btrfs: disable verity on encrypted inodes

Right now there isn't a way to encrypt things that aren't either
filenames in directories or data on blocks on disk with extent
encryption, so for now, disable verity usage with encryption on btrfs.

fscrypt with fsverity should be possible and it can be implemented
in the future.

Note: The patch was taken from v5 of fscrypt patchset
(https://lore.kernel.org/linux-btrfs/cover.1706116485.git.josef@toxicpanda.com/)
which was handled over time by various people: Omar Sandoval, Sweet Tea
Dorminy, Josef Bacik.

Reviewed-by: Boris Burkov <boris@bur.io>
Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Signed-off-by: Daniel Vacek <neelx@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
[ add note ]
Signed-off-by: David Sterba <dsterba@suse.com>

diff --git a/fs/btrfs/verity.c b/fs/btrfs/verity.c
index 16f5580cba55317c7fcc872f46a8343a2e8edf40..06dfcb461f531799a2523fba4c7c0eec97e169d0 100644 (file)
--- a/fs/btrfs/verity.c
+++ b/fs/btrfs/verity.c
@@ -578,6 +578,9 @@ static int btrfs_begin_enable_verity(struct file *filp)
 
        btrfs_assert_inode_locked(inode);
 
+       if (IS_ENCRYPTED(&inode->vfs_inode))
+               return -EOPNOTSUPP;
+
        if (test_bit(BTRFS_INODE_VERITY_IN_PROGRESS, &inode->runtime_flags))
                return -EBUSY;