From nobody Sat Feb 7 15:12:28 2026 Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 67F7B428498 for ; Wed, 4 Feb 2026 15:09:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.43 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770217746; cv=none; b=pyQM8obWpBXPgwmCJlGM6dcBvVn13fxPUoRgc0ti/9mkvfyTv5ahyAGBVF0V7LWMhy8wmL2ynzVwkPBNsITKmW3AlGv31IowczCZGel8sPqtft2rZMSOYGTR+LCPD1GezTbK5zCFBbkfP9o3+CfXjMsa1X8eo8JVA2lcGSwkNpM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770217746; c=relaxed/simple; bh=s+h8tPFEoHBFyC4SszIfcNz/5tQ5uQJuxvMFYcXuaM8=; h=Message-ID:Date:MIME-Version:To:From:Subject:Content-Type; b=mdRbUYWOWCAoUE5xFCJASIHBdwpoFypDnbvx6o2IXSTLUnh0wtRZD9KoQBqJmIaHQzVbqBgtYm2QEn8FzevLiQ6CG9toZfrD4HMieixhgZPayrBek7HiT2nd428L0SUhsUCzPVkJN3FO7aQ4svaRAfw08oiS5kcwJfvIkexWlDs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Qj3PZO/p; arc=none smtp.client-ip=209.85.128.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Qj3PZO/p" Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-47fedb7c68dso8677485e9.2 for ; Wed, 04 Feb 2026 07:09:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770217745; x=1770822545; darn=vger.kernel.org; h=content-transfer-encoding:subject:from:to:content-language :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=MZ9HeuGtWnUm+VotOezBkdkMbFGZUlFL8p7rfJPrtMg=; b=Qj3PZO/pnfM50AEt5GMWK7StT5RjNUtkWVl11H4oerhL3jyP+fZpD8TP62yZSoapCM 8Yl0hTD40V9N3/jML56A7jNjwD4ktswoZVHohefzuD/SmWAgOXUsSXFwb0Vr+KEhN7Lg /9QINvG4EUnYWrDcLmmMhfkhdsP1aZVHodO7vSs61OQyC/ZE5Euq1VoWoFy+Lb3RW2Co hZquDE3cXWBCSmSGdAtIib+LoYICX8poPnlgytxdxvW2IZehsGx0Jr1kNGRnR/95AzzV /XzyFaFA7Fya9TcK8TFt36IQMkP+WysS7hFriG4OP8KuJQWsgoCRca/3V3LLh4GwVg5w 4nSQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770217745; x=1770822545; h=content-transfer-encoding:subject:from:to:content-language :user-agent:mime-version:date:message-id:x-gm-gg:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=MZ9HeuGtWnUm+VotOezBkdkMbFGZUlFL8p7rfJPrtMg=; b=gxtWR9B5qXWVYK5hdWV/WVftzPRcKm15eXtkA6yPfLxprm2QSQX8BWsJmbr4Jv1MjU nED3KG1hBLK4WnQAY5cVju74wU2zE5vGhZH9eupN4Q/65sMBOogrOsyLFqcqsoEgOEl7 pbmsNBS9hhVDkPVG4FR2e2aYN+kiwpaZ7T26Jon1NxJQFm2JLx+Wnoi9ffffZx7oDKUV npD7grs4D2KRRrs/qVjr5BoBt6qgDR/wpeaF6M7hd8+VSxd2eoh6fWRM+RS0vnW8unwc lR5KbKcnLTBw9s/T7c6WqIZM1QK/VZN+i3xttBWPesJyAFDnQnc3jc5TizzNPY4nlmf9 SMzA== X-Forwarded-Encrypted: i=1; AJvYcCV4lGUMvMV8wTpswmcBzzC1DpOsBovGM+5Jz/UNqezdF5zvBpdxF9V++6FWzrF5UGL8ralF6walyCQ4RpA=@vger.kernel.org X-Gm-Message-State: AOJu0YxaETYbURQQOpna4pb7j0660HyddKVRNhlwxsih6nSPt3vfDcCj WsUXIeXyXKAyQZ5jUFs1z7z18vY5J+0ZAAX2/tu2DTxklghqw8PTlUep X-Gm-Gg: AZuq6aKCMO//JURUp/8MXAsAj6Y1Weg9F8W5N7fslKvWw6fxf5vpcp7OaWai892ODF1 j5zUFwJ8JMnxF9QltynhRGmnkkn5W3i/bili4s1jaeOx+Bi8HMrc9S78KVIsa/ZaUcKguSkeLoJ lN5JbDNKcX37a892bhD4SzeJRNAxqqoP7jR7qTeHL22BrvPq2XNoTHGPoAN7VH7ab6JmsAuZhmZ I2zuMIGXmEPtl0jVjXc6QGoq2tvCPlUhn4blB26NpIvqe0MfoadraWFTnYlOdoS7zcSyPkSOWQG 6eHLVU37JGHGntjuLtM0luxpxeUe7RGFkvBEkPwctFAw/az+3Sd85Pk3VLUGFpbHJ2jLAt7MB4G q2SWT9mSiKSUx+UsvnRZkQoxxmcP+sBwuK27YIH6MjAMyF3L467aI069eKlGQFEebxbxqF+KUjS 7uRAnyTCMAW8SX+OZkApyFSwo= X-Received: by 2002:a05:600c:608e:b0:480:3ad0:93bf with SMTP id 5b1f17b1804b1-4830e96d1e3mr50311575e9.24.1770217744455; Wed, 04 Feb 2026 07:09:04 -0800 (PST) Received: from [192.168.63.97] ([193.247.225.163]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4830ec10011sm34600875e9.0.2026.02.04.07.09.03 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 04 Feb 2026 07:09:03 -0800 (PST) Message-ID: <8feeeec8-7330-47ae-9b54-9e789ebdfae5@gmail.com> Date: Wed, 4 Feb 2026 16:09:02 +0100 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org, Theodore Ts'o , Andreas Dilger , anthonydev@fastmail.com From: Simon Weber Subject: [PATCH v1] ext4: fix journal credit check when setting fscrypt context xattr Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: Simon Weber When creating a new inode, the required number of jbd2 journalling credits is conservatively estimated by summing up the credits required for various actions. This includes setting the xattrs for example for ACLs and the fscrypt context. Since the inode is new and has no xattrs, the estimation of credits needed for creating these xattrs is performed by passing is_create=3Dtrue into the function __ext4_xattr_set_credits, which yields a lower number of credits than when is_create is false. However, following the control flow until the fscrypt context xattr is actually set, the XATTR_CREATE flag is not passed by ext4_set_context to ext4_xattr_set_handle. This causes the latter function to compare the remaining credits against the value of __ext4_xattr_set_credits(..., is_create=3Dfalse), which may be too much. This flawed design does not usually cause any issues unless the filesystem features has_journal, ea_inode, and encrypt are all present at the same time. In this case, creating a file in any fscrypt-encrypted directory will always return ENOSPC. This patch fixes this issue by passing the XATTR_CREATE flag in the ext4_set_context function. This is safe since ext4_set_context is only called when creating a new inode (in which case the context xattr is not present yet) or when setting the encryption policy on an existing file using the FS_IOC_SET_ENCRYPTION_POLICY ioctl, which however first checks that the file does not currently have an encryption policy set. When calling ext4_set_context it is therefore not undesirable behaviour to possibly fail with an EEXIST error due to the XATTR_CREATE flag and the context xattr already being present. Co-developed-by: Anthony Durrer Signed-off-by: Anthony Durrer Signed-off-by: Simon Weber --- =C2=A0fs/ext4/crypto.c | 12 +++++++++++- =C2=A01 file changed, 11 insertions(+), 1 deletion(-) diff --git a/fs/ext4/crypto.c b/fs/ext4/crypto.c index cf0a0970c095..5b665f85f6a7 100644 --- a/fs/ext4/crypto.c +++ b/fs/ext4/crypto.c @@ -163,10 +163,20 @@ static int ext4_set_context(struct inode *inode, cons= t void *ctx, size_t len, =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 */ =C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0 if (handle) { +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 /* +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 * Set the xattr using the= XATTR_CREATE flag, since this function should +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 * only be called on inode= s that do not have an encryption context yet. +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 * Since when estimating t= he number of credits needed for the new inode +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 * we called ext4_xattr_se= t with is_create =3D true, we need to pass this +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 * flag, otherwise the che= ck for remaining credits is too conservative +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 * and may fail. +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 * If for some reason the = inode already has an encryption context, this +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 * fails with EEXIST, whic= h is desirable behaviour. +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 */ =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 res =3D ext4_xattr_set_han= dle(handle, inode, =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 EXT4_= XATTR_INDEX_ENCRYPTION, =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 EXT4_= XATTR_NAME_ENCRYPTION_CONTEXT, -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ctx, len= , 0); +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ctx, len= , XATTR_CREATE); =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 if (!res) { =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ex= t4_set_inode_flag(inode, EXT4_INODE_ENCRYPT); =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ex= t4_clear_inode_state(inode, base-commit: 4f5e8e6f012349a107531b02eed5b5ace6181449 --=20 2.49.0