| Message ID | 20231006184922.252188-6-aalbersh@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | fs-verity support for XFS | expand |
On Fri, Oct 06, 2023 at 08:48:59PM +0200, Andrey Albershteyn wrote: > Add extended file attribute FS_XFLAG_VERITY for inodes sealed with > fs-verity. > > Signed-off-by: Andrey Albershteyn <aalbersh@redhat.com> > --- > Documentation/filesystems/fsverity.rst | 9 +++++++++ > include/uapi/linux/fs.h | 1 + > 2 files changed, 10 insertions(+) > > diff --git a/Documentation/filesystems/fsverity.rst b/Documentation/filesystems/fsverity.rst > index 13e4b18e5dbb..af889512c6ac 100644 > --- a/Documentation/filesystems/fsverity.rst > +++ b/Documentation/filesystems/fsverity.rst > @@ -326,6 +326,15 @@ the file has fs-verity enabled. This can perform better than > FS_IOC_GETFLAGS and FS_IOC_MEASURE_VERITY because it doesn't require > opening the file, and opening verity files can be expensive. > > +Extended file attributes > +------------------------ > + > +For fs-verity sealed files the FS_XFLAG_VERITY extended file > +attribute is set. The attribute can be observed via lsattr. > + > + [root@vm:~]# lsattr /mnt/test/foo > + --------------------V- /mnt/test/foo > + There's currently nowhere in the documentation or code that uses the phrase "fs-verity sealed file". It's instead called a verity file, or a file that has fs-verity enabled. I suggest we try to avoid inconsistent terminology. Also, it should be mentioned which kernel versions this works on. See for example what the statx section of the documentation says just above the new section that you're adding: Since Linux v5.5, the statx() system call sets STATX_ATTR_VERITY if the file has fs-verity enabled. Also, is FS_XFLAG_VERITY going to work on all filesystems? The existing ways to query the verity flag work on all filesystems. Hopefully any new API will too. Also, "Extended file attributes" is easily confused with, well, extended file attributes (xattrs). It should be made clear that this is talking about the FS_IOC_FSGETXATTR ioctl, not real xattrs. Also, it should be made clear that FS_XFLAG_VERITY cannot be set using FS_IOC_FSSETXATTR. See e.g. how the existing documentation says that FS_IOC_GETFLAGS can get FS_VERITY_FL but FS_IOC_SETFLAGS cannot set it. - Eric
On 2023-10-10 21:05:44, Eric Biggers wrote: > There's currently nowhere in the documentation or code that uses the phrase > "fs-verity sealed file". It's instead called a verity file, or a file that has > fs-verity enabled. I suggest we try to avoid inconsistent terminology. > > Also, it should be mentioned which kernel versions this works on. > > See for example what the statx section of the documentation says just above the > new section that you're adding: > > Since Linux v5.5, the statx() system call sets STATX_ATTR_VERITY if > the file has fs-verity enabled. Sure, will change terminology. Would it be fine to add kernel version in additional patch when patchset is merged? > > Also, is FS_XFLAG_VERITY going to work on all filesystems? The existing ways to > query the verity flag work on all filesystems. Hopefully any new API will too. > Yes, if FS_VERITY_FL is set on the verity file. I will probably move hunks in fs/ioctl.c from [1] to this patch so it makes more sense. > Also, "Extended file attributes" is easily confused with, well, extended file > attributes (xattrs). It should be made clear that this is talking about the > FS_IOC_FSGETXATTR ioctl, not real xattrs. > > Also, it should be made clear that FS_XFLAG_VERITY cannot be set using > FS_IOC_FSSETXATTR. See e.g. how the existing documentation says that > FS_IOC_GETFLAGS can get FS_VERITY_FL but FS_IOC_SETFLAGS cannot set it. Thanks, will add it. [1]: https://lore.kernel.org/all/20231011013940.GJ21298@frogsfrogsfrogs/T/#m75e77f585b9b7437556d108c325126865c1f6ce7
diff --git a/Documentation/filesystems/fsverity.rst b/Documentation/filesystems/fsverity.rst index 13e4b18e5dbb..af889512c6ac 100644 --- a/Documentation/filesystems/fsverity.rst +++ b/Documentation/filesystems/fsverity.rst @@ -326,6 +326,15 @@ the file has fs-verity enabled. This can perform better than FS_IOC_GETFLAGS and FS_IOC_MEASURE_VERITY because it doesn't require opening the file, and opening verity files can be expensive. +Extended file attributes +------------------------ + +For fs-verity sealed files the FS_XFLAG_VERITY extended file +attribute is set. The attribute can be observed via lsattr. + + [root@vm:~]# lsattr /mnt/test/foo + --------------------V- /mnt/test/foo + .. _accessing_verity_files: Accessing verity files diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h index b7b56871029c..5172a2eb902c 100644 --- a/include/uapi/linux/fs.h +++ b/include/uapi/linux/fs.h @@ -140,6 +140,7 @@ struct fsxattr { #define FS_XFLAG_FILESTREAM 0x00004000 /* use filestream allocator */ #define FS_XFLAG_DAX 0x00008000 /* use DAX for IO */ #define FS_XFLAG_COWEXTSIZE 0x00010000 /* CoW extent size allocator hint */ +#define FS_XFLAG_VERITY 0x00020000 /* fs-verity sealed inode */ #define FS_XFLAG_HASATTR 0x80000000 /* no DIFLAG for this */ /* the read-only stuff doesn't really belong here, but any other place is
Add extended file attribute FS_XFLAG_VERITY for inodes sealed with fs-verity. Signed-off-by: Andrey Albershteyn <aalbersh@redhat.com> --- Documentation/filesystems/fsverity.rst | 9 +++++++++ include/uapi/linux/fs.h | 1 + 2 files changed, 10 insertions(+)