On Tue, Sep 08, 2020 at 08:29:52AM -0400, Jeff Layton wrote:
> > > + *
> > > + * Returns size of the context.
> > > + */
> > > +int fscrypt_new_context_from_inode(union fscrypt_context *ctx, struct inode *inode)
> > > +{
> > > + struct fscrypt_info *ci = inode->i_crypt_info;
> > > +
> > > + BUILD_BUG_ON(sizeof(*ctx) != FSCRYPT_SET_CONTEXT_MAX_SIZE);
> > > +
> > > + return fscrypt_new_context_from_policy(ctx, &ci->ci_policy, ci->ci_nonce);
> > > +}
> > > +EXPORT_SYMBOL_GPL(fscrypt_new_context_from_inode);
> >
> > fscrypt_set_context() should be changed to call this, instead of duplicating the
> > same logic. As part of that, the WARN_ON_ONCE(!ci) that's currently in
> > fscrypt_set_context() should go in here instead.
> >
>
> Note that we can't just move that WARN_ON_ONCE. If we do that, then
> fscrypt_set_context will dereference ci before that check can occur, so
> we'd be trading a warning and -ENOKEY for a NULL pointer dereference. I
> think we'll have to duplicate that in both functions.
You could just make fscrypt_set_context() call fscrypt_new_context_from_inode()
first, before the fscrypt_hash_inode_number() stuff.
- Eric
