Message ID | 303b721e0c738ebb8ee3ada3d4b867a07d6d5bfb.1689564024.git.sweettea-kernel@dorminy.me (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | btrfs: add encryption feature | expand |
Sweet Tea Dorminy <sweettea-kernel@dorminy.me> writes: > fscrypt's extent encryption requires the use of inline encryption or the > software fallback that the block layer provides; it is rather > complicated to allow software encryption with extent encryption due to > the timing of memory allocations. Thus, if btrfs has ever had a > encrypted file, or when encryption is enabled on a directory, update the > mount flags to include inlinecrypt. > > Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me> > --- > fs/btrfs/ioctl.c | 4 ++++ > fs/btrfs/super.c | 10 ++++++++++ > 2 files changed, 14 insertions(+) > > diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c > index 91ad59519900..11866a88e33f 100644 > --- a/fs/btrfs/ioctl.c > +++ b/fs/btrfs/ioctl.c > @@ -4574,6 +4574,10 @@ long btrfs_ioctl(struct file *file, unsigned int > * state persists. > */ > btrfs_set_fs_incompat(fs_info, ENCRYPT); > + if (!(inode->i_sb->s_flags & SB_INLINECRYPT)) { > + inode->i_sb->s_flags |= SB_INLINECRYPT; > + mb(); I've no idea this mb() is needed here, but I know it's usually a good practice to document why it is needed. Cheers,
On Sun, Jul 16, 2023 at 11:52:43PM -0400, Sweet Tea Dorminy wrote: > fscrypt's extent encryption requires the use of inline encryption or the > software fallback that the block layer provides; it is rather > complicated to allow software encryption with extent encryption due to > the timing of memory allocations. Thus, if btrfs has ever had a > encrypted file, or when encryption is enabled on a directory, update the > mount flags to include inlinecrypt. > > Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me> > --- > fs/btrfs/ioctl.c | 4 ++++ > fs/btrfs/super.c | 10 ++++++++++ > 2 files changed, 14 insertions(+) > > diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c > index 91ad59519900..11866a88e33f 100644 > --- a/fs/btrfs/ioctl.c > +++ b/fs/btrfs/ioctl.c > @@ -4574,6 +4574,10 @@ long btrfs_ioctl(struct file *file, unsigned int > * state persists. > */ > btrfs_set_fs_incompat(fs_info, ENCRYPT); > + if (!(inode->i_sb->s_flags & SB_INLINECRYPT)) { > + inode->i_sb->s_flags |= SB_INLINECRYPT; > + mb(); Extraneous mb(). Thanks, Josef
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 91ad59519900..11866a88e33f 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -4574,6 +4574,10 @@ long btrfs_ioctl(struct file *file, unsigned int * state persists. */ btrfs_set_fs_incompat(fs_info, ENCRYPT); + if (!(inode->i_sb->s_flags & SB_INLINECRYPT)) { + inode->i_sb->s_flags |= SB_INLINECRYPT; + mb(); + } return fscrypt_ioctl_set_policy(file, (const void __user *)arg); } case FS_IOC_GET_ENCRYPTION_POLICY: diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index 0cc9c2909f64..1e9a93c6750a 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -1165,6 +1165,16 @@ static int btrfs_fill_super(struct super_block *sb, return err; } + if (btrfs_fs_incompat(fs_info, ENCRYPT)) { + if (IS_ENABLED(CONFIG_FS_ENCRYPTION_INLINE_CRYPT)) { + sb->s_flags |= SB_INLINECRYPT; + } else { + btrfs_err(fs_info, "encryption not supported"); + err = -EINVAL; + goto fail_close; + } + } + inode = btrfs_iget(sb, BTRFS_FIRST_FREE_OBJECTID, fs_info->fs_root); if (IS_ERR(inode)) { err = PTR_ERR(inode);
fscrypt's extent encryption requires the use of inline encryption or the software fallback that the block layer provides; it is rather complicated to allow software encryption with extent encryption due to the timing of memory allocations. Thus, if btrfs has ever had a encrypted file, or when encryption is enabled on a directory, update the mount flags to include inlinecrypt. Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me> --- fs/btrfs/ioctl.c | 4 ++++ fs/btrfs/super.c | 10 ++++++++++ 2 files changed, 14 insertions(+)