From patchwork Fri Oct 6 18:48:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411880 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AB476E92FE4 for ; Fri, 6 Oct 2023 18:53:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233222AbjJFSxr (ORCPT ); Fri, 6 Oct 2023 14:53:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59040 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233110AbjJFSxq (ORCPT ); Fri, 6 Oct 2023 14:53:46 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 38D43C2 for ; Fri, 6 Oct 2023 11:52:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618343; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ktbSkcxQ2MopqhRASA9Ckw22XP9yki7f3Ov+tcO2rNo=; b=aFRefZ8NbV9ZwdBERd7Q1BAS90tTLo86vsOsNoaldxcn2UqvgVXvAf1K8O7lTIKhzVZGTC Ri7FIW31V5d+XBO7Q1M0zOFx2dHdT+ydY4hoDEExk0PYIrfKMsJfS3ufr+6GNAcrmgUuh1 hnQHvSuXV6x1hPOk1KmX3CSjDctF0no= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-423-O0LuG8C8MEKa1wF9kCuw3g-1; Fri, 06 Oct 2023 14:52:22 -0400 X-MC-Unique: O0LuG8C8MEKa1wF9kCuw3g-1 Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-9b98bbf130cso207014466b.2 for ; Fri, 06 Oct 2023 11:52:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618340; x=1697223140; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ktbSkcxQ2MopqhRASA9Ckw22XP9yki7f3Ov+tcO2rNo=; b=PNQAM9iOEL0mULaGmqMVcI4myYHVOaOxXfXrNItgWvuCPNFOsOG1Vg5XX/VovOD+Vm icoGOn/pQ3OZ/pNJwfJctxwcAqD52v0hHSudiQ9Yy/ebNC7lzwkdCFhs0/3VaVWrCCmX maNQuAX+FsiGQgMMp0xWicabFJHDA6rJTti2qzZa/v1vecqrmQXieIqmBjVjjVqKLIC3 xRy5H7XiA2tzV7IZmoBGy/VvGDudI8HTqafPRNJjzxxdSBolEAH4pYQH103EWAONbUnQ UXxE0GN0gJ+B+Wvv2A+79g6dQc3Ai7vUuKTAfWHSLSo4v+z4cmtXKXwRWTVhu7cGUe7O SdAQ== X-Gm-Message-State: AOJu0Yy1yJDGczCv/6VJZ1BfIg6vIa9gCXt/aLXbTrK9ornNdkjIMiX4 69FnJSO2O15AeHDYyKoeEsRB6cffpK+/8Y3cPg3TGl3kdDb4ahIEr72NmI2zn0rIb8rw3qjSAt2 X+WPTRWe6t6IGhQ2/8XHz3Ll03oyd3AdQHpNdetkJom7AbzzjDkfgprStK0D+LJFPe/H8bnpc4J r1Rog= X-Received: by 2002:a17:906:7389:b0:9a5:b878:7336 with SMTP id f9-20020a170906738900b009a5b8787336mr9458393ejl.7.1696618339638; Fri, 06 Oct 2023 11:52:19 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF8lxCo4QwcGyHuut/Kl0nJ04gFPevq0GQQoylmYhEvfcxf5ro/6Re6/UX6v05VxDmigGzCCw== X-Received: by 2002:a17:906:7389:b0:9a5:b878:7336 with SMTP id f9-20020a170906738900b009a5b8787336mr9458373ejl.7.1696618339243; Fri, 06 Oct 2023 11:52:19 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:18 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Allison Henderson Subject: [PATCH v3 01/28] xfs: Add new name to attri/d Date: Fri, 6 Oct 2023 20:48:55 +0200 Message-Id: <20231006184922.252188-2-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org From: Allison Henderson This patch adds two new fields to the atti/d. They are nname and nnamelen. This will be used for parent pointer updates since a rename operation may cause the parent pointer to update both the name and value. So we need to carry both the new name as well as the target name in the attri/d. Signed-off-by: Allison Henderson Reviewed-by: Darrick J. Wong --- fs/xfs/libxfs/xfs_attr.c | 12 ++- fs/xfs/libxfs/xfs_attr.h | 4 +- fs/xfs/libxfs/xfs_da_btree.h | 2 + fs/xfs/libxfs/xfs_log_format.h | 6 +- fs/xfs/xfs_attr_item.c | 135 +++++++++++++++++++++++++++------ fs/xfs/xfs_attr_item.h | 1 + 6 files changed, 133 insertions(+), 27 deletions(-) diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c index e28d93d232de..b1dbed7655e8 100644 --- a/fs/xfs/libxfs/xfs_attr.c +++ b/fs/xfs/libxfs/xfs_attr.c @@ -423,6 +423,12 @@ xfs_attr_complete_op( args->op_flags &= ~XFS_DA_OP_REPLACE; if (do_replace) { args->attr_filter &= ~XFS_ATTR_INCOMPLETE; + if (args->new_namelen > 0) { + args->name = args->new_name; + args->namelen = args->new_namelen; + args->hashval = xfs_da_hashname(args->name, + args->namelen); + } return replace_state; } return XFS_DAS_DONE; @@ -922,9 +928,13 @@ xfs_attr_defer_replace( struct xfs_da_args *args) { struct xfs_attr_intent *new; + int op_flag; int error = 0; - error = xfs_attr_intent_init(args, XFS_ATTRI_OP_FLAGS_REPLACE, &new); + op_flag = args->new_namelen == 0 ? XFS_ATTRI_OP_FLAGS_REPLACE : + XFS_ATTRI_OP_FLAGS_NVREPLACE; + + error = xfs_attr_intent_init(args, op_flag, &new); if (error) return error; diff --git a/fs/xfs/libxfs/xfs_attr.h b/fs/xfs/libxfs/xfs_attr.h index 81be9b3e4004..3e81f3f48560 100644 --- a/fs/xfs/libxfs/xfs_attr.h +++ b/fs/xfs/libxfs/xfs_attr.h @@ -510,8 +510,8 @@ struct xfs_attr_intent { struct xfs_da_args *xattri_da_args; /* - * Shared buffer containing the attr name and value so that the logging - * code can share large memory buffers between log items. + * Shared buffer containing the attr name, new name, and value so that + * the logging code can share large memory buffers between log items. */ struct xfs_attri_log_nameval *xattri_nameval; diff --git a/fs/xfs/libxfs/xfs_da_btree.h b/fs/xfs/libxfs/xfs_da_btree.h index ffa3df5b2893..a4b29827603f 100644 --- a/fs/xfs/libxfs/xfs_da_btree.h +++ b/fs/xfs/libxfs/xfs_da_btree.h @@ -55,7 +55,9 @@ enum xfs_dacmp { typedef struct xfs_da_args { struct xfs_da_geometry *geo; /* da block geometry */ const uint8_t *name; /* string (maybe not NULL terminated) */ + const uint8_t *new_name; /* new attr name */ int namelen; /* length of string (maybe no NULL) */ + int new_namelen; /* new attr name len */ uint8_t filetype; /* filetype of inode for directories */ void *value; /* set of bytes (maybe contain NULLs) */ int valuelen; /* length of value */ diff --git a/fs/xfs/libxfs/xfs_log_format.h b/fs/xfs/libxfs/xfs_log_format.h index 269573c82808..82f910b857b7 100644 --- a/fs/xfs/libxfs/xfs_log_format.h +++ b/fs/xfs/libxfs/xfs_log_format.h @@ -117,7 +117,8 @@ struct xfs_unmount_log_format { #define XLOG_REG_TYPE_ATTRD_FORMAT 28 #define XLOG_REG_TYPE_ATTR_NAME 29 #define XLOG_REG_TYPE_ATTR_VALUE 30 -#define XLOG_REG_TYPE_MAX 30 +#define XLOG_REG_TYPE_ATTR_NNAME 31 +#define XLOG_REG_TYPE_MAX 31 /* @@ -964,6 +965,7 @@ struct xfs_icreate_log { #define XFS_ATTRI_OP_FLAGS_SET 1 /* Set the attribute */ #define XFS_ATTRI_OP_FLAGS_REMOVE 2 /* Remove the attribute */ #define XFS_ATTRI_OP_FLAGS_REPLACE 3 /* Replace the attribute */ +#define XFS_ATTRI_OP_FLAGS_NVREPLACE 4 /* Replace attr name and val */ #define XFS_ATTRI_OP_FLAGS_TYPE_MASK 0xFF /* Flags type mask */ /* @@ -981,7 +983,7 @@ struct xfs_icreate_log { struct xfs_attri_log_format { uint16_t alfi_type; /* attri log item type */ uint16_t alfi_size; /* size of this item */ - uint32_t __pad; /* pad to 64 bit aligned */ + uint32_t alfi_nname_len; /* attr new name length */ uint64_t alfi_id; /* attri identifier */ uint64_t alfi_ino; /* the inode for this attr operation */ uint32_t alfi_op_flags; /* marks the op as a set or remove */ diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index 36fe2abb16e6..97ee9d89b5b8 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -75,6 +75,8 @@ static inline struct xfs_attri_log_nameval * xfs_attri_log_nameval_alloc( const void *name, unsigned int name_len, + const void *nname, + unsigned int nname_len, const void *value, unsigned int value_len) { @@ -85,15 +87,25 @@ xfs_attri_log_nameval_alloc( * this. But kvmalloc() utterly sucks, so we use our own version. */ nv = xlog_kvmalloc(sizeof(struct xfs_attri_log_nameval) + - name_len + value_len); + name_len + nname_len + value_len); nv->name.i_addr = nv + 1; nv->name.i_len = name_len; nv->name.i_type = XLOG_REG_TYPE_ATTR_NAME; memcpy(nv->name.i_addr, name, name_len); + if (nname_len) { + nv->nname.i_addr = nv->name.i_addr + name_len; + nv->nname.i_len = nname_len; + memcpy(nv->nname.i_addr, nname, nname_len); + } else { + nv->nname.i_addr = NULL; + nv->nname.i_len = 0; + } + nv->nname.i_type = XLOG_REG_TYPE_ATTR_NNAME; + if (value_len) { - nv->value.i_addr = nv->name.i_addr + name_len; + nv->value.i_addr = nv->name.i_addr + nname_len + name_len; nv->value.i_len = value_len; memcpy(nv->value.i_addr, value, value_len); } else { @@ -147,11 +159,15 @@ xfs_attri_item_size( *nbytes += sizeof(struct xfs_attri_log_format) + xlog_calc_iovec_len(nv->name.i_len); - if (!nv->value.i_len) - return; + if (nv->nname.i_len) { + *nvecs += 1; + *nbytes += xlog_calc_iovec_len(nv->nname.i_len); + } - *nvecs += 1; - *nbytes += xlog_calc_iovec_len(nv->value.i_len); + if (nv->value.i_len) { + *nvecs += 1; + *nbytes += xlog_calc_iovec_len(nv->value.i_len); + } } /* @@ -181,6 +197,9 @@ xfs_attri_item_format( ASSERT(nv->name.i_len > 0); attrip->attri_format.alfi_size++; + if (nv->nname.i_len > 0) + attrip->attri_format.alfi_size++; + if (nv->value.i_len > 0) attrip->attri_format.alfi_size++; @@ -188,6 +207,10 @@ xfs_attri_item_format( &attrip->attri_format, sizeof(struct xfs_attri_log_format)); xlog_copy_from_iovec(lv, &vecp, &nv->name); + + if (nv->nname.i_len > 0) + xlog_copy_from_iovec(lv, &vecp, &nv->nname); + if (nv->value.i_len > 0) xlog_copy_from_iovec(lv, &vecp, &nv->value); } @@ -374,6 +397,7 @@ xfs_attr_log_item( attrp->alfi_op_flags = attr->xattri_op_flags; attrp->alfi_value_len = attr->xattri_nameval->value.i_len; attrp->alfi_name_len = attr->xattri_nameval->name.i_len; + attrp->alfi_nname_len = attr->xattri_nameval->nname.i_len; ASSERT(!(attr->xattri_da_args->attr_filter & ~XFS_ATTRI_FILTER_MASK)); attrp->alfi_attr_filter = attr->xattri_da_args->attr_filter; } @@ -415,7 +439,8 @@ xfs_attr_create_intent( * deferred work state structure. */ attr->xattri_nameval = xfs_attri_log_nameval_alloc(args->name, - args->namelen, args->value, args->valuelen); + args->namelen, args->new_name, + args->new_namelen, args->value, args->valuelen); } attrip = xfs_attri_init(mp, attr->xattri_nameval); @@ -503,7 +528,8 @@ xfs_attri_validate( unsigned int op = attrp->alfi_op_flags & XFS_ATTRI_OP_FLAGS_TYPE_MASK; - if (attrp->__pad != 0) + if (attrp->alfi_op_flags != XFS_ATTRI_OP_FLAGS_NVREPLACE && + attrp->alfi_nname_len != 0) return false; if (attrp->alfi_op_flags & ~XFS_ATTRI_OP_FLAGS_TYPE_MASK) @@ -517,6 +543,7 @@ xfs_attri_validate( case XFS_ATTRI_OP_FLAGS_SET: case XFS_ATTRI_OP_FLAGS_REPLACE: case XFS_ATTRI_OP_FLAGS_REMOVE: + case XFS_ATTRI_OP_FLAGS_NVREPLACE: break; default: return false; @@ -526,9 +553,14 @@ xfs_attri_validate( return false; if ((attrp->alfi_name_len > XATTR_NAME_MAX) || + (attrp->alfi_nname_len > XATTR_NAME_MAX) || (attrp->alfi_name_len == 0)) return false; + if (op == XFS_ATTRI_OP_FLAGS_REMOVE && + attrp->alfi_value_len != 0) + return false; + return xfs_verify_ino(mp, attrp->alfi_ino); } @@ -589,6 +621,8 @@ xfs_attri_item_recover( args->whichfork = XFS_ATTR_FORK; args->name = nv->name.i_addr; args->namelen = nv->name.i_len; + args->new_name = nv->nname.i_addr; + args->new_namelen = nv->nname.i_len; args->hashval = xfs_da_hashname(args->name, args->namelen); args->attr_filter = attrp->alfi_attr_filter & XFS_ATTRI_FILTER_MASK; args->op_flags = XFS_DA_OP_RECOVERY | XFS_DA_OP_OKNOENT | @@ -599,6 +633,7 @@ xfs_attri_item_recover( switch (attr->xattri_op_flags) { case XFS_ATTRI_OP_FLAGS_SET: case XFS_ATTRI_OP_FLAGS_REPLACE: + case XFS_ATTRI_OP_FLAGS_NVREPLACE: args->value = nv->value.i_addr; args->valuelen = nv->value.i_len; args->total = xfs_attr_calc_size(args, &local); @@ -689,6 +724,7 @@ xfs_attri_item_relog( new_attrp->alfi_op_flags = old_attrp->alfi_op_flags; new_attrp->alfi_value_len = old_attrp->alfi_value_len; new_attrp->alfi_name_len = old_attrp->alfi_name_len; + new_attrp->alfi_nname_len = old_attrp->alfi_nname_len; new_attrp->alfi_attr_filter = old_attrp->alfi_attr_filter; xfs_trans_add_item(tp, &new_attrip->attri_item); @@ -711,48 +747,102 @@ xlog_recover_attri_commit_pass2( const void *attr_value = NULL; const void *attr_name; size_t len; - - attri_formatp = item->ri_buf[0].i_addr; - attr_name = item->ri_buf[1].i_addr; + const void *attr_nname = NULL; + int op, i = 0; /* Validate xfs_attri_log_format before the large memory allocation */ len = sizeof(struct xfs_attri_log_format); - if (item->ri_buf[0].i_len != len) { + if (item->ri_buf[i].i_len != len) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, - item->ri_buf[0].i_addr, item->ri_buf[0].i_len); + item->ri_buf[i].i_addr, item->ri_buf[i].i_len); return -EFSCORRUPTED; } + attri_formatp = item->ri_buf[i].i_addr; if (!xfs_attri_validate(mp, attri_formatp)) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, - item->ri_buf[0].i_addr, item->ri_buf[0].i_len); + item->ri_buf[i].i_addr, item->ri_buf[i].i_len); return -EFSCORRUPTED; } + op = attri_formatp->alfi_op_flags & XFS_ATTRI_OP_FLAGS_TYPE_MASK; + switch (op) { + case XFS_ATTRI_OP_FLAGS_SET: + case XFS_ATTRI_OP_FLAGS_REPLACE: + if (item->ri_total != 3) { + XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, + attri_formatp, len); + return -EFSCORRUPTED; + } + break; + case XFS_ATTRI_OP_FLAGS_REMOVE: + if (item->ri_total != 2) { + XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, + attri_formatp, len); + return -EFSCORRUPTED; + } + break; + case XFS_ATTRI_OP_FLAGS_NVREPLACE: + if (item->ri_total != 4) { + XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, + attri_formatp, len); + return -EFSCORRUPTED; + } + break; + default: + XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, + attri_formatp, len); + return -EFSCORRUPTED; + } + + i++; /* Validate the attr name */ - if (item->ri_buf[1].i_len != + if (item->ri_buf[i].i_len != xlog_calc_iovec_len(attri_formatp->alfi_name_len)) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, - item->ri_buf[0].i_addr, item->ri_buf[0].i_len); + attri_formatp, len); return -EFSCORRUPTED; } + attr_name = item->ri_buf[i].i_addr; if (!xfs_attr_namecheck(attr_name, attri_formatp->alfi_name_len)) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, - item->ri_buf[1].i_addr, item->ri_buf[1].i_len); + item->ri_buf[i].i_addr, item->ri_buf[i].i_len); return -EFSCORRUPTED; } + i++; + if (attri_formatp->alfi_nname_len) { + /* Validate the attr nname */ + if (item->ri_buf[i].i_len != + xlog_calc_iovec_len(attri_formatp->alfi_nname_len)) { + XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, + item->ri_buf[i].i_addr, + item->ri_buf[i].i_len); + return -EFSCORRUPTED; + } + + attr_nname = item->ri_buf[i].i_addr; + if (!xfs_attr_namecheck(attr_nname, + attri_formatp->alfi_nname_len)) { + XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, + item->ri_buf[i].i_addr, + item->ri_buf[i].i_len); + return -EFSCORRUPTED; + } + i++; + } + + /* Validate the attr value, if present */ if (attri_formatp->alfi_value_len != 0) { - if (item->ri_buf[2].i_len != xlog_calc_iovec_len(attri_formatp->alfi_value_len)) { + if (item->ri_buf[i].i_len != xlog_calc_iovec_len(attri_formatp->alfi_value_len)) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, - item->ri_buf[0].i_addr, - item->ri_buf[0].i_len); + attri_formatp, len); return -EFSCORRUPTED; } - attr_value = item->ri_buf[2].i_addr; + attr_value = item->ri_buf[i].i_addr; } /* @@ -761,7 +851,8 @@ xlog_recover_attri_commit_pass2( * reference. */ nv = xfs_attri_log_nameval_alloc(attr_name, - attri_formatp->alfi_name_len, attr_value, + attri_formatp->alfi_name_len, attr_nname, + attri_formatp->alfi_nname_len, attr_value, attri_formatp->alfi_value_len); attrip = xfs_attri_init(mp, nv); diff --git a/fs/xfs/xfs_attr_item.h b/fs/xfs/xfs_attr_item.h index 3280a7930287..24d4968dd6cc 100644 --- a/fs/xfs/xfs_attr_item.h +++ b/fs/xfs/xfs_attr_item.h @@ -13,6 +13,7 @@ struct kmem_zone; struct xfs_attri_log_nameval { struct xfs_log_iovec name; + struct xfs_log_iovec nname; struct xfs_log_iovec value; refcount_t refcount; From patchwork Fri Oct 6 18:48:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411889 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3AFCAE92FE4 for ; Fri, 6 Oct 2023 18:54:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233341AbjJFSym (ORCPT ); Fri, 6 Oct 2023 14:54:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59068 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233309AbjJFSyg (ORCPT ); Fri, 6 Oct 2023 14:54:36 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BEE95F7 for ; Fri, 6 Oct 2023 11:52:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618353; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=yqD7XG8yS+x+6YJihiZLALF5OEXtH53Z7avMNl6axyM=; b=Rk8vr5rw6M2SXsoix/cwZU0J09V6rfC7SIRZ1TEEbUYFKxRAXQTVvrXG8xOgMZ8h2blC4o 5y6BUcDE2/Rm42vc9l+bGY7ICCvg3Xo5KPbRz3wx/pu5CjgPKxlgqEtdX5M5Zmd2NtPeDu PbDTfsUyWeMzAeTDEaTna53nCxpXsDk= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-314-1x9u9w67MEW_lutW3uhU8g-1; Fri, 06 Oct 2023 14:52:21 -0400 X-MC-Unique: 1x9u9w67MEW_lutW3uhU8g-1 Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-9b2c1159b0aso206668766b.3 for ; Fri, 06 Oct 2023 11:52:21 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618340; x=1697223140; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=yqD7XG8yS+x+6YJihiZLALF5OEXtH53Z7avMNl6axyM=; b=bSW7jyBvxOMMjw9w3xWNH2YwiOvUGUXM8/lS/uop4ccK26oIrFHuVmD/M4P01i9U8h 6nZlB9K+3ePj1NOt+EO5hTKDd4cBrc1PbX8bwxoJWYyrIugW9tNCshlPZnIkET4H/PbU nZuId+DPXqg8fZYQ8bbfXzFTG/JJfvfQAGQ8XzvYylVKJUd03fPK1S6ok6guKjr6xzo3 yghrTnT0BIAKB8yg4xt4peUBdmoOMmx9bnwLPsMZEpOOSc19MTTEg8UuDyJWbR7dGFx4 S9xHwwIq1VvuYyM/B1FzssTA9QUyN63FT5x1GaXNH/JOQ9YFdo/yey8I+6ml3k054az/ AwgQ== X-Gm-Message-State: AOJu0Yz23w+G/ys+qw21hSWsi9VJ9g0XrtAZmUSwxVvjO5htfV70YRJL tu4qTV5hSXeKh3SV3d5OoLTy5EF34GiAW7FSkZA/+2ilPZdIyN1zGefyv59vvn3Jj9//qyYNrOY 5Cztmf/XbiD7jjPHMMRX1CEZ6BTaHdzQoWFqSkimjy9ka/lxOoDi0cOpRM0hmvyBJovD1n315sh dguMI= X-Received: by 2002:a17:906:18a1:b0:9a1:c659:7c56 with SMTP id c1-20020a17090618a100b009a1c6597c56mr7974562ejf.22.1696618340399; Fri, 06 Oct 2023 11:52:20 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHkFaE7RT68FegF5EVtz6eOa4hTMSrosmapJj1/xc/u6mw3c8ziwd+u13FOKpO9RebspAeKLQ== X-Received: by 2002:a17:906:18a1:b0:9a1:c659:7c56 with SMTP id c1-20020a17090618a100b009a1c6597c56mr7974545ejf.22.1696618340033; Fri, 06 Oct 2023 11:52:20 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:19 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Allison Henderson , Mark Tinguely Subject: [PATCH v3 02/28] xfs: add parent pointer support to attribute code Date: Fri, 6 Oct 2023 20:48:56 +0200 Message-Id: <20231006184922.252188-3-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org From: Allison Henderson Add the new parent attribute type. XFS_ATTR_PARENT is used only for parent pointer entries; it uses reserved blocks like XFS_ATTR_ROOT. Signed-off-by: Mark Tinguely Signed-off-by: Dave Chinner Signed-off-by: Allison Henderson Reviewed-by: Darrick J. Wong --- fs/xfs/libxfs/xfs_attr.c | 4 +++- fs/xfs/libxfs/xfs_da_format.h | 5 ++++- fs/xfs/libxfs/xfs_log_format.h | 1 + fs/xfs/scrub/attr.c | 2 +- 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c index b1dbed7655e8..101823772bf9 100644 --- a/fs/xfs/libxfs/xfs_attr.c +++ b/fs/xfs/libxfs/xfs_attr.c @@ -976,11 +976,13 @@ xfs_attr_set( struct xfs_inode *dp = args->dp; struct xfs_mount *mp = dp->i_mount; struct xfs_trans_res tres; - bool rsvd = (args->attr_filter & XFS_ATTR_ROOT); + bool rsvd; int error, local; int rmt_blks = 0; unsigned int total; + rsvd = (args->attr_filter & (XFS_ATTR_ROOT | XFS_ATTR_PARENT)) != 0; + if (xfs_is_shutdown(dp->i_mount)) return -EIO; diff --git a/fs/xfs/libxfs/xfs_da_format.h b/fs/xfs/libxfs/xfs_da_format.h index f9015f88eca7..fca622d43a38 100644 --- a/fs/xfs/libxfs/xfs_da_format.h +++ b/fs/xfs/libxfs/xfs_da_format.h @@ -698,12 +698,15 @@ struct xfs_attr3_leafblock { #define XFS_ATTR_LOCAL_BIT 0 /* attr is stored locally */ #define XFS_ATTR_ROOT_BIT 1 /* limit access to trusted attrs */ #define XFS_ATTR_SECURE_BIT 2 /* limit access to secure attrs */ +#define XFS_ATTR_PARENT_BIT 3 /* parent pointer attrs */ #define XFS_ATTR_INCOMPLETE_BIT 7 /* attr in middle of create/delete */ #define XFS_ATTR_LOCAL (1u << XFS_ATTR_LOCAL_BIT) #define XFS_ATTR_ROOT (1u << XFS_ATTR_ROOT_BIT) #define XFS_ATTR_SECURE (1u << XFS_ATTR_SECURE_BIT) +#define XFS_ATTR_PARENT (1u << XFS_ATTR_PARENT_BIT) #define XFS_ATTR_INCOMPLETE (1u << XFS_ATTR_INCOMPLETE_BIT) -#define XFS_ATTR_NSP_ONDISK_MASK (XFS_ATTR_ROOT | XFS_ATTR_SECURE) +#define XFS_ATTR_NSP_ONDISK_MASK \ + (XFS_ATTR_ROOT | XFS_ATTR_SECURE | XFS_ATTR_PARENT) /* * Alignment for namelist and valuelist entries (since they are mixed diff --git a/fs/xfs/libxfs/xfs_log_format.h b/fs/xfs/libxfs/xfs_log_format.h index 82f910b857b7..0bc1749fb7bb 100644 --- a/fs/xfs/libxfs/xfs_log_format.h +++ b/fs/xfs/libxfs/xfs_log_format.h @@ -974,6 +974,7 @@ struct xfs_icreate_log { */ #define XFS_ATTRI_FILTER_MASK (XFS_ATTR_ROOT | \ XFS_ATTR_SECURE | \ + XFS_ATTR_PARENT | \ XFS_ATTR_INCOMPLETE) /* diff --git a/fs/xfs/scrub/attr.c b/fs/xfs/scrub/attr.c index 6c16d9530cca..8bc6aa274fa6 100644 --- a/fs/xfs/scrub/attr.c +++ b/fs/xfs/scrub/attr.c @@ -494,7 +494,7 @@ xchk_xattr_rec( /* Retrieve the entry and check it. */ hash = be32_to_cpu(ent->hashval); badflags = ~(XFS_ATTR_LOCAL | XFS_ATTR_ROOT | XFS_ATTR_SECURE | - XFS_ATTR_INCOMPLETE); + XFS_ATTR_INCOMPLETE | XFS_ATTR_PARENT); if ((ent->flags & badflags) != 0) xchk_da_set_corrupt(ds, level); if (ent->flags & XFS_ATTR_LOCAL) { From patchwork Fri Oct 6 18:48:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411878 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1F025E81E1E for ; Fri, 6 Oct 2023 18:53:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233252AbjJFSxM (ORCPT ); Fri, 6 Oct 2023 14:53:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43542 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233272AbjJFSxL (ORCPT ); Fri, 6 Oct 2023 14:53:11 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B0D83CA for ; Fri, 6 Oct 2023 11:52:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618343; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=DaHECssEKXoW7hu/fYmfrh3doxCibaAyOF7u4qbdM4E=; b=Bj2HIQJwkidOzL+qAVqipVvGrKq6V85hRBDBWyMg87S0H0X7fNliZNaUsspFd/OhBLV2Bu 28l4JCvxr8J3qLB0CbTKFUoI06hx2b6S8tUxmQVrfKlUrr0bJMojjiri8i9dFtEsrjVaDA bgKKZHBTvNOE/nScMHNl/93b9Irn1Os= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-680-e8GRssidO52sWI12CemTYA-1; Fri, 06 Oct 2023 14:52:22 -0400 X-MC-Unique: e8GRssidO52sWI12CemTYA-1 Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-9b822f5c156so208778966b.3 for ; Fri, 06 Oct 2023 11:52:22 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618341; x=1697223141; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DaHECssEKXoW7hu/fYmfrh3doxCibaAyOF7u4qbdM4E=; b=NjZXG0B+f7xfiDVuJTK3VADLsMd20HlvxRxv6l6IlVC5eUrzfLDblGcLJSXoiIK2f1 d6vzxunkNyuKLBcd4sDiwZoLj8ixbPXlVahFNsBGFMhfsflr+XTmCSxvD05JrbK+O2N4 HrNqtSc+VCaPCDNY7kZOIioEJt0jAMbsNZvxgkAs10sJCnHLKrWrLDeGeC5iiN5WAL6t ECf+q2DxKZyW6LPtnjQFf6/a0iTO9O1iVk3Fstysif+68Z3+olyTjhA2FYA1PMI47LkE QbbZHhuZn+RZb8iL97r+O62ozDgk9zWUhAs5AlNhQZWknXFSBU2gmOQAGI14GX/m9kpd DPxw== X-Gm-Message-State: AOJu0YyOtua+9vlEXJlUC7dCc9FHpLskhhZ75BorY29RaJenQaVzXlUM rypbo+dGsnEZzt7xi9aJ5QLoDR1tldyNrK5gsXeAX3HhSvRulzQKEiqsbXd4adlMwTFuWdIdmqm U0sHp6U3DBcTXspiygGh4WHohJAbbaTS+vq+bO1lt7pHdX6/tieERd08lj9pzRxVB/h+cy/vyNI ntcks= X-Received: by 2002:a17:906:74ce:b0:9ba:2a5:75c5 with SMTP id z14-20020a17090674ce00b009ba02a575c5mr2163790ejl.75.1696618341103; Fri, 06 Oct 2023 11:52:21 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFUGUCsuEIbPh9jWoEdfWB/Qb0RFrl18MRQsei0qGzW+4gIMWfP6mWpY/zlfNnJBryOxNnj4Q== X-Received: by 2002:a17:906:74ce:b0:9ba:2a5:75c5 with SMTP id z14-20020a17090674ce00b009ba02a575c5mr2163772ejl.75.1696618340817; Fri, 06 Oct 2023 11:52:20 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:20 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Allison Henderson Subject: [PATCH v3 03/28] xfs: define parent pointer xattr format Date: Fri, 6 Oct 2023 20:48:57 +0200 Message-Id: <20231006184922.252188-4-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org From: Allison Henderson We need to define the parent pointer attribute format before we start adding support for it into all the code that needs to use it. The EA format we will use encodes the following information: name={parent inode #, parent inode generation, dirent offset} value={dirent filename} The inode/gen gives all the information we need to reliably identify the parent without requiring child->parent lock ordering, and allows userspace to do pathname component level reconstruction without the kernel ever needing to verify the parent itself as part of ioctl calls. By using the dirent offset in the EA name, we have a method of knowing the exact parent pointer EA we need to modify/remove in rename/unlink without an unbound EA name search. By keeping the dirent name in the value, we have enough information to be able to validate and reconstruct damaged directory trees. While the diroffset of a filename alone is not unique enough to identify the child, the {diroffset,filename,child_inode} tuple is sufficient. That is, if the diroffset gets reused and points to a different filename, we can detect that from the contents of EA. If a link of the same name is created, then we can check whether it points at the same inode as the parent EA we current have. Signed-off-by: Dave Chinner Signed-off-by: Allison Henderson Reviewed-by: Darrick J. Wong --- fs/xfs/libxfs/xfs_da_format.h | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/fs/xfs/libxfs/xfs_da_format.h b/fs/xfs/libxfs/xfs_da_format.h index fca622d43a38..307c8cdb6f10 100644 --- a/fs/xfs/libxfs/xfs_da_format.h +++ b/fs/xfs/libxfs/xfs_da_format.h @@ -862,4 +862,29 @@ static inline unsigned int xfs_dir2_dirblock_bytes(struct xfs_sb *sbp) xfs_failaddr_t xfs_da3_blkinfo_verify(struct xfs_buf *bp, struct xfs_da3_blkinfo *hdr3); +/* + * Parent pointer attribute format definition + * + * EA name encodes the parent inode number, generation and the offset of + * the dirent that points to the child inode. The EA value contains the + * same name as the dirent in the parent directory. + */ +struct xfs_parent_name_rec { + __be64 p_ino; + __be32 p_gen; + __be32 p_diroffset; +}; + +/* + * incore version of the above, also contains name pointers so callers + * can pass/obtain all the parent pointer information in a single structure + */ +struct xfs_parent_name_irec { + xfs_ino_t p_ino; + uint32_t p_gen; + xfs_dir2_dataptr_t p_diroffset; + const char *p_name; + uint8_t p_namelen; +}; + #endif /* __XFS_DA_FORMAT_H__ */ From patchwork Fri Oct 6 18:48:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411886 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9A947E92FFC for ; Fri, 6 Oct 2023 18:54:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233306AbjJFSyF (ORCPT ); Fri, 6 Oct 2023 14:54:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59098 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233283AbjJFSx7 (ORCPT ); Fri, 6 Oct 2023 14:53:59 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CCCF8EA for ; Fri, 6 Oct 2023 11:52:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618350; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=cF6LLWd0WvBXMvGrCZkUcNG53fYlYoAeVHRxAzdPeWo=; b=Zj9FVD06aKrqHmaeZx2/wkEvc6I/CsocJX1Ug4btpsGGdpVWFxFuF5W2VTTuFsyKTJiEyj 8VvNFvLgbfqN8ckxZur2l5m6lt0TgdIsChAP5McgpJ0Tz+cX8NlGGydDIXkYo+HLL1Koxj m5SbFGRs8PYktCc6qbzdd+yjmKowipM= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-112-94h7gFG7PjeuPWv_CpipCQ-1; Fri, 06 Oct 2023 14:52:23 -0400 X-MC-Unique: 94h7gFG7PjeuPWv_CpipCQ-1 Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-9b95fa56bd5so210959866b.0 for ; Fri, 06 Oct 2023 11:52:23 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618342; x=1697223142; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cF6LLWd0WvBXMvGrCZkUcNG53fYlYoAeVHRxAzdPeWo=; b=fO2NOQRkttH03PflTrUNthp/DFmgooaoGC4+IvI64Gh5G1adHUBpLaJKHl5W/f/lCi 84/NhBjWQABW66GrdEkCUE0wzoZuf8bZb0l9MNSpnyyyqXvyfs9ug1I9rc2rdHoH51se S+VXI2gCADSTxVu6FuQDmFqBtttlgrh+gVXWITgaUW/vfrFf3qKmGNsDHH9ArQFGkWCT 18DVrxlxDj1tRwqVgISjfDKUkrTYNwAq1KP9IgtPwd0T/6rpjRdIQA1aiq6ovzvZnjnT OoRZtUfQsx3XroK9UpWpsGfJyFhPGoBp/h1WzY8xujHaF8OXlvLE+FBV47T4jfWtlghp ochg== X-Gm-Message-State: AOJu0Yyw90xiMzIW5V+ZXgicKLmDMYdk9YsCd1R2LNOjSw+Z4B29WAsi tB0zWKTQiKuAAHiVcJCYWSmjP2YvWc5E42vfzPLYbHNVBqpETDCovW6zFP0sMXsUGH4cteeKit1 4+uYLUmIB62Zw+8Rx6OwqFk+UEzVGNEbpIlHrtETMui1Go9Ne4Db0lQbjsi/fcOrFMBuOK/FHD0 vrnFA= X-Received: by 2002:a17:906:31c5:b0:9a2:5bf:8b14 with SMTP id f5-20020a17090631c500b009a205bf8b14mr8881580ejf.22.1696618342038; Fri, 06 Oct 2023 11:52:22 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHpFduafirPU1wxM0LQcObIvVD1nodvtAvtss3fSofvUPY3m4rhSa07AE3hXprDsHbpUVQvLw== X-Received: by 2002:a17:906:31c5:b0:9a2:5bf:8b14 with SMTP id f5-20020a17090631c500b009a205bf8b14mr8881563ejf.22.1696618341727; Fri, 06 Oct 2023 11:52:21 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:21 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Allison Henderson Subject: [PATCH v3 04/28] xfs: Add xfs_verify_pptr Date: Fri, 6 Oct 2023 20:48:58 +0200 Message-Id: <20231006184922.252188-5-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org From: Allison Henderson Attribute names of parent pointers are not strings. So we need to modify attr_namecheck to verify parent pointer records when the XFS_ATTR_PARENT flag is set. Signed-off-by: Allison Henderson Reviewed-by: Darrick J. Wong --- fs/xfs/libxfs/xfs_attr.c | 47 ++++++++++++++++++++++++++++++++--- fs/xfs/libxfs/xfs_attr.h | 3 ++- fs/xfs/libxfs/xfs_da_format.h | 8 ++++++ fs/xfs/scrub/attr.c | 2 +- fs/xfs/xfs_attr_item.c | 11 +++++--- fs/xfs/xfs_attr_list.c | 17 +++++++++---- 6 files changed, 74 insertions(+), 14 deletions(-) diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c index 101823772bf9..711022742e34 100644 --- a/fs/xfs/libxfs/xfs_attr.c +++ b/fs/xfs/libxfs/xfs_attr.c @@ -1577,9 +1577,33 @@ xfs_attr_node_get( return error; } -/* Returns true if the attribute entry name is valid. */ -bool -xfs_attr_namecheck( +/* + * Verify parent pointer attribute is valid. + * Return true on success or false on failure + */ +STATIC bool +xfs_verify_pptr( + struct xfs_mount *mp, + const struct xfs_parent_name_rec *rec) +{ + xfs_ino_t p_ino; + xfs_dir2_dataptr_t p_diroffset; + + p_ino = be64_to_cpu(rec->p_ino); + p_diroffset = be32_to_cpu(rec->p_diroffset); + + if (!xfs_verify_ino(mp, p_ino)) + return false; + + if (p_diroffset > XFS_DIR2_MAX_DATAPTR) + return false; + + return true; +} + +/* Returns true if the string attribute entry name is valid. */ +static bool +xfs_str_attr_namecheck( const void *name, size_t length) { @@ -1594,6 +1618,23 @@ xfs_attr_namecheck( return !memchr(name, 0, length); } +/* Returns true if the attribute entry name is valid. */ +bool +xfs_attr_namecheck( + struct xfs_mount *mp, + const void *name, + size_t length, + int flags) +{ + if (flags & XFS_ATTR_PARENT) { + if (length != sizeof(struct xfs_parent_name_rec)) + return false; + return xfs_verify_pptr(mp, (struct xfs_parent_name_rec *)name); + } + + return xfs_str_attr_namecheck(name, length); +} + int __init xfs_attr_intent_init_cache(void) { diff --git a/fs/xfs/libxfs/xfs_attr.h b/fs/xfs/libxfs/xfs_attr.h index 3e81f3f48560..b79dae788cfb 100644 --- a/fs/xfs/libxfs/xfs_attr.h +++ b/fs/xfs/libxfs/xfs_attr.h @@ -547,7 +547,8 @@ int xfs_attr_get(struct xfs_da_args *args); int xfs_attr_set(struct xfs_da_args *args); int xfs_attr_set_iter(struct xfs_attr_intent *attr); int xfs_attr_remove_iter(struct xfs_attr_intent *attr); -bool xfs_attr_namecheck(const void *name, size_t length); +bool xfs_attr_namecheck(struct xfs_mount *mp, const void *name, size_t length, + int flags); int xfs_attr_calc_size(struct xfs_da_args *args, int *local); void xfs_init_attr_trans(struct xfs_da_args *args, struct xfs_trans_res *tres, unsigned int *total); diff --git a/fs/xfs/libxfs/xfs_da_format.h b/fs/xfs/libxfs/xfs_da_format.h index 307c8cdb6f10..6deefe03207f 100644 --- a/fs/xfs/libxfs/xfs_da_format.h +++ b/fs/xfs/libxfs/xfs_da_format.h @@ -741,6 +741,14 @@ xfs_attr3_leaf_name(xfs_attr_leafblock_t *leafp, int idx) return &((char *)leafp)[be16_to_cpu(entries[idx].nameidx)]; } +static inline int +xfs_attr3_leaf_flags(xfs_attr_leafblock_t *leafp, int idx) +{ + struct xfs_attr_leaf_entry *entries = xfs_attr3_leaf_entryp(leafp); + + return entries[idx].flags; +} + static inline xfs_attr_leaf_name_remote_t * xfs_attr3_leaf_name_remote(xfs_attr_leafblock_t *leafp, int idx) { diff --git a/fs/xfs/scrub/attr.c b/fs/xfs/scrub/attr.c index 8bc6aa274fa6..f35144704395 100644 --- a/fs/xfs/scrub/attr.c +++ b/fs/xfs/scrub/attr.c @@ -195,7 +195,7 @@ xchk_xattr_listent( } /* Does this name make sense? */ - if (!xfs_attr_namecheck(name, namelen)) { + if (!xfs_attr_namecheck(sx->sc->mp, name, namelen, flags)) { xchk_fblock_set_corrupt(sx->sc, XFS_ATTR_FORK, args.blkno); goto fail_xref; } diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index 97ee9d89b5b8..63393216159f 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -593,7 +593,8 @@ xfs_attri_item_recover( */ attrp = &attrip->attri_format; if (!xfs_attri_validate(mp, attrp) || - !xfs_attr_namecheck(nv->name.i_addr, nv->name.i_len)) + !xfs_attr_namecheck(mp, nv->name.i_addr, nv->name.i_len, + attrp->alfi_attr_filter)) return -EFSCORRUPTED; error = xlog_recover_iget(mp, attrp->alfi_ino, &ip); @@ -805,7 +806,8 @@ xlog_recover_attri_commit_pass2( } attr_name = item->ri_buf[i].i_addr; - if (!xfs_attr_namecheck(attr_name, attri_formatp->alfi_name_len)) { + if (!xfs_attr_namecheck(mp, attr_name, attri_formatp->alfi_name_len, + attri_formatp->alfi_attr_filter)) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, item->ri_buf[i].i_addr, item->ri_buf[i].i_len); return -EFSCORRUPTED; @@ -823,8 +825,9 @@ xlog_recover_attri_commit_pass2( } attr_nname = item->ri_buf[i].i_addr; - if (!xfs_attr_namecheck(attr_nname, - attri_formatp->alfi_nname_len)) { + if (!xfs_attr_namecheck(mp, attr_nname, + attri_formatp->alfi_nname_len, + attri_formatp->alfi_attr_filter)) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, item->ri_buf[i].i_addr, item->ri_buf[i].i_len); diff --git a/fs/xfs/xfs_attr_list.c b/fs/xfs/xfs_attr_list.c index 99bbbe1a0e44..a51f7f13a352 100644 --- a/fs/xfs/xfs_attr_list.c +++ b/fs/xfs/xfs_attr_list.c @@ -58,9 +58,13 @@ xfs_attr_shortform_list( struct xfs_attr_sf_sort *sbuf, *sbp; struct xfs_attr_shortform *sf; struct xfs_attr_sf_entry *sfe; + struct xfs_mount *mp; int sbsize, nsbuf, count, i; int error = 0; + ASSERT(context != NULL); + ASSERT(dp != NULL); + mp = dp->i_mount; sf = (struct xfs_attr_shortform *)dp->i_af.if_u1.if_data; ASSERT(sf != NULL); if (!sf->hdr.count) @@ -82,8 +86,9 @@ xfs_attr_shortform_list( (dp->i_af.if_bytes + sf->hdr.count * 16) < context->bufsize)) { for (i = 0, sfe = &sf->list[0]; i < sf->hdr.count; i++) { if (XFS_IS_CORRUPT(context->dp->i_mount, - !xfs_attr_namecheck(sfe->nameval, - sfe->namelen))) + !xfs_attr_namecheck(mp, sfe->nameval, + sfe->namelen, + sfe->flags))) return -EFSCORRUPTED; context->put_listent(context, sfe->flags, @@ -174,8 +179,9 @@ xfs_attr_shortform_list( cursor->offset = 0; } if (XFS_IS_CORRUPT(context->dp->i_mount, - !xfs_attr_namecheck(sbp->name, - sbp->namelen))) { + !xfs_attr_namecheck(mp, sbp->name, + sbp->namelen, + sbp->flags))) { error = -EFSCORRUPTED; goto out; } @@ -465,7 +471,8 @@ xfs_attr3_leaf_list_int( } if (XFS_IS_CORRUPT(context->dp->i_mount, - !xfs_attr_namecheck(name, namelen))) + !xfs_attr_namecheck(mp, name, namelen, + entry->flags))) return -EFSCORRUPTED; context->put_listent(context, entry->flags, name, namelen, valuelen); From patchwork Fri Oct 6 18:48:59 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411881 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D073AE92FE0 for ; Fri, 6 Oct 2023 18:53:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233318AbjJFSx6 (ORCPT ); Fri, 6 Oct 2023 14:53:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59054 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233291AbjJFSxy (ORCPT ); Fri, 6 Oct 2023 14:53:54 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6575AD6 for ; Fri, 6 Oct 2023 11:52:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618345; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=g1rGIaFOcgzEDtbNfKOICnouTJvfDrh5OEfl1tH6mXc=; b=SPYklz2aqNHLcWMfSrv4w7F7UPuLUWWM7TnkUkjwxYIRN8Y6Iwtq4oghk3nHdE9A2yflb1 rmT4jFxWndXPCm0H2mbK0koShjcJdX2cJUXw9B3bHsu4sz4lsz4YCan612c7hZqtjA3mHG TeQQn7cfPRJgJVRkhqAivfVNLeLQjc4= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-663-stbjjSpqMhWa1BKVWD_i8w-1; Fri, 06 Oct 2023 14:52:24 -0400 X-MC-Unique: stbjjSpqMhWa1BKVWD_i8w-1 Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-9ae70250ef5so395938266b.0 for ; Fri, 06 Oct 2023 11:52:24 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618343; x=1697223143; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=g1rGIaFOcgzEDtbNfKOICnouTJvfDrh5OEfl1tH6mXc=; b=S9TFLOxtbJva2px20JBrXMk1PxIJ2GAO0BqgwSPXzpg18M52rqBxOZaAElkL0zVQ4j RQYjZIYIS8MDLM2SlJwymW7ZNJt3vdXWL7pznFs/9mMjblncmQbfT4Kr++lROH3L8qEW HtejAbBxjbllXC656HNKXGeM0dXogg38EZqm9/nTyYVrMhNk5eCtIxXB6AqrYnSOo6EW Ngj1gUy6swhqaIR7w+uU+4kxjeuJvX0ipMN+IzQ+sSp5iyOpZbNo/K5r2TmDMNClWTxD uyY4NOKfnnR5kixR+irM/fMRymQ9Wvi8vQtk/neLp/+8Iowbgqw/dbJgJQSWj1X6gyeY qj0A== X-Gm-Message-State: AOJu0YzDOKMsKsSa8aKnpfaAbhnNlrowgozhUFlbzO+B8hBQWrTjj8gG YbqvGrcK9LTlEYb4dg8VoL53Ih42ypwnthO/a+z4KkoJI+s04nmrtLYfhodJxGU6Xa6RE3oPHbY ER7AGWILXlnImx7IPtdHuyfMPISUXQA5usKUSM/q69HAM4oQP2j4oz9mlC5mcnTfTBaT8bJPSa9 sjK9Y= X-Received: by 2002:a17:907:9491:b0:9a5:962c:cb6c with SMTP id dm17-20020a170907949100b009a5962ccb6cmr5175905ejc.31.1696618343005; Fri, 06 Oct 2023 11:52:23 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH17nmROYKxmyjF7xwhLbMraoHotdEHwmzzX8X0FXNpicq6vdW0N2QZENxJT12qGNrH88Nkhg== X-Received: by 2002:a17:907:9491:b0:9a5:962c:cb6c with SMTP id dm17-20020a170907949100b009a5962ccb6cmr5175890ejc.31.1696618342685; Fri, 06 Oct 2023 11:52:22 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:22 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Andrey Albershteyn Subject: [PATCH v3 05/28] fs: add FS_XFLAG_VERITY for fs-verity sealed inodes Date: Fri, 6 Oct 2023 20:48:59 +0200 Message-Id: <20231006184922.252188-6-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org Add extended file attribute FS_XFLAG_VERITY for inodes sealed with fs-verity. Signed-off-by: Andrey Albershteyn --- Documentation/filesystems/fsverity.rst | 9 +++++++++ include/uapi/linux/fs.h | 1 + 2 files changed, 10 insertions(+) diff --git a/Documentation/filesystems/fsverity.rst b/Documentation/filesystems/fsverity.rst index 13e4b18e5dbb..af889512c6ac 100644 --- a/Documentation/filesystems/fsverity.rst +++ b/Documentation/filesystems/fsverity.rst @@ -326,6 +326,15 @@ the file has fs-verity enabled. This can perform better than FS_IOC_GETFLAGS and FS_IOC_MEASURE_VERITY because it doesn't require opening the file, and opening verity files can be expensive. +Extended file attributes +------------------------ + +For fs-verity sealed files the FS_XFLAG_VERITY extended file +attribute is set. The attribute can be observed via lsattr. + + [root@vm:~]# lsattr /mnt/test/foo + --------------------V- /mnt/test/foo + .. _accessing_verity_files: Accessing verity files diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h index b7b56871029c..5172a2eb902c 100644 --- a/include/uapi/linux/fs.h +++ b/include/uapi/linux/fs.h @@ -140,6 +140,7 @@ struct fsxattr { #define FS_XFLAG_FILESTREAM 0x00004000 /* use filestream allocator */ #define FS_XFLAG_DAX 0x00008000 /* use DAX for IO */ #define FS_XFLAG_COWEXTSIZE 0x00010000 /* CoW extent size allocator hint */ +#define FS_XFLAG_VERITY 0x00020000 /* fs-verity sealed inode */ #define FS_XFLAG_HASATTR 0x80000000 /* no DIFLAG for this */ /* the read-only stuff doesn't really belong here, but any other place is From patchwork Fri Oct 6 18:49:00 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411885 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9AE0BE81E1F for ; Fri, 6 Oct 2023 18:54:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233253AbjJFSyE (ORCPT ); Fri, 6 Oct 2023 14:54:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50310 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233122AbjJFSyA (ORCPT ); Fri, 6 Oct 2023 14:54:00 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BED38F4 for ; Fri, 6 Oct 2023 11:52:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618352; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BlaoLCyuqcY+41bC5MK6wnQeesc3w4fcpuq4w3pEvtE=; b=NHY6I4MTDwOknrvAZDysBD1kmJBS7PUZDmM+0Q7VH1EkjXpNmWrvxjAzRjnXAWN1Jp7xkE uTjHXFYY0LGsm2xTeybJ894MywonQTzDivFPv3rhpKk+LSCFiIkNnp0GHD4zz+iAAcxHnS sNukfQbTPLIsxY3nLOJWKyJGZCDk4XU= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-413-saXJACrdPW-IRrkRckNtjQ-1; Fri, 06 Oct 2023 14:52:25 -0400 X-MC-Unique: saXJACrdPW-IRrkRckNtjQ-1 Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-9b95fa56bd5so210962866b.0 for ; Fri, 06 Oct 2023 11:52:25 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618344; x=1697223144; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BlaoLCyuqcY+41bC5MK6wnQeesc3w4fcpuq4w3pEvtE=; b=GzwjiiSE4vbTsudo1MXRQLN3uUIUPZjY5DO+iQtLarW8s2RgI1CKC7JGaK/Q8fzzWR K+pbpvdA8ZwjsfDwZVwxjD8rT8b0yxLD8prqO7o0jbmMI3F7mblK8HXgVR2frJkPsESB eo7OYzNAPJODhbbSCU9+/EMnZinLWLCXoth0YxTpmtfRKshYLA5BYhKwc/xsTsyfxQSx hZDQsb3EQZ5HqZvI/+21ggZqNHYkbjRt+9fwGRR3isDIHxNNDhXeOTQWr9rpunMqZaVx TYdtpuie8mL038u1by8ZHkrLmj+NHA2X2vjitSXp7/z3xYKvrv1iZil0q1qc1WC+q+Wt YSFQ== X-Gm-Message-State: AOJu0YxCsZrWT7HIhUdrnqlU+Q5XP58N5PUN8J+hjEqmdGWiQRMNfGQM lAu8DpmrjWzbRSgJj0JYkYSrDPwn8buk3Cl/fFs8lUlPJxaQh+cMVbBGCL3AEAQbmHYX1LiJL4X GLBgyog33/9yaINHKQqkxikX8Lw3VE/GqkX+50XfBfHzWpZJOfs0m/vfMzY63dJ+Od5/OfJHA/g tRp08= X-Received: by 2002:a17:906:300f:b0:9ae:6a8b:f8aa with SMTP id 15-20020a170906300f00b009ae6a8bf8aamr7747683ejz.26.1696618344182; Fri, 06 Oct 2023 11:52:24 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGEYdkuIsSVenx/4uH2p+mA+oW9MGScE7Z/AddBzQwdbEUsftUik0ThWo7nIT0gm/cImU0pMg== X-Received: by 2002:a17:906:300f:b0:9ae:6a8b:f8aa with SMTP id 15-20020a170906300f00b009ae6a8bf8aamr7747667ejz.26.1696618343885; Fri, 06 Oct 2023 11:52:23 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:23 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Andrey Albershteyn Subject: [PATCH v3 06/28] fsverity: add drop_page() callout Date: Fri, 6 Oct 2023 20:49:00 +0200 Message-Id: <20231006184922.252188-7-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org Allow filesystem to make additional processing on verified pages instead of just dropping a reference. This will be used by XFS for internal buffer cache manipulation in further patches. The btrfs, ext4, and f2fs just drop the reference. Signed-off-by: Andrey Albershteyn --- fs/verity/read_metadata.c | 4 ++-- fs/verity/verify.c | 6 +++--- include/linux/fsverity.h | 33 +++++++++++++++++++++++++++++++++ 3 files changed, 38 insertions(+), 5 deletions(-) diff --git a/fs/verity/read_metadata.c b/fs/verity/read_metadata.c index f58432772d9e..8bd4b29a9a95 100644 --- a/fs/verity/read_metadata.c +++ b/fs/verity/read_metadata.c @@ -56,12 +56,12 @@ static int fsverity_read_merkle_tree(struct inode *inode, virt = kmap_local_page(page); if (copy_to_user(buf, virt + offs_in_page, bytes_to_copy)) { kunmap_local(virt); - put_page(page); + fsverity_drop_page(inode, page); err = -EFAULT; break; } kunmap_local(virt); - put_page(page); + fsverity_drop_page(inode, page); retval += bytes_to_copy; buf += bytes_to_copy; diff --git a/fs/verity/verify.c b/fs/verity/verify.c index 904ccd7e8e16..2fe7bd57b16e 100644 --- a/fs/verity/verify.c +++ b/fs/verity/verify.c @@ -183,7 +183,7 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, memcpy(_want_hash, haddr + hoffset, hsize); want_hash = _want_hash; kunmap_local(haddr); - put_page(hpage); + fsverity_drop_page(inode, hpage); goto descend; } hblocks[level].page = hpage; @@ -218,7 +218,7 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, memcpy(_want_hash, haddr + hoffset, hsize); want_hash = _want_hash; kunmap_local(haddr); - put_page(hpage); + fsverity_drop_page(inode, hpage); } /* Finally, verify the data block. */ @@ -237,7 +237,7 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, error: for (; level > 0; level--) { kunmap_local(hblocks[level - 1].addr); - put_page(hblocks[level - 1].page); + fsverity_drop_page(inode, hblocks[level - 1].page); } return false; } diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h index 1eb7eae580be..6514ed6b09b4 100644 --- a/include/linux/fsverity.h +++ b/include/linux/fsverity.h @@ -120,6 +120,16 @@ struct fsverity_operations { */ int (*write_merkle_tree_block)(struct inode *inode, const void *buf, u64 pos, unsigned int size); + + /** + * Release the reference to a Merkle tree page + * + * @page: the page to release + * + * This is called when fs-verity is done with a page obtained with + * ->read_merkle_tree_page(). + */ + void (*drop_page)(struct page *page); }; #ifdef CONFIG_FS_VERITY @@ -174,6 +184,24 @@ bool fsverity_verify_blocks(struct folio *folio, size_t len, size_t offset); void fsverity_verify_bio(struct bio *bio); void fsverity_enqueue_verify_work(struct work_struct *work); +/** + * fsverity_drop_page() - drop page obtained with ->read_merkle_tree_page() + * @inode: inode in use for verification or metadata reading + * @page: page to be dropped + * + * Generic put_page() method. Calls out back to filesystem if ->drop_page() is + * set, otherwise just drops the reference to a page. + * + */ +static inline void fsverity_drop_page(struct inode *inode, struct page *page) +{ + if (inode->i_sb->s_vop->drop_page) + inode->i_sb->s_vop->drop_page(page); + else + put_page(page); +} + + #else /* !CONFIG_FS_VERITY */ static inline struct fsverity_info *fsverity_get_info(const struct inode *inode) @@ -251,6 +279,11 @@ static inline void fsverity_enqueue_verify_work(struct work_struct *work) WARN_ON_ONCE(1); } +static inline void fsverity_drop_page(struct inode *inode, struct page *page) +{ + WARN_ON_ONCE(1); +} + #endif /* !CONFIG_FS_VERITY */ static inline bool fsverity_verify_folio(struct folio *folio) From patchwork Fri Oct 6 18:49:01 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411883 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 99005E81E1E for ; Fri, 6 Oct 2023 18:54:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233295AbjJFSyA (ORCPT ); Fri, 6 Oct 2023 14:54:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59084 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233294AbjJFSxy (ORCPT ); Fri, 6 Oct 2023 14:53:54 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C5045DE for ; Fri, 6 Oct 2023 11:52:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618348; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nu0z1c/0eDrJgBAtNTkFM1hnZGQ4PO6Tjoiby57zXqo=; b=Cys0aEujxFjb8+tZ86eFszpmg+8QCubbli8thVxvqyH8V+/kvN89LNG7sqtbAqSSLWJqQa A59j93peAxRDob2qqTJDwPaNP5dJK9sy/yz6UIuPsNiI5m7TvreN+R6IWrAPzWq9DMSl3N sxboPXSNj+Iu0ZqjlNh42opzESou7/Y= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-471-y5vxNRP3OXWW99dMM_3Ulg-1; Fri, 06 Oct 2023 14:52:26 -0400 X-MC-Unique: y5vxNRP3OXWW99dMM_3Ulg-1 Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-9adad8f306fso197833566b.0 for ; Fri, 06 Oct 2023 11:52:26 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618345; x=1697223145; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nu0z1c/0eDrJgBAtNTkFM1hnZGQ4PO6Tjoiby57zXqo=; b=RHgLBoPntaW+ANYhNSZKEwdh96tYBjupS1eBJxHyXdzeirBwyqAI9LJaWg71AHEEIV iVyQYi/HGXvec+QrssGEaDbgR3OlKmZHcBfiCUrnKXXb/q01To3mO1q/xG6un90hlBS0 3zvtUQZgEAsWfUieZAa50+TYmWi31miphNiJmslTbyhihHi35jkrSRf4dAo5u5sPr3Xm ax2xMc9DUTr6EJlsbmMvqzmRdsbhIsBNWQWMBXnT6L/aYqEnqMc3VD7G60TLCpQpzqEY MjK9dTYpgAOBS7/Blwkpg4qsGKpNgzdqTNL+n9QihQYoLkpMSqhzLzxf9mluijGS4G5Z M2Sg== X-Gm-Message-State: AOJu0Ywaax6xfNijFLwL8nGYg33BZmbLTV0WH7tYH7RaqHAj75rStLpF OY8CHixdCj0yXFI2Jj7zTZ5yO8O9W1ffUrC25ulTvFjQOw+VHWY2gEkgwLd2+sg4UA2v4Yrcqmr ysRir2dZIbhvrI6w1TfKvcP5n+j24L+GiekuYx2wqZZUCEreXWhzVnR7WZl8FPvXjAZQIj4M4dp HZVeY= X-Received: by 2002:a17:907:763b:b0:9b6:582e:be5e with SMTP id jy27-20020a170907763b00b009b6582ebe5emr8346633ejc.60.1696618345117; Fri, 06 Oct 2023 11:52:25 -0700 (PDT) X-Google-Smtp-Source: AGHT+IENatGxYpE7Tp1bpesC4eUgkJNnUC/i6HuVX71rQKaEwcb3B5NgFaf4ClmswaYc3r8y8XAfKA== X-Received: by 2002:a17:907:763b:b0:9b6:582e:be5e with SMTP id jy27-20020a170907763b00b009b6582ebe5emr8346617ejc.60.1696618344867; Fri, 06 Oct 2023 11:52:24 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:24 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Andrey Albershteyn Subject: [PATCH v3 07/28] fsverity: always use bitmap to track verified status Date: Fri, 6 Oct 2023 20:49:01 +0200 Message-Id: <20231006184922.252188-8-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org The bitmap is used to track verified status of the Merkle tree blocks which are smaller than a PAGE. Blocks which fits exactly in a page - use PageChecked() for tracking "verified" status. This patch switches to always use bitmap to track verified status. This is needed to move fs-verity away from page