From: Daniel Vacek <neelx@suse.com>
To: Chris Mason <clm@fb.com>, Josef Bacik <josef@toxicpanda.com>,
David Sterba <dsterba@suse.com>
Cc: Daniel Vacek <neelx@suse.com>,
linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org,
Sweet Tea Dorminy <sweettea-kernel@dorminy.me>,
Boris Burkov <boris@bur.io>
Subject: [PATCH v6 2/8] btrfs: disable verity on encrypted inodes
Date: Wed, 12 Nov 2025 20:36:02 +0100 [thread overview]
Message-ID: <20251112193611.2536093-3-neelx@suse.com> (raw)
In-Reply-To: <20251112193611.2536093-1-neelx@suse.com>
From: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Right now there isn't a way to encrypt things that aren't either
filenames in directories or data on blocks on disk with extent
encryption, so for now, disable verity usage with encryption on btrfs.
Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: Boris Burkov <boris@bur.io>
---
No changes since v5, just a merge conflict due to cleanup in context.
---
fs/btrfs/verity.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/btrfs/verity.c b/fs/btrfs/verity.c
index 16f5580cba55..06dfcb461f53 100644
--- a/fs/btrfs/verity.c
+++ b/fs/btrfs/verity.c
@@ -578,6 +578,9 @@ static int btrfs_begin_enable_verity(struct file *filp)
btrfs_assert_inode_locked(inode);
+ if (IS_ENCRYPTED(&inode->vfs_inode))
+ return -EOPNOTSUPP;
+
if (test_bit(BTRFS_INODE_VERITY_IN_PROGRESS, &inode->runtime_flags))
return -EBUSY;
--
2.51.0
next prev parent reply other threads:[~2025-11-12 19:36 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-12 19:36 [PATCH v6 0/8] btrfs: add fscrypt support, PART 1 Daniel Vacek
2025-11-12 19:36 ` [PATCH v6 1/8] btrfs: disable various operations on encrypted inodes Daniel Vacek
2025-11-12 21:10 ` Qu Wenruo
2025-11-13 10:22 ` David Sterba
2025-11-12 19:36 ` Daniel Vacek [this message]
2025-11-13 10:25 ` [PATCH v6 2/8] btrfs: disable verity " David Sterba
2025-11-12 19:36 ` [PATCH v6 3/8] btrfs: add a bio argument to btrfs_csum_one_bio Daniel Vacek
2025-11-12 21:02 ` Qu Wenruo
2025-11-13 19:07 ` Daniel Vacek
2025-11-13 20:16 ` Qu Wenruo
2025-11-18 14:05 ` Daniel Vacek
2025-11-18 15:08 ` Christoph Hellwig
2025-11-18 15:45 ` Daniel Vacek
2025-11-18 21:05 ` Qu Wenruo
2025-11-19 7:34 ` Daniel Vacek
2025-11-19 8:16 ` Qu Wenruo
2025-11-19 8:22 ` Christoph Hellwig
2025-11-19 9:28 ` Daniel Vacek
2025-11-19 9:32 ` Christoph Hellwig
2025-11-19 9:48 ` Daniel Vacek
2025-11-12 19:36 ` [PATCH v6 4/8] btrfs: add orig_logical to btrfs_bio Daniel Vacek
2025-11-12 21:07 ` Qu Wenruo
2025-11-13 19:16 ` Daniel Vacek
2025-11-12 19:36 ` [PATCH v6 5/8] btrfs: don't rewrite ret from inode_permission Daniel Vacek
2025-11-12 19:36 ` [PATCH v6 6/8] btrfs: move inode_to_path higher in backref.c Daniel Vacek
2025-11-12 19:36 ` [PATCH v6 7/8] btrfs: don't search back for dir inode item in INO_LOOKUP_USER Daniel Vacek
2025-11-12 19:36 ` [PATCH v6 8/8] btrfs: set the appropriate free space settings in reconfigure Daniel Vacek
2025-11-13 10:32 ` David Sterba
2025-11-13 11:24 ` Daniel Vacek
2025-11-18 12:10 ` David Sterba
2025-11-18 15:04 ` [PATCH v6 0/8] btrfs: add fscrypt support, PART 1 David Sterba
2025-11-18 16:14 ` Daniel Vacek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251112193611.2536093-3-neelx@suse.com \
--to=neelx@suse.com \
--cc=boris@bur.io \
--cc=clm@fb.com \
--cc=dsterba@suse.com \
--cc=josef@toxicpanda.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sweettea-kernel@dorminy.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox