From patchwork Mon Mar 4 19:10:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13581027 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2B02578B76 for ; Mon, 4 Mar 2024 19:12:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579538; cv=none; b=NWl92mQQ/5h/sIl0EcLbGpofIYoKgFfMVvUhaG6wRD1tJGOx/iT9IukvzjIbZHDVA09bo2T0NU5lYtQ5/qdouCAgEbOEu4zUWFuX6MO1CNmhQBHxrtjw3OYOpORN1hILOvkLQUZkTvW66oPUPGntthBXngRyBByw3yTRx0jjCYQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579538; c=relaxed/simple; bh=grAu43Eie92E+XOQ7d04C6cdM5uR0Ox/AK1rLCL9Nso=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ezIvwKxviH4J2RG1qVY1bel7g9k2kAxIflwREI+kVmgfblQgK+vCf1wkVD2u6PnjtgKEmK3w5LguBVfrvLoUDFQsMdfSLedlE/O74Lieodl54AChZyPtHlUkPjwB3Yu6OAuq7q8+Hrcfuz7/RwC17+CRbWbepL1FJDvGYdYul9k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=GQ/ow0ew; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="GQ/ow0ew" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709579535; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qXH4oA7cWAgzu2mxLxXFHd34t/bbMKvcNeTx3/w9/Kc=; b=GQ/ow0ewCHjC8TplC0S4bG6Shvxco7zg4p/83COGxr0cgJyXq10LwpYwfTzJBiV5kSeop2 Nm5wUhcSjcWjRisv16rOPUUy84MG2tArc5Fa0tflVmwJD+oHapacbIrxGdVYxcYDqJGV8X Nw9ZuWnuDTgU6uWK4rHti24CwtUhTlE= Received: from mail-lf1-f72.google.com (mail-lf1-f72.google.com [209.85.167.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-240-MPEI2QAcNeSmLW8A2A8TPA-1; Mon, 04 Mar 2024 14:12:13 -0500 X-MC-Unique: MPEI2QAcNeSmLW8A2A8TPA-1 Received: by mail-lf1-f72.google.com with SMTP id 2adb3069b0e04-51325a4d003so5318344e87.3 for ; Mon, 04 Mar 2024 11:12:13 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709579532; x=1710184332; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qXH4oA7cWAgzu2mxLxXFHd34t/bbMKvcNeTx3/w9/Kc=; b=rvsnVcRRSGVqqiCQALJjvsnCmSp4S/pAsRJzYcK/jWZ0iZ3dO5uoWceMrTzWC6C7Lj QK3CeGmyjUBJOHvjhTgr6Gw1tt1JtjRhEjoSWZb1WlPQkkylA5i5uvKibXa5hZaGyL/o xoHT1f69oNaXv80lfMAiBQEV1fx2RXgSIkVy1Ttx+L3p1yqTD95MtBigBR0TBotFw4w0 tuBnvm1UXw44yycLt2r1edHwYvBtH8acDu9kzgowmChPNK5bTWMzHa7DfNeN/b6/ESWT DbcytfSWONJUZJp1AAE0TmbsTcqjmNI7DsORGX3xt9AzQwipMWAY0+N8ZuzxW6sXjRtC qnaA== X-Forwarded-Encrypted: i=1; AJvYcCUlGEfaFXfM5+H32qbzrUU9rnHzv/m2HMzGVtM2ilUUsKO/3N0DlZzMsuouU+ki4OXRFzbT5lGxydGjn/xZQzx8a4imhyfRdo3kQ/p8Pw== X-Gm-Message-State: AOJu0Yzt1wAfFfJYGFjkhOOCXPMDlErQpgb9yhXYa81dShsXFSjIvIbX gt9dhYONZv3JmjbIa1DbNDWBaF69hsFXZHLpQpdshpxDaH6nMhviBiT0FaP9j1Q3LDwQ3f0cuh3 H8Aovzo/G0We/mHFJQaR/y6zWOWX76Oaai1y8t2aMdzHv0yj2dpu1GEjnQt1VuQ== X-Received: by 2002:a19:6406:0:b0:512:eb9a:dab7 with SMTP id y6-20020a196406000000b00512eb9adab7mr6191432lfb.2.1709579531896; Mon, 04 Mar 2024 11:12:11 -0800 (PST) X-Google-Smtp-Source: AGHT+IFmvwQHZczKkRO+3Qv9f+16OlN4ewbg8aTrkBU/tuYNoG9gi7a1s9fyz7dMVO+hCtnT/D4e4A== X-Received: by 2002:a19:6406:0:b0:512:eb9a:dab7 with SMTP id y6-20020a196406000000b00512eb9adab7mr6191421lfb.2.1709579531436; Mon, 04 Mar 2024 11:12:11 -0800 (PST) Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id a11-20020a1709064a4b00b00a44a04aa3cfsm3783319ejv.225.2024.03.04.11.12.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 11:12:11 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn , Eric Biggers Subject: [PATCH v5 01/24] fsverity: remove hash page spin lock Date: Mon, 4 Mar 2024 20:10:24 +0100 Message-ID: <20240304191046.157464-3-aalbersh@redhat.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20240304191046.157464-2-aalbersh@redhat.com> References: <20240304191046.157464-2-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The spin lock is not necessary here as it can be replaced with memory barrier which should be better performance-wise. When Merkle tree block size differs from page size, in is_hash_block_verified() two things are modified during check - a bitmap and PG_checked flag of the page. Each bit in the bitmap represent verification status of the Merkle tree blocks. PG_checked flag tells if page was just re-instantiated or was in pagecache. Both of this states are shared between verification threads. Page which was re-instantiated can not have already verified blocks (bit set in bitmap). The spin lock was used to allow only one thread to modify both of these states and keep order of operations. The only requirement here is that PG_Checked is set strictly after bitmap is updated. This way other threads which see that PG_Checked=1 (page cached) knows that bitmap is up-to-date. Otherwise, if PG_Checked is set before bitmap is cleared, other threads can see bit=1 and therefore will not perform verification of that Merkle tree block. However, there's still the case when one thread is setting a bit in verify_data_block() and other thread is clearing it in is_hash_block_verified(). This can happen if two threads get to !PageChecked branch and one of the threads is rescheduled before resetting the bitmap. This is fine as at worst blocks are re-verified in each thread. Signed-off-by: Eric Biggers Reviewed-by: Andrey Albershteyn Signed-off-by: Andrey Albershteyn --- fs/verity/fsverity_private.h | 1 - fs/verity/open.c | 1 - fs/verity/verify.c | 48 ++++++++++++++++++------------------ 3 files changed, 24 insertions(+), 26 deletions(-) diff --git a/fs/verity/fsverity_private.h b/fs/verity/fsverity_private.h index a6a6b2749241..b3506f56e180 100644 --- a/fs/verity/fsverity_private.h +++ b/fs/verity/fsverity_private.h @@ -69,7 +69,6 @@ struct fsverity_info { u8 file_digest[FS_VERITY_MAX_DIGEST_SIZE]; const struct inode *inode; unsigned long *hash_block_verified; - spinlock_t hash_page_init_lock; }; #define FS_VERITY_MAX_SIGNATURE_SIZE (FS_VERITY_MAX_DESCRIPTOR_SIZE - \ diff --git a/fs/verity/open.c b/fs/verity/open.c index 6c31a871b84b..fdeb95eca3af 100644 --- a/fs/verity/open.c +++ b/fs/verity/open.c @@ -239,7 +239,6 @@ struct fsverity_info *fsverity_create_info(const struct inode *inode, err = -ENOMEM; goto fail; } - spin_lock_init(&vi->hash_page_init_lock); } return vi; diff --git a/fs/verity/verify.c b/fs/verity/verify.c index 904ccd7e8e16..4fcad0825a12 100644 --- a/fs/verity/verify.c +++ b/fs/verity/verify.c @@ -19,7 +19,6 @@ static struct workqueue_struct *fsverity_read_workqueue; static bool is_hash_block_verified(struct fsverity_info *vi, struct page *hpage, unsigned long hblock_idx) { - bool verified; unsigned int blocks_per_page; unsigned int i; @@ -43,12 +42,20 @@ static bool is_hash_block_verified(struct fsverity_info *vi, struct page *hpage, * re-instantiated from the backing storage are re-verified. To do * this, we use PG_checked again, but now it doesn't really mean * "checked". Instead, now it just serves as an indicator for whether - * the hash page is newly instantiated or not. + * the hash page is newly instantiated or not. If the page is new, as + * indicated by PG_checked=0, we clear the bitmap bits for the page's + * blocks since they are untrustworthy, then set PG_checked=1. + * Otherwise we return the bitmap bit for the requested block. * - * The first thread that sees PG_checked=0 must clear the corresponding - * bitmap bits, then set PG_checked=1. This requires a spinlock. To - * avoid having to take this spinlock in the common case of - * PG_checked=1, we start with an opportunistic lockless read. + * Multiple threads may execute this code concurrently on the same page. + * This is safe because we use memory barriers to ensure that if a + * thread sees PG_checked=1, then it also sees the associated bitmap + * clearing to have occurred. Also, all writes and their corresponding + * reads are atomic, and all writes are safe to repeat in the event that + * multiple threads get into the PG_checked=0 section. (Clearing a + * bitmap bit again at worst causes a hash block to be verified + * redundantly. That event should be very rare, so it's not worth using + * a lock to avoid. Setting PG_checked again has no effect.) */ if (PageChecked(hpage)) { /* @@ -58,24 +65,17 @@ static bool is_hash_block_verified(struct fsverity_info *vi, struct page *hpage, smp_rmb(); return test_bit(hblock_idx, vi->hash_block_verified); } - spin_lock(&vi->hash_page_init_lock); - if (PageChecked(hpage)) { - verified = test_bit(hblock_idx, vi->hash_block_verified); - } else { - blocks_per_page = vi->tree_params.blocks_per_page; - hblock_idx = round_down(hblock_idx, blocks_per_page); - for (i = 0; i < blocks_per_page; i++) - clear_bit(hblock_idx + i, vi->hash_block_verified); - /* - * A write memory barrier is needed here to give RELEASE - * semantics to the below SetPageChecked() operation. - */ - smp_wmb(); - SetPageChecked(hpage); - verified = false; - } - spin_unlock(&vi->hash_page_init_lock); - return verified; + blocks_per_page = vi->tree_params.blocks_per_page; + hblock_idx = round_down(hblock_idx, blocks_per_page); + for (i = 0; i < blocks_per_page; i++) + clear_bit(hblock_idx + i, vi->hash_block_verified); + /* + * A write memory barrier is needed here to give RELEASE semantics to + * the below SetPageChecked() operation. + */ + smp_wmb(); + SetPageChecked(hpage); + return false; } /* From patchwork Mon Mar 4 19:10:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13581029 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A770078B70 for ; Mon, 4 Mar 2024 19:12:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579540; cv=none; b=EcfzIePWBaLLq31jv4Pwg5kOcTcWiBM8raeJpjPHoeNokzG2HfaDbIXUC31Cvw6Hs9KFKSVPasiIY9xc8PnVDkTpq4CVgzcweGDkg0eidy7VNBxd3Zi383Nzyd6nAFsyMI7vWOis4RIGf0S5/Q4pHbwa+2uJbgMHvwH+7lpzZYo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579540; c=relaxed/simple; bh=Vy6aKow/W1afzQTgEIlDGAfiO3Pdvi5QJY/f+z2nhzM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Zj4CBqU7KqiqWA6tNWAbUVncQ33ws80pFlddKK/VzL9i9O/xWt0nLiRyLzNJyBerk5seH+mcx13KF9i7tqGkOnMFjn+xI5Pu2h8d8/TPmghp5sa5BQEcUlCgSzyuP4xvEGDqDfLZvHtVsdApw1mvSQ0JktQneLvZYqTI3my0dp4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=f91mTuqr; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="f91mTuqr" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709579535; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Nqqw4mVotq0OBveNn7Z3piHTecgeWnPUkNTctKlIj/8=; b=f91mTuqrLsN/4WQe0mHJ7/Yy0K0tOWEZctFBiKMIen0XnmuwFR8Z7RveBf6dLu03awt1up 4ntTEcHy1xYP4gVZGYHOYj8N1vcZeYqpIAcWyqq0GS8lWWteT/ShB74rT3/b07zd5/rnJ7 /lDg/6ChkbjS7JKRJris1lUE9Pb4jz8= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-301-v59M_Lv8MOaLqSz7_r--6w-1; Mon, 04 Mar 2024 14:12:14 -0500 X-MC-Unique: v59M_Lv8MOaLqSz7_r--6w-1 Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-a45095f33fdso185600166b.0 for ; Mon, 04 Mar 2024 11:12:13 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709579533; x=1710184333; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Nqqw4mVotq0OBveNn7Z3piHTecgeWnPUkNTctKlIj/8=; b=HcIREBYjMR4ZezTMv+ZXYKktFbzotLyXByfF9w1IJV2YLiASRnSBFzBvaqtm556abj 0AsNfipOSZwFXm5niUSWCTT+kSbkSssDQylpgPXnZ1VVy/9QM5Qh7sBn6AhGESDPBDnF ecy14WvsKBUEQoESJWE5wtLzPJ7DdHCov9EncnR3gKKkDmYGw/wxLC2yIpMUM0hPTcrh hJf5Ui1kHYKXNLIi1yYRnHABGFbOg3BJqACI1zM72hUU8UZwpvneWOTw7FwZlyv6LTZ1 C1eNDozJ+1uL2viSA0VbR/URWGLnAr77VD42IbpkRMxum8Omx4qoJAIhMiY85t9lpmlm ZC/Q== X-Forwarded-Encrypted: i=1; AJvYcCXzyuI7WN2/rRwetMky7pToB7Xffc0AktBDMDajKW08XDOuUnoLDHtn4+OvIcq2yolPkIws+RFqgH3+Npa5Vg+6JbwpggX4Xy0MMC1x8w== X-Gm-Message-State: AOJu0YzvYZSZ80KXKOiYOBCdFNhgVFgsaZXEINtlROJGfjC6koXzxuZy 0/bnLpOYQb2SbAj3uPHP+CsbvLfq4I6GAcfZzaLikKBa9SHzrk/gxctETpjEZxXRYNGE4S2/ztL fEl1tucRkxLSd8AlnPYr2vUeI82TFpy5pAC4f0HiMmJ8ECXngol+z+YFGjhsSXQ== X-Received: by 2002:a17:906:7208:b0:a44:9483:33c1 with SMTP id m8-20020a170906720800b00a44948333c1mr454998ejk.20.1709579532847; Mon, 04 Mar 2024 11:12:12 -0800 (PST) X-Google-Smtp-Source: AGHT+IHriVFD5H05LTiKf6J8/M+ZPcD1k3KsigVNhXSp46qw4DNjzzgpyPjO7C93xuGAbGnaCVQYNQ== X-Received: by 2002:a17:906:7208:b0:a44:9483:33c1 with SMTP id m8-20020a170906720800b00a44948333c1mr454957ejk.20.1709579532348; Mon, 04 Mar 2024 11:12:12 -0800 (PST) Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id a11-20020a1709064a4b00b00a44a04aa3cfsm3783319ejv.225.2024.03.04.11.12.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 11:12:11 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Allison Henderson , Mark Tinguely , Dave Chinner Subject: [PATCH v5 02/24] xfs: add parent pointer support to attribute code Date: Mon, 4 Mar 2024 20:10:25 +0100 Message-ID: <20240304191046.157464-4-aalbersh@redhat.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20240304191046.157464-2-aalbersh@redhat.com> References: <20240304191046.157464-2-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Allison Henderson Add the new parent attribute type. XFS_ATTR_PARENT is used only for parent pointer entries; it uses reserved blocks like XFS_ATTR_ROOT. Signed-off-by: Mark Tinguely Signed-off-by: Dave Chinner Signed-off-by: Allison Henderson Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong --- fs/xfs/libxfs/xfs_attr.c | 3 ++- fs/xfs/libxfs/xfs_da_format.h | 5 ++++- fs/xfs/libxfs/xfs_log_format.h | 1 + fs/xfs/scrub/attr.c | 2 +- fs/xfs/xfs_trace.h | 3 ++- 5 files changed, 10 insertions(+), 4 deletions(-) diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c index 673a4b6d2e8d..ff67a684a452 100644 --- a/fs/xfs/libxfs/xfs_attr.c +++ b/fs/xfs/libxfs/xfs_attr.c @@ -925,7 +925,8 @@ xfs_attr_set( struct xfs_inode *dp = args->dp; struct xfs_mount *mp = dp->i_mount; struct xfs_trans_res tres; - bool rsvd = (args->attr_filter & XFS_ATTR_ROOT); + bool rsvd = (args->attr_filter & (XFS_ATTR_ROOT | + XFS_ATTR_PARENT)); int error, local; int rmt_blks = 0; unsigned int total; diff --git a/fs/xfs/libxfs/xfs_da_format.h b/fs/xfs/libxfs/xfs_da_format.h index 060e5c96b70f..5434d4d5b551 100644 --- a/fs/xfs/libxfs/xfs_da_format.h +++ b/fs/xfs/libxfs/xfs_da_format.h @@ -714,12 +714,15 @@ struct xfs_attr3_leafblock { #define XFS_ATTR_LOCAL_BIT 0 /* attr is stored locally */ #define XFS_ATTR_ROOT_BIT 1 /* limit access to trusted attrs */ #define XFS_ATTR_SECURE_BIT 2 /* limit access to secure attrs */ +#define XFS_ATTR_PARENT_BIT 3 /* parent pointer attrs */ #define XFS_ATTR_INCOMPLETE_BIT 7 /* attr in middle of create/delete */ #define XFS_ATTR_LOCAL (1u << XFS_ATTR_LOCAL_BIT) #define XFS_ATTR_ROOT (1u << XFS_ATTR_ROOT_BIT) #define XFS_ATTR_SECURE (1u << XFS_ATTR_SECURE_BIT) +#define XFS_ATTR_PARENT (1u << XFS_ATTR_PARENT_BIT) #define XFS_ATTR_INCOMPLETE (1u << XFS_ATTR_INCOMPLETE_BIT) -#define XFS_ATTR_NSP_ONDISK_MASK (XFS_ATTR_ROOT | XFS_ATTR_SECURE) +#define XFS_ATTR_NSP_ONDISK_MASK \ + (XFS_ATTR_ROOT | XFS_ATTR_SECURE | XFS_ATTR_PARENT) /* * Alignment for namelist and valuelist entries (since they are mixed diff --git a/fs/xfs/libxfs/xfs_log_format.h b/fs/xfs/libxfs/xfs_log_format.h index 16872972e1e9..9cbcba4bd363 100644 --- a/fs/xfs/libxfs/xfs_log_format.h +++ b/fs/xfs/libxfs/xfs_log_format.h @@ -974,6 +974,7 @@ struct xfs_icreate_log { */ #define XFS_ATTRI_FILTER_MASK (XFS_ATTR_ROOT | \ XFS_ATTR_SECURE | \ + XFS_ATTR_PARENT | \ XFS_ATTR_INCOMPLETE) /* diff --git a/fs/xfs/scrub/attr.c b/fs/xfs/scrub/attr.c index 83c7feb38714..49f91cc85a65 100644 --- a/fs/xfs/scrub/attr.c +++ b/fs/xfs/scrub/attr.c @@ -494,7 +494,7 @@ xchk_xattr_rec( /* Retrieve the entry and check it. */ hash = be32_to_cpu(ent->hashval); badflags = ~(XFS_ATTR_LOCAL | XFS_ATTR_ROOT | XFS_ATTR_SECURE | - XFS_ATTR_INCOMPLETE); + XFS_ATTR_INCOMPLETE | XFS_ATTR_PARENT); if ((ent->flags & badflags) != 0) xchk_da_set_corrupt(ds, level); if (ent->flags & XFS_ATTR_LOCAL) { diff --git a/fs/xfs/xfs_trace.h b/fs/xfs/xfs_trace.h index 56b07d8ed431..d4f1b2da21e7 100644 --- a/fs/xfs/xfs_trace.h +++ b/fs/xfs/xfs_trace.h @@ -86,7 +86,8 @@ struct xfs_bmap_intent; #define XFS_ATTR_FILTER_FLAGS \ { XFS_ATTR_ROOT, "ROOT" }, \ { XFS_ATTR_SECURE, "SECURE" }, \ - { XFS_ATTR_INCOMPLETE, "INCOMPLETE" } + { XFS_ATTR_INCOMPLETE, "INCOMPLETE" }, \ + { XFS_ATTR_PARENT, "PARENT" } DECLARE_EVENT_CLASS(xfs_attr_list_class, TP_PROTO(struct xfs_attr_list_context *ctx), From patchwork Mon Mar 4 19:10:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13581028 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 79ED678B68 for ; Mon, 4 Mar 2024 19:12:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579540; cv=none; b=f/YyZLWKkQLci5RvBF4P6tonP3bAd5mC0H1zkj0YS2NjkvsWzbyZZvjhgMeIZ+Ags24emLW/N+v6vDQzuoscBZ/yUK3H/6CWfCrJMiM2CCsCFjeD8oqVnRViHyzCZ4UStX1Ey/iZieddolrS4yOtRAPiznqWw6TE4iSue/D58Hw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579540; c=relaxed/simple; bh=FCFL12PX1xMc1fw1YNErW36hkFF8KlDO7hGlj6HYSk8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=IlBhB0XYDm4hEVKB4Lo72oSeEnqHJzF1PMi5TzpM2Xwvk3ogP2IIPcpzWzWcGUnio8oSuUJ3RK+pzIljjRlydpbuiiUIWhYMRq5D8rRPLSO51lceZSQSNKEh6Wj3feIg1xyoCgTpZpVxnM4LuhWQe8CgO+44jyxkmuLpiV6Pa5A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=fZZaGBKF; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="fZZaGBKF" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709579537; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=v8EVmqubOm/naTi4DXPm1SKDmPkXIqlx/6rFI/v4VRk=; b=fZZaGBKFbMp3iBS3Omk9/bMMu+aqmKm7yFwKIGFUWY0EyVF+ZgE4rH+4AOJdlzygSTF002 5w914kd5awlVrzzXarXnjyNpskXRJDOuXnDSbSWWCrZnUhUZBnSSW1SYUpSW7O5eDTHLr1 jID0xvcSz9B3PM0HufnEIw39kNfiUPo= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-338-_XRxDhY3OXiGgNy_FXcg2Q-1; Mon, 04 Mar 2024 14:12:15 -0500 X-MC-Unique: _XRxDhY3OXiGgNy_FXcg2Q-1 Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-a451f02918aso112941466b.0 for ; Mon, 04 Mar 2024 11:12:14 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709579534; x=1710184334; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=v8EVmqubOm/naTi4DXPm1SKDmPkXIqlx/6rFI/v4VRk=; b=XHE/t8wS1Vl2ldPRkc7U0ho1S8j4mZ9lIQZ3Z0AjLNX2nG7+0lcGzLgBiFHrDCi155 x8+mOEXouX02Kfj7W1l9dZKwbgyasxPJplS/WnREq3bkjhSa9Cx1C8nWnxPSDsZDhB7a KdPluY8hIbamRPfUz+YWHOafGfumZ5aE34yA/ck967iDkcuDSYcbJMU22rUWUJoJBlqY 6Bo8KACIeKjOgZHn1Hs0llghVXTKWMjYOX+iNizi2bt2DKPWpNVKBqxE9E1zUkUcZVpj gdWMhRieC3i4DQPLhSRdx/lXJrcHHKA1s9o9ywZV1wqgDLf8R6hyqX/8Vi6z2wkwda4V r22Q== X-Forwarded-Encrypted: i=1; AJvYcCUpqK/OS80FY2q+9dwhhLHa3zRJVuPxDVkds8ZZDPrqm9rmfEVG0GgrPzj2YVgXjEa7wHmhBYtwJBmbCdNBNhN7IQDf+FGa71vAXXlF2g== X-Gm-Message-State: AOJu0Yyrhzp6AlBtts9vfiOwV5cWoTtryJuNfHgSa67RhgAHlYcaoscq TNVaJlE7m3w3xgFwEc2bU9KP0vP9K2ZcOf2OoylvnDC+M2Tdj3ngREtvSfP72t3jLfLykmbbztP 9PtxiNDoOZi8xf/cB9F+VEQ1Yt9nMf/v0lOsUdwLu0yDDKW9EV7Y4UnqxtBR8MQ== X-Received: by 2002:a17:906:7118:b0:a45:5a30:a3f2 with SMTP id x24-20020a170906711800b00a455a30a3f2mr2153537ejj.52.1709579533948; Mon, 04 Mar 2024 11:12:13 -0800 (PST) X-Google-Smtp-Source: AGHT+IFX1Q/wZ7CJ2r1e6hCCc+VyjZB/tTtQIwfCNV3D27NByDQoWJl1zA3SfjsT0YkL8gJSlbibig== X-Received: by 2002:a17:906:7118:b0:a45:5a30:a3f2 with SMTP id x24-20020a170906711800b00a455a30a3f2mr2153513ejj.52.1709579533307; Mon, 04 Mar 2024 11:12:13 -0800 (PST) Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id a11-20020a1709064a4b00b00a44a04aa3cfsm3783319ejv.225.2024.03.04.11.12.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 11:12:12 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Allison Henderson , Dave Chinner Subject: [PATCH v5 03/24] xfs: define parent pointer ondisk extended attribute format Date: Mon, 4 Mar 2024 20:10:26 +0100 Message-ID: <20240304191046.157464-5-aalbersh@redhat.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20240304191046.157464-2-aalbersh@redhat.com> References: <20240304191046.157464-2-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Allison Henderson We need to define the parent pointer attribute format before we start adding support for it into all the code that needs to use it. The EA format we will use encodes the following information: name={parent inode #, parent inode generation, dirent namehash} value={dirent name} The inode/gen gives all the information we need to reliably identify the parent without requiring child->parent lock ordering, and allows userspace to do pathname component level reconstruction without the kernel ever needing to verify the parent itself as part of ioctl calls. Storing the dirent name hash in the key reduces hash collisions if a file is hardlinked multiple times in the same directory. By using the NVLOOKUP mode in the extended attribute code to match parent pointers using both the xattr name and value, we can identify the exact parent pointer EA we need to modify/remove in rename/unlink operations without searching the entire EA space. By storing the dirent name, we have enough information to be able to validate and reconstruct damaged directory trees. Earlier iterations of this patchset encoded the directory offset in the parent pointer key, but this format required repair to keep that in sync across directory rebuilds, which is unnecessary complexity. Signed-off-by: Dave Chinner Signed-off-by: Allison Henderson Reviewed-by: Darrick J. Wong [djwong: replace diroffset with the namehash in the pptr key] Signed-off-by: Darrick J. Wong --- fs/xfs/libxfs/xfs_da_format.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/fs/xfs/libxfs/xfs_da_format.h b/fs/xfs/libxfs/xfs_da_format.h index 5434d4d5b551..67e8c33c4e82 100644 --- a/fs/xfs/libxfs/xfs_da_format.h +++ b/fs/xfs/libxfs/xfs_da_format.h @@ -878,4 +878,24 @@ static inline unsigned int xfs_dir2_dirblock_bytes(struct xfs_sb *sbp) xfs_failaddr_t xfs_da3_blkinfo_verify(struct xfs_buf *bp, struct xfs_da3_blkinfo *hdr3); +/* + * Parent pointer attribute format definition + * + * The xattr name encodes the parent inode number, generation and the crc32c + * hash of the dirent name. + * + * The xattr value contains the dirent name. + */ +struct xfs_parent_name_rec { + __be64 p_ino; + __be32 p_gen; + __be32 p_namehash; +}; + +/* + * Maximum size of the dirent name that can be stored in a parent pointer. + * This matches the maximum dirent name length. + */ +#define XFS_PARENT_DIRENT_NAME_MAX_SIZE (MAXNAMELEN - 1) + #endif /* __XFS_DA_FORMAT_H__ */ From patchwork Mon Mar 4 19:10:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13581037 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E1FB37AE56 for ; Mon, 4 Mar 2024 19:12:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579547; cv=none; b=tlXveYICXTwa9FKeT5sur6JuSPU8mdCDlZpY4EQTsKeP7wi/DetYi+eQtwBJc3wOkFE35//Z6JXKP+qnZVFszglAD5A9yEnjfWGfJk9B9l+mrG9PXyd6V3Huh6kDufCRAYMIfzWkmdaDw3Oxb04oDZq3+nfG59ADcV0LwmxUjZI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579547; c=relaxed/simple; bh=ci0FfeM96EeB9lWKNbTR9eYvaxL+beqdoyCcFvRWmhs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ukva+GsSXmjaU/4V1HKTthCHpAd4T1NHIc+YlqYTdHx4eOO8+BSBRqGhQihnD4UYRZNJBkKHKumUZ9ab25+lFDxLfHOZ37BOOEg7N6/OvNHAHPKJ/By0j/FgZRokYpOIIgLTlu8p+lGZLPQ7rhFDPmqLyl8+gOjIso97kYGIhqs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=YeT6gE6t; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="YeT6gE6t" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709579543; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0n+uFZr/Kow5GjcpVhCgELZq9b7RyWnDiaBhPHsxGIE=; b=YeT6gE6tyNeOjD2DXpx0zY5JZlKBmw5iIku1gHme5w7a+nSIv1rfeIeSy7EzbIE1dMT0pg Doqi8K5Rz4sn/c8Pn/INTRVii4ccsAd++NplEOF5Obt4msBwLRnxprZQCI4Ns+lf93suWD yrDCPIuxhOxYRqvhf/DSh0FzH3fA+10= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-375-kzjymHAhMM6Rlbpx8PvFbA-1; Mon, 04 Mar 2024 14:12:16 -0500 X-MC-Unique: kzjymHAhMM6Rlbpx8PvFbA-1 Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-a448b3a36eeso234130266b.3 for ; Mon, 04 Mar 2024 11:12:15 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709579535; x=1710184335; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0n+uFZr/Kow5GjcpVhCgELZq9b7RyWnDiaBhPHsxGIE=; b=lfoyG+lVuJZtSFNuCbrtFOCQFGWwgKb3/przgpCakVVyIL1XxfMzJY13EaOqJupP5e 1axDXU84ntio8z61OUwX1xFAeD69b+ENo6tx36/2pIAhngnG6dj8zBJ5DDmSi1HpLqij yL8CI6F8kMcQ5I1yhFqmXU+yMMGqdhBGDNxRDz+u0+N1e0jw8V2jwL8ycOWdEGobPCx5 RsmMFkVKYoQccLrBBrpugwM4RXtAEIHN5w8WW+IVUFKyA6JYB9UgCKHM1t0e2Lo+Tanw m/Tdhz2YylqolBExf0iYCRvE3a2z/4U0fDVEwMRqQ/BNx0axG83xYIbsyzUZa5bmqfQC 2dQw== X-Forwarded-Encrypted: i=1; AJvYcCW6yK0WQjtUi4P2u67+CCM6UEkzN6QelQH8WIi2fPuLiOzEwcz0MnWqU/bdvbuetlmUhXscMBaiOYNpiCHyQwdPF4XSpdjYWbOj9hYAcQ== X-Gm-Message-State: AOJu0YxAQJQFYlEPEndpkIrAUv8gkN0Q2t0WgSXGgpOc3riXw9vy0+az 9oQSFpADSwVTbfPbWB7eyhVMMu+ZpCqCCWQN1mgtPzgFEVesqmmcWpAOUH5wJ+ORWrTqcyAdTmr JCBEeWX4nnCWqTDSOR3Rjq1Wkb+u5+O942hGxdkdTQHS2C+Lh+SXe/B5fYA8RhQ== X-Received: by 2002:a17:906:d045:b0:a44:5589:c098 with SMTP id bo5-20020a170906d04500b00a445589c098mr7051648ejb.7.1709579534456; Mon, 04 Mar 2024 11:12:14 -0800 (PST) X-Google-Smtp-Source: AGHT+IF6jiT77x9PzfXqpjOQ0rV11OPNJD1P3FAvESiqLUsCV3IJKvBKhmkEB0j3Xp+Ywja8OJOpHw== X-Received: by 2002:a17:906:d045:b0:a44:5589:c098 with SMTP id bo5-20020a170906d04500b00a445589c098mr7051636ejb.7.1709579534138; Mon, 04 Mar 2024 11:12:14 -0800 (PST) Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id a11-20020a1709064a4b00b00a44a04aa3cfsm3783319ejv.225.2024.03.04.11.12.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 11:12:13 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Allison Henderson Subject: [PATCH v5 04/24] xfs: add parent pointer validator functions Date: Mon, 4 Mar 2024 20:10:27 +0100 Message-ID: <20240304191046.157464-6-aalbersh@redhat.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20240304191046.157464-2-aalbersh@redhat.com> References: <20240304191046.157464-2-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Allison Henderson Attribute names of parent pointers are not strings. So we need to modify attr_namecheck to verify parent pointer records when the XFS_ATTR_PARENT flag is set. At the same time, we need to validate attr values during log recovery if the xattr is really a parent pointer. Signed-off-by: Allison Henderson Reviewed-by: Darrick J. Wong [djwong: move functions to xfs_parent.c, adjust for new disk format] Signed-off-by: Darrick J. Wong --- fs/xfs/Makefile | 1 + fs/xfs/libxfs/xfs_attr.c | 10 ++- fs/xfs/libxfs/xfs_attr.h | 3 +- fs/xfs/libxfs/xfs_da_format.h | 8 +++ fs/xfs/libxfs/xfs_parent.c | 113 ++++++++++++++++++++++++++++++++++ fs/xfs/libxfs/xfs_parent.h | 19 ++++++ fs/xfs/scrub/attr.c | 2 +- fs/xfs/xfs_attr_item.c | 6 +- fs/xfs/xfs_attr_list.c | 14 +++-- 9 files changed, 165 insertions(+), 11 deletions(-) create mode 100644 fs/xfs/libxfs/xfs_parent.c create mode 100644 fs/xfs/libxfs/xfs_parent.h diff --git a/fs/xfs/Makefile b/fs/xfs/Makefile index 76674ad5833e..f8845e65cac7 100644 --- a/fs/xfs/Makefile +++ b/fs/xfs/Makefile @@ -41,6 +41,7 @@ xfs-y += $(addprefix libxfs/, \ xfs_inode_buf.o \ xfs_log_rlimit.o \ xfs_ag_resv.o \ + xfs_parent.o \ xfs_rmap.o \ xfs_rmap_btree.o \ xfs_refcount.o \ diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c index ff67a684a452..f0b625d45aa4 100644 --- a/fs/xfs/libxfs/xfs_attr.c +++ b/fs/xfs/libxfs/xfs_attr.c @@ -26,6 +26,7 @@ #include "xfs_trace.h" #include "xfs_attr_item.h" #include "xfs_xattr.h" +#include "xfs_parent.h" struct kmem_cache *xfs_attr_intent_cache; @@ -1515,9 +1516,14 @@ xfs_attr_node_get( /* Returns true if the attribute entry name is valid. */ bool xfs_attr_namecheck( - const void *name, - size_t length) + struct xfs_mount *mp, + const void *name, + size_t length, + unsigned int flags) { + if (flags & XFS_ATTR_PARENT) + return xfs_parent_namecheck(mp, name, length, flags); + /* * MAXNAMELEN includes the trailing null, but (name/length) leave it * out, so use >= for the length check. diff --git a/fs/xfs/libxfs/xfs_attr.h b/fs/xfs/libxfs/xfs_attr.h index 81be9b3e4004..92711c8d2a9f 100644 --- a/fs/xfs/libxfs/xfs_attr.h +++ b/fs/xfs/libxfs/xfs_attr.h @@ -547,7 +547,8 @@ int xfs_attr_get(struct xfs_da_args *args); int xfs_attr_set(struct xfs_da_args *args); int xfs_attr_set_iter(struct xfs_attr_intent *attr); int xfs_attr_remove_iter(struct xfs_attr_intent *attr); -bool xfs_attr_namecheck(const void *name, size_t length); +bool xfs_attr_namecheck(struct xfs_mount *mp, const void *name, size_t length, + unsigned int flags); int xfs_attr_calc_size(struct xfs_da_args *args, int *local); void xfs_init_attr_trans(struct xfs_da_args *args, struct xfs_trans_res *tres, unsigned int *total); diff --git a/fs/xfs/libxfs/xfs_da_format.h b/fs/xfs/libxfs/xfs_da_format.h index 67e8c33c4e82..839df0e5401b 100644 --- a/fs/xfs/libxfs/xfs_da_format.h +++ b/fs/xfs/libxfs/xfs_da_format.h @@ -757,6 +757,14 @@ xfs_attr3_leaf_name(xfs_attr_leafblock_t *leafp, int idx) return &((char *)leafp)[be16_to_cpu(entries[idx].nameidx)]; } +static inline int +xfs_attr3_leaf_flags(xfs_attr_leafblock_t *leafp, int idx) +{ + struct xfs_attr_leaf_entry *entries = xfs_attr3_leaf_entryp(leafp); + + return entries[idx].flags; +} + static inline xfs_attr_leaf_name_remote_t * xfs_attr3_leaf_name_remote(xfs_attr_leafblock_t *leafp, int idx) { diff --git a/fs/xfs/libxfs/xfs_parent.c b/fs/xfs/libxfs/xfs_parent.c new file mode 100644 index 000000000000..1d45f926c13a --- /dev/null +++ b/fs/xfs/libxfs/xfs_parent.c @@ -0,0 +1,113 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (c) 2022-2024 Oracle. + * All rights reserved. + */ +#include "xfs.h" +#include "xfs_fs.h" +#include "xfs_format.h" +#include "xfs_da_format.h" +#include "xfs_log_format.h" +#include "xfs_shared.h" +#include "xfs_trans_resv.h" +#include "xfs_mount.h" +#include "xfs_bmap_btree.h" +#include "xfs_inode.h" +#include "xfs_error.h" +#include "xfs_trace.h" +#include "xfs_trans.h" +#include "xfs_da_btree.h" +#include "xfs_attr.h" +#include "xfs_dir2.h" +#include "xfs_dir2_priv.h" +#include "xfs_attr_sf.h" +#include "xfs_bmap.h" +#include "xfs_defer.h" +#include "xfs_log.h" +#include "xfs_xattr.h" +#include "xfs_parent.h" +#include "xfs_trans_space.h" + +/* + * Parent pointer attribute handling. + * + * Because the attribute value is a filename component, it will never be longer + * than 255 bytes. This means the attribute will always be a local format + * attribute as it is xfs_attr_leaf_entsize_local_max() for v5 filesystems will + * always be larger than this (max is 75% of block size). + * + * Creating a new parent attribute will always create a new attribute - there + * should never, ever be an existing attribute in the tree for a new inode. + * ENOSPC behavior is problematic - creating the inode without the parent + * pointer is effectively a corruption, so we allow parent attribute creation + * to dip into the reserve block pool to avoid unexpected ENOSPC errors from + * occurring. + */ + +/* Return true if parent pointer EA name is valid. */ +bool +xfs_parent_namecheck( + struct xfs_mount *mp, + const struct xfs_parent_name_rec *rec, + size_t reclen, + unsigned int attr_flags) +{ + if (!(attr_flags & XFS_ATTR_PARENT)) + return false; + + /* pptr updates use logged xattrs, so we should never see this flag */ + if (attr_flags & XFS_ATTR_INCOMPLETE) + return false; + + if (reclen != sizeof(struct xfs_parent_name_rec)) + return false; + + /* Only one namespace bit allowed. */ + if (hweight32(attr_flags & XFS_ATTR_NSP_ONDISK_MASK) > 1) + return false; + + return true; +} + +/* Return true if parent pointer EA value is valid. */ +bool +xfs_parent_valuecheck( + struct xfs_mount *mp, + const void *value, + size_t valuelen) +{ + if (valuelen == 0 || valuelen > XFS_PARENT_DIRENT_NAME_MAX_SIZE) + return false; + + if (value == NULL) + return false; + + return true; +} + +/* Return true if the ondisk parent pointer is consistent. */ +bool +xfs_parent_hashcheck( + struct xfs_mount *mp, + const struct xfs_parent_name_rec *rec, + const void *value, + size_t valuelen) +{ + struct xfs_name dname = { + .name = value, + .len = valuelen, + }; + xfs_ino_t p_ino; + + /* Valid dirent name? */ + if (!xfs_dir2_namecheck(value, valuelen)) + return false; + + /* Valid inode number? */ + p_ino = be64_to_cpu(rec->p_ino); + if (!xfs_verify_dir_ino(mp, p_ino)) + return false; + + /* Namehash matches name? */ + return be32_to_cpu(rec->p_namehash) == xfs_dir2_hashname(mp, &dname); +} diff --git a/fs/xfs/libxfs/xfs_parent.h b/fs/xfs/libxfs/xfs_parent.h new file mode 100644 index 000000000000..fcfeddb645f6 --- /dev/null +++ b/fs/xfs/libxfs/xfs_parent.h @@ -0,0 +1,19 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (c) 2022-2024 Oracle. + * All Rights Reserved. + */ +#ifndef __XFS_PARENT_H__ +#define __XFS_PARENT_H__ + +/* Metadata validators */ +bool xfs_parent_namecheck(struct xfs_mount *mp, + const struct xfs_parent_name_rec *rec, size_t reclen, + unsigned int attr_flags); +bool xfs_parent_valuecheck(struct xfs_mount *mp, const void *value, + size_t valuelen); +bool xfs_parent_hashcheck(struct xfs_mount *mp, + const struct xfs_parent_name_rec *rec, const void *value, + size_t valuelen); + +#endif /* __XFS_PARENT_H__ */ diff --git a/fs/xfs/scrub/attr.c b/fs/xfs/scrub/attr.c index 49f91cc85a65..9a1f59f7b5a4 100644 --- a/fs/xfs/scrub/attr.c +++ b/fs/xfs/scrub/attr.c @@ -195,7 +195,7 @@ xchk_xattr_listent( } /* Does this name make sense? */ - if (!xfs_attr_namecheck(name, namelen)) { + if (!xfs_attr_namecheck(sx->sc->mp, name, namelen, flags)) { xchk_fblock_set_corrupt(sx->sc, XFS_ATTR_FORK, args.blkno); goto fail_xref; } diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index 9b4c61e1c22e..703770cf1482 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -591,7 +591,8 @@ xfs_attr_recover_work( */ attrp = &attrip->attri_format; if (!xfs_attri_validate(mp, attrp) || - !xfs_attr_namecheck(nv->name.i_addr, nv->name.i_len)) + !xfs_attr_namecheck(mp, nv->name.i_addr, nv->name.i_len, + attrp->alfi_attr_filter)) return -EFSCORRUPTED; attr = xfs_attri_recover_work(mp, dfp, attrp, &ip, nv); @@ -731,7 +732,8 @@ xlog_recover_attri_commit_pass2( return -EFSCORRUPTED; } - if (!xfs_attr_namecheck(attr_name, attri_formatp->alfi_name_len)) { + if (!xfs_attr_namecheck(mp, attr_name, attri_formatp->alfi_name_len, + attri_formatp->alfi_attr_filter)) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, item->ri_buf[1].i_addr, item->ri_buf[1].i_len); return -EFSCORRUPTED; diff --git a/fs/xfs/xfs_attr_list.c b/fs/xfs/xfs_attr_list.c index a6819a642cc0..fa74378577c5 100644 --- a/fs/xfs/xfs_attr_list.c +++ b/fs/xfs/xfs_attr_list.c @@ -59,6 +59,7 @@ xfs_attr_shortform_list( struct xfs_attr_sf_sort *sbuf, *sbp; struct xfs_attr_sf_hdr *sf = dp->i_af.if_data; struct xfs_attr_sf_entry *sfe; + struct xfs_mount *mp = dp->i_mount; int sbsize, nsbuf, count, i; int error = 0; @@ -82,8 +83,9 @@ xfs_attr_shortform_list( (dp->i_af.if_bytes + sf->count * 16) < context->bufsize)) { for (i = 0, sfe = xfs_attr_sf_firstentry(sf); i < sf->count; i++) { if (XFS_IS_CORRUPT(context->dp->i_mount, - !xfs_attr_namecheck(sfe->nameval, - sfe->namelen))) { + !xfs_attr_namecheck(mp, sfe->nameval, + sfe->namelen, + sfe->flags))) { xfs_dirattr_mark_sick(context->dp, XFS_ATTR_FORK); return -EFSCORRUPTED; } @@ -177,8 +179,9 @@ xfs_attr_shortform_list( cursor->offset = 0; } if (XFS_IS_CORRUPT(context->dp->i_mount, - !xfs_attr_namecheck(sbp->name, - sbp->namelen))) { + !xfs_attr_namecheck(mp, sbp->name, + sbp->namelen, + sbp->flags))) { xfs_dirattr_mark_sick(context->dp, XFS_ATTR_FORK); error = -EFSCORRUPTED; goto out; @@ -474,7 +477,8 @@ xfs_attr3_leaf_list_int( } if (XFS_IS_CORRUPT(context->dp->i_mount, - !xfs_attr_namecheck(name, namelen))) { + !xfs_attr_namecheck(mp, name, namelen, + entry->flags))) { xfs_dirattr_mark_sick(context->dp, XFS_ATTR_FORK); return -EFSCORRUPTED; } From patchwork Mon Mar 4 19:10:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13581030 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 35B9C78B7F for ; Mon, 4 Mar 2024 19:12:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579540; cv=none; b=pf0zHscEOUqh3pjnILAYcdObIJjYP6+ysncBZ1R24bJJvJCU+oshaI5cvmfVWkkA5mWvPNYEQOJj3Ycb5jPXmWth7evi240UQ85UEDteQBBkQvrI2xzJRa0OiYSoDVFjTXUlEwka+PrawTz6N4YasQqzJBWppbUTVdOr5X9/oCQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579540; c=relaxed/simple; bh=RsSA5HXP4XdTMyeDSklbX2t9chAOtXyvct70Wpdi/s8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=AXvlyn7VbfSfT8KxPSGtd3PUGosTvy30eyP+Ga7vPLpED0xQkxZkZUks7U7Brh+ztBA/Esc7eCtyHAKyg9CN9lEzkOZ6u25LrG8LWslLX6fe5q7Kl+KscDshM0J1MTSh0w64ABJ20ZdzDDTObCDzRdbAs5MqSeKQQ64RYAaDc74= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=PqyS2U1c; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="PqyS2U1c" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709579538; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=GLiAPlULZquK5Brfr95QLdeh/hZ5v9ntg4e4aq6YwHM=; b=PqyS2U1ctAcMNQQvTzjVq27gMkEyZ/XglVRuI+Sv8USYkpS3fWbrA5pt5EVsllfPahl1rd SV+iqqY8CzeAGl+w/DsJSoLcfYKM9PcepC1Q/x9oSxHR9VeboEYPj74eUMUxZfMj13gMmN XMKqVIyUMDZxb5p7mmrJke0UmGA0aaA= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-492-Aw2B886BM0-bXjFfUZBCgQ-1; Mon, 04 Mar 2024 14:12:16 -0500 X-MC-Unique: Aw2B886BM0-bXjFfUZBCgQ-1 Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-a440b057909so293873766b.3 for ; Mon, 04 Mar 2024 11:12:16 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709579535; x=1710184335; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GLiAPlULZquK5Brfr95QLdeh/hZ5v9ntg4e4aq6YwHM=; b=ERlK8HIlVXD0pQcdyLG556lydL0VWHhm7unHhzFL0xkfNrGnhgcPNWTFKk6RToebHd GGAhiKTl7WqjvnKgOVTXoEIgSNyginw1Nlci6xOAEpzus0nS5/xR2kEEjDBze3x3xKzc GC+/NC8qTp4Ugx0cUtIwak1BbsEv0WjI/zQjhYLzumvpbdsdi23aW3or7FFBeoal/Tw+ SX9wu77rfYdVVKVdoOkSoxR1HQYlkCV8H1ixjJMxlgy/r0iOSML/Xc6ZHv4iCuTdWeuC gXtMcA68IJHMCnP+xcLGyKxBLF1rQY0UbszwVq+0HfLAYGwPfCceHjP0RN3jtcWaznBE oRRg== X-Forwarded-Encrypted: i=1; AJvYcCX3T7kzJttqmXy4wFrtni/NGlA/GrGbQMrmlpLs0u+EK8TiyVlkVZ+whFEBq1MbY+uo8aCSlZY0GwpTU0IqB1t3l/CbAyB36fz0MM8C8w== X-Gm-Message-State: AOJu0YxKIo5lSXnyQ9Z5rF7sAI56VexxPwhGJr1Jzyy/neRWRSRORAL3 hJPy8lFrTYMt1IyKAxIz8EnepD9Sf07xzj63db6cSzu9IOJTemKHR8fh1r1Yi8DipJATSKJeu4a hNz6HfdH6ams31s9Tzw65RIsQuC8tDGvOgM/PixCZ0k7OhfSkHBupyA9pRs//tQ== X-Received: by 2002:a17:906:13d5:b0:a45:95f5:f314 with SMTP id g21-20020a17090613d500b00a4595f5f314mr344240ejc.42.1709579535550; Mon, 04 Mar 2024 11:12:15 -0800 (PST) X-Google-Smtp-Source: AGHT+IFx8vfrZMAjuMwszwGXOM9gKTiOkhdQUg8Hw3nl4YJ4PBoUGUn4W527I5Al2Nj2TIVW4ljXsA== X-Received: by 2002:a17:906:13d5:b0:a45:95f5:f314 with SMTP id g21-20020a17090613d500b00a4595f5f314mr344237ejc.42.1709579535279; Mon, 04 Mar 2024 11:12:15 -0800 (PST) Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id a11-20020a1709064a4b00b00a44a04aa3cfsm3783319ejv.225.2024.03.04.11.12.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 11:12:14 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v5 05/24] fs: add FS_XFLAG_VERITY for verity files Date: Mon, 4 Mar 2024 20:10:28 +0100 Message-ID: <20240304191046.157464-7-aalbersh@redhat.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20240304191046.157464-2-aalbersh@redhat.com> References: <20240304191046.157464-2-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Add extended attribute FS_XFLAG_VERITY for inodes with fs-verity enabled. Signed-off-by: Andrey Albershteyn --- Documentation/filesystems/fsverity.rst | 8 ++++++++ fs/ioctl.c | 11 +++++++++++ include/uapi/linux/fs.h | 1 + 3 files changed, 20 insertions(+) diff --git a/Documentation/filesystems/fsverity.rst b/Documentation/filesystems/fsverity.rst index 13e4b18e5dbb..887cdaf162a9 100644 --- a/Documentation/filesystems/fsverity.rst +++ b/Documentation/filesystems/fsverity.rst @@ -326,6 +326,14 @@ the file has fs-verity enabled. This can perform better than FS_IOC_GETFLAGS and FS_IOC_MEASURE_VERITY because it doesn't require opening the file, and opening verity files can be expensive. +FS_IOC_FSGETXATTR +----------------- + +Since Linux v6.9, the FS_IOC_FSGETXATTR ioctl sets FS_XFLAG_VERITY (0x00020000) +in the returned flags when the file has verity enabled. Note that this attribute +cannot be set with FS_IOC_FSSETXATTR as enabling verity requires input +parameters. See FS_IOC_ENABLE_VERITY. + .. _accessing_verity_files: Accessing verity files diff --git a/fs/ioctl.c b/fs/ioctl.c index 76cf22ac97d7..38c00e47c069 100644 --- a/fs/ioctl.c +++ b/fs/ioctl.c @@ -481,6 +481,8 @@ void fileattr_fill_xflags(struct fileattr *fa, u32 xflags) fa->flags |= FS_DAX_FL; if (fa->fsx_xflags & FS_XFLAG_PROJINHERIT) fa->flags |= FS_PROJINHERIT_FL; + if (fa->fsx_xflags & FS_XFLAG_VERITY) + fa->flags |= FS_VERITY_FL; } EXPORT_SYMBOL(fileattr_fill_xflags); @@ -511,6 +513,8 @@ void fileattr_fill_flags(struct fileattr *fa, u32 flags) fa->fsx_xflags |= FS_XFLAG_DAX; if (fa->flags & FS_PROJINHERIT_FL) fa->fsx_xflags |= FS_XFLAG_PROJINHERIT; + if (fa->flags & FS_VERITY_FL) + fa->fsx_xflags |= FS_XFLAG_VERITY; } EXPORT_SYMBOL(fileattr_fill_flags); @@ -641,6 +645,13 @@ static int fileattr_set_prepare(struct inode *inode, !(S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode))) return -EINVAL; + /* + * Verity cannot be set through FS_IOC_FSSETXATTR/FS_IOC_SETFLAGS. + * See FS_IOC_ENABLE_VERITY + */ + if (fa->fsx_xflags & FS_XFLAG_VERITY) + return -EINVAL; + /* Extent size hints of zero turn off the flags. */ if (fa->fsx_extsize == 0) fa->fsx_xflags &= ~(FS_XFLAG_EXTSIZE | FS_XFLAG_EXTSZINHERIT); diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h index 48ad69f7722e..b1d0e1169bc3 100644 --- a/include/uapi/linux/fs.h +++ b/include/uapi/linux/fs.h @@ -140,6 +140,7 @@ struct fsxattr { #define FS_XFLAG_FILESTREAM 0x00004000 /* use filestream allocator */ #define FS_XFLAG_DAX 0x00008000 /* use DAX for IO */ #define FS_XFLAG_COWEXTSIZE 0x00010000 /* CoW extent size allocator hint */ +#define FS_XFLAG_VERITY 0x00020000 /* fs-verity enabled */ #define FS_XFLAG_HASATTR 0x80000000 /* no DIFLAG for this */ /* the read-only stuff doesn't really belong here, but any other place is From patchwork Mon Mar 4 19:10:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13581031 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6F2D779B7C for ; Mon, 4 Mar 2024 19:12:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579542; cv=none; b=ecrhfgVpnPwOZqxHbeNPh+Y9B+iDtsKChqGQoCPd+cciqdmcHHNhTknwobFnsPYH7kI5FgDg6dyvrNGIhjVqrmAtJpaRZfnIwyxJV8OFcPTnftuJIH16JnEDrwiICRjsxmSDksujuBuYuPAjVafa9FCVeHcE1T6DqAOUKQ4EPBo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579542; c=relaxed/simple; bh=SStO3MOW2u5KsO8/UusGE2i9sPUyuTxbXlOJN7+jtOE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=rPAsyt4tZax98jKL2TzoZMa1PrHzG3Uuv8hN9NsNN4BRXDJEbq7eicAsviuyGVhh77SqiMEYoTdCTet2IHBHJINTzKgvPXjP1kPg7JONBdniXfZoMPsa3ClIbZYov10nDisEakSlez6lldAfQzq0Qj9mz9kplXIZ37A0de14i54= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=FSSonr+M; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="FSSonr+M" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709579539; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vw7Hqds3kjPV691CMfHa/B2Ot566kYEuH+bc7CPQnG4=; b=FSSonr+MRaqYae8CrihHUtnzvOOa96Gf3otxzdLqLAKfQN+n2ZYPbp3JAn5dqaGlmsvidF RiKx7Ei19YnT0s+NP0BKGihI4bp/+Qr2uyhe+cqA2kzPGA0LNHCbWVs6N3jMJJiwXRBWSc pUvQRex86jDCMb7DKjKTFBaANav5mqc= Received: from mail-lf1-f70.google.com (mail-lf1-f70.google.com [209.85.167.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-48-IyXV5eeeNIiXiRLRZscxTQ-1; Mon, 04 Mar 2024 14:12:18 -0500 X-MC-Unique: IyXV5eeeNIiXiRLRZscxTQ-1 Received: by mail-lf1-f70.google.com with SMTP id 2adb3069b0e04-5133f0f1b9bso1694161e87.2 for ; Mon, 04 Mar 2024 11:12:18 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709579536; x=1710184336; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vw7Hqds3kjPV691CMfHa/B2Ot566kYEuH+bc7CPQnG4=; b=c2qCVzDhkEDMJjh32SaotwwWf0FaTZm+1/+DGniHL92Q2KXC4+Le7kZ+UWbxsyPfj4 SAgf/WFptnX2+LuyOAhPBxUNThWRRJqFtDdvTVLGEJFGN26M7M1ng/0hWZd7bgIXPxAl qaLijJMnjG1b8mjgHXkj7zd3s3/ZFG1Q5MgilkziLLyEm5YJ1A6AhTxlwCC0STpD6kZ9 Y9tXFgaylDwdT+YbFtMk/cYRctFiBJodNVMW8zo6rGTuQ5NnQ2YOiuKzFB0EfcHs4cIw wdmBsjG9g7Bbxdev3YaShkle+FQ2ofd6XPCCeWa+rBAKR4tK873iwqxO6AoQhes0gxev Xt9A== X-Forwarded-Encrypted: i=1; AJvYcCWLHd+pHzPvssQclJnpcPENdsh877oHu9uOzU590UmtJBiGc3OM4GB0T6w4g+zbiCuBsz0g+LRfV2wQ+QuSgMuvDkBfNAAqGWf2O6LeQw== X-Gm-Message-State: AOJu0Yw+OzkJIG8smvARFlaUlE3XfG3DKREf4VawmzwZVpDcilueQK78 8ooxlfrVe5CArJRiXFtXbJpA71gs7nDSV4ZSNuKFoqF3T4xBjDZOSruRnemuQwH8WYIBQmfuXq5 uOVY9T6BJkgR3FobMWo96uiOcLw9MllGrOpy/2G8awCwYcE0Sw0FzGSc1/iZR4Cp8zdRwww== X-Received: by 2002:ac2:42c3:0:b0:513:3f16:25d6 with SMTP id n3-20020ac242c3000000b005133f1625d6mr3805653lfl.34.1709579536594; Mon, 04 Mar 2024 11:12:16 -0800 (PST) X-Google-Smtp-Source: AGHT+IGfDSbClFcafmZzQTfNNN+PHTRYEIEdcmRoCaXYEzSwLMrvqR4HZHhRmpoF1p1meXKQT+foAQ== X-Received: by 2002:ac2:42c3:0:b0:513:3f16:25d6 with SMTP id n3-20020ac242c3000000b005133f1625d6mr3805635lfl.34.1709579536148; Mon, 04 Mar 2024 11:12:16 -0800 (PST) Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id a11-20020a1709064a4b00b00a44a04aa3cfsm3783319ejv.225.2024.03.04.11.12.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 11:12:15 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v5 06/24] fsverity: pass tree_blocksize to end_enable_verity() Date: Mon, 4 Mar 2024 20:10:29 +0100 Message-ID: <20240304191046.157464-8-aalbersh@redhat.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20240304191046.157464-2-aalbersh@redhat.com> References: <20240304191046.157464-2-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 XFS will need to know tree_blocksize to remove the tree in case of an error. The size is needed to calculate offsets of particular Merkle tree blocks. Signed-off-by: Andrey Albershteyn --- fs/btrfs/verity.c | 4 +++- fs/ext4/verity.c | 3 ++- fs/f2fs/verity.c | 3 ++- fs/verity/enable.c | 6 ++++-- include/linux/fsverity.h | 4 +++- 5 files changed, 14 insertions(+), 6 deletions(-) diff --git a/fs/btrfs/verity.c b/fs/btrfs/verity.c index 66e2270b0dae..966630523502 100644 --- a/fs/btrfs/verity.c +++ b/fs/btrfs/verity.c @@ -621,6 +621,7 @@ static int btrfs_begin_enable_verity(struct file *filp) * @desc: verity descriptor to write out (NULL in error conditions) * @desc_size: size of the verity descriptor (variable with signatures) * @merkle_tree_size: size of the merkle tree in bytes + * @tree_blocksize: the Merkle tree block size * * If desc is null, then VFS is signaling an error occurred during verity * enable, and we should try to rollback. Otherwise, attempt to finish verity. @@ -628,7 +629,8 @@ static int btrfs_begin_enable_verity(struct file *filp) * Returns 0 on success, negative error code on error. */ static int btrfs_end_enable_verity(struct file *filp, const void *desc, - size_t desc_size, u64 merkle_tree_size) + size_t desc_size, u64 merkle_tree_size, + unsigned int tree_blocksize) { struct btrfs_inode *inode = BTRFS_I(file_inode(filp)); int ret = 0; diff --git a/fs/ext4/verity.c b/fs/ext4/verity.c index 2f37e1ea3955..da2095a81349 100644 --- a/fs/ext4/verity.c +++ b/fs/ext4/verity.c @@ -189,7 +189,8 @@ static int ext4_write_verity_descriptor(struct inode *inode, const void *desc, } static int ext4_end_enable_verity(struct file *filp, const void *desc, - size_t desc_size, u64 merkle_tree_size) + size_t desc_size, u64 merkle_tree_size, + unsigned int tree_blocksize) { struct inode *inode = file_inode(filp); const int credits = 2; /* superblock and inode for ext4_orphan_del() */ diff --git a/fs/f2fs/verity.c b/fs/f2fs/verity.c index 4fc95f353a7a..b4461b9f47a3 100644 --- a/fs/f2fs/verity.c +++ b/fs/f2fs/verity.c @@ -144,7 +144,8 @@ static int f2fs_begin_enable_verity(struct file *filp) } static int f2fs_end_enable_verity(struct file *filp, const void *desc, - size_t desc_size, u64 merkle_tree_size) + size_t desc_size, u64 merkle_tree_size, + unsigned int tree_blocksize) { struct inode *inode = file_inode(filp); struct f2fs_sb_info *sbi = F2FS_I_SB(inode); diff --git a/fs/verity/enable.c b/fs/verity/enable.c index c284f46d1b53..04e060880b79 100644 --- a/fs/verity/enable.c +++ b/fs/verity/enable.c @@ -274,7 +274,8 @@ static int enable_verity(struct file *filp, * Serialized with ->begin_enable_verity() by the inode lock. */ inode_lock(inode); - err = vops->end_enable_verity(filp, desc, desc_size, params.tree_size); + err = vops->end_enable_verity(filp, desc, desc_size, params.tree_size, + params.block_size); inode_unlock(inode); if (err) { fsverity_err(inode, "%ps() failed with err %d", @@ -300,7 +301,8 @@ static int enable_verity(struct file *filp, rollback: inode_lock(inode); - (void)vops->end_enable_verity(filp, NULL, 0, params.tree_size); + (void)vops->end_enable_verity(filp, NULL, 0, params.tree_size, + params.block_size); inode_unlock(inode); goto out; } diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h index 1eb7eae580be..ac58b19f23d3 100644 --- a/include/linux/fsverity.h +++ b/include/linux/fsverity.h @@ -51,6 +51,7 @@ struct fsverity_operations { * @desc: the verity descriptor to write, or NULL on failure * @desc_size: size of verity descriptor, or 0 on failure * @merkle_tree_size: total bytes the Merkle tree took up + * @tree_blocksize: the Merkle tree block size * * If desc == NULL, then enabling verity failed and the filesystem only * must do any necessary cleanups. Else, it must also store the given @@ -65,7 +66,8 @@ struct fsverity_operations { * Return: 0 on success, -errno on failure */ int (*end_enable_verity)(struct file *filp, const void *desc, - size_t desc_size, u64 merkle_tree_size); + size_t desc_size, u64 merkle_tree_size, + unsigned int tree_blocksize); /** * Get the verity descriptor of the given inode. From patchwork Mon Mar 4 19:10:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13581033 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0356278B7F for ; Mon, 4 Mar 2024 19:12:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579544; cv=none; b=hQqlBsr+pcD8ctu0+BBrJzcbNdmhtr/Z0hXAoP7p6EgTyQEdUaozCKcJ65b/a74g/pNGREu4zH0kXW857N3QPShAd7ZwOztBfO2TCb4oAZfPLuvjVeV54mJjP9eZsg4etuPT9lxCY0Lws/WdKCr7uDDDid5Rw0AxH38EVXT+vUE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579544; c=relaxed/simple; bh=o7uJ1D+AEiS9SD66mTegf6KN6epDMi54+pW9bq/3KVk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=S74NIj9dUBKJHOwmKwmp0Z7bhldiE9oe7VY4od+0y640menQWTMENVBx/lVnQXXkeb4XDyGUnUMF35YO5P0ZkVDMhZJObCXh/4+xKnBSumDAWakp9ftyLEXoog0FbCWwViyEGtC+Zo3XLpG74FqOb2Nz0RnvmiMvnXo0XbyOxHM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=EBSbc20m; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="EBSbc20m" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709579540; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RWpQCn1MqyoizoX+vDeh9HZxEtqyPzNYVKfjAJQ9aww=; b=EBSbc20mxDh+xB5JNdPEgNg4af/ws5EFIfCZJ9Pg1Td0FRkYoYJSc3N3UDpfOPxp7nOJnU xLavQm6qhUWibAfXDGaX7NHpmUYUCIkKxZYRV9PXWVuSRCGOeqU2SSeb+iIYWXL2pMah06 WcHabzbiVL0ZA5Apx3pLee9jU7LaK5I= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-444-w4TkIGVMM3a9FCTFbzqC1w-1; Mon, 04 Mar 2024 14:12:19 -0500 X-MC-Unique: w4TkIGVMM3a9FCTFbzqC1w-1 Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-a4488afb812so203658566b.3 for ; Mon, 04 Mar 2024 11:12:19 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709579538; x=1710184338; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RWpQCn1MqyoizoX+vDeh9HZxEtqyPzNYVKfjAJQ9aww=; b=GTqnXp3Ka48MJU0gllWWX9rB/UD5FtThHdlYbPf2TG7qG3VHwiXehixDrHqBw7lMTX 1ymB3xSlcqJOwZd7K8O2hHOdMYnugq2e3qkNjWwbpEiibtZsPcP2yp5yu1sCoEGxmlZk 6z+lrkpCxZ/UDWh0wws08OynKYk1muD7HLHuXD3PXrKFuL8r4XicZWAHBoGidqfIR9U0 R2fo8NBae95N6PXWYOhzuDiYWFN+kJUjdlc2ZR/hxZfU9KP2sN61XS/8Nx1WlYjPvDXV flvp6lN3HpsMJovK9q3ulD97cYz8UK1eZyt3bG6I3BCHs2vQmv71ldTAqgBfKeTLRNmv 8lpQ== X-Forwarded-Encrypted: i=1; AJvYcCXUOZUlTlThFeFYAsghnb1QsscOugXz+heKbq/0/Nhu+HmP1QQ29zpfaoMwrqdzBFdrj9iIkBlUa2bBzxPl9uU3RFnQOAkIkRV9YPLBOA== X-Gm-Message-State: AOJu0YyaWcnOCHuKrd7fx0sOC2bZqdqOmJGMfS3KqRKd0B4rdeUL9ARe fp0/wvZ1JS699LDbTH68jX4LW9ogNz/Zg+VOEFjfGKLY6gZ+iZdivfuIJlrwqw7asi2uQx5PYH3 EmCkDi9lKSIEZRdf5PhyxJ+5YgGofXXY7qSQS42yy1Fci7KX+OpOJwmIIKtbmLg== X-Received: by 2002:a17:906:34c6:b0:a45:7d2d:e30d with SMTP id h6-20020a17090634c600b00a457d2de30dmr1478216ejb.59.1709579538042; Mon, 04 Mar 2024 11:12:18 -0800 (PST) X-Google-Smtp-Source: AGHT+IF+LKhizsky/7SBgic7k1nlQC+irhLE9MRjvAA/rgDkvG8WAek47SPe1EqbZrQt+AtMULBp8A== X-Received: by 2002:a17:906:34c6:b0:a45:7d2d:e30d with SMTP id h6-20020a17090634c600b00a457d2de30dmr1478193ejb.59.1709579537332; Mon, 04 Mar 2024 11:12:17 -0800 (PST) Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id a11-20020a1709064a4b00b00a44a04aa3cfsm3783319ejv.225.2024.03.04.11.12.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 11:12:16 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v5 07/24] fsverity: support block-based Merkle tree caching Date: Mon, 4 Mar 2024 20:10:30 +0100 Message-ID: <20240304191046.157464-9-aalbersh@redhat.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20240304191046.157464-2-aalbersh@redhat.com> References: <20240304191046.157464-2-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In the current implementation fs-verity expects filesystem to provide PAGEs filled with Merkle tree blocks. Then, when fs-verity is done with processing the blocks, reference to PAGE is freed. This doesn't fit well with the way XFS manages its memory. To allow XFS integrate fs-verity this patch adds ability to fs-verity verification code to take Merkle tree blocks instead of PAGE reference. This way ext4, f2fs, and btrfs are still able to pass PAGE references and XFS can pass reference to Merkle tree blocks stored in XFS's buffer infrastructure. Another addition is invalidation function which tells fs-verity to mark part of Merkle tree as not verified. This function is used by filesystem to tell fs-verity to invalidate block which was evicted from memory. Depending on Merkle tree block size fs-verity is using either bitmap or PG_checked flag to track "verified" status of the blocks. With a Merkle tree block caching (XFS) there is no PAGE to flag it as verified. fs-verity always uses bitmap to track verified blocks for filesystems which use block caching. Further this patch allows filesystem to make additional processing on verified pages via fsverity_drop_block() instead of just dropping a reference. This will be used by XFS for internal buffer cache manipulation in further patches. The btrfs, ext4, and f2fs just drop the reference. Signed-off-by: Andrey Albershteyn --- fs/verity/fsverity_private.h | 8 +++ fs/verity/open.c | 8 ++- fs/verity/read_metadata.c | 64 +++++++++++------- fs/verity/verify.c | 125 +++++++++++++++++++++++++++-------- include/linux/fsverity.h | 65 ++++++++++++++++++ 5 files changed, 217 insertions(+), 53 deletions(-) diff --git a/fs/verity/fsverity_private.h b/fs/verity/fsverity_private.h index b3506f56e180..dad33e6ff0d6 100644 --- a/fs/verity/fsverity_private.h +++ b/fs/verity/fsverity_private.h @@ -154,4 +154,12 @@ static inline void fsverity_init_signature(void) void __init fsverity_init_workqueue(void); +/* + * Drop 'block' obtained with ->read_merkle_tree_block(). Calls out back to + * filesystem if ->drop_block() is set, otherwise, drop the reference in the + * block->context. + */ +void fsverity_drop_block(struct inode *inode, + struct fsverity_blockbuf *block); + #endif /* _FSVERITY_PRIVATE_H */ diff --git a/fs/verity/open.c b/fs/verity/open.c index fdeb95eca3af..6e6922b4b014 100644 --- a/fs/verity/open.c +++ b/fs/verity/open.c @@ -213,7 +213,13 @@ struct fsverity_info *fsverity_create_info(const struct inode *inode, if (err) goto fail; - if (vi->tree_params.block_size != PAGE_SIZE) { + /* + * If fs passes Merkle tree blocks to fs-verity (e.g. XFS), then + * fs-verity should use hash_block_verified bitmap as there's no page + * to mark it with PG_checked. + */ + if (vi->tree_params.block_size != PAGE_SIZE || + inode->i_sb->s_vop->read_merkle_tree_block) { /* * When the Merkle tree block size and page size differ, we use * a bitmap to keep track of which hash blocks have been diff --git a/fs/verity/read_metadata.c b/fs/verity/read_metadata.c index f58432772d9e..5da40b5a81af 100644 --- a/fs/verity/read_metadata.c +++ b/fs/verity/read_metadata.c @@ -18,50 +18,68 @@ static int fsverity_read_merkle_tree(struct inode *inode, { const struct fsverity_operations *vops = inode->i_sb->s_vop; u64 end_offset; - unsigned int offs_in_page; + unsigned int offs_in_block; pgoff_t index, last_index; int retval = 0; int err = 0; + const unsigned int block_size = vi->tree_params.block_size; + const u8 log_blocksize = vi->tree_params.log_blocksize; end_offset = min(offset + length, vi->tree_params.tree_size); if (offset >= end_offset) return 0; - offs_in_page = offset_in_page(offset); - last_index = (end_offset - 1) >> PAGE_SHIFT; + offs_in_block = offset & (block_size - 1); + last_index = (end_offset - 1) >> log_blocksize; /* - * Iterate through each Merkle tree page in the requested range and copy - * the requested portion to userspace. Note that the Merkle tree block - * size isn't important here, as we are returning a byte stream; i.e., - * we can just work with pages even if the tree block size != PAGE_SIZE. + * Iterate through each Merkle tree block in the requested range and + * copy the requested portion to userspace. Note that we are returning + * a byte stream. */ - for (index = offset >> PAGE_SHIFT; index <= last_index; index++) { + for (index = offset >> log_blocksize; index <= last_index; index++) { unsigned long num_ra_pages = min_t(unsigned long, last_index - index + 1, inode->i_sb->s_bdi->io_pages); unsigned int bytes_to_copy = min_t(u64, end_offset - offset, - PAGE_SIZE - offs_in_page); - struct page *page; - const void *virt; + block_size - offs_in_block); + struct fsverity_blockbuf block = { + .size = block_size, + }; - page = vops->read_merkle_tree_page(inode, index, num_ra_pages); - if (IS_ERR(page)) { - err = PTR_ERR(page); + if (!vops->read_merkle_tree_block) { + unsigned int blocks_per_page = + vi->tree_params.blocks_per_page; + unsigned long page_idx = + round_down(index, blocks_per_page); + struct page *page = vops->read_merkle_tree_page(inode, + page_idx, num_ra_pages); + + if (IS_ERR(page)) { + err = PTR_ERR(page); + } else { + block.kaddr = kmap_local_page(page) + + ((index - page_idx) << log_blocksize); + block.context = page; + } + } else { + err = vops->read_merkle_tree_block(inode, + index << log_blocksize, + &block, log_blocksize, num_ra_pages); + } + + if (err) { fsverity_err(inode, - "Error %d reading Merkle tree page %lu", - err, index); + "Error %d reading Merkle tree block %lu", + err, index << log_blocksize); break; } - virt = kmap_local_page(page); - if (copy_to_user(buf, virt + offs_in_page, bytes_to_copy)) { - kunmap_local(virt); - put_page(page); + if (copy_to_user(buf, block.kaddr + offs_in_block, bytes_to_copy)) { + fsverity_drop_block(inode, &block); err = -EFAULT; break; } - kunmap_local(virt); - put_page(page); + fsverity_drop_block(inode, &block); retval += bytes_to_copy; buf += bytes_to_copy; @@ -72,7 +90,7 @@ static int fsverity_read_merkle_tree(struct inode *inode, break; } cond_resched(); - offs_in_page = 0; + offs_in_block = 0; } return retval ? retval : err; } diff --git a/fs/verity/verify.c b/fs/verity/verify.c index 4fcad0825a12..de71911d400c 100644 --- a/fs/verity/verify.c +++ b/fs/verity/verify.c @@ -13,14 +13,17 @@ static struct workqueue_struct *fsverity_read_workqueue; /* - * Returns true if the hash block with index @hblock_idx in the tree, located in - * @hpage, has already been verified. + * Returns true if the hash block with index @hblock_idx in the tree has + * already been verified. */ -static bool is_hash_block_verified(struct fsverity_info *vi, struct page *hpage, +static bool is_hash_block_verified(struct inode *inode, + struct fsverity_blockbuf *block, unsigned long hblock_idx) { unsigned int blocks_per_page; unsigned int i; + struct fsverity_info *vi = inode->i_verity_info; + struct page *hpage = (struct page *)block->context; /* * When the Merkle tree block size and page size are the same, then the @@ -34,6 +37,12 @@ static bool is_hash_block_verified(struct fsverity_info *vi, struct page *hpage, if (!vi->hash_block_verified) return PageChecked(hpage); + /* + * Filesystems which use block based caching (e.g. XFS) always use + * bitmap. + */ + if (inode->i_sb->s_vop->read_merkle_tree_block) + return test_bit(hblock_idx, vi->hash_block_verified); /* * When the Merkle tree block size and page size differ, we use a bitmap * to indicate whether each hash block has been verified. @@ -95,15 +104,15 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, const struct merkle_tree_params *params = &vi->tree_params; const unsigned int hsize = params->digest_size; int level; + int err; + int num_ra_pages; u8 _want_hash[FS_VERITY_MAX_DIGEST_SIZE]; const u8 *want_hash; u8 real_hash[FS_VERITY_MAX_DIGEST_SIZE]; /* The hash blocks that are traversed, indexed by level */ struct { - /* Page containing the hash block */ - struct page *page; - /* Mapped address of the hash block (will be within @page) */ - const void *addr; + /* Buffer containing the hash block */ + struct fsverity_blockbuf block; /* Index of the hash block in the tree overall */ unsigned long index; /* Byte offset of the wanted hash relative to @addr */ @@ -144,10 +153,11 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, unsigned long next_hidx; unsigned long hblock_idx; pgoff_t hpage_idx; + u64 hblock_pos; unsigned int hblock_offset_in_page; unsigned int hoffset; struct page *hpage; - const void *haddr; + struct fsverity_blockbuf *block = &hblocks[level].block; /* * The index of the block in the current level; also the index @@ -165,29 +175,49 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, hblock_offset_in_page = (hblock_idx << params->log_blocksize) & ~PAGE_MASK; + /* Offset of the Merkle tree block into the tree */ + hblock_pos = hblock_idx << params->log_blocksize; + /* Byte offset of the hash within the block */ hoffset = (hidx << params->log_digestsize) & (params->block_size - 1); - hpage = inode->i_sb->s_vop->read_merkle_tree_page(inode, - hpage_idx, level == 0 ? min(max_ra_pages, - params->tree_pages - hpage_idx) : 0); - if (IS_ERR(hpage)) { + num_ra_pages = level == 0 ? + min(max_ra_pages, params->tree_pages - hpage_idx) : 0; + + if (inode->i_sb->s_vop->read_merkle_tree_block) { + err = inode->i_sb->s_vop->read_merkle_tree_block( + inode, hblock_pos, block, params->log_blocksize, + num_ra_pages); + } else { + unsigned int blocks_per_page = + vi->tree_params.blocks_per_page; + hblock_idx = round_down(hblock_idx, blocks_per_page); + hpage = inode->i_sb->s_vop->read_merkle_tree_page( + inode, hpage_idx, (num_ra_pages << PAGE_SHIFT)); + + if (IS_ERR(hpage)) { + err = PTR_ERR(hpage); + } else { + block->kaddr = kmap_local_page(hpage) + + hblock_offset_in_page; + block->context = hpage; + } + } + + if (err) { fsverity_err(inode, - "Error %ld reading Merkle tree page %lu", - PTR_ERR(hpage), hpage_idx); + "Error %d reading Merkle tree block %lu", + err, hblock_idx); goto error; } - haddr = kmap_local_page(hpage) + hblock_offset_in_page; - if (is_hash_block_verified(vi, hpage, hblock_idx)) { - memcpy(_want_hash, haddr + hoffset, hsize); + + if (is_hash_block_verified(inode, block, hblock_idx)) { + memcpy(_want_hash, block->kaddr + hoffset, hsize); want_hash = _want_hash; - kunmap_local(haddr); - put_page(hpage); + fsverity_drop_block(inode, block); goto descend; } - hblocks[level].page = hpage; - hblocks[level].addr = haddr; hblocks[level].index = hblock_idx; hblocks[level].hoffset = hoffset; hidx = next_hidx; @@ -197,10 +227,11 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, descend: /* Descend the tree verifying hash blocks. */ for (; level > 0; level--) { - struct page *hpage = hblocks[level - 1].page; - const void *haddr = hblocks[level - 1].addr; + struct fsverity_blockbuf *block = &hblocks[level - 1].block; + const void *haddr = block->kaddr; unsigned long hblock_idx = hblocks[level - 1].index; unsigned int hoffset = hblocks[level - 1].hoffset; + struct page *hpage = (struct page *)block->context; if (fsverity_hash_block(params, inode, haddr, real_hash) != 0) goto error; @@ -217,8 +248,7 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, SetPageChecked(hpage); memcpy(_want_hash, haddr + hoffset, hsize); want_hash = _want_hash; - kunmap_local(haddr); - put_page(hpage); + fsverity_drop_block(inode, block); } /* Finally, verify the data block. */ @@ -235,10 +265,8 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, params->hash_alg->name, hsize, want_hash, params->hash_alg->name, hsize, real_hash); error: - for (; level > 0; level--) { - kunmap_local(hblocks[level - 1].addr); - put_page(hblocks[level - 1].page); - } + for (; level > 0; level--) + fsverity_drop_block(inode, &hblocks[level - 1].block); return false; } @@ -362,3 +390,42 @@ void __init fsverity_init_workqueue(void) if (!fsverity_read_workqueue) panic("failed to allocate fsverity_read_queue"); } + +/** + * fsverity_invalidate_block() - invalidate Merkle tree block + * @inode: inode to which this Merkle tree blocks belong + * @block: block to be invalidated + * + * This function invalidates/clears "verified" state of Merkle tree block + * in the fs-verity bitmap. The block needs to have ->offset set. + */ +void fsverity_invalidate_block(struct inode *inode, + struct fsverity_blockbuf *block) +{ + struct fsverity_info *vi = inode->i_verity_info; + const unsigned int log_blocksize = vi->tree_params.log_blocksize; + + if (block->offset > vi->tree_params.tree_size) { + fsverity_err(inode, +"Trying to invalidate beyond Merkle tree (tree %lld, offset %lld)", + vi->tree_params.tree_size, block->offset); + return; + } + + clear_bit(block->offset >> log_blocksize, vi->hash_block_verified); +} +EXPORT_SYMBOL_GPL(fsverity_invalidate_block); + +void fsverity_drop_block(struct inode *inode, + struct fsverity_blockbuf *block) +{ + if (inode->i_sb->s_vop->drop_block) + inode->i_sb->s_vop->drop_block(block); + else { + struct page *page = (struct page *)block->context; + + kunmap_local(block->kaddr); + put_page(page); + } + block->kaddr = NULL; +} diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h index ac58b19f23d3..0973b521ac5a 100644 --- a/include/linux/fsverity.h +++ b/include/linux/fsverity.h @@ -26,6 +26,33 @@ /* Arbitrary limit to bound the kmalloc() size. Can be changed. */ #define FS_VERITY_MAX_DESCRIPTOR_SIZE 16384 +/** + * struct fsverity_blockbuf - Merkle Tree block buffer + * @kaddr: virtual address of the block's data + * @offset: block's offset into Merkle tree + * @size: the Merkle tree block size + * @context: filesystem private context + * + * Buffer containing single Merkle Tree block. These buffers are passed + * - to filesystem, when fs-verity is building merkel tree, + * - from filesystem, when fs-verity is reading merkle tree from a disk. + * Filesystems sets kaddr together with size to point to a memory which contains + * Merkle tree block. Same is done by fs-verity when Merkle tree is need to be + * written down to disk. + * + * While reading the tree, fs-verity calls ->read_merkle_tree_block followed by + * ->drop_block to let filesystem know that memory can be freed. + * + * The context is optional. This field can be used by filesystem to passthrough + * state from ->read_merkle_tree_block to ->drop_block. + */ +struct fsverity_blockbuf { + void *kaddr; + u64 offset; + unsigned int size; + void *context; +}; + /* Verity operations for filesystems */ struct fsverity_operations { @@ -107,6 +134,32 @@ struct fsverity_operations { pgoff_t index, unsigned long num_ra_pages); + /** + * Read a Merkle tree block of the given inode. + * @inode: the inode + * @pos: byte offset of the block within the Merkle tree + * @block: block buffer for filesystem to point it to the block + * @log_blocksize: log2 of the size of the expected block + * @ra_bytes: The number of bytes that should be + * prefetched starting at @pos if the page at @pos + * isn't already cached. Implementations may ignore this + * argument; it's only a performance optimization. + * + * This can be called at any time on an open verity file. It may be + * called by multiple processes concurrently. + * + * In case that block was evicted from the memory filesystem has to use + * fsverity_invalidate_block() to let fsverity know that block's + * verification state is not valid anymore. + * + * Return: 0 on success, -errno on failure + */ + int (*read_merkle_tree_block)(struct inode *inode, + u64 pos, + struct fsverity_blockbuf *block, + unsigned int log_blocksize, + u64 ra_bytes); + /** * Write a Merkle tree block to the given inode. * @@ -122,6 +175,16 @@ struct fsverity_operations { */ int (*write_merkle_tree_block)(struct inode *inode, const void *buf, u64 pos, unsigned int size); + + /** + * Release the reference to a Merkle tree block + * + * @block: the block to release + * + * This is called when fs-verity is done with a block obtained with + * ->read_merkle_tree_block(). + */ + void (*drop_block)(struct fsverity_blockbuf *block); }; #ifdef CONFIG_FS_VERITY @@ -175,6 +238,8 @@ int fsverity_ioctl_read_metadata(struct file *filp, const void __user *uarg); bool fsverity_verify_blocks(struct folio *folio, size_t len, size_t offset); void fsverity_verify_bio(struct bio *bio); void fsverity_enqueue_verify_work(struct work_struct *work); +void fsverity_invalidate_block(struct inode *inode, + struct fsverity_blockbuf *block); #else /* !CONFIG_FS_VERITY */ From patchwork Mon Mar 4 19:10:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13581032 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 968F879927 for ; Mon, 4 Mar 2024 19:12:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579544; cv=none; b=GNtHlRIDluSt7etSEDUyee9Ykj8S2cHOIoPIzqS6v75vBZnnO4TDpVzwZ68xzaVqucNCu74ZGkaYK0+yhgb+aHVq4vcW2bfxZhHlLPTa3a0OmJgjI3Gd0ZSmlZSTTPp53uFDiKtAqIHmSlggkKa8y6paVMtXOSwlmcyczQnKYxk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579544; c=relaxed/simple; bh=sDEThmqM++bMzqlKwK8x625GnHfcmb9hJfMfz6jgYZk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=RpZ+VJiRZhrU7W06ky9kpNQlyVdIfRrDhY+aRAGA6vZ19/HdTlutwnb1c324kQQ2y1Xpw0wPtAuJsxPn6eX/fj+u3ExHYSbYnS+LBNv27bt3A0H821OGCqFlY16Ynt16jCh7V5zfREBxzXD1xGmd7SoOA1IVFqItGpOhUUAXlUk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=CcKKciCb; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="CcKKciCb" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709579541; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=graH8ZPzxtQsrhXogzHScmOx9ifMSR2CUgJkhEM1Cxs=; b=CcKKciCbjXLmMJS5LkA3SWclW1XcqLMniZG9z2pAsNDFN7k+BkO5U90TMHZvAVE+QSe2si Qwy6EXEFk9EmdzPixVfVEzbvCUmY+uOA3SLdHHQROm8YKAIrXxrXod9/Nw2khPdOJr/haA e68pUb/zaR3BkreCaZLOBai/MYHIdGg= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-164-18JOiBcLNna9O-DPZPjE4g-1; Mon, 04 Mar 2024 14:12:20 -0500 X-MC-Unique: 18JOiBcLNna9O-DPZPjE4g-1 Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-a45095f33fdso185609066b.0 for ; Mon, 04 Mar 2024 11:12:20 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709579539; x=1710184339; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=graH8ZPzxtQsrhXogzHScmOx9ifMSR2CUgJkhEM1Cxs=; b=a+dwdixpp5L/8IaGBlMzrB4goIBQzQbQlgnWY9yU9DqYJ5cfCgwLkIrPT5UTvEwhqS z/T7gDfgV70l4mhO6Z0P/pM8SLLEdLdSv7K6NRsjEgi92zl3Ak+mdyhEuRjIIooO5CFW tp5uTVRw71/mgzWGufpIhlOTG5jSzTg3ASByLKWTvR/0VKeRjdCJRc1IJWHSc6o6Idsc 8/EO0q3Ho7qNPRFNkSxjKlsU4idEKoK7yyhqgu5nHqPtrZjGMM4mrNd2PfDysWFtLVdL k6sv+Lo+KJMtaN93mJxYoYgvdFWk4Kx3AcaCqWLdoWsiXPF9TYQHY9Y0ZOn+M0QjcboT h7gg== X-Forwarded-Encrypted: i=1; AJvYcCWtkt3PQcEhqB6F3ECwYlYKMeBeGSTgwN6mMvFyu47BSYw8RY34g20MJyCVrlZyRMnNQLUS9vVxtK85R0T7p5R1IdwmOGKyGPQ/35wMOQ== X-Gm-Message-State: AOJu0YzQPjZGlAFAToMGBo7U+cT9c3/f0auQXAVLvu26Vn6HyFCVFrph AkirSeg+lHNiw8+/7KPCODqnPg/899jqi+6vWcESsReIcuj9bxD7NrsBdHT+lDt4fjeDBaDRO6a JFqjDYA4wavsjtk+9VZ4kFpI24N1jnIfDI6nWo9lznwgO3moBw1zaHmjRptW/iA== X-Received: by 2002:a17:906:d95:b0:a45:6d38:60aa with SMTP id m21-20020a1709060d9500b00a456d3860aamr399033eji.30.1709579539070; Mon, 04 Mar 2024 11:12:19 -0800 (PST) X-Google-Smtp-Source: AGHT+IGzsPizPQwgDmQjOA0fvjsoFryAmLstNe6rEfScpBzV8bLlIXJnNFMQAze9lhLTuBX2T/E13Q== X-Received: by 2002:a17:906:d95:b0:a45:6d38:60aa with SMTP id m21-20020a1709060d9500b00a456d3860aamr398975eji.30.1709579538451; Mon, 04 Mar 2024 11:12:18 -0800 (PST) Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id a11-20020a1709064a4b00b00a44a04aa3cfsm3783319ejv.225.2024.03.04.11.12.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 11:12:17 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v5 08/24] fsverity: add per-sb workqueue for post read processing Date: Mon, 4 Mar 2024 20:10:31 +0100 Message-ID: <20240304191046.157464-10-aalbersh@redhat.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20240304191046.157464-2-aalbersh@redhat.com> References: <20240304191046.157464-2-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 For XFS, fsverity's global workqueue is not really suitable due to: 1. High priority workqueues are used within XFS to ensure that data IO completion cannot stall processing of journal IO completions. Hence using a WQ_HIGHPRI workqueue directly in the user data IO path is a potential filesystem livelock/deadlock vector. 2. The fsverity workqueue is global - it creates a cross-filesystem contention point. This patch adds per-filesystem, per-cpu workqueue for fsverity work. This allows iomap to add verification work in the read path on BIO completion. Signed-off-by: Andrey Albershteyn --- fs/super.c | 7 +++++++ include/linux/fs.h | 2 ++ include/linux/fsverity.h | 22 ++++++++++++++++++++++ 3 files changed, 31 insertions(+) diff --git a/fs/super.c b/fs/super.c index d6efeba0d0ce..03795ee4d9b9 100644 --- a/fs/super.c +++ b/fs/super.c @@ -637,6 +637,13 @@ void generic_shutdown_super(struct super_block *sb) sb->s_dio_done_wq = NULL; } +#ifdef CONFIG_FS_VERITY + if (sb->s_read_done_wq) { + destroy_workqueue(sb->s_read_done_wq); + sb->s_read_done_wq = NULL; + } +#endif + if (sop->put_super) sop->put_super(sb); diff --git a/include/linux/fs.h b/include/linux/fs.h index 1fbc72c5f112..5863519ffd51 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1223,6 +1223,8 @@ struct super_block { #endif #ifdef CONFIG_FS_VERITY const struct fsverity_operations *s_vop; + /* Completion queue for post read verification */ + struct workqueue_struct *s_read_done_wq; #endif #if IS_ENABLED(CONFIG_UNICODE) struct unicode_map *s_encoding; diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h index 0973b521ac5a..45b7c613148a 100644 --- a/include/linux/fsverity.h +++ b/include/linux/fsverity.h @@ -241,6 +241,22 @@ void fsverity_enqueue_verify_work(struct work_struct *work); void fsverity_invalidate_block(struct inode *inode, struct fsverity_blockbuf *block); +static inline int fsverity_set_ops(struct super_block *sb, + const struct fsverity_operations *ops) +{ + sb->s_vop = ops; + + /* Create per-sb workqueue for post read bio verification */ + struct workqueue_struct *wq = alloc_workqueue( + "pread/%s", (WQ_FREEZABLE | WQ_MEM_RECLAIM), 0, sb->s_id); + if (!wq) + return -ENOMEM; + + sb->s_read_done_wq = wq; + + return 0; +} + #else /* !CONFIG_FS_VERITY */ static inline struct fsverity_info *fsverity_get_info(const struct inode *inode) @@ -318,6 +334,12 @@ static inline void fsverity_enqueue_verify_work(struct work_struct *work) WARN_ON_ONCE(1); } +static inline int fsverity_set_ops(struct super_block *sb, + const struct fsverity_operations *ops) +{ + return -EOPNOTSUPP; +} + #endif /* !CONFIG_FS_VERITY */ static inline bool fsverity_verify_folio(struct folio *folio) From patchwork Mon Mar 4 19:10:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13581034 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 784CD7AE53 for ; Mon, 4 Mar 2024 19:12:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579545; cv=none; b=FpiPqSquW6a60Cal8eAXA8NOrLXoDlSSBhFUs5l3+CSK5EDAC5yvfJaKSKSVTvefjovPI2R++Yz2KKCt5Jb4/HLHSPg6IskVwh7L8L3VN3z1/ppLJsYWMVc6h593cUanYhF9ixgDbbtH4681ZWDTky5DaF2oHbw0CO/NNddd96o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579545; c=relaxed/simple; bh=i1ofJYNBQYpDqkpf0knoA0oObWG+MRkgoeU7vYMM0x8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=B0q5grjDhljYntrKrxLlPgG7mkPIMJ4Vu4yHY8hbFa4xVD3yOA1IA0H4PrpFo1xhw6M/SnxRoCKZipDi57HkWAd9QNWZVQolRlH755hmMtTo1GjiG3d5dJnzjjULSDp51YUSCVg1Fh+i8GTW3nC7cEI69QvjD9QNBKt11AvXe7o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=UnhPFYe/; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="UnhPFYe/" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709579542; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rTI/symwuDCz2/BvbwsjBj7TSJADKxHjfQbz12pqk8c=; b=UnhPFYe/WGPbfrWRHfRXDLtu7OzpauBbWewys5Mmiq5aKdmlfbeNhoZQVlgmW4PQ3V5KcL fgKKqrvMnlns3JrWMDHDzb+CN7pncogYA/B7xp18XtG3oLvREIG6nkfKFPCtuYYDh6ZLfj uZQxYh7eJeb08LTC0QVf75QReQ0VR0U= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-102-5ziQQnFHNpeapApc5LjL6Q-1; Mon, 04 Mar 2024 14:12:21 -0500 X-MC-Unique: 5ziQQnFHNpeapApc5LjL6Q-1 Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-a448cfe2266so371144366b.2 for ; Mon, 04 Mar 2024 11:12:20 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709579540; x=1710184340; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rTI/symwuDCz2/BvbwsjBj7TSJADKxHjfQbz12pqk8c=; b=jnFR/o/pMg2ut2lGma+dFHuWY+dCqQ51BQl3bd1rN/te0qzp8bXq1HJWNIsvnlBWdK G7vNfgTFyEd/Ph5gQabNZpkA//rRJTU2v73Sp5SwO8SDekWocYfqFqwwDEs406/mQMSo bWO9Vhmcp2CnlwZ6zJzgZCJHakbX7Lo25IxjjcYzl1zL4uXzgMZkH7DAFJ2JArk4OgWZ gIGayVitQNx10nD6D1AgUXRqSSDFqLY9LkVvqufmc1+DulwVtNChto+/cV0VjmfJu3WQ adHybz9wlEI/Pbq39YUoovodSnn8VRwubARqQc6cmLtkczjswlkbV0xE2ko8UObt4Lpc AxPA== X-Forwarded-Encrypted: i=1; AJvYcCXYoW8ri/wZTdsv+Y6owZYAxdLpemWJgUTNF6+9J31XcCXSCqcDwM9uvi6KyyWbifU5tW0+JMm90qzpJTv12ZQYlDbDeNmXMUkKtWt5Xg== X-Gm-Message-State: AOJu0YwNGwoHtlxA3uhUHhfpMNTVEW1SAnkXuP+siSCJfyiefD6QCq4v 1KQxLBXVy1VZFVeegnNikPHtHyq9+6+KXChFvzUpVBsE2QXQ3LN7vPbtRkbvAqwdfvlBX+qsJin Qpi4w25YDhbnRt7mYOEGNaOzNYWu7hOL1xTriyinRj9qE5SCuVkiazlVOYdOf7A== X-Received: by 2002:a17:906:4558:b0:a43:9857:8112 with SMTP id s24-20020a170906455800b00a4398578112mr7269263ejq.20.1709579539809; Mon, 04 Mar 2024 11:12:19 -0800 (PST) X-Google-Smtp-Source: AGHT+IHQpz2FH9WjfaOuXPTLwhSfJSvmfQpibE0LEmBwBUsLCZzxRvN9RYWQAdB3hv4zNVK4Zc7VPg== X-Received: by 2002:a17:906:4558:b0:a43:9857:8112 with SMTP id s24-20020a170906455800b00a4398578112mr7269240ejq.20.1709579539331; Mon, 04 Mar 2024 11:12:19 -0800 (PST) Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id a11-20020a1709064a4b00b00a44a04aa3cfsm3783319ejv.225.2024.03.04.11.12.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 11:12:19 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v5 09/24] fsverity: add tracepoints Date: Mon, 4 Mar 2024 20:10:32 +0100 Message-ID: <20240304191046.157464-11-aalbersh@redhat.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20240304191046.157464-2-aalbersh@redhat.com> References: <20240304191046.157464-2-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 fs-verity previously had debug printk but it was removed. This patch adds trace points to the same places where printk were used (with a few additional ones). Signed-off-by: Andrey Albershteyn --- MAINTAINERS | 1 + fs/verity/enable.c | 3 + fs/verity/fsverity_private.h | 2 + fs/verity/init.c | 1 + fs/verity/signature.c | 2 + fs/verity/verify.c | 7 ++ include/trace/events/fsverity.h | 181 ++++++++++++++++++++++++++++++++ 7 files changed, 197 insertions(+) create mode 100644 include/trace/events/fsverity.h diff --git a/MAINTAINERS b/MAINTAINERS index 2ecaaec6a6bf..49888dd5cbbd 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -8745,6 +8745,7 @@ T: git https://git.kernel.org/pub/scm/fs/fsverity/linux.git F: Documentation/filesystems/fsverity.rst F: fs/verity/ F: include/linux/fsverity.h +F: include/trace/events/fsverity.h F: include/uapi/linux/fsverity.h FT260 FTDI USB-HID TO I2C BRIDGE DRIVER diff --git a/fs/verity/enable.c b/fs/verity/enable.c index 04e060880b79..945eba0092ab 100644 --- a/fs/verity/enable.c +++ b/fs/verity/enable.c @@ -227,6 +227,8 @@ static int enable_verity(struct file *filp, if (err) goto out; + trace_fsverity_enable(inode, desc, ¶ms); + /* * Start enabling verity on this file, serialized by the inode lock. * Fail if verity is already enabled or is already being enabled. @@ -255,6 +257,7 @@ static int enable_verity(struct file *filp, fsverity_err(inode, "Error %d building Merkle tree", err); goto rollback; } + trace_fsverity_tree_done(inode, desc, ¶ms); /* * Create the fsverity_info. Don't bother trying to save work by diff --git a/fs/verity/fsverity_private.h b/fs/verity/fsverity_private.h index dad33e6ff0d6..fd8f5a8d1f6a 100644 --- a/fs/verity/fsverity_private.h +++ b/fs/verity/fsverity_private.h @@ -162,4 +162,6 @@ void __init fsverity_init_workqueue(void); void fsverity_drop_block(struct inode *inode, struct fsverity_blockbuf *block); +#include + #endif /* _FSVERITY_PRIVATE_H */ diff --git a/fs/verity/init.c b/fs/verity/init.c index cb2c9aac61ed..3769d2dc9e3b 100644 --- a/fs/verity/init.c +++ b/fs/verity/init.c @@ -5,6 +5,7 @@ * Copyright 2019 Google LLC */ +#define CREATE_TRACE_POINTS #include "fsverity_private.h" #include diff --git a/fs/verity/signature.c b/fs/verity/signature.c index 90c07573dd77..c1f08bb32ed1 100644 --- a/fs/verity/signature.c +++ b/fs/verity/signature.c @@ -53,6 +53,8 @@ int fsverity_verify_signature(const struct fsverity_info *vi, struct fsverity_formatted_digest *d; int err; + trace_fsverity_verify_signature(inode, signature, sig_size); + if (sig_size == 0) { if (fsverity_require_signatures) { fsverity_err(inode, diff --git a/fs/verity/verify.c b/fs/verity/verify.c index de71911d400c..614776e7a2b6 100644 --- a/fs/verity/verify.c +++ b/fs/verity/verify.c @@ -118,6 +118,7 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, /* Byte offset of the wanted hash relative to @addr */ unsigned int hoffset; } hblocks[FS_VERITY_MAX_LEVELS]; + trace_fsverity_verify_block(inode, data_pos); /* * The index of the previous level's block within that level; also the * index of that block's hash within the current level. @@ -215,6 +216,8 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, if (is_hash_block_verified(inode, block, hblock_idx)) { memcpy(_want_hash, block->kaddr + hoffset, hsize); want_hash = _want_hash; + trace_fsverity_merkle_tree_block_verified(inode, + block, FSVERITY_TRACE_DIR_ASCEND); fsverity_drop_block(inode, block); goto descend; } @@ -248,6 +251,8 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, SetPageChecked(hpage); memcpy(_want_hash, haddr + hoffset, hsize); want_hash = _want_hash; + trace_fsverity_merkle_tree_block_verified(inode, block, + FSVERITY_TRACE_DIR_DESCEND); fsverity_drop_block(inode, block); } @@ -405,6 +410,8 @@ void fsverity_invalidate_block(struct inode *inode, struct fsverity_info *vi = inode->i_verity_info; const unsigned int log_blocksize = vi->tree_params.log_blocksize; + trace_fsverity_invalidate_block(inode, block); + if (block->offset > vi->tree_params.tree_size) { fsverity_err(inode, "Trying to invalidate beyond Merkle tree (tree %lld, offset %lld)", diff --git a/include/trace/events/fsverity.h b/include/trace/events/fsverity.h new file mode 100644 index 000000000000..82966ecc5722 --- /dev/null +++ b/include/trace/events/fsverity.h @@ -0,0 +1,181 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#undef TRACE_SYSTEM +#define TRACE_SYSTEM fsverity + +#if !defined(_TRACE_FSVERITY_H) || defined(TRACE_HEADER_MULTI_READ) +#define _TRACE_FSVERITY_H + +#include + +struct fsverity_descriptor; +struct merkle_tree_params; +struct fsverity_info; + +#define FSVERITY_TRACE_DIR_ASCEND (1ul << 0) +#define FSVERITY_TRACE_DIR_DESCEND (1ul << 1) +#define FSVERITY_HASH_SHOWN_LEN 20 + +TRACE_EVENT(fsverity_enable, + TP_PROTO(struct inode *inode, struct fsverity_descriptor *desc, + struct merkle_tree_params *params), + TP_ARGS(inode, desc, params), + TP_STRUCT__entry( + __field(ino_t, ino) + __field(u64, data_size) + __field(unsigned int, block_size) + __field(unsigned int, num_levels) + __field(u64, tree_size) + ), + TP_fast_assign( + __entry->ino = inode->i_ino; + __entry->data_size = desc->data_size; + __entry->block_size = params->block_size; + __entry->num_levels = params->num_levels; + __entry->tree_size = params->tree_size; + ), + TP_printk("ino %lu data size %llu tree size %llu block size %u levels %u", + (unsigned long) __entry->ino, + __entry->data_size, + __entry->tree_size, + __entry->block_size, + __entry->num_levels) +); + +TRACE_EVENT(fsverity_tree_done, + TP_PROTO(struct inode *inode, struct fsverity_descriptor *desc, + struct merkle_tree_params *params), + TP_ARGS(inode, desc, params), + TP_STRUCT__entry( + __field(ino_t, ino) + __field(unsigned int, levels) + __field(unsigned int, tree_blocks) + __field(u64, tree_size) + __array(u8, tree_hash, 64) + ), + TP_fast_assign( + __entry->ino = inode->i_ino; + __entry->levels = params->num_levels; + __entry->tree_blocks = + params->tree_size >> params->log_blocksize; + __entry->tree_size = params->tree_size; + memcpy(__entry->tree_hash, desc->root_hash, 64); + ), + TP_printk("ino %lu levels %d tree_blocks %d tree_size %lld root_hash %s", + (unsigned long) __entry->ino, + __entry->levels, + __entry->tree_blocks, + __entry->tree_size, + __print_hex(__entry->tree_hash, 64)) +); + +TRACE_EVENT(fsverity_verify_block, + TP_PROTO(struct inode *inode, u64 offset), + TP_ARGS(inode, offset), + TP_STRUCT__entry( + __field(ino_t, ino) + __field(u64, offset) + __field(unsigned int, block_size) + ), + TP_fast_assign( + __entry->ino = inode->i_ino; + __entry->offset = offset; + __entry->block_size = + inode->i_verity_info->tree_params.block_size; + ), + TP_printk("ino %lu data offset %lld data block size %u", + (unsigned long) __entry->ino, + __entry->offset, + __entry->block_size) +); + +TRACE_EVENT(fsverity_merkle_tree_block_verified, + TP_PROTO(struct inode *inode, + struct fsverity_blockbuf *block, + u8 direction), + TP_ARGS(inode, block, direction), + TP_STRUCT__entry( + __field(ino_t, ino) + __field(u64, offset) + __field(u8, direction) + ), + TP_fast_assign( + __entry->ino = inode->i_ino; + __entry->offset = block->offset; + __entry->direction = direction; + ), + TP_printk("ino %lu block offset %llu %s", + (unsigned long) __entry->ino, + __entry->offset, + __entry->direction == 0 ? "ascend" : "descend") +); + +TRACE_EVENT(fsverity_invalidate_block, + TP_PROTO(struct inode *inode, struct fsverity_blockbuf *block), + TP_ARGS(inode, block), + TP_STRUCT__entry( + __field(ino_t, ino) + __field(u64, offset) + __field(unsigned int, block_size) + ), + TP_fast_assign( + __entry->ino = inode->i_ino; + __entry->offset = block->offset; + __entry->block_size = block->size; + ), + TP_printk("ino %lu block position %llu block size %u", + (unsigned long) __entry->ino, + __entry->offset, + __entry->block_size) +); + +TRACE_EVENT(fsverity_read_merkle_tree_block, + TP_PROTO(struct inode *inode, u64 offset, unsigned int log_blocksize), + TP_ARGS(inode, offset, log_blocksize), + TP_STRUCT__entry( + __field(ino_t, ino) + __field(u64, offset) + __field(u64, index) + __field(unsigned int, block_size) + ), + TP_fast_assign( + __entry->ino = inode->i_ino; + __entry->offset = offset; + __entry->index = offset >> log_blocksize; + __entry->block_size = 1 << log_blocksize; + ), + TP_printk("ino %lu tree offset %llu block index %llu block hize %u", + (unsigned long) __entry->ino, + __entry->offset, + __entry->index, + __entry->block_size) +); + +TRACE_EVENT(fsverity_verify_signature, + TP_PROTO(const struct inode *inode, const u8 *signature, size_t sig_size), + TP_ARGS(inode, signature, sig_size), + TP_STRUCT__entry( + __field(ino_t, ino) + __dynamic_array(u8, signature, sig_size) + __field(size_t, sig_size) + __field(size_t, sig_size_show) + ), + TP_fast_assign( + __entry->ino = inode->i_ino; + memcpy(__get_dynamic_array(signature), signature, sig_size); + __entry->sig_size = sig_size; + __entry->sig_size_show = (sig_size > FSVERITY_HASH_SHOWN_LEN ? + FSVERITY_HASH_SHOWN_LEN : sig_size); + ), + TP_printk("ino %lu sig_size %lu %s%s%s", + (unsigned long) __entry->ino, + __entry->sig_size, + (__entry->sig_size ? "sig " : ""), + __print_hex(__get_dynamic_array(signature), + __entry->sig_size_show), + (__entry->sig_size ? "..." : "")) +); + +#endif /* _TRACE_FSVERITY_H */ + +/* This part must be outside protection */ +#include From patchwork Mon Mar 4 19:10:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13581036 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2CA667A715 for ; Mon, 4 Mar 2024 19:12:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579547; cv=none; b=bo9O34fc7KI3WElxrxNsYNhMILGtoeApuyjfIu2phgDXXTOb2+/scLQWjtxaP73zeJ/WMworwNUbLtVcdOZjA5awqlMe8KqLYTILQgBBtLz1TSB13Z+8Hq1AtMOc/ocPv/pLu01zBRzd67CSV1vYWrtLpJhJWXMhAWTC8M/Hedk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579547; c=relaxed/simple; bh=Vt7WvP2XhADPbA/qo1mYoxhY+7xb8p2lGDruDcXdPMo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=BNh4VKHwAcY1qtdvr/r+qs6IFQdQi2hhMyeKS4c5j72lbC8PI6VL0SnVlJ5D5te1XK9sn8DhCoucVdgw3e8p6CzO+vaHYkyjA3ca0n6kL4x0B7zvqe0qAm0hSsENk8cEtEpMJkQ0PFrXDDjbSdJHQlCO2TAFZm9LSLGpNNlgrQs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=Sf5scRNu; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="Sf5scRNu" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709579543; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2/shyD/zHMRWtd9bWbKxXT0byjIZQKYEyRELvQZ4LTg=; b=Sf5scRNuWiA6yiOrDfY5VVTOllNe9WI8PcJq5afUyWM+kJWcQBrYv6+uKoPlgH3fs824zG nj3m3MJrqvEnqHkyTcF/38Oir0INSuhzqAQwVH6FqVMwK4q8mO9xaygKcw8F1T8knYWrdd rFV2kIviwA62IoqQaYfUs/hmftnlLIA= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-108-eFq-ck9XPeOr_ru1zJZKBA-1; Mon, 04 Mar 2024 14:12:21 -0500 X-MC-Unique: eFq-ck9XPeOr_ru1zJZKBA-1 Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-a449be9db59so197161366b.1 for ; Mon, 04 Mar 2024 11:12:21 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709579540; x=1710184340; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2/shyD/zHMRWtd9bWbKxXT0byjIZQKYEyRELvQZ4LTg=; b=GPB4V2OBbMbmEsEhnBuSq/jpE9fOQxKoL1L7/P/kZ/RINb0LAlriyw6EoM5WrNosto wuja3wd7cUac3UULmLYlmDvsJjuP8sa+Q1PhA3eXUZsowZAmMZtknGwlngSS/kugsuAp f5LBf5ViPNEZ63GdmmBMmvLiq1R/Uj3nJ3xRN7Z4MAy1pLo6NRR499Awa4w+w4lnDP+y HlaQoXFE+qUUIeODc3dQY4V+LO+3NXk/wEi4/uQwaHWIsBH+EV85yQb35f68Akk4UY4e 5fK+CNyjqKibUhOzXeNNBi7ZKXEjG3wOF61FfB++ty/nuJ4KiqGTTU3ZSevj2whHmPX7 +/tg== X-Forwarded-Encrypted: i=1; AJvYcCVc0DVQW8ti98nZ6R+VNqjJbeJFjWssZaVZAIwnyrX8J2Z2huK0kR5+KxT/lEvs9Ulq4r6UFEpQCKdLSi79uhKGD+qUDTY6HNuFAb9cXA== X-Gm-Message-State: AOJu0YxGeaovb55DPvP5FaxLR7xHbbZoW31RO0c7P2VUwPgdCWZwQfx/ Z3hmVpHAko17eHReMmvWcSje+nIkIhmuco0w6XdFFc/lCVPeh7bDFf8kScKy7l2yUWEXnCvDvX9 pZp22oWPkxD55liDLoVT1OInEgEghwwQPjXjEYhNbWaTpWBaKfr8PJE5qk1dMkw== X-Received: by 2002:a17:907:20b9:b0:a3d:4ed8:f5bf with SMTP id pw25-20020a17090720b900b00a3d4ed8f5bfmr5798151ejb.2.1709579540391; Mon, 04 Mar 2024 11:12:20 -0800 (PST) X-Google-Smtp-Source: AGHT+IEZJKgr6p4QAsWxEf89MCCY1JTA2uvYFezCjzZbDgLzFJTT4VF+2CzblpR+va0nmjLJBQhYdw== X-Received: by 2002:a17:907:20b9:b0:a3d:4ed8:f5bf with SMTP id pw25-20020a17090720b900b00a3d4ed8f5bfmr5798135ejb.2.1709579540109; Mon, 04 Mar 2024 11:12:20 -0800 (PST) Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id a11-20020a1709064a4b00b00a44a04aa3cfsm3783319ejv.225.2024.03.04.11.12.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 11:12:19 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn , Christoph Hellwig Subject: [PATCH v5 10/24] iomap: integrate fs-verity verification into iomap's read path Date: Mon, 4 Mar 2024 20:10:33 +0100 Message-ID: <20240304191046.157464-12-aalbersh@redhat.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20240304191046.157464-2-aalbersh@redhat.com> References: <20240304191046.157464-2-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This patch adds fs-verity verification into iomap's read path. After BIO's io operation is complete the data are verified against fs-verity's Merkle tree. Verification work is done in a separate workqueue. The read path ioend iomap_read_ioend are stored side by side with BIOs if FS_VERITY is enabled. Signed-off-by: Andrey Albershteyn Signed-off-by: Christoph Hellwig --- fs/iomap/buffered-io.c | 92 +++++++++++++++++++++++++++++++++++++----- 1 file changed, 83 insertions(+), 9 deletions(-) diff --git a/fs/iomap/buffered-io.c b/fs/iomap/buffered-io.c index 093c4515b22a..e27a8af4b351 100644 --- a/fs/iomap/buffered-io.c +++ b/fs/iomap/buffered-io.c @@ -6,6 +6,7 @@ #include #include #include +#include #include #include #include @@ -330,6 +331,56 @@ static inline bool iomap_block_needs_zeroing(const struct iomap_iter *iter, pos >= i_size_read(iter->inode); } +#ifdef CONFIG_FS_VERITY +struct iomap_fsverity_bio { + struct work_struct work; + struct bio bio; +}; +static struct bio_set iomap_fsverity_bioset; + +static void +iomap_read_fsverify_end_io_work(struct work_struct *work) +{ + struct iomap_fsverity_bio *fbio = + container_of(work, struct iomap_fsverity_bio, work); + + fsverity_verify_bio(&fbio->bio); + iomap_read_end_io(&fbio->bio); +} + +static void +iomap_read_fsverity_end_io(struct bio *bio) +{ + struct iomap_fsverity_bio *fbio = + container_of(bio, struct iomap_fsverity_bio, bio); + + INIT_WORK(&fbio->work, iomap_read_fsverify_end_io_work); + queue_work(bio->bi_private, &fbio->work); +} +#endif /* CONFIG_FS_VERITY */ + +static struct bio *iomap_read_bio_alloc(struct inode *inode, + struct block_device *bdev, int nr_vecs, gfp_t gfp) +{ + struct bio *bio; + +#ifdef CONFIG_FS_VERITY + if (fsverity_active(inode)) { + bio = bio_alloc_bioset(bdev, nr_vecs, REQ_OP_READ, gfp, + &iomap_fsverity_bioset); + if (bio) { + bio->bi_private = inode->i_sb->s_read_done_wq; + bio->bi_end_io = iomap_read_fsverity_end_io; + } + return bio; + } +#endif + bio = bio_alloc(bdev, nr_vecs, REQ_OP_READ, gfp); + if (bio) + bio->bi_end_io = iomap_read_end_io; + return bio; +} + static loff_t iomap_readpage_iter(const struct iomap_iter *iter, struct iomap_readpage_ctx *ctx, loff_t offset) { @@ -353,6 +404,12 @@ static loff_t iomap_readpage_iter(const struct iomap_iter *iter, if (iomap_block_needs_zeroing(iter, pos)) { folio_zero_range(folio, poff, plen); + if (fsverity_active(iter->inode) && + !fsverity_verify_blocks(folio, plen, poff)) { + folio_set_error(folio); + goto done; + } + iomap_set_range_uptodate(folio, poff, plen); goto done; } @@ -370,28 +427,29 @@ static loff_t iomap_readpage_iter(const struct iomap_iter *iter, !bio_add_folio(ctx->bio, folio, plen, poff)) { gfp_t gfp = mapping_gfp_constraint(folio->mapping, GFP_KERNEL); gfp_t orig_gfp = gfp; - unsigned int nr_vecs = DIV_ROUND_UP(length, PAGE_SIZE); if (ctx->bio) submit_bio(ctx->bio); if (ctx->rac) /* same as readahead_gfp_mask */ gfp |= __GFP_NORETRY | __GFP_NOWARN; - ctx->bio = bio_alloc(iomap->bdev, bio_max_segs(nr_vecs), - REQ_OP_READ, gfp); + + ctx->bio = iomap_read_bio_alloc(iter->inode, iomap->bdev, + bio_max_segs(DIV_ROUND_UP(length, PAGE_SIZE)), + gfp); + /* * If the bio_alloc fails, try it again for a single page to * avoid having to deal with partial page reads. This emulates * what do_mpage_read_folio does. */ if (!ctx->bio) { - ctx->bio = bio_alloc(iomap->bdev, 1, REQ_OP_READ, - orig_gfp); + ctx->bio = iomap_read_bio_alloc(iter->inode, + iomap->bdev, 1, orig_gfp); } if (ctx->rac) ctx->bio->bi_opf |= REQ_RAHEAD; ctx->bio->bi_iter.bi_sector = sector; - ctx->bio->bi_end_io = iomap_read_end_io; bio_add_folio_nofail(ctx->bio, folio, plen, poff); } @@ -471,6 +529,7 @@ static loff_t iomap_readahead_iter(const struct iomap_iter *iter, * iomap_readahead - Attempt to read pages from a file. * @rac: Describes the pages to be read. * @ops: The operations vector for the filesystem. + * @wq: Workqueue for post-I/O processing (only need for fsverity) * * This function is for filesystems to call to implement their readahead * address_space operation. @@ -1996,10 +2055,25 @@ iomap_writepages(struct address_space *mapping, struct writeback_control *wbc, } EXPORT_SYMBOL_GPL(iomap_writepages); +#define IOMAP_POOL_SIZE (4 * (PAGE_SIZE / SECTOR_SIZE)) + static int __init iomap_init(void) { - return bioset_init(&iomap_ioend_bioset, 4 * (PAGE_SIZE / SECTOR_SIZE), - offsetof(struct iomap_ioend, io_inline_bio), - BIOSET_NEED_BVECS); + int error; + + error = bioset_init(&iomap_ioend_bioset, IOMAP_POOL_SIZE, + offsetof(struct iomap_ioend, io_inline_bio), + BIOSET_NEED_BVECS); +#ifdef CONFIG_FS_VERITY + if (error) + return error; + + error = bioset_init(&iomap_fsverity_bioset, IOMAP_POOL_SIZE, + offsetof(struct iomap_fsverity_bio, bio), + BIOSET_NEED_BVECS); + if (error) + bioset_exit(&iomap_ioend_bioset); +#endif + return error; } fs_initcall(iomap_init); From patchwork Mon Mar 4 19:10:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13581035 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9845D7AE6E for ; Mon, 4 Mar 2024 19:12:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579547; cv=none; b=WmE3on9rK6+ewMKmuEvAd2HPsmmnzGfWEyiL8FqKsvflg5vemBzSxYk3IjYsYXg2laNYDme2xqhV9ve0SxVmfp1qDknPAXskiyaTX9s7LaMP/M/vbbCTAwMeMoEsnVQP2/Ra+j6k/99QJJREpeUYacaao6rXTTN7BIGfLngYizg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579547; c=relaxed/simple; bh=HHQ81S2hPxColFzvYzIn9dIw5ty7YjE1Xuf7rj1qYOo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=F+3AHcWP6nJmhF8TihTkUszB0xLvxnSz0Pzp9FtBGBjeH7rSiAlQ9b5CDvfr3vy7pajr0M9xUxOjlEZby1CDZOEy+bDixgxEvrUwwd/jDLrY5nbaWt1qi5q7soR5+uejMHXI0JjWVmzyE0Mx6i+FVx4E1hBUiF/tI3DQ962buLE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=apXf7aSF; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="apXf7aSF" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709579543; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=far6zlrIyHC61tMfvysiCXbI0A2uQYiTQAm6dVAsqUo=; b=apXf7aSFxUbjvNQ2yUFxs9aVuyZ7VB9lKC5LsMQx38r8XOD1JHaWj0b+h5F+i9Eh5ntWVh QhInVC6Ef5UFAztlS0fivJnRb68HPH/8LsaytAP51BE9LirquR+/mwf8Pf2KgHTz7WmEbL 9KSfvTEchNDTVOsmXfDTchIYuKlFwrI= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-695-rHUpvzDpPX69_IewmbGClQ-1; Mon, 04 Mar 2024 14:12:22 -0500 X-MC-Unique: rHUpvzDpPX69_IewmbGClQ-1 Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-a444b9dd222so301739966b.1 for ; Mon, 04 Mar 2024 11:12:21 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709579541; x=1710184341; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=far6zlrIyHC61tMfvysiCXbI0A2uQYiTQAm6dVAsqUo=; b=lWCcMhzId7LjyWWrHQ4vytEFr+dKTMzTg639YbCurqKeGWs6mWQc+OCuFI6VSSJkIi OO1Qz8M5qz8xlyZf1NmOO7FjhUsxRlLdcfCxcL7wyecnAyCM2tTf76GQWNuvTLpoJezU A5KtcpIJh14Dc1oU431gvozz5WGjsZuGbO7fNo4jqCLNn+7s0ekxHzJNztVLiJmbUBc0 uB37BX+v/R84DfZOBk8xWYDT0pt1y2yH1heWb8cWua1siq/lr07iaKSMwqaFI/spXAG4 jICu5ZE8N8n98wS7ZOh1w6U0lGCi4GFWmVs6jVdCEUa+B6xKwH0qtPA9gcMSRNgoy2zH luFw== X-Forwarded-Encrypted: i=1; AJvYcCVfyVhCoeyMKRYaD5HBWY2m3KGZKUVDxtOB9ez+qUFnlYx5GSTkHIZ5ojvmocEIIWqnhbFHe5DxEW/BpoldeoRruWRdaeN34IZGkFm11g== X-Gm-Message-State: AOJu0YyHwZLqAEE1HJvVDKOp2Ccg7FvF+AzsYYCbz7JasPnbLACwFhl1 yPPrNkT2QUM5xyZdyjDDd59gKCrwye25Xu+X9Bj28avas5MFcwp+s7B8YgU6Wx8cocAJTGbjbzI qNVbBDwf0rW2i4SmH96E9pOqNLZBt4Q5D58+AjuDvfYbMpIqmmoRoV8vnbJTKeg== X-Received: by 2002:a17:906:3508:b0:a44:d042:887b with SMTP id r8-20020a170906350800b00a44d042887bmr4066256eja.8.1709579541047; Mon, 04 Mar 2024 11:12:21 -0800 (PST) X-Google-Smtp-Source: AGHT+IEk7B3tup0Er2HlIPaQGDDhxylodjsavVO98JJAa6+X9m5TWmampICNTZgEFh4QY5BNyEOlZw== X-Received: by 2002:a17:906:3508:b0:a44:d042:887b with SMTP id r8-20020a170906350800b00a44d042887bmr4066253eja.8.1709579540844; Mon, 04 Mar 2024 11:12:20 -0800 (PST) Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id a11-20020a1709064a4b00b00a44a04aa3cfsm3783319ejv.225.2024.03.04.11.12.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 11:12:20 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v5 11/24] xfs: add XBF_VERITY_SEEN xfs_buf flag Date: Mon, 4 Mar 2024 20:10:34 +0100 Message-ID: <20240304191046.157464-13-aalbersh@redhat.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20240304191046.157464-2-aalbersh@redhat.com> References: <20240304191046.157464-2-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 One of essential ideas of fs-verity is that pages which are already verified won't need to be re-verified if they still in page cache. XFS will store Merkle tree blocks in extended file attributes. When read extended attribute data is put into xfs_buf. fs-verity uses PG_checked flag to track status of the blocks in the page. This flag can has two meanings - page was re-instantiated and the only block in the page is verified. However, in XFS, the data in the buffer is not aligned with xfs_buf pages and we don't have a reference to these pages. Moreover, these pages are released when value is copied out in xfs_attr code. In other words, we can not directly mark underlying xfs_buf's pages as verified as it's done by fs-verity for other filesystems. One way to track that these pages were processed by fs-verity is to mark buffer as verified instead. If buffer is evicted the incore XBF_VERITY_SEEN flag is lost. When the xattr is read again xfs_attr_get() returns new buffer without the flag. The xfs_buf's flag is then used to tell fs-verity this buffer was cached or not. The second state indicated by PG_checked is if the only block in the PAGE is verified. This is not the case for XFS as there could be multiple blocks in single buffer (page size 64k block size 4k). This is handled by fs-verity bitmap. fs-verity is always uses bitmap for XFS despite of Merkle tree block size. The meaning of the flag is that value of the extended attribute in the buffer is processed by fs-verity. Signed-off-by: Andrey Albershteyn --- fs/xfs/xfs_buf.h | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/fs/xfs/xfs_buf.h b/fs/xfs/xfs_buf.h index 73249abca968..2a73918193ba 100644 --- a/fs/xfs/xfs_buf.h +++ b/fs/xfs/xfs_buf.h @@ -24,14 +24,15 @@ struct xfs_buf; #define XFS_BUF_DADDR_NULL ((xfs_daddr_t) (-1LL)) -#define XBF_READ (1u << 0) /* buffer intended for reading from device */ -#define XBF_WRITE (1u << 1) /* buffer intended for writing to device */ -#define XBF_READ_AHEAD (1u << 2) /* asynchronous read-ahead */ -#define XBF_NO_IOACCT (1u << 3) /* bypass I/O accounting (non-LRU bufs) */ -#define XBF_ASYNC (1u << 4) /* initiator will not wait for completion */ -#define XBF_DONE (1u << 5) /* all pages in the buffer uptodate */ -#define XBF_STALE (1u << 6) /* buffer has been staled, do not find it */ -#define XBF_WRITE_FAIL (1u << 7) /* async writes have failed on this buffer */ +#define XBF_READ (1u << 0) /* buffer intended for reading from device */ +#define XBF_WRITE (1u << 1) /* buffer intended for writing to device */ +#define XBF_READ_AHEAD (1u << 2) /* asynchronous read-ahead */ +#define XBF_NO_IOACCT (1u << 3) /* bypass I/O accounting (non-LRU bufs) */ +#define XBF_ASYNC (1u << 4) /* initiator will not wait for completion */ +#define XBF_DONE (1u << 5) /* all pages in the buffer uptodate */ +#define XBF_STALE (1u << 6) /* buffer has been staled, do not find it */ +#define XBF_WRITE_FAIL (1u << 7) /* async writes have failed on this buffer */ +#define XBF_VERITY_SEEN (1u << 8) /* buffer was processed by fs-verity */ /* buffer type flags for write callbacks */ #define _XBF_INODES (1u << 16)/* inode buffer */ @@ -65,6 +66,7 @@ typedef unsigned int xfs_buf_flags_t; { XBF_DONE, "DONE" }, \ { XBF_STALE, "STALE" }, \ { XBF_WRITE_FAIL, "WRITE_FAIL" }, \ + { XBF_VERITY_SEEN, "VERITY_SEEN" }, \ { _XBF_INODES, "INODES" }, \ { _XBF_DQUOTS, "DQUOTS" }, \ { _XBF_LOGRECOVERY, "LOG_RECOVERY" }, \ From patchwork Mon Mar 4 19:10:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13581038 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 16BBA7A738 for ; Mon, 4 Mar 2024 19:12:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579548; cv=none; b=GWyETED9yi+YUQ36EGO9B5YOnIHwIqKdXvskxmRhAUQx7SY/HISJn+PPM8NfKjwjIAdve/4hUkF0xYc9sspNL9VQCdU4NMPBpFdh++FlzYqGXPjE+O1/q3ZLDpU/gbmwoG+4Qe2dOJpav6/iQ24vfZ62XeBy59OGUmxcQOibWjc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579548; c=relaxed/simple; bh=9uF/gGYjOQ5Ye08pQkNJ3SDKEd0FLQXNLEu3pluKIXQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=pbRDJzC4R19NjD/PQJb5BO7XO8mbn4t0yoc7emhgRQZojZIis5rDhSwRRyfsDwxMvqMUiPQNLFV8fVqUisdP7IFDocVN6xR6PoJ3B72nNsIQjhOKjvuARsXPpI2D34ItxqsrVrKhpSgVaCVk/eTCsXBrGZ/v4ylDZSAvpZy5TZ0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=AEWv/xvF; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="AEWv/xvF" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709579546; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xmDanQiWXuoYzgvi/CRZldtSQVaE9CKTrb+6HTaNdLk=; b=AEWv/xvFBgVrZFXqIrm4oyFlqaj/OYtru4uZcYChQbclfO8zT3DAmcRQoC/nczWaNtI/4d AjC01FOLK8/DtBb+gW7wcL8SPsKkQsYeTWow9MzihlmdOhktopZqwMQ5irH9dU9+XKtqtU Y6F3Y6R60/xCR763eblVzUE7kORHO0g= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-155-t5oyOBZBOBS-qsPPlR4ihQ-1; Mon, 04 Mar 2024 14:12:23 -0500 X-MC-Unique: t5oyOBZBOBS-qsPPlR4ihQ-1 Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-a4585db429bso37602066b.0 for ; Mon, 04 Mar 2024 11:12:23 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709579542; x=1710184342; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xmDanQiWXuoYzgvi/CRZldtSQVaE9CKTrb+6HTaNdLk=; b=r3o6Y0ztvygff6QipNdfuTPyCxDUGCO7H2Z8J4b5vuNy53iAQodAKCj73Ssd8tWZ1V Gt/GQfVVmDkj6hv0AXF1VkuLzf1Qli3jyHddDpTv1IQVmuaUM8qYwMd7jxJBklv3Mq4Q JlqZspud+Ypq309KLIv5PhJgjubBA/idrWBHZrXrc5oC2CFTRlM0pm6fQhB76rihNSzW ygQVsXJPE8d8jYv3dvjMbHc4IamogeDp8LCQBDbvptKmIg8aubAWQXOElmuJdPFN5Mqa fHzVijCYBL7GjoY4DWuim6bBdKPHtkIRpcStTOfHtzoxwzbKiAe8I10IBIQO7cWjCCEx Povg== X-Forwarded-Encrypted: i=1; AJvYcCVjT5KJDiq/DRt11LXNQa7LitYgGmXjwIxHlbPCd7kukXVDeXH12dt/YuBlm50kqdugkQFcgqg9UhuaZfE6Tuyb2+OrDWm/1mGbS2uddg== X-Gm-Message-State: AOJu0Yy9TvN2Q7T+923fm5V1hC4g/eSjqBF4fC5+08I/D7GcYEEToiMb CYFkzcMeaN1/fQmr9C+aj4qevtwRe4D9d0xlQ3EPZLXfu9+pH/KcMflGrPEMxPH23gZU+tQh6zt P4Y9wNu+1B9V7TDLre7TxjNYohI0lo+/c46FcsRCr6GZoIQ+tVOBU/yzUs6FUpJOr93du0g== X-Received: by 2002:a17:906:594d:b0:a43:67c9:8c99 with SMTP id g13-20020a170906594d00b00a4367c98c99mr6545385ejr.40.1709579542540; Mon, 04 Mar 2024 11:12:22 -0800 (PST) X-Google-Smtp-Source: AGHT+IE3TyDPXFshe/zEpv5TCj6l9Hs6J3ED58Rj/plqx/9h46KPxC8C0wHuAc9JrQgCu1bY774XWQ== X-Received: by 2002:a17:906:594d:b0:a43:67c9:8c99 with SMTP id g13-20020a170906594d00b00a4367c98c99mr6545364ejr.40.1709579541932; Mon, 04 Mar 2024 11:12:21 -0800 (PST) Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id a11-20020a1709064a4b00b00a44a04aa3cfsm3783319ejv.225.2024.03.04.11.12.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 11:12:21 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v5 12/24] xfs: add XFS_DA_OP_BUFFER to make xfs_attr_get() return buffer Date: Mon, 4 Mar 2024 20:10:35 +0100 Message-ID: <20240304191046.157464-14-aalbersh@redhat.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20240304191046.157464-2-aalbersh@redhat.com> References: <20240304191046.157464-2-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 With XBF_VERITY_SEEN flag on xfs_buf XFS can track which buffers contain verified Merkle tree blocks. However, we also need to expose the buffer to pass a reference of underlying page to fs-verity. This patch adds XFS_DA_OP_BUFFER to tell xfs_attr_get() to xfs_buf_hold() underlying buffer and return it as xfs_da_args->bp. The caller must then xfs_buf_rele() the buffer. Therefore, XFS will hold a reference to xfs_buf till fs-verity is verifying xfs_buf's content. Signed-off-by: Andrey Albershteyn --- fs/xfs/libxfs/xfs_attr.c | 5 ++++- fs/xfs/libxfs/xfs_attr_leaf.c | 7 +++++++ fs/xfs/libxfs/xfs_attr_remote.c | 13 +++++++++++-- fs/xfs/libxfs/xfs_da_btree.h | 5 ++++- 4 files changed, 26 insertions(+), 4 deletions(-) diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c index f0b625d45aa4..ca515e8bd2ed 100644 --- a/fs/xfs/libxfs/xfs_attr.c +++ b/fs/xfs/libxfs/xfs_attr.c @@ -252,6 +252,8 @@ xfs_attr_get_ilocked( * If the attribute is found, but exceeds the size limit set by the caller in * args->valuelen, return -ERANGE with the size of the attribute that was found * in args->valuelen. + * + * Using XFS_DA_OP_BUFFER the caller have to release the buffer args->bp. */ int xfs_attr_get( @@ -270,7 +272,8 @@ xfs_attr_get( args->hashval = xfs_da_hashname(args->name, args->namelen); /* Entirely possible to look up a name which doesn't exist */ - args->op_flags = XFS_DA_OP_OKNOENT; + args->op_flags = XFS_DA_OP_OKNOENT | + (args->op_flags & XFS_DA_OP_BUFFER); lock_mode = xfs_ilock_attr_map_shared(args->dp); error = xfs_attr_get_ilocked(args); diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c index ac904cc1a97b..b51f439e4aed 100644 --- a/fs/xfs/libxfs/xfs_attr_leaf.c +++ b/fs/xfs/libxfs/xfs_attr_leaf.c @@ -2453,6 +2453,13 @@ xfs_attr3_leaf_getvalue( name_loc = xfs_attr3_leaf_name_local(leaf, args->index); ASSERT(name_loc->namelen == args->namelen); ASSERT(memcmp(args->name, name_loc->nameval, args->namelen) == 0); + + /* must be released by the caller */ + if (args->op_flags & XFS_DA_OP_BUFFER) { + xfs_buf_hold(bp); + args->bp = bp; + } + return xfs_attr_copy_value(args, &name_loc->nameval[args->namelen], be16_to_cpu(name_loc->valuelen)); diff --git a/fs/xfs/libxfs/xfs_attr_remote.c b/fs/xfs/libxfs/xfs_attr_remote.c index ff0412828772..4b44866479dc 100644 --- a/fs/xfs/libxfs/xfs_attr_remote.c +++ b/fs/xfs/libxfs/xfs_attr_remote.c @@ -429,9 +429,18 @@ xfs_attr_rmtval_get( error = xfs_attr_rmtval_copyout(mp, bp, args->dp, &offset, &valuelen, &dst); - xfs_buf_relse(bp); - if (error) + xfs_buf_unlock(bp); + /* must be released by the caller */ + if (args->op_flags & XFS_DA_OP_BUFFER) + args->bp = bp; + else + xfs_buf_rele(bp); + + if (error) { + if (args->op_flags & XFS_DA_OP_BUFFER) + xfs_buf_rele(args->bp); return error; + } /* roll attribute extent map forwards */ lblkno += map[i].br_blockcount; diff --git a/fs/xfs/libxfs/xfs_da_btree.h b/fs/xfs/libxfs/xfs_da_btree.h index 706baf36e175..1534f4102a47 100644 --- a/fs/xfs/libxfs/xfs_da_btree.h +++ b/fs/xfs/libxfs/xfs_da_btree.h @@ -59,6 +59,7 @@ typedef struct xfs_da_args { uint8_t filetype; /* filetype of inode for directories */ void *value; /* set of bytes (maybe contain NULLs) */ int valuelen; /* length of value */ + struct xfs_buf *bp; /* OUT: xfs_buf which contains the attr */ unsigned int attr_filter; /* XFS_ATTR_{ROOT,SECURE,INCOMPLETE} */ unsigned int attr_flags; /* XATTR_{CREATE,REPLACE} */ xfs_dahash_t hashval; /* hash value of name */ @@ -93,6 +94,7 @@ typedef struct xfs_da_args { #define XFS_DA_OP_REMOVE (1u << 6) /* this is a remove operation */ #define XFS_DA_OP_RECOVERY (1u << 7) /* Log recovery operation */ #define XFS_DA_OP_LOGGED (1u << 8) /* Use intent items to track op */ +#define XFS_DA_OP_BUFFER (1u << 9) /* Return underlying buffer */ #define XFS_DA_OP_FLAGS \ { XFS_DA_OP_JUSTCHECK, "JUSTCHECK" }, \ @@ -103,7 +105,8 @@ typedef struct xfs_da_args { { XFS_DA_OP_NOTIME, "NOTIME" }, \ { XFS_DA_OP_REMOVE, "REMOVE" }, \ { XFS_DA_OP_RECOVERY, "RECOVERY" }, \ - { XFS_DA_OP_LOGGED, "LOGGED" } + { XFS_DA_OP_LOGGED, "LOGGED" }, \ + { XFS_DA_OP_BUFFER, "BUFFER" } /* * Storage for holding state during Btree searches and split/join ops. From patchwork Mon Mar 4 19:10:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13581041 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CF1FD7BAFD for ; Mon, 4 Mar 2024 19:12:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579551; cv=none; b=qklof/gisOOUyaCzaf2v1JK3MpyKWhHu6kx1A3WymH3gTqY/BONGmx8vn0uNdarBo2B2x5paz9GeP81oR50ObD9Fw9YnTx3tdpJOVPGfDwHHkumli1/39sGdO4th1sAJgylZCTg+UYw2SUKm6OgS+OP50xoEU+sloxw8Oqas1Rc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579551; c=relaxed/simple; bh=XHcQPQykxWC7s2kFvNi66STYRWcCMuM23D2106/ZIcs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=sf1LBEbtOoQ1VwZ9WsqVUcS8CtvwExR6Qhh6+CIcRLN7179+1STsA194wa2yWchOuaTqInFVypZH2wsr36TdcO0SvzUIOn/W8MDKc3Fu17PLhQTEbqOr9ndxGcRHOa00KWdskSoCK493sc0206a/66BHBjNkyQ+3RLETZcHjpUo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=FZ8ZX89C; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="FZ8ZX89C" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709579545; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=VZR5eTtljpGatStmm+GdRj3kRnj54o9FoI5mU15Gslw=; b=FZ8ZX89CLgYHHFx/IEu17EOTnM6LFZqGyOGaRU5c5m4sm9TVszzxJ7DtHS9fc48DNK37bI 27jNSbn4jXZZOnlBh8MJZjGPgRd4mHy6B51FL/5ueIhWFVYu+mmFJK/GXI/cbiMPlqAIyU OWiQDgd/9R/Y1aTzp7xLLrpdM4SYShE= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-282-LQVp2NLHNTaJqR4X1bWtdA-1; Mon, 04 Mar 2024 14:12:24 -0500 X-MC-Unique: LQVp2NLHNTaJqR4X1bWtdA-1 Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-a451f44519fso147441066b.1 for ; Mon, 04 Mar 2024 11:12:24 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709579543; x=1710184343; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VZR5eTtljpGatStmm+GdRj3kRnj54o9FoI5mU15Gslw=; b=tHoJVP7RgiUQ+cTCY/4T5jjSpnUJACs6nqMRnpzEScF7Ia2AyXk7t11K4EKIBNx2DT CC0j+5fN1zfJz1cETwWs0HSIoIUV96kXagOOCI5kDnvhGtW6nLqN6cHB4s1csuHGkn1W 17maO9xBPXWnCglfLnXZEz3AKEE/7aaHiuVxPnTwkZdEyV+xzCyDAAwKQZ+tcdyECcm0 EhHffRL4TLQI8fkPy8Lu4mdYbxnnC2PcRzY4XRCPjME63hwfBw4T8b+GXoCkZyOakuEm PWvqc0Asv1+ObmpORos5RGdKhCLDROiAX5LL5B176d4r6hzeO08IIkyEEplQafWmwOZq QHKg== X-Forwarded-Encrypted: i=1; AJvYcCVyH9v8+H1dnVspPnkXGl1BNR1ds2a1DV2Jx80zXv9xK0W7kWMGfLDI4/2mKPQm4Ipx3lN0K62hUbEzJTkihDxNOZnMoUHfTbAdw2N9oA== X-Gm-Message-State: AOJu0YzU+D1ftJaK9hYR9fC4vYp/gZR2Ik9vMYPwp6YhLPQiGbyFmLCB uupaEv1tVMA6ukXcT5AXbFTKv7QCKtVAUS68PKEl8pVwvxIkZhjm9llvuTZCzqJAIH3f04W9cLH eei9JqUUyeDurj2m4Yzq08TzyylTvu59m67SzxizVDX69tW8+9T4vd3BMgwuwmQ== X-Received: by 2002:a17:906:b00b:b0:a45:84e7:b25a with SMTP id v11-20020a170906b00b00b00a4584e7b25amr398486ejy.12.1709579543321; Mon, 04 Mar 2024 11:12:23 -0800 (PST) X-Google-Smtp-Source: AGHT+IHaiOmDDptgsHTrDI8+xi/tHowlOhstTJgfFsYNplwiDI8lks5bXwfuu81Boid8d7CYPav+Ow== X-Received: by 2002:a17:906:b00b:b0:a45:84e7:b25a with SMTP id v11-20020a170906b00b00b00a4584e7b25amr398444ejy.12.1709579542728; Mon, 04 Mar 2024 11:12:22 -0800 (PST) Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id a11-20020a1709064a4b00b00a44a04aa3cfsm3783319ejv.225.2024.03.04.11.12.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 11:12:22 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v5 13/24] xfs: add attribute type for fs-verity Date: Mon, 4 Mar 2024 20:10:36 +0100 Message-ID: <20240304191046.157464-15-aalbersh@redhat.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20240304191046.157464-2-aalbersh@redhat.com> References: <20240304191046.157464-2-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The Merkle tree blocks and descriptor are stored in the extended attributes of the inode. Add new attribute type for fs-verity metadata. Add XFS_ATTR_INTERNAL_MASK to skip parent pointer and fs-verity attributes as those are only for internal use. While we're at it add a few comments in relevant places that internally visible attributes are not suppose to be handled via interface defined in xfs_xattr.c. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong --- fs/xfs/libxfs/xfs_da_format.h | 10 +++++++++- fs/xfs/libxfs/xfs_log_format.h | 1 + fs/xfs/xfs_ioctl.c | 5 +++++ fs/xfs/xfs_trace.h | 3 ++- fs/xfs/xfs_xattr.c | 10 ++++++++++ 5 files changed, 27 insertions(+), 2 deletions(-) diff --git a/fs/xfs/libxfs/xfs_da_format.h b/fs/xfs/libxfs/xfs_da_format.h index 839df0e5401b..28d4ac6fa156 100644 --- a/fs/xfs/libxfs/xfs_da_format.h +++ b/fs/xfs/libxfs/xfs_da_format.h @@ -715,14 +715,22 @@ struct xfs_attr3_leafblock { #define XFS_ATTR_ROOT_BIT 1 /* limit access to trusted attrs */ #define XFS_ATTR_SECURE_BIT 2 /* limit access to secure attrs */ #define XFS_ATTR_PARENT_BIT 3 /* parent pointer attrs */ +#define XFS_ATTR_VERITY_BIT 4 /* verity merkle tree and descriptor */ #define XFS_ATTR_INCOMPLETE_BIT 7 /* attr in middle of create/delete */ #define XFS_ATTR_LOCAL (1u << XFS_ATTR_LOCAL_BIT) #define XFS_ATTR_ROOT (1u << XFS_ATTR_ROOT_BIT) #define XFS_ATTR_SECURE (1u << XFS_ATTR_SECURE_BIT) #define XFS_ATTR_PARENT (1u << XFS_ATTR_PARENT_BIT) +#define XFS_ATTR_VERITY (1u << XFS_ATTR_VERITY_BIT) #define XFS_ATTR_INCOMPLETE (1u << XFS_ATTR_INCOMPLETE_BIT) #define XFS_ATTR_NSP_ONDISK_MASK \ - (XFS_ATTR_ROOT | XFS_ATTR_SECURE | XFS_ATTR_PARENT) + (XFS_ATTR_ROOT | XFS_ATTR_SECURE | XFS_ATTR_PARENT | \ + XFS_ATTR_VERITY) + +/* + * Internal attributes not exposed to the user + */ +#define XFS_ATTR_INTERNAL_MASK (XFS_ATTR_PARENT | XFS_ATTR_VERITY) /* * Alignment for namelist and valuelist entries (since they are mixed diff --git a/fs/xfs/libxfs/xfs_log_format.h b/fs/xfs/libxfs/xfs_log_format.h index 9cbcba4bd363..407fadfb5c06 100644 --- a/fs/xfs/libxfs/xfs_log_format.h +++ b/fs/xfs/libxfs/xfs_log_format.h @@ -975,6 +975,7 @@ struct xfs_icreate_log { #define XFS_ATTRI_FILTER_MASK (XFS_ATTR_ROOT | \ XFS_ATTR_SECURE | \ XFS_ATTR_PARENT | \ + XFS_ATTR_VERITY | \ XFS_ATTR_INCOMPLETE) /* diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c index d0e2cec6210d..ab61d7d552fb 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c @@ -352,6 +352,11 @@ static unsigned int xfs_attr_filter( u32 ioc_flags) { + /* + * Only externally visible attributes should be specified here. + * Internally used attributes (such as parent pointers or fs-verity) + * should not be exposed to userspace. + */ if (ioc_flags & XFS_IOC_ATTR_ROOT) return XFS_ATTR_ROOT; if (ioc_flags & XFS_IOC_ATTR_SECURE) diff --git a/fs/xfs/xfs_trace.h b/fs/xfs/xfs_trace.h index d4f1b2da21e7..9d4ae05abfc8 100644 --- a/fs/xfs/xfs_trace.h +++ b/fs/xfs/xfs_trace.h @@ -87,7 +87,8 @@ struct xfs_bmap_intent; { XFS_ATTR_ROOT, "ROOT" }, \ { XFS_ATTR_SECURE, "SECURE" }, \ { XFS_ATTR_INCOMPLETE, "INCOMPLETE" }, \ - { XFS_ATTR_PARENT, "PARENT" } + { XFS_ATTR_PARENT, "PARENT" }, \ + { XFS_ATTR_VERITY, "VERITY" } DECLARE_EVENT_CLASS(xfs_attr_list_class, TP_PROTO(struct xfs_attr_list_context *ctx), diff --git a/fs/xfs/xfs_xattr.c b/fs/xfs/xfs_xattr.c index 364104e1b38a..e4c88dde4e44 100644 --- a/fs/xfs/xfs_xattr.c +++ b/fs/xfs/xfs_xattr.c @@ -20,6 +20,13 @@ #include +/* + * This file defines interface to work with externally visible extended + * attributes, such as those in user, system or security namespaces. This + * interface should not be used for internally used attributes (consider + * xfs_attr.c). + */ + /* * Get permission to use log-assisted atomic exchange of file extents. * @@ -244,6 +251,9 @@ xfs_xattr_put_listent( ASSERT(context->count >= 0); + if (flags & XFS_ATTR_INTERNAL_MASK) + return; + if (flags & XFS_ATTR_ROOT) { #ifdef CONFIG_XFS_POSIX_ACL if (namelen == SGI_ACL_FILE_SIZE && From patchwork Mon Mar 4 19:10:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13581039 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0600D7BB14 for ; Mon, 4 Mar 2024 19:12:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579549; cv=none; b=TdoP1i26NqYQezSl0fFlc9E7UT4d8hLGearja3XkIKyphtZtkEUdCLEnc0y8bMkcP12Q45f3WhTrL3ONIDPngA+jRWjSp/84vcnMaydjtxiZgF1fQi1DmbOZLU6rW6SnbKvZhkqIYYph56R5AX3MZcKf1UH7ANG92Ny6S+yUunc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579549; c=relaxed/simple; bh=R4yx8qPBsT6oFy9V3t0TmLDLaTl9LfPwUZGazsRbRmc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=URQCtNHqe3DpF8H6A/80QyZqrbsXF3ijIT7rsKbu5NBUYkl2X303yShHv4j/Gkn2WEKg5429MlLcMjUHjoIagriTsL5xDc1SVNw7yUvxKxjY18HesYfbGoMwurKZF/DdmAfnu2W7VNS4pgAQlXJ5J8DDfth1dGr+XlDgtPoI9k8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=N/bQ12il; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="N/bQ12il" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709579547; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=y/DVvRiqyNvnHobA7Dl65jX1eWvv52XzmYNOVCQE0Ls=; b=N/bQ12ilBKb86e+qKed/AEaCwBTdMghKXW7knmGzBABE/baNl6OnL+pfQ/8F26qHyLak9S rjXdHoh2lHS9T+tjIjnwQ75an4VDgqFD134hrSApRX9p+Revv6+eP1hSyFcWPK67SB0dea dn4I4APRMCQEa08Fd50lZC/UrDm8h38= Received: from mail-lf1-f71.google.com (mail-lf1-f71.google.com [209.85.167.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-500-fhVKot-bPBybFjyBmiAdRg-1; Mon, 04 Mar 2024 14:12:25 -0500 X-MC-Unique: fhVKot-bPBybFjyBmiAdRg-1 Received: by mail-lf1-f71.google.com with SMTP id 2adb3069b0e04-5131eb8137aso4045192e87.3 for ; Mon, 04 Mar 2024 11:12:25 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709579544; x=1710184344; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=y/DVvRiqyNvnHobA7Dl65jX1eWvv52XzmYNOVCQE0Ls=; b=roVKkO/7hj5J41GMLWmfBZ9e8qUGLblJtKGRL1HJoy2cGQ8xSGBp8R6/03mt4FPJ61 lYO8rymAvDSAO6GJGHgSFC/ws1aPAaXIqsZ1HsdhRFVt644atPkS5WkYexGrWZCuslzq 0nenAJGhc4eSRuGJhg8Es1NqEE3aNwV+MpOVNSoo+9fJuv6dlA+SeEsocw5GRIFzg/qg bR0b+0f2dJaNEKGtDDdPOFnJH4VKpAzgdtYqgnTEBTuAC0yDPHXHEdHKwrMk+BRFEO0P 0guooYSC01vSBWZO55+5UyrNHB9DotjOXvkXNpn9Q5XIYXSrY7+nXDd8B2UkHpCcGr/u 6W0w== X-Forwarded-Encrypted: i=1; AJvYcCXrgU4atG65jQwIYalkL/QqhBrD1z5JR060aVAIbL9jClZB+0AAluLjORb5AXxhH1nBcBCt15qSn3MzkpPzVjcb++1j1BeJWdF7rUHkJw== X-Gm-Message-State: AOJu0YwpsP8pjeVJOPp5ezs8An16hBfa2ldQrnPvDZGf5PW/W+NGxMBu 7fOV7/e0ddQW0w6mKmhon3LzxVSpAlLLXGV4z77BVRDgf9zk96UFuIn6a1As6H9atZkdArz9SLA +FB/gft8bphWvn6gwVEvDbAHfDj79O0KkOdx8TUjZ2m0VhzsxC7tTSJ7TG9Gm1A== X-Received: by 2002:a05:6512:118d:b0:513:40eb:b422 with SMTP id g13-20020a056512118d00b0051340ebb422mr4082415lfr.34.1709579544290; Mon, 04 Mar 2024 11:12:24 -0800 (PST) X-Google-Smtp-Source: AGHT+IEBr8j2SGz5TnSfldxisRXVuJY3n+1hKwwCgX1qbv2Q/ubk3JHEqnyRHDsd0ZjF4pdMmuBcCA== X-Received: by 2002:a05:6512:118d:b0:513:40eb:b422 with SMTP id g13-20020a056512118d00b0051340ebb422mr4082391lfr.34.1709579543671; Mon, 04 Mar 2024 11:12:23 -0800 (PST) Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id a11-20020a1709064a4b00b00a44a04aa3cfsm3783319ejv.225.2024.03.04.11.12.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 11:12:23 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v5 14/24] xfs: make xfs_buf_get() to take XBF_* flags Date: Mon, 4 Mar 2024 20:10:37 +0100 Message-ID: <20240304191046.157464-16-aalbersh@redhat.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20240304191046.157464-2-aalbersh@redhat.com> References: <20240304191046.157464-2-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Allow passing XBF_* buffer flags from xfs_buf_get(). This will allow fs-verity to specify flag for increased buffer size. Signed-off-by: Andrey Albershteyn --- fs/xfs/libxfs/xfs_attr_remote.c | 2 +- fs/xfs/libxfs/xfs_btree_mem.c | 2 +- fs/xfs/libxfs/xfs_sb.c | 2 +- fs/xfs/xfs_buf.h | 3 ++- 4 files changed, 5 insertions(+), 4 deletions(-) diff --git a/fs/xfs/libxfs/xfs_attr_remote.c b/fs/xfs/libxfs/xfs_attr_remote.c index 4b44866479dc..f15350e99d66 100644 --- a/fs/xfs/libxfs/xfs_attr_remote.c +++ b/fs/xfs/libxfs/xfs_attr_remote.c @@ -526,7 +526,7 @@ xfs_attr_rmtval_set_value( dblkno = XFS_FSB_TO_DADDR(mp, map.br_startblock), dblkcnt = XFS_FSB_TO_BB(mp, map.br_blockcount); - error = xfs_buf_get(mp->m_ddev_targp, dblkno, dblkcnt, &bp); + error = xfs_buf_get(mp->m_ddev_targp, dblkno, dblkcnt, 0, &bp); if (error) return error; bp->b_ops = &xfs_attr3_rmt_buf_ops; diff --git a/fs/xfs/libxfs/xfs_btree_mem.c b/fs/xfs/libxfs/xfs_btree_mem.c index 036061fe32cc..07df43decce7 100644 --- a/fs/xfs/libxfs/xfs_btree_mem.c +++ b/fs/xfs/libxfs/xfs_btree_mem.c @@ -92,7 +92,7 @@ xfbtree_init_leaf_block( xfbno_t bno = xfbt->highest_bno++; int error; - error = xfs_buf_get(xfbt->target, xfbno_to_daddr(bno), XFBNO_BBSIZE, + error = xfs_buf_get(xfbt->target, xfbno_to_daddr(bno), XFBNO_BBSIZE, 0, &bp); if (error) return error; diff --git a/fs/xfs/libxfs/xfs_sb.c b/fs/xfs/libxfs/xfs_sb.c index d991eec05436..a25949843d8d 100644 --- a/fs/xfs/libxfs/xfs_sb.c +++ b/fs/xfs/libxfs/xfs_sb.c @@ -1100,7 +1100,7 @@ xfs_update_secondary_sbs( error = xfs_buf_get(mp->m_ddev_targp, XFS_AG_DADDR(mp, pag->pag_agno, XFS_SB_DADDR), - XFS_FSS_TO_BB(mp, 1), &bp); + XFS_FSS_TO_BB(mp, 1), 0, &bp); /* * If we get an error reading or writing alternate superblocks, * continue. xfs_repair chooses the "best" superblock based diff --git a/fs/xfs/xfs_buf.h b/fs/xfs/xfs_buf.h index 2a73918193ba..b5c58287c663 100644 --- a/fs/xfs/xfs_buf.h +++ b/fs/xfs/xfs_buf.h @@ -257,11 +257,12 @@ xfs_buf_get( struct xfs_buftarg *target, xfs_daddr_t blkno, size_t numblks, + xfs_buf_flags_t flags, struct xfs_buf **bpp) { DEFINE_SINGLE_BUF_MAP(map, blkno, numblks); - return xfs_buf_get_map(target, &map, 1, 0, bpp); + return xfs_buf_get_map(target, &map, 1, flags, bpp); } static inline int From patchwork Mon Mar 4 19:10:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13581042 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 600997C085 for ; Mon, 4 Mar 2024 19:12:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579551; cv=none; b=L+qEPkfcTlLocsi9+yHsCEgOjam56vI8H1QxupkrWtoMWn1ftNjLg/MLRs5SMxw5lco3W9ZI73BgRPjCIH0Cld5EYrHU/L5nsAkViifyNYvzyl+cET6EWk4ZJt47hPFFQXHoh03HD1T8QYSUe7gUJXTqbzzD8zh4WN3OHTaULFw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579551; c=relaxed/simple; bh=Tz47sSqAAO/Ffyy1uy8RshNmMIkvlbkyB5AdA/WTz+M=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=aISdCqaqt4s84vCusYkdf/KgK9gtrmGvf2dCUnBnM11xJqVPQOyADN1tjWjz8bJpIU7iZS3OuC4Osy9Z839HIOjg5UO+s7tpboU9Ys9ddsigFKxhTVM5R86sX398j08c93GP36fjnj01zzYusCBcko8xskFYtd2v5djydJTUD7E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=JHvG5WmN; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="JHvG5WmN" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709579547; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4MfVHdc6EW417j4NiszFN0p6hApvm4FnbcGOt5t4/Is=; b=JHvG5WmNg+K7IiKJ8rWPn0KVAWIPXdD6gpJwgqhBJVs/1Ntgmunny5GkHlgWZFgTAf7wgN DZraBKIufChnvjCQyDxXcGFiYokLf8byy+Rva/FFDCJGM9qosbm/bU5V+z9/Sv9nc2Raxs 5dbiFpW6763RMZIAurqOerDwtboCq5M= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-81-ReE7Y1hrN0yiH6wPawCxSQ-1; Mon, 04 Mar 2024 14:12:26 -0500 X-MC-Unique: ReE7Y1hrN0yiH6wPawCxSQ-1 Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-a3fcf5b93faso329131166b.2 for ; Mon, 04 Mar 2024 11:12:25 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709579545; x=1710184345; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4MfVHdc6EW417j4NiszFN0p6hApvm4FnbcGOt5t4/Is=; b=IcT7AQ8LR/uIagPBp4UgCQ9p7CQhwxX9mE2Tm0qXVV0W/mjBtRzCAsufxAVBuWVIW7 XVfecyHzAJiED3YyThkiYaXxfi+Eds6wKBPJQ+jyJ9iXo+cNh8VcQ6ZrXRfouu4E04wt 0rftCORnY+IDU2Z8Z98RYgB9VMkdjK4toKAENSXG333E20xvzleVRfBaZ8rbK2p73RiO J6ESFajwnz1RP85Nb4AD1zE04zRd/O/WIYdP+pOlfOAHzsg3wea/Q3BIyrLwQLT56VnE prs5a3ZTQtu/3fsslb4712bKaHtzFf47lq4TxDzvsHfJpTRKPX3Cp9Y7YAMxleshHFVC i9aw== X-Forwarded-Encrypted: i=1; AJvYcCUOZjrqcbMhcWWbXSFY8lCdaz6qx3dLpXUvRTIcsGOKvQwJHKH99XvKBcxBSV68ATmHUta5UZ3MFZJAxxPtxvCF1qdVDg9MT3jtZF6iaA== X-Gm-Message-State: AOJu0YxArCYS5P1nd2P9/gQ+yjaHo2BlfD4eKgZNpj/rZYcLzPL87A5V P8CPJAGn6g87zwB2U4NohtIimpSLLbUJzJs7pHms0nYqUVjuFUTewNxmU6cTngVUQ8Jyv/WksDC VwXe3q5MI8ew6ZNaP2mbty4Cvkg94U51/YGtz03NFKQ9Fi5A3TlGDQK0Wywp/kg== X-Received: by 2002:a17:906:c49:b0:a3f:173a:224c with SMTP id t9-20020a1709060c4900b00a3f173a224cmr6051471ejf.51.1709579545043; Mon, 04 Mar 2024 11:12:25 -0800 (PST) X-Google-Smtp-Source: AGHT+IE2wJQBUPkaSNJnpTE0mFEg++asVSTup2Ot7QfTxewXevpxdm3AJlsdXSnS/6gxCSfey91SdA== X-Received: by 2002:a17:906:c49:b0:a3f:173a:224c with SMTP id t9-20020a1709060c4900b00a3f173a224cmr6051457ejf.51.1709579544519; Mon, 04 Mar 2024 11:12:24 -0800 (PST) Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id a11-20020a1709064a4b00b00a44a04aa3cfsm3783319ejv.225.2024.03.04.11.12.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 11:12:24 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v5 15/24] xfs: add XBF_DOUBLE_ALLOC to increase size of the buffer Date: Mon, 4 Mar 2024 20:10:38 +0100 Message-ID: <20240304191046.157464-17-aalbersh@redhat.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20240304191046.157464-2-aalbersh@redhat.com> References: <20240304191046.157464-2-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 For fs-verity integration, XFS needs to supply kaddr'es of Merkle tree blocks to fs-verity core and track which blocks are already verified. One way to track verified status is to set xfs_buf flag (previously added XBF_VERITY_SEEN). When xfs_buf is evicted from memory we loose verified status. Otherwise, fs-verity hits the xfs_buf which is still in cache and contains already verified blocks. However, the leaf blocks which are read to the xfs_buf contains leaf headers. xfs_attr_get() allocates new pages and copies out the data without header. Those newly allocated pages with extended attribute data are not attached to the buffer anymore. Add new XBF_DOUBLE_ALLOC which makes xfs_buf allocates x2 memory for the buffer. Additional memory will be used for a copy of the attribute data but without any headers. Also, make xfs_attr_rmtval_get() to copy data to the buffer itself if XFS asked for fs-verity block. Signed-off-by: Andrey Albershteyn --- fs/xfs/libxfs/xfs_attr_remote.c | 26 ++++++++++++++++++++++++-- fs/xfs/xfs_buf.c | 6 +++++- fs/xfs/xfs_buf.h | 2 ++ 3 files changed, 31 insertions(+), 3 deletions(-) diff --git a/fs/xfs/libxfs/xfs_attr_remote.c b/fs/xfs/libxfs/xfs_attr_remote.c index f15350e99d66..f1b7842da809 100644 --- a/fs/xfs/libxfs/xfs_attr_remote.c +++ b/fs/xfs/libxfs/xfs_attr_remote.c @@ -395,12 +395,22 @@ xfs_attr_rmtval_get( int blkcnt = args->rmtblkcnt; int i; int offset = 0; + int flags = 0; + void *addr; trace_xfs_attr_rmtval_get(args); ASSERT(args->valuelen != 0); ASSERT(args->rmtvaluelen == args->valuelen); + /* + * We also check for _OP_BUFFER as we want to trigger on + * verity blocks only, not on verity_descriptor + */ + if (args->attr_filter & XFS_ATTR_VERITY && + args->op_flags & XFS_DA_OP_BUFFER) + flags = XBF_DOUBLE_ALLOC; + valuelen = args->rmtvaluelen; while (valuelen > 0) { nmap = ATTR_RMTVALUE_MAPSIZE; @@ -420,12 +430,23 @@ xfs_attr_rmtval_get( dblkno = XFS_FSB_TO_DADDR(mp, map[i].br_startblock); dblkcnt = XFS_FSB_TO_BB(mp, map[i].br_blockcount); error = xfs_buf_read(mp->m_ddev_targp, dblkno, dblkcnt, - 0, &bp, &xfs_attr3_rmt_buf_ops); + flags, &bp, &xfs_attr3_rmt_buf_ops); if (xfs_metadata_is_sick(error)) xfs_dirattr_mark_sick(args->dp, XFS_ATTR_FORK); if (error) return error; + /* + * For fs-verity we allocated more space. That space is + * filled with the same xattr data but without leaf + * headers. Point args->value to that data + */ + if (flags & XBF_DOUBLE_ALLOC) { + addr = xfs_buf_offset(bp, BBTOB(bp->b_length)); + args->value = addr; + dst = addr; + } + error = xfs_attr_rmtval_copyout(mp, bp, args->dp, &offset, &valuelen, &dst); @@ -526,7 +547,8 @@ xfs_attr_rmtval_set_value( dblkno = XFS_FSB_TO_DADDR(mp, map.br_startblock), dblkcnt = XFS_FSB_TO_BB(mp, map.br_blockcount); - error = xfs_buf_get(mp->m_ddev_targp, dblkno, dblkcnt, 0, &bp); + error = xfs_buf_get(mp->m_ddev_targp, dblkno, dblkcnt, + XBF_DOUBLE_ALLOC, &bp); if (error) return error; bp->b_ops = &xfs_attr3_rmt_buf_ops; diff --git a/fs/xfs/xfs_buf.c b/fs/xfs/xfs_buf.c index 7fc26e64368d..d8a478bda865 100644 --- a/fs/xfs/xfs_buf.c +++ b/fs/xfs/xfs_buf.c @@ -337,6 +337,9 @@ xfs_buf_alloc_kmem( gfp_t gfp_mask = GFP_KERNEL | __GFP_NOLOCKDEP | __GFP_NOFAIL; size_t size = BBTOB(bp->b_length); + if (flags & XBF_DOUBLE_ALLOC) + size *= 2; + /* Assure zeroed buffer for non-read cases. */ if (!(flags & XBF_READ)) gfp_mask |= __GFP_ZERO; @@ -367,12 +370,13 @@ xfs_buf_alloc_pages( { gfp_t gfp_mask = GFP_KERNEL | __GFP_NOLOCKDEP | __GFP_NOWARN; long filled = 0; + int mul = (bp->b_flags & XBF_DOUBLE_ALLOC) ? 2 : 1; if (flags & XBF_READ_AHEAD) gfp_mask |= __GFP_NORETRY; /* Make sure that we have a page list */ - bp->b_page_count = DIV_ROUND_UP(BBTOB(bp->b_length), PAGE_SIZE); + bp->b_page_count = DIV_ROUND_UP(BBTOB(bp->b_length*mul), PAGE_SIZE); if (bp->b_page_count <= XB_PAGES) { bp->b_pages = bp->b_page_array; } else { diff --git a/fs/xfs/xfs_buf.h b/fs/xfs/xfs_buf.h index b5c58287c663..60b7d58d5da1 100644 --- a/fs/xfs/xfs_buf.h +++ b/fs/xfs/xfs_buf.h @@ -33,6 +33,7 @@ struct xfs_buf; #define XBF_STALE (1u << 6) /* buffer has been staled, do not find it */ #define XBF_WRITE_FAIL (1u << 7) /* async writes have failed on this buffer */ #define XBF_VERITY_SEEN (1u << 8) /* buffer was processed by fs-verity */ +#define XBF_DOUBLE_ALLOC (1u << 9) /* double allocated space */ /* buffer type flags for write callbacks */ #define _XBF_INODES (1u << 16)/* inode buffer */ @@ -67,6 +68,7 @@ typedef unsigned int xfs_buf_flags_t; { XBF_STALE, "STALE" }, \ { XBF_WRITE_FAIL, "WRITE_FAIL" }, \ { XBF_VERITY_SEEN, "VERITY_SEEN" }, \ + { XBF_DOUBLE_ALLOC, "DOUBLE_ALLOC" }, \ { _XBF_INODES, "INODES" }, \ { _XBF_DQUOTS, "DQUOTS" }, \ { _XBF_LOGRECOVERY, "LOG_RECOVERY" }, \ From patchwork Mon Mar 4 19:10:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13581040 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5BA917C09E for ; Mon, 4 Mar 2024 19:12:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579550; cv=none; b=Hxb4AGV0oJ2WhChFemBQt772N7ONCGdsGaDXTpkZ1Xusyf+Fz2qPaJID9AX1Sj5VDry5umq8Q3Wy8QZtqzy3Yh+Hw4lwMyprrURkGrKeYfSusnL7r2baDeudnOy+zutZIxyp99EZQPqZGsvbIOAwv8AScTAYEHn89/c6MUtoRMU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579550; c=relaxed/simple; bh=o9W4znw5NysKxZeHeBecA5SEITer/EW1DME955Sy8Po=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=shbHv9aQ/cOFC02xdQXOhOH6ukyK4glh7ShUWGKVaYB0z+D23b0pp7gFFvQu2HZUOQkz7DPOXaK7iOX1By9vL1ij5GnKoPYKpxCi1JKO1AvHKWSwlVyVzrrMZxO+vyyXP5bqAj28XWd78S4wj+KYEkYQl7fAZOcNEKdcNTo+p6E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=RCQigQNm; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="RCQigQNm" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709579548; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Tg5FMjI6Vh1hHz8JgRcKgKGDcYt6qlitx1KNeKNRQZY=; b=RCQigQNmfNEV02Z2xV6b7hc+LtSdIp+JLQez1koIP+GHBBZukfeEI9GsO6Q9vAp7tU90Fq t3Q7n2X0KoLF+fHoFbFVoxo1U/NHsPrtlrbjKPhsGA1NFe/dzvOCRfXVfdb2U6ed8IzdJo 9bv8BaTMBOfJIxNzj1FRA5cBNMUJQEc= Received: from mail-lf1-f70.google.com (mail-lf1-f70.google.com [209.85.167.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-377-g6vkhmUmMougM1wzDbpy7Q-1; Mon, 04 Mar 2024 14:12:27 -0500 X-MC-Unique: g6vkhmUmMougM1wzDbpy7Q-1 Received: by mail-lf1-f70.google.com with SMTP id 2adb3069b0e04-513182f4018so3373362e87.1 for ; Mon, 04 Mar 2024 11:12:27 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709579545; x=1710184345; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Tg5FMjI6Vh1hHz8JgRcKgKGDcYt6qlitx1KNeKNRQZY=; b=CCNUCHFOmjB6I/mc0wGswjNwIbUi8Ia+5240iVbhXvAEvY9UY3seXw2ihk1ACrHXFz YJWqfkxb48dAwVEcsF8PON8AbTzOJ0FoqNKBmoDzqzU40Fneic2yTLUPeyvSXS0pD//+ KAmRjXzqkQFLQP2QVjiRrLpomQPIg0lNVlZu2MBBJB3gjLfXzL7jQ2wXSFYZ7yauD0EA FhWDKLSVGmEUU5rOQnozHdajhGi8r5gmoXW//bzm6QAl+hiEZ5dUSeSYMX2NfMtoNX42 QrUA1waYja/OH9CfHKFOIHPcs/DNcyaXBhj4dSaSNd5BzDjcO3zbRajOr8NCoUQirsks Hdew== X-Forwarded-Encrypted: i=1; AJvYcCU61abOmVYbHXon+ou1eaKPE31tn78PKLabtikeef/rOj3J689wfDyB4xp8L4prpVETRnKYYGjX1VNV4TXkDY9CdhWh0n+mXpXuC69zIQ== X-Gm-Message-State: AOJu0YyCbUIHACDxayKx9AnkTGcaDKD5K9YBibN7VojcWpX9nO0pr7AZ sojMCTC1u6EPWrUs6doCWdvtqBRb2+5zBUlW9ca4VTLSA56x3ACcfh1eR3PXL0nYAyE7S1qkfrd VkL3qz70NMJdkACZKnzHipYN8/VkRsSPrYQaMUOKJ4GKN01tsdfBDEAWwQn9ezKj0zY0X3g== X-Received: by 2002:ac2:5593:0:b0:513:23da:9766 with SMTP id v19-20020ac25593000000b0051323da9766mr6540040lfg.55.1709579545472; Mon, 04 Mar 2024 11:12:25 -0800 (PST) X-Google-Smtp-Source: AGHT+IGhcwdoaV6bOY0QfPY8E83kkcNTDRmjuWUE3Tlj+pjRh88ZfaSKm1Si1pEnq8D5WakLwp7t0g== X-Received: by 2002:ac2:5593:0:b0:513:23da:9766 with SMTP id v19-20020ac25593000000b0051323da9766mr6540028lfg.55.1709579545252; Mon, 04 Mar 2024 11:12:25 -0800 (PST) Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id a11-20020a1709064a4b00b00a44a04aa3cfsm3783319ejv.225.2024.03.04.11.12.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 11:12:24 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v5 16/24] xfs: add fs-verity ro-compat flag Date: Mon, 4 Mar 2024 20:10:39 +0100 Message-ID: <20240304191046.157464-18-aalbersh@redhat.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20240304191046.157464-2-aalbersh@redhat.com> References: <20240304191046.157464-2-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 To mark inodes with fs-verity enabled the new XFS_DIFLAG2_VERITY flag will be added in further patch. This requires ro-compat flag to let older kernels know that fs with fs-verity can not be modified. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong --- fs/xfs/libxfs/xfs_format.h | 1 + fs/xfs/libxfs/xfs_sb.c | 2 ++ fs/xfs/xfs_mount.h | 2 ++ 3 files changed, 5 insertions(+) diff --git a/fs/xfs/libxfs/xfs_format.h b/fs/xfs/libxfs/xfs_format.h index 2b2f9050fbfb..93d280eb8451 100644 --- a/fs/xfs/libxfs/xfs_format.h +++ b/fs/xfs/libxfs/xfs_format.h @@ -353,6 +353,7 @@ xfs_sb_has_compat_feature( #define XFS_SB_FEAT_RO_COMPAT_RMAPBT (1 << 1) /* reverse map btree */ #define XFS_SB_FEAT_RO_COMPAT_REFLINK (1 << 2) /* reflinked files */ #define XFS_SB_FEAT_RO_COMPAT_INOBTCNT (1 << 3) /* inobt block counts */ +#define XFS_SB_FEAT_RO_COMPAT_VERITY (1 << 4) /* fs-verity */ #define XFS_SB_FEAT_RO_COMPAT_ALL \ (XFS_SB_FEAT_RO_COMPAT_FINOBT | \ XFS_SB_FEAT_RO_COMPAT_RMAPBT | \ diff --git a/fs/xfs/libxfs/xfs_sb.c b/fs/xfs/libxfs/xfs_sb.c index a25949843d8d..1c68785e60cc 100644 --- a/fs/xfs/libxfs/xfs_sb.c +++ b/fs/xfs/libxfs/xfs_sb.c @@ -163,6 +163,8 @@ xfs_sb_version_to_features( features |= XFS_FEAT_REFLINK; if (sbp->sb_features_ro_compat & XFS_SB_FEAT_RO_COMPAT_INOBTCNT) features |= XFS_FEAT_INOBTCNT; + if (sbp->sb_features_ro_compat & XFS_SB_FEAT_RO_COMPAT_VERITY) + features |= XFS_FEAT_VERITY; if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_FTYPE) features |= XFS_FEAT_FTYPE; if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_SPINODES) diff --git a/fs/xfs/xfs_mount.h b/fs/xfs/xfs_mount.h index e880aa48de68..f198d7c82552 100644 --- a/fs/xfs/xfs_mount.h +++ b/fs/xfs/xfs_mount.h @@ -292,6 +292,7 @@ typedef struct xfs_mount { #define XFS_FEAT_BIGTIME (1ULL << 24) /* large timestamps */ #define XFS_FEAT_NEEDSREPAIR (1ULL << 25) /* needs xfs_repair */ #define XFS_FEAT_NREXT64 (1ULL << 26) /* large extent counters */ +#define XFS_FEAT_VERITY (1ULL << 27) /* fs-verity */ /* Mount features */ #define XFS_FEAT_NOATTR2 (1ULL << 48) /* disable attr2 creation */ @@ -355,6 +356,7 @@ __XFS_HAS_FEAT(inobtcounts, INOBTCNT) __XFS_HAS_FEAT(bigtime, BIGTIME) __XFS_HAS_FEAT(needsrepair, NEEDSREPAIR) __XFS_HAS_FEAT(large_extent_counts, NREXT64) +__XFS_HAS_FEAT(verity, VERITY) /* * Mount features From patchwork Mon Mar 4 19:10:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13581043 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6A8DB7D07F for ; Mon, 4 Mar 2024 19:12:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579552; cv=none; b=T8DCoRfJjX+M8NLa/M+1jTNl+iWNeMMQlTC7qOPYzu/mDiPxP7mwhpf06yBZESSOWEqayK673WE/nIbKAQaGsRMmEY+EUmzoCbywadWS/KszeuTUvseop5xEZENdNG8MmWM4t7j164vtmxZRxwnXCSAIsfS69aWVR5XjrV4jltU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579552; c=relaxed/simple; bh=iCYfKJ0kFYzgtrazzboyA1nOY5OMP0Y0MHu/TR1n9Eg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=CRtBQi1O6KebduWGxWHJR/M/8KrktYKkkqqUJSZNilqAoW09tXBjPmH/AOW5jCvetQuhREczFavxCZn1BCIJqVC8wY0CRCQorciM/riS+V9M7nD0b/VMV6iBtIySMwXe9BO5QdSd7llKr7vPjxcvKgTep/zJ9FYUvUNfDS3WEgM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=jMPB+RBk; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="jMPB+RBk" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709579549; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XIjyGj3ThYRh+HmmhdifsZuAaDeDolxvDOaonPSFEQw=; b=jMPB+RBkFTJor/JHBJ2WtvdyvFUFpC6Ux8ltuq03iUEVkgivYWzDiv5pHDBdC9HhhsddN0 qV8G3/s/Vrmk4XPv6Hy/OMPIGbX7u5TSl9RFtZhuTmQyxYlJhkGkg7Bp81QyugJV+VaQA7 1atjUih46wFqhduY4aCWN2RwNQntqhQ= Received: from mail-lf1-f69.google.com (mail-lf1-f69.google.com [209.85.167.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-527-EnNaJWs7M22Ocsq_QKHOAg-1; Mon, 04 Mar 2024 14:12:28 -0500 X-MC-Unique: EnNaJWs7M22Ocsq_QKHOAg-1 Received: by mail-lf1-f69.google.com with SMTP id 2adb3069b0e04-5133f0f1b9bso1694270e87.2 for ; Mon, 04 Mar 2024 11:12:27 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709579546; x=1710184346; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XIjyGj3ThYRh+HmmhdifsZuAaDeDolxvDOaonPSFEQw=; b=ntCBqJUVkuMF+Rto7wZnEnDSG0jZqYGg9Xa7HKxb+3QXUpx7sho3f9u/8wAPgxemUG FiYTtkTDoI4YRGltzjGFT4pn/xG0bEc0mI3/fOOO+fAB59ziCG6bdKJXlpdiDz35IKgC /0GO9iaXVGN7Nud6sFfcWrT7d3aY4A8bdirs3tzUJaQkwiv0aWHFGBSpb4QMwz3sltvp khMO2RdIC769P7uXYmWmwNNVPcsR64R75igLMzjZUlYUt+YeqQwJ14NuOEzjR9jtkbzG QfoqaQFRqZCJVDxDwLGI2g9tvMwUlVQ14NPq0YYFYsOPKST7hF5hIbuhJ8LomyoVT+ax gZfw== X-Forwarded-Encrypted: i=1; AJvYcCV117a6f1PnIpZVEGDeZzhqS071ToQR1lTVQufdUMw2tnIJZ2wX+JPfMnT7p8gDShOC+LTNip+19fy5k0+z2FTRN7RN6EY0CQMonOWz0g== X-Gm-Message-State: AOJu0YxgSHC0iTyJQCVwZJLf1ruioRS/6ISom0RP0lOx4JDP2zv8fF4C H/4zmRGRDmMFgUqvBoNGNkyTI3D8ddWijzVy/uaOnpqLGAIWwfOMmw6947hRdJrfjnv1colQMW0 aQ/oOM6VW8CRdqX+2WKNwgQF2vGARzvBDrT/NtFiQG/gfDvNm7Z+ef44L7kne+g== X-Received: by 2002:ac2:55bc:0:b0:512:bb33:2eab with SMTP id y28-20020ac255bc000000b00512bb332eabmr6263983lfg.58.1709579546702; Mon, 04 Mar 2024 11:12:26 -0800 (PST) X-Google-Smtp-Source: AGHT+IFsWhH2n6f8sGCcVRKP+Ql2DOsPvlPsXH0xMAYeWcoI/5BOIZnj57KeeBn8GBeEsExnNwHY0A== X-Received: by 2002:ac2:55bc:0:b0:512:bb33:2eab with SMTP id y28-20020ac255bc000000b00512bb332eabmr6263977lfg.58.1709579546458; Mon, 04 Mar 2024 11:12:26 -0800 (PST) Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id a11-20020a1709064a4b00b00a44a04aa3cfsm3783319ejv.225.2024.03.04.11.12.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 11:12:25 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v5 17/24] xfs: add inode on-disk VERITY flag Date: Mon, 4 Mar 2024 20:10:40 +0100 Message-ID: <20240304191046.157464-19-aalbersh@redhat.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20240304191046.157464-2-aalbersh@redhat.com> References: <20240304191046.157464-2-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Add flag to mark inodes which have fs-verity enabled on them (i.e. descriptor exist and tree is built). Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong --- fs/xfs/libxfs/xfs_format.h | 4 +++- fs/xfs/xfs_inode.c | 2 ++ fs/xfs/xfs_iops.c | 2 ++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/fs/xfs/libxfs/xfs_format.h b/fs/xfs/libxfs/xfs_format.h index 93d280eb8451..3ce2902101bc 100644 --- a/fs/xfs/libxfs/xfs_format.h +++ b/fs/xfs/libxfs/xfs_format.h @@ -1085,16 +1085,18 @@ static inline void xfs_dinode_put_rdev(struct xfs_dinode *dip, xfs_dev_t rdev) #define XFS_DIFLAG2_COWEXTSIZE_BIT 2 /* copy on write extent size hint */ #define XFS_DIFLAG2_BIGTIME_BIT 3 /* big timestamps */ #define XFS_DIFLAG2_NREXT64_BIT 4 /* large extent counters */ +#define XFS_DIFLAG2_VERITY_BIT 5 /* inode sealed by fsverity */ #define XFS_DIFLAG2_DAX (1 << XFS_DIFLAG2_DAX_BIT) #define XFS_DIFLAG2_REFLINK (1 << XFS_DIFLAG2_REFLINK_BIT) #define XFS_DIFLAG2_COWEXTSIZE (1 << XFS_DIFLAG2_COWEXTSIZE_BIT) #define XFS_DIFLAG2_BIGTIME (1 << XFS_DIFLAG2_BIGTIME_BIT) #define XFS_DIFLAG2_NREXT64 (1 << XFS_DIFLAG2_NREXT64_BIT) +#define XFS_DIFLAG2_VERITY (1 << XFS_DIFLAG2_VERITY_BIT) #define XFS_DIFLAG2_ANY \ (XFS_DIFLAG2_DAX | XFS_DIFLAG2_REFLINK | XFS_DIFLAG2_COWEXTSIZE | \ - XFS_DIFLAG2_BIGTIME | XFS_DIFLAG2_NREXT64) + XFS_DIFLAG2_BIGTIME | XFS_DIFLAG2_NREXT64 | XFS_DIFLAG2_VERITY) static inline bool xfs_dinode_has_bigtime(const struct xfs_dinode *dip) { diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c index ea48774f6b76..59446e9e1719 100644 --- a/fs/xfs/xfs_inode.c +++ b/fs/xfs/xfs_inode.c @@ -607,6 +607,8 @@ xfs_ip2xflags( flags |= FS_XFLAG_DAX; if (ip->i_diflags2 & XFS_DIFLAG2_COWEXTSIZE) flags |= FS_XFLAG_COWEXTSIZE; + if (ip->i_diflags2 & XFS_DIFLAG2_VERITY) + flags |= FS_XFLAG_VERITY; } if (xfs_inode_has_attr_fork(ip)) diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c index 66f8c47642e8..0e5cdb82b231 100644 --- a/fs/xfs/xfs_iops.c +++ b/fs/xfs/xfs_iops.c @@ -1241,6 +1241,8 @@ xfs_diflags_to_iflags( flags |= S_NOATIME; if (init && xfs_inode_should_enable_dax(ip)) flags |= S_DAX; + if (xflags & FS_XFLAG_VERITY) + flags |= S_VERITY; /* * S_DAX can only be set during inode initialization and is never set by From patchwork Mon Mar 4 19:10:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13581044 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E3FCC7D081 for ; Mon, 4 Mar 2024 19:12:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579552; cv=none; b=lQyxKUi6o+xPt/y+5a551FbDODM4Wm1QO+nD8yYXk8FzxuoTEtcY+8NRkpxMNzBXmR62cisnBhOdLHdKMQOmP7O0o04TSLpk/t+qV5MhFe4bCuAqbAR2IVT0uoEe5Wkrvxx1fXuh9T++HukRs7BAILU1t3ivjxnjse8PIYRT6Fc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579552; c=relaxed/simple; bh=ERtzRFPdr2VH0zZPj8RxD5cx+rKCLFPSdsv147J2+aI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=rLZ+o0OhHSbbcajKgm7nGT/M7jXrGNw+SjuthgHFfQM6V9jL+8u9ALMymICDn9QiZ/t0GPRQ2QVI8/QTjpYzQm+LKJIM6AhVI/HCEAlQbKm0EYue8FFoSdSoSYcSqjoUuaaeFI6uiRQQbpKASsQHkcH9Vy8ZceQylqOUBcpYJDU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=G7HQ5JFu; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="G7HQ5JFu" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709579550; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=krPybzmQrqI1Dp7C5c3ykOUeWIJQjCMl72CpYY79DB8=; b=G7HQ5JFuKYrWivOqPYBk4FM3Dbm5D5jTRfsLkXQtGlc0Jj1ZGiVakh+QlRG1LEr7Kh1fbp uQ4tpmqVWvVV+/r0d2TUCTgNmPD5HiHpz9ypvVBdI6oxM/9CeoodTr5Dd4lOrDEQ5cZBxS 1e8+jjTprQEY0RhDDhsLBJ8vhVfcSPE= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-613-rp9OXLJnPbaLLXSXfgJo6Q-1; Mon, 04 Mar 2024 14:12:28 -0500 X-MC-Unique: rp9OXLJnPbaLLXSXfgJo6Q-1 Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-a45190fd2fcso103236166b.0 for ; Mon, 04 Mar 2024 11:12:28 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709579547; x=1710184347; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=krPybzmQrqI1Dp7C5c3ykOUeWIJQjCMl72CpYY79DB8=; b=XcWIxb1onELRzmwzvZODYE66wgoQlWyatAFp5LBXXSenRc6uFe2c12L/6gwZVngVl/ jJXc4WNX4nmmqvPA7J5oOIbGe3z08qBOosjHaJEy3Gs+sLeBGhKpD8QSugY/cKhIY66d +d1ilBe+kw+qZXeBHXL8LDOdONpYxGoC7ypa1qlI2l89h0+PQXCngu5e9aBvX5pAWBOw /gg08cMtIReFnWeMm46rkK8waa6GMqRt0Rd240ucFlZLpTmUd5nOxJcPqHxw/9V9KAu7 DDkVbvpH4XStmdsDw7c+VZgvX5wxc1ritvAXXwgWhxNVniyvY94me34nMeJAk6tX+fbG DDcg== X-Forwarded-Encrypted: i=1; AJvYcCXZLFdXN8MsyK8gu0aaLAs89ZA03Ds1GfJI3tix0jrXm4BDPW+7LPS4AvtIC1NlK4d6Klb4EcE+SuoU02LzHLPkY1de2fkGvJb0UyefVQ== X-Gm-Message-State: AOJu0Ywo6zWkE8PgB2jTNhd6rkpYSzWaULyYM7OavqOmykJl4DV0lD5y CX9zuB+fRM0DN+WX+wE6PjQB3s7KdawgpuWt+AK65rv3xNDw/Dd1DRb7oUC7cRgRR5dGVPb7Kf3 5mgetktv4hRi/MXwIyBD1dt+OHE+6QX5tsa1UVHL7MT6si1cMecYJ45wOpb7oQA== X-Received: by 2002:a17:906:ce26:b0:a44:415d:fa3a with SMTP id sd6-20020a170906ce2600b00a44415dfa3amr7056578ejb.40.1709579547468; Mon, 04 Mar 2024 11:12:27 -0800 (PST) X-Google-Smtp-Source: AGHT+IEcAC+lTxlNi6h7UWuTBi4wKvqOw70WGSF/a8p/9kdmtD66jYKFg2m1eW60qx48UVYaEc8wIg== X-Received: by 2002:a17:906:ce26:b0:a44:415d:fa3a with SMTP id sd6-20020a170906ce2600b00a44415dfa3amr7056572ejb.40.1709579547287; Mon, 04 Mar 2024 11:12:27 -0800 (PST) Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id a11-20020a1709064a4b00b00a44a04aa3cfsm3783319ejv.225.2024.03.04.11.12.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 11:12:27 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v5 18/24] xfs: initialize fs-verity on file open and cleanup on inode destruction Date: Mon, 4 Mar 2024 20:10:41 +0100 Message-ID: <20240304191046.157464-20-aalbersh@redhat.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20240304191046.157464-2-aalbersh@redhat.com> References: <20240304191046.157464-2-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 fs-verity will read and attach metadata (not the tree itself) from a disk for those inodes which already have fs-verity enabled. Signed-off-by: Andrey Albershteyn --- fs/xfs/xfs_file.c | 8 ++++++++ fs/xfs/xfs_super.c | 2 ++ 2 files changed, 10 insertions(+) diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c index 632653e00906..17404c2e7e31 100644 --- a/fs/xfs/xfs_file.c +++ b/fs/xfs/xfs_file.c @@ -31,6 +31,7 @@ #include #include #include +#include static const struct vm_operations_struct xfs_file_vm_ops; @@ -1228,10 +1229,17 @@ xfs_file_open( struct inode *inode, struct file *file) { + int error = 0; + if (xfs_is_shutdown(XFS_M(inode->i_sb))) return -EIO; file->f_mode |= FMODE_NOWAIT | FMODE_BUF_RASYNC | FMODE_BUF_WASYNC | FMODE_DIO_PARALLEL_WRITE | FMODE_CAN_ODIRECT; + + error = fsverity_file_open(inode, file); + if (error) + return error; + return generic_file_open(inode, file); } diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c index afa32bd5e282..9f9c35cff9bf 100644 --- a/fs/xfs/xfs_super.c +++ b/fs/xfs/xfs_super.c @@ -49,6 +49,7 @@ #include #include #include +#include static const struct super_operations xfs_super_operations; @@ -663,6 +664,7 @@ xfs_fs_destroy_inode( ASSERT(!rwsem_is_locked(&inode->i_rwsem)); XFS_STATS_INC(ip->i_mount, vn_rele); XFS_STATS_INC(ip->i_mount, vn_remove); + fsverity_cleanup_inode(inode); xfs_inode_mark_reclaimable(ip); } From patchwork Mon Mar 4 19:10:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13581045 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7EC927C085 for ; Mon, 4 Mar 2024 19:12:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579554; cv=none; b=twH5u8X9DhSYXSRCxsuoQLu8nDjuALAOOjevPDhWEkH808928r5NAMJHqCjd6c6FquFtbzbpult6skd7imQAufoBmTMqZdbDyDVWZNBe9XRhaiYB7VGrQSrXFMr5Xp2nM2SsSN4tTJdYEyLCP7L9RKBvIA/kizBMEFfPBGxSjT0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579554; c=relaxed/simple; bh=q0TWMGdcx6UYw2sFq8ZSAnpd1rQAgwPeqQNrYl42ZRc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=XNFSAYzoIc8UB4SKhFwLyBW0MZJmwbk/DjpA62RAP53Fe2/bfO72ISJJ28J1dOo/nwy85CkzRUEKh8t7eSW+pULSXvUbFju4BzF3ToMrI54duqlXmInVlhdwRR7S0ol97bUOwo3wwgfhPGR3HPs30IyPoMb8Z69n+8VohV0vWAc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=bGrd0F2i; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="bGrd0F2i" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709579551; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tZJgKDbZKO9AEPv9hol4NRfnrrJXjSrBKcTnHhFLOjw=; b=bGrd0F2iVVjipJ3h5d9JR4dJ9CYkWruxbxWCvCeQFl5657U6bmHl3zMx9LBs+8xawLG168 jK+MFFU1l6qYxFMxggW9pwKzo9AtuvS8UXAEqg9pl+ICf6Qtl0DH5Lytdt+r+goDT8ZUwR GA4Mmfn0REyvMWoeDtA+cSPSc70kKtQ= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-587-uXsKw9fVPaeGCPpF2CtYBQ-1; Mon, 04 Mar 2024 14:12:30 -0500 X-MC-Unique: uXsKw9fVPaeGCPpF2CtYBQ-1 Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-a45095f33fdso185621166b.0 for ; Mon, 04 Mar 2024 11:12:30 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709579549; x=1710184349; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tZJgKDbZKO9AEPv9hol4NRfnrrJXjSrBKcTnHhFLOjw=; b=hpm5aAJr4VGO0pL8rOpokYQP4z703Yk5tE5d7Yw1vtvFcwXzigc7uJOBqPqDG7FB9i S5U+sk+tmo9ehV2RrE3F7fClstgN2+JUFbOTBGS/2YTCFgIpQ6M745Zw35oLWkXf/0HM 9+3no1nGiwyxrsOjQ1CQzk9tSsVbDHCS8RDOUGNRGiStNW8xYdHYn8sTHlmT0OqrQXaP 1d2hOa/8Fd52T0UIgNlrgQ26xWse1lXWdSmx/gxj4dm6xpFJai8zjAOjlOlhnU4heaCN QjKEmCayBLDZfno0HFc6rcmehm1bVFAykvmwi3LzB8yJDkKB1dhVWzwsj3ZIBBBRFURX CGPQ== X-Forwarded-Encrypted: i=1; AJvYcCVFFH+3xcgfJbTuSHxhMxiN3twwWMi8Hs4wOMLw4Slc4V4BkMqMxMNhQ7mHyVREiW1KvZE36dubaPUnOoxrTQjt8HQ6oaDXmcgQqeKqHw== X-Gm-Message-State: AOJu0Ywir6CIUN7kMnsDxAImeneyqFjK1OwlwnRRK2o15hYR5hCPoE79 iFcbugCPi7rxsxNl5bqUKqNOqFIE9Whg+qiP1bOI+h8Iovd4qkkIhMnQOc2WSYitOyquSlFOlSO iLDXsg1gxnUyrPXfJV26cGPPsTuqZ3L1pqek5u2UBIXuQUkv/AyR7rN6/5Rw3gQ== X-Received: by 2002:a17:906:3950:b0:a45:73b0:bcc3 with SMTP id g16-20020a170906395000b00a4573b0bcc3mr412634eje.34.1709579548798; Mon, 04 Mar 2024 11:12:28 -0800 (PST) X-Google-Smtp-Source: AGHT+IEcXQkCy+qbM5MpjP28mYSzksscG7NinAKQc6R+cEtFLFSGXNxJn80ppRV0QWT9HBUWJwZUQg== X-Received: by 2002:a17:906:3950:b0:a45:73b0:bcc3 with SMTP id g16-20020a170906395000b00a4573b0bcc3mr412595eje.34.1709579548091; Mon, 04 Mar 2024 11:12:28 -0800 (PST) Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id a11-20020a1709064a4b00b00a44a04aa3cfsm3783319ejv.225.2024.03.04.11.12.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 11:12:27 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v5 19/24] xfs: don't allow to enable DAX on fs-verity sealsed inode Date: Mon, 4 Mar 2024 20:10:42 +0100 Message-ID: <20240304191046.157464-21-aalbersh@redhat.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20240304191046.157464-2-aalbersh@redhat.com> References: <20240304191046.157464-2-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 fs-verity doesn't support DAX. Forbid filesystem to enable DAX on inodes which already have fs-verity enabled. The opposite is checked when fs-verity is enabled, it won't be enabled if DAX is. Signed-off-by: Andrey Albershteyn --- fs/xfs/xfs_iops.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c index 0e5cdb82b231..6f97d777f702 100644 --- a/fs/xfs/xfs_iops.c +++ b/fs/xfs/xfs_iops.c @@ -1213,6 +1213,8 @@ xfs_inode_should_enable_dax( return false; if (!xfs_inode_supports_dax(ip)) return false; + if (ip->i_diflags2 & XFS_DIFLAG2_VERITY) + return false; if (xfs_has_dax_always(ip->i_mount)) return true; if (ip->i_diflags2 & XFS_DIFLAG2_DAX) From patchwork Mon Mar 4 19:10:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13581046 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0AD307D3EA for ; Mon, 4 Mar 2024 19:12:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579554; cv=none; b=b4JuxDcxSPsZLjkkeKnyoWGjnU3Kcyj6aNhL3T88mJnC5YOXeGoQ1+lBLad/60kRHRBrlTTB0aKLdPjDe/NZaxkptcB9F80OSY9/AlP0VJvn53ed8T2CYXYGXxvBad5RFSWmfrxkUUsTV7CDYTfDNG0M0naH0mT3H05Zlde64V0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579554; c=relaxed/simple; bh=ainyHKqvx4hz+JUOuiT7wb8jqDetr5DJodT75t43LEI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=A+RLVxVWvx3+MpkJZt2BU3cC3e4i6OABH3CBDTWinBYSkaG56lgheGXKc+AV651pIMQkmTJeY+zfxhJtSPlQZjK4K2BN4rUdvSug9QkvqkNvCv+CIhCDo4UOKzovllh+q4OorG8wq2VNNTWh9gZ5ogYgD8fYHbd9xvYVOzEmK7o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=BnwBhmmZ; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="BnwBhmmZ" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709579552; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xnayIRcnO+BLkFSf8mMKfcvWg3b9lp7LMZpsgNsP/Hk=; b=BnwBhmmZwZAmV75rkWUI0Abxy+oDcLlouyqc9eFgPI0GkB4FIaflEdq9dZWofxBmhHypIm VtKlCTA1Wz+H4yiPgF8kV3/e6o+HZm8ifQnWFoFOhmB92yWFpzy0cp6jiIs4zQlDF1nfGc 43rIIBJqPozpXAz0uTTzLNIaBO2zxaI= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-333-RdvNuRXZOxe8nz0xsoQpNQ-1; Mon, 04 Mar 2024 14:12:30 -0500 X-MC-Unique: RdvNuRXZOxe8nz0xsoQpNQ-1 Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-a451f44519fso147450166b.1 for ; Mon, 04 Mar 2024 11:12:30 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709579549; x=1710184349; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xnayIRcnO+BLkFSf8mMKfcvWg3b9lp7LMZpsgNsP/Hk=; b=IU6tC1JBgv/6PSiHIyQdiDRUT7fMrE12Lr7WU/VMMvicNN9tTs19V2JsgKboq8A+WK NofEDicZ2jDpLEjmJQhmtZWi7Hw9bjTthcx5ZUgBY6nRPsBbVo14vVS4q80E+jkXSeu+ fiEGzyj8eAA356G402Z3vLsBdQHurMYHS0adN8XhkjH8JQ338q9twCls+Vx6hmDChF4I 4PVuynJZscFXttDmEwlscDOwpjKWXKNwJzqOeW3BBZ7/ivWQD1pHs4++AOeRyLZISglY xK9j87d/5TOhLifNJCsd2zZ+eapGJcSfQFp1MlIzKwEcq2FiJGzmfTTVo5EoObPHpSYu E+aw== X-Forwarded-Encrypted: i=1; AJvYcCVIKT7Wu/U2DdgfLhYN/ICBjNSoql41Q0UKkjfvLvzKyAHrY8u58JB22spwQegwBJBwfuXU/GB3SE4Tg8974dwzTIZ12ddoeQBNf+O2FA== X-Gm-Message-State: AOJu0YzlISV7u7ElScZHweROsVNKBXzA6LD0kLQwYlm9/TsmSb/z4CSU wkftebdDU9mE2zOxiFrmyLx1zf3J6FObE+Q9VbyaD50/+luHTvo/BSj6JcWFfi2/aDIWALqENkV dRosJiZZZhOUCrxqgQksZcQCMPGBf8iermGvjAaaTs1v/9wpc9NZThxLcRNflwg== X-Received: by 2002:a17:906:7208:b0:a44:9483:33c1 with SMTP id m8-20020a170906720800b00a44948333c1mr456038ejk.20.1709579549311; Mon, 04 Mar 2024 11:12:29 -0800 (PST) X-Google-Smtp-Source: AGHT+IFcYNlt0SssUPUet24VLhIXGVpQ6Iw9w2GBXoiAHp+EpILcEydERBdpC9LANmhbgh5kqSORHw== X-Received: by 2002:a17:906:7208:b0:a44:9483:33c1 with SMTP id m8-20020a170906720800b00a44948333c1mr455998ejk.20.1709579548848; Mon, 04 Mar 2024 11:12:28 -0800 (PST) Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id a11-20020a1709064a4b00b00a44a04aa3cfsm3783319ejv.225.2024.03.04.11.12.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 11:12:28 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v5 20/24] xfs: disable direct read path for fs-verity files Date: Mon, 4 Mar 2024 20:10:43 +0100 Message-ID: <20240304191046.157464-22-aalbersh@redhat.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20240304191046.157464-2-aalbersh@redhat.com> References: <20240304191046.157464-2-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The direct path is not supported on verity files. Attempts to use direct I/O path on such files should fall back to buffered I/O path. Signed-off-by: Andrey Albershteyn --- fs/xfs/xfs_file.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c index 17404c2e7e31..af3201075066 100644 --- a/fs/xfs/xfs_file.c +++ b/fs/xfs/xfs_file.c @@ -281,7 +281,8 @@ xfs_file_dax_read( struct kiocb *iocb, struct iov_iter *to) { - struct xfs_inode *ip = XFS_I(iocb->ki_filp->f_mapping->host); + struct inode *inode = iocb->ki_filp->f_mapping->host; + struct xfs_inode *ip = XFS_I(inode); ssize_t ret = 0; trace_xfs_file_dax_read(iocb, to); @@ -334,10 +335,18 @@ xfs_file_read_iter( if (IS_DAX(inode)) ret = xfs_file_dax_read(iocb, to); - else if (iocb->ki_flags & IOCB_DIRECT) + else if (iocb->ki_flags & IOCB_DIRECT && !fsverity_active(inode)) ret = xfs_file_dio_read(iocb, to); - else + else { + /* + * In case fs-verity is enabled, we also fallback to the + * buffered read from the direct read path. Therefore, + * IOCB_DIRECT is set and need to be cleared (see + * generic_file_read_iter()) + */ + iocb->ki_flags &= ~IOCB_DIRECT; ret = xfs_file_buffered_read(iocb, to); + } if (ret > 0) XFS_STATS_ADD(mp, xs_read_bytes, ret); From patchwork Mon Mar 4 19:10:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13581048 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8981F7AE72 for ; Mon, 4 Mar 2024 19:12:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579557; cv=none; b=kl4cNUOK1eCi/16rYveDC+mWyhtr52TcBI1moTmGQZx+75X1FqwRauCart4OMtz+h01sweWpUPbc2x6h0Ocn8pvPkIniZw4ogwqopmw1fu+j2Kn2shqHRSYECWDO612nrThNlm3xx3SnCbFSvicGwSLx8njlIxvMT4Jlz4o7EHE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579557; c=relaxed/simple; bh=XTjLiyhVdd9ZYo0TFgCoVX3/KoKm08jzsPpVswpgNl8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=DRkXyqTT+ETrsM4GBDiyYT9JFjcgxo8UrNgPZmWg6tHJPdVQpGYGuOKWvcF4bgpACkp2E9swog5y/yqxnxHUm3SBTUFuTos9bGm0rYZORDhURsWYQ+EK37DzTeLQ+mjj915Wv39uBqSaoMFAJAuF8ZGrkAkt7+lWYXGM+5XDZ/U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=GXBX3a9r; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="GXBX3a9r" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709579554; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=b5nvhH4v2uFtxCrRAIlPDOuH6lrJEApYvhutql3p8oI=; b=GXBX3a9rcYkvRm/hypiu+xCsUum1Nywh9hbjGa7LBHyUkwqp2THPVKVdIYsuMMjju6dUR/ dNn4OEoOiw3OA9zKKN92qVup/R8c3gUsvq3dvI2Q3KYdf//3k+ubzysUYvPPR6dqGtUKgw GwsXcqwfghqhEBdiupJnhNXthoYz4b0= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-573-u_nYB8aTN1G9BLldh_lePg-1; Mon, 04 Mar 2024 14:12:33 -0500 X-MC-Unique: u_nYB8aTN1G9BLldh_lePg-1 Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-a443f00e9a7so269229966b.1 for ; Mon, 04 Mar 2024 11:12:32 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709579551; x=1710184351; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=b5nvhH4v2uFtxCrRAIlPDOuH6lrJEApYvhutql3p8oI=; b=LB3qh0uJdzFwt2Ln13UMJHCoGCY1+l0YJSh/RRgUdps+D51TS6WnvKA0oSR/APm2KL 5It/Ysg5DuqNPiSfqA2W+t61pWcInRRtYVBWpUkiW6HtmyYJf00Jnwe1fL2m3OU2Itvz XCoike36JSfsa8b96NI4vbWTPnMEVVlJDAERg0MybyoyS2f5YIjdXDqU+D7kQItOyu5H RPqjTn+k7fyJcqRX04/BEcDMHcrBEM+bJnb0aisTirBu33gdePrQ6MOAWlhDx2dRK1MP K2AqC52ybY1YcviI2NG6N2UIWoNkcOd91cqpv0apZvPpBH4FR0bU76plktu04bkdllQF ayKg== X-Forwarded-Encrypted: i=1; AJvYcCUEr/fBdc4Hqt8lEIqPcn8bSduapKdoGSYWP23JqnIwlNIgbACsbHa09T0Bdymi2LMCcgpSkMjN5Z7AI4HqNNo3iVbT7PS548+G2tLYWQ== X-Gm-Message-State: AOJu0Yw5J4bpLprYs4J1h4diHHjdZEDACcrOT06nuI1cM9RbO2wEWwzn fTHjJrfpO7XYsUDmRNr2XQYHHYmEkpU3MCulKMfGDC1e7C+e+kPw9qMm0RZtzHFKtaNiwNJ1LP8 AvhgJRjCnxsqlGO/Pofk6FBhqjMJ8JAy+oMgL0Qq/djcdCXiNO6mG4QR+K8BZsA== X-Received: by 2002:a17:906:4e90:b0:a45:d2c:eeed with SMTP id v16-20020a1709064e9000b00a450d2ceeedmr4142572eju.18.1709579550811; Mon, 04 Mar 2024 11:12:30 -0800 (PST) X-Google-Smtp-Source: AGHT+IFzKOEPjXEqWdl/Lqbf3vWpW60zRsdJE9KwJ2Us9hsJfeT8Lr5UZqMEKnYr548cFvUl0fRv1Q== X-Received: by 2002:a17:906:4e90:b0:a45:d2c:eeed with SMTP id v16-20020a1709064e9000b00a450d2ceeedmr4142569eju.18.1709579550473; Mon, 04 Mar 2024 11:12:30 -0800 (PST) Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id a11-20020a1709064a4b00b00a44a04aa3cfsm3783319ejv.225.2024.03.04.11.12.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 11:12:29 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v5 21/24] xfs: add fs-verity support Date: Mon, 4 Mar 2024 20:10:44 +0100 Message-ID: <20240304191046.157464-23-aalbersh@redhat.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20240304191046.157464-2-aalbersh@redhat.com> References: <20240304191046.157464-2-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Add integration with fs-verity. The XFS store fs-verity metadata in the extended file attributes. The metadata consist of verity descriptor and Merkle tree blocks. The descriptor is stored under "vdesc" extended attribute. The Merkle tree blocks are stored under binary indexes which are offsets into the Merkle tree. When fs-verity is enabled on an inode, the XFS_IVERITY_CONSTRUCTION flag is set meaning that the Merkle tree is being build. The initialization ends with storing of verity descriptor and setting inode on-disk flag (XFS_DIFLAG2_VERITY). The verification on read is done in read path of iomap. Signed-off-by: Andrey Albershteyn --- fs/xfs/Makefile | 1 + fs/xfs/libxfs/xfs_attr.c | 13 ++ fs/xfs/libxfs/xfs_attr_leaf.c | 17 +- fs/xfs/libxfs/xfs_attr_remote.c | 8 +- fs/xfs/libxfs/xfs_da_format.h | 27 +++ fs/xfs/libxfs/xfs_ondisk.h | 4 + fs/xfs/xfs_inode.h | 3 +- fs/xfs/xfs_super.c | 10 + fs/xfs/xfs_verity.c | 355 ++++++++++++++++++++++++++++++++ fs/xfs/xfs_verity.h | 33 +++ 10 files changed, 464 insertions(+), 7 deletions(-) create mode 100644 fs/xfs/xfs_verity.c create mode 100644 fs/xfs/xfs_verity.h diff --git a/fs/xfs/Makefile b/fs/xfs/Makefile index f8845e65cac7..8396a633b541 100644 --- a/fs/xfs/Makefile +++ b/fs/xfs/Makefile @@ -130,6 +130,7 @@ xfs-$(CONFIG_XFS_POSIX_ACL) += xfs_acl.o xfs-$(CONFIG_SYSCTL) += xfs_sysctl.o xfs-$(CONFIG_COMPAT) += xfs_ioctl32.o xfs-$(CONFIG_EXPORTFS_BLOCK_OPS) += xfs_pnfs.o +xfs-$(CONFIG_FS_VERITY) += xfs_verity.o # notify failure ifeq ($(CONFIG_MEMORY_FAILURE),y) diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c index ca515e8bd2ed..cde5352db9aa 100644 --- a/fs/xfs/libxfs/xfs_attr.c +++ b/fs/xfs/libxfs/xfs_attr.c @@ -27,6 +27,7 @@ #include "xfs_attr_item.h" #include "xfs_xattr.h" #include "xfs_parent.h" +#include "xfs_verity.h" struct kmem_cache *xfs_attr_intent_cache; @@ -1527,6 +1528,18 @@ xfs_attr_namecheck( if (flags & XFS_ATTR_PARENT) return xfs_parent_namecheck(mp, name, length, flags); + if (flags & XFS_ATTR_VERITY) { + /* Merkle tree pages are stored under u64 indexes */ + if (length == sizeof(struct xfs_fsverity_merkle_key)) + return true; + + /* Verity descriptor blocks are held in a named attribute. */ + if (length == XFS_VERITY_DESCRIPTOR_NAME_LEN) + return true; + + return false; + } + /* * MAXNAMELEN includes the trailing null, but (name/length) leave it * out, so use >= for the length check. diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c index b51f439e4aed..f1f6aefc0420 100644 --- a/fs/xfs/libxfs/xfs_attr_leaf.c +++ b/fs/xfs/libxfs/xfs_attr_leaf.c @@ -30,6 +30,7 @@ #include "xfs_ag.h" #include "xfs_errortag.h" #include "xfs_health.h" +#include "xfs_verity.h" /* @@ -519,7 +520,12 @@ xfs_attr_copy_value( return -ERANGE; } - if (!args->value) { + /* + * We don't want to allocate memory for fs-verity Merkle tree blocks + * (fs-verity descriptor is fine though). They will be stored in + * underlying xfs_buf + */ + if (!args->value && !xfs_verity_merkle_block(args)) { args->value = kvmalloc(valuelen, GFP_KERNEL | __GFP_NOLOCKDEP); if (!args->value) return -ENOMEM; @@ -538,7 +544,14 @@ xfs_attr_copy_value( */ if (!value) return -EINVAL; - memcpy(args->value, value, valuelen); + /* + * We won't copy Merkle tree block to the args->value as we want it be + * in the xfs_buf. And we didn't allocate any memory in args->value. + */ + if (xfs_verity_merkle_block(args)) + args->value = value; + else + memcpy(args->value, value, valuelen); return 0; } diff --git a/fs/xfs/libxfs/xfs_attr_remote.c b/fs/xfs/libxfs/xfs_attr_remote.c index f1b7842da809..a631ddff8068 100644 --- a/fs/xfs/libxfs/xfs_attr_remote.c +++ b/fs/xfs/libxfs/xfs_attr_remote.c @@ -23,6 +23,7 @@ #include "xfs_trace.h" #include "xfs_error.h" #include "xfs_health.h" +#include "xfs_verity.h" #define ATTR_RMTVALUE_MAPSIZE 1 /* # of map entries at once */ @@ -404,11 +405,10 @@ xfs_attr_rmtval_get( ASSERT(args->rmtvaluelen == args->valuelen); /* - * We also check for _OP_BUFFER as we want to trigger on - * verity blocks only, not on verity_descriptor + * For fs-verity we want additional space in the xfs_buf. This space is + * used to copy xattr value without leaf headers (crc header). */ - if (args->attr_filter & XFS_ATTR_VERITY && - args->op_flags & XFS_DA_OP_BUFFER) + if (xfs_verity_merkle_block(args)) flags = XBF_DOUBLE_ALLOC; valuelen = args->rmtvaluelen; diff --git a/fs/xfs/libxfs/xfs_da_format.h b/fs/xfs/libxfs/xfs_da_format.h index 28d4ac6fa156..c30c3c253191 100644 --- a/fs/xfs/libxfs/xfs_da_format.h +++ b/fs/xfs/libxfs/xfs_da_format.h @@ -914,4 +914,31 @@ struct xfs_parent_name_rec { */ #define XFS_PARENT_DIRENT_NAME_MAX_SIZE (MAXNAMELEN - 1) +/* + * fs-verity attribute name format + * + * Merkle tree blocks are stored under extended attributes of the inode. The + * name of the attributes are offsets into merkle tree. + */ +struct xfs_fsverity_merkle_key { + __be64 merkleoff; +}; + +static inline void +xfs_fsverity_merkle_key_to_disk(struct xfs_fsverity_merkle_key *key, loff_t pos) +{ + key->merkleoff = cpu_to_be64(pos); +} + +static inline loff_t +xfs_fsverity_name_to_block_offset(unsigned char *name) +{ + struct xfs_fsverity_merkle_key key = { + .merkleoff = *(__be64 *)name + }; + loff_t offset = be64_to_cpu(key.merkleoff); + + return offset; +} + #endif /* __XFS_DA_FORMAT_H__ */ diff --git a/fs/xfs/libxfs/xfs_ondisk.h b/fs/xfs/libxfs/xfs_ondisk.h index 81885a6a028e..39209943c474 100644 --- a/fs/xfs/libxfs/xfs_ondisk.h +++ b/fs/xfs/libxfs/xfs_ondisk.h @@ -194,6 +194,10 @@ xfs_check_ondisk_structs(void) XFS_CHECK_VALUE(XFS_DQ_BIGTIME_EXPIRY_MIN << XFS_DQ_BIGTIME_SHIFT, 4); XFS_CHECK_VALUE(XFS_DQ_BIGTIME_EXPIRY_MAX << XFS_DQ_BIGTIME_SHIFT, 16299260424LL); + + /* fs-verity descriptor xattr name */ + XFS_CHECK_VALUE(strlen(XFS_VERITY_DESCRIPTOR_NAME), + XFS_VERITY_DESCRIPTOR_NAME_LEN); } #endif /* __XFS_ONDISK_H */ diff --git a/fs/xfs/xfs_inode.h b/fs/xfs/xfs_inode.h index ab46ffb3ac19..d6664e9afa22 100644 --- a/fs/xfs/xfs_inode.h +++ b/fs/xfs/xfs_inode.h @@ -348,7 +348,8 @@ static inline bool xfs_inode_has_large_extent_counts(struct xfs_inode *ip) * inactivation completes, both flags will be cleared and the inode is a * plain old IRECLAIMABLE inode. */ -#define XFS_INACTIVATING (1 << 13) +#define XFS_INACTIVATING (1 << 13) +#define XFS_IVERITY_CONSTRUCTION (1 << 14) /* merkle tree construction */ /* Quotacheck is running but inode has not been added to quota counts. */ #define XFS_IQUOTAUNCHECKED (1 << 14) diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c index 9f9c35cff9bf..996e6ea91fe1 100644 --- a/fs/xfs/xfs_super.c +++ b/fs/xfs/xfs_super.c @@ -30,6 +30,7 @@ #include "xfs_filestream.h" #include "xfs_quota.h" #include "xfs_sysfs.h" +#include "xfs_verity.h" #include "xfs_ondisk.h" #include "xfs_rmap_item.h" #include "xfs_refcount_item.h" @@ -1520,6 +1521,11 @@ xfs_fs_fill_super( sb->s_quota_types = QTYPE_MASK_USR | QTYPE_MASK_GRP | QTYPE_MASK_PRJ; #endif sb->s_op = &xfs_super_operations; +#ifdef CONFIG_FS_VERITY + error = fsverity_set_ops(sb, &xfs_verity_ops); + if (error) + return error; +#endif /* * Delay mount work if the debug hook is set. This is debug @@ -1729,6 +1735,10 @@ xfs_fs_fill_super( goto out_filestream_unmount; } + if (xfs_has_verity(mp)) + xfs_alert(mp, + "EXPERIMENTAL fs-verity feature in use. Use at your own risk!"); + error = xfs_mountfs(mp); if (error) goto out_filestream_unmount; diff --git a/fs/xfs/xfs_verity.c b/fs/xfs/xfs_verity.c new file mode 100644 index 000000000000..ea31b5bf6214 --- /dev/null +++ b/fs/xfs/xfs_verity.c @@ -0,0 +1,355 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright (C) 2023 Red Hat, Inc. + */ +#include "xfs.h" +#include "xfs_shared.h" +#include "xfs_format.h" +#include "xfs_da_format.h" +#include "xfs_da_btree.h" +#include "xfs_trans_resv.h" +#include "xfs_mount.h" +#include "xfs_inode.h" +#include "xfs_log_format.h" +#include "xfs_attr.h" +#include "xfs_verity.h" +#include "xfs_bmap_util.h" +#include "xfs_log_format.h" +#include "xfs_trans.h" +#include "xfs_attr_leaf.h" + +/* + * Make fs-verity invalidate verified status of Merkle tree block + */ +static void +xfs_verity_put_listent( + struct xfs_attr_list_context *context, + int flags, + unsigned char *name, + int namelen, + int valuelen) +{ + struct fsverity_blockbuf block = { + .offset = xfs_fsverity_name_to_block_offset(name), + .size = valuelen, + }; + /* + * Verity descriptor is smaller than 1024; verity block min size is + * 1024. Exclude verity descriptor + */ + if (valuelen < 1024) + return; + + fsverity_invalidate_block(VFS_I(context->dp), &block); +} + +/* + * Iterate over extended attributes in the bp to invalidate Merkle tree blocks + */ +static int +xfs_invalidate_blocks( + struct xfs_inode *ip, + struct xfs_buf *bp) +{ + struct xfs_attr_list_context context; + + context.dp = ip; + context.resynch = 0; + context.buffer = NULL; + context.bufsize = 0; + context.firstu = 0; + context.attr_filter = XFS_ATTR_VERITY; + context.put_listent = xfs_verity_put_listent; + + return xfs_attr3_leaf_list_int(bp, &context); +} + +static int +xfs_get_verity_descriptor( + struct inode *inode, + void *buf, + size_t buf_size) +{ + struct xfs_inode *ip = XFS_I(inode); + int error = 0; + struct xfs_da_args args = { + .dp = ip, + .attr_filter = XFS_ATTR_VERITY, + .name = (const uint8_t *)XFS_VERITY_DESCRIPTOR_NAME, + .namelen = XFS_VERITY_DESCRIPTOR_NAME_LEN, + .value = buf, + .valuelen = buf_size, + }; + + /* + * The fact that (returned attribute size) == (provided buf_size) is + * checked by xfs_attr_copy_value() (returns -ERANGE) + */ + error = xfs_attr_get(&args); + if (error) + return error; + + return args.valuelen; +} + +static int +xfs_begin_enable_verity( + struct file *filp) +{ + struct inode *inode = file_inode(filp); + struct xfs_inode *ip = XFS_I(inode); + int error = 0; + + xfs_assert_ilocked(ip, XFS_IOLOCK_EXCL); + + if (IS_DAX(inode)) + return -EINVAL; + + if (xfs_iflags_test_and_set(ip, XFS_IVERITY_CONSTRUCTION)) + return -EBUSY; + + return error; +} + +static int +xfs_drop_merkle_tree( + struct xfs_inode *ip, + u64 merkle_tree_size, + unsigned int tree_blocksize) +{ + struct xfs_fsverity_merkle_key name; + int error = 0; + u64 offset = 0; + struct xfs_da_args args = { + .dp = ip, + .whichfork = XFS_ATTR_FORK, + .attr_filter = XFS_ATTR_VERITY, + .op_flags = XFS_DA_OP_REMOVE, + .namelen = sizeof(struct xfs_fsverity_merkle_key), + /* NULL value make xfs_attr_set remove the attr */ + .value = NULL, + }; + + if (!merkle_tree_size) + return 0; + + args.name = (const uint8_t *)&name.merkleoff; + for (offset = 0; offset < merkle_tree_size; offset += tree_blocksize) { + xfs_fsverity_merkle_key_to_disk(&name, offset); + error = xfs_attr_set(&args); + if (error) + return error; + } + + args.name = (const uint8_t *)XFS_VERITY_DESCRIPTOR_NAME; + args.namelen = XFS_VERITY_DESCRIPTOR_NAME_LEN; + error = xfs_attr_set(&args); + + return error; +} + +static int +xfs_end_enable_verity( + struct file *filp, + const void *desc, + size_t desc_size, + u64 merkle_tree_size, + unsigned int tree_blocksize) +{ + struct inode *inode = file_inode(filp); + struct xfs_inode *ip = XFS_I(inode); + struct xfs_mount *mp = ip->i_mount; + struct xfs_trans *tp; + struct xfs_da_args args = { + .dp = ip, + .whichfork = XFS_ATTR_FORK, + .attr_filter = XFS_ATTR_VERITY, + .attr_flags = XATTR_CREATE, + .name = (const uint8_t *)XFS_VERITY_DESCRIPTOR_NAME, + .namelen = XFS_VERITY_DESCRIPTOR_NAME_LEN, + .value = (void *)desc, + .valuelen = desc_size, + }; + int error = 0; + + xfs_assert_ilocked(ip, XFS_IOLOCK_EXCL); + + /* fs-verity failed, just cleanup */ + if (desc == NULL) + goto out; + + error = xfs_attr_set(&args); + if (error) + goto out; + + /* Set fsverity inode flag */ + error = xfs_trans_alloc_inode(ip, &M_RES(mp)->tr_ichange, + 0, 0, false, &tp); + if (error) + goto out; + + /* + * Ensure that we've persisted the verity information before we enable + * it on the inode and tell the caller we have sealed the inode. + */ + ip->i_diflags2 |= XFS_DIFLAG2_VERITY; + + xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); + xfs_trans_set_sync(tp); + + error = xfs_trans_commit(tp); + xfs_iunlock(ip, XFS_ILOCK_EXCL); + + if (!error) + inode->i_flags |= S_VERITY; + +out: + if (error) + WARN_ON_ONCE(xfs_drop_merkle_tree(ip, merkle_tree_size, + tree_blocksize)); + + xfs_iflags_clear(ip, XFS_IVERITY_CONSTRUCTION); + return error; +} + +static int +xfs_read_merkle_tree_block( + struct inode *inode, + u64 pos, + struct fsverity_blockbuf *block, + unsigned int log_blocksize, + u64 ra_bytes) +{ + struct xfs_inode *ip = XFS_I(inode); + struct xfs_fsverity_merkle_key name; + int error = 0; + struct xfs_da_args args = { + .dp = ip, + .attr_filter = XFS_ATTR_VERITY, + .op_flags = XFS_DA_OP_BUFFER, + .namelen = sizeof(struct xfs_fsverity_merkle_key), + .valuelen = (1 << log_blocksize), + }; + xfs_fsverity_merkle_key_to_disk(&name, pos); + args.name = (const uint8_t *)&name.merkleoff; + + error = xfs_attr_get(&args); + if (error) + goto out; + + if (!args.valuelen) + return -ENODATA; + + block->kaddr = args.value; + block->offset = pos; + block->size = args.valuelen; + block->context = args.bp; + + /* + * Memory barriers are used to force operation ordering of clearing + * bitmap in fsverity_invalidate_block() and setting XBF_VERITY_SEEN + * flag. + * + * Multiple threads may execute this code concurrently on the same block. + * This is safe because we use memory barriers to ensure that if a + * thread sees XBF_VERITY_SEEN, then fsverity bitmap is already up to + * date. + * + * Invalidating block in a bitmap again at worst causes a hash block to + * be verified redundantly. That event should be very rare, so it's not + * worth using a lock to avoid. + */ + if (!(args.bp->b_flags & XBF_VERITY_SEEN)) { + /* + * A read memory barrier is needed here to give ACQUIRE + * semantics to the above check. + */ + smp_rmb(); + /* + * fs-verity is not aware if buffer was evicted from the memory. + * Make fs-verity invalidate verfied status of all blocks in the + * buffer. + * + * Single extended attribute can contain multiple Merkle tree + * blocks: + * - leaf with inline data -> invalidate all blocks in the leaf + * - remote value -> invalidate single block + * + * For example, leaf on 64k system with 4k/1k filesystem will + * contain multiple Merkle tree blocks. + * + * Only remote value buffers would have XBF_DOUBLE_ALLOC flag + */ + if (args.bp->b_flags & XBF_DOUBLE_ALLOC) + fsverity_invalidate_block(inode, block); + else { + error = xfs_invalidate_blocks(ip, args.bp); + if (error) + goto out; + } + } + + /* + * A write memory barrier is needed here to give RELEASE + * semantics to the below flag. + */ + smp_wmb(); + args.bp->b_flags |= XBF_VERITY_SEEN; + + return error; + +out: + kvfree(args.value); + if (args.bp) + xfs_buf_rele(args.bp); + return error; +} + +static int +xfs_write_merkle_tree_block( + struct inode *inode, + const void *buf, + u64 pos, + unsigned int size) +{ + struct xfs_inode *ip = XFS_I(inode); + struct xfs_fsverity_merkle_key name; + struct xfs_da_args args = { + .dp = ip, + .whichfork = XFS_ATTR_FORK, + .attr_filter = XFS_ATTR_VERITY, + .attr_flags = XATTR_CREATE, + .namelen = sizeof(struct xfs_fsverity_merkle_key), + .value = (void *)buf, + .valuelen = size, + }; + + xfs_fsverity_merkle_key_to_disk(&name, pos); + args.name = (const uint8_t *)&name.merkleoff; + + return xfs_attr_set(&args); +} + +static void +xfs_drop_block( + struct fsverity_blockbuf *block) +{ + struct xfs_buf *bp; + + ASSERT(block != NULL); + bp = (struct xfs_buf *)block->context; + ASSERT(bp->b_flags & XBF_VERITY_SEEN); + + xfs_buf_rele(bp); + + kunmap_local(block->kaddr); +} + +const struct fsverity_operations xfs_verity_ops = { + .begin_enable_verity = &xfs_begin_enable_verity, + .end_enable_verity = &xfs_end_enable_verity, + .get_verity_descriptor = &xfs_get_verity_descriptor, + .read_merkle_tree_block = &xfs_read_merkle_tree_block, + .write_merkle_tree_block = &xfs_write_merkle_tree_block, + .drop_block = &xfs_drop_block, +}; diff --git a/fs/xfs/xfs_verity.h b/fs/xfs/xfs_verity.h new file mode 100644 index 000000000000..deea15cd3cc5 --- /dev/null +++ b/fs/xfs/xfs_verity.h @@ -0,0 +1,33 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright (C) 2022 Red Hat, Inc. + */ +#ifndef __XFS_VERITY_H__ +#define __XFS_VERITY_H__ + +#include "xfs.h" +#include "xfs_da_format.h" +#include "xfs_da_btree.h" +#include + +#define XFS_VERITY_DESCRIPTOR_NAME "vdesc" +#define XFS_VERITY_DESCRIPTOR_NAME_LEN 5 + +static inline bool +xfs_verity_merkle_block( + struct xfs_da_args *args) +{ + if (!(args->attr_filter & XFS_ATTR_VERITY)) + return false; + + if (!(args->op_flags & XFS_DA_OP_BUFFER)) + return false; + + return true; +} + +#ifdef CONFIG_FS_VERITY +extern const struct fsverity_operations xfs_verity_ops; +#endif /* CONFIG_FS_VERITY */ + +#endif /* __XFS_VERITY_H__ */ From patchwork Mon Mar 4 19:10:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13581047 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9FB427D3EA for ; Mon, 4 Mar 2024 19:12:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579557; cv=none; b=MDwblLvQ1UyhRiHXA8o1BMFS/FN27WCxGwxpke5ua/AGAASVQUq0c0bScZZ7P94E90dB1PkvXOwGweNjtkY03bhkmVTp54oFLA4Zhdz1CAMAZb5n+mHTSP/TjJeAWru0ifwrLDpx01sf+2S73hQWerv7fcWUxaYj9QK0AmLKVQI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579557; c=relaxed/simple; bh=QdzJQ1kBU4GhtNmWFv/v5q2u9OPK6bqQ8YoEEN+UHm4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Bq/MXigvaZwSasaZB1wwQlE5FVrf8/l75AZWHVOaCCjuPCp4UEJlIW8cspo+YTd2KqRZOdxdnNfiUwUIcwK52e6PLamMkNfcs/f6OUq38ChsbH4dH1xvxWwYqSdlXIlWgdKKtXk6pOrr7n6uBP+Ntuj2e+KAf16qdGAbRYf364I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=I+J1LG6l; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="I+J1LG6l" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709579554; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CCVu6C3sA7ElU4nB0aYXUKm+yvCdjGTpJNzXHRX3ZOA=; b=I+J1LG6lILvgXd7Se1zlhzBaaou5TJ+Lqu6EDMQ3lrDxzCnFUKRlZUt2s4+1ipSGzhI71R 5nrRv8LlYnGJ5Ipde7ev50yLKvKFKK+hfJkz8fyeQ6q+f3xTNjoe6ZOCAz8YWGiFPSvnZI n1mAExKclvHPRUsKmIGiR60wA0XO9CI= Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-170-aIBaWtSMNP2VdjEM1YojZw-1; Mon, 04 Mar 2024 14:12:33 -0500 X-MC-Unique: aIBaWtSMNP2VdjEM1YojZw-1 Received: by mail-ed1-f70.google.com with SMTP id 4fb4d7f45d1cf-559555e38b0so5250414a12.3 for ; Mon, 04 Mar 2024 11:12:33 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709579552; x=1710184352; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CCVu6C3sA7ElU4nB0aYXUKm+yvCdjGTpJNzXHRX3ZOA=; b=rpYYSXbByi92nl74DMKQHMvgrBStUfR4LQWqF54dmcPQjw/c+ta6UXaMgAl6sj/9am NgOXuFymcCDn8kJtzikt1nc21RDqR8LakB1BGHWNrl6vBbMnQHUTIoeGyDrCjKPnAJgM eFhut0KctaVtD6To/yXZ29Jw2uC6xRrjOPsFzDG9KqKVZceuKRZ+FbczJpenTOBjzAW2 0Z8D/FSPvtFD5oMPWXz6HpHiXai3tsbakAxvcm6mtMTU3yXfIpAWWHx441+3xYILxsqL IO4My/Oie5cK5BlN6Eq9seHHRuFxOAO81ut8170zUp/Hu0Lk5p/VmrVskbNyQ+pmKd1F BQmw== X-Forwarded-Encrypted: i=1; AJvYcCVyB6cTY9Q91yJTVmvAlSoC2+xTCI8E50x9LVUz0m9MqnZ2vjT2KPdhaRuYADoDmDVpRwslBZnILl0GSLbgpkfXxPF1mrOv/zv581NOZw== X-Gm-Message-State: AOJu0YwjABeEISaduVTBx1G+1HxTS+tPluX/pE60vJOvud45chQpPcts LlRYrIkyOQrvNQKgqj4iPkOcvIV8R4MniY+846cZDVLby/Prtc6dBeMvYLDWzYq4D5Od7/lqbSF 1YWaQN2C7/Epu+8yJ5cJKp1arKRuqI3Bl9nXw1YUvz01U03M7kjSkIO+NUyrZn/Ml3lrjIQ== X-Received: by 2002:a17:906:ca46:b0:a3e:8223:289a with SMTP id jx6-20020a170906ca4600b00a3e8223289amr6658577ejb.31.1709579551778; Mon, 04 Mar 2024 11:12:31 -0800 (PST) X-Google-Smtp-Source: AGHT+IGwEVH/LAIuJqd047oj/TDNuXhBpSOEKAD5TItZIL/0FSEVj2eqhjgA+Kb1gdJhwoiOZ/4iBg== X-Received: by 2002:a17:906:ca46:b0:a3e:8223:289a with SMTP id jx6-20020a170906ca4600b00a3e8223289amr6658560ejb.31.1709579551268; Mon, 04 Mar 2024 11:12:31 -0800 (PST) Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id a11-20020a1709064a4b00b00a44a04aa3cfsm3783319ejv.225.2024.03.04.11.12.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 11:12:30 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v5 22/24] xfs: make scrub aware of verity dinode flag Date: Mon, 4 Mar 2024 20:10:45 +0100 Message-ID: <20240304191046.157464-24-aalbersh@redhat.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20240304191046.157464-2-aalbersh@redhat.com> References: <20240304191046.157464-2-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 fs-verity adds new inode flag which causes scrub to fail as it is not yet known. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong --- fs/xfs/scrub/attr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/xfs/scrub/attr.c b/fs/xfs/scrub/attr.c index 9a1f59f7b5a4..ae4227cb55ec 100644 --- a/fs/xfs/scrub/attr.c +++ b/fs/xfs/scrub/attr.c @@ -494,7 +494,7 @@ xchk_xattr_rec( /* Retrieve the entry and check it. */ hash = be32_to_cpu(ent->hashval); badflags = ~(XFS_ATTR_LOCAL | XFS_ATTR_ROOT | XFS_ATTR_SECURE | - XFS_ATTR_INCOMPLETE | XFS_ATTR_PARENT); + XFS_ATTR_INCOMPLETE | XFS_ATTR_PARENT | XFS_ATTR_VERITY); if ((ent->flags & badflags) != 0) xchk_da_set_corrupt(ds, level); if (ent->flags & XFS_ATTR_LOCAL) { From patchwork Mon Mar 4 19:10:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13581049 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DCFD97D3FE for ; Mon, 4 Mar 2024 19:12:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579558; cv=none; b=GL4Kb01r8Xfz8dQBVOnka//3IfYfHfpjy2Vz+tLv2K1HzYbP1Lkfi/e8XwQ+d92LDuTn+KaP8M9vJdKUtDdMR5D6k1ae6wSloRINgYis7Z+qivXUDaXCBQw1r/DPupvhkF7kHuYASc+6f5tI/dQU0Z+gRajQgfQlvKu5Pgv5Sys= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579558; c=relaxed/simple; bh=INc7MitHePby7vAUkDxfEehRxdrWRG6wEUUVyYbtgRI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=PeKYmVXavyLbbifdyjSNy3+qfVdCT8DyXEi2u3b79uS0sOCc8noIhExbIkatcFuHZwcAv5bVRs5zynyamDKBCkdspomSeFnUmUJRGXGhaUJJ8du0JexUqC26Ku95pDo9fpVqOPubuY/JxdCzqA9qHPpVTSfx4oFo2+wbH6JqOR0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=bLSKjNmo; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="bLSKjNmo" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709579555; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=cdXZxugOLeL3RCRxiry5bYRXbpoWIDFypQghiFAJrD4=; b=bLSKjNmoPLMOV9xS4IHPj0jQkNGIzNHWcJwNarDhzfBItpIH7FEJDAhwoY9wwaMrIMkvVB mkqFrCT8vC3unhAYoHOZcIUJOsbpMnNUZMNxxLAoveCoPlGZe9LYRCrv3nXoWz71F8K8bV XRrxHKdRBtC8ONJl5Lql6c0MH/Xr8eI= Received: from mail-lf1-f69.google.com (mail-lf1-f69.google.com [209.85.167.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-683-uZt9KSJUN7iC9MUl7K92UQ-1; Mon, 04 Mar 2024 14:12:34 -0500 X-MC-Unique: uZt9KSJUN7iC9MUl7K92UQ-1 Received: by mail-lf1-f69.google.com with SMTP id 2adb3069b0e04-513340d10ccso2299015e87.2 for ; Mon, 04 Mar 2024 11:12:33 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709579553; x=1710184353; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cdXZxugOLeL3RCRxiry5bYRXbpoWIDFypQghiFAJrD4=; b=n0e7ov/CoMiLWAr6WF9rCtS3yUHyHxs0n0yIeoceiz1uI8Mc/SATyCyCK+ZJixvqmo BlT+m4Gk3iP97qyq7BqxT6NJwTpvXVow5BEgbnNYjIAEg/448X1VTxpCgZEe/kEModZ+ ojMKAaIIqErezKFnO6ku4Uqg7XPy8aoG2tSR6/lBDWq5agfixmvSVOkJlDX9/ZaouxcQ wtZ5oDBtwP+753l+Bc8QuK5rqp614PzKkLB/OLg+bkGGFjgrvPYXwbFw2zDl/pPt66Mq nR5JRKP2PlE6Bp9hJ9G3kLpVclFuabm36DXvIBPkab1BBFlM3O3r/JdSAwjSCfroq/Vj uxiA== X-Forwarded-Encrypted: i=1; AJvYcCWI5f77mrfxkQwrrhRCIiDe7H13w7Dgv+6f6iYP1unNNkFFEBQkt2KfYuOTLmODbaCg0pJjk+6E1wuhiTWShmpQdcDdaI+vfFKk1ysD1w== X-Gm-Message-State: AOJu0YypBD/ziwlHRVY7C97Zqy44nnQWY1xsiNu4FehBASnV5HPejckH rc83TXMWVoiMeOvW9SsEfXaQ9bWlyrJN365Fn2rktfiYLKHVrN689a+NrSJvOVwECJVNCEZ1dq4 l2g+RomR0YSmq5By/RXiNFqfOnoBwNAI06fhdlLD++Ry6XD2/TpXtGT5OIG4zoQ== X-Received: by 2002:ac2:42d7:0:b0:513:49fd:c63a with SMTP id n23-20020ac242d7000000b0051349fdc63amr1699739lfl.56.1709579552850; Mon, 04 Mar 2024 11:12:32 -0800 (PST) X-Google-Smtp-Source: AGHT+IETsl9dsoS2dwS0BLYcGhPQprHJfq00rS2fw55aSA7GEdV3c2F87uy+0BYF6vYReQxkQ1fYiA== X-Received: by 2002:ac2:42d7:0:b0:513:49fd:c63a with SMTP id n23-20020ac242d7000000b0051349fdc63amr1699729lfl.56.1709579552630; Mon, 04 Mar 2024 11:12:32 -0800 (PST) Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id a11-20020a1709064a4b00b00a44a04aa3cfsm3783319ejv.225.2024.03.04.11.12.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 11:12:31 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v5 23/24] xfs: add fs-verity ioctls Date: Mon, 4 Mar 2024 20:10:46 +0100 Message-ID: <20240304191046.157464-25-aalbersh@redhat.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20240304191046.157464-2-aalbersh@redhat.com> References: <20240304191046.157464-2-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Add fs-verity ioctls to enable, dump metadata (descriptor and Merkle tree pages) and obtain file's digest. Signed-off-by: Andrey Albershteyn --- fs/xfs/xfs_ioctl.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c index ab61d7d552fb..4763d20c05ff 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c @@ -43,6 +43,7 @@ #include #include #include +#include /* * xfs_find_handle maps from userspace xfs_fsop_handlereq structure to @@ -2174,6 +2175,22 @@ xfs_file_ioctl( return error; } + case FS_IOC_ENABLE_VERITY: + if (!xfs_has_verity(mp)) + return -EOPNOTSUPP; + return fsverity_ioctl_enable(filp, (const void __user *)arg); + + case FS_IOC_MEASURE_VERITY: + if (!xfs_has_verity(mp)) + return -EOPNOTSUPP; + return fsverity_ioctl_measure(filp, (void __user *)arg); + + case FS_IOC_READ_VERITY_METADATA: + if (!xfs_has_verity(mp)) + return -EOPNOTSUPP; + return fsverity_ioctl_read_metadata(filp, + (const void __user *)arg); + default: return -ENOTTY; } From patchwork Mon Mar 4 19:10:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13581050 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 272DD7E10E for ; Mon, 4 Mar 2024 19:12:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579559; cv=none; b=dIJBEeyEhEfjr9X+TkAlAvM+ph9I/t3S4SfCUceR35WKxV5l+a5ri+5/CjUzl7O9WSv+WvlqW+1dXSclTfAAMUC94ApEqllDHPlDtxNXpP2M6sPVXmyQuO4FbkWWYjlTB38aPE8znLRKOkBQ5swg61vtVDrUNc4r6EGpvhEOYqs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709579559; c=relaxed/simple; bh=Vv6pshJlKGTE98xSJNd6Xk8HKI+ZQ4JRPxzDEoR1Lmg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Yw0YsDfU6QtyVEEtppzQY4wgLuF2ijTnRUd88SFK76Le02JchfZiIBJaRX3zm+MnH8bP0/jrW3+SgBQ8K6jYHuWDZHt/0eMnmqBwTeO9LvEMqtJjFMYjcU/+tlrb5QeQd+6Lf6m++stO47VW/rTYo2fZEqAPJpvh5+c7fmkhqXo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=XzW4L2+J; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="XzW4L2+J" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709579557; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZV6cPRqKx5ix6M5gdtJYtyedkYWhw05+92IPp1Ctzuk=; b=XzW4L2+JTIf+Pffe8MwWmFgZyEdu6PvWTow+HgGdjsUta5DP15k17e362Oln+5lTquBEC5 RSb/JhOLZVPfpHcmLteFXKu1z16B9NirY8Q4qLcvxoHtqqddUKGSRVfkBcJ4bexXjNV4Nv 9k9kNsUcd5Q2jFO7eiEAoqmFAVBp6kA= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-643-_eiujDMNO1qDGzdbbFHR0g-1; Mon, 04 Mar 2024 14:12:36 -0500 X-MC-Unique: _eiujDMNO1qDGzdbbFHR0g-1 Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-a357c92f241so345844166b.0 for ; Mon, 04 Mar 2024 11:12:35 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709579554; x=1710184354; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZV6cPRqKx5ix6M5gdtJYtyedkYWhw05+92IPp1Ctzuk=; b=vryQ4l0sX7Jc1WZgXYxw+NK0MfgoyTSJL7+wpR0m1kFWm8psDeKq2uWVXdG05xwM4m j6eQ7PfO39KtNWiUq3wqnOWYsobzerBoOidseIJhOgEBqTvbP+Tg2WgYWOcR6eZs6PpT bGjQbxTN09PqQJa5g8HsHvBWH4/2kDbYeCUDPUol94aCGGgi5WNm4pBwtbUheI68jm76 xUu/+EGMxCmiXDaENtZrSU2h/7ohzXU1dR6oTmNUsr429Wl4ll3NIuvutaEASg3+RXdE LiA+4lEE2fn0oPOdu45IFECeF7lTMT8y5Ow+GyyNWwzQsbwkygbsLTHqZDdpdALwgzSp NY6g== X-Forwarded-Encrypted: i=1; AJvYcCXChIXv/rS+jo6pycciEBIEpdcIRTehaXLkDzfSqRXYbFT7ktwhj1+vXLM4TWCtZgCZ5Z8xF20yzxkq2T7wWHOeyIyomt29UDFWVDLXhw== X-Gm-Message-State: AOJu0YyrwKRVKc0E9JowbSvJqNSVQd+kQZGY6WlUDiA/D8ES42pnH9Ua SBH4eOjZpnVfnvNlsGY1fSWxAgIxVfcJoXTNhPQVhq68tuGLxT+0nGp0Etqo8UxA5wOFdto2tup kKMk3uSPlJUGtLX+dG1EhqkUSrVC9womMZjAKFiAjbQOl2057SaEXm1oVJX+Efw== X-Received: by 2002:a17:906:a3cd:b0:a45:1f03:4f23 with SMTP id ca13-20020a170906a3cd00b00a451f034f23mr3215552ejb.52.1709579554822; Mon, 04 Mar 2024 11:12:34 -0800 (PST) X-Google-Smtp-Source: AGHT+IEr0NI1aFj9SyMPj6KLK6wqTh72eLYmQdqNJLscKrLdEp90sMnUKsBE06KkZVd9YcuteqLjDA== X-Received: by 2002:a17:906:a3cd:b0:a45:1f03:4f23 with SMTP id ca13-20020a170906a3cd00b00a451f034f23mr3215547ejb.52.1709579554621; Mon, 04 Mar 2024 11:12:34 -0800 (PST) Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id a11-20020a1709064a4b00b00a44a04aa3cfsm3783319ejv.225.2024.03.04.11.12.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 11:12:33 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v5 24/24] xfs: enable ro-compat fs-verity flag Date: Mon, 4 Mar 2024 20:10:47 +0100 Message-ID: <20240304191046.157464-26-aalbersh@redhat.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20240304191046.157464-2-aalbersh@redhat.com> References: <20240304191046.157464-2-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Finalize fs-verity integration in XFS by making kernel fs-verity aware with ro-compat flag. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong --- fs/xfs/libxfs/xfs_format.h | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/fs/xfs/libxfs/xfs_format.h b/fs/xfs/libxfs/xfs_format.h index 3ce2902101bc..be66f0ab20cb 100644 --- a/fs/xfs/libxfs/xfs_format.h +++ b/fs/xfs/libxfs/xfs_format.h @@ -355,10 +355,11 @@ xfs_sb_has_compat_feature( #define XFS_SB_FEAT_RO_COMPAT_INOBTCNT (1 << 3) /* inobt block counts */ #define XFS_SB_FEAT_RO_COMPAT_VERITY (1 << 4) /* fs-verity */ #define XFS_SB_FEAT_RO_COMPAT_ALL \ - (XFS_SB_FEAT_RO_COMPAT_FINOBT | \ - XFS_SB_FEAT_RO_COMPAT_RMAPBT | \ - XFS_SB_FEAT_RO_COMPAT_REFLINK| \ - XFS_SB_FEAT_RO_COMPAT_INOBTCNT) + (XFS_SB_FEAT_RO_COMPAT_FINOBT | \ + XFS_SB_FEAT_RO_COMPAT_RMAPBT | \ + XFS_SB_FEAT_RO_COMPAT_REFLINK | \ + XFS_SB_FEAT_RO_COMPAT_INOBTCNT| \ + XFS_SB_FEAT_RO_COMPAT_VERITY) #define XFS_SB_FEAT_RO_COMPAT_UNKNOWN ~XFS_SB_FEAT_RO_COMPAT_ALL static inline bool xfs_sb_has_ro_compat_feature(