index 5606b8ced95..b5a99a5f9d8 100644
--- a/src/messages/MClientReply.h
+++ b/src/messages/MClientReply.h
@@ -146,7 +146,8 @@ struct InodeStat {
   mds_rank_t dir_pin;
   std::map<std::string,std::string> snap_metadata;
 
-  bool fscrypt = false; // fscrypt enabled ?
+  std::vector<uint8_t> fscrypt_auth;
+  std::vector<uint8_t> fscrypt_file;
 
  public:
   InodeStat() {}
@@ -212,7 +213,9 @@ struct InodeStat {
         decode(snap_metadata, p);
       }
       if (struct_v >= 6) {
-        decode(fscrypt, p);
+        bool fscrypt_flag;
+
+        decode(fscrypt_flag, p);
       }
       DECODE_FINISH(p);
     }
-- 
2.39.5