management and work only with Merkle tree blocks. Also, this patch removes spinlock. The lock was used to reset bits in bitmap belonging to one page. This patch works only with one Merkle tree block and won't reset other blocks status. Signed-off-by: Andrey Albershteyn --- fs/verity/fsverity_private.h | 1 - fs/verity/open.c | 49 ++++++++++++------------- fs/verity/verify.c | 71 +++++------------------------------- 3 files changed, 33 insertions(+), 88 deletions(-) diff --git a/fs/verity/fsverity_private.h b/fs/verity/fsverity_private.h index d071a6e32581..9611eeae3527 100644 --- a/fs/verity/fsverity_private.h +++ b/fs/verity/fsverity_private.h @@ -69,7 +69,6 @@ struct fsverity_info { u8 file_digest[FS_VERITY_MAX_DIGEST_SIZE]; const struct inode *inode; unsigned long *hash_block_verified; - spinlock_t hash_page_init_lock; }; #define FS_VERITY_MAX_SIGNATURE_SIZE (FS_VERITY_MAX_DESCRIPTOR_SIZE - \ diff --git a/fs/verity/open.c b/fs/verity/open.c index 6c31a871b84b..dfb9fe6aaae9 100644 --- a/fs/verity/open.c +++ b/fs/verity/open.c @@ -182,6 +182,7 @@ struct fsverity_info *fsverity_create_info(const struct inode *inode, { struct fsverity_info *vi; int err; + unsigned long num_bits; vi = kmem_cache_zalloc(fsverity_info_cachep, GFP_KERNEL); if (!vi) @@ -213,33 +214,29 @@ struct fsverity_info *fsverity_create_info(const struct inode *inode, if (err) goto fail; - if (vi->tree_params.block_size != PAGE_SIZE) { - /* - * When the Merkle tree block size and page size differ, we use - * a bitmap to keep track of which hash blocks have been - * verified. This bitmap must contain one bit per hash block, - * including alignment to a page boundary at the end. - * - * Eventually, to support extremely large files in an efficient - * way, it might be necessary to make pages of this bitmap - * reclaimable. But for now, simply allocating the whole bitmap - * is a simple solution that works well on the files on which - * fsverity is realistically used. E.g., with SHA-256 and 4K - * blocks, a 100MB file only needs a 24-byte bitmap, and the - * bitmap for any file under 17GB fits in a 4K page. - */ - unsigned long num_bits = - vi->tree_params.tree_pages << - vi->tree_params.log_blocks_per_page; + /* + * We use a bitmap to keep track of which hash blocks have been + * verified. This bitmap must contain one bit per hash block, + * including alignment to a page boundary at the end. + * + * Eventually, to support extremely large files in an efficient + * way, it might be necessary to make pages of this bitmap + * reclaimable. But for now, simply allocating the whole bitmap + * is a simple solution that works well on the files on which + * fsverity is realistically used. E.g., with SHA-256 and 4K + * blocks, a 100MB file only needs a 24-byte bitmap, and the + * bitmap for any file under 17GB fits in a 4K page. + */ + num_bits = + vi->tree_params.tree_pages << + vi->tree_params.log_blocks_per_page; - vi->hash_block_verified = kvcalloc(BITS_TO_LONGS(num_bits), - sizeof(unsigned long), - GFP_KERNEL); - if (!vi->hash_block_verified) { - err = -ENOMEM; - goto fail; - } - spin_lock_init(&vi->hash_page_init_lock); + vi->hash_block_verified = kvcalloc(BITS_TO_LONGS(num_bits), + sizeof(unsigned long), + GFP_KERNEL); + if (!vi->hash_block_verified) { + err = -ENOMEM; + goto fail; } return vi; diff --git a/fs/verity/verify.c b/fs/verity/verify.c index 2fe7bd57b16e..e7b13d143ae9 100644 --- a/fs/verity/verify.c +++ b/fs/verity/verify.c @@ -13,69 +13,18 @@ static struct workqueue_struct *fsverity_read_workqueue; /* - * Returns true if the hash block with index @hblock_idx in the tree, located in - * @hpage, has already been verified. + * Returns true if the hash block with index @hblock_idx in the tree has + * already been verified. */ -static bool is_hash_block_verified(struct fsverity_info *vi, struct page *hpage, - unsigned long hblock_idx) +static bool is_hash_block_verified(struct fsverity_info *vi, + unsigned long hblock_idx, + bool block_cached) { - bool verified; - unsigned int blocks_per_page; - unsigned int i; - - /* - * When the Merkle tree block size and page size are the same, then the - * ->hash_block_verified bitmap isn't allocated, and we use PG_checked - * to directly indicate whether the page's block has been verified. - * - * Using PG_checked also guarantees that we re-verify hash pages that - * get evicted and re-instantiated from the backing storage, as new - * pages always start out with PG_checked cleared. - */ - if (!vi->hash_block_verified) - return PageChecked(hpage); - - /* - * When the Merkle tree block size and page size differ, we use a bitmap - * to indicate whether each hash block has been verified. - * - * However, we still need to ensure that hash pages that get evicted and - * re-instantiated from the backing storage are re-verified. To do - * this, we use PG_checked again, but now it doesn't really mean - * "checked". Instead, now it just serves as an indicator for whether - * the hash page is newly instantiated or not. - * - * The first thread that sees PG_checked=0 must clear the corresponding - * bitmap bits, then set PG_checked=1. This requires a spinlock. To - * avoid having to take this spinlock in the common case of - * PG_checked=1, we start with an opportunistic lockless read. - */ - if (PageChecked(hpage)) { - /* - * A read memory barrier is needed here to give ACQUIRE - * semantics to the above PageChecked() test. - */ - smp_rmb(); + if (block_cached) return test_bit(hblock_idx, vi->hash_block_verified); - } - spin_lock(&vi->hash_page_init_lock); - if (PageChecked(hpage)) { - verified = test_bit(hblock_idx, vi->hash_block_verified); - } else { - blocks_per_page = vi->tree_params.blocks_per_page; - hblock_idx = round_down(hblock_idx, blocks_per_page); - for (i = 0; i < blocks_per_page; i++) - clear_bit(hblock_idx + i, vi->hash_block_verified); - /* - * A write memory barrier is needed here to give RELEASE - * semantics to the below SetPageChecked() operation. - */ - smp_wmb(); - SetPageChecked(hpage); - verified = false; - } - spin_unlock(&vi->hash_page_init_lock); - return verified; + + clear_bit(hblock_idx, vi->hash_block_verified); + return false; } /* @@ -179,7 +128,7 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, goto error; } haddr = kmap_local_page(hpage) + hblock_offset_in_page; - if (is_hash_block_verified(vi, hpage, hblock_idx)) { + if (is_hash_block_verified(vi, hblock_idx, PageChecked(hpage))) { memcpy(_want_hash, haddr + hoffset, hsize); want_hash = _want_hash; kunmap_local(haddr); From patchwork Fri Oct 6 18:49:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411882 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0C96CE81E1F for ; Fri, 6 Oct 2023 18:54:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233291AbjJFSx7 (ORCPT ); Fri, 6 Oct 2023 14:53:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59078 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233308AbjJFSx4 (ORCPT ); Fri, 6 Oct 2023 14:53:56 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 842E0E4 for ; Fri, 6 Oct 2023 11:52:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618348; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wj5hMGaY9RCgF1kuAnCk/NqRYGmG4WFEtNC/8xLzEio=; b=ELScyJpHQIT3VZJOXt23KTcTOc3UcohSsTEPWTVYe+JFO6EpqTmnSN1Z7qAqmucX+4JVbb SWciYPzJvkNPYn4QGw3OLHPhiPfThSEoLUUJ4FOYQYRnQFhU7d96riFZy5TjIrQM4RVW0k q9TneYmTtm0XqGebNEneiLNNVpdfV5g= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-190--dYNi0WrOhWTe_j-5ids5A-1; Fri, 06 Oct 2023 14:52:27 -0400 X-MC-Unique: -dYNi0WrOhWTe_j-5ids5A-1 Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-9b98bbf130cso207020466b.2 for ; Fri, 06 Oct 2023 11:52:27 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618346; x=1697223146; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wj5hMGaY9RCgF1kuAnCk/NqRYGmG4WFEtNC/8xLzEio=; b=eCvcnuM2/lBT/314OhTd4R2RC/xZoiEX89WGq8DqqLkIaXGTTmn4uKixgybLr5Amgk wpNV/7F/rOX3qoIA0K8U4oO6buxe5+3PQJdgWK7B9BMDT+/lDlvbWxJ7dXY2epNPml+A Wq6RpAqvP6eP1H7YbPWT1STXhf9ZnWVO8NYj1KC6umghmqpm58EwzxOLXYp+hdsVbeXy yBiUQZ0Gl/IjbrWm+3Lfrf9IpJ1tr5ihvtm8EFW1iPDl1UKkTdKYRKiwfS2lnfvz6mGa m+RpctIeKZWFexaBYWsep/fokPJwEb05Rm1lnCHfwMm+YB2ShTS5yzXdVLHxUbeBi2rO acoQ== X-Gm-Message-State: AOJu0YywyOmHQTVL+yeVBXk/HP918xM839tMoa/2rRDACpOypUXwi6p6 jcwgDtdFNDkru/3gAn6xSRJYO9sjzDhJcT+d+smzpNumKLw2U+Hkjrgz+ak0D5XUigGoShOm8qm 71XF9lsJOjDs1IA5X2Eod5qe9d2K1tXPWq4acqYPOwrp3yYX7anPqTcnafcFMW3EnkJ2Kgikgll CSAYM= X-Received: by 2002:a17:907:d047:b0:9ae:6744:4591 with SMTP id vb7-20020a170907d04700b009ae67444591mr7570437ejc.43.1696618346186; Fri, 06 Oct 2023 11:52:26 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEZsbXSDA5dCU5U470HWiK746cPDwE1tLcX0vn7uqd8EYCM3Rp8th3S69Fttrk14CPUXhcckw== X-Received: by 2002:a17:907:d047:b0:9ae:6744:4591 with SMTP id vb7-20020a170907d04700b009ae67444591mr7570420ejc.43.1696618345847; Fri, 06 Oct 2023 11:52:25 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:25 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Andrey Albershteyn Subject: [PATCH v3 08/28] fsverity: pass Merkle tree block size to ->read_merkle_tree_page() Date: Fri, 6 Oct 2023 20:49:02 +0200 Message-Id: <20231006184922.252188-9-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org XFS will need to know size of Merkle tree block as these blocks will not be stored consecutively in fs blocks. Therefore, they could not be obtained in PAGEs like in ext4. Rather, they are stored under offsets used as name in extended attributes. The size is needed to calculate the offset. Signed-off-by: Andrey Albershteyn --- fs/btrfs/verity.c | 3 ++- fs/ext4/verity.c | 3 ++- fs/f2fs/verity.c | 3 ++- fs/verity/read_metadata.c | 3 ++- fs/verity/verify.c | 3 ++- include/linux/fsverity.h | 3 ++- 6 files changed, 12 insertions(+), 6 deletions(-) diff --git a/fs/btrfs/verity.c b/fs/btrfs/verity.c index 744f4f4d4c68..b39199b57a69 100644 --- a/fs/btrfs/verity.c +++ b/fs/btrfs/verity.c @@ -713,7 +713,8 @@ int btrfs_get_verity_descriptor(struct inode *inode, void *buf, size_t buf_size) */ static struct page *btrfs_read_merkle_tree_page(struct inode *inode, pgoff_t index, - unsigned long num_ra_pages) + unsigned long num_ra_pages, + u8 log_blocksize) { struct folio *folio; u64 off = (u64)index << PAGE_SHIFT; diff --git a/fs/ext4/verity.c b/fs/ext4/verity.c index 2f37e1ea3955..4eb77cefdbe1 100644 --- a/fs/ext4/verity.c +++ b/fs/ext4/verity.c @@ -359,7 +359,8 @@ static int ext4_get_verity_descriptor(struct inode *inode, void *buf, static struct page *ext4_read_merkle_tree_page(struct inode *inode, pgoff_t index, - unsigned long num_ra_pages) + unsigned long num_ra_pages, + u8 log_blocksize) { struct folio *folio; diff --git a/fs/f2fs/verity.c b/fs/f2fs/verity.c index 4fc95f353a7a..bb354ab8ca5a 100644 --- a/fs/f2fs/verity.c +++ b/fs/f2fs/verity.c @@ -256,7 +256,8 @@ static int f2fs_get_verity_descriptor(struct inode *inode, void *buf, static struct page *f2fs_read_merkle_tree_page(struct inode *inode, pgoff_t index, - unsigned long num_ra_pages) + unsigned long num_ra_pages, + u8 log_blocksize) { struct page *page; diff --git a/fs/verity/read_metadata.c b/fs/verity/read_metadata.c index 8bd4b29a9a95..197624cab43e 100644 --- a/fs/verity/read_metadata.c +++ b/fs/verity/read_metadata.c @@ -44,7 +44,8 @@ static int fsverity_read_merkle_tree(struct inode *inode, struct page *page; const void *virt; - page = vops->read_merkle_tree_page(inode, index, num_ra_pages); + page = vops->read_merkle_tree_page(inode, index, num_ra_pages, + vi->tree_params.log_blocksize); if (IS_ERR(page)) { err = PTR_ERR(page); fsverity_err(inode, diff --git a/fs/verity/verify.c b/fs/verity/verify.c index e7b13d143ae9..f556336ebd8d 100644 --- a/fs/verity/verify.c +++ b/fs/verity/verify.c @@ -120,7 +120,8 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, hpage = inode->i_sb->s_vop->read_merkle_tree_page(inode, hpage_idx, level == 0 ? min(max_ra_pages, - params->tree_pages - hpage_idx) : 0); + params->tree_pages - hpage_idx) : 0, + params->log_blocksize); if (IS_ERR(hpage)) { fsverity_err(inode, "Error %ld reading Merkle tree page %lu", diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h index 6514ed6b09b4..252b2668894c 100644 --- a/include/linux/fsverity.h +++ b/include/linux/fsverity.h @@ -103,7 +103,8 @@ struct fsverity_operations { */ struct page *(*read_merkle_tree_page)(struct inode *inode, pgoff_t index, - unsigned long num_ra_pages); + unsigned long num_ra_pages, + u8 log_blocksize); /** * Write a Merkle tree block to the given inode. From patchwork Fri Oct 6 18:49:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411887 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2379EE9371B for ; Fri, 6 Oct 2023 18:54:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233122AbjJFSyG (ORCPT ); Fri, 6 Oct 2023 14:54:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59086 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233296AbjJFSyB (ORCPT ); Fri, 6 Oct 2023 14:54:01 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 48B77E9 for ; Fri, 6 Oct 2023 11:52:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618349; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=O7XPmH44P+ap8pothWdhiZlYSUyho8+XNKckKHFJIOg=; b=WaDfzgzQXkFAW8xt9ap7louC39O3sz+51vr+KUmxixNl9L/wAU1LGTkEk3fTvK13KZCU6l O5E4sS1vNFw639eN1Rew8j+Sc9IrtcC7eHuZ29p7li/8psvhPW46s1zIlz2RH7sm4ehs9m K20/Crv9Mq6cRQsStrejpYymLK2LaNw= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-687-fMo_qf0uOhmAy5Z13GpKXw-1; Fri, 06 Oct 2023 14:52:28 -0400 X-MC-Unique: fMo_qf0uOhmAy5Z13GpKXw-1 Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-9ae42088b4bso195964866b.3 for ; Fri, 06 Oct 2023 11:52:28 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618347; x=1697223147; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=O7XPmH44P+ap8pothWdhiZlYSUyho8+XNKckKHFJIOg=; b=YG+6c7sSsHh4ZMceSo+zCdtIFyNCv6TxcFxBgHuSeM1RAgeSZLFjL37xzpNr8e95qN o4dM5q4FUbloYIF+0tKuzmGXxJjCth07aA58+2yNbM2cHcrl83NPd+NeshYGa3n3QGz1 5nOKt4PgG27on/O8CtQ306vX/Fe8KkRF4N8eUGjlubBu5kE0VzJmPqxBFka1z+zJuiX7 9P82xTtLwzqG3SoW+R94COKuX/AVXO6+CsCUcto2z8ZiPhixkzJvnT5bHHerThHCZzwS 0FFdddV49mF/8rWC+c2c9E1FF01zjzpliw+UBJVMXa2WxplVOB8S7aEYBjMH1SnLlFjt YZzA== X-Gm-Message-State: AOJu0Yw75xU4xa6GiLBfH9+9NOVHAdCCe44kIiLcCxE82RUzJOOmiwiq qDrekFPZAi5+CLWSEqM2NyDe2wrHCwIhCg5wfjbxUx8WE0eLDwCLA8/6QGlVvvf33bggrIFpfz4 FAXfYk2nqKNG+RoFxkM0KLjzG/KSrey/VXdKN5ZPF6tnYoJ8L2i9+LQL/HIc/fu/onOQWISDZ4k 5xgjA= X-Received: by 2002:a17:906:9c1:b0:9ae:5aa4:9fa with SMTP id r1-20020a17090609c100b009ae5aa409famr8090445eje.42.1696618347087; Fri, 06 Oct 2023 11:52:27 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEUhTkv6Y3ms1dW1sNfvoG2u1LCutOMUQtjoa3WTTMfsWftHZEKYPqcdq3cLzDayMSeNmLAOA== X-Received: by 2002:a17:906:9c1:b0:9ae:5aa4:9fa with SMTP id r1-20020a17090609c100b009ae5aa409famr8090433eje.42.1696618346871; Fri, 06 Oct 2023 11:52:26 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:26 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Andrey Albershteyn Subject: [PATCH v3 09/28] fsverity: pass log_blocksize to end_enable_verity() Date: Fri, 6 Oct 2023 20:49:03 +0200 Message-Id: <20231006184922.252188-10-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org XFS will need to know log_blocksize to remove the tree in case of an error. The size is needed to calculate offsets of particular Merkle tree blocks. Signed-off-by: Andrey Albershteyn --- fs/btrfs/verity.c | 4 +++- fs/ext4/verity.c | 3 ++- fs/f2fs/verity.c | 3 ++- fs/verity/enable.c | 6 ++++-- include/linux/fsverity.h | 4 +++- 5 files changed, 14 insertions(+), 6 deletions(-) diff --git a/fs/btrfs/verity.c b/fs/btrfs/verity.c index b39199b57a69..2b34796f68d3 100644 --- a/fs/btrfs/verity.c +++ b/fs/btrfs/verity.c @@ -621,6 +621,7 @@ static int btrfs_begin_enable_verity(struct file *filp) * @desc: verity descriptor to write out (NULL in error conditions) * @desc_size: size of the verity descriptor (variable with signatures) * @merkle_tree_size: size of the merkle tree in bytes + * @log_blocksize: log size of the Merkle tree block * * If desc is null, then VFS is signaling an error occurred during verity * enable, and we should try to rollback. Otherwise, attempt to finish verity. @@ -628,7 +629,8 @@ static int btrfs_begin_enable_verity(struct file *filp) * Returns 0 on success, negative error code on error. */ static int btrfs_end_enable_verity(struct file *filp, const void *desc, - size_t desc_size, u64 merkle_tree_size) + size_t desc_size, u64 merkle_tree_size, + u8 log_blocksize) { struct btrfs_inode *inode = BTRFS_I(file_inode(filp)); int ret = 0; diff --git a/fs/ext4/verity.c b/fs/ext4/verity.c index 4eb77cefdbe1..4e2f01f048c0 100644 --- a/fs/ext4/verity.c +++ b/fs/ext4/verity.c @@ -189,7 +189,8 @@ static int ext4_write_verity_descriptor(struct inode *inode, const void *desc, } static int ext4_end_enable_verity(struct file *filp, const void *desc, - size_t desc_size, u64 merkle_tree_size) + size_t desc_size, u64 merkle_tree_size, + u8 log_blocksize) { struct inode *inode = file_inode(filp); const int credits = 2; /* superblock and inode for ext4_orphan_del() */ diff --git a/fs/f2fs/verity.c b/fs/f2fs/verity.c index bb354ab8ca5a..601ab9f0c024 100644 --- a/fs/f2fs/verity.c +++ b/fs/f2fs/verity.c @@ -144,7 +144,8 @@ static int f2fs_begin_enable_verity(struct file *filp) } static int f2fs_end_enable_verity(struct file *filp, const void *desc, - size_t desc_size, u64 merkle_tree_size) + size_t desc_size, u64 merkle_tree_size, + u8 log_blocksize) { struct inode *inode = file_inode(filp); struct f2fs_sb_info *sbi = F2FS_I_SB(inode); diff --git a/fs/verity/enable.c b/fs/verity/enable.c index c284f46d1b53..c87cab796f0b 100644 --- a/fs/verity/enable.c +++ b/fs/verity/enable.c @@ -274,7 +274,8 @@ static int enable_verity(struct file *filp, * Serialized with ->begin_enable_verity() by the inode lock. */ inode_lock(inode); - err = vops->end_enable_verity(filp, desc, desc_size, params.tree_size); + err = vops->end_enable_verity(filp, desc, desc_size, params.tree_size, + desc->log_blocksize); inode_unlock(inode); if (err) { fsverity_err(inode, "%ps() failed with err %d", @@ -300,7 +301,8 @@ static int enable_verity(struct file *filp, rollback: inode_lock(inode); - (void)vops->end_enable_verity(filp, NULL, 0, params.tree_size); + (void)vops->end_enable_verity(filp, NULL, 0, params.tree_size, + desc->log_blocksize); inode_unlock(inode); goto out; } diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h index 252b2668894c..cac012d4c86a 100644 --- a/include/linux/fsverity.h +++ b/include/linux/fsverity.h @@ -51,6 +51,7 @@ struct fsverity_operations { * @desc: the verity descriptor to write, or NULL on failure * @desc_size: size of verity descriptor, or 0 on failure * @merkle_tree_size: total bytes the Merkle tree took up + * @log_blocksize: log size of the Merkle tree block * * If desc == NULL, then enabling verity failed and the filesystem only * must do any necessary cleanups. Else, it must also store the given @@ -65,7 +66,8 @@ struct fsverity_operations { * Return: 0 on success, -errno on failure */ int (*end_enable_verity)(struct file *filp, const void *desc, - size_t desc_size, u64 merkle_tree_size); + size_t desc_size, u64 merkle_tree_size, + u8 log_blocksize); /** * Get the verity descriptor of the given inode. From patchwork Fri Oct 6 18:49:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411892 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D4ED3E94101 for ; Fri, 6 Oct 2023 18:54:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233378AbjJFSyn (ORCPT ); Fri, 6 Oct 2023 14:54:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43548 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233167AbjJFSyg (ORCPT ); Fri, 6 Oct 2023 14:54:36 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5690CF2 for ; Fri, 6 Oct 2023 11:52:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618351; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=c3gomcdSnORKGqO6JgH9QQWRoXUfHA8TCEcldyiCDCg=; b=WqUgK7TkCaQzYrzDmluX7ATicDSuEynULxcDYNvpnyYPV0QxcmlE3Jyo2xeWY+KIiGyDN2 7aD/WKTOOhoGkMEYfatYuvbpf0Ezgg0P8uEuKc8o8YMSzFTkB3QsyG9V3Elm6MU0kFs1tM Q4gJ7fSXVNqE6I/MzcoXEL7670YJirg= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-456-rJzTUJ9xMzKVH37EP_MI6w-1; Fri, 06 Oct 2023 14:52:29 -0400 X-MC-Unique: rJzTUJ9xMzKVH37EP_MI6w-1 Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-9b2c1159b0aso206678066b.3 for ; Fri, 06 Oct 2023 11:52:29 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618348; x=1697223148; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=c3gomcdSnORKGqO6JgH9QQWRoXUfHA8TCEcldyiCDCg=; b=AHf/YfPKBG3IXIOJ7AgTTDIPeFvB/jXK5jaPBCziQDcim/uBUiyVDzWIwoLxettdda dJAdy57R5xN+hSkWYP7GSpdittHmR2huDR16A3E/6PUn42O9giTv3t5whoEWymbdW6KF C0InvFtnAdTiLHTv471pXhOPc50jB/4nQwr7tIMf/Yk/8GRqNv4mIJq5PfCokq9+g16x d7teUML2t/7xqgOE759SUIEy4r7oVRM27xFm+SRKQVXU82FOrPa6m0PPQb7Z7wf56i/O p4WPkPP0dhWJgfAK8g3ByFlj5S9pYkmGXtHhq+S2ObWWopq+B76wpVDxsWPAl2p8PhE+ 2ahQ== X-Gm-Message-State: AOJu0YxG3ojQsyTsu7RcowQOY2EHhR2/OzH32BXZoSY119TbmJIQJWRg GPTdFXu9ddPfuMhUWSPPWwfvuQQMAVpoL5wZmfDT00ajfBH1TEQSODaBeM1mq5xfxbBM8wgfgRX HTygjq9eFK6DTxHPpwxtnvv1qUCNU2U5yAIO7ZE5Hi0ZaTCoti5lqW4PePQtpZjwB/BNByLAq9v r//iU= X-Received: by 2002:a17:906:7389:b0:9a5:b878:7336 with SMTP id f9-20020a170906738900b009a5b8787336mr9458680ejl.7.1696618348174; Fri, 06 Oct 2023 11:52:28 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGlxgiiFCo6W/cxOloQkzFkz3BO5pAnKo80UorlqgbxkwRXthGuHA2XjbRabXXVlN6GGVvRXg== X-Received: by 2002:a17:906:7389:b0:9a5:b878:7336 with SMTP id f9-20020a170906738900b009a5b8787336mr9458662ejl.7.1696618347793; Fri, 06 Oct 2023 11:52:27 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:27 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Andrey Albershteyn Subject: [PATCH v3 10/28] fsverity: operate with Merkle tree blocks instead of pages Date: Fri, 6 Oct 2023 20:49:04 +0200 Message-Id: <20231006184922.252188-11-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org fsverity expects filesystem to provide PAGEs with Merkle tree blocks in it. Then, when fsverity is done with processing the blocks, reference to PAGE is freed. This doesn't fit well with the way XFS manages its memory. This patch moves page reference management out of fsverity to filesystem. This way fsverity expects a kaddr to the Merkle tree block and filesystem can handle all caching and reference counting. As btrfs, ext4 and f2fs return page with Merkle tree blocks this patch also adds fsverity_read_merkle_tree_block() which wraps addressing blocks in the page (not to implement it in every fs). Signed-off-by: Andrey Albershteyn --- fs/verity/open.c | 15 ++--- fs/verity/read_metadata.c | 41 +++++++------- fs/verity/verify.c | 58 ++++++++----------- include/linux/fsverity.h | 115 +++++++++++++++++++++++++++++++++----- 4 files changed, 150 insertions(+), 79 deletions(-) diff --git a/fs/verity/open.c b/fs/verity/open.c index dfb9fe6aaae9..8665d8b40081 100644 --- a/fs/verity/open.c +++ b/fs/verity/open.c @@ -126,19 +126,16 @@ int fsverity_init_merkle_tree_params(struct merkle_tree_params *params, } /* - * With block_size != PAGE_SIZE, an in-memory bitmap will need to be - * allocated to track the "verified" status of hash blocks. Don't allow - * this bitmap to get too large. For now, limit it to 1 MiB, which - * limits the file size to about 4.4 TB with SHA-256 and 4K blocks. + * An in-memory bitmap will need to be allocated to track the "verified" + * status of hash blocks. Don't allow this bitmap to get too large. + * For now, limit it to 1 MiB, which limits the file size to + * about 4.4 TB with SHA-256 and 4K blocks. * * Together with the fact that the data, and thus also the Merkle tree, * cannot have more than ULONG_MAX pages, this implies that hash block - * indices can always fit in an 'unsigned long'. But to be safe, we - * explicitly check for that too. Note, this is only for hash block - * indices; data block indices might not fit in an 'unsigned long'. + * indices can always fit in an 'unsigned long'. */ - if ((params->block_size != PAGE_SIZE && offset > 1 << 23) || - offset > ULONG_MAX) { + if (offset > (1 << 23)) { fsverity_err(inode, "Too many blocks in Merkle tree"); err = -EFBIG; goto out_err; diff --git a/fs/verity/read_metadata.c b/fs/verity/read_metadata.c index 197624cab43e..182bddf5dec5 100644 --- a/fs/verity/read_metadata.c +++ b/fs/verity/read_metadata.c @@ -16,9 +16,9 @@ static int fsverity_read_merkle_tree(struct inode *inode, const struct fsverity_info *vi, void __user *buf, u64 offset, int length) { - const struct fsverity_operations *vops = inode->i_sb->s_vop; u64 end_offset; - unsigned int offs_in_page; + unsigned int offs_in_block; + unsigned int block_size = vi->tree_params.block_size; pgoff_t index, last_index; int retval = 0; int err = 0; @@ -26,8 +26,8 @@ static int fsverity_read_merkle_tree(struct inode *inode, end_offset = min(offset + length, vi->tree_params.tree_size); if (offset >= end_offset) return 0; - offs_in_page = offset_in_page(offset); - last_index = (end_offset - 1) >> PAGE_SHIFT; + offs_in_block = offset % block_size; + last_index = (end_offset - 1) >> vi->tree_params.log_blocksize; /* * Iterate through each Merkle tree page in the requested range and copy @@ -35,34 +35,31 @@ static int fsverity_read_merkle_tree(struct inode *inode, * size isn't important here, as we are returning a byte stream; i.e., * we can just work with pages even if the tree block size != PAGE_SIZE. */ - for (index = offset >> PAGE_SHIFT; index <= last_index; index++) { + for (index = offset >> vi->tree_params.log_blocksize; + index <= last_index; index++) { unsigned long num_ra_pages = min_t(unsigned long, last_index - index + 1, inode->i_sb->s_bdi->io_pages); unsigned int bytes_to_copy = min_t(u64, end_offset - offset, - PAGE_SIZE - offs_in_page); - struct page *page; - const void *virt; + block_size - offs_in_block); + struct fsverity_block block; - page = vops->read_merkle_tree_page(inode, index, num_ra_pages, - vi->tree_params.log_blocksize); - if (IS_ERR(page)) { - err = PTR_ERR(page); - fsverity_err(inode, - "Error %d reading Merkle tree page %lu", - err, index); + block.len = block_size; + if (fsverity_read_merkle_tree_block(inode, + index << vi->tree_params.log_blocksize, + &block, num_ra_pages)) { + fsverity_drop_block(inode, &block); + err = -EFAULT; break; } - virt = kmap_local_page(page); - if (copy_to_user(buf, virt + offs_in_page, bytes_to_copy)) { - kunmap_local(virt); - fsverity_drop_page(inode, page); + if (copy_to_user(buf, block.kaddr + offs_in_block, bytes_to_copy)) { + fsverity_drop_block(inode, &block); err = -EFAULT; break; } - kunmap_local(virt); - fsverity_drop_page(inode, page); + fsverity_drop_block(inode, &block); + block.kaddr = NULL; retval += bytes_to_copy; buf += bytes_to_copy; @@ -73,7 +70,7 @@ static int fsverity_read_merkle_tree(struct inode *inode, break; } cond_resched(); - offs_in_page = 0; + offs_in_block = 0; } return retval ? retval : err; } diff --git a/fs/verity/verify.c b/fs/verity/verify.c index f556336ebd8d..dfe01f121843 100644 --- a/fs/verity/verify.c +++ b/fs/verity/verify.c @@ -44,15 +44,15 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, const struct merkle_tree_params *params = &vi->tree_params; const unsigned int hsize = params->digest_size; int level; + int err; + int num_ra_pages; u8 _want_hash[FS_VERITY_MAX_DIGEST_SIZE]; const u8 *want_hash; u8 real_hash[FS_VERITY_MAX_DIGEST_SIZE]; /* The hash blocks that are traversed, indexed by level */ struct { - /* Page containing the hash block */ - struct page *page; - /* Mapped address of the hash block (will be within @page) */ - const void *addr; + /* Block containing the hash block */ + struct fsverity_block block; /* Index of the hash block in the tree overall */ unsigned long index; /* Byte offset of the wanted hash relative to @addr */ @@ -93,10 +93,8 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, unsigned long next_hidx; unsigned long hblock_idx; pgoff_t hpage_idx; - unsigned int hblock_offset_in_page; unsigned int hoffset; - struct page *hpage; - const void *haddr; + struct fsverity_block *block = &hblocks[level].block; /* * The index of the block in the current level; also the index @@ -110,34 +108,28 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, /* Index of the hash page in the tree overall */ hpage_idx = hblock_idx >> params->log_blocks_per_page; - /* Byte offset of the hash block within the page */ - hblock_offset_in_page = - (hblock_idx << params->log_blocksize) & ~PAGE_MASK; - /* Byte offset of the hash within the block */ hoffset = (hidx << params->log_digestsize) & (params->block_size - 1); - hpage = inode->i_sb->s_vop->read_merkle_tree_page(inode, - hpage_idx, level == 0 ? min(max_ra_pages, - params->tree_pages - hpage_idx) : 0, - params->log_blocksize); - if (IS_ERR(hpage)) { + block->len = params->block_size; + num_ra_pages = level == 0 ? + min(max_ra_pages, params->tree_pages - hpage_idx) : 0; + err = fsverity_read_merkle_tree_block( + inode, hblock_idx << params->log_blocksize, block, + num_ra_pages); + if (err) { fsverity_err(inode, - "Error %ld reading Merkle tree page %lu", - PTR_ERR(hpage), hpage_idx); + "Error %d reading Merkle tree block %lu", + err, hblock_idx); goto error; } - haddr = kmap_local_page(hpage) + hblock_offset_in_page; - if (is_hash_block_verified(vi, hblock_idx, PageChecked(hpage))) { - memcpy(_want_hash, haddr + hoffset, hsize); + if (is_hash_block_verified(vi, hblock_idx, block->cached)) { + memcpy(_want_hash, block->kaddr + hoffset, hsize); want_hash = _want_hash; - kunmap_local(haddr); - fsverity_drop_page(inode, hpage); + fsverity_drop_block(inode, block); goto descend; } - hblocks[level].page = hpage; - hblocks[level].addr = haddr; hblocks[level].index = hblock_idx; hblocks[level].hoffset = hoffset; hidx = next_hidx; @@ -147,8 +139,8 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, descend: /* Descend the tree verifying hash blocks. */ for (; level > 0; level--) { - struct page *hpage = hblocks[level - 1].page; - const void *haddr = hblocks[level - 1].addr; + struct fsverity_block *block = &hblocks[level - 1].block; + const void *haddr = block->kaddr; unsigned long hblock_idx = hblocks[level - 1].index; unsigned int hoffset = hblocks[level - 1].hoffset; @@ -161,14 +153,11 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, * idempotent, as the same hash block might be verified by * multiple threads concurrently. */ - if (vi->hash_block_verified) - set_bit(hblock_idx, vi->hash_block_verified); - else - SetPageChecked(hpage); + set_bit(hblock_idx, vi->hash_block_verified); + block->verified = true; memcpy(_want_hash, haddr + hoffset, hsize); want_hash = _want_hash; - kunmap_local(haddr); - fsverity_drop_page(inode, hpage); + fsverity_drop_block(inode, block); } /* Finally, verify the data block. */ @@ -186,8 +175,7 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, params->hash_alg->name, hsize, real_hash); error: for (; level > 0; level--) { - kunmap_local(hblocks[level - 1].addr); - fsverity_drop_page(inode, hblocks[level - 1].page); + fsverity_drop_block(inode, &hblocks[level - 1].block); } return false; } diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h index cac012d4c86a..ce37a430bc97 100644 --- a/include/linux/fsverity.h +++ b/include/linux/fsverity.h @@ -26,6 +26,24 @@ /* Arbitrary limit to bound the kmalloc() size. Can be changed. */ #define FS_VERITY_MAX_DESCRIPTOR_SIZE 16384 +/** + * struct fsverity_block - Merkle Tree block + * @kaddr: virtual address of the block's data + * @len: length of the data + * @cached: true if block was already in cache, false otherwise + * @verified: true if block is verified against Merkle tree + * @context: filesystem private context + * + * Merkle Tree blocks passed and requested from filesystem + */ +struct fsverity_block { + void *kaddr; + unsigned int len; + bool cached; + bool verified; + void *context; +}; + /* Verity operations for filesystems */ struct fsverity_operations { @@ -107,6 +125,24 @@ struct fsverity_operations { pgoff_t index, unsigned long num_ra_pages, u8 log_blocksize); + /** + * Read a Merkle tree block of the given inode. + * @inode: the inode + * @index: 0-based index of the block within the Merkle tree + * @num_ra_pages: The number of pages with blocks that should be + * prefetched starting at @index if the page at @index + * isn't already cached. Implementations may ignore this + * argument; it's only a performance optimization. + * + * This can be called at any time on an open verity file. It may be + * called by multiple processes concurrently. + * + * Return: 0 on success, -errno on failure + */ + int (*read_merkle_tree_block)(struct inode *inode, + unsigned int index, + struct fsverity_block *block, + unsigned long num_ra_pages); /** * Write a Merkle tree block to the given inode. @@ -125,14 +161,14 @@ struct fsverity_operations { u64 pos, unsigned int size); /** - * Release the reference to a Merkle tree page + * Release the reference to a Merkle tree block * - * @page: the page to release + * @page: the block to release * - * This is called when fs-verity is done with a page obtained with - * ->read_merkle_tree_page(). + * This is called when fs-verity is done with a block obtained with + * ->read_merkle_tree_block(). */ - void (*drop_page)(struct page *page); + void (*drop_block)(struct fsverity_block *block); }; #ifdef CONFIG_FS_VERITY @@ -188,22 +224,66 @@ void fsverity_verify_bio(struct bio *bio); void fsverity_enqueue_verify_work(struct work_struct *work); /** - * fsverity_drop_page() - drop page obtained with ->read_merkle_tree_page() + * fsverity_drop_block() - drop block obtained with ->read_merkle_tree_block() * @inode: inode in use for verification or metadata reading - * @page: page to be dropped + * @block: block to be dropped * - * Generic put_page() method. Calls out back to filesystem if ->drop_page() is - * set, otherwise just drops the reference to a page. + * Generic put_page() method. Calls out back to filesystem if ->drop_block() is + * set, otherwise do nothing. * */ -static inline void fsverity_drop_page(struct inode *inode, struct page *page) +static inline void fsverity_drop_block(struct inode *inode, + struct fsverity_block *block) { - if (inode->i_sb->s_vop->drop_page) - inode->i_sb->s_vop->drop_page(page); - else + if (inode->i_sb->s_vop->drop_block) + inode->i_sb->s_vop->drop_block(block); + else { + struct page *page = (struct page *)block->context; + + if (block->verified) + SetPageChecked(page); + put_page(page); + } } +/** + * fsverity_read_block_from_page() - layer between fs using read page + * and read block + * @inode: inode in use for verification or metadata reading + * @index: index of the block in the tree (offset into the tree) + * @block: block to be read + * @num_ra_pages: number of pages to readahead, may be ignored + * + * Depending on fs implementation use read_merkle_tree_block or + * read_merkle_tree_page. + */ +static inline int fsverity_read_merkle_tree_block(struct inode *inode, + unsigned int index, + struct fsverity_block *block, + unsigned long num_ra_pages) +{ + struct page *page; + + if (inode->i_sb->s_vop->read_merkle_tree_block) + return inode->i_sb->s_vop->read_merkle_tree_block( + inode, index, block, num_ra_pages); + + page = inode->i_sb->s_vop->read_merkle_tree_page( + inode, index >> PAGE_SHIFT, num_ra_pages, + block->len); + + block->kaddr = page_address(page) + (index % PAGE_SIZE); + block->cached = PageChecked(page); + block->context = page; + + if (IS_ERR(page)) + return PTR_ERR(page); + else + return 0; +} + + #else /* !CONFIG_FS_VERITY */ @@ -287,6 +367,15 @@ static inline void fsverity_drop_page(struct inode *inode, struct page *page) WARN_ON_ONCE(1); } +static inline int fsverity_read_merkle_tree_block(struct inode *inode, + unsigned int index, + struct fsverity_block *block, + unsigned long num_ra_pages) +{ + WARN_ON_ONCE(1); + return -EOPNOTSUPP; +} + #endif /* !CONFIG_FS_VERITY */ static inline bool fsverity_verify_folio(struct folio *folio) From patchwork Fri Oct 6 18:49:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411884 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A7B08E92FE0 for ; Fri, 6 Oct 2023 18:54:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233289AbjJFSyD (ORCPT ); Fri, 6 Oct 2023 14:54:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50306 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233273AbjJFSx6 (ORCPT ); Fri, 6 Oct 2023 14:53:58 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3637FF1 for ; Fri, 6 Oct 2023 11:52:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618351; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=VJUiSpfPMzcl28TFVJjzzuncoLSne12d470beZMPYcY=; b=L2xD6Llp1BgCE7yCAwxa982v2i4U3HVlUC/VslEZDf90wSKtD9k4ZfmfYIIsxqv2k6YYod j7cyvt1daXbEzyD8oqciTkp+mv36cnFR3/OoNe+vUr2Wj7o2q9Qo4Slllh6LIWGGRY7x9b mey4+A0HEVjWLla6MvpXyF+TN66bQes= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-528-6KNDfar_Oj-UIRg8Kx2U8A-1; Fri, 06 Oct 2023 14:52:30 -0400 X-MC-Unique: 6KNDfar_Oj-UIRg8Kx2U8A-1 Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-99c8bbc902eso207722166b.1 for ; Fri, 06 Oct 2023 11:52:29 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618349; x=1697223149; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VJUiSpfPMzcl28TFVJjzzuncoLSne12d470beZMPYcY=; b=wh+e51Q8QiI+D7SqEuzx7xocTl8qv1KU+aVgZFb82Lo7A5au6DfYhWSPPYALV4iXZH xkeCiXG5OAe3lFreJPKvIIEGV5Z79HfOZBZ0aqQQ/PlJJiV8IQ3/MG90PrXIiiq3sdGV KO0oBUYLccVqJk713R0CODE06c21fwN040wV1pqW+O6euuKOIcAvPbYOlYmIFTyxRlbu UyR/HX4ADnYVI9tTBeEV8RZ7W11JmsXNuDFIBYfGSAMVg9c1QfBm9Gyo0XUzgzlm2o57 W57GBbNHV8wwN1MAt7xIQ8rjK3hvEyYYROhEiMyz65CrrXrM+HNQoDhLLI9R+x4nVTMi AN1Q== X-Gm-Message-State: AOJu0Yy+PXnwY7F+yaFeTkXAk27Fc7pz4HZtWUbwX/FHQ568u1nkQL8a LC/OHDiD1U17uUzUD254vedBH02NAdnj9jAxfEwpaXojzOL1Oh8EDsgl1gZ8DNgwzXsgNgGEbZx d3bJfz6rAw0kxlVf83nzlYqUNm5YabsU07t3Sykj7uiWDbvBQI54E1V+R7cyNApFSG7P+bxLDKq TAJlo= X-Received: by 2002:a17:907:7891:b0:9b9:325f:9be9 with SMTP id ku17-20020a170907789100b009b9325f9be9mr6905146ejc.73.1696618348840; Fri, 06 Oct 2023 11:52:28 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG6693S4s/pd1mNyLR7i5gSJ+yywVELtJcWxdgdXWVai6POFCFoxzt5ozN8gK51meBnXnTb8A== X-Received: by 2002:a17:907:7891:b0:9b9:325f:9be9 with SMTP id ku17-20020a170907789100b009b9325f9be9mr6905129ejc.73.1696618348563; Fri, 06 Oct 2023 11:52:28 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:28 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Andrey Albershteyn Subject: [PATCH v3 11/28] iomap: pass readpage operation to read path Date: Fri, 6 Oct 2023 20:49:05 +0200 Message-Id: <20231006184922.252188-12-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org Preparation for allowing filesystems to provide bio_set and ->submit_io() for read path. This will allow fs to do an additional processing of ioend on ioend completion. Make iomap_read_end_io() exportable, so, it can be called back from filesystem callout after verification is done. Signed-off-by: Andrey Albershteyn --- fs/erofs/data.c | 4 ++-- fs/gfs2/aops.c | 4 ++-- fs/iomap/buffered-io.c | 13 ++++++++++--- fs/xfs/xfs_aops.c | 4 ++-- fs/zonefs/file.c | 4 ++-- include/linux/iomap.h | 21 +++++++++++++++++++-- 6 files changed, 37 insertions(+), 13 deletions(-) diff --git a/fs/erofs/data.c b/fs/erofs/data.c index 0c2c99c58b5e..3f5482d6cedb 100644 --- a/fs/erofs/data.c +++ b/fs/erofs/data.c @@ -357,12 +357,12 @@ int erofs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, */ static int erofs_read_folio(struct file *file, struct folio *folio) { - return iomap_read_folio(folio, &erofs_iomap_ops); + return iomap_read_folio(folio, &erofs_iomap_ops, NULL); } static void erofs_readahead(struct readahead_control *rac) { - return iomap_readahead(rac, &erofs_iomap_ops); + return iomap_readahead(rac, &erofs_iomap_ops, NULL); } static sector_t erofs_bmap(struct address_space *mapping, sector_t block) diff --git a/fs/gfs2/aops.c b/fs/gfs2/aops.c index c26d48355cc2..9c09ff75e586 100644 --- a/fs/gfs2/aops.c +++ b/fs/gfs2/aops.c @@ -456,7 +456,7 @@ static int gfs2_read_folio(struct file *file, struct folio *folio) if (!gfs2_is_jdata(ip) || (i_blocksize(inode) == PAGE_SIZE && !folio_buffers(folio))) { - error = iomap_read_folio(folio, &gfs2_iomap_ops); + error = iomap_read_folio(folio, &gfs2_iomap_ops, NULL); } else if (gfs2_is_stuffed(ip)) { error = stuffed_readpage(ip, &folio->page); folio_unlock(folio); @@ -534,7 +534,7 @@ static void gfs2_readahead(struct readahead_control *rac) else if (gfs2_is_jdata(ip)) mpage_readahead(rac, gfs2_block_map); else - iomap_readahead(rac, &gfs2_iomap_ops); + iomap_readahead(rac, &gfs2_iomap_ops, NULL); } /** diff --git a/fs/iomap/buffered-io.c b/fs/iomap/buffered-io.c index 644479ccefbd..ca78c7f62527 100644 --- a/fs/iomap/buffered-io.c +++ b/fs/iomap/buffered-io.c @@ -264,7 +264,7 @@ static void iomap_finish_folio_read(struct folio *folio, size_t offset, folio_unlock(folio); } -static void iomap_read_end_io(struct bio *bio) +void iomap_read_end_io(struct bio *bio) { int error = blk_status_to_errno(bio->bi_status); struct folio_iter fi; @@ -273,12 +273,14 @@ static void iomap_read_end_io(struct bio *bio) iomap_finish_folio_read(fi.folio, fi.offset, fi.length, error); bio_put(bio); } +EXPORT_SYMBOL_GPL(iomap_read_end_io); struct iomap_readpage_ctx { struct folio *cur_folio; bool cur_folio_in_bio; struct bio *bio; struct readahead_control *rac; + const struct iomap_readpage_ops *ops; }; /** @@ -402,7 +404,8 @@ static loff_t iomap_readpage_iter(const struct iomap_iter *iter, return pos - orig_pos + plen; } -int iomap_read_folio(struct folio *folio, const struct iomap_ops *ops) +int iomap_read_folio(struct folio *folio, const struct iomap_ops *ops, + const struct iomap_readpage_ops *readpage_ops) { struct iomap_iter iter = { .inode = folio->mapping->host, @@ -411,6 +414,7 @@ int iomap_read_folio(struct folio *folio, const struct iomap_ops *ops) }; struct iomap_readpage_ctx ctx = { .cur_folio = folio, + .ops = readpage_ops, }; int ret; @@ -468,6 +472,7 @@ static loff_t iomap_readahead_iter(const struct iomap_iter *iter, * iomap_readahead - Attempt to read pages from a file. * @rac: Describes the pages to be read. * @ops: The operations vector for the filesystem. + * @readpage_ops: Filesystem supplied folio processiong operation * * This function is for filesystems to call to implement their readahead * address_space operation. @@ -479,7 +484,8 @@ static loff_t iomap_readahead_iter(const struct iomap_iter *iter, * function is called with memalloc_nofs set, so allocations will not cause * the filesystem to be reentered. */ -void iomap_readahead(struct readahead_control *rac, const struct iomap_ops *ops) +void iomap_readahead(struct readahead_control *rac, const struct iomap_ops *ops, + const struct iomap_readpage_ops *readpage_ops) { struct iomap_iter iter = { .inode = rac->mapping->host, @@ -488,6 +494,7 @@ void iomap_readahead(struct readahead_control *rac, const struct iomap_ops *ops) }; struct iomap_readpage_ctx ctx = { .rac = rac, + .ops = readpage_ops, }; trace_iomap_readahead(rac->mapping->host, readahead_count(rac)); diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c index 465d7630bb21..b413a2dbcc18 100644 --- a/fs/xfs/xfs_aops.c +++ b/fs/xfs/xfs_aops.c @@ -553,14 +553,14 @@ xfs_vm_read_folio( struct file *unused, struct folio *folio) { - return iomap_read_folio(folio, &xfs_read_iomap_ops); + return iomap_read_folio(folio, &xfs_read_iomap_ops, NULL); } STATIC void xfs_vm_readahead( struct readahead_control *rac) { - iomap_readahead(rac, &xfs_read_iomap_ops); + iomap_readahead(rac, &xfs_read_iomap_ops, NULL); } static int diff --git a/fs/zonefs/file.c b/fs/zonefs/file.c index b2c9b35df8f7..29428c012150 100644 --- a/fs/zonefs/file.c +++ b/fs/zonefs/file.c @@ -112,12 +112,12 @@ static const struct iomap_ops zonefs_write_iomap_ops = { static int zonefs_read_folio(struct file *unused, struct folio *folio) { - return iomap_read_folio(folio, &zonefs_read_iomap_ops); + return iomap_read_folio(folio, &zonefs_read_iomap_ops, NULL); } static void zonefs_readahead(struct readahead_control *rac) { - iomap_readahead(rac, &zonefs_read_iomap_ops); + iomap_readahead(rac, &zonefs_read_iomap_ops, NULL); } /* diff --git a/include/linux/iomap.h b/include/linux/iomap.h index 96dd0acbba44..3565c449f3c9 100644 --- a/include/linux/iomap.h +++ b/include/linux/iomap.h @@ -262,8 +262,25 @@ int iomap_file_buffered_write_punch_delalloc(struct inode *inode, struct iomap *iomap, loff_t pos, loff_t length, ssize_t written, int (*punch)(struct inode *inode, loff_t pos, loff_t length)); -int iomap_read_folio(struct folio *folio, const struct iomap_ops *ops); -void iomap_readahead(struct readahead_control *, const struct iomap_ops *ops); +struct iomap_readpage_ops { + /* + * Filesystems wishing to attach private information to a direct io bio + * must provide a ->submit_io method that attaches the additional + * information to the bio and changes the ->bi_end_io callback to a + * custom function. This function should, at a minimum, perform any + * relevant post-processing of the bio and end with a call to + * iomap_read_end_io. + */ + void (*submit_io)(const struct iomap_iter *iter, struct bio *bio, + loff_t file_offset); + struct bio_set *bio_set; +}; + +void iomap_read_end_io(struct bio *bio); +int iomap_read_folio(struct folio *folio, const struct iomap_ops *ops, + const struct iomap_readpage_ops *readpage_ops); +void iomap_readahead(struct readahead_control *, const struct iomap_ops *ops, + const struct iomap_readpage_ops *readpage_ops); bool iomap_is_partially_uptodate(struct folio *, size_t from, size_t count); struct folio *iomap_get_folio(struct iomap_iter *iter, loff_t pos, size_t len); bool iomap_release_folio(struct folio *folio, gfp_t gfp_flags); From patchwork Fri Oct 6 18:49:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411898 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6E940E94105 for ; Fri, 6 Oct 2023 18:55:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233508AbjJFSzQ (ORCPT ); Fri, 6 Oct 2023 14:55:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43570 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233309AbjJFSyw (ORCPT ); Fri, 6 Oct 2023 14:54:52 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4957910F for ; Fri, 6 Oct 2023 11:52:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618362; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8fJjOgJTOBqTNpGZsppEB438CqzELHcDr88tlE5TL2U=; b=U8vFXha50cJePBiu0XXQMO3B1cGVrcSDnmQUoa06fX8zpIK9I8u/3uV91I0Kx3Z96XsBOf QEYdDez5jIV9j89R12qdsFcEgSD/lz41WI4jqKQSh9Ks+8QHzWV08mSKx6TyhC0UVoXPVy CLdJKo8rILWxYsi5XYJ3fzF9cw4SAoE= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-529-LuGc4fjrMF-Uqu2agnFB1Q-1; Fri, 06 Oct 2023 14:52:31 -0400 X-MC-Unique: LuGc4fjrMF-Uqu2agnFB1Q-1 Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-9ae70250ef5so395946766b.0 for ; Fri, 06 Oct 2023 11:52:31 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618350; x=1697223150; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8fJjOgJTOBqTNpGZsppEB438CqzELHcDr88tlE5TL2U=; b=ViQShq1zjOy1ONTiJ0KaSXZVeBJMWKkps34ql5xtAxgfclepbtpOztyBwPiknG7A04 r5Kt8ipMPxTO6vcTuJvix49BXIvRBB1AfJMDV+7N+4+uy96RMpes2+mEuFEdPtCuUS9l 83yQSCJ3RCGy/WaJI+1jUPh7tfGpD9KfynQ36JXdxi3kB3qRgfNAEPm8Xs012L7Sxm7o qtCXd1KONUTp7Eh1hHzE4NaoExTUAxCEL/mJa3uRfdlbW75iBEtdr9NUHgBtKm2RcN/i HNSujhYW0eghpxG4Y3tLi3Xc5HU2ykofMpzuGZOMAJJCeJ+8hD4jYjsfjjgNUTbb90cw 1QjQ== X-Gm-Message-State: AOJu0YxE7IQP1ZBIjEwsnVDYNKORpysTpjDLRo9vqyW0BGwYqgKgGnWR u8ol4g/AoL2mumm9whrI3zv2EpUJsLoAPUIunoOiZj/Nf2oiqOhI6EQvUQVrEgEXkQcKThkOrHt 8wHcvV6L+wulOEFHTf5vatcQGUQbCo8s9oOTkyRXoSYTvxM5DnWg2ZxXBcgipnYwFv0qtCwFhf5 9z5R4= X-Received: by 2002:a17:906:31c1:b0:9b6:d20d:8a46 with SMTP id f1-20020a17090631c100b009b6d20d8a46mr5748164ejf.6.1696618349887; Fri, 06 Oct 2023 11:52:29 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGJtYnAO2IwdX1h2RvfFSiMYTMaukCGR5jLN6oib6DxFhtgJB+r7zCfde55VfmX4YT5UsZzWg== X-Received: by 2002:a17:906:31c1:b0:9b6:d20d:8a46 with SMTP id f1-20020a17090631c100b009b6d20d8a46mr5748148ejf.6.1696618349521; Fri, 06 Oct 2023 11:52:29 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:28 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Andrey Albershteyn Subject: [PATCH v3 12/28] iomap: allow filesystem to implement read path verification Date: Fri, 6 Oct 2023 20:49:06 +0200 Message-Id: <20231006184922.252188-13-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org Currently, there is no interface to let filesystem do post-processing of completed BIO (ioend) in read path. This can be very handy for fs-verity verification. This patch add a callout to filesystem provided ->submit_bio to configure BIO completion callout. The read path ioend iomap_read_ioend are stored side by side with BIOs allocated from filesystem provided bio_set. Add IOMAP_F_READ_VERITY which indicates that iomap need to verify BIO (e.g. fs-verity) after I/O is completed. Any verification itself happens on filesystem side. The verification is done when the BIO is processed by calling out ->bi_end_io(). Signed-off-by: Andrey Albershteyn --- fs/iomap/buffered-io.c | 40 +++++++++++++++++++++++++++++++++------- include/linux/iomap.h | 15 +++++++++++++++ 2 files changed, 48 insertions(+), 7 deletions(-) diff --git a/fs/iomap/buffered-io.c b/fs/iomap/buffered-io.c index ca78c7f62527..0a1bec91fdf6 100644 --- a/fs/iomap/buffered-io.c +++ b/fs/iomap/buffered-io.c @@ -332,6 +332,19 @@ static inline bool iomap_block_needs_zeroing(const struct iomap_iter *iter, pos >= i_size_read(iter->inode); } +static void +iomap_submit_read_io(const struct iomap_iter *iter, + struct iomap_readpage_ctx *ctx) +{ + if (!ctx->bio) + return; + + if (ctx->ops && ctx->ops->submit_io) + ctx->ops->submit_io(iter, ctx->bio, iter->pos); + else + submit_bio(ctx->bio); +} + static loff_t iomap_readpage_iter(const struct iomap_iter *iter, struct iomap_readpage_ctx *ctx, loff_t offset) { @@ -355,6 +368,13 @@ static loff_t iomap_readpage_iter(const struct iomap_iter *iter, if (iomap_block_needs_zeroing(iter, pos)) { folio_zero_range(folio, poff, plen); + if (iomap->flags & IOMAP_F_READ_VERITY) { + if (ctx->ops->verify_folio(folio, poff, plen)) { + folio_set_error(folio); + goto done; + } + } + iomap_set_range_uptodate(folio, poff, plen); goto done; } @@ -371,13 +391,20 @@ static loff_t iomap_readpage_iter(const struct iomap_iter *iter, gfp_t orig_gfp = gfp; unsigned int nr_vecs = DIV_ROUND_UP(length, PAGE_SIZE); - if (ctx->bio) - submit_bio(ctx->bio); + iomap_submit_read_io(iter, ctx); if (ctx->rac) /* same as readahead_gfp_mask */ gfp |= __GFP_NORETRY | __GFP_NOWARN; - ctx->bio = bio_alloc(iomap->bdev, bio_max_segs(nr_vecs), - REQ_OP_READ, gfp); + + if (ctx->ops && ctx->ops->bio_set) + ctx->bio = bio_alloc_bioset(iomap->bdev, + bio_max_segs(nr_vecs), + REQ_OP_READ, GFP_NOFS, + ctx->ops->bio_set); + else + ctx->bio = bio_alloc(iomap->bdev, bio_max_segs(nr_vecs), + REQ_OP_READ, gfp); + /* * If the bio_alloc fails, try it again for a single page to * avoid having to deal with partial page reads. This emulates @@ -427,7 +454,7 @@ int iomap_read_folio(struct folio *folio, const struct iomap_ops *ops, folio_set_error(folio); if (ctx.bio) { - submit_bio(ctx.bio); + iomap_submit_read_io(&iter, &ctx); WARN_ON_ONCE(!ctx.cur_folio_in_bio); } else { WARN_ON_ONCE(ctx.cur_folio_in_bio); @@ -502,8 +529,7 @@ void iomap_readahead(struct readahead_control *rac, const struct iomap_ops *ops, while (iomap_iter(&iter, ops) > 0) iter.processed = iomap_readahead_iter(&iter, &ctx); - if (ctx.bio) - submit_bio(ctx.bio); + iomap_submit_read_io(&iter, &ctx); if (ctx.cur_folio) { if (!ctx.cur_folio_in_bio) folio_unlock(ctx.cur_folio); diff --git a/include/linux/iomap.h b/include/linux/iomap.h index 3565c449f3c9..8d7206cd2f0f 100644 --- a/include/linux/iomap.h +++ b/include/linux/iomap.h @@ -53,6 +53,9 @@ struct vm_fault; * * IOMAP_F_XATTR indicates that the iomap is for an extended attribute extent * rather than a file data extent. + * + * IOMAP_F_READ_VERITY indicates that the iomap needs verification of read + * folios */ #define IOMAP_F_NEW (1U << 0) #define IOMAP_F_DIRTY (1U << 1) @@ -64,6 +67,7 @@ struct vm_fault; #define IOMAP_F_BUFFER_HEAD 0 #endif /* CONFIG_BUFFER_HEAD */ #define IOMAP_F_XATTR (1U << 5) +#define IOMAP_F_READ_VERITY (1U << 6) /* * Flags set by the core iomap code during operations: @@ -262,7 +266,18 @@ int iomap_file_buffered_write_punch_delalloc(struct inode *inode, struct iomap *iomap, loff_t pos, loff_t length, ssize_t written, int (*punch)(struct inode *inode, loff_t pos, loff_t length)); +struct iomap_read_ioend { + struct inode *io_inode; /* file being read from */ + struct work_struct work; /* post read work (e.g. fs-verity) */ + struct bio read_inline_bio;/* MUST BE LAST! */ +}; + struct iomap_readpage_ops { + /* + * Optional, verify folio when successfully read + */ + int (*verify_folio)(struct folio *folio, loff_t pos, unsigned int len); + /* * Filesystems wishing to attach private information to a direct io bio * must provide a ->submit_io method that attaches the additional From patchwork Fri Oct 6 18:49:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411888 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id F0B5CE81E1F for ; Fri, 6 Oct 2023 18:54:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233269AbjJFSyd (ORCPT ); Fri, 6 Oct 2023 14:54:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34538 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233119AbjJFSyc (ORCPT ); Fri, 6 Oct 2023 14:54:32 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 651FEFB for ; Fri, 6 Oct 2023 11:52:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618353; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=cbAra3ZTi+LxukZ164wISWciUbvDI2f96hncpD1Yjx0=; b=MjqdRcKgm93A0Dx8SKBTQ/gWZqlATLlTqw1y7B/gxcsOF+8Qb3oqrkRdXZR70SGJe8wFhi wkWPjlob2vNfqqNPM9APYiLGmMMoGXuLXMovc2aLITughE8mfgm3vvKMknQUcdH7J5k4J0 mqYOP2JjQOCK8wxcKN/wagiFH6R7hWI= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-582-ODtwLLQpM3OFjyhhG6WLbA-1; Fri, 06 Oct 2023 14:52:32 -0400 X-MC-Unique: ODtwLLQpM3OFjyhhG6WLbA-1 Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-9a5d86705e4so223820466b.1 for ; Fri, 06 Oct 2023 11:52:32 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618351; x=1697223151; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cbAra3ZTi+LxukZ164wISWciUbvDI2f96hncpD1Yjx0=; b=Wsufg+5hBS8ybHahdNae2kQIEc/yYp2SEnKMRVdpVogQJBpn7eXpit4HRYiWxAKnD9 5DXtHENr8/pHVbaOZ72tU/wOa5g3aul4b7gNtdJ7yPGN4TpZaDG4bla9IeylpH6SFUVC hEmax4OFSnh6nt+4KiI2dAhY2pXPCkVy479bGRpTuKIOa//6B3tENw3FxVy2gJWjh+kd 4OKbiUA+PWNm+qyPxMTQGHJaFV2o3AxUvVi9+cyKmSvvlr6UzFe9ZroW4JKpZgc+HuFI d7wpI8iqqRrPcotOHcSWPYuWONGTHGmfX1WWZcmsSn1owSJKEooX+eFH1KeYVH/dNxw6 hxlQ== X-Gm-Message-State: AOJu0YyWoFVaGKwN7uRH0zpp6G+dJZe93n90vtjNIPz6XdCHIcClxvFv NDUPSGWFBrvGG+iRTD/Nxm4eAp8A16f796w91jj4612BhTZTO+JxoWNsIH8Ur0naqriCUN9gH42 z7n7+G0LCNC7Miehp7tiBPxtIIoeHYNRT8Bi/GqgmeR2zyJaD3nsmL4t+5m7TIFqdm5vpeQqzMn Go8A4= X-Received: by 2002:a17:906:29a:b0:9aa:23c9:aa52 with SMTP id 26-20020a170906029a00b009aa23c9aa52mr8067392ejf.20.1696618350891; Fri, 06 Oct 2023 11:52:30 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGAvtFtJNnveu1/9BEXcBJfWoGBg75gg0idvpFq2vl8+1sN7jevtwQabTLBIM8w3mhGcmlywA== X-Received: by 2002:a17:906:29a:b0:9aa:23c9:aa52 with SMTP id 26-20020a170906029a00b009aa23c9aa52mr8067378ejf.20.1696618350585; Fri, 06 Oct 2023 11:52:30 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:29 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Andrey Albershteyn Subject: [PATCH v3 13/28] xfs: add XBF_VERITY_CHECKED xfs_buf flag Date: Fri, 6 Oct 2023 20:49:07 +0200 Message-Id: <20231006184922.252188-14-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org One of essential ideas of fs-verity is that pages which are already verified won't need to be re-verified if they still in page cache. XFS will store Merkle tree blocks in extended attributes. Each attribute has one Merkle tree block. When read extended attribute data is put into xfs_buf. The data in the buffer is not aligned with xfs_buf pages and we don't have a reference to these pages. Moreover, these pages are released when value is copied out in xfs_attr code. In other words, we can not directly mark underlying xfs_buf's pages as verified. One way to track that these pages were verified is to mark xattr's buffer as verified instead. If buffer is evicted the incore XBF_VERITY_CHECKED flag is lost. When the xattr is read again xfs_attr_get() returns new buffer without the flag. The xfs_buf's flag is then used to tell fs-verity if it's new page or cached one. The meaning of the flag is that value of the extended attribute in the buffer is verified. Note that, the underlying pages have PageChecked() == false (the way fs-verity identifies verified pages). The flag is being used later to SetPageChecked() on pages handed to the fs-verity. Signed-off-by: Andrey Albershteyn --- fs/xfs/xfs_buf.h | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/fs/xfs/xfs_buf.h b/fs/xfs/xfs_buf.h index df8f47953bb4..d0fadb6d4b59 100644 --- a/fs/xfs/xfs_buf.h +++ b/fs/xfs/xfs_buf.h @@ -24,14 +24,15 @@ struct xfs_buf; #define XFS_BUF_DADDR_NULL ((xfs_daddr_t) (-1LL)) -#define XBF_READ (1u << 0) /* buffer intended for reading from device */ -#define XBF_WRITE (1u << 1) /* buffer intended for writing to device */ -#define XBF_READ_AHEAD (1u << 2) /* asynchronous read-ahead */ -#define XBF_NO_IOACCT (1u << 3) /* bypass I/O accounting (non-LRU bufs) */ -#define XBF_ASYNC (1u << 4) /* initiator will not wait for completion */ -#define XBF_DONE (1u << 5) /* all pages in the buffer uptodate */ -#define XBF_STALE (1u << 6) /* buffer has been staled, do not find it */ -#define XBF_WRITE_FAIL (1u << 7) /* async writes have failed on this buffer */ +#define XBF_READ (1u << 0) /* buffer intended for reading from device */ +#define XBF_WRITE (1u << 1) /* buffer intended for writing to device */ +#define XBF_READ_AHEAD (1u << 2) /* asynchronous read-ahead */ +#define XBF_NO_IOACCT (1u << 3) /* bypass I/O accounting (non-LRU bufs) */ +#define XBF_ASYNC (1u << 4) /* initiator will not wait for completion */ +#define XBF_DONE (1u << 5) /* all pages in the buffer uptodate */ +#define XBF_STALE (1u << 6) /* buffer has been staled, do not find it */ +#define XBF_WRITE_FAIL (1u << 7) /* async writes have failed on this buffer */ +#define XBF_VERITY_CHECKED (1u << 8) /* buffer was verified by fs-verity*/ /* buffer type flags for write callbacks */ #define _XBF_INODES (1u << 16)/* inode buffer */ From patchwork Fri Oct 6 18:49:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411890 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4B2C8E81E1F for ; Fri, 6 Oct 2023 18:54:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233337AbjJFSyo (ORCPT ); Fri, 6 Oct 2023 14:54:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59054 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233109AbjJFSyl (ORCPT ); Fri, 6 Oct 2023 14:54:41 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 551B4101 for ; Fri, 6 Oct 2023 11:52:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618355; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jjoW7fBS6BcOhHAUeww67TVYjHZF3WHOCVW/fTd2VMc=; b=a5aEZpmwJFEQ+JTnOJ390ZyPMhMqdk8Xzmtt6nDINYzPNTQSd6kor6NzG1CSeYhaS0Ao7B SWiYJPJs94dMdSCXXgl8DoZk+mvc/tCMVZcE1Z/iDg6Mxc1qA4ckT0iQ8O5cYLSt0eJkcQ KWZwa33XvDDCLeH2ap6zPKDGbFWQNlk= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-401-3XarANhPOQynKP4CMiK4qA-1; Fri, 06 Oct 2023 14:52:33 -0400 X-MC-Unique: 3XarANhPOQynKP4CMiK4qA-1 Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-9b65d7079faso190363266b.1 for ; Fri, 06 Oct 2023 11:52:32 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618352; x=1697223152; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jjoW7fBS6BcOhHAUeww67TVYjHZF3WHOCVW/fTd2VMc=; b=QXAIlA82RHuMKVxmth8S3SReBHiZZaiJoCtvmewLjXAFDSYZXH5uE4VwCXyXQ2bJtO YSyuuWhAtwJKAmyFXioxh+SaE9xhK/yhP/nuZi2CuUre8RM0KOyjC3oyqxA6UfqU7Siw QvgQvl+lzxgMhR39jvSFyqujROS/w4RyZhdcBBp0QZ0jH1Nn9FA7w3keCR5XWZdzBO4N qj4l9oi84/vl4imfEHOYpwmSqCtVUFQi73QPdDIS4GvG3Oh5o/aIKyRRJds4oyqy6Yzt Vw5lWFgaBNPK3q4D/x3xORHCWqt4n3hRk6xXBEyxzi2VdG72HkVe/2cW5FuvdXswzwc1 jTFA== X-Gm-Message-State: AOJu0YwvKv4wqkIAAyl7V1hiYjgqhxXbd5Db89b0ubWS6mwtV8uBBx24 8CSqX0pHRW7aAiPhQn/PC4J3hALuqZVl4SSCeV5zCjb81mUn+7vmxMnlN1fr+V8hGRJnm5AlW8k 722H8uzmobQ5k+RDlatUQnRGRzZWbL/GtSpehAPOPX5nPaG21f5vn9Z+Opf08MI9RJ7dYuQrpHd 9Ozm8= X-Received: by 2002:a17:907:b18:b0:9ae:7204:3656 with SMTP id h24-20020a1709070b1800b009ae72043656mr7789716ejl.60.1696618351800; Fri, 06 Oct 2023 11:52:31 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE3wB9JEZKSf3q6cE16v4DWAnm1AH23ztqdhiJ5r3guVOxeB1qWL2rnTyyax28+2Yo9nxkN+w== X-Received: by 2002:a17:907:b18:b0:9ae:7204:3656 with SMTP id h24-20020a1709070b1800b009ae72043656mr7789703ejl.60.1696618351542; Fri, 06 Oct 2023 11:52:31 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:31 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Andrey Albershteyn Subject: [PATCH v3 14/28] xfs: add XFS_DA_OP_BUFFER to make xfs_attr_get() return buffer Date: Fri, 6 Oct 2023 20:49:08 +0200 Message-Id: <20231006184922.252188-15-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org With XBF_VERITY_CHECKED flag on xfs_buf XFS can track which buffers contain verified Merkle tree blocks. However, we also need to expose the buffer to pass a reference of underlying page to fs-verity. This patch adds XFS_DA_OP_BUFFER to tell xfs_attr_get() to xfs_buf_hold() underlying buffer and return it as xfs_da_args->bp. The caller must then xfs_buf_rele() the buffer. Therefore, XFS will hold a reference to xfs_buf till fs-verity is verifying xfs_buf's content. Signed-off-by: Andrey Albershteyn --- fs/xfs/libxfs/xfs_attr.c | 5 ++++- fs/xfs/libxfs/xfs_attr_leaf.c | 7 +++++++ fs/xfs/libxfs/xfs_attr_remote.c | 13 +++++++++++-- fs/xfs/libxfs/xfs_da_btree.h | 5 ++++- 4 files changed, 26 insertions(+), 4 deletions(-) diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c index 711022742e34..298b74245267 100644 --- a/fs/xfs/libxfs/xfs_attr.c +++ b/fs/xfs/libxfs/xfs_attr.c @@ -251,6 +251,8 @@ xfs_attr_get_ilocked( * If the attribute is found, but exceeds the size limit set by the caller in * args->valuelen, return -ERANGE with the size of the attribute that was found * in args->valuelen. + * + * Using XFS_DA_OP_BUFFER the caller have to release the buffer args->bp. */ int xfs_attr_get( @@ -269,7 +271,8 @@ xfs_attr_get( args->hashval = xfs_da_hashname(args->name, args->namelen); /* Entirely possible to look up a name which doesn't exist */ - args->op_flags = XFS_DA_OP_OKNOENT; + args->op_flags = XFS_DA_OP_OKNOENT | + (args->op_flags & XFS_DA_OP_BUFFER); lock_mode = xfs_ilock_attr_map_shared(args->dp); error = xfs_attr_get_ilocked(args); diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c index 2580ae47209a..a84795d70de1 100644 --- a/fs/xfs/libxfs/xfs_attr_leaf.c +++ b/fs/xfs/libxfs/xfs_attr_leaf.c @@ -2531,6 +2531,13 @@ xfs_attr3_leaf_getvalue( name_loc = xfs_attr3_leaf_name_local(leaf, args->index); ASSERT(name_loc->namelen == args->namelen); ASSERT(memcmp(args->name, name_loc->nameval, args->namelen) == 0); + + /* must be released by the caller */ + if (args->op_flags & XFS_DA_OP_BUFFER) { + xfs_buf_hold(bp); + args->bp = bp; + } + return xfs_attr_copy_value(args, &name_loc->nameval[args->namelen], be16_to_cpu(name_loc->valuelen)); diff --git a/fs/xfs/libxfs/xfs_attr_remote.c b/fs/xfs/libxfs/xfs_attr_remote.c index d440393b40eb..72908e0e1c86 100644 --- a/fs/xfs/libxfs/xfs_attr_remote.c +++ b/fs/xfs/libxfs/xfs_attr_remote.c @@ -424,9 +424,18 @@ xfs_attr_rmtval_get( error = xfs_attr_rmtval_copyout(mp, bp, args->dp->i_ino, &offset, &valuelen, &dst); - xfs_buf_relse(bp); - if (error) + xfs_buf_unlock(bp); + /* must be released by the caller */ + if (args->op_flags & XFS_DA_OP_BUFFER) + args->bp = bp; + else + xfs_buf_rele(bp); + + if (error) { + if (args->op_flags & XFS_DA_OP_BUFFER) + xfs_buf_rele(args->bp); return error; + } /* roll attribute extent map forwards */ lblkno += map[i].br_blockcount; diff --git a/fs/xfs/libxfs/xfs_da_btree.h b/fs/xfs/libxfs/xfs_da_btree.h index a4b29827603f..269d26730bca 100644 --- a/fs/xfs/libxfs/xfs_da_btree.h +++ b/fs/xfs/libxfs/xfs_da_btree.h @@ -61,6 +61,7 @@ typedef struct xfs_da_args { uint8_t filetype; /* filetype of inode for directories */ void *value; /* set of bytes (maybe contain NULLs) */ int valuelen; /* length of value */ + struct xfs_buf *bp; /* OUT: xfs_buf which contains the attr */ unsigned int attr_filter; /* XFS_ATTR_{ROOT,SECURE,INCOMPLETE} */ unsigned int attr_flags; /* XATTR_{CREATE,REPLACE} */ xfs_dahash_t hashval; /* hash value of name */ @@ -95,6 +96,7 @@ typedef struct xfs_da_args { #define XFS_DA_OP_REMOVE (1u << 6) /* this is a remove operation */ #define XFS_DA_OP_RECOVERY (1u << 7) /* Log recovery operation */ #define XFS_DA_OP_LOGGED (1u << 8) /* Use intent items to track op */ +#define XFS_DA_OP_BUFFER (1u << 9) /* Return underlying buffer */ #define XFS_DA_OP_FLAGS \ { XFS_DA_OP_JUSTCHECK, "JUSTCHECK" }, \ @@ -105,7 +107,8 @@ typedef struct xfs_da_args { { XFS_DA_OP_NOTIME, "NOTIME" }, \ { XFS_DA_OP_REMOVE, "REMOVE" }, \ { XFS_DA_OP_RECOVERY, "RECOVERY" }, \ - { XFS_DA_OP_LOGGED, "LOGGED" } + { XFS_DA_OP_LOGGED, "LOGGED" }, \ + { XFS_DA_OP_BUFFER, "BUFFER" } /* * Storage for holding state during Btree searches and split/join ops. From patchwork Fri Oct 6 18:49:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411891 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BCB0DE81E1E for ; Fri, 6 Oct 2023 18:54:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233404AbjJFSyp (ORCPT ); Fri, 6 Oct 2023 14:54:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59026 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233316AbjJFSyj (ORCPT ); Fri, 6 Oct 2023 14:54:39 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 30B86FF for ; Fri, 6 Oct 2023 11:52:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618355; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Jjx9VgV/7dT4tZbJ3E3mhAPuVCjLtjMTEsq27X+yTiE=; b=A06UEsTVtrcx4DP9FdgqI+qTrJvEU9gLnKl9i/QznxguQMF1F+D6yqMCe+tXMR/9IoUpPf c32TV0uagewR+GQcufAehbrSHz+O0xckfHtjfcWyXY+2rGJrgdW5xoVWk/DQmPFyrD2tzI m9jmrx9qL8r/aUZDzlx+nCyZVOhZ7Z8= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-489-nxNWh_VANxixH1-w7WIacQ-1; Fri, 06 Oct 2023 14:52:34 -0400 X-MC-Unique: nxNWh_VANxixH1-w7WIacQ-1 Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-9b9ecd8c351so183814266b.1 for ; Fri, 06 Oct 2023 11:52:33 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618352; x=1697223152; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Jjx9VgV/7dT4tZbJ3E3mhAPuVCjLtjMTEsq27X+yTiE=; b=fvn1CzUDe9on0KnD2ZOyOXzAWesfJ4W2SswCeiVRtb8qNc6XEV2+eMDKiirzP3wGt/ ld7gdFlXad7i8v1i4fHnkjKoOiggmSPMmlVWXN3/ZmVaDO93F/KkS4oLx0wIl+CrzDA7 +3YNj/hyS0nJy4qMsIq0kNOIaVLIhQbA7Ahkm8ytKw59rJQrfAiYnIQLua6QXkWs0wmb pSfZWXIh1VnOJ9ghPQUh0amf9tmfxVq8ZK//TqpaTsK4rLANdDdgrDqZKQMA5fEkc8Qm C8TAKqN8qCxAcb7E6akKzqZ4qybYf72WNpV1C5Km05d1+Vi+H0v7ohLTGua0HMwfp0DB ihEw== X-Gm-Message-State: AOJu0YzblJrf2CkmNt31ukbUUpZZkt+1nknfuOnJhBQOcUlHa10Vi8yc bViwMKOBMTrhZOvXiIsOMnBDjKK7ojD8qPCwBkb8nAhyRckmUt5/5jX3aVHtO7J9oHUKpp4lTOc YYWwuLcuHLKpQvuzuonAMR1o3qyoV2vtX2IipDoZRV13YOQ9v5ov67LD9igUxsuaDJy53SwsmQg a8l64= X-Received: by 2002:a17:906:3116:b0:9a9:e4ba:2da7 with SMTP id 22-20020a170906311600b009a9e4ba2da7mr8028352ejx.49.1696618352690; Fri, 06 Oct 2023 11:52:32 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHDPDtaO2TAQS7SQHAc7X+kA+HXfojdJw5ChBvvTI1/xFzblcVVwt2Q3wqp9BD4yXfaMCDGqw== X-Received: by 2002:a17:906:3116:b0:9a9:e4ba:2da7 with SMTP id 22-20020a170906311600b009a9e4ba2da7mr8028334ejx.49.1696618352414; Fri, 06 Oct 2023 11:52:32 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:32 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Andrey Albershteyn Subject: [PATCH v3 15/28] xfs: introduce workqueue for post read IO work Date: Fri, 6 Oct 2023 20:49:09 +0200 Message-Id: <20231006184922.252188-16-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org As noted by Dave there are two problems with using fs-verity's workqueue in XFS: 1. High priority workqueues are used within XFS to ensure that data IO completion cannot stall processing of journal IO completions. Hence using a WQ_HIGHPRI workqueue directly in the user data IO path is a potential filesystem livelock/deadlock vector. 2. The fsverity workqueue is global - it creates a cross-filesystem contention point. This patch adds per-filesystem, per-cpu workqueue for fsverity work. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong --- fs/xfs/xfs_mount.h | 1 + fs/xfs/xfs_super.c | 9 +++++++++ 2 files changed, 10 insertions(+) diff --git a/fs/xfs/xfs_mount.h b/fs/xfs/xfs_mount.h index d19cca099bc3..3d77844b255e 100644 --- a/fs/xfs/xfs_mount.h +++ b/fs/xfs/xfs_mount.h @@ -109,6 +109,7 @@ typedef struct xfs_mount { struct xfs_mru_cache *m_filestream; /* per-mount filestream data */ struct workqueue_struct *m_buf_workqueue; struct workqueue_struct *m_unwritten_workqueue; + struct workqueue_struct *m_postread_workqueue; struct workqueue_struct *m_reclaim_workqueue; struct workqueue_struct *m_sync_workqueue; struct workqueue_struct *m_blockgc_wq; diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c index 819a3568b28f..5e1ec5978176 100644 --- a/fs/xfs/xfs_super.c +++ b/fs/xfs/xfs_super.c @@ -554,6 +554,12 @@ xfs_init_mount_workqueues( if (!mp->m_unwritten_workqueue) goto out_destroy_buf; + mp->m_postread_workqueue = alloc_workqueue("xfs-pread/%s", + XFS_WQFLAGS(WQ_FREEZABLE | WQ_MEM_RECLAIM), + 0, mp->m_super->s_id); + if (!mp->m_postread_workqueue) + goto out_destroy_postread; + mp->m_reclaim_workqueue = alloc_workqueue("xfs-reclaim/%s", XFS_WQFLAGS(WQ_FREEZABLE | WQ_MEM_RECLAIM), 0, mp->m_super->s_id); @@ -587,6 +593,8 @@ xfs_init_mount_workqueues( destroy_workqueue(mp->m_reclaim_workqueue); out_destroy_unwritten: destroy_workqueue(mp->m_unwritten_workqueue); +out_destroy_postread: + destroy_workqueue(mp->m_postread_workqueue); out_destroy_buf: destroy_workqueue(mp->m_buf_workqueue); out: @@ -602,6 +610,7 @@ xfs_destroy_mount_workqueues( destroy_workqueue(mp->m_inodegc_wq); destroy_workqueue(mp->m_reclaim_workqueue); destroy_workqueue(mp->m_unwritten_workqueue); + destroy_workqueue(mp->m_postread_workqueue); destroy_workqueue(mp->m_buf_workqueue); } From patchwork Fri Oct 6 18:49:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411897 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EDFC0E94103 for ; Fri, 6 Oct 2023 18:55:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233312AbjJFSzN (ORCPT ); Fri, 6 Oct 2023 14:55:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59098 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233365AbjJFSyu (ORCPT ); Fri, 6 Oct 2023 14:54:50 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 605D210D for ; Fri, 6 Oct 2023 11:52:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618361; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=UWcs9SrNpmcSvDrcidpI6DOh7inrMPlH2bbWKy/g+Tc=; b=We+8gB62bgJsHrUT9woKtEqMHftHGfT3juSmEmikqgu+uKmvyZsDBTxUCevzsUmR0bS7jK Pod1xga1ov5KIJyWv5TL8w9xci2y/JMyUastfSZ4i++usNTfvPhqocVGfl+lIUcuBZfi4t hbrPS/JBZXwl6RM+AhP0FN8t2sqJDWc= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-222--ly-YUfZMy26Nad2QYwW4A-1; Fri, 06 Oct 2023 14:52:35 -0400 X-MC-Unique: -ly-YUfZMy26Nad2QYwW4A-1 Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-9adad8f306fso197845166b.0 for ; Fri, 06 Oct 2023 11:52:34 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618353; x=1697223153; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UWcs9SrNpmcSvDrcidpI6DOh7inrMPlH2bbWKy/g+Tc=; b=Nu2KiAmLjpUY2J6Rv9kb2sU+wahwMG2uNzAGu/sJRtFk3656rDeEppuf7I4lPayQQ+ 0exOh30jiv2yIM4ArXj2C65YtSIdWsAlNcfnW48oxwPTd6NuYMu3eXFB3waFdYAeaVOV E1w/5/xrcDh7ZzOerdQiYewJAX2LOSoLvI3cQI46VkKZFDetLiXQ3X+sm5Odtrm16rmG FYziNdrH6vgttkCscIsv18gPgGTgiMZBcyjXsAqDmyfsDX/PSwDsl1ZhXtCPOvYuVzdp hG4J7Zb1MoMzFvNUl4mYh6I7Y6Wse8KoReByussuCqTbaAALZt/nFGPOm+BfxXymRFve o23g== X-Gm-Message-State: AOJu0YzYAYcMzAgBux+Eu6vetjKUpbDAEaARIzksjlEC2fL2sImSqAoA kymi68P9No88l1htg1c42xfnU++JiMpDEMR3HVztqg4ILoL0PsYlJxpiPAUbCRint/+YKO48Ll2 6Sqc/+1FXceS9a5mS24bx8iy5yj7GoS9QmAVjk2wWUaNlPY86JDIrWUHqjpo5uALh229ODgaXni DsVmo= X-Received: by 2002:a17:906:53:b0:9ae:738b:86d0 with SMTP id 19-20020a170906005300b009ae738b86d0mr7651952ejg.66.1696618353625; Fri, 06 Oct 2023 11:52:33 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHdagM+opy7rXcNtWvd0CvvXwFThJ35jMAyomOLpjoWKe3Lj27i5d7fquRXV2FvmC3HqgU7lQ== X-Received: by 2002:a17:906:53:b0:9ae:738b:86d0 with SMTP id 19-20020a170906005300b009ae738b86d0mr7651934ejg.66.1696618353283; Fri, 06 Oct 2023 11:52:33 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:32 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Andrey Albershteyn Subject: [PATCH v3 16/28] xfs: add bio_set and submit_io for ioend post-processing Date: Fri, 6 Oct 2023 20:49:10 +0200 Message-Id: <20231006184922.252188-17-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org The read IO path provides callout for configuring ioend. This allows filesystem to add verification of completed BIOs. One of such tasks is verification against fs-verity tree when pages were read. iomap allows using custom bio_set with submit_bio() to add ioend processing. The xfs_prepare_read_ioend() configures bio->bi_end_io which places verification task in the workqueue. The task does fs-verity verification and then call back to the iomap to finish IO. This patch adds callouts implementation to verify pages with fs-verity. Also implements folio operation .verify_folio for direct folio verification by fs-verity. Signed-off-by: Andrey Albershteyn --- fs/xfs/xfs_aops.c | 84 ++++++++++++++++++++++++++++++++++++++++++++-- fs/xfs/xfs_aops.h | 2 ++ fs/xfs/xfs_linux.h | 1 + fs/xfs/xfs_super.c | 9 ++++- 4 files changed, 93 insertions(+), 3 deletions(-) diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c index b413a2dbcc18..fceb0c3de61f 100644 --- a/fs/xfs/xfs_aops.c +++ b/fs/xfs/xfs_aops.c @@ -26,6 +26,8 @@ struct xfs_writepage_ctx { unsigned int cow_seq; }; +static struct bio_set xfs_read_ioend_bioset; + static inline struct xfs_writepage_ctx * XFS_WPC(struct iomap_writepage_ctx *ctx) { @@ -548,19 +550,97 @@ xfs_vm_bmap( return iomap_bmap(mapping, block, &xfs_read_iomap_ops); } +static void +xfs_read_work_end_io( + struct work_struct *work) +{ + struct iomap_read_ioend *ioend = + container_of(work, struct iomap_read_ioend, work); + struct bio *bio = &ioend->read_inline_bio; + + fsverity_verify_bio(bio); + iomap_read_end_io(bio); + /* + * The iomap_read_ioend has been freed by bio_put() in + * iomap_read_end_io() + */ +} + +static void +xfs_read_end_io( + struct bio *bio) +{ + struct iomap_read_ioend *ioend = + container_of(bio, struct iomap_read_ioend, read_inline_bio); + struct xfs_inode *ip = XFS_I(ioend->io_inode); + + WARN_ON_ONCE(!queue_work(ip->i_mount->m_postread_workqueue, + &ioend->work)); +} + +static int +xfs_verify_folio( + struct folio *folio, + loff_t pos, + unsigned int len) +{ + if (fsverity_verify_blocks(folio, len, pos)) + return 0; + return -EFSCORRUPTED; +} + +int +xfs_init_iomap_bioset(void) +{ + return bioset_init(&xfs_read_ioend_bioset, + 4 * (PAGE_SIZE / SECTOR_SIZE), + offsetof(struct iomap_read_ioend, read_inline_bio), + BIOSET_NEED_BVECS); +} + +void +xfs_free_iomap_bioset(void) +{ + bioset_exit(&xfs_read_ioend_bioset); +} + +static void +xfs_submit_read_bio( + const struct iomap_iter *iter, + struct bio *bio, + loff_t file_offset) +{ + struct iomap_read_ioend *ioend; + + ioend = container_of(bio, struct iomap_read_ioend, read_inline_bio); + ioend->io_inode = iter->inode; + if (fsverity_active(ioend->io_inode)) { + INIT_WORK(&ioend->work, &xfs_read_work_end_io); + ioend->read_inline_bio.bi_end_io = &xfs_read_end_io; + } + + submit_bio(bio); +} + +static const struct iomap_readpage_ops xfs_readpage_ops = { + .verify_folio = &xfs_verify_folio, + .submit_io = &xfs_submit_read_bio, + .bio_set = &xfs_read_ioend_bioset, +}; + STATIC int xfs_vm_read_folio( struct file *unused, struct folio *folio) { - return iomap_read_folio(folio, &xfs_read_iomap_ops, NULL); + return iomap_read_folio(folio, &xfs_read_iomap_ops, &xfs_readpage_ops); } STATIC void xfs_vm_readahead( struct readahead_control *rac) { - iomap_readahead(rac, &xfs_read_iomap_ops, NULL); + iomap_readahead(rac, &xfs_read_iomap_ops, &xfs_readpage_ops); } static int diff --git a/fs/xfs/xfs_aops.h b/fs/xfs/xfs_aops.h index e0bd68419764..fa7c512b2717 100644 --- a/fs/xfs/xfs_aops.h +++ b/fs/xfs/xfs_aops.h @@ -10,5 +10,7 @@ extern const struct address_space_operations xfs_address_space_operations; extern const struct address_space_operations xfs_dax_aops; int xfs_setfilesize(struct xfs_inode *ip, xfs_off_t offset, size_t size); +int xfs_init_iomap_bioset(void); +void xfs_free_iomap_bioset(void); #endif /* __XFS_AOPS_H__ */ diff --git a/fs/xfs/xfs_linux.h b/fs/xfs/xfs_linux.h index e9d317a3dafe..ee213c6dfcaf 100644 --- a/fs/xfs/xfs_linux.h +++ b/fs/xfs/xfs_linux.h @@ -64,6 +64,7 @@ typedef __u32 xfs_nlink_t; #include #include #include +#include #include #include diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c index 5e1ec5978176..3cdb642961f4 100644 --- a/fs/xfs/xfs_super.c +++ b/fs/xfs/xfs_super.c @@ -2375,11 +2375,17 @@ init_xfs_fs(void) if (error) goto out_remove_dbg_kobj; - error = register_filesystem(&xfs_fs_type); + error = xfs_init_iomap_bioset(); if (error) goto out_qm_exit; + + error = register_filesystem(&xfs_fs_type); + if (error) + goto out_iomap_bioset; return 0; + out_iomap_bioset: + xfs_free_iomap_bioset(); out_qm_exit: xfs_qm_exit(); out_remove_dbg_kobj: @@ -2412,6 +2418,7 @@ init_xfs_fs(void) STATIC void __exit exit_xfs_fs(void) { + xfs_free_iomap_bioset(); xfs_qm_exit(); unregister_filesystem(&xfs_fs_type); #ifdef DEBUG From patchwork Fri Oct 6 18:49:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411928 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 357DDE94101 for ; Fri, 6 Oct 2023 18:56:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233272AbjJFS4C (ORCPT ); Fri, 6 Oct 2023 14:56:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34538 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233467AbjJFSzW (ORCPT ); Fri, 6 Oct 2023 14:55:22 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3F13511A for ; Fri, 6 Oct 2023 11:52:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618368; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FacLpp81lSt+NTXvvuxgBTv7hQsOCppHOs10C3hHLzU=; b=cVtzCLV456atmr/LH+SW7asxTKpryXw/vlrss0puRUsvR1gZPDR5FkogP2o8phq5z/ObCk QEN+U9uaIRC4RmElcyd8aGAOAuPxh/1s+I2pRCyT6WLnDxgnQfp00IF4bzQOZOLk+KJ4b4 hzTBaWsQwhKUbC+e/dgblGrr/hfos/I= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-7-wZm3_wioNDOXL89voXNHDQ-1; Fri, 06 Oct 2023 14:52:36 -0400 X-MC-Unique: wZm3_wioNDOXL89voXNHDQ-1 Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-993eeb3a950so189271366b.2 for ; Fri, 06 Oct 2023 11:52:36 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618354; x=1697223154; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FacLpp81lSt+NTXvvuxgBTv7hQsOCppHOs10C3hHLzU=; b=uzIhze73KOEFnZAMJoknYE5zxMNCp+RDBJDeA5ZN4pqeLQ1wHmONrELDwJyGjO3jz2 Cj22MHS2racuj7OkzXHK0RofmmPQ9HewZ62zO1YfyzqKBGJIamQB1hC58K72K3Y36PbT Q8ttbypfMgX1vipa7ry19Wh5aJ8HK2jY0UVHYotiqCgrDe52h4BiMYaT54YFjj5VyrP3 ynJiwLazoHuz5I+y513s2wScs2YghAvYVtYpLDJra4IUt3e7e16NJDH9ObgnP6CM0uup l10slk4ThjQVjy6CrWHBzEMvYL1sQcgN6nMtqJaRUdcJ/khk2GTChi1HosFbMZo4La7t bGnQ== X-Gm-Message-State: AOJu0YyPrKV/Eqg68UN4eE9nX1pBOfLiGvvPg400LGu7schY6cIx5FmA IBtVv5rPBbQMKoZWxwY3RVPlcR7wzp/l7oxLizhPUdD0kIFOvGT4rPSAYJ+IFERBseW/9gGPFsw f1N5gAQ/bUKn9rOJVZc891yHvqQ86K9EAwslOVw8LSsmRCxJaQNlMqzL9TBMfER+z2oKjXeVziY CFqRI= X-Received: by 2002:a17:906:32c7:b0:9a3:c4f4:12de with SMTP id k7-20020a17090632c700b009a3c4f412demr7809810ejk.37.1696618354515; Fri, 06 Oct 2023 11:52:34 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFKWZrR/0CaRj96MI7dxLSBRW5Bpl/4ewBkwPmazbEv8rlNH/nLOY8UUhBgrhB9XkE7sr/NkA== X-Received: by 2002:a17:906:32c7:b0:9a3:c4f4:12de with SMTP id k7-20020a17090632c700b009a3c4f412demr7809795ejk.37.1696618354303; Fri, 06 Oct 2023 11:52:34 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:33 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Andrey Albershteyn Subject: [PATCH v3 17/28] xfs: add attribute type for fs-verity Date: Fri, 6 Oct 2023 20:49:11 +0200 Message-Id: <20231006184922.252188-18-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org The Merkle tree blocks and descriptor are stored in the extended attributes of the inode. Add new attribute type for fs-verity metadata. Add XFS_ATTR_INTERNAL_MASK to skip parent pointer and fs-verity attributes as those are only for internal use. While we're at it add a few comments in relevant places that internally visible attributes are not suppose to be handled via interface defined in xfs_xattr.c. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong --- fs/xfs/libxfs/xfs_da_format.h | 10 +++++++++- fs/xfs/libxfs/xfs_log_format.h | 1 + fs/xfs/xfs_ioctl.c | 5 +++++ fs/xfs/xfs_trace.h | 1 + fs/xfs/xfs_xattr.c | 9 +++++++++ 5 files changed, 25 insertions(+), 1 deletion(-) diff --git a/fs/xfs/libxfs/xfs_da_format.h b/fs/xfs/libxfs/xfs_da_format.h index 6deefe03207f..b56bdae83563 100644 --- a/fs/xfs/libxfs/xfs_da_format.h +++ b/fs/xfs/libxfs/xfs_da_format.h @@ -699,14 +699,22 @@ struct xfs_attr3_leafblock { #define XFS_ATTR_ROOT_BIT 1 /* limit access to trusted attrs */ #define XFS_ATTR_SECURE_BIT 2 /* limit access to secure attrs */ #define XFS_ATTR_PARENT_BIT 3 /* parent pointer attrs */ +#define XFS_ATTR_VERITY_BIT 4 /* verity merkle tree and descriptor */ #define XFS_ATTR_INCOMPLETE_BIT 7 /* attr in middle of create/delete */ #define XFS_ATTR_LOCAL (1u << XFS_ATTR_LOCAL_BIT) #define XFS_ATTR_ROOT (1u << XFS_ATTR_ROOT_BIT) #define XFS_ATTR_SECURE (1u << XFS_ATTR_SECURE_BIT) #define XFS_ATTR_PARENT (1u << XFS_ATTR_PARENT_BIT) +#define XFS_ATTR_VERITY (1u << XFS_ATTR_VERITY_BIT) #define XFS_ATTR_INCOMPLETE (1u << XFS_ATTR_INCOMPLETE_BIT) #define XFS_ATTR_NSP_ONDISK_MASK \ - (XFS_ATTR_ROOT | XFS_ATTR_SECURE | XFS_ATTR_PARENT) + (XFS_ATTR_ROOT | XFS_ATTR_SECURE | XFS_ATTR_PARENT | \ + XFS_ATTR_VERITY) + +/* + * Internal attributes not exposed to the user + */ +#define XFS_ATTR_INTERNAL_MASK (XFS_ATTR_PARENT | XFS_ATTR_VERITY) /* * Alignment for namelist and valuelist entries (since they are mixed diff --git a/fs/xfs/libxfs/xfs_log_format.h b/fs/xfs/libxfs/xfs_log_format.h index 0bc1749fb7bb..c42cc58cd152 100644 --- a/fs/xfs/libxfs/xfs_log_format.h +++ b/fs/xfs/libxfs/xfs_log_format.h @@ -975,6 +975,7 @@ struct xfs_icreate_log { #define XFS_ATTRI_FILTER_MASK (XFS_ATTR_ROOT | \ XFS_ATTR_SECURE | \ XFS_ATTR_PARENT | \ + XFS_ATTR_VERITY | \ XFS_ATTR_INCOMPLETE) /* diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c index 55bb01173cde..3d6d680b6cf3 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c @@ -351,6 +351,11 @@ static unsigned int xfs_attr_filter( u32 ioc_flags) { + /* + * Only externally visible attributes should be specified here. + * Internally used attributes (such as parent pointers or fs-verity) + * should not be exposed to userspace. + */ if (ioc_flags & XFS_IOC_ATTR_ROOT) return XFS_ATTR_ROOT; if (ioc_flags & XFS_IOC_ATTR_SECURE) diff --git a/fs/xfs/xfs_trace.h b/fs/xfs/xfs_trace.h index 3926cf7f2a6e..3696709907bf 100644 --- a/fs/xfs/xfs_trace.h +++ b/fs/xfs/xfs_trace.h @@ -82,6 +82,7 @@ struct xfs_perag; #define XFS_ATTR_FILTER_FLAGS \ { XFS_ATTR_ROOT, "ROOT" }, \ { XFS_ATTR_SECURE, "SECURE" }, \ + { XFS_ATTR_VERITY, "VERITY" }, \ { XFS_ATTR_INCOMPLETE, "INCOMPLETE" } DECLARE_EVENT_CLASS(xfs_attr_list_class, diff --git a/fs/xfs/xfs_xattr.c b/fs/xfs/xfs_xattr.c index a3975f325f4e..56f7f4122fcb 100644 --- a/fs/xfs/xfs_xattr.c +++ b/fs/xfs/xfs_xattr.c @@ -20,6 +20,12 @@ #include +/* + * This file defines interface to work with externally visible extended + * attributes, such as those in system or security namespaces. This interface + * should not be used for internally used attributes (consider xfs_attr.c). + */ + /* * Get permission to use log-assisted atomic exchange of file extents. * @@ -241,6 +247,9 @@ xfs_xattr_put_listent( ASSERT(context->count >= 0); + if (flags & XFS_ATTR_INTERNAL_MASK) + return; + if (flags & XFS_ATTR_ROOT) { #ifdef CONFIG_XFS_POSIX_ACL if (namelen == SGI_ACL_FILE_SIZE && From patchwork Fri Oct 6 18:49:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411893 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DECF0E94102 for ; Fri, 6 Oct 2023 18:54:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233358AbjJFSys (ORCPT ); Fri, 6 Oct 2023 14:54:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59078 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233363AbjJFSyn (ORCPT ); Fri, 6 Oct 2023 14:54:43 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DC2E3FC for ; Fri, 6 Oct 2023 11:52:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618358; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=E/AveBNSqmjIJtYI3+6LuAlhQmhnFexTVHM7C0k2E9s=; b=UPbUIjzG4L4X2xewx1VlqnruYF5XtjLyIgvh97GaKoTHbwqi1Mfm3uZp8F9HInb2/Fo3mL 6cqIQUzcMMvQMx+jboa9t5RD4HReTZWumnRbClUSUkIm43KvhG+mdBS2uTRQu16UwFmKRI rWbykWntnw73WTvRU8p1qsiUfLOUeh0= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-113-hnkcwki0NUukrt2IPQox6A-1; Fri, 06 Oct 2023 14:52:36 -0400 X-MC-Unique: hnkcwki0NUukrt2IPQox6A-1 Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-9ae42088b4bso195975066b.3 for ; Fri, 06 Oct 2023 11:52:36 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618355; x=1697223155; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=E/AveBNSqmjIJtYI3+6LuAlhQmhnFexTVHM7C0k2E9s=; b=Qpq4zmT8iCG+6Ur0hChD8CS0jmLLedYeDg+lfMQalr4mgq0+z4U1tohoFGqwybVB8T lENTQ/Zh384dy6c+sOFIXSaU4hK3eSsMSZ/L3+S1xRH2Nm0AGChWoNcNwaQnu49R/7vz /P77wL/DwrrlbI5aHg2IGUYOqpaZ3c3pDDBqYp21tRAtSnvXcMvN4EGOoA5u1W1WtwaJ OnSiUxfVrMZnyrMvVEdrVYXuwlp0o03IzveEOzrjvWxx+35C+HpysdF9jXy2Vbcq8ELq /1Wr7JLg396X3D34MfND3v3/JEvS6RM2SDvsOiK8V9BKMngwHAyJIjHBbiqNK+qIxEzJ JsXQ== X-Gm-Message-State: AOJu0Yxrhzwe4/rhgDYsvriuz4DjxQA4o7iRyT6iQvxMp3wcRhr6NoJz zRUfJ5MK7YaKtaPvzlvtjDPsqGcERvBtWALjAvasj5ho8SwkBZ7dA+b00xFtkxZg3fxN56Pw3kU pmld/3WX0YKHKP8h9BNlrxDWF8jaPu+XXG8QcTCWLK3YxhkwR5fnyTuXnvfaksatiSyNK86IxSl h0Zkw= X-Received: by 2002:a17:906:9c1:b0:9ae:5aa4:9fa with SMTP id r1-20020a17090609c100b009ae5aa409famr8090653eje.42.1696618355347; Fri, 06 Oct 2023 11:52:35 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHOVx3rLvVBE5QUfisMFkx2Pla6kAmWa2HIAK3od296Wuq43rVklqeW33wJg0+k4bCeT0eC3A== X-Received: by 2002:a17:906:9c1:b0:9ae:5aa4:9fa with SMTP id r1-20020a17090609c100b009ae5aa409famr8090638eje.42.1696618355160; Fri, 06 Oct 2023 11:52:35 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:34 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Andrey Albershteyn Subject: [PATCH v3 18/28] xfs: make xfs_buf_get() to take XBF_* flags Date: Fri, 6 Oct 2023 20:49:12 +0200 Message-Id: <20231006184922.252188-19-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org Allow passing XBF_* buffer flags from xfs_buf_get(). This will allow fs-verity to specify flag for increased buffer size. Signed-off-by: Andrey Albershteyn --- fs/xfs/libxfs/xfs_attr_remote.c | 2 +- fs/xfs/libxfs/xfs_sb.c | 2 +- fs/xfs/xfs_buf.h | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/fs/xfs/libxfs/xfs_attr_remote.c b/fs/xfs/libxfs/xfs_attr_remote.c index 72908e0e1c86..5762135dc2a6 100644 --- a/fs/xfs/libxfs/xfs_attr_remote.c +++ b/fs/xfs/libxfs/xfs_attr_remote.c @@ -521,7 +521,7 @@ xfs_attr_rmtval_set_value( dblkno = XFS_FSB_TO_DADDR(mp, map.br_startblock), dblkcnt = XFS_FSB_TO_BB(mp, map.br_blockcount); - error = xfs_buf_get(mp->m_ddev_targp, dblkno, dblkcnt, &bp); + error = xfs_buf_get(mp->m_ddev_targp, dblkno, dblkcnt, 0, &bp); if (error) return error; bp->b_ops = &xfs_attr3_rmt_buf_ops; diff --git a/fs/xfs/libxfs/xfs_sb.c b/fs/xfs/libxfs/xfs_sb.c index 6264daaab37b..4191da4fb669 100644 --- a/fs/xfs/libxfs/xfs_sb.c +++ b/fs/xfs/libxfs/xfs_sb.c @@ -1096,7 +1096,7 @@ xfs_update_secondary_sbs( error = xfs_buf_get(mp->m_ddev_targp, XFS_AG_DADDR(mp, pag->pag_agno, XFS_SB_DADDR), - XFS_FSS_TO_BB(mp, 1), &bp); + XFS_FSS_TO_BB(mp, 1), 0, &bp); /* * If we get an error reading or writing alternate superblocks, * continue. xfs_repair chooses the "best" superblock based diff --git a/fs/xfs/xfs_buf.h b/fs/xfs/xfs_buf.h index d0fadb6d4b59..e79bfe548952 100644 --- a/fs/xfs/xfs_buf.h +++ b/fs/xfs/xfs_buf.h @@ -243,11 +243,12 @@ xfs_buf_get( struct xfs_buftarg *target, xfs_daddr_t blkno, size_t numblks, + xfs_buf_flags_t flags, struct xfs_buf **bpp) { DEFINE_SINGLE_BUF_MAP(map, blkno, numblks); - return xfs_buf_get_map(target, &map, 1, 0, bpp); + return xfs_buf_get_map(target, &map, 1, flags, bpp); } static inline int From patchwork Fri Oct 6 18:49:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411894 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0EF16E94103 for ; Fri, 6 Oct 2023 18:54:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233423AbjJFSyt (ORCPT ); Fri, 6 Oct 2023 14:54:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59100 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233365AbjJFSyn (ORCPT ); Fri, 6 Oct 2023 14:54:43 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 19D06FD for ; Fri, 6 Oct 2023 11:52:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618359; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wcRVHX8JFurBwxht+2exa+IxBRQV9tLkRgSIzCgziEo=; b=Av5eJCpT//MkGXVSTNRa69G3jvlWlU1QMSosM4MpNoPWhN/g5WtyMhsWeHuhZZsgSk2xz6 RkX1W5akzF2/LbBOOJ4LgmR4yS/uZpHJTMSu9Lu/RRKDGzSNY9CJP6SyQr1XnxFbiIEgXB 9l3e/e5KY6n8qdp3qxvItT3ZN4P/9lM= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-275-H_Xv9gOSN7Oxjqi5EBtD1A-1; Fri, 06 Oct 2023 14:52:38 -0400 X-MC-Unique: H_Xv9gOSN7Oxjqi5EBtD1A-1 Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-993eeb3a950so189273766b.2 for ; Fri, 06 Oct 2023 11:52:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618356; x=1697223156; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wcRVHX8JFurBwxht+2exa+IxBRQV9tLkRgSIzCgziEo=; b=v1eCi1cef9nRV9N6BrjH830lIw55i2PDdeegwQCJXGhFYqrvgBp1prGeAxB3kH8HQv u8d6jb0LRpFTdjsYUmD0P262DP1YJjD1GSYHAZBxhjuBN+Bk64k7qJmzyMdZK4R5PDFS GfDOI+rKHx7R63FYP9Zdz0bZd+JqjhCHEY8ru7tNDWa6gvb4G1OiSkrvy4yq/dMtPgHJ CGmL+MJKb4XAbyTkHyIiHJKK5wyTfS6EDKhm69cbs3NtunUU7mUN4W8hpuFxcXqtYgHG jvV7FDWPAjiPuAHpJu2PMNvHUmEcUWIW9Ty7Z37H3W3sLfamBLLCBCJRm5kSNfWl41Zk yaKA== X-Gm-Message-State: AOJu0YxjIRVCJwEP1WmlGRxLWwgOMPrUVkmdVeDnU9Y1tinzDljJV41e li6tEYckmiHRMSvSXTYb7ITpiYETE3eY5DbYXtGIBzhhtQcFPvQ41HDjEYKnkP8HFUhWtkHduRX 6owLPouoXrS5fJ3Gduy29EmYatIKHYdvm1a4RIySiRJczazY6Ito6Tc8i3BhOJhQHHS4hSmikzt +By6g= X-Received: by 2002:a17:907:77c9:b0:9b2:6d09:847c with SMTP id kz9-20020a17090777c900b009b26d09847cmr7386281ejc.10.1696618356688; Fri, 06 Oct 2023 11:52:36 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGrIQk7NnCDbZwY+PjQ3U9MlJNLuObcZuXDq08LQZ7kco8xmXaUKZy2GLL1ssPfQnC1xSPWLQ== X-Received: by 2002:a17:907:77c9:b0:9b2:6d09:847c with SMTP id kz9-20020a17090777c900b009b26d09847cmr7386255ejc.10.1696618356021; Fri, 06 Oct 2023 11:52:36 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:35 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Andrey Albershteyn Subject: [PATCH v3 19/28] xfs: add XBF_DOUBLE_ALLOC to increase size of the buffer Date: Fri, 6 Oct 2023 20:49:13 +0200 Message-Id: <20231006184922.252188-20-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org For fs-verity integration, XFS needs to supply kaddr'es of Merkle tree blocks to fs-verity core and track which blocks are already verified. One way to track verified status is to set xfs_buf flag (previously added XBF_VERITY_CHECKED). When xfs_buf is evicted from memory we loose verified status. Otherwise, fs-verity hits the xfs_buf which is still in cache and contains already verified blocks. However, the leaf blocks which are read to the xfs_buf contains leaf headers. xfs_attr_get() allocates new pages and copies out the data without header. Those newly allocated pages with extended attribute data are not attached to the buffer anymore. Add new XBF_DOUBLE_ALLOC which makes xfs_buf allocates x2 memory for the buffer. Additional memory will be used for a copy of the attribute data but without any headers. Also, make xfs_attr_rmtval_get() to copy data to the buffer itself if XFS asked for fs-verity block. Signed-off-by: Andrey Albershteyn --- fs/xfs/libxfs/xfs_attr_remote.c | 27 +++++++++++++++++++++++++-- fs/xfs/xfs_buf.c | 7 ++++++- fs/xfs/xfs_buf.h | 1 + 3 files changed, 32 insertions(+), 3 deletions(-) diff --git a/fs/xfs/libxfs/xfs_attr_remote.c b/fs/xfs/libxfs/xfs_attr_remote.c index 5762135dc2a6..7657daf7cff3 100644 --- a/fs/xfs/libxfs/xfs_attr_remote.c +++ b/fs/xfs/libxfs/xfs_attr_remote.c @@ -392,12 +392,22 @@ xfs_attr_rmtval_get( int blkcnt = args->rmtblkcnt; int i; int offset = 0; + int flags = 0; + void *addr; trace_xfs_attr_rmtval_get(args); ASSERT(args->valuelen != 0); ASSERT(args->rmtvaluelen == args->valuelen); + /* + * We also check for _OP_BUFFER as we want to trigger on + * verity blocks only, not on verity_descriptor + */ + if (args->attr_filter & XFS_ATTR_VERITY && + args->op_flags & XFS_DA_OP_BUFFER) + flags = XBF_DOUBLE_ALLOC; + valuelen = args->rmtvaluelen; while (valuelen > 0) { nmap = ATTR_RMTVALUE_MAPSIZE; @@ -417,13 +427,25 @@ xfs_attr_rmtval_get( dblkno = XFS_FSB_TO_DADDR(mp, map[i].br_startblock); dblkcnt = XFS_FSB_TO_BB(mp, map[i].br_blockcount); error = xfs_buf_read(mp->m_ddev_targp, dblkno, dblkcnt, - 0, &bp, &xfs_attr3_rmt_buf_ops); + flags, &bp, &xfs_attr3_rmt_buf_ops); if (error) return error; + /* + * For fs-verity we allocated more space. That space is + * filled with the same xattr data but without leaf + * headers. Point args->value to that data + */ + if (flags & XBF_DOUBLE_ALLOC) { + addr = xfs_buf_offset(bp, BBTOB(bp->b_length)); + args->value = addr; + dst = addr; + } + error = xfs_attr_rmtval_copyout(mp, bp, args->dp->i_ino, &offset, &valuelen, &dst); + xfs_buf_unlock(bp); /* must be released by the caller */ if (args->op_flags & XFS_DA_OP_BUFFER) @@ -521,7 +543,8 @@ xfs_attr_rmtval_set_value( dblkno = XFS_FSB_TO_DADDR(mp, map.br_startblock), dblkcnt = XFS_FSB_TO_BB(mp, map.br_blockcount); - error = xfs_buf_get(mp->m_ddev_targp, dblkno, dblkcnt, 0, &bp); + error = xfs_buf_get(mp->m_ddev_targp, dblkno, dblkcnt, + XBF_DOUBLE_ALLOC, &bp); if (error) return error; bp->b_ops = &xfs_attr3_rmt_buf_ops; diff --git a/fs/xfs/xfs_buf.c b/fs/xfs/xfs_buf.c index c1ece4a08ff4..c5071a970596 100644 --- a/fs/xfs/xfs_buf.c +++ b/fs/xfs/xfs_buf.c @@ -328,6 +328,9 @@ xfs_buf_alloc_kmem( xfs_km_flags_t kmflag_mask = KM_NOFS; size_t size = BBTOB(bp->b_length); + if (flags & XBF_DOUBLE_ALLOC) + size *= 2; + /* Assure zeroed buffer for non-read cases. */ if (!(flags & XBF_READ)) kmflag_mask |= KM_ZERO; @@ -358,6 +361,7 @@ xfs_buf_alloc_pages( { gfp_t gfp_mask = __GFP_NOWARN; long filled = 0; + int mul = (flags & XBF_DOUBLE_ALLOC) ? 2 : 1; if (flags & XBF_READ_AHEAD) gfp_mask |= __GFP_NORETRY; @@ -365,7 +369,8 @@ xfs_buf_alloc_pages( gfp_mask |= GFP_NOFS; /* Make sure that we have a page list */ - bp->b_page_count = DIV_ROUND_UP(BBTOB(bp->b_length), PAGE_SIZE); + bp->b_page_count = DIV_ROUND_UP(BBTOB(bp->b_length*mul), PAGE_SIZE); + if (bp->b_page_count <= XB_PAGES) { bp->b_pages = bp->b_page_array; } else { diff --git a/fs/xfs/xfs_buf.h b/fs/xfs/xfs_buf.h index e79bfe548952..8e3272fb6e65 100644 --- a/fs/xfs/xfs_buf.h +++ b/fs/xfs/xfs_buf.h @@ -33,6 +33,7 @@ struct xfs_buf; #define XBF_STALE (1u << 6) /* buffer has been staled, do not find it */ #define XBF_WRITE_FAIL (1u << 7) /* async writes have failed on this buffer */ #define XBF_VERITY_CHECKED (1u << 8) /* buffer was verified by fs-verity*/ +#define XBF_DOUBLE_ALLOC (1u << 9) /* double allocated space */ /* buffer type flags for write callbacks */ #define _XBF_INODES (1u << 16)/* inode buffer */ From patchwork Fri Oct 6 18:49:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411930 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4E2D2E94105 for ; Fri, 6 Oct 2023 18:56:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233407AbjJFS4E (ORCPT ); Fri, 6 Oct 2023 14:56:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34556 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233381AbjJFSz1 (ORCPT ); Fri, 6 Oct 2023 14:55:27 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0E254121 for ; Fri, 6 Oct 2023 11:52:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618375; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qlegwzOxx57sBL8Xx+R890G6fTt4C0TsMKqp0ENYz8k=; b=Ksv2D6ijTF0kQlL/1IllbmNG8JfLxd7MiBx+tRgVNp+iFBlb3qgW5xld7w3b+TuWhCGBTl 4O8t3s344e/IXtls6iUkVmM0m7c/5puCxepVoPMAtPgTqwtOFqo5KuJWJr9FYHH7C2n+wf RK4NrPhTTGffZxG4hKkEnhinG+Dv6BI= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-690-D5Vui-r1NWCJOhCtwfisPQ-1; Fri, 06 Oct 2023 14:52:38 -0400 X-MC-Unique: D5Vui-r1NWCJOhCtwfisPQ-1 Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-9b97f1b493dso213871366b.3 for ; Fri, 06 Oct 2023 11:52:38 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618357; x=1697223157; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qlegwzOxx57sBL8Xx+R890G6fTt4C0TsMKqp0ENYz8k=; b=CBo1jVynqHzXpB6two9n9B7vQ2LKfpAxNokHxxbiCx8h6lcVx/shDLPBDNF+IdYUoB JG1xFL7A3TdCckJs1E7h5mpCZsraBoPCAy0Z99RUEe1COP+KbU0mFV915h/2m5uQ39nw BAv37Eqolr2my51LeXH7sElWcqeIaAKfF2BGlPRQhUnFBI6Q+5K50zY72dK9wG6O+I23 DCH1BfI6pi/I6wU/RHuhSmjqCQmjbit/rcRXti1beXua/vjx0p/8EyC6CrVsJBtsnZui Xs5qaA5rtJ3539bojKHJA+Nd4zEuij4+452/LU+/EpZoXTbWRaHc8Ffq//U8pZob9A64 Uz2Q== X-Gm-Message-State: AOJu0YwpJ5Qa5UFVwYVzgK2QlDr48/5zk+Gea+F68Az5EjMOHadf8coS 4Ufu9Lze2mzbQlRm/C35Dyop9BcGwxA6hMCyZCMM2E0SmKud4LuYIWlXaPpsOsLaVg/I1M1xvSj htRyFQWXZtz7DcPkcjc/A8gw+TwrrLk3bRtP0St5iDQb4HNxI5wXeQLva3Afle9MdhiDAby/XWL 793Bw= X-Received: by 2002:a17:907:6c14:b0:9b6:f0e2:3c00 with SMTP id rl20-20020a1709076c1400b009b6f0e23c00mr6945552ejc.71.1696618357557; Fri, 06 Oct 2023 11:52:37 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFo5vp/wd7qpBKfMbuZSMXz/ISlutAnm5zYJOvUQd8UYNLU/1/w0Jimk88atuRtU9Ktn/yTFQ== X-Received: by 2002:a17:907:6c14:b0:9b6:f0e2:3c00 with SMTP id rl20-20020a1709076c1400b009b6f0e23c00mr6945540ejc.71.1696618357335; Fri, 06 Oct 2023 11:52:37 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:36 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Andrey Albershteyn Subject: [PATCH v3 20/28] xfs: add fs-verity ro-compat flag Date: Fri, 6 Oct 2023 20:49:14 +0200 Message-Id: <20231006184922.252188-21-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org To mark inodes sealed with fs-verity the new XFS_DIFLAG2_VERITY flag will be added in further patch. This requires ro-compat flag to let older kernels know that fs with fs-verity can not be modified. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong --- fs/xfs/libxfs/xfs_format.h | 1 + fs/xfs/libxfs/xfs_sb.c | 2 ++ fs/xfs/xfs_mount.h | 2 ++ 3 files changed, 5 insertions(+) diff --git a/fs/xfs/libxfs/xfs_format.h b/fs/xfs/libxfs/xfs_format.h index 371dc07233e0..ef617be2839c 100644 --- a/fs/xfs/libxfs/xfs_format.h +++ b/fs/xfs/libxfs/xfs_format.h @@ -353,6 +353,7 @@ xfs_sb_has_compat_feature( #define XFS_SB_FEAT_RO_COMPAT_RMAPBT (1 << 1) /* reverse map btree */ #define XFS_SB_FEAT_RO_COMPAT_REFLINK (1 << 2) /* reflinked files */ #define XFS_SB_FEAT_RO_COMPAT_INOBTCNT (1 << 3) /* inobt block counts */ +#define XFS_SB_FEAT_RO_COMPAT_VERITY (1 << 4) /* fs-verity */ #define XFS_SB_FEAT_RO_COMPAT_ALL \ (XFS_SB_FEAT_RO_COMPAT_FINOBT | \ XFS_SB_FEAT_RO_COMPAT_RMAPBT | \ diff --git a/fs/xfs/libxfs/xfs_sb.c b/fs/xfs/libxfs/xfs_sb.c index 4191da4fb669..236f3b833fa4 100644 --- a/fs/xfs/libxfs/xfs_sb.c +++ b/fs/xfs/libxfs/xfs_sb.c @@ -162,6 +162,8 @@ xfs_sb_version_to_features( features |= XFS_FEAT_REFLINK; if (sbp->sb_features_ro_compat & XFS_SB_FEAT_RO_COMPAT_INOBTCNT) features |= XFS_FEAT_INOBTCNT; + if (sbp->sb_features_ro_compat & XFS_SB_FEAT_RO_COMPAT_VERITY) + features |= XFS_FEAT_VERITY; if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_FTYPE) features |= XFS_FEAT_FTYPE; if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_SPINODES) diff --git a/fs/xfs/xfs_mount.h b/fs/xfs/xfs_mount.h index 3d77844b255e..95fba704f60e 100644 --- a/fs/xfs/xfs_mount.h +++ b/fs/xfs/xfs_mount.h @@ -288,6 +288,7 @@ typedef struct xfs_mount { #define XFS_FEAT_BIGTIME (1ULL << 24) /* large timestamps */ #define XFS_FEAT_NEEDSREPAIR (1ULL << 25) /* needs xfs_repair */ #define XFS_FEAT_NREXT64 (1ULL << 26) /* large extent counters */ +#define XFS_FEAT_VERITY (1ULL << 27) /* fs-verity */ /* Mount features */ #define XFS_FEAT_NOATTR2 (1ULL << 48) /* disable attr2 creation */ @@ -351,6 +352,7 @@ __XFS_HAS_FEAT(inobtcounts, INOBTCNT) __XFS_HAS_FEAT(bigtime, BIGTIME) __XFS_HAS_FEAT(needsrepair, NEEDSREPAIR) __XFS_HAS_FEAT(large_extent_counts, NREXT64) +__XFS_HAS_FEAT(verity, VERITY) /* * Mount features From patchwork Fri Oct 6 18:49:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411896 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9379FE94104 for ; Fri, 6 Oct 2023 18:55:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233502AbjJFSzP (ORCPT ); Fri, 6 Oct 2023 14:55:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50306 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233384AbjJFSyw (ORCPT ); Fri, 6 Oct 2023 14:54:52 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CBB3010B for ; Fri, 6 Oct 2023 11:52:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618361; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Xx+aNRFn5qJ8QRmhEcH9mM/4FZQj9kOynyRUbnfcdkQ=; b=BSXuJ9sbjtWAv7YOXxW59SVSJJ48j47e4p7C3hrTugjIg8Ecd62xXFcM0QHQ86EZWsguEZ RSmXarrgX278t7xA3/5BF9IRMIs0AHkP59tJ1IoCPcbpVradGsUZrjmQ7ovaOijVZa/dst 1H291aZctM0hm4OyO6H5CRLd8TFAyF0= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-196-Wy4gbzfLNkyijSnsMzjeMw-1; Fri, 06 Oct 2023 14:52:39 -0400 X-MC-Unique: Wy4gbzfLNkyijSnsMzjeMw-1 Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-9ae7663e604so206204666b.3 for ; Fri, 06 Oct 2023 11:52:39 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618358; x=1697223158; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Xx+aNRFn5qJ8QRmhEcH9mM/4FZQj9kOynyRUbnfcdkQ=; b=ks3bL6CbFyLm5z+Y9mTyPMWl6cNjnb1BoY+m6nv80AG1BNcxPVZYywugkyyz+bPdHY VlK4ZgtaxH6hynbsRo9zOQlMWs4BoUNrd1h8hYFWbUuydTKl6pWVe10hOZbTIYrdD0D4 VibrzmF8ttnAOWyk0r+FSw32TlsPyGOM85NDtZ2du8d7azKj5CcCO/p8hrdQxOR3psdY GZd4tJs6Us6LRbjALtaH1FVeVCPDf6P59rv9D1Q48r7xNRkPu67QIEd6sKwKCHfm5HGO vfDZRgGO1MWBoBINjbiysFjXypkB9pRXEs6MDSM/P/FyUr2cIgyZwBII9Z4oN0aUbXKs uPnQ== X-Gm-Message-State: AOJu0YzzLMo5oPol+PtX5ntYCXHae60AWoBzU1nLMXiWVdpNax4e7jsd cs/zlph/rmSdEFTcndnRdgqhQPW01nz5BKccNvcHCw4AxcE554NBNmaXqXGEUMa5bOmv8M/shUU jxcE8+8xy2Tru/A9LFxdrUcPBdv5jVTmeUW6FKv/JZjr4+n6ohsrizbEXwwcECuHxS2iOE9EntY 1wikk= X-Received: by 2002:a17:906:1097:b0:9ae:4878:1172 with SMTP id u23-20020a170906109700b009ae48781172mr8628282eju.7.1696618358375; Fri, 06 Oct 2023 11:52:38 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFCIpHO/nQ4QGByNF0QZHH7zKGeeUDbHAWIZgilZwrqoW03x+wLVxk7wQFjuG4YEzr8Y1U+5A== X-Received: by 2002:a17:906:1097:b0:9ae:4878:1172 with SMTP id u23-20020a170906109700b009ae48781172mr8628269eju.7.1696618358165; Fri, 06 Oct 2023 11:52:38 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:37 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Andrey Albershteyn Subject: [PATCH v3 21/28] xfs: add inode on-disk VERITY flag Date: Fri, 6 Oct 2023 20:49:15 +0200 Message-Id: <20231006184922.252188-22-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org Add flag to mark inodes which have fs-verity enabled on them (i.e. descriptor exist and tree is built). Signed-off-by: Andrey Albershteyn --- fs/ioctl.c | 4 ++++ fs/xfs/libxfs/xfs_format.h | 4 +++- fs/xfs/xfs_inode.c | 2 ++ fs/xfs/xfs_iops.c | 2 ++ 4 files changed, 11 insertions(+), 1 deletion(-) diff --git a/fs/ioctl.c b/fs/ioctl.c index f5fd99d6b0d4..81a69cb8016b 100644 --- a/fs/ioctl.c +++ b/fs/ioctl.c @@ -481,6 +481,8 @@ void fileattr_fill_xflags(struct fileattr *fa, u32 xflags) fa->flags |= FS_DAX_FL; if (fa->fsx_xflags & FS_XFLAG_PROJINHERIT) fa->flags |= FS_PROJINHERIT_FL; + if (fa->fsx_xflags & FS_XFLAG_VERITY) + fa->flags |= FS_VERITY_FL; } EXPORT_SYMBOL(fileattr_fill_xflags); @@ -511,6 +513,8 @@ void fileattr_fill_flags(struct fileattr *fa, u32 flags) fa->fsx_xflags |= FS_XFLAG_DAX; if (fa->flags & FS_PROJINHERIT_FL) fa->fsx_xflags |= FS_XFLAG_PROJINHERIT; + if (fa->flags & FS_VERITY_FL) + fa->fsx_xflags |= FS_XFLAG_VERITY; } EXPORT_SYMBOL(fileattr_fill_flags); diff --git a/fs/xfs/libxfs/xfs_format.h b/fs/xfs/libxfs/xfs_format.h index ef617be2839c..ccb2ae5c2c93 100644 --- a/fs/xfs/libxfs/xfs_format.h +++ b/fs/xfs/libxfs/xfs_format.h @@ -1070,16 +1070,18 @@ static inline void xfs_dinode_put_rdev(struct xfs_dinode *dip, xfs_dev_t rdev) #define XFS_DIFLAG2_COWEXTSIZE_BIT 2 /* copy on write extent size hint */ #define XFS_DIFLAG2_BIGTIME_BIT 3 /* big timestamps */ #define XFS_DIFLAG2_NREXT64_BIT 4 /* large extent counters */ +#define XFS_DIFLAG2_VERITY_BIT 5 /* inode sealed by fsverity */ #define XFS_DIFLAG2_DAX (1 << XFS_DIFLAG2_DAX_BIT) #define XFS_DIFLAG2_REFLINK (1 << XFS_DIFLAG2_REFLINK_BIT) #define XFS_DIFLAG2_COWEXTSIZE (1 << XFS_DIFLAG2_COWEXTSIZE_BIT) #define XFS_DIFLAG2_BIGTIME (1 << XFS_DIFLAG2_BIGTIME_BIT) #define XFS_DIFLAG2_NREXT64 (1 << XFS_DIFLAG2_NREXT64_BIT) +#define XFS_DIFLAG2_VERITY (1 << XFS_DIFLAG2_VERITY_BIT) #define XFS_DIFLAG2_ANY \ (XFS_DIFLAG2_DAX | XFS_DIFLAG2_REFLINK | XFS_DIFLAG2_COWEXTSIZE | \ - XFS_DIFLAG2_BIGTIME | XFS_DIFLAG2_NREXT64) + XFS_DIFLAG2_BIGTIME | XFS_DIFLAG2_NREXT64 | XFS_DIFLAG2_VERITY) static inline bool xfs_dinode_has_bigtime(const struct xfs_dinode *dip) { diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c index 4d55f58d99b7..94eb33abcb8f 100644 --- a/fs/xfs/xfs_inode.c +++ b/fs/xfs/xfs_inode.c @@ -634,6 +634,8 @@ xfs_ip2xflags( flags |= FS_XFLAG_DAX; if (ip->i_diflags2 & XFS_DIFLAG2_COWEXTSIZE) flags |= FS_XFLAG_COWEXTSIZE; + if (ip->i_diflags2 & XFS_DIFLAG2_VERITY) + flags |= FS_XFLAG_VERITY; } if (xfs_inode_has_attr_fork(ip)) diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c index 1c1e6171209d..9f2d5c2505ae 100644 --- a/fs/xfs/xfs_iops.c +++ b/fs/xfs/xfs_iops.c @@ -1237,6 +1237,8 @@ xfs_diflags_to_iflags( flags |= S_NOATIME; if (init && xfs_inode_should_enable_dax(ip)) flags |= S_DAX; + if (xflags & FS_XFLAG_VERITY) + flags |= S_VERITY; /* * S_DAX can only be set during inode initialization and is never set by From patchwork Fri Oct 6 18:49:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411926 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 268D2E94101 for ; Fri, 6 Oct 2023 18:55:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233299AbjJFSzU (ORCPT ); Fri, 6 Oct 2023 14:55:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43594 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233430AbjJFSyx (ORCPT ); Fri, 6 Oct 2023 14:54:53 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AC1B5118 for ; Fri, 6 Oct 2023 11:52:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618366; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=etHlCA8T/PaxWUxEWZ1DvVJeeVyrnJ0a0ek/fvsTpN8=; b=AO2ERmYKUmpkSCDVm84IJkCxZgVXfEZl+YIBEqG+AlcFqX/hMNjdq+zwR8lEvlRicRRiEm 0oNRigzxj1UVt7jnyGvnOgD6OCl0iNWAFyREU0q7ZW5neqjj+5JzTs2iX0vkN79TR1eT7O nAwQpgL9X6KfE1rIbT6zarvpKP2Toso= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-182-xifcPG94NDuudZHil9CspA-1; Fri, 06 Oct 2023 14:52:40 -0400 X-MC-Unique: xifcPG94NDuudZHil9CspA-1 Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-993eeb3a950so189276666b.2 for ; Fri, 06 Oct 2023 11:52:40 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618359; x=1697223159; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=etHlCA8T/PaxWUxEWZ1DvVJeeVyrnJ0a0ek/fvsTpN8=; b=bMoNpBHLxA/F4JU43xxJA5GXzKIEkD+tdD+/vFMvSzD/zlEYmtEp+K4dm+hmdqiYWH w2RBZEkyvAHAEipWaezsdrtmHyE0Ml8ttb6b9eAZW/saQwN7gPmVjMpbqSmm9nrto7QK pHt4eW8MGwpml87C/HmLrIFEbbcnUoJZqmEZvyHt+zc8DBzl9jWc9Lo9e52D92yKmYZa HUHcmQydp4M2vXVl6QWrqy6YAYS+EyRjaAxZkij4VvPBEMYcXvH9AJlGali0EAMAKiky eyFE6BT6SJW920+zGWaduvu/v0NlLTJwbeOHQIF/Vwjj49TEMP6eKxCtMp+NINGMrocu tNwQ== X-Gm-Message-State: AOJu0Yx9GQOFqHxYgYbIds3h1WrIjNJY8vGWlSo1p0hLRA3Ph2trZDxt QOFLVhxx4zMBpC5EL70PGnAdC5cat1d/tudpU4WhN+WNBf5xuolXklf/Nn3V9b2ddGq3yCJgLCE QI7+c5LDAxQGsRbkDzdibVjeVZp8vVnREmSUrlGpsd/pldmbQnMrkCHpiunOZnoJ07uofh6DQ7E wcK6w= X-Received: by 2002:a17:906:cc53:b0:9ae:5523:3f8e with SMTP id mm19-20020a170906cc5300b009ae55233f8emr8487894ejb.63.1696618359291; Fri, 06 Oct 2023 11:52:39 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF73s7VGFatKV6LUYuO61TYbYu4BE1wLl/SWf4Vq8QcPJ6yV/S+GMfoQzJ3iL6XWu4mnlQgEg== X-Received: by 2002:a17:906:cc53:b0:9ae:5523:3f8e with SMTP id mm19-20020a170906cc5300b009ae55233f8emr8487881ejb.63.1696618359073; Fri, 06 Oct 2023 11:52:39 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:38 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Andrey Albershteyn Subject: [PATCH v3 22/28] xfs: initialize fs-verity on file open and cleanup on inode destruction Date: Fri, 6 Oct 2023 20:49:16 +0200 Message-Id: <20231006184922.252188-23-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org fs-verity will read and attach metadata (not the tree itself) from a disk for those inodes which already have fs-verity enabled. Signed-off-by: Andrey Albershteyn --- fs/xfs/xfs_file.c | 8 ++++++++ fs/xfs/xfs_super.c | 2 ++ 2 files changed, 10 insertions(+) diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c index 203700278ddb..a92c8197c26a 100644 --- a/fs/xfs/xfs_file.c +++ b/fs/xfs/xfs_file.c @@ -31,6 +31,7 @@ #include #include #include +#include static const struct vm_operations_struct xfs_file_vm_ops; @@ -1191,10 +1192,17 @@ xfs_file_open( struct inode *inode, struct file *file) { + int error = 0; + if (xfs_is_shutdown(XFS_M(inode->i_sb))) return -EIO; file->f_mode |= FMODE_NOWAIT | FMODE_BUF_RASYNC | FMODE_BUF_WASYNC | FMODE_DIO_PARALLEL_WRITE | FMODE_CAN_ODIRECT; + + error = fsverity_file_open(inode, file); + if (error) + return error; + return generic_file_open(inode, file); } diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c index 3cdb642961f4..6a3b5285044a 100644 --- a/fs/xfs/xfs_super.c +++ b/fs/xfs/xfs_super.c @@ -47,6 +47,7 @@ #include #include #include +#include static const struct super_operations xfs_super_operations; @@ -673,6 +674,7 @@ xfs_fs_destroy_inode( ASSERT(!rwsem_is_locked(&inode->i_rwsem)); XFS_STATS_INC(ip->i_mount, vn_rele); XFS_STATS_INC(ip->i_mount, vn_remove); + fsverity_cleanup_inode(inode); xfs_inode_mark_reclaimable(ip); } From patchwork Fri Oct 6 18:49:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411895 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B667CE94101 for ; Fri, 6 Oct 2023 18:55:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233421AbjJFSzM (ORCPT ); Fri, 6 Oct 2023 14:55:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59086 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233311AbjJFSyu (ORCPT ); Fri, 6 Oct 2023 14:54:50 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 27F40111 for ; Fri, 6 Oct 2023 11:52:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618363; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xavYdX/wZ0RnKLfU/MnqAKGW0flPB1iaCT9iprzm3zc=; b=Ujz+NlbGEN9Q1P/qTduhm5DSQzJw45W7JGaX8A3XXLl1fpvTdbzNgoJsQIYlw4taJoWqMq 0HuQHRW8fk/t/B0dCE/klIy2JF05S8nMhC2GEgUJA3aoMnFZFVLIh/UOjbVbe0XrAyVPo1 g1F8xXbrvoRz87l/Bd+cmm82i+DJuuw= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-146-rKQ9aIx5MjCRWGHiNWHx2A-1; Fri, 06 Oct 2023 14:52:41 -0400 X-MC-Unique: rKQ9aIx5MjCRWGHiNWHx2A-1 Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-9a62adedadbso211235066b.1 for ; Fri, 06 Oct 2023 11:52:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618360; x=1697223160; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xavYdX/wZ0RnKLfU/MnqAKGW0flPB1iaCT9iprzm3zc=; b=VI/Th81wc0jNgcyxkOaveabR/y2lOYPAss4W2wBqqqEMuQlHduAOB2pp85AnYnZ47T +Rvgj1Ii+s+2N6Yr3R5uMjUhP6NqwqoucNYvIM5AvG6QFLRnL8gQ1oaizYypa9IeWKuQ gpWfWGxmXoKNPN6LvvWhuE3FWzSeBXcgnFrrAkdq5sMwNJ6K+nkEivPGhw5ZcOyDW0/X rkkmNcei3JV2W8++OenOA2RYyxRW04Sd7ezzB8nGOkfbm9fyBgxOWWPkwowa1P43WurD PD3aeuKBjkm0YPf8p52NEgsn2DhB4erkbb4HE2atO2U5wRTeGVx/PT6dDjQC4G+hnWQ7 cLBA== X-Gm-Message-State: AOJu0YyUWtAJF/J9ZPnJBX312xfq4+mDBTIRLPB1Tz0Y8An/G/Kfa8uF 6AILnco2VK0SFYLaNcE4CEPdCea7qjkSKFQmJ6df6EpdHDXuW1xi0VUC8FRyUXKqyJBa4WWPuax lP+HBkjChQWSiH2ISCyaATXyOr+lKMsiKJgMlXfceES70aBi1R4kshZ2+UAppb81jNzSgG680ys UMrTI= X-Received: by 2002:a17:907:75f7:b0:9ae:658f:a80a with SMTP id jz23-20020a17090775f700b009ae658fa80amr7985143ejc.48.1696618360183; Fri, 06 Oct 2023 11:52:40 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG7SK73SUKTlwsNFT0YwN9JhYvDJYdu/UT4rHQhvxh32fN6Ie3lbiMgVmY+qoDZrohiyXJoFw== X-Received: by 2002:a17:907:75f7:b0:9ae:658f:a80a with SMTP id jz23-20020a17090775f700b009ae658fa80amr7985129ejc.48.1696618359925; Fri, 06 Oct 2023 11:52:39 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:39 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Andrey Albershteyn Subject: [PATCH v3 23/28] xfs: don't allow to enable DAX on fs-verity sealsed inode Date: Fri, 6 Oct 2023 20:49:17 +0200 Message-Id: <20231006184922.252188-24-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org fs-verity doesn't support DAX. Forbid filesystem to enable DAX on inodes which already have fs-verity enabled. The opposite is checked when fs-verity is enabled, it won't be enabled if DAX is. Signed-off-by: Andrey Albershteyn --- fs/xfs/xfs_iops.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c index 9f2d5c2505ae..3153767f0d6f 100644 --- a/fs/xfs/xfs_iops.c +++ b/fs/xfs/xfs_iops.c @@ -1209,6 +1209,8 @@ xfs_inode_should_enable_dax( return false; if (!xfs_inode_supports_dax(ip)) return false; + if (ip->i_diflags2 & XFS_DIFLAG2_VERITY) + return false; if (xfs_has_dax_always(ip->i_mount)) return true; if (ip->i_diflags2 & XFS_DIFLAG2_DAX) From patchwork Fri Oct 6 18:49:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411929 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 03934E94102 for ; Fri, 6 Oct 2023 18:56:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233467AbjJFS4D (ORCPT ); Fri, 6 Oct 2023 14:56:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59040 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233407AbjJFSzW (ORCPT ); Fri, 6 Oct 2023 14:55:22 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4C28011B for ; Fri, 6 Oct 2023 11:52:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618368; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=y62cirHyxw1nxIK5GngI9l6eX0UynAIUbjFVCcsuark=; b=gEgd4Y8eAXVuUTVx0z9mba4ziKvurDO3mdWmsmZJKXbjKMTeSFIzevBMiSKQyr9cfWrV3l Iy4+9JJjEjoxlex2kdAyHMHvDQK0CQ4e9O5d6gV+5msNofjlOzJ03xh5pwhnUiUqnRJ7vV H+o3m+76PGZ3usP9AoKRdDmMIAVEE6g= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-157-UFtwsHujNRusNdn-u6GsMA-1; Fri, 06 Oct 2023 14:52:42 -0400 X-MC-Unique: UFtwsHujNRusNdn-u6GsMA-1 Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-9b95fa56bd5so210982666b.0 for ; Fri, 06 Oct 2023 11:52:42 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618361; x=1697223161; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=y62cirHyxw1nxIK5GngI9l6eX0UynAIUbjFVCcsuark=; b=h6MzdqVq4W+yqsFcye3NxJRbrf3QNLcWx4CzL4j/1HP5gmu9aL44PUObo4Q9+PGJa3 cFU6ZFE+yUKEN6nyU1SNwJE5iJTfJeyP0mMrqukh+5X2eP1pMP6MygNHZWC8wnhw+vcq 970GVjKBd+tP69jpief1SWDO36TmYHAuhIpIRO2tFat3VuBM8igNUYCAwUg2CuA8oKh5 XTzgvTO9Zx/zRfrCTPiGWadBfGkAfOt5V+C6ZyyaXj+2Sj9yTBaspJDnkyZ2UtQSVdFh 5q5bY6rhZjchsSg9aadoB7BF9ls+n7UD7mgLMmuD+cU9bbUpu4YL1tuEKzCQvPwj/w16 sniA== X-Gm-Message-State: AOJu0Yy3AshCRokWJQaHWdar6T0fneAnCNVydp258MCSdZ9ZKdEUBp3D /hikiYmjlFlWv6QGAnw2wTJ7FSZt87XLB6qI+2o9szHTp3Tbf8q++5ncUb6ReoIZUJusdZfhCp9 tRhKvkB7KP081yQ0y88G9o4rkDeq5ywGt7JaM8XpPjTUajqln4v5N1XjQ+qZhrFWiM+0VZTk6I0 0Uk0c= X-Received: by 2002:a17:906:3ca9:b0:9ba:7f5:3602 with SMTP id b9-20020a1709063ca900b009ba07f53602mr583734ejh.60.1696618361094; Fri, 06 Oct 2023 11:52:41 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFVZ+8RYyWx/WXsHj7JKes+e1LLF/dLUz0XxHhOXmY4bfEBU5dLyL1gt2j4iCnrrEatFiiqNw== X-Received: by 2002:a17:906:3ca9:b0:9ba:7f5:3602 with SMTP id b9-20020a1709063ca900b009ba07f53602mr583721ejh.60.1696618360843; Fri, 06 Oct 2023 11:52:40 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:40 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Andrey Albershteyn Subject: [PATCH v3 24/28] xfs: disable direct read path for fs-verity sealed files Date: Fri, 6 Oct 2023 20:49:18 +0200 Message-Id: <20231006184922.252188-25-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org The direct path is not supported on verity files. Attempts to use direct I/O path on such files should fall back to buffered I/O path. Signed-off-by: Andrey Albershteyn --- fs/xfs/xfs_file.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c index a92c8197c26a..7363cbdff803 100644 --- a/fs/xfs/xfs_file.c +++ b/fs/xfs/xfs_file.c @@ -244,7 +244,8 @@ xfs_file_dax_read( struct kiocb *iocb, struct iov_iter *to) { - struct xfs_inode *ip = XFS_I(iocb->ki_filp->f_mapping->host); + struct inode *inode = iocb->ki_filp->f_mapping->host; + struct xfs_inode *ip = XFS_I(inode); ssize_t ret = 0; trace_xfs_file_dax_read(iocb, to); @@ -297,10 +298,17 @@ xfs_file_read_iter( if (IS_DAX(inode)) ret = xfs_file_dax_read(iocb, to); - else if (iocb->ki_flags & IOCB_DIRECT) + else if (iocb->ki_flags & IOCB_DIRECT && !fsverity_active(inode)) ret = xfs_file_dio_read(iocb, to); - else + else { + /* + * In case fs-verity is enabled, we also fallback to the + * buffered read from the direct read path. Therefore, + * IOCB_DIRECT is set and need to be cleared + */ + iocb->ki_flags &= ~IOCB_DIRECT; ret = xfs_file_buffered_read(iocb, to); + } if (ret > 0) XFS_STATS_ADD(mp, xs_read_bytes, ret); From patchwork Fri Oct 6 18:49:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411932 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D7266E94100 for ; Fri, 6 Oct 2023 18:56:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233110AbjJFS4G (ORCPT ); Fri, 6 Oct 2023 14:56:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34540 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233527AbjJFSz2 (ORCPT ); Fri, 6 Oct 2023 14:55:28 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6A4CD126 for ; Fri, 6 Oct 2023 11:53:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618380; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=K2a1ka+tlMbp95iffKcVgauxZIyVgsRitaQM9lBAQcY=; b=HjRRL6Q707tbyarslNATbjc0GM6oaXRUqdKTgJtfu2idtorsm6BwDjYxx76LsNTq+bs5gC yqrrvW8c3Y+AL9YHNT0tglUgqZMVlrZPOkzA5qhCOimggTloE9AJtwTMmNL8oFulQtscuy DO4An07ccq6eA7yALcsHeQ6yzUnKl/M= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-346-ES0-86mhNpC8tP3aXdsqpg-1; Fri, 06 Oct 2023 14:52:44 -0400 X-MC-Unique: ES0-86mhNpC8tP3aXdsqpg-1 Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-9b65c46bca8so208417966b.1 for ; Fri, 06 Oct 2023 11:52:43 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618362; x=1697223162; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=K2a1ka+tlMbp95iffKcVgauxZIyVgsRitaQM9lBAQcY=; b=A1dMt1Daw+pnIr4J0EHE/rQ+5Bitz0EJU/1STrexgDvhavS5NW12ioZz69BpsRZ58z pcBmfC/7zg0cNf6/4tbvktXjjIRa3ebxAuna3RtDlTVU/kJkS2mtLNlRAw9LjeYTdXRF /GTeS+IPVuhrC4YMGbNoPtAU9Dxs7jl0Lov8cdgILziFvqd3gZMQaqQB93mGPHZyXsIP eV6oj+Zc+6HlIDJn2nP9O5Q+4vUJw5+htNSZa5my8JaDPtmzXvuN75NY3LfauDR7ZXHn x06LBc1SoPDZmLCorchCVnTIc9Dkrs5WL3PauAhYFswulfgo0B39aVaApfo4j/h/EB97 qZmA== X-Gm-Message-State: AOJu0Ywyy2PaZtsl40EXsyXYuR45vCZLaEVUOfg4QNuEdusDVRP4n51F c/zCqJI7gVI9Qx2ugIDDvpVn6wZpbjWcHknfSpfdrCrhe90V5k5SZxtgfYdjYH0q+uu8REDlNwo QIcKrmV+gxjRm55PFEyFsoLsO4jNz+0dRoeBmfX7YcLP0mF0MVZ1Vz7kxox3btPqR/1l2F8nsLo YmN78= X-Received: by 2002:a17:907:7798:b0:9a9:f14a:22dc with SMTP id ky24-20020a170907779800b009a9f14a22dcmr8537049ejc.8.1696618362219; Fri, 06 Oct 2023 11:52:42 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEDmzO6vSvZU2JTL5iDr5tN04u9LkHfAu6/6JvVyBXYT0/dny1Yfl6boN9GHUcykT+FMFG9xA== X-Received: by 2002:a17:907:7798:b0:9a9:f14a:22dc with SMTP id ky24-20020a170907779800b009a9f14a22dcmr8537025ejc.8.1696618361731; Fri, 06 Oct 2023 11:52:41 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:41 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Andrey Albershteyn Subject: [PATCH v3 25/28] xfs: add fs-verity support Date: Fri, 6 Oct 2023 20:49:19 +0200 Message-Id: <20231006184922.252188-26-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org Add integration with fs-verity. The XFS store fs-verity metadata in the extended attributes. The metadata consist of verity descriptor and Merkle tree blocks. The descriptor is stored under "verity_descriptor" extended attribute. The Merkle tree blocks are stored under binary indexes. When fs-verity is enabled on an inode, the XFS_IVERITY_CONSTRUCTION flag is set meaning that the Merkle tree is being build. The initialization ends with storing of verity descriptor and setting inode on-disk flag (XFS_DIFLAG2_VERITY). The verification on read is done in iomap. Based on the inode verity flag the IOMAP_F_READ_VERITY is set in xfs_read_iomap_begin() to let iomap know that verification is needed. Signed-off-by: Andrey Albershteyn --- fs/xfs/Makefile | 1 + fs/xfs/libxfs/xfs_attr.c | 13 ++ fs/xfs/libxfs/xfs_attr_leaf.c | 17 ++- fs/xfs/libxfs/xfs_attr_remote.c | 8 +- fs/xfs/libxfs/xfs_da_format.h | 16 ++ fs/xfs/xfs_inode.h | 3 +- fs/xfs/xfs_iomap.c | 3 + fs/xfs/xfs_ondisk.h | 4 + fs/xfs/xfs_super.c | 8 + fs/xfs/xfs_verity.c | 257 ++++++++++++++++++++++++++++++++ fs/xfs/xfs_verity.h | 37 +++++ 11 files changed, 360 insertions(+), 7 deletions(-) create mode 100644 fs/xfs/xfs_verity.c create mode 100644 fs/xfs/xfs_verity.h diff --git a/fs/xfs/Makefile b/fs/xfs/Makefile index 7762c01a85cf..c1a58ed8b419 100644 --- a/fs/xfs/Makefile +++ b/fs/xfs/Makefile @@ -130,6 +130,7 @@ xfs-$(CONFIG_XFS_POSIX_ACL) += xfs_acl.o xfs-$(CONFIG_SYSCTL) += xfs_sysctl.o xfs-$(CONFIG_COMPAT) += xfs_ioctl32.o xfs-$(CONFIG_EXPORTFS_BLOCK_OPS) += xfs_pnfs.o +xfs-$(CONFIG_FS_VERITY) += xfs_verity.o # notify failure ifeq ($(CONFIG_MEMORY_FAILURE),y) diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c index 298b74245267..25e1f829e01e 100644 --- a/fs/xfs/libxfs/xfs_attr.c +++ b/fs/xfs/libxfs/xfs_attr.c @@ -26,6 +26,7 @@ #include "xfs_trace.h" #include "xfs_attr_item.h" #include "xfs_xattr.h" +#include "xfs_verity.h" struct kmem_cache *xfs_attr_intent_cache; @@ -1635,6 +1636,18 @@ xfs_attr_namecheck( return xfs_verify_pptr(mp, (struct xfs_parent_name_rec *)name); } + if (flags & XFS_ATTR_VERITY) { + /* Merkle tree pages are stored under u64 indexes */ + if (length == sizeof(struct xfs_fsverity_merkle_key)) + return true; + + /* Verity descriptor blocks are held in a named attribute. */ + if (length == XFS_VERITY_DESCRIPTOR_NAME_LEN) + return true; + + return false; + } + return xfs_str_attr_namecheck(name, length); } diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c index a84795d70de1..36d1f88d972f 100644 --- a/fs/xfs/libxfs/xfs_attr_leaf.c +++ b/fs/xfs/libxfs/xfs_attr_leaf.c @@ -29,6 +29,7 @@ #include "xfs_log.h" #include "xfs_ag.h" #include "xfs_errortag.h" +#include "xfs_verity.h" /* @@ -518,7 +519,12 @@ xfs_attr_copy_value( return -ERANGE; } - if (!args->value) { + /* + * We don't want to allocate memory for fs-verity Merkle tree blocks + * (fs-verity descriptor is fine though). They will be stored in + * underlying xfs_buf + */ + if (!args->value && !xfs_verity_merkle_block(args)) { args->value = kvmalloc(valuelen, GFP_KERNEL | __GFP_NOLOCKDEP); if (!args->value) return -ENOMEM; @@ -537,7 +543,14 @@ xfs_attr_copy_value( */ if (!value) return -EINVAL; - memcpy(args->value, value, valuelen); + /* + * We won't copy Merkle tree block to the args->value as we want it be + * in the xfs_buf. And we didn't allocate any memory in args->value. + */ + if (xfs_verity_merkle_block(args)) + args->value = value; + else + memcpy(args->value, value, valuelen); return 0; } diff --git a/fs/xfs/libxfs/xfs_attr_remote.c b/fs/xfs/libxfs/xfs_attr_remote.c index 7657daf7cff3..7b4424e3454b 100644 --- a/fs/xfs/libxfs/xfs_attr_remote.c +++ b/fs/xfs/libxfs/xfs_attr_remote.c @@ -22,6 +22,7 @@ #include "xfs_attr_remote.h" #include "xfs_trace.h" #include "xfs_error.h" +#include "xfs_verity.h" #define ATTR_RMTVALUE_MAPSIZE 1 /* # of map entries at once */ @@ -401,11 +402,10 @@ xfs_attr_rmtval_get( ASSERT(args->rmtvaluelen == args->valuelen); /* - * We also check for _OP_BUFFER as we want to trigger on - * verity blocks only, not on verity_descriptor + * For fs-verity we want additional space in the xfs_buf. This space is + * used to copy xattr value without leaf headers (crc header). */ - if (args->attr_filter & XFS_ATTR_VERITY && - args->op_flags & XFS_DA_OP_BUFFER) + if (xfs_verity_merkle_block(args)) flags = XBF_DOUBLE_ALLOC; valuelen = args->rmtvaluelen; diff --git a/fs/xfs/libxfs/xfs_da_format.h b/fs/xfs/libxfs/xfs_da_format.h index b56bdae83563..a678ad5e4a08 100644 --- a/fs/xfs/libxfs/xfs_da_format.h +++ b/fs/xfs/libxfs/xfs_da_format.h @@ -903,4 +903,20 @@ struct xfs_parent_name_irec { uint8_t p_namelen; }; +/* + * fs-verity attribute name format + * + * Merkle tree blocks are stored under extended attributes of the inode. The + * name of the attributes are offsets into merkle tree. + */ +struct xfs_fsverity_merkle_key { + __be64 merkleoff; +}; + +static inline void +xfs_fsverity_merkle_key_to_disk(struct xfs_fsverity_merkle_key *key, loff_t pos) +{ + key->merkleoff = cpu_to_be64(pos); +} + #endif /* __XFS_DA_FORMAT_H__ */ diff --git a/fs/xfs/xfs_inode.h b/fs/xfs/xfs_inode.h index 0c5bdb91152e..e6c30a69e8d1 100644 --- a/fs/xfs/xfs_inode.h +++ b/fs/xfs/xfs_inode.h @@ -342,7 +342,8 @@ static inline bool xfs_inode_has_large_extent_counts(struct xfs_inode *ip) * inactivation completes, both flags will be cleared and the inode is a * plain old IRECLAIMABLE inode. */ -#define XFS_INACTIVATING (1 << 13) +#define XFS_INACTIVATING (1 << 13) +#define XFS_IVERITY_CONSTRUCTION (1 << 14) /* merkle tree construction */ /* Quotacheck is running but inode has not been added to quota counts. */ #define XFS_IQUOTAUNCHECKED (1 << 14) diff --git a/fs/xfs/xfs_iomap.c b/fs/xfs/xfs_iomap.c index 18c8f168b153..80b249c42067 100644 --- a/fs/xfs/xfs_iomap.c +++ b/fs/xfs/xfs_iomap.c @@ -132,6 +132,9 @@ xfs_bmbt_to_iomap( (ip->i_itemp->ili_fsync_fields & ~XFS_ILOG_TIMESTAMP)) iomap->flags |= IOMAP_F_DIRTY; + if (fsverity_active(VFS_I(ip))) + iomap->flags |= IOMAP_F_READ_VERITY; + iomap->validity_cookie = sequence_cookie; iomap->folio_ops = &xfs_iomap_folio_ops; return 0; diff --git a/fs/xfs/xfs_ondisk.h b/fs/xfs/xfs_ondisk.h index c4cc99b70dd3..accbbdeb7624 100644 --- a/fs/xfs/xfs_ondisk.h +++ b/fs/xfs/xfs_ondisk.h @@ -190,6 +190,10 @@ xfs_check_ondisk_structs(void) XFS_CHECK_VALUE(XFS_DQ_BIGTIME_EXPIRY_MIN << XFS_DQ_BIGTIME_SHIFT, 4); XFS_CHECK_VALUE(XFS_DQ_BIGTIME_EXPIRY_MAX << XFS_DQ_BIGTIME_SHIFT, 16299260424LL); + + /* fs-verity descriptor xattr name */ + XFS_CHECK_VALUE(strlen(XFS_VERITY_DESCRIPTOR_NAME), + XFS_VERITY_DESCRIPTOR_NAME_LEN); } #endif /* __XFS_ONDISK_H */ diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c index 6a3b5285044a..f32392add622 100644 --- a/fs/xfs/xfs_super.c +++ b/fs/xfs/xfs_super.c @@ -30,6 +30,7 @@ #include "xfs_filestream.h" #include "xfs_quota.h" #include "xfs_sysfs.h" +#include "xfs_verity.h" #include "xfs_ondisk.h" #include "xfs_rmap_item.h" #include "xfs_refcount_item.h" @@ -1526,6 +1527,9 @@ xfs_fs_fill_super( sb->s_quota_types = QTYPE_MASK_USR | QTYPE_MASK_GRP | QTYPE_MASK_PRJ; #endif sb->s_op = &xfs_super_operations; +#ifdef CONFIG_FS_VERITY + sb->s_vop = &xfs_verity_ops; +#endif /* * Delay mount work if the debug hook is set. This is debug @@ -1735,6 +1739,10 @@ xfs_fs_fill_super( goto out_filestream_unmount; } + if (xfs_has_verity(mp)) + xfs_alert(mp, + "EXPERIMENTAL fs-verity feature in use. Use at your own risk!"); + error = xfs_mountfs(mp); if (error) goto out_filestream_unmount; diff --git a/fs/xfs/xfs_verity.c b/fs/xfs/xfs_verity.c new file mode 100644 index 000000000000..a2db56974122 --- /dev/null +++ b/fs/xfs/xfs_verity.c @@ -0,0 +1,257 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 Red Hat, Inc. + */ +#include "xfs.h" +#include "xfs_shared.h" +#include "xfs_format.h" +#include "xfs_da_format.h" +#include "xfs_da_btree.h" +#include "xfs_trans_resv.h" +#include "xfs_mount.h" +#include "xfs_inode.h" +#include "xfs_attr.h" +#include "xfs_verity.h" +#include "xfs_bmap_util.h" +#include "xfs_log_format.h" +#include "xfs_trans.h" + +static int +xfs_get_verity_descriptor( + struct inode *inode, + void *buf, + size_t buf_size) +{ + struct xfs_inode *ip = XFS_I(inode); + int error = 0; + struct xfs_da_args args = { + .dp = ip, + .attr_filter = XFS_ATTR_VERITY, + .name = (const uint8_t *)XFS_VERITY_DESCRIPTOR_NAME, + .namelen = XFS_VERITY_DESCRIPTOR_NAME_LEN, + .value = buf, + .valuelen = buf_size, + }; + + /* + * The fact that (returned attribute size) == (provided buf_size) is + * checked by xfs_attr_copy_value() (returns -ERANGE) + */ + error = xfs_attr_get(&args); + if (error) + return error; + + return args.valuelen; +} + +static int +xfs_begin_enable_verity( + struct file *filp) +{ + struct inode *inode = file_inode(filp); + struct xfs_inode *ip = XFS_I(inode); + int error = 0; + + ASSERT(xfs_isilocked(ip, XFS_IOLOCK_EXCL)); + + if (IS_DAX(inode)) + return -EINVAL; + + if (xfs_iflags_test_and_set(ip, XFS_IVERITY_CONSTRUCTION)) + return -EBUSY; + + return error; +} + +static int +xfs_drop_merkle_tree( + struct xfs_inode *ip, + u64 merkle_tree_size, + u8 log_blocksize) +{ + struct xfs_fsverity_merkle_key name; + int error = 0, index; + u64 offset = 0; + struct xfs_da_args args = { + .dp = ip, + .whichfork = XFS_ATTR_FORK, + .attr_filter = XFS_ATTR_VERITY, + .namelen = sizeof(struct xfs_fsverity_merkle_key), + /* NULL value make xfs_attr_set remove the attr */ + .value = NULL, + }; + + for (index = 1; offset < merkle_tree_size; index++) { + xfs_fsverity_merkle_key_to_disk(&name, offset); + args.name = (const uint8_t *)&name.merkleoff; + args.attr_filter = XFS_ATTR_VERITY; + error = xfs_attr_set(&args); + offset = index << log_blocksize; + } + + args.name = (const uint8_t *)XFS_VERITY_DESCRIPTOR_NAME; + args.namelen = XFS_VERITY_DESCRIPTOR_NAME_LEN; + args.attr_filter = XFS_ATTR_VERITY; + error = xfs_attr_set(&args); + + return error; +} + +static int +xfs_end_enable_verity( + struct file *filp, + const void *desc, + size_t desc_size, + u64 merkle_tree_size, + u8 log_blocksize) +{ + struct inode *inode = file_inode(filp); + struct xfs_inode *ip = XFS_I(inode); + struct xfs_mount *mp = ip->i_mount; + struct xfs_trans *tp; + struct xfs_da_args args = { + .dp = ip, + .whichfork = XFS_ATTR_FORK, + .attr_filter = XFS_ATTR_VERITY, + .attr_flags = XATTR_CREATE, + .name = (const uint8_t *)XFS_VERITY_DESCRIPTOR_NAME, + .namelen = XFS_VERITY_DESCRIPTOR_NAME_LEN, + .value = (void *)desc, + .valuelen = desc_size, + }; + int error = 0; + + ASSERT(xfs_isilocked(ip, XFS_IOLOCK_EXCL)); + + /* fs-verity failed, just cleanup */ + if (desc == NULL) + goto out; + + error = xfs_attr_set(&args); + if (error) + goto out; + + /* Set fsverity inode flag */ + error = xfs_trans_alloc_inode(ip, &M_RES(mp)->tr_ichange, + 0, 0, false, &tp); + if (error) + goto out; + + /* + * Ensure that we've persisted the verity information before we enable + * it on the inode and tell the caller we have sealed the inode. + */ + ip->i_diflags2 |= XFS_DIFLAG2_VERITY; + + xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); + xfs_trans_set_sync(tp); + + error = xfs_trans_commit(tp); + xfs_iunlock(ip, XFS_ILOCK_EXCL); + + if (!error) + inode->i_flags |= S_VERITY; + +out: + if (error) + WARN_ON_ONCE(xfs_drop_merkle_tree(ip, merkle_tree_size, + log_blocksize)); + + xfs_iflags_clear(ip, XFS_IVERITY_CONSTRUCTION); + return error; +} + +int +xfs_read_merkle_tree_block( + struct inode *inode, + unsigned int pos, + struct fsverity_block *block, + unsigned long num_ra_pages) +{ + struct xfs_inode *ip = XFS_I(inode); + struct xfs_fsverity_merkle_key name; + int error = 0; + struct xfs_da_args args = { + .dp = ip, + .attr_filter = XFS_ATTR_VERITY, + .namelen = sizeof(struct xfs_fsverity_merkle_key), + }; + xfs_fsverity_merkle_key_to_disk(&name, pos); + args.name = (const uint8_t *)&name.merkleoff; + + error = xfs_attr_get(&args); + if (error) + goto out; + + WARN_ON_ONCE(!args.valuelen); + + /* now we also want to get underlying xfs_buf */ + args.op_flags = XFS_DA_OP_BUFFER; + error = xfs_attr_get(&args); + if (error) + goto out; + + block->kaddr = args.value; + block->len = args.valuelen; + block->cached = args.bp->b_flags & XBF_VERITY_CHECKED; + block->context = args.bp; + + return error; + +out: + kmem_free(args.value); + if (args.bp) + xfs_buf_rele(args.bp); + return error; +} + +static int +xfs_write_merkle_tree_block( + struct inode *inode, + const void *buf, + u64 pos, + unsigned int size) +{ + struct xfs_inode *ip = XFS_I(inode); + struct xfs_fsverity_merkle_key name; + struct xfs_da_args args = { + .dp = ip, + .whichfork = XFS_ATTR_FORK, + .attr_filter = XFS_ATTR_VERITY, + .attr_flags = XATTR_CREATE, + .namelen = sizeof(struct xfs_fsverity_merkle_key), + .value = (void *)buf, + .valuelen = size, + }; + + xfs_fsverity_merkle_key_to_disk(&name, pos); + args.name = (const uint8_t *)&name.merkleoff; + + return xfs_attr_set(&args); +} + +static void +xfs_drop_block( + struct fsverity_block *block) +{ + struct xfs_buf *buf; + + ASSERT(block != NULL); + + buf = (struct xfs_buf *)block->context; + + if (block->cached) + buf->b_flags |= XBF_VERITY_CHECKED; + xfs_buf_rele(buf); + + kunmap_local(block->kaddr); +} + +const struct fsverity_operations xfs_verity_ops = { + .begin_enable_verity = &xfs_begin_enable_verity, + .end_enable_verity = &xfs_end_enable_verity, + .get_verity_descriptor = &xfs_get_verity_descriptor, + .read_merkle_tree_block = &xfs_read_merkle_tree_block, + .write_merkle_tree_block = &xfs_write_merkle_tree_block, + .drop_block = &xfs_drop_block, +}; diff --git a/fs/xfs/xfs_verity.h b/fs/xfs/xfs_verity.h new file mode 100644 index 000000000000..0f32fd212091 --- /dev/null +++ b/fs/xfs/xfs_verity.h @@ -0,0 +1,37 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2022 Red Hat, Inc. + */ +#ifndef __XFS_VERITY_H__ +#define __XFS_VERITY_H__ + +#include "xfs.h" +#include "xfs_da_format.h" +#include "xfs_da_btree.h" +#include + +#define XFS_VERITY_DESCRIPTOR_NAME "verity_descriptor" +#define XFS_VERITY_DESCRIPTOR_NAME_LEN 17 + +static inline bool +xfs_verity_merkle_block( + struct xfs_da_args *args) +{ + if (!(args->attr_filter & XFS_ATTR_VERITY)) + return false; + + if (!(args->op_flags & XFS_DA_OP_BUFFER)) + return false; + + if (args->valuelen < 1024 || args->valuelen > PAGE_SIZE || + !is_power_of_2(args->valuelen)) + return false; + + return true; +} + +#ifdef CONFIG_FS_VERITY +extern const struct fsverity_operations xfs_verity_ops; +#endif /* CONFIG_FS_VERITY */ + +#endif /* __XFS_VERITY_H__ */ From patchwork Fri Oct 6 18:49:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411899 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A582AE94100 for ; Fri, 6 Oct 2023 18:55:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233350AbjJFSzS (ORCPT ); Fri, 6 Oct 2023 14:55:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43572 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233385AbjJFSyx (ORCPT ); Fri, 6 Oct 2023 14:54:53 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B76D3115 for ; Fri, 6 Oct 2023 11:52:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618365; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Bq+G/SWzJbNXPr4q3ksgk2vbn5f43WMbMxlAhTulQsg=; b=WnZFgsYSJ39FY0kcZT1fEJq+oh+qVKONOgT+2v7NjISTDeBLbvMCcqfN+LmxHzNt5+7Ovd RrSR83qlvLHpcgGPgx2eq/d2aFh3ACVLZJVdtNTorWPWVK95YZNGHB41n2ErWBKer2RF6g I4j5r3ZyTaiMUKiPleQPK1xaWfv+BQE= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-584-XT_qvE8ZPRuvxDeO7ia0sg-1; Fri, 06 Oct 2023 14:52:44 -0400 X-MC-Unique: XT_qvE8ZPRuvxDeO7ia0sg-1 Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-9adc78b386cso209875066b.0 for ; Fri, 06 Oct 2023 11:52:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618362; x=1697223162; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Bq+G/SWzJbNXPr4q3ksgk2vbn5f43WMbMxlAhTulQsg=; b=GiMwUxPH1T2s4YrioZoiNnUVAQG7NvPoRQuDnAF2/cZWujscFXkThXxxiRMM6cBk0B 1wEjG67xjMECklDW2ib7e4bzWOeQ3ZquA5xdyoSCvBQIQGyaIYfnszq3dlztRaFXCJoF yRq6wzE1jJZhUYHGHzPONejkcfJvIJIf1YQskAnvAj6mBWKbUGDMzg+GH2+DpyONdhcP 1lWhQIW1MCyuUCUYadzNueIIIWowGxpyLbZlMV0aIRNpxBzCvLMkdsqp9QUiR54CF8GK 3zG+DE2bLbttNH33IJjXHcONz6BcLATtDjCUCNM4sUy0eHqq4ji9Og2iZ1qQioagNvWu rXGg== X-Gm-Message-State: AOJu0YybLztv8rELM5+cEiQuQxeyfK5Up4LCMt4WYKLeh9xH/mK0dLKb PGI80KYE9Wv7zoVlvU7p1uOuzR6pWOgInEekqPi7glCM+jNLFCW4knGkrlJZvq3x5+VWe8JGlwb nhOvuCS84HUooAfYekPSjrQO37ox7qN5gQ4IuBa6xgWRBBeH3i/O0b8DBdI19RTBmFjpDjLHe9D ZwawI= X-Received: by 2002:a17:906:768e:b0:9ae:729c:f651 with SMTP id o14-20020a170906768e00b009ae729cf651mr7909066ejm.17.1696618362759; Fri, 06 Oct 2023 11:52:42 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEJNFgKdzEHOeVvd+3tQl9Cob5IB9hO5jTuzm4AjNObs8WxdVcJlwftDSDxj9DkgztYQ4iC7A== X-Received: by 2002:a17:906:768e:b0:9ae:729c:f651 with SMTP id o14-20020a170906768e00b009ae729cf651mr7909049ejm.17.1696618362520; Fri, 06 Oct 2023 11:52:42 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:42 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Andrey Albershteyn Subject: [PATCH v3 26/28] xfs: make scrub aware of verity dinode flag Date: Fri, 6 Oct 2023 20:49:20 +0200 Message-Id: <20231006184922.252188-27-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org fs-verity adds new inode flag which causes scrub to fail as it is not yet known. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong --- fs/xfs/scrub/attr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/xfs/scrub/attr.c b/fs/xfs/scrub/attr.c index f35144704395..b4f0ba45a092 100644 --- a/fs/xfs/scrub/attr.c +++ b/fs/xfs/scrub/attr.c @@ -494,7 +494,7 @@ xchk_xattr_rec( /* Retrieve the entry and check it. */ hash = be32_to_cpu(ent->hashval); badflags = ~(XFS_ATTR_LOCAL | XFS_ATTR_ROOT | XFS_ATTR_SECURE | - XFS_ATTR_INCOMPLETE | XFS_ATTR_PARENT); + XFS_ATTR_INCOMPLETE | XFS_ATTR_PARENT | XFS_ATTR_VERITY); if ((ent->flags & badflags) != 0) xchk_da_set_corrupt(ds, level); if (ent->flags & XFS_ATTR_LOCAL) { From patchwork Fri Oct 6 18:49:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411927 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 183D1E94103 for ; Fri, 6 Oct 2023 18:55:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233430AbjJFSzW (ORCPT ); Fri, 6 Oct 2023 14:55:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43584 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233387AbjJFSyx (ORCPT ); Fri, 6 Oct 2023 14:54:53 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 53DF1116 for ; Fri, 6 Oct 2023 11:52:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618366; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=h+hERDddpeeIHe4DM9B5TqIjpvoGQYj+Dd7I5rMKZNk=; b=SN+h39RIfV4kiWiorIF1kGPws7MDGlDjn0Fi21H9NNL1tGkZeTkH5z1sqOngTSyBCqb+iq LyfjetycJNg1sFjCUMZXQ2xJgdYKlCWGXdV1JMRAyj9ME7gDV1mfwrnJvcwd9wi0WN8qAW lplB45NmXGlF9zCLSgzhUz0wyf3kvx0= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-117-dkUHvfUfMO-kYNaTlBOfEQ-1; Fri, 06 Oct 2023 14:52:45 -0400 X-MC-Unique: dkUHvfUfMO-kYNaTlBOfEQ-1 Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-9b65c46bca8so208419066b.1 for ; Fri, 06 Oct 2023 11:52:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618364; x=1697223164; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=h+hERDddpeeIHe4DM9B5TqIjpvoGQYj+Dd7I5rMKZNk=; b=aNsngfx5i2MWP2vIEvcXd7Ugv+hzBf6ibampOwOMwAxBtziiDvIcXqkP0kfuJMvEH0 6GVidD4iHaWRH8I99/xIjBn9VoP3jn05XhYagq9pSSyEONyVjQxNG14xMB4kawhKzUtK kB+1USXkAaIrP/8ybDnAAMuUyCaI7X8dPIi+I9raWZZsjeY0362+MR/KLe3C0vi5oztg etWfmo6ta8HhVQXGtuGer8Vn6PcwLj8zKbG4+IX27XiAzzDhe51+ZrT2pH5ufahOd5lr 94SxRosASNneF+Msxy0hfIm7m8FTn8q9rTixMW0eUqw4w3RszZdqe+mevLpPNpxZYsH6 oSbQ== X-Gm-Message-State: AOJu0Yxa6e/aBpVSZHEtnPgueY/IwPd4kB8FuDDhCbz1uLjopJjuEchy YlrtROswJ9HeWkybql55Sm1h0d+5Cc9by4Hy5wqa/b3vO/WrWENvW+yuXBtuLlX3zLVNFdS69zi lzRgXpQQOdbE2WEN3zxzHC/mVL5MZJvs7Fe1TDlHI1WmhspTpK+oqbgF6KMef/3svJCP3yaN9BW /gVdE= X-Received: by 2002:a17:906:31c7:b0:9ae:673a:88c8 with SMTP id f7-20020a17090631c700b009ae673a88c8mr8463915ejf.21.1696618363826; Fri, 06 Oct 2023 11:52:43 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGj4mxEdfFg60CQgUH6Kl9WUvjEgQ0RS1ocFOzUW2NWuCD/0V4jWL98MJ2Rk4lHCKYOiP5xjQ== X-Received: by 2002:a17:906:31c7:b0:9ae:673a:88c8 with SMTP id f7-20020a17090631c700b009ae673a88c8mr8463904ejf.21.1696618363632; Fri, 06 Oct 2023 11:52:43 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:43 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Andrey Albershteyn Subject: [PATCH v3 27/28] xfs: add fs-verity ioctls Date: Fri, 6 Oct 2023 20:49:21 +0200 Message-Id: <20231006184922.252188-28-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org Add fs-verity ioctls to enable, dump metadata (descriptor and Merkle tree pages) and obtain file's digest. Signed-off-by: Andrey Albershteyn --- fs/xfs/xfs_ioctl.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c index 3d6d680b6cf3..ffa04f0aed4a 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c @@ -42,6 +42,7 @@ #include #include #include +#include /* * xfs_find_handle maps from userspace xfs_fsop_handlereq structure to @@ -2154,6 +2155,22 @@ xfs_file_ioctl( return error; } + case FS_IOC_ENABLE_VERITY: + if (!xfs_has_verity(mp)) + return -EOPNOTSUPP; + return fsverity_ioctl_enable(filp, (const void __user *)arg); + + case FS_IOC_MEASURE_VERITY: + if (!xfs_has_verity(mp)) + return -EOPNOTSUPP; + return fsverity_ioctl_measure(filp, (void __user *)arg); + + case FS_IOC_READ_VERITY_METADATA: + if (!xfs_has_verity(mp)) + return -EOPNOTSUPP; + return fsverity_ioctl_read_metadata(filp, + (const void __user *)arg); + default: return -ENOTTY; } From patchwork Fri Oct 6 18:49:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13411931 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C5309E94104 for ; Fri, 6 Oct 2023 18:56:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233545AbjJFS4F (ORCPT ); Fri, 6 Oct 2023 14:56:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59068 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233366AbjJFSz2 (ORCPT ); Fri, 6 Oct 2023 14:55:28 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E2E53123 for ; Fri, 6 Oct 2023 11:52:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696618377; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5rlF0oL9W0zNtBhbjMTbk37IJ/kLdlHiXudCvThRqlI=; b=funA6IMxyY3mnefPGXJhUsKdKC+bluMkANKD+EkcsX9CPppUhHyAgOMXpCAn6q2w/OnVpv VWMiq8x1PNJ29xSwdXNf1bHFK5zddls18J3rXMSkYIbly4Nnl2ziNvcOq0ld/OrjReGMTr wY2yfn2EnJrIRNKvHmFRXehoO27Pggc= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-454-ZsFXvv4kOWKj4cURcg9tdQ-1; Fri, 06 Oct 2023 14:52:46 -0400 X-MC-Unique: ZsFXvv4kOWKj4cURcg9tdQ-1 Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-9b9ecd8c351so183825566b.1 for ; Fri, 06 Oct 2023 11:52:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696618364; x=1697223164; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5rlF0oL9W0zNtBhbjMTbk37IJ/kLdlHiXudCvThRqlI=; b=WwYqZkFby9ez7AhuPzKuX5HwwYyCpJ8vboxH+qgv+F1OYJ3zvyyOJjc4z9nr7xIXJT SkzqvP8kc373xHnt/ISNl1zjoAM5WOsxmpMR51lpmGJSx9ZE4rh0mdktKHqlQpouvXVA R7vYPlrvMG+PpgbTrpCejueSAQQmbqw+RN6pDb942tIZhQiL7hmoWLKxmT7rQUyvJpMP Ich0bR8Y6QPHucrwwUya+IEIxt/0DOHh3ReVgW/99BLawg90mCy67eNtBYYAXDr9xu6+ l45kIxlimrS8oP5rOkdLdHHh6Us3v+MDb2R7oJkTCcybpVHOfjxh8YWNKB1c+H08dwxW dyuw== X-Gm-Message-State: AOJu0YyufdN/Uuc84K3jfNO42nIw+I8d7eKJdIXG6yoO34hm06EcNCSi RpMc8sMaudJrLlC1utgj5QH3bIbHK6u4De6TbJ1Uz0ZXXhCiua8O0NgtGWWrTprMQV7M5MwMYPv AEJiMm57A7KcR0VIypUcK/2pFLt0z0GKbgOt1/iYVcZoB36IYkuer3OC7JHAZKtKaZ9evbfWIJT 02Py4= X-Received: by 2002:a17:906:3116:b0:9a9:e4ba:2da7 with SMTP id 22-20020a170906311600b009a9e4ba2da7mr8028685ejx.49.1696618364722; Fri, 06 Oct 2023 11:52:44 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHb5yDWscYNSrW67kJ5zHPToh4J20qlMVNuAtELJzCJW/KwyTT1ZP+ogCVKItFg1sfFvDb1pA== X-Received: by 2002:a17:906:3116:b0:9a9:e4ba:2da7 with SMTP id 22-20020a170906311600b009a9e4ba2da7mr8028667ejx.49.1696618364456; Fri, 06 Oct 2023 11:52:44 -0700 (PDT) Received: from localhost.localdomain ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id os5-20020a170906af6500b009b947f81c4asm3304741ejb.155.2023.10.06.11.52.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 11:52:44 -0700 (PDT) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev Cc: djwong@kernel.org, ebiggers@kernel.org, david@fromorbit.com, dchinner@redhat.com, Andrey Albershteyn Subject: [PATCH v3 28/28] xfs: enable ro-compat fs-verity flag Date: Fri, 6 Oct 2023 20:49:22 +0200 Message-Id: <20231006184922.252188-29-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20231006184922.252188-1-aalbersh@redhat.com> References: <20231006184922.252188-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org Finalize fs-verity integration in XFS by making kernel fs-verity aware with ro-compat flag. Signed-off-by: Andrey Albershteyn --- fs/xfs/libxfs/xfs_format.h | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/fs/xfs/libxfs/xfs_format.h b/fs/xfs/libxfs/xfs_format.h index ccb2ae5c2c93..a21612319765 100644 --- a/fs/xfs/libxfs/xfs_format.h +++ b/fs/xfs/libxfs/xfs_format.h @@ -355,10 +355,11 @@ xfs_sb_has_compat_feature( #define XFS_SB_FEAT_RO_COMPAT_INOBTCNT (1 << 3) /* inobt block counts */ #define XFS_SB_FEAT_RO_COMPAT_VERITY (1 << 4) /* fs-verity */ #define XFS_SB_FEAT_RO_COMPAT_ALL \ - (XFS_SB_FEAT_RO_COMPAT_FINOBT | \ - XFS_SB_FEAT_RO_COMPAT_RMAPBT | \ - XFS_SB_FEAT_RO_COMPAT_REFLINK| \ - XFS_SB_FEAT_RO_COMPAT_INOBTCNT) + (XFS_SB_FEAT_RO_COMPAT_FINOBT | \ + XFS_SB_FEAT_RO_COMPAT_RMAPBT | \ + XFS_SB_FEAT_RO_COMPAT_REFLINK | \ + XFS_SB_FEAT_RO_COMPAT_INOBTCNT| \ + XFS_SB_FEAT_RO_COMPAT_VERITY) #define XFS_SB_FEAT_RO_COMPAT_UNKNOWN ~XFS_SB_FEAT_RO_COMPAT_ALL static inline bool xfs_sb_has_ro_compat_feature(