[v6] btrfs: add fscrypt support, PART 1

[PATCH v6 1/8] btrfs: disable various operations on encrypted inodes

Posted by Daniel Vacek 2 months, 4 weeks ago

From: Omar Sandoval <osandov@osandov.com>

Initially, only normal data extents will be encrypted. This change
forbids various other bits:
- allows reflinking only if both inodes have the same encryption status
- disable inline data on encrypted inodes

Signed-off-by: Omar Sandoval <osandov@osandov.com>
Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Daniel Vacek <neelx@suse.com>
---
v5 was 'Reviewed-by: Boris Burkov <boris@bur.io>' [1] but the rebase
changed the code a bit so dropping.

[1] https://lore.kernel.org/linux-btrfs/20240124195303.GC1789919@zen.localdomain/
---
 fs/btrfs/inode.c   | 4 ++++
 fs/btrfs/reflink.c | 7 +++++++
 2 files changed, 11 insertions(+)

diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 8737914e8552..b810e831fc23 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -592,6 +592,10 @@ static bool can_cow_file_range_inline(struct btrfs_inode *inode,
 	if (size < i_size_read(&inode->vfs_inode))
 		return false;
 
+	/* Encrypted file cannot be inlined. */
+	if (IS_ENCRYPTED(&inode->vfs_inode))
+		return false;
+
 	return true;
 }
 
diff --git a/fs/btrfs/reflink.c b/fs/btrfs/reflink.c
index 775a32a7953a..3c9c570d6493 100644
--- a/fs/btrfs/reflink.c
+++ b/fs/btrfs/reflink.c
@@ -1,6 +1,7 @@
 // SPDX-License-Identifier: GPL-2.0
 
 #include <linux/blkdev.h>
+#include <linux/fscrypt.h>
 #include <linux/iversion.h>
 #include "ctree.h"
 #include "fs.h"
@@ -789,6 +790,12 @@ static int btrfs_remap_file_range_prep(struct file *file_in, loff_t pos_in,
 		ASSERT(inode_in->vfs_inode.i_sb == inode_out->vfs_inode.i_sb);
 	}
 
+	/*
+	 * Can only reflink encrypted files if both files are encrypted.
+	 */
+	if (IS_ENCRYPTED(&inode_in->vfs_inode) != IS_ENCRYPTED(&inode_out->vfs_inode))
+		return -EINVAL;
+
 	/* Don't make the dst file partly checksummed */
 	if ((inode_in->flags & BTRFS_INODE_NODATASUM) !=
 	    (inode_out->flags & BTRFS_INODE_NODATASUM)) {
-- 
2.51.0

Re: [PATCH v6 1/8] btrfs: disable various operations on encrypted inodes

Posted by Qu Wenruo 2 months, 4 weeks ago


在 2025/11/13 06:06, Daniel Vacek 写道:
> From: Omar Sandoval <osandov@osandov.com>
> 
> Initially, only normal data extents will be encrypted. This change
> forbids various other bits:
> - allows reflinking only if both inodes have the same encryption status
> - disable inline data on encrypted inodes

I'm wondering how will this affect other users of inlined data. 
Especially for symbol links.

Symbol links always store they link source inside an inline data file 
extent. Does such content also get encrypted?

Thanks,
Qu

> 
> Signed-off-by: Omar Sandoval <osandov@osandov.com>
> Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
> Signed-off-by: Josef Bacik <josef@toxicpanda.com>
> Signed-off-by: Daniel Vacek <neelx@suse.com>
> ---
> v5 was 'Reviewed-by: Boris Burkov <boris@bur.io>' [1] but the rebase
> changed the code a bit so dropping.
> 
> [1] https://lore.kernel.org/linux-btrfs/20240124195303.GC1789919@zen.localdomain/
> ---
>   fs/btrfs/inode.c   | 4 ++++
>   fs/btrfs/reflink.c | 7 +++++++
>   2 files changed, 11 insertions(+)
> 
> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
> index 8737914e8552..b810e831fc23 100644
> --- a/fs/btrfs/inode.c
> +++ b/fs/btrfs/inode.c
> @@ -592,6 +592,10 @@ static bool can_cow_file_range_inline(struct btrfs_inode *inode,
>   	if (size < i_size_read(&inode->vfs_inode))
>   		return false;
>   
> +	/* Encrypted file cannot be inlined. */
> +	if (IS_ENCRYPTED(&inode->vfs_inode))
> +		return false;
> +
>   	return true;
>   }
>   
> diff --git a/fs/btrfs/reflink.c b/fs/btrfs/reflink.c
> index 775a32a7953a..3c9c570d6493 100644
> --- a/fs/btrfs/reflink.c
> +++ b/fs/btrfs/reflink.c
> @@ -1,6 +1,7 @@
>   // SPDX-License-Identifier: GPL-2.0
>   
>   #include <linux/blkdev.h>
> +#include <linux/fscrypt.h>
>   #include <linux/iversion.h>
>   #include "ctree.h"
>   #include "fs.h"
> @@ -789,6 +790,12 @@ static int btrfs_remap_file_range_prep(struct file *file_in, loff_t pos_in,
>   		ASSERT(inode_in->vfs_inode.i_sb == inode_out->vfs_inode.i_sb);
>   	}
>   
> +	/*
> +	 * Can only reflink encrypted files if both files are encrypted.
> +	 */
> +	if (IS_ENCRYPTED(&inode_in->vfs_inode) != IS_ENCRYPTED(&inode_out->vfs_inode))
> +		return -EINVAL;
> +
>   	/* Don't make the dst file partly checksummed */
>   	if ((inode_in->flags & BTRFS_INODE_NODATASUM) !=
>   	    (inode_out->flags & BTRFS_INODE_NODATASUM)) {

Re: [PATCH v6 1/8] btrfs: disable various operations on encrypted inodes

Posted by David Sterba 2 months, 4 weeks ago

On Thu, Nov 13, 2025 at 07:40:35AM +1030, Qu Wenruo wrote:
> 在 2025/11/13 06:06, Daniel Vacek 写道:
> > From: Omar Sandoval <osandov@osandov.com>
> > 
> > Initially, only normal data extents will be encrypted. This change
> > forbids various other bits:
> > - allows reflinking only if both inodes have the same encryption status
> > - disable inline data on encrypted inodes
> 
> I'm wondering how will this affect other users of inlined data. 
> Especially for symbol links.
> 
> Symbol links always store they link source inside an inline data file 
> extent. Does such content also get encrypted?

Symlinks are passed to the fscrypt API and encrypted if needed, using
ext4_symlink() as an example.

[PATCH v6 1/8] btrfs: disable various operations on encrypted inodes
[PATCH v6 2/8] btrfs: disable verity on encrypted inodes
[PATCH v6 3/8] btrfs: add a bio argument to btrfs_csum_one_bio
[PATCH v6 4/8] btrfs: add orig_logical to btrfs_bio
[PATCH v6 5/8] btrfs: don't rewrite ret from inode_permission
[PATCH v6 6/8] btrfs: move inode_to_path higher in backref.c
[PATCH v6 7/8] btrfs: don't search back for dir inode item in INO_LOOKUP_USER
[PATCH v6 8/8] btrfs: set the appropriate free space settings in reconfigure