[18/24] xfs: add writeback page mapping for fs-verity

Message ID	20241229133927.1194609-19-aalbersh@kernel.org (mailing list archive)
State	New
Headers	show Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 18DB81802DD for <linux-xfs@vger.kernel.org>; Sun, 29 Dec 2024 13:40:12 +0000 (UTC) From: Andrey Albershteyn <aalbersh@redhat.com> To: linux-xfs@vger.kernel.org Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de, Andrey Albershteyn <aalbersh@kernel.org> Subject: [PATCH 18/24] xfs: add writeback page mapping for fs-verity Date: Sun, 29 Dec 2024 14:39:21 +0100 Message-ID: <20241229133927.1194609-19-aalbersh@kernel.org> In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org> References: <20241229133350.1192387-1-aalbersh@kernel.org> <20241229133927.1194609-1-aalbersh@kernel.org> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	fsverity integration for XFS based on direct mapped xattrs \| expand [00/24] fsverity integration for XFS based on direct mapped xattrs [01/24] fs: add FS_XFLAG_VERITY for verity files [02/24] fsverity: pass tree_blocksize to end_enable_verity() [03/24] fsverity: add tracepoints [04/24] fsverity: pass the new tree size and block size to ->begin_enable_verity [05/24] fsverity: expose merkle tree geometry to callers [06/24] fsverity: report validation errors back to the filesystem [07/24] fsverity: flush pagecache before enabling verity [08/24] iomap: integrate fs-verity verification into iomap's read path [09/24] xfs: use an empty transaction to protect xfs_attr_get from deadlocks [10/24] xfs: don't let xfs_bmap_first_unused overflow a xfs_dablk_t [11/24] xfs: add attribute type for fs-verity [12/24] xfs: add fs-verity ro-compat flag [13/24] xfs: add inode on-disk VERITY flag [14/24] xfs: initialize fs-verity on file open and cleanup on inode destruction [15/24] xfs: don't allow to enable DAX on fs-verity sealed inode [16/24] xfs: disable direct read path for fs-verity files [17/24] xfs: add fs-verity support [18/24] xfs: add writeback page mapping for fs-verity [19/24] xfs: use merkle tree offset as attr hash [20/24] xfs: add fs-verity ioctls [21/24] xfs: advertise fs-verity being available on filesystem [22/24] xfs: check and repair the verity inode flag state [23/24] xfs: report verity failures through the health system [24/24] xfs: enable ro-compat fs-verity flag

Message ID

20241229133927.1194609-19-aalbersh@kernel.org (mailing list archive)

State

New

Headers

From: Andrey Albershteyn <aalbersh@redhat.com>
To: linux-xfs@vger.kernel.org
Cc: djwong@kernel.org,
	david@fromorbit.com,
	hch@lst.de,
	Andrey Albershteyn <aalbersh@kernel.org>
Subject: [PATCH 18/24] xfs: add writeback page mapping for fs-verity
Date: Sun, 29 Dec 2024 14:39:21 +0100
Message-ID: <20241229133927.1194609-19-aalbersh@kernel.org>
In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org>
References: <20241229133350.1192387-1-aalbersh@kernel.org>
 <20241229133927.1194609-1-aalbersh@kernel.org>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

fsverity integration for XFS based on direct mapped xattrs | expand

Commit Message

Andrey Albershteyn Dec. 29, 2024, 1:39 p.m. UTC

Data from severity region is not mapped as file data but as a set of
extended attributes.

Add mapping function which removes region offset and map n-th page
to attribute with name n.

Signed-off-by: Andrey Albershteyn <aalbersh@kernel.org>
---
 fs/xfs/xfs_aops.c | 85 ++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 80 insertions(+), 5 deletions(-)

diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c
index bcc51628dbdd..976d77277e95 100644
--- a/fs/xfs/xfs_aops.c
+++ b/fs/xfs/xfs_aops.c
@@ -20,6 +20,7 @@ 
 #include "xfs_errortag.h"
 #include "xfs_error.h"
 #include "xfs_fsverity.h"
+#include "xfs_attr.h"
 #include <linux/fsverity.h>
 
 struct xfs_writepage_ctx {
@@ -132,7 +133,8 @@  xfs_end_ioend(
 	else if (ioend->io_type == IOMAP_UNWRITTEN)
 		error = xfs_iomap_write_unwritten(ip, offset, size, false);
 
-	if (!error && xfs_ioend_is_append(ioend))
+	if (!error && !xfs_fsverity_in_region(ioend->io_offset) &&
+			xfs_ioend_is_append(ioend))
 		error = xfs_setfilesize(ip, ioend->io_offset, ioend->io_size);
 
 	/* This IO was to the Merkle tree region */
@@ -472,14 +474,87 @@  static const struct iomap_writeback_ops xfs_writeback_ops = {
 	.discard_folio		= xfs_discard_folio,
 };
 
+static int
+xfs_fsverity_map_blocks(
+	struct iomap_writepage_ctx *wpc,
+	struct inode		*inode,
+	loff_t			offset,
+	unsigned int		len)
+{
+	struct xfs_inode	*ip = XFS_I(inode);
+	struct xfs_mount	*mp = ip->i_mount;
+	int			error = 0;
+	int			nmap = 1;
+	loff_t			pos;
+	int			seq;
+	struct xfs_bmbt_irec	imap;
+	struct xfs_da_args	args;
+	struct xfs_merkle_key	name;
+	loff_t			xattr_name;
+
+	if (xfs_is_shutdown(mp))
+		return -EIO;
+
+	pos = (offset & XFS_FSVERITY_MTREE_MASK);
+	/* We always write one attribute block, but each block can have multiple
+	 * Merkle tree blocks */
+	ASSERT(!is_power_of_2(len));
+	xattr_name = pos & ~(len - 1);
+
+	xfs_fsverity_init_merkle_args(ip, &name, xattr_name, &args);
+
+	error = xfs_attr_get(&args);
+	if (error)
+		return error;
+
+	ASSERT(args->dp->i_af.if_format != XFS_DINODE_FMT_LOCAL);
+	xfs_ilock(ip, XFS_ILOCK_SHARED);
+	error = xfs_bmapi_read(ip, (xfs_fileoff_t)args.rmtblkno,
+			       args.rmtblkcnt, &imap, &nmap,
+			       XFS_BMAPI_ATTRFORK);
+	xfs_iunlock(ip, XFS_ILOCK_SHARED);
+	if (error)
+		return error;
+
+	/* Instead of xattr extent offset, which will be over data, we need
+	 * merkle tree offset in page cache */
+	imap.br_startoff =
+		XFS_B_TO_FSBT(mp, xattr_name | XFS_FSVERITY_MTREE_OFFSET);
+
+	seq = xfs_iomap_inode_sequence(ip, IOMAP_F_XATTR);
+	xfs_bmbt_to_iomap(ip, &wpc->iomap, &imap, 0, IOMAP_F_XATTR, seq);
+
+	trace_xfs_map_blocks_found(ip, offset, len, XFS_ATTR_FORK, &imap);
+
+	/* We want this to be separate from other IO as we will do
+	 * CRC update on IO completion */
+	wpc->iomap.flags |= IOMAP_F_NO_MERGE;
+
+	return 0;
+}
+
+static const struct iomap_writeback_ops xfs_writeback_verity_ops = {
+	.map_blocks		= xfs_fsverity_map_blocks,
+	.prepare_ioend		= xfs_prepare_ioend,
+	.discard_folio		= xfs_discard_folio,
+};
+
 STATIC int
 xfs_vm_writepages(
-	struct address_space	*mapping,
-	struct writeback_control *wbc)
+	struct address_space		*mapping,
+	struct writeback_control	*wbc)
 {
-	struct xfs_writepage_ctx wpc = { };
+	struct xfs_writepage_ctx	wpc = { };
+	struct xfs_inode		*ip = XFS_I(mapping->host);
 
-	xfs_iflags_clear(XFS_I(mapping->host), XFS_ITRUNCATED);
+	xfs_iflags_clear(ip, XFS_ITRUNCATED);
+
+	if (xfs_iflags_test(ip, XFS_VERITY_CONSTRUCTION)) {
+		wbc->range_start = XFS_FSVERITY_MTREE_OFFSET;
+		wbc->range_end = LLONG_MAX;
+		return iomap_writepages_unbound(mapping, wbc, &wpc.ctx,
+						&xfs_writeback_verity_ops);
+	}
 	return iomap_writepages(mapping, wbc, &wpc.ctx, &xfs_writeback_ops);
 }

[18/24] xfs: add writeback page mapping for fs-verity

Commit Message

Patch