On Fri, Sep 04, 2020 at 12:05:34PM -0400, Jeff Layton wrote:
> If we have an encrypted dentry, then we need to test whether a new key
> might have been established or removed. Do that before we test anything
> else about the dentry.
A more accurate explanation would be:
"If we have a dentry which represents a no-key name, then we need to test
whether the parent directory's encryption key has since been added."
>
> Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
> ---
> fs/ceph/dir.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
> index b3f2741becdb..cc85933413b9 100644
> --- a/fs/ceph/dir.c
> +++ b/fs/ceph/dir.c
> @@ -1695,6 +1695,12 @@ static int ceph_d_revalidate(struct dentry *dentry, unsigned int flags)
> dout("d_revalidate %p '%pd' inode %p offset 0x%llx\n", dentry,
> dentry, inode, ceph_dentry(dentry)->offset);
>
> + if (IS_ENCRYPTED(dir)) {
> + valid = fscrypt_d_revalidate(dentry, flags);
> + if (valid <= 0)
> + return valid;
> + }
There's no need to check IS_ENCRYPTED(dir) here.
- Eric
