Message ID | 20230404145319.2057051-17-aalbersh@redhat.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | fs-verity support for XFS | expand |
Hi Andrey, On Tue, Apr 04, 2023 at 04:53:12PM +0200, Andrey Albershteyn wrote: > Add flag to mark inodes which have fs-verity enabled on them (i.e. > descriptor exist and tree is built). > > Signed-off-by: Andrey Albershteyn <aalbersh@redhat.com> > --- > fs/ioctl.c | 4 ++++ > fs/xfs/libxfs/xfs_format.h | 4 +++- > fs/xfs/xfs_inode.c | 2 ++ > fs/xfs/xfs_iops.c | 2 ++ > include/uapi/linux/fs.h | 1 + > 5 files changed, 12 insertions(+), 1 deletion(-) [...] > diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h > index b7b56871029c..5172a2eb902c 100644 > --- a/include/uapi/linux/fs.h > +++ b/include/uapi/linux/fs.h > @@ -140,6 +140,7 @@ struct fsxattr { > #define FS_XFLAG_FILESTREAM 0x00004000 /* use filestream allocator */ > #define FS_XFLAG_DAX 0x00008000 /* use DAX for IO */ > #define FS_XFLAG_COWEXTSIZE 0x00010000 /* CoW extent size allocator hint */ > +#define FS_XFLAG_VERITY 0x00020000 /* fs-verity sealed inode */ > #define FS_XFLAG_HASATTR 0x80000000 /* no DIFLAG for this */ > I don't think "xfs: add inode on-disk VERITY flag" is an accurate description of a patch that involves adding something to the UAPI. Should the other filesystems support this new flag too? I'd also like all ways of getting the verity flag to continue to be mentioned in Documentation/filesystems/fsverity.rst. The existing methods (FS_IOC_GETFLAGS and statx) are already mentioned there. - Eric
On Tue, Apr 04, 2023 at 03:41:23PM -0700, Eric Biggers wrote: > Hi Andrey, > > On Tue, Apr 04, 2023 at 04:53:12PM +0200, Andrey Albershteyn wrote: > > Add flag to mark inodes which have fs-verity enabled on them (i.e. > > descriptor exist and tree is built). > > > > Signed-off-by: Andrey Albershteyn <aalbersh@redhat.com> > > --- > > fs/ioctl.c | 4 ++++ > > fs/xfs/libxfs/xfs_format.h | 4 +++- > > fs/xfs/xfs_inode.c | 2 ++ > > fs/xfs/xfs_iops.c | 2 ++ > > include/uapi/linux/fs.h | 1 + > > 5 files changed, 12 insertions(+), 1 deletion(-) > [...] > > diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h > > index b7b56871029c..5172a2eb902c 100644 > > --- a/include/uapi/linux/fs.h > > +++ b/include/uapi/linux/fs.h > > @@ -140,6 +140,7 @@ struct fsxattr { > > #define FS_XFLAG_FILESTREAM 0x00004000 /* use filestream allocator */ > > #define FS_XFLAG_DAX 0x00008000 /* use DAX for IO */ > > #define FS_XFLAG_COWEXTSIZE 0x00010000 /* CoW extent size allocator hint */ > > +#define FS_XFLAG_VERITY 0x00020000 /* fs-verity sealed inode */ > > #define FS_XFLAG_HASATTR 0x80000000 /* no DIFLAG for this */ > > > > I don't think "xfs: add inode on-disk VERITY flag" is an accurate description of > a patch that involves adding something to the UAPI. Well it does that, but it also adds the UAPI for querying the on-disk flag via the FS_IOC_FSGETXATTR interface as well. It probably should be split up into two patches. > Should the other filesystems support this new flag too? I think they should get it automatically now that it has been defined for FS_IOC_FSGETXATTR and added to the generic fileattr flag fill functions in fs/ioctl.c. > I'd also like all ways of getting the verity flag to continue to be mentioned in > Documentation/filesystems/fsverity.rst. The existing methods (FS_IOC_GETFLAGS > and statx) are already mentioned there. *nod* -Dave.
