From patchwork Sun Mar 17 16:34:05 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Darrick J. Wong" <djwong@kernel.org>
X-Patchwork-Id: 13594685
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 532C31B949;
	Sun, 17 Mar 2024 16:34:05 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1710693246; cv=none;
 b=q4UfzPvjLbDdcDnxbd+r38uBITsMjoulUza6DwOpONWLydOqqJuzjexryxOUbolp4jD/PSnQiWf15XBOseZ+eCkvLxClyDjTgcnc2BCd1IslO1aki297TK6xAZZb1A3jRZ1mCpT/oRKBlW51s+T1fmdIkmVsisOfClMTrGa09LY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1710693246; c=relaxed/simple;
	bh=kwab96/jJDrcOROQdEleYxy9DZSIXvgQliZADQW+gqg=;
	h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=XCNmtZDyPqdnf0Gz0j/VPKVkYqLtXPU8ky6TsPo7FD2pUz1gBsRAoJtf/vlQagEyocq8P0DzyozuTTxGuGwt7gD1y95iWZHcVIMyQh8qxTXd9wRBeI/xk58xlRFNCH/ubOJ3mLaBpjPyvvWzOzbXCwiizyQAgT8rw4BmYDM8xCc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=kN5W3VXZ; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="kN5W3VXZ"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id C250CC433F1;
	Sun, 17 Mar 2024 16:34:05 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1710693245;
	bh=kwab96/jJDrcOROQdEleYxy9DZSIXvgQliZADQW+gqg=;
	h=Date:Subject:From:To:Cc:In-Reply-To:References:From;
	b=kN5W3VXZggoD5j3lccDK/SUp2UiuaOtioLPLZDOuRbQp2x8usblI2T8sca4nfkjNL
	 LnWwVaiCm3abUnFkxufgPTlusc5PY2hF8hhwg4Ax0VmUzxdTnUrcpYPsrgMpHqgmQe
	 J6TPxaJpbtaWzaUUJz+dMOZhPS1HKVK72NeHnrrT34pMrEccM+IeFYXAAPmLHXQ7jE
	 Q/36bMGReu91p2Q70UarbuKfIaaN3IDKlvvF3GdVwgkEWENtu0lftcoR2naZPInP/T
	 WZIrxPasCOqBV/mN474uqdleke8Ex6nz8G1E1IUVAW96GTWYRqo8Mu+5xOptxQLg9Z
	 dmOGqt9yc8xAQ==
Date: Sun, 17 Mar 2024 09:34:05 -0700
Subject: [PATCH 01/20] xfsprogs: add parent pointer support to attribute code
From: "Darrick J. Wong" <djwong@kernel.org>
To: aalbersh@redhat.com, djwong@kernel.org, cem@kernel.org,
 ebiggers@kernel.org
Cc: Mark Tinguely <tinguely@sgi.com>, Dave Chinner <dchinner@redhat.com>,
 Allison Henderson <allison.henderson@oracle.com>, fsverity@lists.linux.dev,
 linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org
Message-ID: <171069247688.2685643.4696633268276009013.stgit@frogsfrogsfrogs>
In-Reply-To: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
References: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
User-Agent: StGit/0.19
Precedence: bulk
X-Mailing-List: fsverity@lists.linux.dev
List-Id: <fsverity.lists.linux.dev>
List-Subscribe: <mailto:fsverity+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:fsverity+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Allison Henderson <allison.henderson@oracle.com>

Source kernel commit: 403a9dc2804baec57eb03a9c4ae14ba811f091e5

Add the new parent attribute type. XFS_ATTR_PARENT is used only for parent pointer
entries; it uses reserved blocks like XFS_ATTR_ROOT.

Signed-off-by: Mark Tinguely <tinguely@sgi.com>
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Allison Henderson <allison.henderson@oracle.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
---
 libxfs/xfs_attr.c       |    4 +++-
 libxfs/xfs_da_format.h  |    5 ++++-
 libxfs/xfs_log_format.h |    1 +
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/libxfs/xfs_attr.c b/libxfs/xfs_attr.c
index 630065f1..4818eabb 100644
--- a/libxfs/xfs_attr.c
+++ b/libxfs/xfs_attr.c
@@ -922,11 +922,13 @@ xfs_attr_set(
 	struct xfs_inode	*dp = args->dp;
 	struct xfs_mount	*mp = dp->i_mount;
 	struct xfs_trans_res	tres;
-	bool			rsvd = (args->attr_filter & XFS_ATTR_ROOT);
+	bool			rsvd;
 	int			error, local;
 	int			rmt_blks = 0;
 	unsigned int		total;
 
+	rsvd = (args->attr_filter & (XFS_ATTR_ROOT | XFS_ATTR_PARENT)) != 0;
+
 	if (xfs_is_shutdown(dp->i_mount))
 		return -EIO;
 
diff --git a/libxfs/xfs_da_format.h b/libxfs/xfs_da_format.h
index 060e5c96..5434d4d5 100644
--- a/libxfs/xfs_da_format.h
+++ b/libxfs/xfs_da_format.h
@@ -714,12 +714,15 @@ struct xfs_attr3_leafblock {
 #define	XFS_ATTR_LOCAL_BIT	0	/* attr is stored locally */
 #define	XFS_ATTR_ROOT_BIT	1	/* limit access to trusted attrs */
 #define	XFS_ATTR_SECURE_BIT	2	/* limit access to secure attrs */
+#define	XFS_ATTR_PARENT_BIT	3	/* parent pointer attrs */
 #define	XFS_ATTR_INCOMPLETE_BIT	7	/* attr in middle of create/delete */
 #define XFS_ATTR_LOCAL		(1u << XFS_ATTR_LOCAL_BIT)
 #define XFS_ATTR_ROOT		(1u << XFS_ATTR_ROOT_BIT)
 #define XFS_ATTR_SECURE		(1u << XFS_ATTR_SECURE_BIT)
+#define XFS_ATTR_PARENT		(1u << XFS_ATTR_PARENT_BIT)
 #define XFS_ATTR_INCOMPLETE	(1u << XFS_ATTR_INCOMPLETE_BIT)
-#define XFS_ATTR_NSP_ONDISK_MASK	(XFS_ATTR_ROOT | XFS_ATTR_SECURE)
+#define XFS_ATTR_NSP_ONDISK_MASK \
+			(XFS_ATTR_ROOT | XFS_ATTR_SECURE | XFS_ATTR_PARENT)
 
 /*
  * Alignment for namelist and valuelist entries (since they are mixed
diff --git a/libxfs/xfs_log_format.h b/libxfs/xfs_log_format.h
index 16872972..9cbcba4b 100644
--- a/libxfs/xfs_log_format.h
+++ b/libxfs/xfs_log_format.h
@@ -974,6 +974,7 @@ struct xfs_icreate_log {
  */
 #define XFS_ATTRI_FILTER_MASK		(XFS_ATTR_ROOT | \
 					 XFS_ATTR_SECURE | \
+					 XFS_ATTR_PARENT | \
 					 XFS_ATTR_INCOMPLETE)
 
 /*

From patchwork Sun Mar 17 16:34:20 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Darrick J. Wong" <djwong@kernel.org>
X-Patchwork-Id: 13594686
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 943221B949;
	Sun, 17 Mar 2024 16:34:21 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1710693261; cv=none;
 b=ZpXcEd31eiPYPNysxCs31FkdwxErT7t7l3RaqE2EzdxJlRJiyJxhMSfhPjsM2nLuJIncB+Lf+WRh+8U+BkiB4UB9RLdBFVa1pHUpT4wZg+WH8YDjsULFUwQrcglzvxKT/vIb5eQlAKhoj26TTsT/J15pgJ8ZY8Isj9m+xxLMmes=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1710693261; c=relaxed/simple;
	bh=+O804seDjcWiSwjJhai6gBDtUJWVnPn4VUy30SoJQN8=;
	h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=gExxY8qA4+nnNhAiTwL95uic3E2FjI5wXmTKS/+tVUXvDyJKG9tj2npYCsJe/MjtMTwQAJVSj6v2j58fLCAfZAMFTFLbRdvHMZGKD2nF6vEQuDUC1w9JBsZ2vY9FHkgpa1TK5ptZOqF//U75mvnHlClMheHI0FrEgw2lXSMmSTk=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=d5QKlEuU; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="d5QKlEuU"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 687BCC433C7;
	Sun, 17 Mar 2024 16:34:21 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1710693261;
	bh=+O804seDjcWiSwjJhai6gBDtUJWVnPn4VUy30SoJQN8=;
	h=Date:Subject:From:To:Cc:In-Reply-To:References:From;
	b=d5QKlEuUepG4gBySv2cdGwZg2/HUhW8hkYoTwpYNdajs4cJuyKhDpooM3pm2AJwlN
	 4vEQh/0UyOskYAsM7ZcnlNH8CTJr002VVFnJfu1/Z7gkoZH9jRyB4/xCa9df4+6C0d
	 Gi1rq/cJ1ip8TULOCCROdOIE/6u9xM08RGPAwSR90mp6bwWAsZgXtTqwPIqx/nyX9g
	 zlgNee2Q7WQDkD55ziKSkan9wUWfwfbSlIYBKUD4UJ9qMl3hlGppwXuJWxx+Ap5R9G
	 NJHijDqlZFLAGCZvLfqDOE5OLKxHyLXjGVoEg4zKgwxH9snXTOmZuseR/tpSSO9xEJ
	 1ccyqwHEdAWDQ==
Date: Sun, 17 Mar 2024 09:34:20 -0700
Subject: [PATCH 02/20] xfsprogs: define parent pointer xattr format
From: "Darrick J. Wong" <djwong@kernel.org>
To: aalbersh@redhat.com, djwong@kernel.org, cem@kernel.org,
 ebiggers@kernel.org
Cc: Dave Chinner <dchinner@redhat.com>,
 Allison Henderson <allison.henderson@oracle.com>, fsverity@lists.linux.dev,
 linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org
Message-ID: <171069247702.2685643.4144188443131170132.stgit@frogsfrogsfrogs>
In-Reply-To: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
References: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
User-Agent: StGit/0.19
Precedence: bulk
X-Mailing-List: fsverity@lists.linux.dev
List-Id: <fsverity.lists.linux.dev>
List-Subscribe: <mailto:fsverity+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:fsverity+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Allison Henderson <allison.henderson@oracle.com>

Source kernel commit: 655e7fb23dc155b37a2eeadf2c854def053980bf

We need to define the parent pointer attribute format before we start
adding support for it into all the code that needs to use it. The EA
format we will use encodes the following information:

name={parent inode #, parent inode generation, dirent offset}
value={dirent filename}

The inode/gen gives all the information we need to reliably identify the
parent without requiring child->parent lock ordering, and allows
userspace to do pathname component level reconstruction without the
kernel ever needing to verify the parent itself as part of ioctl calls.

By using the dirent offset in the EA name, we have a method of knowing
the exact parent pointer EA we need to modify/remove in rename/unlink
without an unbound EA name search.

By keeping the dirent name in the value, we have enough information to
be able to validate and reconstruct damaged directory trees. While the
diroffset of a filename alone is not unique enough to identify the
child, the {diroffset,filename,child_inode} tuple is sufficient. That
is, if the diroffset gets reused and points to a different filename, we
can detect that from the contents of EA. If a link of the same name is
created, then we can check whether it points at the same inode as the
parent EA we current have.

