One more thing: On Thu, May 14, 2020 at 12:37:25AM +0000, Satya Tangirala wrote: > +/* Enable inline encryption for this file if supported. */ > +void fscrypt_select_encryption_impl(struct fscrypt_info *ci) > +{ > + const struct inode *inode = ci->ci_inode; > + struct super_block *sb = inode->i_sb; > + struct blk_crypto_config crypto_cfg; > + int num_devs; > + struct request_queue **devs; > + int i; > + > + /* The file must need contents encryption, not filenames encryption */ > + if (!fscrypt_needs_contents_encryption(inode)) > + return; > + > + /* The crypto mode must be valid */ > + if (ci->ci_mode->blk_crypto_mode == BLK_ENCRYPTION_MODE_INVALID) > + return; > + > + /* The filesystem must be mounted with -o inlinecrypt */ > + if (!(sb->s_flags & SB_INLINECRYPT)) > + return; > + > + /* > + * blk-crypto must support the crypto configuration we'll use for the > + * inode on all devices in the sb > + */ > + crypto_cfg.crypto_mode = ci->ci_mode->blk_crypto_mode; > + crypto_cfg.data_unit_size = sb->s_blocksize; > + crypto_cfg.dun_bytes = fscrypt_get_dun_bytes(ci); > + num_devs = fscrypt_get_num_devices(sb); > + devs = kmalloc_array(num_devs, sizeof(*devs), GFP_NOFS); > + if (!devs) > + return; This function needs to return an error code, so that if this memory allocation fails, the error is not ignored. - Eric