From patchwork Tue Aug 8 17:12:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 13346790 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 79DEDC001DB for ; Tue, 8 Aug 2023 18:55:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232708AbjHHSzP (ORCPT ); Tue, 8 Aug 2023 14:55:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55938 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234251AbjHHSyr (ORCPT ); Tue, 8 Aug 2023 14:54:47 -0400 Received: from box.fidei.email (box.fidei.email [IPv6:2605:2700:0:2:a800:ff:feba:dc44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8CCF0696B0; Tue, 8 Aug 2023 10:12:29 -0700 (PDT) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id EE1498343E; Tue, 8 Aug 2023 13:12:28 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1691514749; bh=qYTOnD2X09d8CWs7gVr1n+nGjMJSg4tguTG1TOz83fw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=a+zN3vdUUOgJKeKRIKi+vFBuveCBaoB+1QKyQXQP3+gzKKPLoLRlLk5zUqtMnT4nw wK/OeYLZXRBPaliFAdsEp6K7/BblQNWTvRGl4HCM998THLchYX39apNynej4bRYciB PbC3/RrmLPLkfNQaWpS+H8PC9s1QXB72bGVAOZWphgZK08hNgM2E3S8VeoB4ieMwm9 q06rYDKDuezeIQDFH2BXg0x+huYxiazCxK40Vb9WoRsCJp/5qzzVps8M5W4dusfKO4 QuPTki9X2GZk2OlHdP+Z/SMmrbyXc2NFojwa3ovmRJcqtxQdZeCxNjb3w2lG9jxbt6 7khnJjgXD4jKA== From: Sweet Tea Dorminy To: Chris Mason , Josef Bacik , David Sterba , "Theodore Y . Ts'o" , Jaegeuk Kim , kernel-team@meta.com, linux-btrfs@vger.kernel.org, linux-fscrypt@vger.kernel.org, Eric Biggers Cc: Sweet Tea Dorminy Subject: [PATCH v3 02/17] btrfs: disable verity on encrypted inodes Date: Tue, 8 Aug 2023 13:12:04 -0400 Message-ID: <7f5444829adca5f4bd647749382bd0771258c846.1691510179.git.sweettea-kernel@dorminy.me> In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org Right now there isn't a way to encrypt things that aren't either filenames in directories or data on blocks on disk with extent encryption, so for now, disable verity usage with encryption on btrfs. Signed-off-by: Sweet Tea Dorminy --- fs/btrfs/verity.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/btrfs/verity.c b/fs/btrfs/verity.c index c5ff16f9e9fa..cda969c6cb0c 100644 --- a/fs/btrfs/verity.c +++ b/fs/btrfs/verity.c @@ -588,6 +588,9 @@ static int btrfs_begin_enable_verity(struct file *filp) ASSERT(inode_is_locked(file_inode(filp))); + if (IS_ENCRYPTED(&inode->vfs_inode)) + return -EINVAL; + if (test_bit(BTRFS_INODE_VERITY_IN_PROGRESS, &inode->runtime_flags)) return -EBUSY;