Signed-off-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Allison Henderson <allison.henderson@oracle.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
---
 libxfs/xfs_da_format.h |   25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/libxfs/xfs_da_format.h b/libxfs/xfs_da_format.h
index 5434d4d5..fa0f46db 100644
--- a/libxfs/xfs_da_format.h
+++ b/libxfs/xfs_da_format.h
@@ -878,4 +878,29 @@ static inline unsigned int xfs_dir2_dirblock_bytes(struct xfs_sb *sbp)
 xfs_failaddr_t xfs_da3_blkinfo_verify(struct xfs_buf *bp,
 				      struct xfs_da3_blkinfo *hdr3);
 
+/*
+ * Parent pointer attribute format definition
+ *
+ * EA name encodes the parent inode number, generation and the offset of
+ * the dirent that points to the child inode. The EA value contains the
+ * same name as the dirent in the parent directory.
+ */
+struct xfs_parent_name_rec {
+	__be64  p_ino;
+	__be32  p_gen;
+	__be32  p_diroffset;
+};
+
+/*
+ * incore version of the above, also contains name pointers so callers
+ * can pass/obtain all the parent pointer information in a single structure
+ */
+struct xfs_parent_name_irec {
+	xfs_ino_t		p_ino;
+	uint32_t		p_gen;
+	xfs_dir2_dataptr_t	p_diroffset;
+	const char		*p_name;
+	uint8_t			p_namelen;
+};
+
 #endif /* __XFS_DA_FORMAT_H__ */

From patchwork Sun Mar 17 16:34:36 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Darrick J. Wong" <djwong@kernel.org>
X-Patchwork-Id: 13594687
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 952E91B949;
	Sun, 17 Mar 2024 16:34:37 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1710693277; cv=none;
 b=PvDitcqTM9oVc2Ce0qtQpRZEhUwjldMcmh2h4/tImDCsbYcRGm9Y2qmwhp5Mh3jQiQfI4AspHtpidokW+I8bW/ckLekQk0LvVyqOgH16RPL968nNFEMRjaTnz/yXJN7AGLg4xhbvEmaZ2snW4FIiITsjjfTBipHVnuflLG9MPRA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1710693277; c=relaxed/simple;
	bh=qz+FGJ6RLkUwKwK0DKJWnw4RO5PtzLDwaxpfHG3YJdo=;
	h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=T8IbALPj5OLIF+nwK00/ykRghkbNwfWuFHGKsd2rNSCBIOgZaw7TmNraQeY79ua3X/idREqpEcWI2a0dp5Z5iQy9+KGZgg8oqU/3EUNiz56uCr/YjEOuFH6gqhoHLm1MBjZOpyx7XxIvb24iKxOcYN3MbEshiE/SuffscvLbsmM=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=JbIzSL53; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="JbIzSL53"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1C26AC433F1;
	Sun, 17 Mar 2024 16:34:37 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1710693277;
	bh=qz+FGJ6RLkUwKwK0DKJWnw4RO5PtzLDwaxpfHG3YJdo=;
	h=Date:Subject:From:To:Cc:In-Reply-To:References:From;
	b=JbIzSL53zxR2HrcD0zt4oXSZdedBQERHewi+OIq3luKm+/eHo3F36qbLQ6NSAi+Ne
	 jkDHge8M31PscpVdjyqgNEWFZBiyryjAF4vt59gDiJngOE1kviFALWktixj110oK9+
	 KnBPR5OG1G06rLuBxqEso7wSipQQTYCoBqVIHf7+g1YLI+GAArHSX6Cd8e7zLqw1wa
	 zMEriX9MKfbgvsWtrhblGk1kJPiE/d8gJA/m5XcEMqVi54vjGMnypGFjbv043LiRrx
	 erSqFYLVNgGvqK4iaQ17RjP7BmJcaeas23rMcqjKIL8S8Ksaihm6UuDSNM9+enxjh9
	 ogJXxpxE1dbrA==
Date: Sun, 17 Mar 2024 09:34:36 -0700
Subject: [PATCH 03/20] xfsprogs: Add xfs_verify_pptr
From: "Darrick J. Wong" <djwong@kernel.org>
To: aalbersh@redhat.com, djwong@kernel.org, cem@kernel.org,
 ebiggers@kernel.org
Cc: Allison Henderson <allison.henderson@oracle.com>,
 fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org,
 linux-xfs@vger.kernel.org
Message-ID: <171069247716.2685643.14245994906424011556.stgit@frogsfrogsfrogs>
In-Reply-To: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
References: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
User-Agent: StGit/0.19
Precedence: bulk
X-Mailing-List: fsverity@lists.linux.dev
List-Id: <fsverity.lists.linux.dev>
List-Subscribe: <mailto:fsverity+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:fsverity+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Allison Henderson <allison.henderson@oracle.com>

Source kernel commit: 27e62618672464a8c011ee180878c711a6faed73

Attribute names of parent pointers are not strings.  So we need to modify
attr_namecheck to verify parent pointer records when the XFS_ATTR_PARENT flag is
set.

Signed-off-by: Allison Henderson <allison.henderson@oracle.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
---
 libxfs/xfs_attr.c      |   47 ++++++++++++++++++++++++++++++++++++++++++++---
 libxfs/xfs_attr.h      |    3 ++-
 libxfs/xfs_da_format.h |    8 ++++++++
 repair/attr_repair.c   |   19 ++++++++++++-------
 4 files changed, 66 insertions(+), 11 deletions(-)

diff --git a/libxfs/xfs_attr.c b/libxfs/xfs_attr.c
index 4818eabb..a9241d18 100644
--- a/libxfs/xfs_attr.c
+++ b/libxfs/xfs_attr.c
@@ -1510,9 +1510,33 @@ xfs_attr_node_get(
 	return error;
 }
 
-/* Returns true if the attribute entry name is valid. */
-bool
-xfs_attr_namecheck(
+/*
+ * Verify parent pointer attribute is valid.
+ * Return true on success or false on failure
+ */
+STATIC bool
+xfs_verify_pptr(
+	struct xfs_mount			*mp,
+	const struct xfs_parent_name_rec	*rec)
+{
+	xfs_ino_t				p_ino;
+	xfs_dir2_dataptr_t			p_diroffset;
+
+	p_ino = be64_to_cpu(rec->p_ino);
+	p_diroffset = be32_to_cpu(rec->p_diroffset);
+
+	if (!xfs_verify_ino(mp, p_ino))
+		return false;
+
+	if (p_diroffset > XFS_DIR2_MAX_DATAPTR)
+		return false;
+
+	return true;
+}
+
+/* Returns true if the string attribute entry name is valid. */
+static bool
+xfs_str_attr_namecheck(
 	const void	*name,
 	size_t		length)
 {
@@ -1527,6 +1551,23 @@ xfs_attr_namecheck(
 	return !memchr(name, 0, length);
 }
 
+/* Returns true if the attribute entry name is valid. */
+bool
+xfs_attr_namecheck(
+	struct xfs_mount	*mp,
+	const void		*name,
+	size_t			length,
+	int			flags)
+{
+	if (flags & XFS_ATTR_PARENT) {
+		if (length != sizeof(struct xfs_parent_name_rec))
+			return false;
+		return xfs_verify_pptr(mp, (struct xfs_parent_name_rec *)name);
+	}
+
+	return xfs_str_attr_namecheck(name, length);
+}
+
 int __init
 xfs_attr_intent_init_cache(void)
 {
diff --git a/libxfs/xfs_attr.h b/libxfs/xfs_attr.h
index 81be9b3e..af92cc57 100644
--- a/libxfs/xfs_attr.h
+++ b/libxfs/xfs_attr.h
@@ -547,7 +547,8 @@ int xfs_attr_get(struct xfs_da_args *args);
 int xfs_attr_set(struct xfs_da_args *args);
 int xfs_attr_set_iter(struct xfs_attr_intent *attr);
 int xfs_attr_remove_iter(struct xfs_attr_intent *attr);
-bool xfs_attr_namecheck(const void *name, size_t length);
+bool xfs_attr_namecheck(struct xfs_mount *mp, const void *name, size_t length,
+			int flags);
 int xfs_attr_calc_size(struct xfs_da_args *args, int *local);
 void xfs_init_attr_trans(struct xfs_da_args *args, struct xfs_trans_res *tres,
 			 unsigned int *total);
diff --git a/libxfs/xfs_da_format.h b/libxfs/xfs_da_format.h
index fa0f46db..e7045b36 100644
--- a/libxfs/xfs_da_format.h
+++ b/libxfs/xfs_da_format.h
@@ -757,6 +757,14 @@ xfs_attr3_leaf_name(xfs_attr_leafblock_t *leafp, int idx)
 	return &((char *)leafp)[be16_to_cpu(entries[idx].nameidx)];
 }
 
+static inline int
+xfs_attr3_leaf_flags(xfs_attr_leafblock_t *leafp, int idx)
+{
+	struct xfs_attr_leaf_entry *entries = xfs_attr3_leaf_entryp(leafp);
+
+	return entries[idx].flags;
+}
+
 static inline xfs_attr_leaf_name_remote_t *
 xfs_attr3_leaf_name_remote(xfs_attr_leafblock_t *leafp, int idx)
 {
diff --git a/repair/attr_repair.c b/repair/attr_repair.c
index f117f9ae..25588b3b 100644
--- a/repair/attr_repair.c
+++ b/repair/attr_repair.c
@@ -292,8 +292,9 @@ process_shortform_attr(
 		}
 
 		/* namecheck checks for null chars in attr names. */
-		if (!libxfs_attr_namecheck(currententry->nameval,
-					   currententry->namelen)) {
+		if (!libxfs_attr_namecheck(mp, currententry->nameval,
+					   currententry->namelen,
+					   currententry->flags)) {
 			do_warn(
 	_("entry contains illegal character in shortform attribute name\n"));
 			junkit = 1;
@@ -469,12 +470,14 @@ process_leaf_attr_local(
 	xfs_dablk_t		da_bno,
 	xfs_ino_t		ino)
 {
-	xfs_attr_leaf_name_local_t *local;
+	xfs_attr_leaf_name_local_t	*local;
+	int				flags;
 
 	local = xfs_attr3_leaf_name_local(leaf, i);
+	flags = xfs_attr3_leaf_flags(leaf, i);
 	if (local->namelen == 0 ||
-	    !libxfs_attr_namecheck(local->nameval,
-				   local->namelen)) {
+	    !libxfs_attr_namecheck(mp, local->nameval,
+				   local->namelen, flags)) {
 		do_warn(
 	_("attribute entry %d in attr block %u, inode %" PRIu64 " has bad name (namelen = %d)\n"),
 			i, da_bno, ino, local->namelen);
@@ -525,12 +528,14 @@ process_leaf_attr_remote(
 {
 	xfs_attr_leaf_name_remote_t *remotep;
 	char*			value;
+	int			flags;
 
 	remotep = xfs_attr3_leaf_name_remote(leaf, i);
+	flags = xfs_attr3_leaf_flags(leaf, i);
 
 	if (remotep->namelen == 0 ||
-	    !libxfs_attr_namecheck(remotep->name,
-				   remotep->namelen) ||
+	    !libxfs_attr_namecheck(mp, remotep->name,
+				   remotep->namelen, flags) ||
 	    be32_to_cpu(entry->hashval) !=
 			libxfs_da_hashname((unsigned char *)&remotep->name[0],
 					   remotep->namelen) ||

From patchwork Sun Mar 17 16:34:52 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Darrick J. Wong" <djwong@kernel.org>
X-Patchwork-Id: 13594688
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 49B981B949;
	Sun, 17 Mar 2024 16:34:52 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1710693293; cv=none;
 b=e24JAnaEHZAz5MLqcQycGI6bYkK/GBemxLQYwCt0uYj1rOHxOfwh7Zyy23ZjkPbPAXz9MZgFRqFBA8Apw9ZzfAtObPchVFO4Pm42kqE2IsBp5zOmW1sd6bvR6+ks/Zrnae3RxMyVDOdBQJVge30MO9ALdnVi5oKvmFC+cmGUH8M=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1710693293; c=relaxed/simple;
	bh=RggHKhdZKkJxpYlXhjfqhzcYpZJ5RnDewFcTjCfCK0o=;
	h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=uJik4L5o0HSooUK5+42S+LrvD6/f2fQ+hW+GiCaUpFl3XBnYiEJS/83JoHN9bu1OGV9T3QFuavlCnbC2+o57IYddHcS2odb1muSOdtoAOvOJQRJZOe8B43OTIeMUaz1y/V+LFQ0Q+AEHDddN3na4q4b0OfFwCiFh/bNmJ6gNcIg=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=oCZYGBzb; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="oCZYGBzb"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id B8613C433C7;
	Sun, 17 Mar 2024 16:34:52 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1710693292;
	bh=RggHKhdZKkJxpYlXhjfqhzcYpZJ5RnDewFcTjCfCK0o=;
	h=Date:Subject:From:To:Cc:In-Reply-To:References:From;
	b=oCZYGBzbQzMGYhL2L0sovmjdRh3C7QplObrgVcGYEgyv7wdUABSYrPr0aWq+i9vbL
	 rtHgJu+ArPVnNCgyYL1MARoVKAU/AQhXSUbNwDubBtnM+T89v6M1Prw95IFC4wAUVD
	 K/IMfB2MTZmm7pIJx72DX6sMS4Tr7MVfKHOQiB+SnFf+B7yEtZyYATZ4lt1Da0uw92
	 QxxosSFzbrY5nwZqSC+/NtAAl4Viu98aaVMwHq44dIfmjfI8bQ9n+Jx8b4upHHEo8F
	 zR/i6971GtgpN85sT9ztBTApgdvoB4FpHQVxHbvTpKysxqgKNPFHLorqT1nwAyRUY0
	 Kt1RLTOcwq2SA==
Date: Sun, 17 Mar 2024 09:34:52 -0700
Subject: [PATCH 04/20] fs: add FS_XFLAG_VERITY for verity files
From: "Darrick J. Wong" <djwong@kernel.org>
To: aalbersh@redhat.com, djwong@kernel.org, cem@kernel.org,
 ebiggers@kernel.org
Cc: fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org,
 linux-xfs@vger.kernel.org
Message-ID: <171069247730.2685643.9652848886084002483.stgit@frogsfrogsfrogs>
In-Reply-To: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
References: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
User-Agent: StGit/0.19
Precedence: bulk
X-Mailing-List: fsverity@lists.linux.dev
List-Id: <fsverity.lists.linux.dev>
List-Subscribe: <mailto:fsverity+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:fsverity+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Andrey Albershteyn <aalbersh@redhat.com>

Add extended attribute FS_XFLAG_VERITY for inodes with fs-verity
enabled.

Signed-off-by: Andrey Albershteyn <aalbersh@redhat.com>
[djwong: fix broken verity flag checks]
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
---
 include/linux.h |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/include/linux.h b/include/linux.h
index 95a0deee..d98d387e 100644
--- a/include/linux.h
+++ b/include/linux.h
@@ -249,6 +249,10 @@ struct fsxattr {
 #define FS_XFLAG_COWEXTSIZE	0x00010000	/* CoW extent size allocator hint */
 #endif
 
+#ifndef FS_XFLAG_VERITY
+#define FS_XFLAG_VERITY		0x00020000	/* fs-verity enabled */
+#endif
+
 /*
  * Reminder: anything added to this file will be compiled into downstream
  * userspace projects!

From patchwork Sun Mar 17 16:35:07 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Darrick J. Wong" <djwong@kernel.org>
X-Patchwork-Id: 13594689
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8D31F1B949;
	Sun, 17 Mar 2024 16:35:08 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1710693308; cv=none;
 b=UnCtMIRsmxTVMFB9T0ElnuX4H3rZ1CBf6jEbxA6UBHsdUQCS5bNpTiRY/ha67HB6Zcaz/VHgZAsqO/V7hmsp/jFc+yx8lJ/xzlX4F2CdTlz6a9fvkqXguvEGNIZnHfbijuuljWN2lwg/gNHQsOG+Rz9gvIadPvOwkbI1tCM6zEw=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1710693308; c=relaxed/simple;
	bh=6tJ2seaphlFM9dJGhh2nAddNTg/heedCJ2rlT4NAnlQ=;
	h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=PeuVbeBe2M8NXx0LPQs8B2OvGzOOmdPSDWqNvxVByJvTvutCzKltkn1rpjCd+nSgkXteLy1H7jMwYGdU9/u9DR3aQZ5iRUmxPluVfryY2dZJKs5XM+GSuOFveKa7sgOSq/pd/3iDUVe0jlwFFuZE6R7Ay0rwHfmJMpDDnj3dvdI=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=OcdA72Aq; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="OcdA72Aq"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5FBC0C433C7;
	Sun, 17 Mar 2024 16:35:08 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1710693308;
	bh=6tJ2seaphlFM9dJGhh2nAddNTg/heedCJ2rlT4NAnlQ=;
	h=Date:Subject:From:To:Cc:In-Reply-To:References:From;
	b=OcdA72AqwnwLHINB7Ytnq4j3lb6pqm/wl83iFPBHI6dU96e0HWy9M/eZkJY/PUVPl
	 Cqi7A750tVnSRqaRRKIO6xNVtU6J4uDlDYPmJCwf/iUtEyVGY/GPyB3Omc+KMcJ+y8
	 fH80AkRpaUI9Q2ASVZxkfu7dYs+CIaaTTWKG3Cvbgb7YMom4wIpFb5+g2kHkG7LQbo
	 6/IcsD7tRZQkkn2gB+HtkvHpLtieTtQbsZxx+NVsGdc+aaTvW/GZ/MrCGcSDK4uBAp
	 Mi77OYlVRQPV6PwXvDOAAOIUjBTcAUoutEvu2JwYgBe+Sn7wm5680cxTe8CjmO6kr+
	 muWJEktHZ8tVA==
Date: Sun, 17 Mar 2024 09:35:07 -0700
Subject: [PATCH 05/20] xfs: add attribute type for fs-verity
From: "Darrick J. Wong" <djwong@kernel.org>
To: aalbersh@redhat.com, djwong@kernel.org, cem@kernel.org,
 ebiggers@kernel.org
Cc: fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org,
 linux-xfs@vger.kernel.org
Message-ID: <171069247744.2685643.5127507389767820706.stgit@frogsfrogsfrogs>
In-Reply-To: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
References: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
User-Agent: StGit/0.19
Precedence: bulk
X-Mailing-List: fsverity@lists.linux.dev
List-Id: <fsverity.lists.linux.dev>
List-Subscribe: <mailto:fsverity+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:fsverity+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Andrey Albershteyn <aalbersh@redhat.com>

The Merkle tree blocks and descriptor are stored in the extended
attributes of the inode. Add new attribute type for fs-verity
metadata. Add XFS_ATTR_INTERNAL_MASK to skip parent pointer and
fs-verity attributes as those are only for internal use. While we're
at it add a few comments in relevant places that internally visible
attributes are not suppose to be handled via interface defined in
xfs_xattr.c.

Signed-off-by: Andrey Albershteyn <aalbersh@redhat.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
---
 libxfs/xfs_da_format.h  |   10 +++++++++-
 libxfs/xfs_log_format.h |    1 +
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/libxfs/xfs_da_format.h b/libxfs/xfs_da_format.h
index e7045b36..3a35ba58 100644
--- a/libxfs/xfs_da_format.h
+++ b/libxfs/xfs_da_format.h
@@ -715,14 +715,22 @@ struct xfs_attr3_leafblock {
 #define	XFS_ATTR_ROOT_BIT	1	/* limit access to trusted attrs */
 #define	XFS_ATTR_SECURE_BIT	2	/* limit access to secure attrs */
 #define	XFS_ATTR_PARENT_BIT	3	/* parent pointer attrs */
+#define	XFS_ATTR_VERITY_BIT	4	/* verity merkle tree and descriptor */
 #define	XFS_ATTR_INCOMPLETE_BIT	7	/* attr in middle of create/delete */
 #define XFS_ATTR_LOCAL		(1u << XFS_ATTR_LOCAL_BIT)
 #define XFS_ATTR_ROOT		(1u << XFS_ATTR_ROOT_BIT)
 #define XFS_ATTR_SECURE		(1u << XFS_ATTR_SECURE_BIT)
 #define XFS_ATTR_PARENT		(1u << XFS_ATTR_PARENT_BIT)
+#define XFS_ATTR_VERITY		(1u << XFS_ATTR_VERITY_BIT)
 #define XFS_ATTR_INCOMPLETE	(1u << XFS_ATTR_INCOMPLETE_BIT)
 #define XFS_ATTR_NSP_ONDISK_MASK \
-			(XFS_ATTR_ROOT | XFS_ATTR_SECURE | XFS_ATTR_PARENT)
+			(XFS_ATTR_ROOT | XFS_ATTR_SECURE | XFS_ATTR_PARENT | \
+			 XFS_ATTR_VERITY)
+
+/*
+ * Internal attributes not exposed to the user
+ */
+#define XFS_ATTR_INTERNAL_MASK (XFS_ATTR_PARENT | XFS_ATTR_VERITY)
 
 /*
  * Alignment for namelist and valuelist entries (since they are mixed
diff --git a/libxfs/xfs_log_format.h b/libxfs/xfs_log_format.h
index 9cbcba4b..407fadfb 100644
--- a/libxfs/xfs_log_format.h
+++ b/libxfs/xfs_log_format.h
@@ -975,6 +975,7 @@ struct xfs_icreate_log {
 #define XFS_ATTRI_FILTER_MASK		(XFS_ATTR_ROOT | \
 					 XFS_ATTR_SECURE | \
 					 XFS_ATTR_PARENT | \
+					 XFS_ATTR_VERITY | \
 					 XFS_ATTR_INCOMPLETE)
 
 /*

From patchwork Sun Mar 17 16:35:23 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Darrick J. Wong" <djwong@kernel.org>
X-Patchwork-Id: 13594690
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3ABB41B949;
	Sun, 17 Mar 2024 16:35:24 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1710693324; cv=none;
 b=oGF4Lkoj3x4+kWax80er4aX7FPQKmfQU1rbJFdvSLhuf6L8sCemznunMvjWMn9zwwvzSBnCQditaPYqDS7GtFp7vwhV9t7IPNrnBmb5otLzIxUg/Y7vV2pf3sEzwQ7N+SFGhT3m7GIc95TfVhnhTTQ/wp0R5R3Y2g2Rxp3kUlEg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1710693324; c=relaxed/simple;
	bh=DqyXpRyE725aMur+/9YXJmf0GJ8QI+0FYkHEZsvebfY=;
	h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=iIzzJ9hdJINmYTAq2+YMJnekPRgl/GD3BgcWUMkMjEvK/wI/TWdweJYma9Gw7U6FLGLAHGmVE9t7QLOV00cGyPM7UhdnnHNlbFSFljlXSSNLdBiEgr6TUPW1bhxd405gskUkL2ohjBKxpK4sCyRHND/jWgs28qOerjvz0yaCxQs=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=FuzUTpOR; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="FuzUTpOR"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0E490C433C7;
	Sun, 17 Mar 2024 16:35:24 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1710693324;
	bh=DqyXpRyE725aMur+/9YXJmf0GJ8QI+0FYkHEZsvebfY=;
	h=Date:Subject:From:To:Cc:In-Reply-To:References:From;
	b=FuzUTpORcte1a91OqB/FgMVf7/veckc2/DShUSUo0BH05l5Hba9Vpikx4ZMNkztrs
	 x/mtwgs4qZzzS2+iIFvmnVbRCP4LZ635aaXP6/CfZQVBb+UdQu5NbbJiAtwilfRed6
	 QNnhT8ne6/GC19iOqJ7psoiryGRXLPvRK4MI2c43SpjcKKPVlqRMsWkznPmkdXXBXV
	 DFtcbdF/ne+iyfqf8dTdeZW5EdKzXWEXV89F6W7ngfgta6HwDf7Y0xbWMR5aWocZBa
	 alGhnJMdOu9biEg5dfz89uRB40KnmKUEE6CGFzibcyuytZInfkjxB90HDVmAwLoLZp
	 /19SzdN5bjrMQ==
Date: Sun, 17 Mar 2024 09:35:23 -0700
Subject: [PATCH 06/20] xfs: add fs-verity ro-compat flag
From: "Darrick J. Wong" <djwong@kernel.org>
To: aalbersh@redhat.com, djwong@kernel.org, cem@kernel.org,
 ebiggers@kernel.org
Cc: fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org,
 linux-xfs@vger.kernel.org
Message-ID: <171069247758.2685643.2308744744627785641.stgit@frogsfrogsfrogs>
In-Reply-To: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
References: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
User-Agent: StGit/0.19
Precedence: bulk
X-Mailing-List: fsverity@lists.linux.dev
List-Id: <fsverity.lists.linux.dev>
List-Subscribe: <mailto:fsverity+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:fsverity+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Andrey Albershteyn <aalbersh@redhat.com>

To mark inodes with fs-verity enabled the new XFS_DIFLAG2_VERITY flag
will be added in further patch. This requires ro-compat flag to let
older kernels know that fs with fs-verity can not be modified.

Signed-off-by: Andrey Albershteyn <aalbersh@redhat.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
---
 include/xfs_mount.h |    2 ++
 libxfs/xfs_format.h |    1 +
 libxfs/xfs_sb.c     |    2 ++
 3 files changed, 5 insertions(+)

diff --git a/include/xfs_mount.h b/include/xfs_mount.h
index 9c492b8f..e88535cd 100644
--- a/include/xfs_mount.h
+++ b/include/xfs_mount.h
@@ -169,6 +169,7 @@ typedef struct xfs_mount {
 #define XFS_FEAT_BIGTIME	(1ULL << 24)	/* large timestamps */
 #define XFS_FEAT_NEEDSREPAIR	(1ULL << 25)	/* needs xfs_repair */
 #define XFS_FEAT_NREXT64	(1ULL << 26)	/* large extent counters */
+#define XFS_FEAT_VERITY		(1ULL << 27)	/* fs-verity */
 
 #define __XFS_HAS_FEAT(name, NAME) \
 static inline bool xfs_has_ ## name (struct xfs_mount *mp) \
@@ -213,6 +214,7 @@ __XFS_HAS_FEAT(inobtcounts, INOBTCNT)
 __XFS_HAS_FEAT(bigtime, BIGTIME)
 __XFS_HAS_FEAT(needsrepair, NEEDSREPAIR)
 __XFS_HAS_FEAT(large_extent_counts, NREXT64)
+__XFS_HAS_FEAT(verity, VERITY)
 
 /* Kernel mount features that we don't support */
 #define __XFS_UNSUPP_FEAT(name) \
diff --git a/libxfs/xfs_format.h b/libxfs/xfs_format.h
index 2b2f9050..93d280eb 100644
--- a/libxfs/xfs_format.h
+++ b/libxfs/xfs_format.h
@@ -353,6 +353,7 @@ xfs_sb_has_compat_feature(
 #define XFS_SB_FEAT_RO_COMPAT_RMAPBT   (1 << 1)		/* reverse map btree */
 #define XFS_SB_FEAT_RO_COMPAT_REFLINK  (1 << 2)		/* reflinked files */
 #define XFS_SB_FEAT_RO_COMPAT_INOBTCNT (1 << 3)		/* inobt block counts */
+#define XFS_SB_FEAT_RO_COMPAT_VERITY   (1 << 4)		/* fs-verity */
 #define XFS_SB_FEAT_RO_COMPAT_ALL \
 		(XFS_SB_FEAT_RO_COMPAT_FINOBT | \
 		 XFS_SB_FEAT_RO_COMPAT_RMAPBT | \
diff --git a/libxfs/xfs_sb.c b/libxfs/xfs_sb.c
index 00b0a937..d6755181 100644
--- a/libxfs/xfs_sb.c
+++ b/libxfs/xfs_sb.c
@@ -161,6 +161,8 @@ xfs_sb_version_to_features(
 		features |= XFS_FEAT_REFLINK;
 	if (sbp->sb_features_ro_compat & XFS_SB_FEAT_RO_COMPAT_INOBTCNT)
 		features |= XFS_FEAT_INOBTCNT;
+	if (sbp->sb_features_ro_compat & XFS_SB_FEAT_RO_COMPAT_VERITY)
+		features |= XFS_FEAT_VERITY;
 	if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_FTYPE)
 		features |= XFS_FEAT_FTYPE;
 	if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_SPINODES)

From patchwork Sun Mar 17 16:35:39 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Darrick J. Wong" <djwong@kernel.org>
X-Patchwork-Id: 13594691
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4E0481B949;
	Sun, 17 Mar 2024 16:35:39 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1710693340; cv=none;
 b=R1isCBiMKqO7PFeUC45IfMgjJEPul/I6CuiRNvkc8FpFeC5WKrjb2Mk57uZgtKADCkKBR9pwB+dc8tspAYqX2/9jUbNQOOdAwbUNJW7FP32bBcKr1ztIOVf0Nblv8FJ8hbLJfmbe6UUeBfUh67mgUS+dKa5xL0whv1atycggq0s=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1710693340; c=relaxed/simple;
	bh=U2hq3956kXMhaD85lR2Oe+rbf3mpdLcXYo9vZrv7R0w=;
	h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=KWC2bHiB5J5XS1etlNrlcpgtW5lwIGcWTNO1ampzQ1jUzRHpusjbVwG+5R5ICHTiJdglg1LhLWzg5XJuOGHi5kVuZAnRf5xfszBR5fj8UVDXmHca7YNgkgS9i5knaSXK8RjOH4j+m+kVZ0hgp0xX8rT8rychuSYiHmzBbzxHtRc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=dFg7iv+W; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="dFg7iv+W"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id B7358C433F1;
	Sun, 17 Mar 2024 16:35:39 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1710693339;
	bh=U2hq3956kXMhaD85lR2Oe+rbf3mpdLcXYo9vZrv7R0w=;
	h=Date:Subject:From:To:Cc:In-Reply-To:References:From;
	b=dFg7iv+WtFDChcz599w2LQQfbi+V9MF46O+k1I7kag3u3k6eUEP7mnc8rZm/lF57p
	 185hT6mJ2T/DnykAvquc/xnCKGE9U1MQ43uwwUsd8igJ9ySuZ1lFEOT0s0lTz3fXpn
	 etfWsWFJkia86VoSSgEUOHs8IeajWGtvAgF8vdq0bJlAgHDEhobdW/iOQpkSOuvTtc
	 /Sl4ZsFYd+3SgTAhbmi9XM+88pA3Uuinjul649mXJ2vhGrwciKdiWae8EyVZfaYYvW
	 j9NivLQGW0y7dAbhZ7P5Zvz1NKMWn8Dn8XqkVXYZ83nuiytTJakKDQfPrJSlpK03NM
	 Kmektm47EWE7Q==
Date: Sun, 17 Mar 2024 09:35:39 -0700
Subject: [PATCH 07/20] xfs: add inode on-disk VERITY flag
From: "Darrick J. Wong" <djwong@kernel.org>
To: aalbersh@redhat.com, djwong@kernel.org, cem@kernel.org,
 ebiggers@kernel.org
Cc: fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org,
 linux-xfs@vger.kernel.org
Message-ID: <171069247772.2685643.1544897659577123663.stgit@frogsfrogsfrogs>
In-Reply-To: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
References: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
User-Agent: StGit/0.19
Precedence: bulk
X-Mailing-List: fsverity@lists.linux.dev
List-Id: <fsverity.lists.linux.dev>
List-Subscribe: <mailto:fsverity+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:fsverity+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Andrey Albershteyn <aalbersh@redhat.com>

Source kernel commit: ff6c7e66f70cb7239fcc6a1011f47132091d679e

Add flag to mark inodes which have fs-verity enabled on them (i.e.
descriptor exist and tree is built).

Signed-off-by: Andrey Albershteyn <aalbersh@redhat.com>
---
 libxfs/xfs_format.h |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libxfs/xfs_format.h b/libxfs/xfs_format.h
index 93d280eb..3ce29021 100644
--- a/libxfs/xfs_format.h
+++ b/libxfs/xfs_format.h
@@ -1085,16 +1085,18 @@ static inline void xfs_dinode_put_rdev(struct xfs_dinode *dip, xfs_dev_t rdev)
 #define XFS_DIFLAG2_COWEXTSIZE_BIT   2  /* copy on write extent size hint */
 #define XFS_DIFLAG2_BIGTIME_BIT	3	/* big timestamps */
 #define XFS_DIFLAG2_NREXT64_BIT 4	/* large extent counters */
+#define XFS_DIFLAG2_VERITY_BIT	5	/* inode sealed by fsverity */
 
 #define XFS_DIFLAG2_DAX		(1 << XFS_DIFLAG2_DAX_BIT)
 #define XFS_DIFLAG2_REFLINK     (1 << XFS_DIFLAG2_REFLINK_BIT)
 #define XFS_DIFLAG2_COWEXTSIZE  (1 << XFS_DIFLAG2_COWEXTSIZE_BIT)
 #define XFS_DIFLAG2_BIGTIME	(1 << XFS_DIFLAG2_BIGTIME_BIT)
 #define XFS_DIFLAG2_NREXT64	(1 << XFS_DIFLAG2_NREXT64_BIT)
+#define XFS_DIFLAG2_VERITY	(1 << XFS_DIFLAG2_VERITY_BIT)
 
 #define XFS_DIFLAG2_ANY \
 	(XFS_DIFLAG2_DAX | XFS_DIFLAG2_REFLINK | XFS_DIFLAG2_COWEXTSIZE | \
-	 XFS_DIFLAG2_BIGTIME | XFS_DIFLAG2_NREXT64)
+	 XFS_DIFLAG2_BIGTIME | XFS_DIFLAG2_NREXT64 | XFS_DIFLAG2_VERITY)
 
 static inline bool xfs_dinode_has_bigtime(const struct xfs_dinode *dip)
 {

From patchwork Sun Mar 17 16:35:54 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Darrick J. Wong" <djwong@kernel.org>
X-Patchwork-Id: 13594692
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id DBA7E1CD21;
	Sun, 17 Mar 2024 16:35:55 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1710693356; cv=none;
 b=V8BRem4zR38sh48GbwuV18yIRztRIGsufIr6WX8RtPUV1xto6ttOS/RErkNsd2Gi6ZMS9q2itSbOC3Qcjt2av3e8lqkDvQSwkZQIJrskbAHH9Kag7Tlg5e7Pr/wD/rz8dlxzxHJjYJDBY5nS71SkqBM3fMIikEgeEtg547MGwKY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1710693356; c=relaxed/simple;
	bh=XIY1Z9jhLjL9S2HQLE7A1RwuN2dPMKfHfNscD64WfCI=;
	h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=MUZk8+TaY182lH07Ylwey9Pjx1qCK9384WiLzedI5Kv+vy3L9QQBfTxvdGrJ1/pwSQJsvbwXjpO0zqeY4UYttsPO6KI1U+MajbzwCCsOGQBEgPEu3eAVekbeYr75jW0Dl/7L6/8ehdkCmebgKxD5lxo3kv+CQlk9bgcel1nKMS0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=ubziP04Y; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="ubziP04Y"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 60430C43601;
	Sun, 17 Mar 2024 16:35:55 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1710693355;
	bh=XIY1Z9jhLjL9S2HQLE7A1RwuN2dPMKfHfNscD64WfCI=;
	h=Date:Subject:From:To:Cc:In-Reply-To:References:From;
	b=ubziP04YZW75Foz8PR5JaTNj5dId2E22SoGnYiIy906lyAVTUr+3DL0rQVNsckNNc
	 WqVJzZV3pz7b7BB3KtXIu38iE4n/SPrGUCo1fbbntYtUdZR2oykFsREU1dKjBMuBg2
	 rlI4QhrQsSVUj9XtmlM+e5QIiPiwJMkDGqGVwAk3VA1BII0eUT36uVW5OV+v5TXwUR
	 jdC8FUJGAleoovaZNonz1vYLSLpWFgdy8VxniX65S6YL/v+EVMGAdcEYLJAET4G7hV
	 iEI76FwJNY7DMp4FMYFICmskUiwtUb2kjak1XWFJzIcv7xVu6TRMeoev8Yl3bTA6VY
	 s4hCIZLdpBzAg==
Date: Sun, 17 Mar 2024 09:35:54 -0700
Subject: [PATCH 08/20] xfs: add fs-verity support
From: "Darrick J. Wong" <djwong@kernel.org>
To: aalbersh@redhat.com, djwong@kernel.org, cem@kernel.org,
 ebiggers@kernel.org
Cc: fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org,
 linux-xfs@vger.kernel.org
Message-ID: <171069247785.2685643.2517312697309625579.stgit@frogsfrogsfrogs>
In-Reply-To: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
References: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
User-Agent: StGit/0.19
Precedence: bulk
X-Mailing-List: fsverity@lists.linux.dev
List-Id: <fsverity.lists.linux.dev>
List-Subscribe: <mailto:fsverity+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:fsverity+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Andrey Albershteyn <aalbersh@redhat.com>

Add integration with fs-verity. The XFS store fs-verity metadata in
the extended file attributes. The metadata consist of verity
descriptor and Merkle tree blocks.

The descriptor is stored under "vdesc" extended attribute. The
Merkle tree blocks are stored under binary indexes which are offsets
into the Merkle tree.

When fs-verity is enabled on an inode, the XFS_IVERITY_CONSTRUCTION
flag is set meaning that the Merkle tree is being build. The
initialization ends with storing of verity descriptor and setting
inode on-disk flag (XFS_DIFLAG2_VERITY).

The verification on read is done in read path of iomap.

Signed-off-by: Andrey Albershteyn <aalbersh@redhat.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
[djwong: replace caching implementation with an xarray, other cleanups]
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
---
 libxfs/xfs_attr.c      |   12 ++++++++++++
 libxfs/xfs_da_format.h |   32 ++++++++++++++++++++++++++++++++
 libxfs/xfs_ondisk.h    |    4 ++++
 3 files changed, 48 insertions(+)

diff --git a/libxfs/xfs_attr.c b/libxfs/xfs_attr.c
index a9241d18..30cf3688 100644
--- a/libxfs/xfs_attr.c
+++ b/libxfs/xfs_attr.c
@@ -1565,6 +1565,18 @@ xfs_attr_namecheck(
 		return xfs_verify_pptr(mp, (struct xfs_parent_name_rec *)name);
 	}
 
+	if (flags & XFS_ATTR_VERITY) {
+		/* Merkle tree pages are stored under u64 indexes */
+		if (length == sizeof(struct xfs_verity_merkle_key))
+			return true;
+
+		/* Verity descriptor blocks are held in a named attribute. */
+		if (length == XFS_VERITY_DESCRIPTOR_NAME_LEN)
+			return true;
+
+		return false;
+	}
+
 	return xfs_str_attr_namecheck(name, length);
 }
 
diff --git a/libxfs/xfs_da_format.h b/libxfs/xfs_da_format.h
index 3a35ba58..2d2314a5 100644
--- a/libxfs/xfs_da_format.h
+++ b/libxfs/xfs_da_format.h
@@ -919,4 +919,36 @@ struct xfs_parent_name_irec {
 	uint8_t			p_namelen;
 };
 
+/*
+ * fs-verity attribute name format
+ *
+ * Merkle tree blocks are stored under extended attributes of the inode. The
+ * name of the attributes are byte offsets into merkle tree.
+ */
+struct xfs_verity_merkle_key {
+	__be64	vi_merkleoff;
+};
+
+static inline void
+xfs_verity_merkle_key_to_disk(
+	struct xfs_verity_merkle_key	*key,
+	uint64_t			offset)
+{
+	key->vi_merkleoff = cpu_to_be64(offset);
+}
+
+static inline uint64_t
+xfs_verity_merkle_key_from_disk(
+	const void			*attr_name)
+{
+	const struct xfs_verity_merkle_key *key = attr_name;
+
+	return be64_to_cpu(key->vi_merkleoff);
+}
+
+
+/* ondisk xattr name used for the fsverity descriptor */
+#define XFS_VERITY_DESCRIPTOR_NAME	"vdesc"
+#define XFS_VERITY_DESCRIPTOR_NAME_LEN	(sizeof(XFS_VERITY_DESCRIPTOR_NAME) - 1)
+
 #endif /* __XFS_DA_FORMAT_H__ */
diff --git a/libxfs/xfs_ondisk.h b/libxfs/xfs_ondisk.h
index 81885a6a..16f4ef2f 100644
--- a/libxfs/xfs_ondisk.h
+++ b/libxfs/xfs_ondisk.h
@@ -194,6 +194,10 @@ xfs_check_ondisk_structs(void)
 	XFS_CHECK_VALUE(XFS_DQ_BIGTIME_EXPIRY_MIN << XFS_DQ_BIGTIME_SHIFT, 4);
 	XFS_CHECK_VALUE(XFS_DQ_BIGTIME_EXPIRY_MAX << XFS_DQ_BIGTIME_SHIFT,
 			16299260424LL);
+
+	/* fs-verity xattrs */
+	XFS_CHECK_STRUCT_SIZE(struct xfs_verity_merkle_key,	8);
+	XFS_CHECK_VALUE(sizeof(XFS_VERITY_DESCRIPTOR_NAME),	6);
 }
 
 #endif /* __XFS_ONDISK_H */

From patchwork Sun Mar 17 16:36:10 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Darrick J. Wong" <djwong@kernel.org>
X-Patchwork-Id: 13594693
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id ABFCE3C26;
	Sun, 17 Mar 2024 16:36:11 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1710693371; cv=none;
 b=Nr3MnrofovWmagfoMFL6rx+yJIU5vKAKFow6nNA1pfCz2CarO0G5jYq1KCyV5xUJEZuTiiXdaJu/2XzAzYytyWJuTaAZK5WcnHgOVkM2K35nAyY/yu1bTsYWIN9mygjWiFiksmklRHxdF6mjXTebrf4sT9wthVeijcfI3W/rFNY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1710693371; c=relaxed/simple;
	bh=7AFXBmyZcF9rLEw8hbInBtTbS/b4JUyzWP5bwVz+Ct4=;
	h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=IhxQdc2IO7HhLFLsVI64xov1U8Yqyrqw78Hn1IRH51XRCMMEH+/AabKuCh0/pWs0iufFGLOiB3fvC1JuSIaSR0K5QAQtQgMh3eoEwQsOvcNq9onK8a0WLoDoqxXsaBx+es4wJ2B4Bbw0jH40GyCKpuFDVDSk+9SrV7s+lw370M0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=rO3Kt6NZ; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="rO3Kt6NZ"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0E337C433F1;
	Sun, 17 Mar 2024 16:36:11 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1710693371;
	bh=7AFXBmyZcF9rLEw8hbInBtTbS/b4JUyzWP5bwVz+Ct4=;
	h=Date:Subject:From:To:Cc:In-Reply-To:References:From;
	b=rO3Kt6NZ0AmYGXxYxDa+cRP1+XF4rucT8hxTVjdsbnsTgddgI/rwsUUud0/Ts5Vmo
	 WGRnjnZApdx8x4LR4Tf59Z7zFZ6PpU9OLXPq8z9aVFMmLyG+hhcjFIGtQDJNMmPZqw
	 fT10V5qwzXRyUoEbrqqgtZjlCvy9Q54aG4wJRk9dyWXvkt7LoBSwhxbgnoMXH2ap/l
	 7gR8Yr42g8aAgGUMXCFE1OrhRTPbCfLvZeNXmjs8oK4+ZnmovclPTCpeuMB9Wl8yrZ
	 YumkvVL1gazPtukyn21j+HWIE/YUoxVmkiDz2jeF4nqH4B5ydLIA2AFAVeePzxk2Vn
	 ZN27Pvt8KIagA==
Date: Sun, 17 Mar 2024 09:36:10 -0700
Subject: [PATCH 09/20] xfs: advertise fs-verity being available on filesystem
From: "Darrick J. Wong" <djwong@kernel.org>
To: aalbersh@redhat.com, djwong@kernel.org, cem@kernel.org,
 ebiggers@kernel.org
Cc: fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org,
 linux-xfs@vger.kernel.org
Message-ID: <171069247799.2685643.3109060869144056617.stgit@frogsfrogsfrogs>
In-Reply-To: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
References: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
User-Agent: StGit/0.19
Precedence: bulk
X-Mailing-List: fsverity@lists.linux.dev
List-Id: <fsverity.lists.linux.dev>
List-Subscribe: <mailto:fsverity+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:fsverity+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Darrick J. Wong <djwong@kernel.org>

Advertise that this filesystem supports fsverity.

Signed-off-by: Darrick J. Wong <djwong@kernel.org>
---
 libxfs/xfs_fs.h |    1 +
 libxfs/xfs_sb.c |    2 ++
 2 files changed, 3 insertions(+)

diff --git a/libxfs/xfs_fs.h b/libxfs/xfs_fs.h
index ca1b17d0..2f372088 100644
--- a/libxfs/xfs_fs.h
+++ b/libxfs/xfs_fs.h
@@ -239,6 +239,7 @@ typedef struct xfs_fsop_resblks {
 #define XFS_FSOP_GEOM_FLAGS_BIGTIME	(1 << 21) /* 64-bit nsec timestamps */
 #define XFS_FSOP_GEOM_FLAGS_INOBTCNT	(1 << 22) /* inobt btree counter */
 #define XFS_FSOP_GEOM_FLAGS_NREXT64	(1 << 23) /* large extent counters */
+#define XFS_FSOP_GEOM_FLAGS_VERITY	(1 << 24) /* fs-verity */
 
 /*
  * Minimum and maximum sizes need for growth checks.
diff --git a/libxfs/xfs_sb.c b/libxfs/xfs_sb.c
index d6755181..fc2269a2 100644
--- a/libxfs/xfs_sb.c
+++ b/libxfs/xfs_sb.c
@@ -1258,6 +1258,8 @@ xfs_fs_geometry(
 	}
 	if (xfs_has_large_extent_counts(mp))
 		geo->flags |= XFS_FSOP_GEOM_FLAGS_NREXT64;
+	if (xfs_has_verity(mp))
+		geo->flags |= XFS_FSOP_GEOM_FLAGS_VERITY;
 	geo->rtsectsize = sbp->sb_blocksize;
 	geo->dirblocksize = xfs_dir2_dirblock_bytes(sbp);
 

From patchwork Sun Mar 17 16:36:26 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Darrick J. Wong" <djwong@kernel.org>
X-Patchwork-Id: 13594694
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 312761CF89;
	Sun, 17 Mar 2024 16:36:26 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1710693387; cv=none;
 b=S24BbjJvgKcw2+B0DI1NbGK0IIybUcdjRAFAbuX7Xh8yZxVCGI8Z+ToIaoLdEVxdXR78yuSCuQ1gyvmCYHB5ea1+n3qdrFLjB1+WvqDXtvktmjCmXfwr1TC7btJFUBjdtMxAEOYBsMVMfgw6aKyNkBmfoTphQ7b6NbEamYdlbGA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1710693387; c=relaxed/simple;
	bh=/3zIsbCULrlmi+z1U3hHczhCFh/SR3zMtocXoymYOH0=;
	h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=SNEI+2rp8lJs2tOMGUkmTPp9bcB5oM0Je3EeauQhjgz81dRsAfAxB3edcwXFm5469052dNjV1sqIRME9oOHzwZWqxtvJtdmTov1v+sew5bETUVXH15zfibzU93mGdwKMzqziCy93/kT7p/uvVzN1EA2fw9sxnPyuGscgosDT+wQ=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=gIss8dZ+; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="gIss8dZ+"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id ACCE4C433C7;
	Sun, 17 Mar 2024 16:36:26 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1710693386;
	bh=/3zIsbCULrlmi+z1U3hHczhCFh/SR3zMtocXoymYOH0=;
	h=Date:Subject:From:To:Cc:In-Reply-To:References:From;
	b=gIss8dZ+/yEm/hgbIlNiBHu//6U2E/qmyFpsosPy5pNMsmZGyYZ4qywmhmjmYVSnA
	 et7ToJn+So9OAo6koDx1oJWGA7J6gawtWeYU+YVUogcycj2uXPm4V+7PlHSg0ouEtp
	 a64qjUxgkxZHciHMtBXw9+OhHX8P3rSmIFEIQHx2P4dvMcU1HyO8oybFoFxnPKno2i
	 0dNrfkIEoKQxL5keheOKd1ddj3EQlCTFqLsDBTZ2FEEO+c6uu/zQnGd7Xm7caeSH3j
	 rNSb0rDF8+9syjjQQCUNg7x5K2Yz2k86BFUGJ9NbdoCz9aBVCffAUd0yCW/4thc3XI
	 hfG6tSKXoBJ3A==
Date: Sun, 17 Mar 2024 09:36:26 -0700
Subject: [PATCH 10/20] xfs: create separate name hash function for xattrs
From: "Darrick J. Wong" <djwong@kernel.org>
To: aalbersh@redhat.com, djwong@kernel.org, cem@kernel.org,
 ebiggers@kernel.org
Cc: fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org,
 linux-xfs@vger.kernel.org
Message-ID: <171069247813.2685643.380949365170709573.stgit@frogsfrogsfrogs>
In-Reply-To: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
References: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
User-Agent: StGit/0.19
Precedence: bulk
X-Mailing-List: fsverity@lists.linux.dev
List-Id: <fsverity.lists.linux.dev>
List-Subscribe: <mailto:fsverity+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:fsverity+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Darrick J. Wong <djwong@kernel.org>

Create a new hashing function for extended attribute names.  The next
patch needs this so it can modify the hash strategy for verity xattrs.

Signed-off-by: Darrick J. Wong <djwong@kernel.org>
---
 db/hash.c                |    4 ++--
 db/metadump.c            |   26 +++++++++++++++-----------
 libxfs/libxfs_api_defs.h |    1 +
 libxfs/xfs_attr.c        |   16 ++++++++++++++--
 libxfs/xfs_attr.h        |    3 +++
 libxfs/xfs_attr_leaf.c   |    4 ++--
 repair/attr_repair.c     |    9 ++++++---
 7 files changed, 43 insertions(+), 20 deletions(-)

diff --git a/db/hash.c b/db/hash.c
index 05a94f24..df214c16 100644
--- a/db/hash.c
+++ b/db/hash.c
@@ -73,7 +73,7 @@ hash_f(
 		if (use_dir2_hash)
 			hashval = libxfs_dir2_hashname(mp, &xname);
 		else
-			hashval = libxfs_da_hashname(xname.name, xname.len);
+			hashval = libxfs_attr_hashname(0, xname.name, xname.len);
 		dbprintf("0x%x\n", hashval);
 	}
 
@@ -306,7 +306,7 @@ collide_xattrs(
 	unsigned long		i;
 	int			error;
 
-	old_hash = libxfs_da_hashname((uint8_t *)name, namelen);
+	old_hash = libxfs_attr_hashname(0, (uint8_t *)name, namelen);
 
 	if (fd >= 0) {
 		/*
diff --git a/db/metadump.c b/db/metadump.c
index a656ef57..95f58363 100644
--- a/db/metadump.c
+++ b/db/metadump.c
@@ -823,6 +823,7 @@ handle_duplicate_name(xfs_dahash_t hash, size_t name_len, unsigned char *name)
 static inline xfs_dahash_t
 dirattr_hashname(
 	bool		is_dirent,
+	unsigned int	attr_flags,
 	const uint8_t	*name,
 	int		namelen)
 {
@@ -835,12 +836,13 @@ dirattr_hashname(
 		return libxfs_dir2_hashname(mp, &xname);
 	}
 
-	return libxfs_da_hashname(name, namelen);
+	return libxfs_attr_hashname(attr_flags, name, namelen);
 }
 
 static void
 generate_obfuscated_name(
 	xfs_ino_t		ino,
+	unsigned int		attr_flags,
 	int			namelen,
 	unsigned char		*name)
 {
@@ -866,9 +868,9 @@ generate_obfuscated_name(
 
 	/* Obfuscate the name (if possible) */
 
-	hash = dirattr_hashname(ino != 0, name, namelen);
+	hash = dirattr_hashname(ino != 0, attr_flags, name, namelen);
 	obfuscate_name(hash, namelen, name, ino != 0);
-	ASSERT(hash == dirattr_hashname(ino != 0, name, namelen));
+	ASSERT(hash == dirattr_hashname(ino != 0, attr_flags, name, namelen));
 
 	/*
 	 * Make sure the name is not something already seen.  If we
@@ -945,7 +947,7 @@ process_sf_dir(
 		if (metadump.obfuscate)
 			generate_obfuscated_name(
 					 libxfs_dir2_sf_get_ino(mp, sfp, sfep),
-					 namelen, &sfep->name[0]);
+					 0, namelen, &sfep->name[0]);
 
 		sfep = (xfs_dir2_sf_entry_t *)((char *)sfep +
 				libxfs_dir2_sf_entsize(mp, sfp, namelen));
@@ -1071,8 +1073,8 @@ process_sf_attr(
 		}
 
 		if (metadump.obfuscate) {
-			generate_obfuscated_name(0, asfep->namelen,
-						 &asfep->nameval[0]);
+			generate_obfuscated_name(0, asfep->flags,
+					asfep->namelen, &asfep->nameval[0]);
 			memset(&asfep->nameval[asfep->namelen], 'v',
 			       asfep->valuelen);
 		}
@@ -1283,7 +1285,7 @@ process_dir_data_block(
 
 		if (metadump.obfuscate)
 			generate_obfuscated_name(be64_to_cpu(dep->inumber),
-					 dep->namelen, &dep->name[0]);
+					 0, dep->namelen, &dep->name[0]);
 		dir_offset += length;
 		ptr += length;
 		/* Zero the unused space after name, up to the tag */
@@ -1452,8 +1454,9 @@ process_attr_block(
 				break;
 			}
 			if (metadump.obfuscate) {
-				generate_obfuscated_name(0, local->namelen,
-					&local->nameval[0]);
+				generate_obfuscated_name(0, entry->flags,
+						local->namelen,
+						&local->nameval[0]);
 				memset(&local->nameval[local->namelen], 'v',
 					be16_to_cpu(local->valuelen));
 			}
@@ -1475,8 +1478,9 @@ process_attr_block(
 				break;
 			}
 			if (metadump.obfuscate) {
-				generate_obfuscated_name(0, remote->namelen,
-							 &remote->name[0]);
+				generate_obfuscated_name(0, entry->flags,
+						remote->namelen,
+						&remote->name[0]);
 				add_remote_vals(be32_to_cpu(remote->valueblk),
 						be32_to_cpu(remote->valuelen));
 			}
diff --git a/libxfs/libxfs_api_defs.h b/libxfs/libxfs_api_defs.h
index 9d2084e2..ccc92a83 100644
--- a/libxfs/libxfs_api_defs.h
+++ b/libxfs/libxfs_api_defs.h
@@ -44,6 +44,7 @@
 #define xfs_attr_set			libxfs_attr_set
 #define xfs_attr_sf_firstentry		libxfs_attr_sf_firstentry
 #define xfs_attr_shortform_verify	libxfs_attr_shortform_verify
+#define xfs_attr_hashname		libxfs_attr_hashname
 
 #define __xfs_bmap_add_free		__libxfs_bmap_add_free
 #define xfs_bmap_validate_extent	libxfs_bmap_validate_extent
diff --git a/libxfs/xfs_attr.c b/libxfs/xfs_attr.c
index 30cf3688..aca65971 100644
--- a/libxfs/xfs_attr.c
+++ b/libxfs/xfs_attr.c
@@ -234,6 +234,16 @@ xfs_attr_get_ilocked(
 	return xfs_attr_node_get(args);
 }
 
+/* Compute hash for an extended attribute name. */
+xfs_dahash_t
+xfs_attr_hashname(
+	unsigned int		attr_flags,
+	const uint8_t		*name,
+	unsigned int		namelen)
+{
+	return xfs_da_hashname(name, namelen);
+}
+
 /*
  * Retrieve an extended attribute by name, and its value if requested.
  *
@@ -264,7 +274,8 @@ xfs_attr_get(
 
 	args->geo = args->dp->i_mount->m_attr_geo;
 	args->whichfork = XFS_ATTR_FORK;
-	args->hashval = xfs_da_hashname(args->name, args->namelen);
+	args->hashval = xfs_attr_hashname(args->attr_filter, args->name,
+					  args->namelen);
 
 	/* Entirely possible to look up a name which doesn't exist */
 	args->op_flags = XFS_DA_OP_OKNOENT;
@@ -938,7 +949,8 @@ xfs_attr_set(
 
 	args->geo = mp->m_attr_geo;
 	args->whichfork = XFS_ATTR_FORK;
-	args->hashval = xfs_da_hashname(args->name, args->namelen);
+	args->hashval = xfs_attr_hashname(args->attr_filter, args->name,
+					  args->namelen);
 
 	/*
 	 * We have no control over the attribute names that userspace passes us
diff --git a/libxfs/xfs_attr.h b/libxfs/xfs_attr.h
index af92cc57..30cf51f3 100644
--- a/libxfs/xfs_attr.h
+++ b/libxfs/xfs_attr.h
@@ -619,4 +619,7 @@ extern struct kmem_cache *xfs_attr_intent_cache;
 int __init xfs_attr_intent_init_cache(void);
 void xfs_attr_intent_destroy_cache(void);
 
+xfs_dahash_t xfs_attr_hashname(unsigned int attr_flags,
+		const uint8_t *name_string, unsigned int name_length);
+
 #endif	/* __XFS_ATTR_H__ */
diff --git a/libxfs/xfs_attr_leaf.c b/libxfs/xfs_attr_leaf.c
index 663347b1..2459a1e7 100644
--- a/libxfs/xfs_attr_leaf.c
+++ b/libxfs/xfs_attr_leaf.c
@@ -909,8 +909,8 @@ xfs_attr_shortform_to_leaf(
 		nargs.namelen = sfe->namelen;
 		nargs.value = &sfe->nameval[nargs.namelen];
 		nargs.valuelen = sfe->valuelen;
-		nargs.hashval = xfs_da_hashname(sfe->nameval,
-						sfe->namelen);
+		nargs.hashval = xfs_attr_hashname(sfe->flags, sfe->nameval,
+						  sfe->namelen);
 		nargs.attr_filter = sfe->flags & XFS_ATTR_NSP_ONDISK_MASK;
 		error = xfs_attr3_leaf_lookup_int(bp, &nargs); /* set a->index */
 		ASSERT(error == -ENOATTR);
diff --git a/repair/attr_repair.c b/repair/attr_repair.c
index 25588b3b..9c41cb21 100644
--- a/repair/attr_repair.c
+++ b/repair/attr_repair.c
@@ -492,8 +492,10 @@ process_leaf_attr_local(
 	 * ordering anyway in case both the name value and the
 	 * hashvalue were wrong but matched. Unlikely, however.
 	 */
-	if (be32_to_cpu(entry->hashval) != libxfs_da_hashname(
-				&local->nameval[0], local->namelen) ||
+	if (be32_to_cpu(entry->hashval) !=
+			libxfs_attr_hashname(entry->flags,
+					     &local->nameval[0],
+					     local->namelen) ||
 				be32_to_cpu(entry->hashval) < last_hashval) {
 		do_warn(
 	_("bad hashvalue for attribute entry %d in attr block %u, inode %" PRIu64 "\n"),
@@ -537,7 +539,8 @@ process_leaf_attr_remote(
 	    !libxfs_attr_namecheck(mp, remotep->name,
 				   remotep->namelen, flags) ||
 	    be32_to_cpu(entry->hashval) !=
-			libxfs_da_hashname((unsigned char *)&remotep->name[0],
+			libxfs_attr_hashname(entry->flags,
+					   (unsigned char *)&remotep->name[0],
 					   remotep->namelen) ||
 	    be32_to_cpu(entry->hashval) < last_hashval ||
 	    be32_to_cpu(remotep->valueblk) == 0) {

From patchwork Sun Mar 17 16:36:41 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Darrick J. Wong" <djwong@kernel.org>
X-Patchwork-Id: 13594695
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 791D41CD18;
	Sun, 17 Mar 2024 16:36:42 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1710693402; cv=none;
 b=MpaXTMdGufpW6JoZvVMmFHyBvHYRBBcUBF5Ho1JzEFxC1DCzfQBfC/lnQA5U6AHlgTEEsqb8qBIH3yWUdmjRIbWu4WfKgiL8eupQQB2YWkxioWJyHVmrz973LRbbZptHHS4orEma/iGsDyBOt38Ew4wZHC6tNG9IjNf29xuuETI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1710693402; c=relaxed/simple;
	bh=EvjQ4lGa9VZVj1YA3XmFyTfuuixSVMz1etdtyeM3Juk=;
	h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=RISKYVT+w6NioxpnSfqBZQUMBY9CkgqMSb6xRCYE5DHab2f6rnMxIzUHCSA0WoX2vurMDPlUeXRakJ5/TV2H+TZHDUptixJ8+HKPE9cSiL+kzALKGzKQy2Ybat/ip8SQOqGlsiH+nG+miJn99o2EutUIUZiTj3UdqLnqN7/Rdos=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=KLs7MtCb; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="KLs7MtCb"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4DE6DC433F1;
	Sun, 17 Mar 2024 16:36:42 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1710693402;
	bh=EvjQ4lGa9VZVj1YA3XmFyTfuuixSVMz1etdtyeM3Juk=;
	h=Date:Subject:From:To:Cc:In-Reply-To:References:From;
	b=KLs7MtCb89ucG8iXhYjxXELEiXirT//STH6zzZFUpLozzUpzC1oVBtHKTFnEBhXhT
	 Z96qAmQF2CQl7IXW7v26x11a0EjIVgZZVkBZkh53QQM214Y4Xh824yNBYFOxhXWRd3
	 hncGmsv2B+TVHesOvkGr1nDaxu9lX35NhsueRrwhzZE9WXIaxNUoJc6A1QwDD/1wLI
	 V3JZc8I6N6D2LZNYvbne+oDbdesc4Uo6J/ByseDV2xvnhvT4/0PEG/+jFd1ZXme5IR
	 FvuS6mddW4URqGfSYdgoB0ZXkuXEZltG/5CvkbHebgVhO7OClapks826ifEV422UMW
	 iyQnk8eNRGdyg==
Date: Sun, 17 Mar 2024 09:36:41 -0700
Subject: [PATCH 11/20] xfs: use merkle tree offset as attr hash
From: "Darrick J. Wong" <djwong@kernel.org>
To: aalbersh@redhat.com, djwong@kernel.org, cem@kernel.org,
 ebiggers@kernel.org
Cc: fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org,
 linux-xfs@vger.kernel.org
Message-ID: <171069247827.2685643.9491628674924172369.stgit@frogsfrogsfrogs>
In-Reply-To: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
References: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
User-Agent: StGit/0.19
Precedence: bulk
X-Mailing-List: fsverity@lists.linux.dev
List-Id: <fsverity.lists.linux.dev>
List-Subscribe: <mailto:fsverity+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:fsverity+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Darrick J. Wong <djwong@kernel.org>

I was exploring the fsverity metadata with xfs_db after creating a 220MB
verity file, and I noticed the following in the debugger output:

entries[0-75] = [hashval,nameidx,incomplete,root,secure,local,parent,verity]
0:[0,4076,0,0,0,0,0,1]
1:[0,1472,0,0,0,1,0,1]
2:[0x800,4056,0,0,0,0,0,1]
3:[0x800,4036,0,0,0,0,0,1]
...
72:[0x12000,2716,0,0,0,0,0,1]
73:[0x12000,2696,0,0,0,0,0,1]
74:[0x12800,2676,0,0,0,0,0,1]
75:[0x12800,2656,0,0,0,0,0,1]
...
nvlist[0].merkle_off = 0x18000
nvlist[1].merkle_off = 0
nvlist[2].merkle_off = 0x19000
nvlist[3].merkle_off = 0x1000
...
nvlist[71].merkle_off = 0x5b000
nvlist[72].merkle_off = 0x44000
nvlist[73].merkle_off = 0x5c000
nvlist[74].merkle_off = 0x45000
nvlist[75].merkle_off = 0x5d000

Within just this attr leaf block, there are 76 attr entries, but only 38
distinct hash values.  There are 415 merkle tree blocks for this file,
but we already have hash collisions.  This isn't good performance from
the standard da hash function because we're mostly shifting and rolling
zeroes around.

However, we don't even have to do that much work -- the merkle tree
block keys are themslves u64 values.  Truncate that value to 32 bits
(the size of xfs_dahash_t) and use that for the hash.  We won't have any
collisions between merkle tree blocks until that tree grows to 2^32nd
blocks.  On a 4k block filesystem, we won't hit that unless the file
contains more than 2^49 bytes, assuming sha256.

As a side effect, the keys for merkle tree blocks get written out in
roughly sequential order, though I didn't observe any change in
performance.

Signed-off-by: Darrick J. Wong <djwong@kernel.org>
---
 libxfs/xfs_attr.c      |    7 +++++++
 libxfs/xfs_da_format.h |    2 ++
 2 files changed, 9 insertions(+)

diff --git a/libxfs/xfs_attr.c b/libxfs/xfs_attr.c
index aca65971..971d185b 100644
--- a/libxfs/xfs_attr.c
+++ b/libxfs/xfs_attr.c
@@ -241,6 +241,13 @@ xfs_attr_hashname(
 	const uint8_t		*name,
 	unsigned int		namelen)
 {
+	if ((attr_flags & XFS_ATTR_VERITY) &&
+	    namelen == sizeof(struct xfs_verity_merkle_key)) {
+		uint64_t	off = xfs_verity_merkle_key_from_disk(name);
+
+		return off >> XFS_VERITY_MIN_MERKLE_BLOCKLOG;
+	}
+
 	return xfs_da_hashname(name, namelen);
 }
 
diff --git a/libxfs/xfs_da_format.h b/libxfs/xfs_da_format.h
index 2d2314a5..1d061cc0 100644
--- a/libxfs/xfs_da_format.h
+++ b/libxfs/xfs_da_format.h
@@ -951,4 +951,6 @@ xfs_verity_merkle_key_from_disk(
 #define XFS_VERITY_DESCRIPTOR_NAME	"vdesc"
 #define XFS_VERITY_DESCRIPTOR_NAME_LEN	(sizeof(XFS_VERITY_DESCRIPTOR_NAME) - 1)
 
+#define XFS_VERITY_MIN_MERKLE_BLOCKLOG	(10)
+
 #endif /* __XFS_DA_FORMAT_H__ */

From patchwork Sun Mar 17 16:36:57 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Darrick J. Wong" <djwong@kernel.org>
X-Patchwork-Id: 13594729
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 57CE55221;
	Sun, 17 Mar 2024 16:36:58 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1710693418; cv=none;
 b=NVATsozgfVpeQIqHxUnLoJJC2zDAZeosNl34cOI/SbFwN3UtejtNzV4SkrBNBDJoelwUIKgBGluX+TBnLNSOj5D7FV1aTsUtfPMw5Pw0V45bqsilrlzqh0JNUXSYD6zZ6p7Hy3FVvgTzke0HAnqi3YtLPTXaxcBuweNYB6rZj2o=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1710693418; c=relaxed/simple;
	bh=tTRp75YPB4cHJxAnvL3nPcn+3M7UemOcQwcM+jsR2Ig=;
	h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=e5tqYxbnTEAKxMFJon9o/YUpUZF/wnPod4sjz+nnze1TibkisTMyh7ohFXfUgkUlmaYzCTqnaeHje8HK4h/8/WBJTti4quQxNRk/8G4ZAmt3Z3Gu2YvvhdfHJGzo1NfcId6ukLjFzBmCEaHz0DfreE/akPAUqSARCpYJM6A9nA4=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=Cv4Q6hj+; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="Cv4Q6hj+"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id E3771C433C7;
	Sun, 17 Mar 2024 16:36:57 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1710693418;
	bh=tTRp75YPB4cHJxAnvL3nPcn+3M7UemOcQwcM+jsR2Ig=;
	h=Date:Subject:From:To:Cc:In-Reply-To:References:From;
	b=Cv4Q6hj+6S/o9sRztdoOj9THpOaWb7VYup2mUF8BKvA4THsT+S69W/XauyeDKBYkp
	 XcD6t/C6utDtlspw0WXmmw0JxePJ/9hsn1kfzAKQWKQ7dgNlF7JgbsEkuKrug6ChuV
	 efNKhrf7ItuIlh4VCMU5GY7lzoiWPW5A3AXJNz08JnuD8vvYm+l+aNL34Whc4V8cc6
	 EdSqGMnANw7uPk52mp+R+eoVJs2j5QqHRpLWw2rQkiXZ0hlgF6kjd+V1HYkD/Lvm+T
	 omF1Agmha221RgSM7pjt0It4l9Jzwln5AMr/DlvYX6dBLmB5t/b//wRyaH4XinCr8r
	 G6BBuKK9/zBFw==
Date: Sun, 17 Mar 2024 09:36:57 -0700
Subject: [PATCH 12/20] xfs: enable ro-compat fs-verity flag
From: "Darrick J. Wong" <djwong@kernel.org>
To: aalbersh@redhat.com, djwong@kernel.org, cem@kernel.org,
 ebiggers@kernel.org
Cc: fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org,
 linux-xfs@vger.kernel.org
Message-ID: <171069247841.2685643.9656163171263399183.stgit@frogsfrogsfrogs>
In-Reply-To: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
References: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
User-Agent: StGit/0.19
Precedence: bulk
X-Mailing-List: fsverity@lists.linux.dev
List-Id: <fsverity.lists.linux.dev>
List-Subscribe: <mailto:fsverity+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:fsverity+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Andrey Albershteyn <aalbersh@redhat.com>

Finalize fs-verity integration in XFS by making kernel fs-verity
aware with ro-compat flag.

