@@ -73,6 +73,23 @@
static int calc_ksa_lebs(struct ubifs_info *c, int leb_cnt)
+ /* TODO: I do not think this is correct. The data node size varies from
+ * UBIFS_DATA_NODE_SZ to UBIFS_MAX_DATA_NODE_SZ. Indeed, I can fill my
+ * file-system with millions of files with size of 1 byte. But you
+ * assume that data nodes are 4KiB in size, which is wrong. Remember
+ * that we compress the data? Or I misunderstoos something?
+ * Or even worse, if I have a huge file containing only 1's or anything
+ * else which perfectly well compresses, and I fill all space with this
+ * file, then we'll end up with huge amount of tiny data nodes, and
+ * you'll need one key per data node.
+ * So, the most pessimistic thing is to assume the minimum data node
+ * size of UBIFS_DATA_NODE_SZ, right? */
+ /* TODO: note, the leb_cnt * UBIFS_CRYPTO_KEYSIZE part may easily
+ * overflow because it will be done as 32-bit multiplication with a
+ * 32-bit result. So this is not really correct */
return (leb_cnt * UBIFS_CRYPTO_KEYSIZE) >> UBIFS_BLOCK_SHIFT;
@@ -167,11 +167,17 @@
* Constant number of KSA LEBS to add to computed value, ensuring two plus a
* checkpoint LEB.
+ * TODO: please, improve the comment to make it easier to understand why you
+ * need 3 extra LEBs. Also the checkpoint LEB is something new to me.
#define UBIFS_KSA_ADD_LEBS 3
* KSA LEBS is 1.125 * the computed min to allow unused keys when the drive is
* full. This shift is used to compute 0.125 * LEBS.
+ * TODO: looks like blach magic. Could the comment be improved to make this
+ * easy to understand why we need unused keys?
#define UBIFS_KSA_LEBS_SCALE_SHIFT 3