From: Josef Bacik <josef@toxicpanda.com>
To: linux-btrfs@vger.kernel.org, kernel-team@fb.com,
ebiggers@kernel.org, linux-fscrypt@vger.kernel.org,
ngompa13@gmail.com
Cc: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Subject: [PATCH 09/35] btrfs: disable verity on encrypted inodes
Date: Tue, 26 Sep 2023 14:01:35 -0400 [thread overview]
Message-ID: <ec25bd8540fb43d38a1f58d3df2f43299c50f7d2.1695750478.git.josef@toxicpanda.com> (raw)
In-Reply-To: <cover.1695750478.git.josef@toxicpanda.com>
From: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Right now there isn't a way to encrypt things that aren't either
filenames in directories or data on blocks on disk with extent
encryption, so for now, disable verity usage with encryption on btrfs.
Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
---
fs/btrfs/verity.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/btrfs/verity.c b/fs/btrfs/verity.c
index 66e2270b0dae..92536913df04 100644
--- a/fs/btrfs/verity.c
+++ b/fs/btrfs/verity.c
@@ -588,6 +588,9 @@ static int btrfs_begin_enable_verity(struct file *filp)
ASSERT(inode_is_locked(file_inode(filp)));
+ if (IS_ENCRYPTED(&inode->vfs_inode))
+ return -EINVAL;
+
if (test_bit(BTRFS_INODE_VERITY_IN_PROGRESS, &inode->runtime_flags))
return -EBUSY;
--
2.41.0
next prev parent reply other threads:[~2023-09-26 18:03 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-26 18:01 [PATCH 00/35] btrfs: add fscrypt support Josef Bacik
2023-09-26 18:01 ` [PATCH 01/35] fscrypt: rename fscrypt_info => fscrypt_inode_info Josef Bacik
2023-09-26 18:01 ` [PATCH 02/35] fscrypt: add per-extent encryption support Josef Bacik
2023-09-26 18:01 ` [PATCH 03/35] fscrypt: disable all but standard v2 policies for extent encryption Josef Bacik
2023-09-26 18:01 ` [PATCH 04/35] blk-crypto: add a process bio callback Josef Bacik
2023-09-26 18:01 ` [PATCH 05/35] fscrypt: expose fscrypt_nokey_name Josef Bacik
2023-09-26 18:01 ` [PATCH 06/35] fscrypt: add documentation about extent encryption Josef Bacik
2023-09-26 18:01 ` [PATCH 07/35] btrfs: add infrastructure for safe em freeing Josef Bacik
2023-09-26 18:01 ` [PATCH 08/35] btrfs: disable various operations on encrypted inodes Josef Bacik
2023-09-26 18:01 ` Josef Bacik [this message]
2023-09-26 18:01 ` [PATCH 10/35] btrfs: start using fscrypt hooks Josef Bacik
2023-09-26 18:01 ` [PATCH 11/35] btrfs: add inode encryption contexts Josef Bacik
2023-09-26 18:01 ` [PATCH 12/35] btrfs: add new FEATURE_INCOMPAT_ENCRYPT flag Josef Bacik
2023-09-26 18:01 ` [PATCH 13/35] btrfs: adapt readdir for encrypted and nokey names Josef Bacik
2023-10-07 1:15 ` kernel test robot
2023-09-26 18:01 ` [PATCH 14/35] btrfs: handle " Josef Bacik
2023-09-26 18:01 ` [PATCH 15/35] btrfs: implement fscrypt ioctls Josef Bacik
2023-09-26 18:01 ` [PATCH 16/35] btrfs: add encryption to CONFIG_BTRFS_DEBUG Josef Bacik
2023-09-26 18:01 ` [PATCH 17/35] btrfs: add get_devices hook for fscrypt Josef Bacik
2023-09-26 18:01 ` [PATCH 18/35] btrfs: turn on inlinecrypt mount option for encrypt Josef Bacik
2023-09-26 18:01 ` [PATCH 19/35] btrfs: set file extent encryption excplicitly Josef Bacik
2023-09-26 18:01 ` [PATCH 20/35] btrfs: add fscrypt_info and encryption_type to extent_map Josef Bacik
2023-09-26 18:01 ` [PATCH 21/35] btrfs: add fscrypt_info and encryption_type to ordered_extent Josef Bacik
2023-09-26 18:01 ` [PATCH 22/35] btrfs: plumb through setting the fscrypt_info for ordered extents Josef Bacik
2023-09-26 18:01 ` [PATCH 23/35] btrfs: populate the ordered_extent with the fscrypt context Josef Bacik
2023-09-26 18:01 ` [PATCH 24/35] btrfs: keep track of fscrypt info and orig_start for dio reads Josef Bacik
2023-09-26 18:01 ` [PATCH 25/35] btrfs: add an optional encryption context to the end of file extents Josef Bacik
2023-09-26 18:01 ` [PATCH 26/35] btrfs: explicitly track file extent length for replace and drop Josef Bacik
2023-09-26 18:01 ` [PATCH 27/35] btrfs: pass through fscrypt_extent_info to the file extent helpers Josef Bacik
2023-09-26 18:01 ` [PATCH 28/35] btrfs: pass the fscrypt_info through the replace extent infrastructure Josef Bacik
2023-09-26 18:01 ` [PATCH 29/35] btrfs: implement the fscrypt extent encryption hooks Josef Bacik
2023-09-26 18:01 ` [PATCH 30/35] btrfs: setup fscrypt_extent_info for new extents Josef Bacik
2023-09-26 18:01 ` [PATCH 31/35] btrfs: populate ordered_extent with the orig offset Josef Bacik
2023-09-26 18:01 ` [PATCH 32/35] btrfs: set the bio fscrypt context when applicable Josef Bacik
2023-09-26 18:01 ` [PATCH 33/35] btrfs: add a bio argument to btrfs_csum_one_bio Josef Bacik
2023-09-26 18:02 ` [PATCH 34/35] btrfs: add orig_logical to btrfs_bio Josef Bacik
2023-09-26 18:02 ` [PATCH 35/35] btrfs: implement process_bio cb for fscrypt Josef Bacik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ec25bd8540fb43d38a1f58d3df2f43299c50f7d2.1695750478.git.josef@toxicpanda.com \
--to=josef@toxicpanda.com \
--cc=ebiggers@kernel.org \
--cc=kernel-team@fb.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=ngompa13@gmail.com \
--cc=sweettea-kernel@dorminy.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).