On Fri, Dec 01, 2023 at 05:11:07PM -0500, Josef Bacik wrote: > From: Sweet Tea Dorminy <sweettea-kernel@xxxxxxxxxx> > > Right now there isn't a way to encrypt things that aren't either > filenames in directories or data on blocks on disk with extent > encryption, so for now, disable verity usage with encryption on btrfs. > > Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@xxxxxxxxxx> > Signed-off-by: Josef Bacik <josef@xxxxxxxxxxxxxx> > --- > fs/btrfs/verity.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/fs/btrfs/verity.c b/fs/btrfs/verity.c > index 66e2270b0dae..92536913df04 100644 > --- a/fs/btrfs/verity.c > +++ b/fs/btrfs/verity.c > @@ -588,6 +588,9 @@ static int btrfs_begin_enable_verity(struct file *filp) > > ASSERT(inode_is_locked(file_inode(filp))); > > + if (IS_ENCRYPTED(&inode->vfs_inode)) > + return -EINVAL; As per the documentation for FS_IOC_ENABLE_VERITY (https://docs.kernel.org/filesystems/fsverity.html#fs-ioc-enable-verity), the error code for the case of "the filesystem does not support fs-verity on this file" should be EOPNOTSUPP, not EINVAL. That's what ext4 returns if you try to enable verity on a file that doesn't use extents, for example. - Eric
