On 9/1/21 1:54 AM, Eric Biggers wrote:
On Tue, Aug 31, 2021 at 09:50:32AM -0400, Jeff Layton wrote:+ /* It should never be re-set once set */ + WARN_ON_ONCE(ci->fscrypt_auth); +Maybe this should return -EEXIST if already set ?I don't know. In general, once the context is set on an inode, we shouldn't ever reset it. That said, I think we might need to allow admins to override an existing context if it's corrupted. So, that's the rationale for the WARN_ON_ONCE. The admins should never do this under normal circumstances but they do have the ability to change it if needed (and we'll see a warning in the logs in that case).I may miss some code in the fs/crypto/ layer. I readed that once the directory/file has set the policy context, it will just return 0 if the new one matches the existence, if not match it will return -EEXIST, or will try to call ceph layer to set it. So once this is set, my understanding is that it shouldn't be here ?Where did you read that? If we have documented semantics we need to follow here, then we should change it to comply with them.That is how FS_IOC_SET_ENCRYPTION_POLICY behaves, but the check for an existing policy already happens in fscrypt_ioctl_set_policy(), so ->set_context doesn't need to worry about it.
Yeah, the FS_IOC_SET_ENCRYPTION_POLICY section in "Documentation/filesystems/fscrypt.rst".
- Eric
|