From nobody Mon Feb 9 11:29:47 2026 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5AAE444CF22 for ; Fri, 6 Feb 2026 18:25:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.130 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770402345; cv=none; b=rIRanooA7HUU5Gt9K9K9YvBRd8DiPjQKsbeMbqdywoRjx4Ww+452BRX6TydttlXTgarhr2OpE1RECXRXI6FyIchXhS/G5JwOIZhn/DF+9kEYzVqk3mGQtZ+bvmqxmzrHxdOGjw7kFtWMUYXcofNZHN3kLKuYqAWBBdtzv4HQjLg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770402345; c=relaxed/simple; bh=JHBmb8Tt6hvKekTkLiQSRIgJNkTIdVCMwN3m2x25jJQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=lhNOLPloUCP/gjS8fEhdzAi7DDV7srkkmlPMW1G7uNjlAS2owQ9ZmKjfKmeYibmTnWVTLkqivRLOkSaIfssa45qa+tlPaeCe1wjkxk/WClhZNl+X2otaJLmmW3DhoQTn431yVdojUKTFsz466oRAc1Y2SKfTnitPfjJf9VYq5Cg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com; spf=pass smtp.mailfrom=suse.com; arc=none smtp.client-ip=195.135.223.130 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.com Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 5B60F3E763; Fri, 6 Feb 2026 18:24:20 +0000 (UTC) Authentication-Results: smtp-out1.suse.de; none Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 2E7C83EA63; Fri, 6 Feb 2026 18:24:20 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id yPvbCtQxhmkTCQAAD6G6ig (envelope-from ); Fri, 06 Feb 2026 18:24:20 +0000 From: Daniel Vacek To: Chris Mason , Josef Bacik , Eric Biggers , "Theodore Y. Ts'o" , Jaegeuk Kim , Jens Axboe , David Sterba Cc: linux-block@vger.kernel.org, Daniel Vacek , linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v6 42/43] btrfs: disable encryption on RAID5/6 Date: Fri, 6 Feb 2026 19:23:14 +0100 Message-ID: <20260206182336.1397715-43-neelx@suse.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260206182336.1397715-1-neelx@suse.com> References: <20260206182336.1397715-1-neelx@suse.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spam-Score: -4.00 X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Rspamd-Action: no action X-Rspamd-Queue-Id: 5B60F3E763 X-Rspamd-Server: rspamd1.dmz-prg2.suse.org X-Spam-Level: X-Spamd-Result: default: False [-4.00 / 50.00]; REPLY(-4.00)[] X-Spam-Flag: NO Content-Type: text/plain; charset="utf-8" From: Josef Bacik The RAID5/6 code will re-arrange bios and submit them through a different mechanism. This is problematic with inline encryption as we have to get the bio and csum it after it's been encrypted, and the radi5/6 bio's don't have the btrfs_bio embedded, so we have no way to get the csums put on disk. This isn't an unsolvable problem, but would require a bit of reworking. Since we discourage users from using this code currently simply don't allow encryption on RAID5/6 setups. If there's sufficient demand in the future we can add the support for this. Signed-off-by: Josef Bacik Signed-off-by: Daniel Vacek --- v5: https://lore.kernel.org/linux-btrfs/941f02bb923edadae1aea4ae3e5aa6ba05d= 1215a.1706116485.git.josef@toxicpanda.com/ * No changes since. --- fs/btrfs/ioctl.c | 4 ++++ fs/btrfs/super.c | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index a8adf99ad0a8..1bade8fea16e 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -5198,6 +5198,10 @@ long btrfs_ioctl(struct file *file, unsigned int return -EOPNOTSUPP; if (sb_rdonly(fs_info->sb)) return -EROFS; + if (btrfs_fs_incompat(fs_info, RAID56)) { + btrfs_warn(fs_info, "can't enable encryption with RAID5/6"); + return -EINVAL; + } /* * If we crash before we commit, nothing encrypted could have * been written so it doesn't matter whether the encrypted diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index 4a2887147ead..aefcbe56e85a 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -734,6 +734,12 @@ bool btrfs_check_options(const struct btrfs_fs_info *i= nfo, if (btrfs_check_mountopts_zoned(info, mount_opt)) ret =3D false; =20 + if (btrfs_fs_incompat(info, RAID56) && + btrfs_raw_test_opt(*mount_opt, TEST_DUMMY_ENCRYPTION)) { + btrfs_err(info, "cannot use test_dummy_encryption with RAID5/6"); + ret =3D false; + } + if (!test_bit(BTRFS_FS_STATE_REMOUNTING, &info->fs_state)) { if (btrfs_raw_test_opt(*mount_opt, SPACE_CACHE)) { btrfs_warn(info, --=20 2.51.0