From patchwork Wed May 3 08:51:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Larsson X-Patchwork-Id: 13229874 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1455DED2 for ; Wed, 3 May 2023 08:51:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1683103918; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=w0VxTZdYvYJJpJt4f1CWhQCMN6thwfx97+dJKO1TgUg=; b=dJWRn0c0zywAKegE1amoWBwBxUuL1/MWnD2hSAK9D3dcpQgSxgQaD5vjijr3HbKXey1lT7 Fi1fWxCFoXqwoQKd3++d8xc9DLvsC1NZoCZn30KhxXq0pN0np6wS2XaJLyyLjSMUR6qci7 TApOW57asUYrD2crdV/ejjjthpdyecU= Received: from mail-lj1-f200.google.com (mail-lj1-f200.google.com [209.85.208.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-427-bqjhupYdOOagnGbabKF9rQ-1; Wed, 03 May 2023 04:51:57 -0400 X-MC-Unique: bqjhupYdOOagnGbabKF9rQ-1 Received: by mail-lj1-f200.google.com with SMTP id 38308e7fff4ca-2a8be1c1844so24029641fa.3 for ; Wed, 03 May 2023 01:51:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683103915; x=1685695915; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=w0VxTZdYvYJJpJt4f1CWhQCMN6thwfx97+dJKO1TgUg=; b=ZakxKXOFgIP++38sUh8JAgi4tMHxIjj9Ok786ZvPDioMOXM6vycaP2uhD/YXtjxSwo Ru3sl68OMMp6EJYxalXWu6DT33LbXfLM0nUPDXwJVN02rQ9EdNQMF9AhTDD42TZma+XE XqTkIjWL6dk6FaW/Idy2do6jmEilCdiCPgaJfaI1OLd8CLEAO3nz2s+DYnWxSynhutOy Wvb7YZeXjX2Oqnd00NLoB+DVJ3VZaaURmwAxb/th1xEAEciVmeq5+fiSBfS2dr6ibf/v 1Kq8F5RaJDv/DLIfhxyHwLI8RPVbrc4BjZBCSY6Pd8BK/3VqXBMyxSLAT0WHfyNJMTV9 3QLA== X-Gm-Message-State: AC+VfDx6kgXtWiEsysMdSV7bKT57GZuFE5LYqxnG4KVBGQjqYlPTe/PS p1XQIq0nrU+fo2zIiuSkdomMguq+uX3rsbWKo7DIE/PriA+rvWwemBAe9f9bDbCvMr4RYtFJLGI G8A8N133wm64P100eG6o= X-Received: by 2002:ac2:410b:0:b0:4ec:8596:918b with SMTP id b11-20020ac2410b000000b004ec8596918bmr769944lfi.24.1683103915597; Wed, 03 May 2023 01:51:55 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7s2nioBDBre/9YYc1rxWYzSkRPrtaIAepxt562IrVn/o804+eY82qdLC3B2qSUScqlyA+z5A== X-Received: by 2002:ac2:410b:0:b0:4ec:8596:918b with SMTP id b11-20020ac2410b000000b004ec8596918bmr769937lfi.24.1683103915310; Wed, 03 May 2023 01:51:55 -0700 (PDT) Received: from localhost.localdomain (c-e6a5e255.022-110-73746f36.bbcust.telenor.se. [85.226.165.230]) by smtp.googlemail.com with ESMTPSA id j6-20020ac24546000000b004ed4fa5f20fsm5907089lfm.25.2023.05.03.01.51.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 May 2023 01:51:54 -0700 (PDT) From: Alexander Larsson To: miklos@szeredi.hu Cc: linux-unionfs@vger.kernel.org, amir73il@gmail.com, ebiggers@kernel.org, tytso@mit.edu, fsverity@lists.linux.dev, Alexander Larsson Subject: [PATCH v2 1/6] fsverity: Export fsverity_get_digest Date: Wed, 3 May 2023 10:51:34 +0200 Message-Id: X-Mailer: git-send-email 2.39.2 In-Reply-To: References: Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Overlayfs needs to call this when built in module form, so we need to export the symbol. This uses EXPORT_SYMBOL_GPL like the other fsverity functions do. Signed-off-by: Alexander Larsson --- fs/verity/measure.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/verity/measure.c b/fs/verity/measure.c index 5c79ea1b2468..875d143e0c7e 100644 --- a/fs/verity/measure.c +++ b/fs/verity/measure.c @@ -85,3 +85,4 @@ int fsverity_get_digest(struct inode *inode, *alg = hash_alg->algo_id; return 0; } +EXPORT_SYMBOL_GPL(fsverity_get_digest); From patchwork Wed May 3 08:51:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Larsson X-Patchwork-Id: 13229876 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D8830747E for ; Wed, 3 May 2023 08:52:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1683103919; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QiUYoZhsO38yQi5Z+ZT4TmEZo+0EwfXvmiSU1oG1sMU=; b=SGx2L6uqy51eACuC9+q2m2bQPmpmoxYqPMlvUnvHBOLWBs0Qi69pvFBXjBYTMCUOHDxDfz c6Q7PgsiGT/JUI+PSM4RwUYlDLnUqpaa4NXNH56bdII/maet5BRE9BKIthVpfMhCnt9aox 3TNAANJGkgd9+q40e58tIIvQJ/m2dno= Received: from mail-lf1-f69.google.com (mail-lf1-f69.google.com [209.85.167.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-465-RDHB2hXHNquqwtZz0PeEYw-1; Wed, 03 May 2023 04:51:58 -0400 X-MC-Unique: RDHB2hXHNquqwtZz0PeEYw-1 Received: by mail-lf1-f69.google.com with SMTP id 2adb3069b0e04-4edd608fa5cso2970843e87.3 for ; Wed, 03 May 2023 01:51:58 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683103916; x=1685695916; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QiUYoZhsO38yQi5Z+ZT4TmEZo+0EwfXvmiSU1oG1sMU=; b=g3ijbMkl2kQWoUE7wZAk7ZeSBRRPf8zjzwhMmVigmCfcwvbFRjImQuuhlqsdUh7Xce 5zAk4r3dwP8bX02rZFlFj5JhMYU/kGW+NnyER31UF6ZU5lCYjvEtIkWp02IGb0/K3UI8 8wzvWfNukcuG+j5w43SikJe1zpWhvM5w9GUh1g6WNCcGNctmKt1Oef7BlyFHNB1apYFR O3U6KHFGusvuS7HimVFjKdwWB9WJ4Zt/oT5zUEMLG9ycBZgN14yzB6Jpzl6GVfCKvPR2 UabjLxU0LAn6nTtU0NzvqrbG0szGlGmoZjdZ9V6p2+8ERGyRoC8OE4KNAUuk881tOUSA dgpw== X-Gm-Message-State: AC+VfDxGt2oY3VmV+WUHK6flxBkpxcdgW2to2GWMUk9jlIsKmrFeKsRn LT6HoSPDwiXcWOn4GBEMuwgca4M51109I8hgQ3Pv80ViIGWSUYzkqMpsn9qqch49HZ0AQYOwQaM qGgccMvwANZ+fUiWvWrM= X-Received: by 2002:a05:6512:3744:b0:4ec:9ef9:e3d with SMTP id a4-20020a056512374400b004ec9ef90e3dmr584537lfs.26.1683103916609; Wed, 03 May 2023 01:51:56 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7gg4av5X822rtZVLUAVe8lkkygabGEWSRqdxCBuGCAzot3kNC76Sn92ME672RYhMYqQiFpHg== X-Received: by 2002:a05:6512:3744:b0:4ec:9ef9:e3d with SMTP id a4-20020a056512374400b004ec9ef90e3dmr584534lfs.26.1683103916372; Wed, 03 May 2023 01:51:56 -0700 (PDT) Received: from localhost.localdomain (c-e6a5e255.022-110-73746f36.bbcust.telenor.se. [85.226.165.230]) by smtp.googlemail.com with ESMTPSA id j6-20020ac24546000000b004ed4fa5f20fsm5907089lfm.25.2023.05.03.01.51.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 May 2023 01:51:55 -0700 (PDT) From: Alexander Larsson To: miklos@szeredi.hu Cc: linux-unionfs@vger.kernel.org, amir73il@gmail.com, ebiggers@kernel.org, tytso@mit.edu, fsverity@lists.linux.dev, Alexander Larsson Subject: [PATCH v2 2/6] ovl: Break out ovl_e_path_real() from ovl_i_path_real() Date: Wed, 3 May 2023 10:51:35 +0200 Message-Id: <86b9adf5b011a17fc51016fa7a66cb8f87578c0e.1683102959.git.alexl@redhat.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com This allows us to get the real path from the ovl_entry in ovl_lookup() before having finished setting up the resulting inode. Signed-off-by: Alexander Larsson Reviewed-by: Amir Goldstein --- fs/overlayfs/overlayfs.h | 2 ++ fs/overlayfs/util.c | 25 ++++++++++++++++++------- 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index c1233eec2d40..6ce1c7906bb9 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -391,6 +391,8 @@ void ovl_path_upper(struct dentry *dentry, struct path *path); void ovl_path_lower(struct dentry *dentry, struct path *path); void ovl_path_lowerdata(struct dentry *dentry, struct path *path); void ovl_i_path_real(struct inode *inode, struct path *path); +void ovl_e_path_real(struct ovl_fs *ofs, struct ovl_entry *oe, + struct dentry *upperdentry, struct path *path); enum ovl_path_type ovl_path_real(struct dentry *dentry, struct path *path); enum ovl_path_type ovl_path_realdata(struct dentry *dentry, struct path *path); struct dentry *ovl_dentry_upper(struct dentry *dentry); diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index e526ab059872..c32252153e5e 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -331,19 +331,30 @@ struct dentry *ovl_i_dentry_upper(struct inode *inode) return ovl_upperdentry_dereference(OVL_I(inode)); } -void ovl_i_path_real(struct inode *inode, struct path *path) -{ - struct ovl_path *lowerpath = ovl_lowerpath(OVL_I_E(inode)); +void ovl_e_path_real(struct ovl_fs *ofs, + struct ovl_entry *oe, + struct dentry *upperdentry, + struct path *path) +{ + if (upperdentry) { + path->dentry = upperdentry; + path->mnt = ovl_upper_mnt(ofs); + } else { + struct ovl_path *lowerpath = ovl_lowerpath(oe); - path->dentry = ovl_i_dentry_upper(inode); - if (!path->dentry) { path->dentry = lowerpath->dentry; path->mnt = lowerpath->layer->mnt; - } else { - path->mnt = ovl_upper_mnt(OVL_FS(inode->i_sb)); } } +void ovl_i_path_real(struct inode *inode, struct path *path) +{ + ovl_e_path_real(OVL_FS(inode->i_sb), + OVL_I_E(inode), + ovl_i_dentry_upper(inode), + path); +} + struct inode *ovl_inode_upper(struct inode *inode) { struct dentry *upperdentry = ovl_i_dentry_upper(inode); From patchwork Wed May 3 08:51:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Larsson X-Patchwork-Id: 13229877 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CD6F7ED2 for ; Wed, 3 May 2023 08:52:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1683103920; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=DuOxmhHvrADxVqyLcYeijglLSxGFgA8WAfOb+tgiEXI=; b=ZIvzK7OabUaix8kWvsG9iwP9neIbLkRQILVCHWRfKUZLTIfJaWeArQtS5gimoX0AxYCXPC 9T8vwjcpE6ZalmepqElJlmWKiRU6BWJSR4/gOQpop2lpkIMRrsfq2PQyX56mH3wdU6Ii/8 y8FAKOofv0wcf2cpnr0e7gBXmbgQWY4= Received: from mail-lj1-f199.google.com (mail-lj1-f199.google.com [209.85.208.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-504-XNn0wzgHP7-5jyyrdlNvmg-1; Wed, 03 May 2023 04:51:59 -0400 X-MC-Unique: XNn0wzgHP7-5jyyrdlNvmg-1 Received: by mail-lj1-f199.google.com with SMTP id 38308e7fff4ca-2a8c3314d18so24112871fa.0 for ; Wed, 03 May 2023 01:51:59 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683103917; x=1685695917; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DuOxmhHvrADxVqyLcYeijglLSxGFgA8WAfOb+tgiEXI=; b=FtiWAVFRs8f3MxQS3DV3rRxyZIyJnfXklVfIWp9ga+v9a9Pr0iu6/vY6o3TaPU2S17 EpMbnAHgXkwkGOWdRkOAwsKzNA3+8xyz8ueaba0xRPO3KX2gPFxn62aroOP8jBEjl9kN y1gMvvbR2I6VPjkFExWuYeVDGDPBKTuVP7vGmr1qG5AJuE0V5hOKGCnQMEKAjiMrdoPf NiGxRvgUkP8plIQP3qk0yAnddofZzJN/fC/Db/xgmfz8X+yf8J7lmdzSN6bqXJf74mGK 1Ms+v5rQcdUD9A7JmdvllC5Vy366+SqGVJTYlNQFkBPEzcp6cqMohlQfOakEU/emZz2j d8zg== X-Gm-Message-State: AC+VfDxOYObL5Qk3LPdId/wUHD6m5Fuxv/VfpBjOukc3RysRlLYgHtDW 8YerPD70xapbjyqVPvOBz9u6bnYwXDg41t8/FQoG8M9vq8zDPS9SrinSuRTuNNU+wu8jhjZj6XY +NzBzEaYY0j/j+zPMoas= X-Received: by 2002:ac2:5a4a:0:b0:4eb:40d4:e0d2 with SMTP id r10-20020ac25a4a000000b004eb40d4e0d2mr685180lfn.38.1683103917773; Wed, 03 May 2023 01:51:57 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5yxUM/3BQQGSn7yGWxkPYM3S0JgZW0405lZebJhguwjx/PTKCM5eqVOOxHUxwVFJOgHb0vvA== X-Received: by 2002:ac2:5a4a:0:b0:4eb:40d4:e0d2 with SMTP id r10-20020ac25a4a000000b004eb40d4e0d2mr685173lfn.38.1683103917595; Wed, 03 May 2023 01:51:57 -0700 (PDT) Received: from localhost.localdomain (c-e6a5e255.022-110-73746f36.bbcust.telenor.se. [85.226.165.230]) by smtp.googlemail.com with ESMTPSA id j6-20020ac24546000000b004ed4fa5f20fsm5907089lfm.25.2023.05.03.01.51.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 May 2023 01:51:56 -0700 (PDT) From: Alexander Larsson To: miklos@szeredi.hu Cc: linux-unionfs@vger.kernel.org, amir73il@gmail.com, ebiggers@kernel.org, tytso@mit.edu, fsverity@lists.linux.dev, Alexander Larsson Subject: [PATCH v2 3/6] ovl: Break out ovl_e_path_lowerdata() from ovl_path_lowerdata() Date: Wed, 3 May 2023 10:51:36 +0200 Message-Id: <53ba3af42c7c9cfeaa7d9557ed2daa9363e6f756.1683102959.git.alexl@redhat.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com This will be needed later when getting the lowerdata path from the ovl_entry in ovl_lookup() before the dentry is set up. Signed-off-by: Alexander Larsson Reviewed-by: Amir Goldstein --- fs/overlayfs/overlayfs.h | 1 + fs/overlayfs/util.c | 9 +++++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index 6ce1c7906bb9..a4867ff97115 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -391,6 +391,7 @@ void ovl_path_upper(struct dentry *dentry, struct path *path); void ovl_path_lower(struct dentry *dentry, struct path *path); void ovl_path_lowerdata(struct dentry *dentry, struct path *path); void ovl_i_path_real(struct inode *inode, struct path *path); +void ovl_e_path_lowerdata(struct ovl_entry *oe, struct path *path); void ovl_e_path_real(struct ovl_fs *ofs, struct ovl_entry *oe, struct dentry *upperdentry, struct path *path); enum ovl_path_type ovl_path_real(struct dentry *dentry, struct path *path); diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index c32252153e5e..74077ef50bb3 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -222,9 +222,9 @@ void ovl_path_lower(struct dentry *dentry, struct path *path) } } -void ovl_path_lowerdata(struct dentry *dentry, struct path *path) +void ovl_e_path_lowerdata(struct ovl_entry *oe, + struct path *path) { - struct ovl_entry *oe = OVL_E(dentry); struct ovl_path *lowerdata = ovl_lowerdata(oe); struct dentry *lowerdata_dentry = ovl_lowerdata_dentry(oe); @@ -242,6 +242,11 @@ void ovl_path_lowerdata(struct dentry *dentry, struct path *path) } } +void ovl_path_lowerdata(struct dentry *dentry, struct path *path) +{ + return ovl_e_path_lowerdata(OVL_E(dentry), path); +} + enum ovl_path_type ovl_path_real(struct dentry *dentry, struct path *path) { enum ovl_path_type type = ovl_path_type(dentry); From patchwork Wed May 3 08:51:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Larsson X-Patchwork-Id: 13229878 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AAEA5746A for ; Wed, 3 May 2023 08:52:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1683103921; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sdx7u9NzvBFxo17qe4jZntH5LGYHyD9J9CTeI+9RRrY=; b=eX7dgfPeWTQAlRaqed+JF4ywbQwwADrh/eHp7isbA2X6Ihp7hrBrrty1CnuA0LK5CqBNhi N7Qg6mX/6/BLEHKl4q3TNqEl+lEi5h6ecBa+8tT4wlBseW44WT6DkqSrwcaKWaLLuuXmgh AeXfbIJVYx1i4reL0rasx0LUkNlPIEs= Received: from mail-lf1-f70.google.com (mail-lf1-f70.google.com [209.85.167.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-642-JlpFMQVdM6Wtk0kCJFDw0A-1; Wed, 03 May 2023 04:52:00 -0400 X-MC-Unique: JlpFMQVdM6Wtk0kCJFDw0A-1 Received: by mail-lf1-f70.google.com with SMTP id 2adb3069b0e04-4edc5526c5eso2852947e87.1 for ; Wed, 03 May 2023 01:52:00 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683103919; x=1685695919; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sdx7u9NzvBFxo17qe4jZntH5LGYHyD9J9CTeI+9RRrY=; b=EtlrF3O2yuY7XtbNl/7U5sXp1/y36EcqdTPuQzUMnyYmNS2Np3yXyTusQ9C/LYVa3O s3FLVJB9FAqsYxsFa/x4BT2dOi+LTVn+ewoMX2lBCCzWIbYPf8gQDPqLxv2Ij//3Tl0m GgLQeDusT9v5O2Ng6tmwyE6oBQvSRJZPeAPKXGj7dGxOAtSXlYEOR0M2r0s3tUF5a/DT VBOTe+MH6B74ncd+FecjjEc/CKmh9WYI/UniHeA/AzlQzZyzYjX7CvssudXgoKKibvz4 2Eg12L2+zJVGD8R6PRFJMhPX/+EIVHJrMIzKpu2TtwWFZnO2cfVHy5EIyifRMJbc6VID eG7Q== X-Gm-Message-State: AC+VfDx5RwF9ZQEW+WMQX8iIkkXeJXy0DhpSjOhip2LrTFSYk9IIPdxQ 3QIK3eAPYnMtRzwA7Q/LHxfqMdiws8w7Oqnk95nHBzf2e+C9S9MLmW1X2gbEGh2byDtEm6M3s72 q8+PXYB1X1QczZxsG7o8= X-Received: by 2002:ac2:43b3:0:b0:4ee:d799:eca with SMTP id t19-20020ac243b3000000b004eed7990ecamr646454lfl.40.1683103918959; Wed, 03 May 2023 01:51:58 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5NIfGVITK5YrtjPJMdUmeYqXZbP+pyGos6sDktBtIEOTasfLZZoGs/ClvSugP6G3AFVZekig== X-Received: by 2002:ac2:43b3:0:b0:4ee:d799:eca with SMTP id t19-20020ac243b3000000b004eed7990ecamr646441lfl.40.1683103918615; Wed, 03 May 2023 01:51:58 -0700 (PDT) Received: from localhost.localdomain (c-e6a5e255.022-110-73746f36.bbcust.telenor.se. [85.226.165.230]) by smtp.googlemail.com with ESMTPSA id j6-20020ac24546000000b004ed4fa5f20fsm5907089lfm.25.2023.05.03.01.51.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 May 2023 01:51:57 -0700 (PDT) From: Alexander Larsson To: miklos@szeredi.hu Cc: linux-unionfs@vger.kernel.org, amir73il@gmail.com, ebiggers@kernel.org, tytso@mit.edu, fsverity@lists.linux.dev, Alexander Larsson Subject: [PATCH v2 4/6] ovl: Add framework for verity support Date: Wed, 3 May 2023 10:51:37 +0200 Message-Id: <0292ade77250a8bb563744f596ecaab5614cbd80.1683102959.git.alexl@redhat.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com This adds the scaffolding (docs, config, mount options) for supporting for a new overlay xattr "overlay.verity", which contains a fs-verity digest. This is used for metacopy files, and the actual fs-verity digest of the lowerdata file needs to match it. The mount option "verity" specifies how this xattrs is handled. If you enable verity it ("verity=on") all existing xattrs are validated before use, and during metacopy we generate verity xattr in the upper metacopy file if the source file has verity enabled. This means later accesses can guarantee that the correct data is used. Additionally you can use "verity=require". In this mode all metacopy files must have a valid verity xattr. For this to work metadata copy-up must be able to create a verity xattr (so that later accesses are validated). Therefore, in this mode, if the lower data file doesn't have fs-verity enabled we fall back to a full copy rather than a metacopy. Actual implementation follows in a separate commit. Signed-off-by: Alexander Larsson Reviewed-by: Amir Goldstein --- Documentation/filesystems/overlayfs.rst | 27 +++++++++ fs/overlayfs/ovl_entry.h | 3 + fs/overlayfs/super.c | 74 ++++++++++++++++++++++++- 3 files changed, 102 insertions(+), 2 deletions(-) diff --git a/Documentation/filesystems/overlayfs.rst b/Documentation/filesystems/overlayfs.rst index bc95343bafba..7e2b445a4139 100644 --- a/Documentation/filesystems/overlayfs.rst +++ b/Documentation/filesystems/overlayfs.rst @@ -407,6 +407,33 @@ when a "metacopy" file in one of the lower layers above it, has a "redirect" to the absolute path of the "lower data" file in the "data-only" lower layer. +fs-verity support +---------------------- + +When metadata copy up is used for a file, then the xattr +"trusted.overlay.verity" may be set on the metacopy file. This +specifies the expected fs-verity digest of the lowerdata file. This +may then be used to verify the content of the source file at the time +the file is opened. During metacopy copy up overlayfs can also set +this xattr. + +This is controlled by the "verity" mount option, which supports +these values: + +- "off": + The verity xattr is never used. This is the default if verity + option is not specified. +- "on": + Whenever a metacopy files specifies an expected digest, the + corresponding data file must match the specified digest. + When generating a metacopy file the verity xattr will be set + from the source file fs-verity digest (if it has one). +- "require": + Same as "on", but additionally all metacopy files must specify a + verity xattr. This means metadata copy up will only be used if + the data file has fs-verity enabled, otherwise a full copy-up is + used. + Sharing and copying layers -------------------------- diff --git a/fs/overlayfs/ovl_entry.h b/fs/overlayfs/ovl_entry.h index c6c7d09b494e..95464a1cb371 100644 --- a/fs/overlayfs/ovl_entry.h +++ b/fs/overlayfs/ovl_entry.h @@ -13,6 +13,9 @@ struct ovl_config { bool redirect_dir; bool redirect_follow; const char *redirect_mode; + bool verity; + bool require_verity; + const char *verity_mode; bool index; bool uuid; bool nfs_export; diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c index c6209592bb3f..a4662883b619 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -244,6 +244,7 @@ static void ovl_free_fs(struct ovl_fs *ofs) kfree(ofs->config.upperdir); kfree(ofs->config.workdir); kfree(ofs->config.redirect_mode); + kfree(ofs->config.verity_mode); if (ofs->creator_cred) put_cred(ofs->creator_cred); kfree(ofs); @@ -334,6 +335,11 @@ static const char *ovl_redirect_mode_def(void) return ovl_redirect_dir_def ? "on" : "off"; } +static const char *ovl_verity_mode_def(void) +{ + return "off"; +} + static const char * const ovl_xino_str[] = { "off", "auto", @@ -383,6 +389,8 @@ static int ovl_show_options(struct seq_file *m, struct dentry *dentry) seq_puts(m, ",volatile"); if (ofs->config.userxattr) seq_puts(m, ",userxattr"); + if (strcmp(ofs->config.verity_mode, ovl_verity_mode_def()) != 0) + seq_printf(m, ",verity=%s", ofs->config.verity_mode); return 0; } @@ -438,6 +446,7 @@ enum { OPT_METACOPY_ON, OPT_METACOPY_OFF, OPT_VOLATILE, + OPT_VERITY, OPT_ERR, }; @@ -460,6 +469,7 @@ static const match_table_t ovl_tokens = { {OPT_METACOPY_ON, "metacopy=on"}, {OPT_METACOPY_OFF, "metacopy=off"}, {OPT_VOLATILE, "volatile"}, + {OPT_VERITY, "verity=%s"}, {OPT_ERR, NULL} }; @@ -509,6 +519,21 @@ static int ovl_parse_redirect_mode(struct ovl_config *config, const char *mode) return 0; } +static int ovl_parse_verity_mode(struct ovl_config *config, const char *mode) +{ + if (strcmp(mode, "on") == 0) { + config->verity = true; + } else if (strcmp(mode, "require") == 0) { + config->verity = true; + config->require_verity = true; + } else if (strcmp(mode, "off") != 0) { + pr_err("bad mount option \"verity=%s\"\n", mode); + return -EINVAL; + } + + return 0; +} + static int ovl_parse_opt(char *opt, struct ovl_config *config) { char *p; @@ -520,6 +545,10 @@ static int ovl_parse_opt(char *opt, struct ovl_config *config) if (!config->redirect_mode) return -ENOMEM; + config->verity_mode = kstrdup(ovl_verity_mode_def(), GFP_KERNEL); + if (!config->verity_mode) + return -ENOMEM; + while ((p = ovl_next_opt(&opt)) != NULL) { int token; substring_t args[MAX_OPT_ARGS]; @@ -620,6 +649,13 @@ static int ovl_parse_opt(char *opt, struct ovl_config *config) config->userxattr = true; break; + case OPT_VERITY: + kfree(config->verity_mode); + config->verity_mode = match_strdup(&args[0]); + if (!config->verity_mode) + return -ENOMEM; + break; + default: pr_err("unrecognized mount option \"%s\" or missing value\n", p); @@ -651,6 +687,22 @@ static int ovl_parse_opt(char *opt, struct ovl_config *config) if (err) return err; + err = ovl_parse_verity_mode(config, config->verity_mode); + if (err) + return err; + + /* Resolve verity -> metacopy dependency */ + if (config->verity && !config->metacopy) { + /* Don't allow explicit specified conflicting combinations */ + if (metacopy_opt) { + pr_err("conflicting options: metacopy=off,verity=%s\n", + config->verity_mode); + return -EINVAL; + } + /* Otherwise automatically enable metacopy. */ + config->metacopy = true; + } + /* * This is to make the logic below simpler. It doesn't make any other * difference, since config->redirect_dir is only used for upper. @@ -665,6 +717,11 @@ static int ovl_parse_opt(char *opt, struct ovl_config *config) config->redirect_mode); return -EINVAL; } + if (config->verity && redirect_opt) { + pr_err("conflicting options: verity=%s,redirect_dir=%s\n", + config->verity_mode, config->redirect_mode); + return -EINVAL; + } if (redirect_opt) { /* * There was an explicit redirect_dir=... that resulted @@ -700,7 +757,7 @@ static int ovl_parse_opt(char *opt, struct ovl_config *config) } } - /* Resolve nfs_export -> !metacopy dependency */ + /* Resolve nfs_export -> !metacopy && !verity dependency */ if (config->nfs_export && config->metacopy) { if (nfs_export_opt && metacopy_opt) { pr_err("conflicting options: nfs_export=on,metacopy=on\n"); @@ -713,6 +770,14 @@ static int ovl_parse_opt(char *opt, struct ovl_config *config) */ pr_info("disabling nfs_export due to metacopy=on\n"); config->nfs_export = false; + } else if (config->verity) { + /* + * There was an explicit verity=.. that resulted + * in this conflict. + */ + pr_info("disabling nfs_export due to verity=%s\n", + config->verity_mode); + config->nfs_export = false; } else { /* * There was an explicit nfs_export=on that resulted @@ -724,7 +789,7 @@ static int ovl_parse_opt(char *opt, struct ovl_config *config) } - /* Resolve userxattr -> !redirect && !metacopy dependency */ + /* Resolve userxattr -> !redirect && !metacopy && !verity dependency */ if (config->userxattr) { if (config->redirect_follow && redirect_opt) { pr_err("conflicting options: userxattr,redirect_dir=%s\n", @@ -735,6 +800,11 @@ static int ovl_parse_opt(char *opt, struct ovl_config *config) pr_err("conflicting options: userxattr,metacopy=on\n"); return -EINVAL; } + if (config->verity) { + pr_err("conflicting options: userxattr,verity=%s\n", + config->verity_mode); + return -EINVAL; + } /* * Silently disable default setting of redirect and metacopy. * This shall be the default in the future as well: these From patchwork Wed May 3 08:51:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Larsson X-Patchwork-Id: 13229879 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 449FEED2 for ; Wed, 3 May 2023 08:52:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1683103923; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=K5qdup0fwptgczVmh6sCNenWbXaOjSYojOY4zcO7poU=; b=OCb8H6KgMzFpTME43JCLQv3VkKBVohXNPDPNG/Pu6+VHuPrgOW8sKWdocWfZAqEJSytB3h z1yVBSBg8TgzDGJW6oSunBVfFwUyyUMtfJkLfApEFBtygqKXWGkLkCfvnn2JgCgYTg9Xod MLkQLq8wDZFtCGjDfnKsV2IkBRcEDuw= Received: from mail-lf1-f69.google.com (mail-lf1-f69.google.com [209.85.167.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-107-ZGGPaGeJPC-WJJnU9geHrw-1; Wed, 03 May 2023 04:52:02 -0400 X-MC-Unique: ZGGPaGeJPC-WJJnU9geHrw-1 Received: by mail-lf1-f69.google.com with SMTP id 2adb3069b0e04-4ecb00906d0so3015681e87.1 for ; Wed, 03 May 2023 01:52:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683103920; x=1685695920; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=K5qdup0fwptgczVmh6sCNenWbXaOjSYojOY4zcO7poU=; b=b5f7f/2PKWDsJxwDDa8uIaX/WIIIpZrsdTAeXXPuVYgPTTch4zPh8rmaipo/6ZQB2g un3P9yyc9tbU+m8tpwlc06AD0UFRaD5AAFQTZab4QAs/zf9F+5tNKtC2pgWwMXSv0qzw i7gjg1TBYopcIo89N00Jtf3+Njfey94kOCSe/0D35eqVFaQSeWpyryqoPgiHQ30Lzry/ dqkav4zahpL7B3sUsHV7enPDrLVznYYLHAB46ahMr+/aaHbEFwZ8qc7GFWxnT7beRfW7 gyq5pS/fXUdtDaQrHhRz6rCgzAZpwpYnUOcYh8Q7iFZeprY388yvRTy4lHb7PTQ7vt1x Lyag== X-Gm-Message-State: AC+VfDxqGjLOyinKn3jwASfWLHP5f4EqDegRpVUct1ah0YkSl/GlQATD Uqs8UIFONBcaFQXpdMxoyP40+ymjJf4/tLReRTB7SPKPNTf+NRbi4F6h5zggHZyg9/hKOwV5+FA 0k0wqR0HI/IBXlEygAxw= X-Received: by 2002:ac2:46cb:0:b0:4ef:efd3:465e with SMTP id p11-20020ac246cb000000b004efefd3465emr641824lfo.31.1683103919850; Wed, 03 May 2023 01:51:59 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ45z3BZBiAEnuPjK5deuoFz5caMwNRweqEbhnVNVdpnrhrMUTg/j8HPBsoiEahc5PqJ/a9yMA== X-Received: by 2002:ac2:46cb:0:b0:4ef:efd3:465e with SMTP id p11-20020ac246cb000000b004efefd3465emr641815lfo.31.1683103919523; Wed, 03 May 2023 01:51:59 -0700 (PDT) Received: from localhost.localdomain (c-e6a5e255.022-110-73746f36.bbcust.telenor.se. [85.226.165.230]) by smtp.googlemail.com with ESMTPSA id j6-20020ac24546000000b004ed4fa5f20fsm5907089lfm.25.2023.05.03.01.51.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 May 2023 01:51:59 -0700 (PDT) From: Alexander Larsson To: miklos@szeredi.hu Cc: linux-unionfs@vger.kernel.org, amir73il@gmail.com, ebiggers@kernel.org, tytso@mit.edu, fsverity@lists.linux.dev, Alexander Larsson Subject: [PATCH v2 5/6] ovl: Validate verity xattr when resolving lowerdata Date: Wed, 3 May 2023 10:51:38 +0200 Message-Id: X-Mailer: git-send-email 2.39.2 In-Reply-To: References: Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com When resolving lowerdata (lazily or non-lazily) we check the overlay.verity xattr on the metadata inode, and if set verify that the source lowerdata inode matches it (according to the verity options enabled). Note that this changes the location of the revert_creds() call in ovl_maybe_lookup_lowerdata() to ensure that we use the mounter creds during the call to ovl_validate_verity() for the possible file access in ovl_ensure_verity_loaded(). Signed-off-by: Alexander Larsson Reviewed-by: Amir Goldstein --- fs/overlayfs/namei.c | 42 +++++++++++++++++- fs/overlayfs/overlayfs.h | 6 +++ fs/overlayfs/util.c | 96 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 142 insertions(+), 2 deletions(-) diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c index 292b8a948f1a..d664ecc93e0f 100644 --- a/fs/overlayfs/namei.c +++ b/fs/overlayfs/namei.c @@ -892,6 +892,7 @@ static int ovl_fix_origin(struct ovl_fs *ofs, struct dentry *dentry, /* Lazy lookup of lowerdata */ int ovl_maybe_lookup_lowerdata(struct dentry *dentry) { + struct ovl_fs *ofs = dentry->d_sb->s_fs_info; struct inode *inode = d_inode(dentry); const char *redirect = ovl_lowerdata_redirect(inode); struct ovl_path datapath = {}; @@ -915,9 +916,25 @@ int ovl_maybe_lookup_lowerdata(struct dentry *dentry) old_cred = ovl_override_creds(dentry->d_sb); err = ovl_lookup_data_layers(dentry, redirect, &datapath); - revert_creds(old_cred); if (err) - goto out_err; + goto out_revert_creds; + + if (ofs->config.verity) { + struct path data = { .mnt = datapath.layer->mnt, .dentry = datapath.dentry, }; + struct path metapath = {}; + + ovl_path_real(dentry, &metapath); + if (!metapath.dentry) { + err = -EIO; + goto out_revert_creds; + } + + err = ovl_validate_verity(ofs, &metapath, &data); + if (err) + goto out_revert_creds; + } + + revert_creds(old_cred); err = ovl_dentry_set_lowerdata(dentry, &datapath); if (err) @@ -929,6 +946,9 @@ int ovl_maybe_lookup_lowerdata(struct dentry *dentry) return err; + out_revert_creds: + revert_creds(old_cred); + out_err: pr_warn_ratelimited("lazy lowerdata lookup failed (%pd2, err=%i)\n", dentry, err); @@ -1187,6 +1207,24 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, ovl_stack_cpy(ovl_lowerstack(oe), stack, ctr); + /* Validate verity of lower-data */ + if (ofs->config.verity && + !d.is_dir && (uppermetacopy || ctr > 1)) { + struct path datapath; + + ovl_e_path_lowerdata(oe, &datapath); + + /* Is NULL for lazy lookup, will be verified later */ + if (datapath.dentry) { + struct path metapath; + + ovl_e_path_real(ofs, oe, upperdentry, &metapath); + err = ovl_validate_verity(ofs, &metapath, &datapath); + if (err < 0) + goto out_free_oe; + } + } + if (upperopaque) ovl_dentry_set_opaque(dentry); diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index a4867ff97115..07475eaae2ca 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -38,6 +38,7 @@ enum ovl_xattr { OVL_XATTR_UPPER, OVL_XATTR_METACOPY, OVL_XATTR_PROTATTR, + OVL_XATTR_VERITY, }; enum ovl_inode_flag { @@ -463,6 +464,11 @@ int ovl_lock_rename_workdir(struct dentry *workdir, struct dentry *upperdir); int ovl_check_metacopy_xattr(struct ovl_fs *ofs, const struct path *path); bool ovl_is_metacopy_dentry(struct dentry *dentry); char *ovl_get_redirect_xattr(struct ovl_fs *ofs, const struct path *path, int padding); +int ovl_get_verity_xattr(struct ovl_fs *ofs, const struct path *path, + u8 *digest_buf, int *buf_length); +int ovl_validate_verity(struct ovl_fs *ofs, + struct path *metapath, + struct path *datapath); int ovl_sync_status(struct ovl_fs *ofs); static inline void ovl_set_flag(unsigned long flag, struct inode *inode) diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index 74077ef50bb3..ee296614bd73 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -10,7 +10,9 @@ #include #include #include +#include #include +#include #include #include #include @@ -720,6 +722,7 @@ bool ovl_path_check_dir_xattr(struct ovl_fs *ofs, const struct path *path, #define OVL_XATTR_UPPER_POSTFIX "upper" #define OVL_XATTR_METACOPY_POSTFIX "metacopy" #define OVL_XATTR_PROTATTR_POSTFIX "protattr" +#define OVL_XATTR_VERITY_POSTFIX "verity" #define OVL_XATTR_TAB_ENTRY(x) \ [x] = { [false] = OVL_XATTR_TRUSTED_PREFIX x ## _POSTFIX, \ @@ -734,6 +737,7 @@ const char *const