[v4,10/46] btrfs: disable verity on encrypted inodes

Message ID	9fbfdc5ea7ad2059ff0560ddf079bd1daecd971e.1701468306.git.josef@toxicpanda.com (mailing list archive)
State	New, archived
Headers	show Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="P2IBZhi4" From: Josef Bacik <josef@toxicpanda.com> To: linux-btrfs@vger.kernel.org, kernel-team@fb.com, linux-fsdevel@vger.kernel.org Cc: Sweet Tea Dorminy <sweettea-kernel@dorminy.me> Subject: [PATCH v4 10/46] btrfs: disable verity on encrypted inodes Date: Fri, 1 Dec 2023 17:11:07 -0500 Message-ID: <9fbfdc5ea7ad2059ff0560ddf079bd1daecd971e.1701468306.git.josef@toxicpanda.com> In-Reply-To: <cover.1701468305.git.josef@toxicpanda.com> References: <cover.1701468305.git.josef@toxicpanda.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	btrfs: add fscrypt support \| expand [v4,00/46] btrfs: add fscrypt support [v4,01/46] fs: move fscrypt keyring destruction to after ->put_super [v4,02/46] fscrypt: add per-extent encryption support [v4,03/46] fscrypt: add a fscrypt_inode_open helper [v4,04/46] fscrypt: conditionally don't wipe mk secret until the last active user is done [v4,05/46] blk-crypto: add a process bio callback [v4,06/46] fscrypt: expose fscrypt_nokey_name [v4,07/46] fscrypt: add documentation about extent encryption [v4,08/46] btrfs: add infrastructure for safe em freeing [v4,09/46] btrfs: disable various operations on encrypted inodes [v4,10/46] btrfs: disable verity on encrypted inodes [v4,11/46] btrfs: start using fscrypt hooks [v4,12/46] btrfs: add inode encryption contexts [v4,13/46] btrfs: add new FEATURE_INCOMPAT_ENCRYPT flag [v4,14/46] btrfs: adapt readdir for encrypted and nokey names [v4,15/46] btrfs: handle nokey names. [v4,16/46] btrfs: implement fscrypt ioctls [v4,17/46] btrfs: add encryption to CONFIG_BTRFS_DEBUG [v4,18/46] btrfs: add get_devices hook for fscrypt [v4,19/46] btrfs: turn on inlinecrypt mount option for encrypt [v4,20/46] btrfs: set file extent encryption excplicitly [v4,21/46] btrfs: add fscrypt_info and encryption_type to extent_map [v4,22/46] btrfs: add fscrypt_info and encryption_type to ordered_extent [v4,23/46] btrfs: plumb through setting the fscrypt_info for ordered extents [v4,24/46] btrfs: plumb the fscrypt extent context through create_io_em [v4,25/46] btrfs: populate the ordered_extent with the fscrypt context [v4,26/46] btrfs: keep track of fscrypt info and orig_start for dio reads [v4,27/46] btrfs: add an optional encryption context to the end of file extents [v4,28/46] btrfs: explicitly track file extent length for replace and drop [v4,29/46] btrfs: pass through fscrypt_extent_info to the file extent helpers [v4,30/46] btrfs: pass the fscrypt_info through the replace extent infrastructure [v4,31/46] btrfs: implement the fscrypt extent encryption hooks [v4,32/46] btrfs: setup fscrypt_extent_info for new extents [v4,33/46] btrfs: populate ordered_extent with the orig offset [v4,34/46] btrfs: set the bio fscrypt context when applicable [v4,35/46] btrfs: add a bio argument to btrfs_csum_one_bio [v4,36/46] btrfs: add orig_logical to btrfs_bio [v4,37/46] btrfs: limit encrypted writes to 256 segments [v4,38/46] btrfs: implement process_bio cb for fscrypt [v4,39/46] btrfs: add test_dummy_encryption support [v4,40/46] btrfs: don't rewrite ret from inode_permission [v4,41/46] btrfs: move inode_to_path higher in backref.c [v4,42/46] btrfs: make btrfs_ref_to_path handle encrypted filenames [v4,43/46] btrfs: don't search back for dir inode item in INO_LOOKUP_USER [v4,44/46] btrfs: deal with encrypted symlinks in send [v4,45/46] btrfs: decrypt file names for send [v4,46/46] btrfs: load the inode context before sending writes

Message ID

9fbfdc5ea7ad2059ff0560ddf079bd1daecd971e.1701468306.git.josef@toxicpanda.com (mailing list archive)

State

New, archived

Headers

From: Josef Bacik <josef@toxicpanda.com>
To: linux-btrfs@vger.kernel.org,
	kernel-team@fb.com,
	linux-fsdevel@vger.kernel.org
Cc: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Subject: [PATCH v4 10/46] btrfs: disable verity on encrypted inodes
Date: Fri,  1 Dec 2023 17:11:07 -0500
Message-ID: 
 <9fbfdc5ea7ad2059ff0560ddf079bd1daecd971e.1701468306.git.josef@toxicpanda.com>
In-Reply-To: <cover.1701468305.git.josef@toxicpanda.com>
References: <cover.1701468305.git.josef@toxicpanda.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

btrfs: add fscrypt support | expand

Commit Message

Josef Bacik Dec. 1, 2023, 10:11 p.m. UTC

From: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>

Right now there isn't a way to encrypt things that aren't either
filenames in directories or data on blocks on disk with extent
encryption, so for now, disable verity usage with encryption on btrfs.

Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
---
 fs/btrfs/verity.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Eric Biggers Dec. 5, 2023, 5:07 a.m. UTC | #1

On Fri, Dec 01, 2023 at 05:11:07PM -0500, Josef Bacik wrote:
> From: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
> 
> Right now there isn't a way to encrypt things that aren't either
> filenames in directories or data on blocks on disk with extent
> encryption, so for now, disable verity usage with encryption on btrfs.
> 
> Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
> Signed-off-by: Josef Bacik <josef@toxicpanda.com>
> ---
>  fs/btrfs/verity.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/fs/btrfs/verity.c b/fs/btrfs/verity.c
> index 66e2270b0dae..92536913df04 100644
> --- a/fs/btrfs/verity.c
> +++ b/fs/btrfs/verity.c
> @@ -588,6 +588,9 @@ static int btrfs_begin_enable_verity(struct file *filp)
>  
>  	ASSERT(inode_is_locked(file_inode(filp)));
>  
> +	if (IS_ENCRYPTED(&inode->vfs_inode))
> +		return -EINVAL;

As per the documentation for FS_IOC_ENABLE_VERITY
(https://docs.kernel.org/filesystems/fsverity.html#fs-ioc-enable-verity), the
error code for the case of "the filesystem does not support fs-verity on this
file" should be EOPNOTSUPP, not EINVAL.  That's what ext4 returns if you try to
enable verity on a file that doesn't use extents, for example.

- Eric

diff --git a/fs/btrfs/verity.c b/fs/btrfs/verity.c
index 66e2270b0dae..92536913df04 100644
--- a/fs/btrfs/verity.c
+++ b/fs/btrfs/verity.c
@@ -588,6 +588,9 @@  static int btrfs_begin_enable_verity(struct file *filp)
 
 	ASSERT(inode_is_locked(file_inode(filp)));
 
+	if (IS_ENCRYPTED(&inode->vfs_inode))
+		return -EINVAL;
+
 	if (test_bit(BTRFS_INODE_VERITY_IN_PROGRESS, &inode->runtime_flags))
 		return -EBUSY;

[v4,10/46] btrfs: disable verity on encrypted inodes

Commit Message

Comments

Patch