• Sergey Karamov's avatar
    ext4: do not perform data journaling when data is encrypted · 73b92a2a
    Sergey Karamov authored
    Currently data journalling is incompatible with encryption: enabling both
    at the same time has never been supported by design, and would result in
    unpredictable behavior. However, users are not precluded from turning on
    both features simultaneously. This change programmatically replaces data
    journaling for encrypted regular files with ordered data journaling mode.
    
    Background:
    Journaling encrypted data has not been supported because it operates on
    buffer heads of the page in the page cache. Namely, when the commit
    happens, which could be up to five seconds after caching, the commit
    thread uses the buffer heads attached to the page to copy the contents of
    the page to the journal. With encryption, it would have been required to
    keep the bounce buffer with ciphertext for up to the aforementioned five
    seconds, since the page cache can only hold plaintext and could not be
    used for journaling. Alternatively, it would be required to setup the
    journal to initiate a callback at the commit time to perform deferred
    encryption - in this case, not only would the data have to be written
    twice, but it would also have to be encrypted twice. This level of
    complexity was not justified for a mode that in practice is very rarely
    used because of the overhead from the data journalling.
    
    Solution:
    If data=journaled has been set as a mount option for a filesystem, or if
    journaling is enabled on a regular file, do not perform journaling if the
    file is also encrypted, instead fall back to the data=ordered mode for the
    file.
    
    Rationale:
    The intent is to allow seamless and proper filesystem operation when
    journaling and encryption have both been enabled, and have these two
    conflicting features gracefully resolved by the filesystem.
    
    Fixes: 44614711Signed-off-by: default avatarSergey Karamov <skaramov@google.com>
    Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
    Cc: stable@vger.kernel.org
    73b92a2a
super.c 161 KB