One more thing:
On Thu, May 14, 2020 at 12:37:25AM +0000, Satya Tangirala wrote:
> +/* Enable inline encryption for this file if supported. */
> +void fscrypt_select_encryption_impl(struct fscrypt_info *ci)
> +{
> + const struct inode *inode = ci->ci_inode;
> + struct super_block *sb = inode->i_sb;
> + struct blk_crypto_config crypto_cfg;
> + int num_devs;
> + struct request_queue **devs;
> + int i;
> +
> + /* The file must need contents encryption, not filenames encryption */
> + if (!fscrypt_needs_contents_encryption(inode))
> + return;
> +
> + /* The crypto mode must be valid */
> + if (ci->ci_mode->blk_crypto_mode == BLK_ENCRYPTION_MODE_INVALID)
> + return;
> +
> + /* The filesystem must be mounted with -o inlinecrypt */
> + if (!(sb->s_flags & SB_INLINECRYPT))
> + return;
> +
> + /*
> + * blk-crypto must support the crypto configuration we'll use for the
> + * inode on all devices in the sb
> + */
> + crypto_cfg.crypto_mode = ci->ci_mode->blk_crypto_mode;
> + crypto_cfg.data_unit_size = sb->s_blocksize;
> + crypto_cfg.dun_bytes = fscrypt_get_dun_bytes(ci);
> + num_devs = fscrypt_get_num_devices(sb);
> + devs = kmalloc_array(num_devs, sizeof(*devs), GFP_NOFS);
> + if (!devs)
> + return;
This function needs to return an error code, so that if this memory allocation
fails, the error is not ignored.
- Eric
