Commit 196624e1 authored by Chandan Rajendra's avatar Chandan Rajendra Committed by Theodore Ts'o

ext4: Enable encryption for subpage-sized blocks

Now that we have the code to support encryption for subpage-sized
blocks, this commit removes the conditional check in filesystem mount
code.

The commit also changes the support statement in
Documentation/filesystems/fscrypt.rst to reflect the fact that
encryption on filesystems with blocksize less than page size now works.

[EB: Tested with 'gce-xfstests -c ext4/encrypt_1k -g auto', using the
new "encrypt_1k" config I created.  All tests pass except for those that
already fail or are excluded with the encrypt or 1k configs, and 2 tests
that try to create 1023-byte symlinks which fails since encrypted
symlinks are limited to blocksize-3 bytes.  Also ran the dedicated
encryption tests using 'kvm-xfstests -c ext4/1k -g encrypt'; all pass,
including the on-disk ciphertext verification tests.]
Signed-off-by: default avatarChandan Rajendra <chandan@linux.ibm.com>
Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
Link: https://lore.kernel.org/r/20191023033312.361355-3-ebiggers@kernel.orgSigned-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
parent 31fb992c
...@@ -331,8 +331,8 @@ Contents encryption ...@@ -331,8 +331,8 @@ Contents encryption
------------------- -------------------
For file contents, each filesystem block is encrypted independently. For file contents, each filesystem block is encrypted independently.
Currently, only the case where the filesystem block size is equal to Starting from Linux kernel 5.5, encryption of filesystems with block
the system's page size (usually 4096 bytes) is supported. size less than system's page size is supported.
Each block's IV is set to the logical block number within the file as Each block's IV is set to the logical block number within the file as
a little endian number, except that: a little endian number, except that:
......
...@@ -4429,13 +4429,6 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) ...@@ -4429,13 +4429,6 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
} }
} }
if ((DUMMY_ENCRYPTION_ENABLED(sbi) || ext4_has_feature_encrypt(sb)) &&
(blocksize != PAGE_SIZE)) {
ext4_msg(sb, KERN_ERR,
"Unsupported blocksize for fs encryption");
goto failed_mount_wq;
}
if (ext4_has_feature_verity(sb) && blocksize != PAGE_SIZE) { if (ext4_has_feature_verity(sb) && blocksize != PAGE_SIZE) {
ext4_msg(sb, KERN_ERR, "Unsupported blocksize for fs-verity"); ext4_msg(sb, KERN_ERR, "Unsupported blocksize for fs-verity");
goto failed_mount_wq; goto failed_mount_wq;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment