From: Daniel Vacek <neelx@suse.com>
To: Chris Mason <clm@fb.com>, Josef Bacik <josef@toxicpanda.com>,
David Sterba <dsterba@suse.com>
Cc: Daniel Vacek <neelx@suse.com>,
linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org,
Sweet Tea Dorminy <sweettea-kernel@dorminy.me>,
Boris Burkov <boris@bur.io>, Daniel Vacek <neelx.g@gmail.com>
Subject: [PATCH v7 2/6] btrfs: disable verity on encrypted inodes
Date: Tue, 18 Nov 2025 17:00:37 +0100 [thread overview]
Message-ID: <20251118160043.3005684-3-neelx@suse.com> (raw)
In-Reply-To: <20251118160043.3005684-1-neelx@suse.com>
From: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Right now there isn't a way to encrypt things that aren't either
filenames in directories or data on blocks on disk with extent
encryption, so for now, disable verity usage with encryption on btrfs.
fscrypt with fsverity should be possible and it can be implemented
in the future.
Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: Boris Burkov <boris@bur.io>
Signed-off-by: Daniel Vacek <neelx.g@gmail.com>
---
fs/btrfs/verity.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/btrfs/verity.c b/fs/btrfs/verity.c
index 16f5580cba55..06dfcb461f53 100644
--- a/fs/btrfs/verity.c
+++ b/fs/btrfs/verity.c
@@ -578,6 +578,9 @@ static int btrfs_begin_enable_verity(struct file *filp)
btrfs_assert_inode_locked(inode);
+ if (IS_ENCRYPTED(&inode->vfs_inode))
+ return -EOPNOTSUPP;
+
if (test_bit(BTRFS_INODE_VERITY_IN_PROGRESS, &inode->runtime_flags))
return -EBUSY;
--
2.51.0
next prev parent reply other threads:[~2025-11-18 16:01 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-18 16:00 [PATCH v7 0/7] btrfs: add fscrypt support, PART 1 Daniel Vacek
2025-11-18 16:00 ` [PATCH v7 1/6] btrfs: disable various operations on encrypted inodes Daniel Vacek
2025-11-18 16:00 ` Daniel Vacek [this message]
2025-11-18 16:00 ` [PATCH v7 3/6] btrfs: add orig_logical to btrfs_bio Daniel Vacek
2025-11-18 16:00 ` [PATCH v7 4/6] btrfs: don't rewrite ret from inode_permission Daniel Vacek
2025-11-18 16:00 ` [PATCH v7 5/6] btrfs: move inode_to_path higher in backref.c Daniel Vacek
2025-11-18 16:00 ` [PATCH v7 6/6] btrfs: don't search back for dir inode item in INO_LOOKUP_USER Daniel Vacek
2025-11-18 16:10 ` [PATCH v7 0/7] btrfs: add fscrypt support, PART 1 Daniel Vacek
-- strict thread matches above, loose matches on Subject: below --
2025-11-18 16:08 [PATCH v8 0/6] " Daniel Vacek
2025-11-18 16:08 ` [PATCH v7 2/6] btrfs: disable verity on encrypted inodes Daniel Vacek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251118160043.3005684-3-neelx@suse.com \
--to=neelx@suse.com \
--cc=boris@bur.io \
--cc=clm@fb.com \
--cc=dsterba@suse.com \
--cc=josef@toxicpanda.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=neelx.g@gmail.com \
--cc=sweettea-kernel@dorminy.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox