@@ -670,6 +670,26 @@ int fscrypt_set_context(struct inode *inode, void *fs_data)
}
EXPORT_SYMBOL_GPL(fscrypt_set_context);
+/**
+ * fscrypt_context_from_inode() - fetch the encryption context out of in-core inode
+ * @ctx: where context should be written
+ * @inode: inode from which to fetch context
+ *
+ * Given an in-core prepared, but not-necessarily fully-instantiated inode,
+ * generate an encryption context from its policy and write it to ctx.
+ *
+ * Returns size of the context.
+ */
+int fscrypt_new_context_from_inode(union fscrypt_context *ctx, struct inode *inode)
+{
+ struct fscrypt_info *ci = inode->i_crypt_info;
+
+ BUILD_BUG_ON(sizeof(*ctx) != FSCRYPT_SET_CONTEXT_MAX_SIZE);
+
+ return fscrypt_new_context_from_policy(ctx, &ci->ci_policy, ci->ci_nonce);
+}
+EXPORT_SYMBOL_GPL(fscrypt_new_context_from_inode);
+
/**
* fscrypt_set_test_dummy_encryption() - handle '-o test_dummy_encryption'
* @sb: the filesystem on which test_dummy_encryption is being specified
@@ -157,6 +157,7 @@ int fscrypt_ioctl_get_policy_ex(struct file *filp, void __user *arg);
int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg);
int fscrypt_has_permitted_context(struct inode *parent, struct inode *child);
int fscrypt_set_context(struct inode *inode, void *fs_data);
+int fscrypt_new_context_from_inode(union fscrypt_context *ctx, struct inode *inode);
struct fscrypt_dummy_context {
const union fscrypt_context *ctx;
CephFS will need to be able to generate a context for a new "prepared" inode. Add a new routine for getting the context out of an in-core inode. Signed-off-by: Jeff Layton <jlayton@kernel.org> --- fs/crypto/policy.c | 20 ++++++++++++++++++++ include/linux/fscrypt.h | 1 + 2 files changed, 21 insertions(+)