From: Sweet Tea Dorminy <sweettea-kernel@xxxxxxxxxx>
fscrypt's extent encryption requires the use of inline encryption or the
software fallback that the block layer provides; it is rather
complicated to allow software encryption with extent encryption due to
the timing of memory allocations. Thus, if btrfs has ever had a
encrypted file, or when encryption is enabled on a directory, update the
mount flags to include inlinecrypt.
Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@xxxxxxxxxx>
Signed-off-by: Josef Bacik <josef@xxxxxxxxxxxxxx>
---
fs/btrfs/ioctl.c | 3 +++
fs/btrfs/super.c | 10 ++++++++++
2 files changed, 13 insertions(+)
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 8e5f9dbb547a..33bf4d9416a9 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -4599,6 +4599,9 @@ long btrfs_ioctl(struct file *file, unsigned int
* state persists.
*/
btrfs_set_fs_incompat(fs_info, ENCRYPT);
+ if (!(inode->i_sb->s_flags & SB_INLINECRYPT)) {
+ inode->i_sb->s_flags |= SB_INLINECRYPT;
+ }
return fscrypt_ioctl_set_policy(file, (const void __user *)arg);
}
case FS_IOC_GET_ENCRYPTION_POLICY:
diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c
index 2b5d60cb7fed..a8a609f4a9f4 100644
--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
@@ -1120,6 +1120,16 @@ static int btrfs_fill_super(struct super_block *sb,
return err;
}
+ if (btrfs_fs_incompat(fs_info, ENCRYPT)) {
+ if (IS_ENABLED(CONFIG_FS_ENCRYPTION_INLINE_CRYPT)) {
+ sb->s_flags |= SB_INLINECRYPT;
+ } else {
+ btrfs_err(fs_info, "encryption not supported");
+ err = -EINVAL;
+ goto fail_close;
+ }
+ }
+
inode = btrfs_iget(sb, BTRFS_FIRST_FREE_OBJECTID, fs_info->fs_root);
if (IS_ERR(inode)) {
err = PTR_ERR(inode);
--
2.41.0
|