@@ -198,6 +198,12 @@ static bool fscrypt_supported_v1_policy(const struct fscrypt_policy_v1 *policy,
return false;
}
+ if (inode->i_sb->s_cop->flags & FS_CFLG_EXTENT_ENCRYPTION) {
+ fscrypt_warn(inode,
+ "v1 policies can't be used on file systems that use extent encryption");
+ return false;
+ }
+
return true;
}
@@ -233,6 +239,12 @@ static bool fscrypt_supported_v2_policy(const struct fscrypt_policy_v2 *policy,
return false;
}
+ if ((inode->i_sb->s_cop->flags & FS_CFLG_EXTENT_ENCRYPTION) && count) {
+ fscrypt_warn(inode,
+ "Encryption flags aren't supported on file systems that use extent encryption");
+ return false;
+ }
+
if ((policy->flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY) &&
!supported_direct_key_modes(inode, policy->contents_encryption_mode,
policy->filenames_encryption_mode))
The different encryption related options for fscrypt are too numerous to support for extent based encryption. Support for a few of these options could possibly be added, but since they're niche options simply reject them for file systems using extent based encryption. Signed-off-by: Josef Bacik <josef@toxicpanda.com> --- fs/crypto/policy.c | 12 ++++++++++++ 1 file changed, 12 insertions(+)