summaryrefslogtreecommitdiffstats
path: root/fs/ext4/super.c
diff options
context:
space:
mode:
authorSergey Karamov <skaramov@google.com>2016-12-10 23:54:58 +0100
committerTheodore Ts'o <tytso@mit.edu>2016-12-10 23:54:58 +0100
commit73b92a2a5e97d17cc4d5c4fe9d724d3273fb6fd2 (patch)
treeaa0c4bb33acd41cf66bfd4d2431ee1f9130cc1f4 /fs/ext4/super.c
parentext4: return -ENOMEM instead of success (diff)
downloadlinux-73b92a2a5e97d17cc4d5c4fe9d724d3273fb6fd2.tar.xz
linux-73b92a2a5e97d17cc4d5c4fe9d724d3273fb6fd2.zip
ext4: do not perform data journaling when data is encrypted
Currently data journalling is incompatible with encryption: enabling both at the same time has never been supported by design, and would result in unpredictable behavior. However, users are not precluded from turning on both features simultaneously. This change programmatically replaces data journaling for encrypted regular files with ordered data journaling mode. Background: Journaling encrypted data has not been supported because it operates on buffer heads of the page in the page cache. Namely, when the commit happens, which could be up to five seconds after caching, the commit thread uses the buffer heads attached to the page to copy the contents of the page to the journal. With encryption, it would have been required to keep the bounce buffer with ciphertext for up to the aforementioned five seconds, since the page cache can only hold plaintext and could not be used for journaling. Alternatively, it would be required to setup the journal to initiate a callback at the commit time to perform deferred encryption - in this case, not only would the data have to be written twice, but it would also have to be encrypted twice. This level of complexity was not justified for a mode that in practice is very rarely used because of the overhead from the data journalling. Solution: If data=journaled has been set as a mount option for a filesystem, or if journaling is enabled on a regular file, do not perform journaling if the file is also encrypted, instead fall back to the data=ordered mode for the file. Rationale: The intent is to allow seamless and proper filesystem operation when journaling and encryption have both been enabled, and have these two conflicting features gracefully resolved by the filesystem. Fixes: 4461471107b7 Signed-off-by: Sergey Karamov <skaramov@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@vger.kernel.org
Diffstat (limited to 'fs/ext4/super.c')
-rw-r--r--fs/ext4/super.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index f185b9a5a024..79af71d4fccd 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -3530,6 +3530,11 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
"both data=journal and dax");
goto failed_mount;
}
+ if (ext4_has_feature_encrypt(sb)) {
+ ext4_msg(sb, KERN_WARNING,
+ "encrypted files will use data=ordered "
+ "instead of data journaling mode");
+ }
if (test_opt(sb, DELALLOC))
clear_opt(sb, DELALLOC);
} else {