From: "Luís Henriques" <lhenriques@suse.de>
To: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Cc: "Theodore Y. Ts'o" <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>,
Eric Biggers <ebiggers@kernel.org>, Chris Mason <clm@fb.com>,
Josef Bacik <josef@toxicpanda.com>,
David Sterba <dsterba@suse.com>,
linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org,
kernel-team@meta.com
Subject: Re: [PATCH v2 12/17] btrfs: turn on inlinecrypt mount option for encrypt
Date: Mon, 17 Jul 2023 16:34:42 +0100 [thread overview]
Message-ID: <87wmyyv96c.fsf@suse.de> (raw)
In-Reply-To: 303b721e0c738ebb8ee3ada3d4b867a07d6d5bfb.1689564024.git.sweettea-kernel@dorminy.me
Sweet Tea Dorminy <sweettea-kernel@dorminy.me> writes:
> fscrypt's extent encryption requires the use of inline encryption or the
> software fallback that the block layer provides; it is rather
> complicated to allow software encryption with extent encryption due to
> the timing of memory allocations. Thus, if btrfs has ever had a
> encrypted file, or when encryption is enabled on a directory, update the
> mount flags to include inlinecrypt.
>
> Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
> ---
> fs/btrfs/ioctl.c | 4 ++++
> fs/btrfs/super.c | 10 ++++++++++
> 2 files changed, 14 insertions(+)
>
> diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
> index 91ad59519900..11866a88e33f 100644
> --- a/fs/btrfs/ioctl.c
> +++ b/fs/btrfs/ioctl.c
> @@ -4574,6 +4574,10 @@ long btrfs_ioctl(struct file *file, unsigned int
> * state persists.
> */
> btrfs_set_fs_incompat(fs_info, ENCRYPT);
> + if (!(inode->i_sb->s_flags & SB_INLINECRYPT)) {
> + inode->i_sb->s_flags |= SB_INLINECRYPT;
> + mb();
I've no idea this mb() is needed here, but I know it's usually a good
practice to document why it is needed.
Cheers,
--
Luís
> + }
> return fscrypt_ioctl_set_policy(file, (const void __user *)arg);
> }
> case FS_IOC_GET_ENCRYPTION_POLICY:
> diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c
> index 0cc9c2909f64..1e9a93c6750a 100644
> --- a/fs/btrfs/super.c
> +++ b/fs/btrfs/super.c
> @@ -1165,6 +1165,16 @@ static int btrfs_fill_super(struct super_block *sb,
> return err;
> }
>
> + if (btrfs_fs_incompat(fs_info, ENCRYPT)) {
> + if (IS_ENABLED(CONFIG_FS_ENCRYPTION_INLINE_CRYPT)) {
> + sb->s_flags |= SB_INLINECRYPT;
> + } else {
> + btrfs_err(fs_info, "encryption not supported");
> + err = -EINVAL;
> + goto fail_close;
> + }
> + }
> +
> inode = btrfs_iget(sb, BTRFS_FIRST_FREE_OBJECTID, fs_info->fs_root);
> if (IS_ERR(inode)) {
> err = PTR_ERR(inode);
> --
>
> 2.40.1
>
next prev parent reply other threads:[~2023-07-17 15:40 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-17 3:52 [PATCH v2 00/17] btrfs: add encryption feature Sweet Tea Dorminy
2023-07-17 3:52 ` [PATCH v2 01/17] btrfs: disable various operations on encrypted inodes Sweet Tea Dorminy
2023-07-17 3:52 ` [PATCH v2 02/17] btrfs: disable verity " Sweet Tea Dorminy
2023-07-17 3:52 ` [PATCH v2 03/17] fscrypt: expose fscrypt_nokey_name Sweet Tea Dorminy
2023-07-17 3:52 ` [PATCH v2 04/17] btrfs: start using fscrypt hooks Sweet Tea Dorminy
2023-07-17 15:34 ` Luís Henriques
2023-07-17 17:28 ` David Sterba
2023-07-18 8:36 ` Luís Henriques
2023-07-17 3:52 ` [PATCH v2 05/17] btrfs: add inode encryption contexts Sweet Tea Dorminy
2023-07-17 15:41 ` Josef Bacik
2023-07-17 3:52 ` [PATCH v2 06/17] btrfs: add new FEATURE_INCOMPAT_ENCRYPT flag Sweet Tea Dorminy
2023-07-17 15:42 ` Josef Bacik
2023-07-17 3:52 ` [PATCH v2 07/17] btrfs: adapt readdir for encrypted and nokey names Sweet Tea Dorminy
2023-07-17 15:34 ` Luís Henriques
2023-07-17 17:46 ` Josef Bacik
2023-07-17 3:52 ` [PATCH v2 08/17] btrfs: use correct name hash for " Sweet Tea Dorminy
2023-07-17 3:52 ` [PATCH v2 09/17] btrfs: implement fscrypt ioctls Sweet Tea Dorminy
2023-07-17 3:52 ` [PATCH v2 10/17] btrfs: add encryption to CONFIG_BTRFS_DEBUG Sweet Tea Dorminy
2023-07-17 3:52 ` [PATCH v2 11/17] btrfs: add get_devices hook for fscrypt Sweet Tea Dorminy
2023-07-17 17:51 ` Josef Bacik
2023-07-17 3:52 ` [PATCH v2 12/17] btrfs: turn on inlinecrypt mount option for encrypt Sweet Tea Dorminy
2023-07-17 15:34 ` Luís Henriques [this message]
2023-07-17 17:55 ` Josef Bacik
2023-07-17 3:52 ` [PATCH v2 13/17] btrfs: turn on the encryption ioctls Sweet Tea Dorminy
2023-07-17 3:52 ` [PATCH v2 14/17] btrfs: create and free extent fscrypt_infos Sweet Tea Dorminy
2023-07-17 17:58 ` Josef Bacik
2023-07-17 3:52 ` [PATCH v2 15/17] btrfs: start tracking extent encryption context info Sweet Tea Dorminy
2023-07-17 18:11 ` Josef Bacik
2023-07-17 3:52 ` [PATCH v2 16/17] btrfs: explicitly track file extent length and encryption Sweet Tea Dorminy
2023-07-17 15:30 ` Josef Bacik
2023-07-17 18:12 ` Josef Bacik
2023-07-17 3:52 ` [PATCH v2 17/17] btrfs: save and load fscrypt extent contexts Sweet Tea Dorminy
2023-07-17 18:15 ` Josef Bacik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87wmyyv96c.fsf@suse.de \
--to=lhenriques@suse.de \
--cc=clm@fb.com \
--cc=dsterba@suse.com \
--cc=ebiggers@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=josef@toxicpanda.com \
--cc=kernel-team@meta.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=sweettea-kernel@dorminy.me \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox