From: Josef Bacik <josef@toxicpanda.com>
To: linux-fscrypt@vger.kernel.org, ebiggers@kernel.org,
linux-btrfs@vger.kernel.org
Cc: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Subject: [PATCH v2 10/36] btrfs: disable verity on encrypted inodes
Date: Tue, 10 Oct 2023 16:40:25 -0400 [thread overview]
Message-ID: <f61fb12657e5b29a27c73dc3b5bd175aaf4269ee.1696970227.git.josef@toxicpanda.com> (raw)
In-Reply-To: <cover.1696970227.git.josef@toxicpanda.com>
From: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Right now there isn't a way to encrypt things that aren't either
filenames in directories or data on blocks on disk with extent
encryption, so for now, disable verity usage with encryption on btrfs.
Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
---
fs/btrfs/verity.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/btrfs/verity.c b/fs/btrfs/verity.c
index 66e2270b0dae..92536913df04 100644
--- a/fs/btrfs/verity.c
+++ b/fs/btrfs/verity.c
@@ -588,6 +588,9 @@ static int btrfs_begin_enable_verity(struct file *filp)
ASSERT(inode_is_locked(file_inode(filp)));
+ if (IS_ENCRYPTED(&inode->vfs_inode))
+ return -EINVAL;
+
if (test_bit(BTRFS_INODE_VERITY_IN_PROGRESS, &inode->runtime_flags))
return -EBUSY;
--
2.41.0
next prev parent reply other threads:[~2023-10-10 20:41 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-10 20:40 [PATCH v2 00/36] btrfs: add fscrypt support Josef Bacik
2023-10-10 20:40 ` [PATCH v2 01/36] fscrypt: use a flag to indicate that the master key is being evicted Josef Bacik
2023-10-15 6:22 ` Eric Biggers
2023-10-10 20:40 ` [PATCH v2 02/36] fscrypt: don't wipe mk secret until the last active user is gone Josef Bacik
2023-10-15 6:25 ` Eric Biggers
2023-10-10 20:40 ` [PATCH v2 03/36] fscrypt: add per-extent encryption support Josef Bacik
2023-10-15 6:36 ` Eric Biggers
2023-10-10 20:40 ` [PATCH v2 04/36] fscrypt: disable all but standard v2 policies for extent encryption Josef Bacik
2023-10-15 6:27 ` Eric Biggers
2023-10-10 20:40 ` [PATCH v2 05/36] blk-crypto: add a process bio callback Josef Bacik
2023-10-15 6:32 ` Eric Biggers
2023-10-10 20:40 ` [PATCH v2 06/36] fscrypt: expose fscrypt_nokey_name Josef Bacik
2023-10-10 20:40 ` [PATCH v2 07/36] fscrypt: add documentation about extent encryption Josef Bacik
2023-10-10 20:40 ` [PATCH v2 08/36] btrfs: add infrastructure for safe em freeing Josef Bacik
2023-10-10 20:40 ` [PATCH v2 09/36] btrfs: disable various operations on encrypted inodes Josef Bacik
2023-10-10 20:40 ` Josef Bacik [this message]
2023-10-10 20:40 ` [PATCH v2 11/36] btrfs: start using fscrypt hooks Josef Bacik
2023-10-10 20:40 ` [PATCH v2 12/36] btrfs: add inode encryption contexts Josef Bacik
2023-10-10 20:40 ` [PATCH v2 13/36] btrfs: add new FEATURE_INCOMPAT_ENCRYPT flag Josef Bacik
2023-10-10 20:40 ` [PATCH v2 14/36] btrfs: adapt readdir for encrypted and nokey names Josef Bacik
2023-10-10 20:40 ` [PATCH v2 15/36] btrfs: handle " Josef Bacik
2023-10-10 20:40 ` [PATCH v2 16/36] btrfs: implement fscrypt ioctls Josef Bacik
2023-10-10 20:40 ` [PATCH v2 17/36] btrfs: add encryption to CONFIG_BTRFS_DEBUG Josef Bacik
2023-10-10 20:40 ` [PATCH v2 18/36] btrfs: add get_devices hook for fscrypt Josef Bacik
2023-10-10 20:40 ` [PATCH v2 19/36] btrfs: turn on inlinecrypt mount option for encrypt Josef Bacik
2023-10-10 20:40 ` [PATCH v2 20/36] btrfs: set file extent encryption excplicitly Josef Bacik
2023-10-10 20:40 ` [PATCH v2 21/36] btrfs: add fscrypt_info and encryption_type to extent_map Josef Bacik
2023-10-10 20:40 ` [PATCH v2 22/36] btrfs: add fscrypt_info and encryption_type to ordered_extent Josef Bacik
2023-10-10 20:40 ` [PATCH v2 23/36] btrfs: plumb through setting the fscrypt_info for ordered extents Josef Bacik
2023-10-10 20:40 ` [PATCH v2 24/36] btrfs: populate the ordered_extent with the fscrypt context Josef Bacik
2023-10-10 20:40 ` [PATCH v2 25/36] btrfs: keep track of fscrypt info and orig_start for dio reads Josef Bacik
2023-10-10 20:40 ` [PATCH v2 26/36] btrfs: add an optional encryption context to the end of file extents Josef Bacik
2023-10-10 20:40 ` [PATCH v2 27/36] btrfs: explicitly track file extent length for replace and drop Josef Bacik
2023-10-10 20:40 ` [PATCH v2 28/36] btrfs: pass through fscrypt_extent_info to the file extent helpers Josef Bacik
2023-10-10 20:40 ` [PATCH v2 29/36] btrfs: pass the fscrypt_info through the replace extent infrastructure Josef Bacik
2023-10-10 20:40 ` [PATCH v2 30/36] btrfs: implement the fscrypt extent encryption hooks Josef Bacik
2023-10-10 20:40 ` [PATCH v2 31/36] btrfs: setup fscrypt_extent_info for new extents Josef Bacik
2023-10-10 20:40 ` [PATCH v2 32/36] btrfs: populate ordered_extent with the orig offset Josef Bacik
2023-10-10 20:40 ` [PATCH v2 33/36] btrfs: set the bio fscrypt context when applicable Josef Bacik
2023-10-10 20:40 ` [PATCH v2 34/36] btrfs: add a bio argument to btrfs_csum_one_bio Josef Bacik
2023-10-10 20:40 ` [PATCH v2 35/36] btrfs: add orig_logical to btrfs_bio Josef Bacik
2023-10-10 20:40 ` [PATCH v2 36/36] btrfs: implement process_bio cb for fscrypt Josef Bacik
2023-11-21 23:02 ` [PATCH v2 00/36] btrfs: add fscrypt support Eric Biggers
2023-11-22 13:58 ` Josef Bacik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f61fb12657e5b29a27c73dc3b5bd175aaf4269ee.1696970227.git.josef@toxicpanda.com \
--to=josef@toxicpanda.com \
--cc=ebiggers@kernel.org \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=sweettea-kernel@dorminy.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).