Signed-off-by: Andrey Albershteyn <aalbersh@redhat.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
[djwong: add spaces]
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
---
 libxfs/xfs_format.h |    9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/libxfs/xfs_format.h b/libxfs/xfs_format.h
index 3ce29021..c3f586d6 100644
--- a/libxfs/xfs_format.h
+++ b/libxfs/xfs_format.h
@@ -355,10 +355,11 @@ xfs_sb_has_compat_feature(
 #define XFS_SB_FEAT_RO_COMPAT_INOBTCNT (1 << 3)		/* inobt block counts */
 #define XFS_SB_FEAT_RO_COMPAT_VERITY   (1 << 4)		/* fs-verity */
 #define XFS_SB_FEAT_RO_COMPAT_ALL \
-		(XFS_SB_FEAT_RO_COMPAT_FINOBT | \
-		 XFS_SB_FEAT_RO_COMPAT_RMAPBT | \
-		 XFS_SB_FEAT_RO_COMPAT_REFLINK| \
-		 XFS_SB_FEAT_RO_COMPAT_INOBTCNT)
+		(XFS_SB_FEAT_RO_COMPAT_FINOBT   | \
+		 XFS_SB_FEAT_RO_COMPAT_RMAPBT   | \
+		 XFS_SB_FEAT_RO_COMPAT_REFLINK  | \
+		 XFS_SB_FEAT_RO_COMPAT_INOBTCNT | \
+		 XFS_SB_FEAT_RO_COMPAT_VERITY)
 #define XFS_SB_FEAT_RO_COMPAT_UNKNOWN	~XFS_SB_FEAT_RO_COMPAT_ALL
 static inline bool
 xfs_sb_has_ro_compat_feature(

From patchwork Sun Mar 17 16:37:13 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Darrick J. Wong" <djwong@kernel.org>
X-Patchwork-Id: 13594730
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 021C81CD11;
	Sun, 17 Mar 2024 16:37:13 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1710693434; cv=none;
 b=jKyK6OLpwE3F5oYjyUXROBrnkkbgO5/Op9JgxVKpjFKpLdRJzDp/zpfS4qd2Wz0zVBICjX//6jkjVj9+wsS5sYeMoehSLw9il52WQxUzcdDkda4kxaFqNrI3q1nk03pyy0h6G45m/64/vmI0xgCDZhh+uStXSCXOv72gYfVWx0E=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1710693434; c=relaxed/simple;
	bh=IvIadUcLpBYOM/jjLq7NerajEG6TfC/KMPfSJnKLroo=;
	h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=WoHg8E7OjAGTOxwsLs/H9K8/hdMo+69VEtlDUZyZ0QEYoHXSxB60Dk7+gp1KM+8w+cwh5SuyeXvK0D9SemdHBLJHoDnF/5OFDp4QFQyrX8Bblsb005vl8FS/VgAMmFHSjws2KMxUP0Zm/dPeLDRxdyg/7OAc4Osx+jKkio+zwh0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=FlajFgf+; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="FlajFgf+"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8477BC433C7;
	Sun, 17 Mar 2024 16:37:13 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1710693433;
	bh=IvIadUcLpBYOM/jjLq7NerajEG6TfC/KMPfSJnKLroo=;
	h=Date:Subject:From:To:Cc:In-Reply-To:References:From;
	b=FlajFgf+KfWk0PYkGtAcOwxK/bcTbF+NUYOfO5FHprORq76MY7FQTeqnOaIsMx+eF
	 1/FyNAwasSwpquIvu5NLtteNSc4Qi57ca/Ai0QigLfdYpEDtoOQ12M7afFawFMAgnM
	 wBPqiJa3+mr4pjB6aYlO0tk7LHETRa5cKrDqQbKb5OURs5XtjwFIXOnarIOEonY46V
	 5FBiR3yMGOhATjXSJkyYT0KCwwQcs1yE6DmtwOmrp8aYs3btRiA7rEtcP/SjXuzsqm
	 TPzzhvG0ER4JCSpjEtlsOuI2RRx0AQmpBMONKkherFBbmI+0dMp1/iECH3BDw9skb7
	 hXDIyvpYVin+g==
Date: Sun, 17 Mar 2024 09:37:13 -0700
Subject: [PATCH 13/20] libfrog: add fsverity to xfs_report_geom output
From: "Darrick J. Wong" <djwong@kernel.org>
To: aalbersh@redhat.com, djwong@kernel.org, cem@kernel.org,
 ebiggers@kernel.org
Cc: fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org,
 linux-xfs@vger.kernel.org
Message-ID: <171069247855.2685643.2767239263618962002.stgit@frogsfrogsfrogs>
In-Reply-To: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
References: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
User-Agent: StGit/0.19
Precedence: bulk
X-Mailing-List: fsverity@lists.linux.dev
List-Id: <fsverity.lists.linux.dev>
List-Subscribe: <mailto:fsverity+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:fsverity+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Darrick J. Wong <djwong@kernel.org>

Announce the presence of fsverity on a filesystem.

Signed-off-by: Darrick J. Wong <djwong@kernel.org>
---
 libfrog/fsgeom.c |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libfrog/fsgeom.c b/libfrog/fsgeom.c
index 3e7f0797..502553bc 100644
--- a/libfrog/fsgeom.c
+++ b/libfrog/fsgeom.c
@@ -31,6 +31,7 @@ xfs_report_geom(
 	int			bigtime_enabled;
 	int			inobtcount;
 	int			nrext64;
+	int			verity;
 
 	isint = geo->logstart > 0;
 	lazycount = geo->flags & XFS_FSOP_GEOM_FLAGS_LAZYSB ? 1 : 0;
@@ -49,12 +50,14 @@ xfs_report_geom(
 	bigtime_enabled = geo->flags & XFS_FSOP_GEOM_FLAGS_BIGTIME ? 1 : 0;
 	inobtcount = geo->flags & XFS_FSOP_GEOM_FLAGS_INOBTCNT ? 1 : 0;
 	nrext64 = geo->flags & XFS_FSOP_GEOM_FLAGS_NREXT64 ? 1 : 0;
+	verity = geo->flags & XFS_FSOP_GEOM_FLAGS_VERITY ? 1 : 0;
 
 	printf(_(
 "meta-data=%-22s isize=%-6d agcount=%u, agsize=%u blks\n"
 "         =%-22s sectsz=%-5u attr=%u, projid32bit=%u\n"
 "         =%-22s crc=%-8u finobt=%u, sparse=%u, rmapbt=%u\n"
 "         =%-22s reflink=%-4u bigtime=%u inobtcount=%u nrext64=%u\n"
+"         =%-22s verity=%u\n"
 "data     =%-22s bsize=%-6u blocks=%llu, imaxpct=%u\n"
 "         =%-22s sunit=%-6u swidth=%u blks\n"
 "naming   =version %-14u bsize=%-6u ascii-ci=%d, ftype=%d\n"
@@ -65,6 +68,7 @@ xfs_report_geom(
 		"", geo->sectsize, attrversion, projid32bit,
 		"", crcs_enabled, finobt_enabled, spinodes, rmapbt_enabled,
 		"", reflink_enabled, bigtime_enabled, inobtcount, nrext64,
+		"", verity,
 		"", geo->blocksize, (unsigned long long)geo->datablocks,
 			geo->imaxpct,
 		"", geo->sunit, geo->swidth,

From patchwork Sun Mar 17 16:37:28 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Darrick J. Wong" <djwong@kernel.org>
X-Patchwork-Id: 13594731
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5B3151B949;
	Sun, 17 Mar 2024 16:37:29 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1710693449; cv=none;
 b=OOKWmFXwv/ffGKw5l0FLCazmrxv7u1lE0xEJohgxw7U+PCvsj/pCLsWvtVrcVJH36XawKwShJ1UuGZ2ffpBWQIrNyw/dkvljxytb7geN2Ek/dw/vMqLYPNer/CbwOASZHApIAzok6L+rY3WlqS+5W5x9lYO2p+Hw07RiuScVkwA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1710693449; c=relaxed/simple;
	bh=f1UHsvnI1+vMIp5ZzTIP0wFfVfso3zMXLY3gsBKN0Sc=;
	h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=OgVgHfzAHYkMGVhC5nfS/+hch/XsEscqsJ4w1NUxQem+U4STZ3Yzhbp+ZD8b0MQXziBSHuuzUdEibV7bzSlw0iFAUlUa2zjl1qaV/aaHdQ8RtUr8idVuyg4PMd1b2Tlm3GRwgwDA+cGvL6K7ZJhrwsabv0JN2zFHr7H91YhpLSU=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=ARHgy30p; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="ARHgy30p"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2A967C433F1;
	Sun, 17 Mar 2024 16:37:29 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1710693449;
	bh=f1UHsvnI1+vMIp5ZzTIP0wFfVfso3zMXLY3gsBKN0Sc=;
	h=Date:Subject:From:To:Cc:In-Reply-To:References:From;
	b=ARHgy30pZ8ssyx0hoUg9f9qaNyET3Lh6fz5DyQt4dOn9xIFd9yteQlEc2Nh7lBI5L
	 SpaqmENMUj8X+ALhUybKFoumYjGe/8SysjYkcpRWk4f0bCd5EqviESxARBtD2K5FPb
	 6nVZa9GNwDVX+ETA6N4j873TvWi5ALOGSt8UX1aJ80oQW+g89S1dsOJaZCQLyjoczC
	 bsknxt6dZnRljyDmslwWPXbni5x+/pLI0FeYW5+UxQcoHCqUQ49wKkBpMXiAfAZpQE
	 hS25avu4TPXF9qoXI0wj0BbDXTvRNmcTbLHksZq8hD05SgUrNDQTl9s5Mn0xQt/sX0
	 jEeVjJvT+LhiQ==
Date: Sun, 17 Mar 2024 09:37:28 -0700
Subject: [PATCH 14/20] xfs_db: introduce attr_modify command
From: "Darrick J. Wong" <djwong@kernel.org>
To: aalbersh@redhat.com, djwong@kernel.org, cem@kernel.org,
 ebiggers@kernel.org
Cc: fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org,
 linux-xfs@vger.kernel.org
Message-ID: <171069247868.2685643.16613479398038252216.stgit@frogsfrogsfrogs>
In-Reply-To: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
References: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
User-Agent: StGit/0.19
Precedence: bulk
X-Mailing-List: fsverity@lists.linux.dev
List-Id: <fsverity.lists.linux.dev>
List-Subscribe: <mailto:fsverity+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:fsverity+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Andrey Albershteyn <aalbersh@redhat.com>

This command allows for writing value over already existing value of
inode's extended attribute. The difference from 'write' command is
that extended attribute can be addressed by name and new value is
written over old value.

The command also allows addressing via binary names (introduced by
parent pointers). This can be done by specified name length (-m) and
value in #hex format.

Example:

	# Modify attribute with name #00000042 by overwriting 8
	# bytes at offset 3 with value #0000000000FF00FF
	attr_modify -o 3 -m 4 -v 8 #42 #FF00FF

Signed-off-by: Andrey Albershteyn <aalbersh@redhat.com>
---
 db/attrset.c |  202 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 db/write.c   |    2 -
 db/write.h   |    1 
 3 files changed, 202 insertions(+), 3 deletions(-)

diff --git a/db/attrset.c b/db/attrset.c
index 0d8d70a8..7249294a 100644
--- a/db/attrset.c
+++ b/db/attrset.c
@@ -16,10 +16,12 @@
 #include "field.h"
 #include "inode.h"
 #include "malloc.h"
+#include "write.h"
 #include <sys/xattr.h>
 
 static int		attr_set_f(int argc, char **argv);
 static int		attr_remove_f(int argc, char **argv);
+static int		attr_modify_f(int argc, char **argv);
 static void		attrset_help(void);
 
 static const cmdinfo_t	attr_set_cmd =
@@ -30,6 +32,11 @@ static const cmdinfo_t	attr_remove_cmd =
 	{ "attr_remove", "aremove", attr_remove_f, 1, -1, 0,
 	  N_("[-r|-s|-u] [-n] name"),
 	  N_("remove the named attribute from the current inode"), attrset_help };
+static const cmdinfo_t	attr_modify_cmd =
+	{ "attr_modify", "amodify", attr_modify_f, 1, -1, 0,
+	  N_("[-r|-s|-u] [-o n] [-v n] [-m n] name value"),
+	  N_("modify value of the named attribute of the current inode"),
+		attrset_help };
 
 static void
 attrset_help(void)
@@ -38,8 +45,9 @@ attrset_help(void)
 "\n"
 " The 'attr_set' and 'attr_remove' commands provide interfaces for debugging\n"
 " the extended attribute allocation and removal code.\n"
-" