From patchwork Wed Oct 31 05:00:05 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Chandan Rajendra <chandan@linux.vnet.ibm.com>
X-Patchwork-Id: 10662067
Return-Path: <linux-fscrypt-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7AA7314DE
	for <patchwork-linux-fscrypt@patchwork.kernel.org>;
 Wed, 31 Oct 2018 04:57:52 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2DEC32930E
	for <patchwork-linux-fscrypt@patchwork.kernel.org>;
 Wed, 31 Oct 2018 04:57:52 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 1F84C294FD; Wed, 31 Oct 2018 04:57:52 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 964482930E
	for <patchwork-linux-fscrypt@patchwork.kernel.org>;
 Wed, 31 Oct 2018 04:57:51 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729021AbeJaNyS (ORCPT
        <rfc822;patchwork-linux-fscrypt@patchwork.kernel.org>);
        Wed, 31 Oct 2018 09:54:18 -0400
Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:56792 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL)
        by vger.kernel.org with ESMTP id S1729072AbeJaNyS (ORCPT
        <rfc822;linux-fscrypt@vger.kernel.org>);
        Wed, 31 Oct 2018 09:54:18 -0400
Received: from pps.filterd (m0098414.ppops.net [127.0.0.1])
        by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id
 w9V4msu3130737
        for <linux-fscrypt@vger.kernel.org>; Wed, 31 Oct 2018 00:57:49 -0400
Received: from e34.co.us.ibm.com (e34.co.us.ibm.com [32.97.110.152])
        by mx0b-001b2d01.pphosted.com with ESMTP id 2nf0chjn03-1
        (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
        for <linux-fscrypt@vger.kernel.org>; Wed, 31 Oct 2018 00:57:49 -0400
Received: from localhost
        by e34.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
 Violators will be prosecuted
        for <linux-fscrypt@vger.kernel.org> from <chandan@linux.vnet.ibm.com>;
        Wed, 31 Oct 2018 04:57:48 -0000
Received: from b03cxnp07029.gho.boulder.ibm.com (9.17.130.16)
        by e34.co.us.ibm.com (192.168.1.134) with IBM ESMTP SMTP Gateway:
 Authorized Use Only! Violators will be prosecuted;
        (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256)
        Wed, 31 Oct 2018 04:57:47 -0000
Received: from b03ledav002.gho.boulder.ibm.com
 (b03ledav002.gho.boulder.ibm.com [9.17.130.233])
        by b03cxnp07029.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
 ESMTP id w9V4vkm217760448
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
 verify=FAIL);
        Wed, 31 Oct 2018 04:57:46 GMT
Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 383FE136051;
        Wed, 31 Oct 2018 04:57:46 +0000 (GMT)
Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id A69E8136053;
        Wed, 31 Oct 2018 04:57:44 +0000 (GMT)
Received: from localhost.localdomain.com (unknown [9.199.46.191])
        by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP;
        Wed, 31 Oct 2018 04:57:44 +0000 (GMT)
From: Chandan Rajendra <chandan@linux.vnet.ibm.com>
To: tytso@mit.edu, linux-fscrypt@vger.kernel.org
Cc: Chandan Rajendra <chandan@linux.vnet.ibm.com>, ebiggers3@gmail.com
Subject: [RFC PATCH 2/2] fsverity: Remove filesystem specific build config
 option
Date: Wed, 31 Oct 2018 10:30:05 +0530
X-Mailer: git-send-email 2.9.5
In-Reply-To: <20181031050005.17770-1-chandan@linux.vnet.ibm.com>
References: <20181031050005.17770-1-chandan@linux.vnet.ibm.com>
X-TM-AS-GCONF: 00
x-cbid: 18103104-0016-0000-0000-0000094C26AF
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00009957; HX=3.00000242; KW=3.00000007;
 PH=3.00000004; SC=3.00000268; SDB=6.01110457; UDB=6.00575390; IPR=6.00890550;
 MB=3.00023974; MTD=3.00000008; XFM=3.00000015; UTC=2018-10-31 04:57:48
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18103104-0017-0000-0000-000040E608F5
Message-Id: <20181031050005.17770-2-chandan@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,,
 definitions=2018-10-31_02:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 priorityscore=1501
 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0
 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0
 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx
 scancount=1 engine=8.0.1-1807170000 definitions=main-1810310041
Sender: linux-fscrypt-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fscrypt.vger.kernel.org>
X-Mailing-List: linux-fscrypt@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

As a first step to avoid copy-pasting common code across filesystems
which implement fsverity, this commit removes filesystem specific
build config option (e.g. CONFIG_EXT4_FS_VERITY) and replaces it with
a build option (i.e. CONFIG_FS_VERITY) whose value affects all the
filesystems making use of fsverity.

Signed-off-by: Chandan Rajendra <chandan@linux.vnet.ibm.com>
---

 fs/ext4/Kconfig          | 20 --------------------
 fs/ext4/ext4.h           |  4 +---
 fs/ext4/super.c          |  6 +++---
 fs/ext4/sysfs.c          |  4 ++--
 fs/verity/Kconfig        |  2 +-
 include/linux/fsverity.h |  3 +--
 6 files changed, 8 insertions(+), 31 deletions(-)

diff --git a/fs/ext4/Kconfig b/fs/ext4/Kconfig
index e1002bb..031e5a8 100644
--- a/fs/ext4/Kconfig
+++ b/fs/ext4/Kconfig
@@ -96,26 +96,6 @@ config EXT4_FS_SECURITY
 	  If you are not using a security module that requires using
 	  extended attributes for file security labels, say N.
 
-config EXT4_FS_VERITY
-	bool "Ext4 Verity"
-	depends on EXT4_FS
-	select FS_VERITY
-	help
-	  This option enables fs-verity for ext4.  fs-verity is the
-	  dm-verity mechanism implemented at the file level.  Userspace
-	  can append a Merkle tree (hash tree) to a file, then enable
-	  fs-verity on the file.  ext4 will then transparently verify
-	  any data read from the file against the Merkle tree.  The file
-	  is also made read-only.
-
-	  This serves as an integrity check, but the availability of the
-	  Merkle tree root hash also allows efficiently supporting
-	  various use cases where normally the whole file would need to
-	  be hashed at once, such as auditing and authenticity
-	  verification (appraisal).
-
-	  If unsure, say N.
-
 config EXT4_DEBUG
 	bool "EXT4 debugging support"
 	depends on EXT4_FS
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index 8858a80..9f9a7df 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -41,8 +41,6 @@
 #endif
 
 #include <linux/fscrypt.h>
-
-#define __FS_HAS_VERITY IS_ENABLED(CONFIG_EXT4_FS_VERITY)
 #include <linux/fsverity.h>
 
 /*
@@ -2276,7 +2274,7 @@ ext4_fsblk_t ext4_inode_to_goal_block(struct inode *);
 
 static inline bool ext4_verity_inode(struct inode *inode)
 {
-#ifdef CONFIG_EXT4_FS_VERITY
+#ifdef CONFIG_FS_VERITY
 	return ext4_test_inode_flag(inode, EXT4_INODE_VERITY);
 #else
 	return false;
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 059fab2..8981ed46 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1284,7 +1284,7 @@ static const struct fscrypt_operations ext4_cryptops = {
 };
 #endif
 
-#ifdef CONFIG_EXT4_FS_VERITY
+#ifdef CONFIG_FS_VERITY
 static int ext4_set_verity(struct inode *inode, loff_t data_i_size)
 {
 	int err;
@@ -1359,7 +1359,7 @@ static const struct fsverity_operations ext4_verityops = {
 	.set_verity		= ext4_set_verity,
 	.get_full_i_size	= ext4_get_verity_full_size,
 };
-#endif /* CONFIG_EXT4_FS_VERITY */
+#endif /* CONFIG_FS_VERITY */
 
 #ifdef CONFIG_QUOTA
 static const char * const quotatypes[] = INITQFNAMES;
@@ -4182,7 +4182,7 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
 #ifdef CONFIG_FS_ENCRYPTION
 	sb->s_cop = &ext4_cryptops;
 #endif
-#ifdef CONFIG_EXT4_FS_VERITY
+#ifdef CONFIG_FS_VERITY
 	sb->s_vop = &ext4_verityops;
 #endif
 #ifdef CONFIG_QUOTA
diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c
index d7f5d18..d8e37e8 100644
--- a/fs/ext4/sysfs.c
+++ b/fs/ext4/sysfs.c
@@ -223,7 +223,7 @@ EXT4_ATTR_FEATURE(meta_bg_resize);
 #ifdef CONFIG_FS_ENCRYPTION
 EXT4_ATTR_FEATURE(encryption);
 #endif
-#ifdef CONFIG_EXT4_FS_VERITY
+#ifdef CONFIG_FS_VERITY
 EXT4_ATTR_FEATURE(verity);
 #endif
 EXT4_ATTR_FEATURE(metadata_csum_seed);
@@ -235,7 +235,7 @@ static struct attribute *ext4_feat_attrs[] = {
 #ifdef CONFIG_FS_ENCRYPTION
 	ATTR_LIST(encryption),
 #endif
-#ifdef CONFIG_EXT4_FS_VERITY
+#ifdef CONFIG_FS_VERITY
 	ATTR_LIST(verity),
 #endif
 	ATTR_LIST(metadata_csum_seed),
diff --git a/fs/verity/Kconfig b/fs/verity/Kconfig
index 4854880..e7a1961 100644
--- a/fs/verity/Kconfig
+++ b/fs/verity/Kconfig
@@ -1,5 +1,5 @@
 config FS_VERITY
-	tristate "FS Verity (file-based integrity/authentication)"
+	bool "FS Verity (file-based integrity/authentication)"
 	depends on BLOCK
 	select CRYPTO
 	# SHA-256 is selected as it's intended to be the default hash algorithm.
diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h
index 9d3371d..e7c467f 100644
--- a/include/linux/fsverity.h
+++ b/include/linux/fsverity.h
@@ -19,8 +19,7 @@ struct fsverity_operations {
 	int (*get_full_i_size)(struct inode *inode, loff_t *full_i_size_ret);
 };
 
-#if __FS_HAS_VERITY
-
+#ifdef CONFIG_FS_VERITY
 /* ioctl.c */
 extern int fsverity_ioctl_enable(struct file *filp, const void __user *arg);
 extern int fsverity_ioctl_measure(struct file *filp, void __user *arg);