Hi Eric and Dave, On Wed, Apr 05, 2023 at 09:56:33AM +1000, Dave Chinner wrote: > On Tue, Apr 04, 2023 at 03:41:23PM -0700, Eric Biggers wrote: > > Hi Andrey, > > > > On Tue, Apr 04, 2023 at 04:53:12PM +0200, Andrey Albershteyn wrote: > > > Add flag to mark inodes which have fs-verity enabled on them (i.e. > > > descriptor exist and tree is built). > > > > > > Signed-off-by: Andrey Albershteyn <aalbersh@redhat.com> > > > --- > > > fs/ioctl.c | 4 ++++ > > > fs/xfs/libxfs/xfs_format.h | 4 +++- > > > fs/xfs/xfs_inode.c | 2 ++ > > > fs/xfs/xfs_iops.c | 2 ++ > > > include/uapi/linux/fs.h | 1 + > > > 5 files changed, 12 insertions(+), 1 deletion(-) > > [...] > > > diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h > > > index b7b56871029c..5172a2eb902c 100644 > > > --- a/include/uapi/linux/fs.h > > > +++ b/include/uapi/linux/fs.h > > > @@ -140,6 +140,7 @@ struct fsxattr { > > > #define FS_XFLAG_FILESTREAM 0x00004000 /* use filestream allocator */ > > > #define FS_XFLAG_DAX 0x00008000 /* use DAX for IO */ > > > #define FS_XFLAG_COWEXTSIZE 0x00010000 /* CoW extent size allocator hint */ > > > +#define FS_XFLAG_VERITY 0x00020000 /* fs-verity sealed inode */ > > > #define FS_XFLAG_HASATTR 0x80000000 /* no DIFLAG for this */ > > > > > > > I don't think "xfs: add inode on-disk VERITY flag" is an accurate description of > > a patch that involves adding something to the UAPI. > > Well it does that, but it also adds the UAPI for querying the > on-disk flag via the FS_IOC_FSGETXATTR interface as well. It > probably should be split up into two patches. Sure. > > > Should the other filesystems support this new flag too? > > I think they should get it automatically now that it has been > defined for FS_IOC_FSGETXATTR and added to the generic fileattr flag > fill functions in fs/ioctl.c. > > > I'd also like all ways of getting the verity flag to continue to be mentioned in > > Documentation/filesystems/fsverity.rst. The existing methods (FS_IOC_GETFLAGS > > and statx) are already mentioned there. > > *nod* > Ok, sure, missed that. Will split this patch and add description.
diff --git a/fs/ioctl.c b/fs/ioctl.c index 5b2481cd4750..a274b33b2fd0 100644 --- a/fs/ioctl.c +++ b/fs/ioctl.c @@ -480,6 +480,8 @@ void fileattr_fill_xflags(struct fileattr *fa, u32 xflags) fa->flags |= FS_DAX_FL; if (fa->fsx_xflags & FS_XFLAG_PROJINHERIT) fa->flags |= FS_PROJINHERIT_FL; + if (fa->fsx_xflags & FS_XFLAG_VERITY) + fa->flags |= FS_VERITY_FL; } EXPORT_SYMBOL(fileattr_fill_xflags); @@ -510,6 +512,8 @@ void fileattr_fill_flags(struct fileattr *fa, u32 flags) fa->fsx_xflags |= FS_XFLAG_DAX; if (fa->flags & FS_PROJINHERIT_FL) fa->fsx_xflags |= FS_XFLAG_PROJINHERIT; + if (fa->flags & FS_VERITY_FL) + fa->fsx_xflags |= FS_XFLAG_VERITY; } EXPORT_SYMBOL(fileattr_fill_flags); diff --git a/fs/xfs/libxfs/xfs_format.h