On Thu, Dec 09, 2021 at 10:36:15AM -0500, Jeff Layton wrote: > Most filesystems just call fscrypt_set_context on new inodes, which > usually causes a setxattr. That's a bit late for ceph, which can send > along a full set of attributes with the create request. > > Doing so allows it to avoid race windows that where the new inode could > be seen by other clients without the crypto context attached. It also > avoids the separate round trip to the server. > > Refactor the fscrypt code a bit to allow us to create a new crypto > context, attach it to the inode, and write it to the buffer, but without > calling set_context on it. ceph can later use this to marshal the > context into the attributes we send along with the create request. > > Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx> > --- > fs/crypto/policy.c | 34 ++++++++++++++++++++++++++++------ > include/linux/fscrypt.h | 1 + > 2 files changed, 29 insertions(+), 6 deletions(-) Acked-by: Eric Biggers <ebiggers@xxxxxxxxxx> > + BUILD_BUG_ON(sizeof(union fscrypt_context) != FSCRYPT_SET_CONTEXT_MAX_SIZE); Please line wrap at 80 characters when possible. - Eric
