Message ID | 39faa5d97713d44564249b50518c0212e5bf04cc.1696970227.git.josef@toxicpanda.com (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | btrfs: add fscrypt support | expand |
On Tue, Oct 10, 2023 at 04:40:19PM -0400, Josef Bacik wrote: > The different encryption related options for fscrypt are too numerous to > support for extent based encryption. Support for a few of these options > could possibly be added, but since they're niche options simply reject > them for file systems using extent based encryption. > > Signed-off-by: Josef Bacik <josef@toxicpanda.com> > --- > fs/crypto/policy.c | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c > index 4729f21e21d8..75a69f02f11d 100644 > --- a/fs/crypto/policy.c > +++ b/fs/crypto/policy.c > @@ -209,6 +209,12 @@ static bool fscrypt_supported_v1_policy(const struct fscrypt_policy_v1 *policy, > return false; > } > > + if (inode->i_sb->s_cop->has_per_extent_encryption) { > + fscrypt_warn(inode, > + "v1 policies can't be used on file systems that use extent encryption"); > + return false; > + } > + > return true; > } > > @@ -269,6 +275,12 @@ static bool fscrypt_supported_v2_policy(const struct fscrypt_policy_v2 *policy, > } > } > > + if ((inode->i_sb->s_cop->has_per_extent_encryption) && count) { > + fscrypt_warn(inode, > + "Encryption flags aren't supported on file systems that use extent encryption"); > + return false; > + } > + Perhaps this should just be folded into patch 3? - Eric
diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c index 4729f21e21d8..75a69f02f11d 100644 --- a/fs/crypto/policy.c +++ b/fs/crypto/policy.c @@ -209,6 +209,12 @@ static bool fscrypt_supported_v1_policy(const struct fscrypt_policy_v1 *policy, return false; } + if (inode->i_sb->s_cop->has_per_extent_encryption) { + fscrypt_warn(inode, + "v1 policies can't be used on file systems that use extent encryption"); + return false; + } + return true; } @@ -269,6 +275,12 @@ static bool fscrypt_supported_v2_policy(const struct fscrypt_policy_v2 *policy, } } + if ((inode->i_sb->s_cop->has_per_extent_encryption) && count) { + fscrypt_warn(inode, + "Encryption flags aren't supported on file systems that use extent encryption"); + return false; + } + if ((policy->flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY) && !supported_direct_key_modes(inode, policy->contents_encryption_mode, policy->filenames_encryption_mode))
The different encryption related options for fscrypt are too numerous to support for extent based encryption. Support for a few of these options could possibly be added, but since they're niche options simply reject them for file systems using extent based encryption. Signed-off-by: Josef Bacik <josef@toxicpanda.com> --- fs/crypto/policy.c | 12 ++++++++++++ 1 file changed, 12 insertions(+)