From patchwork Wed Dec 12 09:50:16 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chandan Rajendra X-Patchwork-Id: 10725891 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 782B6112E for ; Wed, 12 Dec 2018 09:51:57 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 65D8A2AED1 for ; Wed, 12 Dec 2018 09:51:57 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 56E962AEE1; Wed, 12 Dec 2018 09:51:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4E29F2AED1 for ; Wed, 12 Dec 2018 09:51:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726933AbeLLJvz (ORCPT ); Wed, 12 Dec 2018 04:51:55 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:35416 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726814AbeLLJvz (ORCPT ); Wed, 12 Dec 2018 04:51:55 -0500 Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id wBC9oXFO089553 for ; Wed, 12 Dec 2018 04:51:53 -0500 Received: from e34.co.us.ibm.com (e34.co.us.ibm.com [32.97.110.152]) by mx0a-001b2d01.pphosted.com with ESMTP id 2pax80w4gr-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 12 Dec 2018 04:51:53 -0500 Received: from localhost by e34.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 12 Dec 2018 09:51:52 -0000 Received: from b03cxnp08027.gho.boulder.ibm.com (9.17.130.19) by e34.co.us.ibm.com (192.168.1.134) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Wed, 12 Dec 2018 09:51:45 -0000 Received: from b03ledav003.gho.boulder.ibm.com (b03ledav003.gho.boulder.ibm.com [9.17.130.234]) by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id wBC9phk827852924 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 12 Dec 2018 09:51:43 GMT Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1B9066A04F; Wed, 12 Dec 2018 09:51:43 +0000 (GMT) Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4AE3D6A04D; Wed, 12 Dec 2018 09:51:30 +0000 (GMT) Received: from localhost.localdomain.com (unknown [9.85.69.92]) by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 12 Dec 2018 09:51:29 +0000 (GMT) From: Chandan Rajendra To: linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-doc@vger.kernel.org, linux-mips@linux-mips.org, linux-s390@vger.kernel.org, linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org Cc: Chandan Rajendra , tytso@mit.edu, adilger.kernel@dilger.ca, ebiggers@kernel.org, jaegeuk@kernel.org, yuchao0@huawei.com, corbet@lwn.net, ralf@linux-mips.org, paul.burton@mips.com, jhogan@kernel.org, green.hu@gmail.com, deanbo422@gmail.com, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, richard@nod.at, dedekind1@gmail.com, adrian.hunter@intel.com, viro@zeniv.linux.org.uk Subject: [PATCH V5 7/9] fsverity: Remove filesystem specific build config option Date: Wed, 12 Dec 2018 15:20:16 +0530 X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181212095018.12648-1-chandan@linux.vnet.ibm.com> References: <20181212095018.12648-1-chandan@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 18121209-0016-0000-0000-00000963364B X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00010214; HX=3.00000242; KW=3.00000007; PH=3.00000004; SC=3.00000270; SDB=6.01130624; UDB=6.00587518; IPR=6.00910758; MB=3.00024664; MTD=3.00000008; XFM=3.00000015; UTC=2018-12-12 09:51:50 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18121209-0017-0000-0000-000041608A8D Message-Id: <20181212095018.12648-8-chandan@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-12-12_03:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1812120087 Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In order to have a common code base for fsverity "post read" processing for all filesystems which support fsverity, this commit removes filesystem specific build config option (e.g. CONFIG_EXT4_FS_VERITY) and replaces it with a build option (i.e. CONFIG_FS_VERITY) whose value affects all the filesystems making use of fsverity. Reviewed-by: Eric Biggers Signed-off-by: Chandan Rajendra --- Documentation/filesystems/fsverity.rst | 4 ++-- fs/ext4/Kconfig | 20 -------------------- fs/ext4/ext4.h | 2 -- fs/ext4/readpage.c | 4 ++-- fs/ext4/super.c | 6 +++--- fs/ext4/sysfs.c | 4 ++-- fs/f2fs/Kconfig | 20 -------------------- fs/f2fs/data.c | 2 +- fs/f2fs/f2fs.h | 2 -- fs/f2fs/super.c | 6 +++--- fs/f2fs/sysfs.c | 4 ++-- fs/verity/Kconfig | 3 ++- fs/verity/fsverity_private.h | 1 - include/linux/fs.h | 4 ++-- include/linux/fsverity.h | 7 +++---- 15 files changed, 22 insertions(+), 67 deletions(-) diff --git a/Documentation/filesystems/fsverity.rst b/Documentation/filesystems/fsverity.rst index d633fc0567bd..bb208dad10d9 100644 --- a/Documentation/filesystems/fsverity.rst +++ b/Documentation/filesystems/fsverity.rst @@ -279,7 +279,7 @@ ext4 ext4 supports fs-verity since kernel version TODO. -CONFIG_EXT4_FS_VERITY must be enabled in the kernel config. Also, the +CONFIG_FS_VERITY must be enabled in the kernel config. Also, the filesystem must have been formatted with ``-O verity``, or had ``tune2fs -O verity`` run on it. These require e2fsprogs v1.44.4-2 or later. This e2fsprogs version is also required for e2fsck to @@ -306,7 +306,7 @@ f2fs f2fs supports fs-verity since kernel version TODO. -CONFIG_F2FS_FS_VERITY must be enabled in the kernel config. Also, the +CONFIG_FS_VERITY must be enabled in the kernel config. Also, the filesystem must have been formatted with ``-O verity``. This requires f2fs-tools v1.11.0 or later. diff --git a/fs/ext4/Kconfig b/fs/ext4/Kconfig index e1002bbf35bf..031e5a82d556 100644 --- a/fs/ext4/Kconfig +++ b/fs/ext4/Kconfig @@ -96,26 +96,6 @@ config EXT4_FS_SECURITY If you are not using a security module that requires using extended attributes for file security labels, say N. -config EXT4_FS_VERITY - bool "Ext4 Verity" - depends on EXT4_FS - select FS_VERITY - help - This option enables fs-verity for ext4. fs-verity is the - dm-verity mechanism implemented at the file level. Userspace - can append a Merkle tree (hash tree) to a file, then enable - fs-verity on the file. ext4 will then transparently verify - any data read from the file against the Merkle tree. The file - is also made read-only. - - This serves as an integrity check, but the availability of the - Merkle tree root hash also allows efficiently supporting - various use cases where normally the whole file would need to - be hashed at once, such as auditing and authenticity - verification (appraisal). - - If unsure, say N. - config EXT4_DEBUG bool "EXT4 debugging support" depends on EXT4_FS diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h index 64bf9fb7ef18..bff8d639dd0c 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -41,8 +41,6 @@ #endif #include - -#define __FS_HAS_VERITY IS_ENABLED(CONFIG_EXT4_FS_VERITY) #include #include diff --git a/fs/ext4/readpage.c b/fs/ext4/readpage.c index 2c037df629dd..8717ac0a5bb2 100644 --- a/fs/ext4/readpage.c +++ b/fs/ext4/readpage.c @@ -158,7 +158,7 @@ static struct bio_post_read_ctx *get_bio_post_read_ctx(struct inode *inode, if (IS_ENCRYPTED(inode) && S_ISREG(inode->i_mode)) post_read_steps |= 1 << STEP_DECRYPT; -#ifdef CONFIG_EXT4_FS_VERITY +#ifdef CONFIG_FS_VERITY if (inode->i_verity_info != NULL && (index < ((i_size_read(inode) + PAGE_SIZE - 1) >> PAGE_SHIFT))) post_read_steps |= 1 << STEP_VERITY; @@ -205,7 +205,7 @@ static void mpage_end_io(struct bio *bio) static inline loff_t ext4_readpage_limit(struct inode *inode) { -#ifdef CONFIG_EXT4_FS_VERITY +#ifdef CONFIG_FS_VERITY if (IS_VERITY(inode)) { if (inode->i_verity_info) /* limit to end of metadata region */ diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 35ed3c48f8d2..0d169de59f76 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -1316,7 +1316,7 @@ static const struct fscrypt_operations ext4_cryptops = { }; #endif -#ifdef CONFIG_EXT4_FS_VERITY +#ifdef CONFIG_FS_VERITY static int ext4_set_verity(struct inode *inode, loff_t data_i_size) { int err; @@ -1402,7 +1402,7 @@ static const struct fsverity_operations ext4_verityops = { .set_verity = ext4_set_verity, .get_metadata_end = ext4_get_metadata_end, }; -#endif /* CONFIG_EXT4_FS_VERITY */ +#endif /* CONFIG_FS_VERITY */ #ifdef CONFIG_QUOTA static const char * const quotatypes[] = INITQFNAMES; @@ -4235,7 +4235,7 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) #ifdef CONFIG_FS_ENCRYPTION sb->s_cop = &ext4_cryptops; #endif -#ifdef CONFIG_EXT4_FS_VERITY +#ifdef CONFIG_FS_VERITY sb->s_vop = &ext4_verityops; #endif #ifdef CONFIG_QUOTA diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c index 8bc915452a38..6fa0f47c3180 100644 --- a/fs/ext4/sysfs.c +++ b/fs/ext4/sysfs.c @@ -227,7 +227,7 @@ EXT4_ATTR_FEATURE(meta_bg_resize); #ifdef CONFIG_FS_ENCRYPTION EXT4_ATTR_FEATURE(encryption); #endif -#ifdef CONFIG_EXT4_FS_VERITY +#ifdef CONFIG_FS_VERITY EXT4_ATTR_FEATURE(verity); #endif EXT4_ATTR_FEATURE(metadata_csum_seed); @@ -239,7 +239,7 @@ static struct attribute *ext4_feat_attrs[] = { #ifdef CONFIG_FS_ENCRYPTION ATTR_LIST(encryption), #endif -#ifdef CONFIG_EXT4_FS_VERITY +#ifdef CONFIG_FS_VERITY ATTR_LIST(verity), #endif ATTR_LIST(metadata_csum_seed), diff --git a/fs/f2fs/Kconfig b/fs/f2fs/Kconfig index a5a1a381fcf1..e57cc754d543 100644 --- a/fs/f2fs/Kconfig +++ b/fs/f2fs/Kconfig @@ -71,26 +71,6 @@ config F2FS_CHECK_FS If you want to improve the performance, say N. -config F2FS_FS_VERITY - bool "F2FS Verity" - depends on F2FS_FS - select FS_VERITY - help - This option enables fs-verity for f2fs. fs-verity is the - dm-verity mechanism implemented at the file level. Userspace - can append a Merkle tree (hash tree) to a file, then enable - fs-verity on the file. f2fs will then transparently verify - any data read from the file against the Merkle tree. The file - is also made read-only. - - This serves as an integrity check, but the availability of the - Merkle tree root hash also allows efficiently supporting - various use cases where normally the whole file would need to - be hashed at once, such as auditing and authenticity - verification (appraisal). - - If unsure, say N. - config F2FS_IO_TRACE bool "F2FS IO tracer" depends on F2FS_FS diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index 844ec573263e..83b59b985894 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -610,7 +610,7 @@ static struct bio *f2fs_grab_read_bio(struct inode *inode, block_t blkaddr, if (f2fs_encrypted_file(inode)) post_read_steps |= 1 << STEP_DECRYPT; -#ifdef CONFIG_F2FS_FS_VERITY +#ifdef CONFIG_FS_VERITY if (inode->i_verity_info != NULL && (first_idx < ((i_size_read(inode) + PAGE_SIZE - 1) >> PAGE_SHIFT))) post_read_steps |= 1 << STEP_VERITY; diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index 54bd93c7b630..7161918042e7 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -25,8 +25,6 @@ #include #include - -#define __FS_HAS_VERITY IS_ENABLED(CONFIG_F2FS_FS_VERITY) #include #ifdef CONFIG_F2FS_CHECK_FS diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index 73320202bd01..4a67b901eefc 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -2197,7 +2197,7 @@ static const struct fscrypt_operations f2fs_cryptops = { }; #endif -#ifdef CONFIG_F2FS_FS_VERITY +#ifdef CONFIG_FS_VERITY static int f2fs_set_verity(struct inode *inode, loff_t data_i_size) { int err; @@ -2223,7 +2223,7 @@ static const struct fsverity_operations f2fs_verityops = { .set_verity = f2fs_set_verity, .get_metadata_end = f2fs_get_metadata_end, }; -#endif /* CONFIG_F2FS_FS_VERITY */ +#endif /* CONFIG_FS_VERITY */ static struct inode *f2fs_nfs_get_inode(struct super_block *sb, u64 ino, u32 generation) @@ -3147,7 +3147,7 @@ static int f2fs_fill_super(struct super_block *sb, void *data, int silent) #ifdef CONFIG_FS_ENCRYPTION sb->s_cop = &f2fs_cryptops; #endif -#ifdef CONFIG_F2FS_FS_VERITY +#ifdef CONFIG_FS_VERITY sb->s_vop = &f2fs_verityops; #endif sb->s_xattr = f2fs_xattr_handlers; diff --git a/fs/f2fs/sysfs.c b/fs/f2fs/sysfs.c index 737677655bc0..949e6d87f4e3 100644 --- a/fs/f2fs/sysfs.c +++ b/fs/f2fs/sysfs.c @@ -444,7 +444,7 @@ F2FS_FEATURE_RO_ATTR(flexible_inline_xattr, FEAT_FLEXIBLE_INLINE_XATTR); F2FS_FEATURE_RO_ATTR(quota_ino, FEAT_QUOTA_INO); F2FS_FEATURE_RO_ATTR(inode_crtime, FEAT_INODE_CRTIME); F2FS_FEATURE_RO_ATTR(lost_found, FEAT_LOST_FOUND); -#ifdef CONFIG_F2FS_FS_VERITY +#ifdef CONFIG_FS_VERITY F2FS_FEATURE_RO_ATTR(verity, FEAT_VERITY); #endif F2FS_FEATURE_RO_ATTR(sb_checksum, FEAT_SB_CHECKSUM); @@ -507,7 +507,7 @@ static struct attribute *f2fs_feat_attrs[] = { ATTR_LIST(quota_ino), ATTR_LIST(inode_crtime), ATTR_LIST(lost_found), -#ifdef CONFIG_F2FS_FS_VERITY +#ifdef CONFIG_FS_VERITY ATTR_LIST(verity), #endif ATTR_LIST(sb_checksum), diff --git a/fs/verity/Kconfig b/fs/verity/Kconfig index a7470a2e4892..6d9437a432cd 100644 --- a/fs/verity/Kconfig +++ b/fs/verity/Kconfig @@ -1,5 +1,5 @@ config FS_VERITY - tristate "FS Verity (read-only file-based authenticity protection)" + bool "FS Verity (read-only file-based authenticity protection)" select CRYPTO # SHA-256 is selected as it's intended to be the default hash algorithm. # To avoid bloat, other wanted algorithms must be selected explicitly. @@ -23,6 +23,7 @@ config FS_VERITY the contents may actually be needed. Also, fs-verity verifies data each time it is paged back in, which provides better protection against malicious disks vs. an ahead-of-time hash. + Currently Ext4 and F2FS make use of this feature. If unsure, say N. diff --git a/fs/verity/fsverity_private.h b/fs/verity/fsverity_private.h index 4b39d0a5544b..a7acb98ac42e 100644 --- a/fs/verity/fsverity_private.h +++ b/fs/verity/fsverity_private.h @@ -15,7 +15,6 @@ #define pr_fmt(fmt) "fs-verity: " fmt #include -#define __FS_HAS_VERITY 1 #include /* diff --git a/include/linux/fs.h b/include/linux/fs.h index de602d9f8d0e..1583b861a225 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -704,7 +704,7 @@ struct inode { struct fscrypt_info *i_crypt_info; #endif -#if IS_ENABLED(CONFIG_FS_VERITY) +#ifdef CONFIG_FS_VERITY struct fsverity_info *i_verity_info; #endif @@ -1407,7 +1407,7 @@ struct super_block { #ifdef CONFIG_FS_ENCRYPTION const struct fscrypt_operations *s_cop; #endif -#if IS_ENABLED(CONFIG_FS_VERITY) +#ifdef CONFIG_FS_VERITY const struct fsverity_operations *s_vop; #endif struct hlist_bl_head s_roots; /* alternate root dentries for NFS */ diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h index c30c4f6ed411..ea8c418bd7d5 100644 --- a/include/linux/fsverity.h +++ b/include/linux/fsverity.h @@ -19,8 +19,7 @@ struct fsverity_operations { int (*get_metadata_end)(struct inode *inode, loff_t *metadata_end_ret); }; -#if __FS_HAS_VERITY - +#ifdef CONFIG_FS_VERITY /* ioctl.c */ extern int fsverity_ioctl_enable(struct file *filp, const void __user *arg); extern int fsverity_ioctl_measure(struct file *filp, void __user *arg); @@ -42,7 +41,7 @@ static inline bool fsverity_check_hole(struct inode *inode, struct page *page) return inode->i_verity_info == NULL || fsverity_verify_page(page); } -#else /* !__FS_HAS_VERITY */ +#else /* ! CONFIG_FS_VERITY */ /* ioctl.c */ @@ -107,6 +106,6 @@ static inline bool fsverity_check_hole(struct inode *inode, struct page *page) return true; } -#endif /* !__FS_HAS_VERITY */ +#endif /* ! CONFIG_FS_VERITY */ #endif /* _LINUX_FSVERITY_H */