b/fs/xfs/libxfs/xfs_format.h index ef617be2839c..ccb2ae5c2c93 100644 --- a/fs/xfs/libxfs/xfs_format.h +++ b/fs/xfs/libxfs/xfs_format.h @@ -1070,16 +1070,18 @@ static inline void xfs_dinode_put_rdev(struct xfs_dinode *dip, xfs_dev_t rdev) #define XFS_DIFLAG2_COWEXTSIZE_BIT 2 /* copy on write extent size hint */ #define XFS_DIFLAG2_BIGTIME_BIT 3 /* big timestamps */ #define XFS_DIFLAG2_NREXT64_BIT 4 /* large extent counters */ +#define XFS_DIFLAG2_VERITY_BIT 5 /* inode sealed by fsverity */ #define XFS_DIFLAG2_DAX (1 << XFS_DIFLAG2_DAX_BIT) #define XFS_DIFLAG2_REFLINK (1 << XFS_DIFLAG2_REFLINK_BIT) #define XFS_DIFLAG2_COWEXTSIZE (1 << XFS_DIFLAG2_COWEXTSIZE_BIT) #define XFS_DIFLAG2_BIGTIME (1 << XFS_DIFLAG2_BIGTIME_BIT) #define XFS_DIFLAG2_NREXT64 (1 << XFS_DIFLAG2_NREXT64_BIT) +#define XFS_DIFLAG2_VERITY (1 << XFS_DIFLAG2_VERITY_BIT) #define XFS_DIFLAG2_ANY \ (XFS_DIFLAG2_DAX | XFS_DIFLAG2_REFLINK | XFS_DIFLAG2_COWEXTSIZE | \ - XFS_DIFLAG2_BIGTIME | XFS_DIFLAG2_NREXT64) + XFS_DIFLAG2_BIGTIME | XFS_DIFLAG2_NREXT64 | XFS_DIFLAG2_VERITY) static inline bool xfs_dinode_has_bigtime(const struct xfs_dinode *dip) { diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c index 5808abab786c..3b2bf9e7580b 100644 --- a/fs/xfs/xfs_inode.c +++ b/fs/xfs/xfs_inode.c @@ -634,6 +634,8 @@ xfs_ip2xflags( flags |= FS_XFLAG_DAX; if (ip->i_diflags2 & XFS_DIFLAG2_COWEXTSIZE) flags |= FS_XFLAG_COWEXTSIZE; + if (ip->i_diflags2 & XFS_DIFLAG2_VERITY) + flags |= FS_XFLAG_VERITY; } if (xfs_inode_has_attr_fork(ip)) diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c index 24718adb3c16..5398be75a76a 100644 --- a/fs/xfs/xfs_iops.c +++ b/fs/xfs/xfs_iops.c @@ -1232,6 +1232,8 @@ xfs_diflags_to_iflags( flags |= S_NOATIME; if (init && xfs_inode_should_enable_dax(ip)) flags |= S_DAX; + if (xflags & FS_XFLAG_VERITY) + flags |= S_VERITY; /* * S_DAX can only be set during inode initialization and is never set by diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h index b7b56871029c..5172a2eb902c 100644 --- a/include/uapi/linux/fs.h +++ b/include/uapi/linux/fs.h @@ -140,6 +140,7 @@ struct fsxattr { #define FS_XFLAG_FILESTREAM 0x00004000 /* use filestream allocator */ #define FS_XFLAG_DAX 0x00008000 /* use DAX for IO */ #define FS_XFLAG_COWEXTSIZE 0x00010000 /* CoW extent size allocator hint */ +#define FS_XFLAG_VERITY 0x00020000 /* fs-verity sealed inode */ #define FS_XFLAG_HASATTR 0x80000000 /* no DIFLAG for this */ /* the read-only stuff doesn't really belong here, but any other place is
Add flag to mark inodes which have fs-verity enabled on them (i.e. descriptor exist and tree is built). Signed-off-by: Andrey Albershteyn <aalbersh@redhat.com> --- fs/ioctl.c | 4 ++++ fs/xfs/libxfs/xfs_format.h | 4 +++- fs/xfs/xfs_inode.c | 2 ++ fs/xfs/xfs_iops.c | 2 ++ include/uapi/linux/fs.h | 1 + 5 files changed, 12 insertions(+), 1 deletion(-)