On Thu, Oct 24, 2019 at 02:54:36PM -0700, Eric Biggers wrote:
> @@ -83,6 +118,10 @@ bool fscrypt_supported_policy(const union fscrypt_policy *policy_u,
> return false;
> }
>
> + if ((policy->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64) &&
> + !supported_iv_ino_lblk_64_policy(policy, inode))
> + return false;
> +
> if (memchr_inv(policy->__reserved, 0,
> sizeof(policy->__reserved))) {
> fscrypt_warn(inode,
fscrypt_supported_policy is getting more and more complicated, and
supported_iv_ino_lblk_64_policy calls a fs-supplied callback function,
etc. And we need to use this every single time we need to set up an
inode. Granted that compared to the crypto, even if it is ICE, it's
probably small beer --- but perhaps we should think about caching some
of what fscrypt_supported_policy does on a per-file system basis at
some point?
- Ted
