The different encryption related options for fscrypt are too numerous to
support for extent based encryption. Support for a few of these options
could possibly be added, but since they're niche options simply reject
them for file systems using extent based encryption.
Signed-off-by: Josef Bacik <jo...@toxicpanda.com>
---
fs/crypto/policy.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c
index 8b8da04068b8..38807d0ee742 100644
--- a/fs/crypto/policy.c
+++ b/fs/crypto/policy.c
@@ -198,6 +198,12 @@ static bool fscrypt_supported_v1_policy(const struct
fscrypt_policy_v1 *policy,
return false;
}
+ if (inode->i_sb->s_cop->flags & FS_CFLG_EXTENT_ENCRYPTION) {
+ fscrypt_warn(inode,
+ "v1 policies can't be used on file systems that
use extent encryption");
+ return false;
+ }
+
return true;
}
@@ -233,6 +239,12 @@ static bool fscrypt_supported_v2_policy(const struct
fscrypt_policy_v2 *policy,
return false;
}
+ if ((inode->i_sb->s_cop->flags & FS_CFLG_EXTENT_ENCRYPTION) && count) {
+ fscrypt_warn(inode,
+ "Encryption flags aren't supported on file systems
that use extent encryption");
+ return false;
+ }
+
if ((policy->flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY) &&
!supported_direct_key_modes(inode, policy->contents_encryption_mode,
policy->filenames_encryption_mode))
--
2.41.0
