From: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
To: Chris Mason <clm@fb.com>, Josef Bacik <josef@toxicpanda.com>,
David Sterba <dsterba@suse.com>,
"Theodore Y . Ts'o" <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>,
kernel-team@meta.com, linux-btrfs@vger.kernel.org,
linux-fscrypt@vger.kernel.org, Eric Biggers <ebiggers@kernel.org>
Cc: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Subject: [PATCH v3 12/17] btrfs: turn on inlinecrypt mount option for encrypt
Date: Tue, 8 Aug 2023 13:12:14 -0400 [thread overview]
Message-ID: <c6e584da3cedef803cf994381c95c52080d17685.1691510179.git.sweettea-kernel@dorminy.me> (raw)
In-Reply-To: <cover.1691510179.git.sweettea-kernel@dorminy.me>
fscrypt's extent encryption requires the use of inline encryption or the
software fallback that the block layer provides; it is rather
complicated to allow software encryption with extent encryption due to
the timing of memory allocations. Thus, if btrfs has ever had a
encrypted file, or when encryption is enabled on a directory, update the
mount flags to include inlinecrypt.
Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
---
fs/btrfs/ioctl.c | 3 +++
fs/btrfs/super.c | 10 ++++++++++
2 files changed, 13 insertions(+)
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 91ad59519900..42525a8119ee 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -4574,6 +4574,9 @@ long btrfs_ioctl(struct file *file, unsigned int
* state persists.
*/
btrfs_set_fs_incompat(fs_info, ENCRYPT);
+ if (!(inode->i_sb->s_flags & SB_INLINECRYPT)) {
+ inode->i_sb->s_flags |= SB_INLINECRYPT;
+ }
return fscrypt_ioctl_set_policy(file, (const void __user *)arg);
}
case FS_IOC_GET_ENCRYPTION_POLICY:
diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c
index 0cc9c2909f64..1e9a93c6750a 100644
--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
@@ -1165,6 +1165,16 @@ static int btrfs_fill_super(struct super_block *sb,
return err;
}
+ if (btrfs_fs_incompat(fs_info, ENCRYPT)) {
+ if (IS_ENABLED(CONFIG_FS_ENCRYPTION_INLINE_CRYPT)) {
+ sb->s_flags |= SB_INLINECRYPT;
+ } else {
+ btrfs_err(fs_info, "encryption not supported");
+ err = -EINVAL;
+ goto fail_close;
+ }
+ }
+
inode = btrfs_iget(sb, BTRFS_FIRST_FREE_OBJECTID, fs_info->fs_root);
if (IS_ERR(inode)) {
err = PTR_ERR(inode);
--
2.41.0
next prev parent reply other threads:[~2023-08-08 18:12 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-08 17:12 [PATCH v3 00/17] btrfs: add encryption feature Sweet Tea Dorminy
2023-08-08 17:12 ` [PATCH v3 01/17] btrfs: disable various operations on encrypted inodes Sweet Tea Dorminy
2023-08-08 17:12 ` [PATCH v3 02/17] btrfs: disable verity " Sweet Tea Dorminy
2023-08-08 17:12 ` [PATCH v3 03/17] fscrypt: expose fscrypt_nokey_name Sweet Tea Dorminy
2023-08-08 17:12 ` [PATCH v3 04/17] btrfs: start using fscrypt hooks Sweet Tea Dorminy
2023-08-08 17:12 ` [PATCH v3 05/17] btrfs: add inode encryption contexts Sweet Tea Dorminy
2023-08-09 20:20 ` Josef Bacik
2023-08-08 17:12 ` [PATCH v3 06/17] btrfs: add new FEATURE_INCOMPAT_ENCRYPT flag Sweet Tea Dorminy
2023-08-08 17:12 ` [PATCH v3 07/17] btrfs: adapt readdir for encrypted and nokey names Sweet Tea Dorminy
2023-08-08 17:12 ` [PATCH v3 08/17] btrfs: handle " Sweet Tea Dorminy
2023-08-09 20:32 ` Josef Bacik
2023-08-08 17:12 ` [PATCH v3 09/17] btrfs: implement fscrypt ioctls Sweet Tea Dorminy
2023-08-08 17:12 ` [PATCH v3 10/17] btrfs: add encryption to CONFIG_BTRFS_DEBUG Sweet Tea Dorminy
2023-08-08 17:12 ` [PATCH v3 11/17] btrfs: add get_devices hook for fscrypt Sweet Tea Dorminy
2023-08-08 17:12 ` Sweet Tea Dorminy [this message]
2023-08-08 17:12 ` [PATCH v3 13/17] btrfs: turn on the encryption ioctls Sweet Tea Dorminy
2023-08-08 17:12 ` [PATCH v3 14/17] btrfs: create and free extent fscrypt_infos Sweet Tea Dorminy
2023-08-08 17:12 ` [PATCH v3 15/17] btrfs: start tracking extent encryption context info Sweet Tea Dorminy
2023-08-08 17:12 ` [PATCH v3 16/17] btrfs: explicitly track file extent length and encryption Sweet Tea Dorminy
2023-08-08 17:12 ` [PATCH v3 17/17] btrfs: save and load fscrypt extent contexts Sweet Tea Dorminy
2023-08-09 20:38 ` Josef Bacik
2023-08-09 20:39 ` [PATCH v3 00/17] btrfs: add encryption feature Josef Bacik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c6e584da3cedef803cf994381c95c52080d17685.1691510179.git.sweettea-kernel@dorminy.me \
--to=sweettea-kernel@dorminy.me \
--cc=clm@fb.com \
--cc=dsterba@suse.com \
--cc=ebiggers@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=josef@toxicpanda.com \
--cc=kernel-team@meta.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).