[RFC,05/11] xfs: add inode on-disk VERITY flag

Message ID	20221213172935.680971-6-aalbersh@redhat.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-fsdevel-owner@kernel.org> From: Andrey Albershteyn <aalbersh@redhat.com> To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org Cc: Andrey Albershteyn <aalbersh@redhat.com> Subject: [RFC PATCH 05/11] xfs: add inode on-disk VERITY flag Date: Tue, 13 Dec 2022 18:29:29 +0100 Message-Id: <20221213172935.680971-6-aalbersh@redhat.com> In-Reply-To: <20221213172935.680971-1-aalbersh@redhat.com> References: <20221213172935.680971-1-aalbersh@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	fs-verity support for XFS \| expand [RFC,00/11] fs-verity support for XFS [RFC,01/11] xfs: enable large folios in xfs_setup_inode() [RFC,02/11] pagemap: add mapping_clear_large_folios() wrapper [RFC,03/11] xfs: add attribute type for fs-verity [RFC,04/11] xfs: add fs-verity ro-compat flag [RFC,05/11] xfs: add inode on-disk VERITY flag [RFC,06/11] xfs: initialize fs-verity on file open and cleanup on inode destruction [RFC,07/11] xfs: disable direct read path for fs-verity sealed files [RFC,08/11] xfs: don't enable large folios on fs-verity sealed inode [RFC,09/11] iomap: fs-verity verification on page read [RFC,10/11] xfs: add fs-verity support [RFC,11/11] xfs: add fs-verity ioctls

Message ID

20221213172935.680971-6-aalbersh@redhat.com (mailing list archive)

State

New, archived

Headers

From: Andrey Albershteyn <aalbersh@redhat.com>
To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org
Cc: Andrey Albershteyn <aalbersh@redhat.com>
Subject: [RFC PATCH 05/11] xfs: add inode on-disk VERITY flag
Date: Tue, 13 Dec 2022 18:29:29 +0100
Message-Id: <20221213172935.680971-6-aalbersh@redhat.com>
In-Reply-To: <20221213172935.680971-1-aalbersh@redhat.com>
References: <20221213172935.680971-1-aalbersh@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

fs-verity support for XFS | expand

Commit Message

Andrey Albershteyn Dec. 13, 2022, 5:29 p.m. UTC

Add flag to mark inodes which have fs-verity enabled on them (i.e.
descriptor exist and tree is built).

Signed-off-by: Andrey Albershteyn <aalbersh@redhat.com>
---
 fs/xfs/libxfs/xfs_format.h | 4 +++-
 fs/xfs/xfs_inode.c         | 2 ++
 fs/xfs/xfs_iops.c          | 2 ++
 3 files changed, 7 insertions(+), 1 deletion(-)

Comments

Dave Chinner Dec. 14, 2022, 1:29 a.m. UTC | #1

On Tue, Dec 13, 2022 at 06:29:29PM +0100, Andrey Albershteyn wrote:
> Add flag to mark inodes which have fs-verity enabled on them (i.e.
> descriptor exist and tree is built).
.....
> 
>  static inline bool xfs_dinode_has_bigtime(const struct xfs_dinode *dip)
>  {
> diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c
> index f08a2d5f96ad4..8d9c9697d3619 100644
> --- a/fs/xfs/xfs_inode.c
> +++ b/fs/xfs/xfs_inode.c
> @@ -636,6 +636,8 @@ xfs_ip2xflags(
>  			flags |= FS_XFLAG_DAX;
>  		if (ip->i_diflags2 & XFS_DIFLAG2_COWEXTSIZE)
>  			flags |= FS_XFLAG_COWEXTSIZE;
> +		if (ip->i_diflags2 & XFS_DIFLAG2_VERITY)
> +			flags |= FS_VERITY_FL;
>  	}

Ah, attribute flag confusion - easy to do. xflags (FS_XFLAG*) are a
different set of (extended) flags than the standard VFS inode flags
(FS_*_FL).

To place the verity enabled state in the extended flags, you would
need to define FS_XFLAG_VERITY in include/uapi/linux/fs.h. You'll
also need to add the conversion from FS_VERITY_FL to FS_XFLAG_VERITY
to fileattr_fill_flags() and vice versa to fileattr_fill_xflags()

This will allow both the VFS inode flags UAPI and the
FS_IOC_FSGETXATTR extended flag API to see the inode has verity
enabled on it.

Once FS_XFLAG_VERITY is defined, changing the code in XFS to use it
directly instead of FS_VERITY_FL will result in everything working
correct throughout the code.

Cheers,

Dave.

Andrey Albershteyn Jan. 9, 2023, 4:51 p.m. UTC | #2

On Wed, Dec 14, 2022 at 12:29:28PM +1100, Dave Chinner wrote:
> On Tue, Dec 13, 2022 at 06:29:29PM +0100, Andrey Albershteyn wrote:
> > Add flag to mark inodes which have fs-verity enabled on them (i.e.
> > descriptor exist and tree is built).
> .....
> > 
> >  static inline bool xfs_dinode_has_bigtime(const struct xfs_dinode *dip)
> >  {
> > diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c
> > index f08a2d5f96ad4..8d9c9697d3619 100644
> > --- a/fs/xfs/xfs_inode.c
> > +++ b/fs/xfs/xfs_inode.c
> > @@ -636,6 +636,8 @@ xfs_ip2xflags(
> >  			flags |= FS_XFLAG_DAX;
> >  		if (ip->i_diflags2 & XFS_DIFLAG2_COWEXTSIZE)
> >  			flags |= FS_XFLAG_COWEXTSIZE;
> > +		if (ip->i_diflags2 & XFS_DIFLAG2_VERITY)
> > +			flags |= FS_VERITY_FL;
> >  	}
> 
> Ah, attribute flag confusion - easy to do. xflags (FS_XFLAG*) are a
> different set of (extended) flags than the standard VFS inode flags
> (FS_*_FL).
> 
> To place the verity enabled state in the extended flags, you would
> need to define FS_XFLAG_VERITY in include/uapi/linux/fs.h. You'll
> also need to add the conversion from FS_VERITY_FL to FS_XFLAG_VERITY
> to fileattr_fill_flags() and vice versa to fileattr_fill_xflags()
> 
> This will allow both the VFS inode flags UAPI and the
> FS_IOC_FSGETXATTR extended flag API to see the inode has verity
> enabled on it.
> 
> Once FS_XFLAG_VERITY is defined, changing the code in XFS to use it
> directly instead of FS_VERITY_FL will result in everything working
> correct throughout the code.

Oh I see, thanks for the explanation. They are truly confusing :( I
will adjusted it as suggested

> 
> Cheers,
> 
> Dave.
> -- 
> Dave Chinner
> david@fromorbit.com
>

diff --git a/fs/xfs/libxfs/xfs_format.h b/fs/xfs/libxfs/xfs_format.h
index 2b76e646e6f14..6950a4ef19967 100644
--- a/fs/xfs/libxfs/xfs_format.h
+++ b/fs/xfs/libxfs/xfs_format.h
@@ -1073,16 +1073,18 @@  static inline void xfs_dinode_put_rdev(struct xfs_dinode *dip, xfs_dev_t rdev)
 #define XFS_DIFLAG2_COWEXTSIZE_BIT   2  /* copy on write extent size hint */
 #define XFS_DIFLAG2_BIGTIME_BIT	3	/* big timestamps */
 #define XFS_DIFLAG2_NREXT64_BIT 4	/* large extent counters */
+#define XFS_DIFLAG2_VERITY_BIT	5	/* inode sealed by fsverity */
 
 #define XFS_DIFLAG2_DAX		(1 << XFS_DIFLAG2_DAX_BIT)
 #define XFS_DIFLAG2_REFLINK     (1 << XFS_DIFLAG2_REFLINK_BIT)
 #define XFS_DIFLAG2_COWEXTSIZE  (1 << XFS_DIFLAG2_COWEXTSIZE_BIT)
 #define XFS_DIFLAG2_BIGTIME	(1 << XFS_DIFLAG2_BIGTIME_BIT)
 #define XFS_DIFLAG2_NREXT64	(1 << XFS_DIFLAG2_NREXT64_BIT)
+#define XFS_DIFLAG2_VERITY	(1 << XFS_DIFLAG2_VERITY_BIT)
 
 #define XFS_DIFLAG2_ANY \
 	(XFS_DIFLAG2_DAX | XFS_DIFLAG2_REFLINK | XFS_DIFLAG2_COWEXTSIZE | \
-	 XFS_DIFLAG2_BIGTIME | XFS_DIFLAG2_NREXT64)
+	 XFS_DIFLAG2_BIGTIME | XFS_DIFLAG2_NREXT64 | XFS_DIFLAG2_VERITY)
 
 static inline bool xfs_dinode_has_bigtime(const struct xfs_dinode *dip)
 {
diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c
index f08a2d5f96ad4..8d9c9697d3619 100644
--- a/fs/xfs/xfs_inode.c
+++ b/fs/xfs/xfs_inode.c
@@ -636,6 +636,8 @@  xfs_ip2xflags(
 			flags |= FS_XFLAG_DAX;
 		if (ip->i_diflags2 & XFS_DIFLAG2_COWEXTSIZE)
 			flags |= FS_XFLAG_COWEXTSIZE;
+		if (ip->i_diflags2 & XFS_DIFLAG2_VERITY)
+			flags |= FS_VERITY_FL;
 	}
 
 	if (xfs_inode_has_attr_fork(ip))
diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c
index 9c90cfcecabc2..b229d25c1c3d6 100644
--- a/fs/xfs/xfs_iops.c
+++ b/fs/xfs/xfs_iops.c
@@ -1236,6 +1236,8 @@  xfs_diflags_to_iflags(
 		flags |= S_NOATIME;
 	if (init && xfs_inode_should_enable_dax(ip))
 		flags |= S_DAX;
+	if (xflags & FS_VERITY_FL)
+		flags |= S_VERITY;
 
 	/*
 	 * S_DAX can only be set during inode initialization and is never set by

[RFC,05/11] xfs: add inode on-disk VERITY flag

Commit Message

Comments

Patch