On Fri, Nov 25, 2022 at 08:16:30PM +0800, Tianjia Zhang wrote: > diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c > index 46757c3052ef..8e69bc0c35cd 100644 > --- a/fs/crypto/policy.c > +++ b/fs/crypto/policy.c > @@ -71,6 +71,10 @@ static bool fscrypt_valid_enc_modes_v1(u32 contents_mode, u32 filenames_mode) > filenames_mode == FSCRYPT_MODE_AES_128_CTS) > return true; > > + if (contents_mode == FSCRYPT_MODE_SM4_XTS && > + filenames_mode == FSCRYPT_MODE_SM4_CTS) > + return true; > + > if (contents_mode == FSCRYPT_MODE_ADIANTUM && > filenames_mode == FSCRYPT_MODE_ADIANTUM) > return true; Sorry, one more thing I didn't notice before. Since this is a new feature, please only allow it in fscrypt_valid_enc_modes_v2(), not in fscrypt_valid_enc_modes_v1(). That's what we did for AES-256-XTS + AES-256-HCTR2 recently. There should be no need to add new features to v1 encryption policies, which have been deprecated for several years. - Eric
