From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 23FA03FADF2 for ; Wed, 13 May 2026 08:57:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.131 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778662624; cv=none; b=ph7chPQfhXJqpsKi/4rDXklSWWk0GJnefEPUT/6f3S9zZSQ+TyynW3Qhe80upmCHgJLkVaPNxOgiSFWjBWSY+IwkdhkYGB+pEEru2+aKc42Z/yAiDUmFfSKWqTx+B0h3CXruGJ+2iWphpx7oPAoCQ/5kW0VOXotrjTrhgUIfV54= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778662624; c=relaxed/simple; bh=sj+D8+YdmYwbe3A3rsYn4/PyDAXXPM9Q719WZGnilC4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=YNweP045kR+TgkBjWzVaqoJqI7TUVUiYsr2oO4aEbaRTDWmeMJus87WudScOTX5acz3sdUOg4dInfeLMJdFa3McbHay85NdN//5JvtufPw6z/zmjY2HCrb4k87tEaZwJ3B91Wrh52GEku+rOMz84aLGS3Id0nhcJqSzIU4ASo/U= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com; spf=pass smtp.mailfrom=suse.com; arc=none smtp.client-ip=195.135.223.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.com Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 41FAF76668; Wed, 13 May 2026 08:54:48 +0000 (UTC) Authentication-Results: smtp-out2.suse.de; none Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 222A6593A9; Wed, 13 May 2026 08:54:48 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id SKzbB1g8BGpERwAAD6G6ig (envelope-from ); Wed, 13 May 2026 08:54:48 +0000 From: Daniel Vacek To: Chris Mason , Josef Bacik , Eric Biggers , "Theodore Y. Ts'o" , Jaegeuk Kim , Jens Axboe , David Sterba Cc: linux-block@vger.kernel.org, Daniel Vacek , linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v7 42/43] btrfs: disable encryption on RAID5/6 Date: Wed, 13 May 2026 10:53:16 +0200 Message-ID: <20260513085340.3673127-43-neelx@suse.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260513085340.3673127-1-neelx@suse.com> References: <20260513085340.3673127-1-neelx@suse.com> Precedence: bulk X-Mailing-List: linux-block@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 50.00]; REPLY(-4.00)[] X-Rspamd-Queue-Id: 41FAF76668 X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spam-Score: -4.00 X-Spam-Level: X-Rspamd-Server: rspamd1.dmz-prg2.suse.org X-Spam-Flag: NO X-Rspamd-Action: no action From: Josef Bacik The RAID5/6 code will re-arrange bios and submit them through a different mechanism. This is problematic with inline encryption as we have to get the bio and csum it after it's been encrypted, and the raid5/6 bio's don't have the btrfs_bio embedded, so we have no way to get the csums put on disk. This isn't an unsolvable problem, but would require a bit of reworking. Since we discourage users from using this code currently simply don't allow encryption on RAID5/6 setups. If there's sufficient demand in the future we can add the support for this. Signed-off-by: Josef Bacik Signed-off-by: Daniel Vacek --- v7 changes: * Prevent converting to RAID5/6 if encryption is already enabled as suggested by Chris' AI review. No changes in v6. v5: https://lore.kernel.org/linux-btrfs/941f02bb923edadae1aea4ae3e5aa6ba05d1215a.1706116485.git.josef@toxicpanda.com/ --- fs/btrfs/ioctl.c | 4 ++++ fs/btrfs/super.c | 6 ++++++ fs/btrfs/volumes.c | 5 +++++ 3 files changed, 15 insertions(+) diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 2e0b79f41197..873fe08cd19c 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -5165,6 +5165,10 @@ long btrfs_ioctl(struct file *file, unsigned int return -EOPNOTSUPP; if (sb_rdonly(fs_info->sb)) return -EROFS; + if (btrfs_fs_incompat(fs_info, RAID56)) { + btrfs_warn(fs_info, "can't enable encryption with RAID5/6"); + return -EINVAL; + } /* * If we crash before we commit, nothing encrypted could have * been written so it doesn't matter whether the encrypted diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index 7ec07d0bb473..5072ead57d49 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -734,6 +734,12 @@ bool btrfs_check_options(const struct btrfs_fs_info *info, if (btrfs_check_mountopts_zoned(info, mount_opt)) ret = false; + if (btrfs_fs_incompat(info, RAID56) && + btrfs_raw_test_opt(*mount_opt, TEST_DUMMY_ENCRYPTION)) { + btrfs_err(info, "cannot use test_dummy_encryption with RAID5/6"); + ret = false; + } + if (!test_bit(BTRFS_FS_STATE_REMOUNTING, &info->fs_state)) { if (btrfs_raw_test_opt(*mount_opt, SPACE_CACHE)) { btrfs_warn(info, diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c index a88e68f90564..d70735d501c4 100644 --- a/fs/btrfs/volumes.c +++ b/fs/btrfs/volumes.c @@ -6053,6 +6053,11 @@ struct btrfs_block_group *btrfs_create_chunk(struct btrfs_trans_handle *trans, lockdep_assert_held(&info->chunk_mutex); + if (type & BTRFS_BLOCK_GROUP_RAID56_MASK && btrfs_fs_incompat(info, ENCRYPT)) { + btrfs_warn(info, "RAID5/6 not yet supported on encrypted filesystem"); + return ERR_PTR(-EINVAL); + } + if (!alloc_profile_is_valid(type, 0)) { DEBUG_WARN("invalid alloc profile for type %llu", type); return ERR_PTR(-EINVAL); -- 2.53.0