ovl_xattr_table[][2] = { OVL_XATTR_TAB_ENTRY(OVL_XATTR_UPPER), OVL_XATTR_TAB_ENTRY(OVL_XATTR_METACOPY), OVL_XATTR_TAB_ENTRY(OVL_XATTR_PROTATTR), + OVL_XATTR_TAB_ENTRY(OVL_XATTR_VERITY), }; int ovl_check_setxattr(struct ovl_fs *ofs, struct dentry *upperdentry, @@ -1166,6 +1170,98 @@ char *ovl_get_redirect_xattr(struct ovl_fs *ofs, const struct path *path, int pa return ERR_PTR(res); } +int ovl_get_verity_xattr(struct ovl_fs *ofs, const struct path *path, + u8 *digest_buf, int *buf_length) +{ + int res; + + res = ovl_path_getxattr(ofs, path, OVL_XATTR_VERITY, digest_buf, *buf_length); + if (res == -ENODATA || res == -EOPNOTSUPP) + return -ENODATA; + if (res < 0) { + pr_warn_ratelimited("failed to get digest (%i)\n", res); + return res; + } + + *buf_length = res; + return 0; +} + +/* Call with mounter creds as it may open the file */ +static int ovl_ensure_verity_loaded(struct path *datapath) +{ + struct inode *inode = d_inode(datapath->dentry); + const struct fsverity_info *vi; + struct file *filp; + + vi = fsverity_get_info(inode); + if (vi == NULL && IS_VERITY(inode)) { + /* + * If this inode was not yet opened, the verity info hasn't been + * loaded yet, so we need to do that here to force it into memory. + * We use open_with_fake_path to avoid ENFILE. + */ + filp = open_with_fake_path(datapath, O_RDONLY, inode, current_cred()); + if (IS_ERR(filp)) + return PTR_ERR(filp); + fput(filp); + } + + return 0; +} + +int ovl_validate_verity(struct ovl_fs *ofs, + struct path *metapath, + struct path *datapath) +{ + u8 xattr_data[1+FS_VERITY_MAX_DIGEST_SIZE]; + u8 actual_digest[FS_VERITY_MAX_DIGEST_SIZE]; + enum hash_algo verity_algo; + int xattr_len; + int err; + + if (!ofs->config.verity || + /* Verity only works on regular files */ + !S_ISREG(d_inode(metapath->dentry)->i_mode)) + return 0; + + xattr_len = sizeof(xattr_data); + err = ovl_get_verity_xattr(ofs, metapath, xattr_data, &xattr_len); + if (err == -ENODATA) { + if (ofs->config.require_verity) { + pr_warn_ratelimited("metacopy file '%pd' has no overlay.verity xattr\n", + metapath->dentry); + return -EIO; + } + return 0; + } + if (err < 0) + return err; + + err = ovl_ensure_verity_loaded(datapath); + if (err < 0) { + pr_warn_ratelimited("lower file '%pd' failed to load fs-verity info\n", + datapath->dentry); + return -EIO; + } + + err = fsverity_get_digest(d_inode(datapath->dentry), actual_digest, &verity_algo); + if (err < 0) { + pr_warn_ratelimited("lower file '%pd' has no fs-verity digest\n", datapath->dentry); + return -EIO; + } + + if (xattr_len != 1 + hash_digest_size[verity_algo] || + xattr_data[0] != (u8) verity_algo || + memcmp(xattr_data+1, actual_digest, xattr_len - 1) != 0) { + pr_warn_ratelimited("lower file '%pd' has the wrong fs-verity digest\n", + datapath->dentry); + return -EIO; + } + + return 0; +} + /* * ovl_sync_status() - Check fs sync status for volatile mounts * From patchwork Wed May 3 08:51:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Larsson X-Patchwork-Id: 13229880 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D8D50746A for ; Wed, 3 May 2023 08:52:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1683103923; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XcZpe9ed/2DgEtdKmYSxZXm5GbtnSqwudyk8sYUYNa8=; b=MN0swA+GnJsSgzE3ccngM5yOmq40umICY18SmAZuER3u2BaG6j+1VTd30vvotAE95mY1So CF60Hu0+ydymVIKt577ixVoa3dvMYzuLu9IAn4HRNeHYbVtNahawf8jMNQ25bmBrScdZ50 cgd0E4rSySgXIYDxiVkOQ18ZeWPmMyA= Received: from mail-lf1-f70.google.com (mail-lf1-f70.google.com [209.85.167.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-126-slH5fSj5P5GKDgPv4ShqBA-1; Wed, 03 May 2023 04:52:02 -0400 X-MC-Unique: slH5fSj5P5GKDgPv4ShqBA-1 Received: by mail-lf1-f70.google.com with SMTP id 2adb3069b0e04-4edc7406cb5so3092296e87.3 for ; Wed, 03 May 2023 01:52:02 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683103920; x=1685695920; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XcZpe9ed/2DgEtdKmYSxZXm5GbtnSqwudyk8sYUYNa8=; b=IFVPqcox9TTOPcYVs93nuSWMAIRlV0wDXM2kAZvZOfupfhYqLP42V6Cr+Xe/eLP5zm D0WDvPZVZ5uuCW4fOhFAe/zbkmfE7Es0DfA4QsjDFpgoX4lS0ehv17RvvQ9coc4fpoW1 V0ItfuO0ComMRBDOlBeWRQO73bBwQdD6YoV4eMcjpRyd9E9iVRJlB1L4SEolm9QmPphG O4Ow0QqD5Iz2DDniMmR0B1k2FxXwDzWQot0kLbSaqrNN9jXPAWPHhDxrw8Jjv37OpQoE ifWyVGqGRnUyf3f8tzaZPfJVjJ+oORXm8I/CQC8UBXhqTTyQlX6J7fuSsrUAfYV4Bv69 FPdA== X-Gm-Message-State: AC+VfDwFIOlb8+oY1gi9NEaV9yZL9/RSPT8h3XWMkYQscO1SXUWtMbif yiuF5CYgn/ju8pPUkWT6umIBSgSe3iiBDuzXYwjQ2yo9gI6OuZTlj/rtXj7I35ak+d/dHEp3BjQ yQi42Wv7KUIq07n9g87J/9l6rBKs= X-Received: by 2002:ac2:50d9:0:b0:4e7:4a3c:697 with SMTP id h25-20020ac250d9000000b004e74a3c0697mr782105lfm.38.1683103920542; Wed, 03 May 2023 01:52:00 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ55En8e7OtdlbEsGEP0e/C2sTHWVsKpOrmye9Vk8xtDyMKlu69mVOHIlm0te4cEtTwOBD45lg== X-Received: by 2002:ac2:50d9:0:b0:4e7:4a3c:697 with SMTP id h25-20020ac250d9000000b004e74a3c0697mr782098lfm.38.1683103920355; Wed, 03 May 2023 01:52:00 -0700 (PDT) Received: from localhost.localdomain (c-e6a5e255.022-110-73746f36.bbcust.telenor.se. [85.226.165.230]) by smtp.googlemail.com with ESMTPSA id j6-20020ac24546000000b004ed4fa5f20fsm5907089lfm.25.2023.05.03.01.51.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 May 2023 01:51:59 -0700 (PDT) From: Alexander Larsson To: miklos@szeredi.hu Cc: linux-unionfs@vger.kernel.org, amir73il@gmail.com, ebiggers@kernel.org, tytso@mit.edu, fsverity@lists.linux.dev, Alexander Larsson Subject: [PATCH v2 6/6] ovl: Handle verity during copy-up Date: Wed, 3 May 2023 10:51:39 +0200 Message-Id: X-Mailer: git-send-email 2.39.2 In-Reply-To: References: Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com During regular metacopy, if lowerdata file has fs-verity enabled, set the new overlay.verity xattr (if enabled). During real data copy up, remove any old overlay.verity xattr. If verity is required, and lowerdata does not have fs-verity enabled, fall back to full copy-up (or the generated metacopy would not validate). Signed-off-by: Alexander Larsson Reviewed-by: Amir Goldstein --- fs/overlayfs/copy_up.c | 31 +++++++++++++++++++++++++++++++ fs/overlayfs/overlayfs.h | 3 +++ fs/overlayfs/util.c | 39 ++++++++++++++++++++++++++++++++++++++- 3 files changed, 72 insertions(+), 1 deletion(-) diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index eb266fb68730..e25bdc2baef3 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -19,6 +19,7 @@ #include #include #include +#include #include "overlayfs.h" #define OVL_COPY_UP_CHUNK_SIZE (1 << 20) @@ -644,6 +645,18 @@ static int ovl_copy_up_metadata(struct ovl_copy_up_ctx *c, struct dentry *temp) if (c->metacopy) { err = ovl_check_setxattr(ofs, temp, OVL_XATTR_METACOPY, NULL, 0, -EOPNOTSUPP); + + /* Copy the verity digest if any so we can validate the copy-up later */ + if (!err) { + struct path lowerdatapath; + + ovl_path_lowerdata(c->dentry, &lowerdatapath); + if (WARN_ON_ONCE(lowerdatapath.dentry == NULL)) + err = -EIO; + else + err = ovl_set_verity_xattr_from(ofs, temp, &lowerdatapath); + } + if (err) return err; } @@ -919,6 +932,19 @@ static bool ovl_need_meta_copy_up(struct dentry *dentry, umode_t mode, if (flags && ((OPEN_FMODE(flags) & FMODE_WRITE) || (flags & O_TRUNC))) return false; + /* Fall back to full copy if no fsverity on source data and we require verity */ + if (ofs->config.require_verity) { + struct path lowerdata; + + ovl_path_lowerdata(dentry, &lowerdata); + + if (WARN_ON_ONCE(lowerdata.dentry == NULL) || + ovl_ensure_verity_loaded(&lowerdata) || + !fsverity_get_info(d_inode(lowerdata.dentry))) { + return false; + } + } + return true; } @@ -985,6 +1011,11 @@ static int ovl_copy_up_meta_inode_data(struct ovl_copy_up_ctx *c) if (err) goto out_free; + err = ovl_removexattr(ofs, upperpath.dentry, OVL_XATTR_VERITY); + if (err && err != -ENODATA) + goto out_free; + + err = 0; ovl_set_upperdata(d_inode(c->dentry)); out_free: kfree(capability); diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index 07475eaae2ca..1cc3c8df3a4d 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -464,11 +464,14 @@ int ovl_lock_rename_workdir(struct dentry *workdir, struct dentry *upperdir); int ovl_check_metacopy_xattr(struct ovl_fs *ofs, const struct path *path); bool ovl_is_metacopy_dentry(struct dentry *dentry); char *ovl_get_redirect_xattr(struct ovl_fs *ofs, const struct path *path, int padding); +int ovl_ensure_verity_loaded(struct path *path); int ovl_get_verity_xattr(struct ovl_fs *ofs, const struct path *path, u8 *digest_buf, int *buf_length); int ovl_validate_verity(struct ovl_fs *ofs, struct path *metapath, struct path *datapath); +int ovl_set_verity_xattr_from(struct ovl_fs *ofs, struct dentry *dst, + struct path *src); int ovl_sync_status(struct ovl_fs *ofs); static inline void ovl_set_flag(unsigned long flag, struct inode *inode) diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index ee296614bd73..733871775b80 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -1188,7 +1188,7 @@ int ovl_get_verity_xattr(struct ovl_fs *ofs, const struct path *path, } /* Call with mounter creds as it may open the file */ -static int ovl_ensure_verity_loaded(struct path *datapath) +int ovl_ensure_verity_loaded(struct path *datapath) { struct inode *inode = d_inode(datapath->dentry); const struct fsverity_info *vi; @@ -1262,6 +1262,43 @@ int ovl_validate_verity(struct ovl_fs *ofs, return 0; } +int ovl_set_verity_xattr_from(struct ovl_fs *ofs, struct dentry *dst, + struct path *src) +{ + int err; + u8 src_digest[1+FS_VERITY_MAX_DIGEST_SIZE]; + enum hash_algo verity_algo; + + if (!ofs->config.verity || !S_ISREG(d_inode(dst)->i_mode)) + return 0; + + err = -EIO; + if (src) { + err = ovl_ensure_verity_loaded(src); + if (err < 0) { + pr_warn_ratelimited("lower file '%pd' failed to load fs-verity info\n", + src->dentry); + return -EIO; + } + + err = fsverity_get_digest(d_inode(src->dentry), src_digest + 1, &verity_algo); + } + if (err == -ENODATA) { + if (ofs->config.require_verity) { + pr_warn_ratelimited("lower file '%pd' has no fs-verity digest\n", + src->dentry); + return -EIO; + } + return 0; + } + if (err < 0) + return err; + + src_digest[0] = (u8)verity_algo; + return ovl_check_setxattr(ofs, dst, OVL_XATTR_VERITY, + src_digest, 1 + hash_digest_size[verity_algo], -EOPNOTSUPP); +} + /* * ovl_sync_status() - Check fs sync status for volatile mounts *