From patchwork Mon Jul 17 03:52:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 13315133 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B5322C00528 for ; Mon, 17 Jul 2023 03:53:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229496AbjGQDxQ (ORCPT ); Sun, 16 Jul 2023 23:53:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48848 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231214AbjGQDxB (ORCPT ); Sun, 16 Jul 2023 23:53:01 -0400 Received: from box.fidei.email (box.fidei.email [71.19.144.250]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 042ACE60; Sun, 16 Jul 2023 20:52:55 -0700 (PDT) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id 79FF18341A; Sun, 16 Jul 2023 23:52:55 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1689565975; bh=AtxgWhk5lNBLM6gRG58Tv02HFvsxRv3MxdlBvwTanfs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=LmxB6PRD959cWuTzZbOcamqOjRCkwyY1093i4FaGtZkem3z+cQNOL0z7Wplk+3t9F dKWa1fD5C7kuXLjZ5kdiKIJ1aCXCtJqvm7LMtn1lR4Sg9W3CdNFC7HZXgWcjcRtCGT x5nTSD4oy0NGpJurgep0XXzgCBU1ZqTEVGGJcbmZsp+TUHW9QvvDyd5Ccc3d5TOVRr i2G4z7i888ucr65YFQkE5aje40Oyhj81SQlaIspAKV0ILQ1xk/CezscTWBOpqUqqlk 9lOlaEoreJdXxwYXPtSkWHm11k1vNIjB+fE4MntA3vuL3jgAm4/ho4hCccaZdQlwMI dKH7TGUe7l7ZA== From: Sweet Tea Dorminy To: "Theodore Y. Ts'o" , Jaegeuk Kim , Eric Biggers , Chris Mason , Josef Bacik , David Sterba , linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org, kernel-team@meta.com Cc: Sweet Tea Dorminy Subject: [PATCH v2 02/17] btrfs: disable verity on encrypted inodes Date: Sun, 16 Jul 2023 23:52:33 -0400 Message-Id: <490e32a44c96184a60cea8a5ce8945e02fec7ae2.1689564024.git.sweettea-kernel@dorminy.me> In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org Right now there isn't a way to encrypt things that aren't either filenames in directories or data on blocks on disk with extent encryption, so for now, disable verity usage with encryption on btrfs. Signed-off-by: Sweet Tea Dorminy --- fs/btrfs/verity.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/btrfs/verity.c b/fs/btrfs/verity.c index c5ff16f9e9fa..cda969c6cb0c 100644 --- a/fs/btrfs/verity.c +++ b/fs/btrfs/verity.c @@ -588,6 +588,9 @@ static int btrfs_begin_enable_verity(struct file *filp) ASSERT(inode_is_locked(file_inode(filp))); + if (IS_ENCRYPTED(&inode->vfs_inode)) + return -EINVAL; + if (test_bit(BTRFS_INODE_VERITY_IN_PROGRESS, &inode->runtime_flags)) return -EBUSY;