fscrypt's extent encryption requires the use of inline encryption or the
software fallback that the block layer provides; it is rather
complicated to allow software encryption with extent encryption due to
the timing of memory allocations. Thus, if btrfs has ever had a
encrypted file, or when encryption is enabled on a directory, update the
mount flags to include inlinecrypt.
Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@xxxxxxxxxx>
---
fs/btrfs/ioctl.c | 4 ++++
fs/btrfs/super.c | 10 ++++++++++
2 files changed, 14 insertions(+)
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 91ad59519900..11866a88e33f 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -4574,6 +4574,10 @@ long btrfs_ioctl(struct file *file, unsigned int
* state persists.
*/
btrfs_set_fs_incompat(fs_info, ENCRYPT);
+ if (!(inode->i_sb->s_flags & SB_INLINECRYPT)) {
+ inode->i_sb->s_flags |= SB_INLINECRYPT;
+ mb();
+ }
return fscrypt_ioctl_set_policy(file, (const void __user *)arg);
}
case FS_IOC_GET_ENCRYPTION_POLICY:
diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c
index 0cc9c2909f64..1e9a93c6750a 100644
--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
@@ -1165,6 +1165,16 @@ static int btrfs_fill_super(struct super_block *sb,
return err;
}
+ if (btrfs_fs_incompat(fs_info, ENCRYPT)) {
+ if (IS_ENABLED(CONFIG_FS_ENCRYPTION_INLINE_CRYPT)) {
+ sb->s_flags |= SB_INLINECRYPT;
+ } else {
+ btrfs_err(fs_info, "encryption not supported");
+ err = -EINVAL;
+ goto fail_close;
+ }
+ }
+
inode = btrfs_iget(sb, BTRFS_FIRST_FREE_OBJECTID, fs_info->fs_root);
if (IS_ERR(inode)) {
err = PTR_ERR(inode);
--
2.40.1
|