Commit 196624e1 authored by Chandan Rajendra's avatar Chandan Rajendra Committed by Theodore Ts'o
Browse files

ext4: Enable encryption for subpage-sized blocks 



Now that we have the code to support encryption for subpage-sized
blocks, this commit removes the conditional check in filesystem mount
code.

The commit also changes the support statement in
Documentation/filesystems/fscrypt.rst to reflect the fact that
encryption on filesystems with blocksize less than page size now works.

[EB: Tested with 'gce-xfstests -c ext4/encrypt_1k -g auto', using the
new "encrypt_1k" config I created.  All tests pass except for those that
already fail or are excluded with the encrypt or 1k configs, and 2 tests
that try to create 1023-byte symlinks which fails since encrypted
symlinks are limited to blocksize-3 bytes.  Also ran the dedicated
encryption tests using 'kvm-xfstests -c ext4/1k -g encrypt'; all pass,
including the on-disk ciphertext verification tests.]

Signed-off-by: default avatarChandan Rajendra <chandan@linux.ibm.com>
Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
Link: https://lore.kernel.org/r/20191023033312.361355-3-ebiggers@kernel.org


Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
parent 31fb992c

Documentation/filesystems/fscrypt.rst

+2 −2
Original line number Diff line number Diff line
@@ -331,8 +331,8 @@ Contents encryption 
-------------------



For file contents, each filesystem block is encrypted independently.

Currently, only the case where the filesystem block size is equal to

the system's page size (usually 4096 bytes) is supported.

Starting from Linux kernel 5.5, encryption of filesystems with block

size less than system's page size is supported.



Each block's IV is set to the logical block number within the file as

a little endian number, except that:

fs/ext4/super.c

+0 −7
Original line number Diff line number Diff line
@@ -4429,13 +4429,6 @@ no_journal: 
		}

	}



	if ((DUMMY_ENCRYPTION_ENABLED(sbi) || ext4_has_feature_encrypt(sb)) &&

	    (blocksize != PAGE_SIZE)) {

		ext4_msg(sb, KERN_ERR,

			 "Unsupported blocksize for fs encryption");

		goto failed_mount_wq;

	}



	if (ext4_has_feature_verity(sb) && blocksize != PAGE_SIZE) {

		ext4_msg(sb, KERN_ERR, "Unsupported blocksize for fs-verity");

		goto failed_mount_wq;

CRA Git | Maintained and supported by SUSTech CRA and CCSE