Skip to content

Commit

Permalink
ext4: Enable encryption for subpage-sized blocks
Browse files Browse the repository at this point in the history 
Now that we have the code to support encryption for subpage-sized
blocks, this commit removes the conditional check in filesystem mount
code.

The commit also changes the support statement in
Documentation/filesystems/fscrypt.rst to reflect the fact that
encryption on filesystems with blocksize less than page size now works.

[EB: Tested with 'gce-xfstests -c ext4/encrypt_1k -g auto', using the
new "encrypt_1k" config I created.  All tests pass except for those that
already fail or are excluded with the encrypt or 1k configs, and 2 tests
that try to create 1023-byte symlinks which fails since encrypted
symlinks are limited to blocksize-3 bytes.  Also ran the dedicated
encryption tests using 'kvm-xfstests -c ext4/1k -g encrypt'; all pass,
including the on-disk ciphertext verification tests.]

Signed-off-by: Chandan Rajendra <chandan@linux.ibm.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Link: https://lore.kernel.org/r/20191023033312.361355-3-ebiggers@kernel.org
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
  • Loading branch information
Chandan Rajendra authored and Theodore Ts'o committed Nov 14, 2019
1 parent 31fb992 commit 196624e
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 9 deletions.
4 changes: 2 additions & 2 deletions Documentation/filesystems/fscrypt.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -331,8 +331,8 @@ Contents encryption
-------------------

For file contents, each filesystem block is encrypted independently.
Currently, only the case where the filesystem block size is equal to
the system's page size (usually 4096 bytes) is supported.
Starting from Linux kernel 5.5, encryption of filesystems with block
size less than system's page size is supported.

Each block's IV is set to the logical block number within the file as
a little endian number, except that:
Expand Down
7 changes: 0 additions & 7 deletions fs/ext4/super.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4429,13 +4429,6 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
}
}

if ((DUMMY_ENCRYPTION_ENABLED(sbi) || ext4_has_feature_encrypt(sb)) &&
(blocksize != PAGE_SIZE)) {
ext4_msg(sb, KERN_ERR,
"Unsupported blocksize for fs encryption");
goto failed_mount_wq;
}

if (ext4_has_feature_verity(sb) && blocksize != PAGE_SIZE) {
ext4_msg(sb, KERN_ERR, "Unsupported blocksize for fs-verity");
goto failed_mount_wq;
Expand Down

0 comments on commit 196624e

Please sign in to comment.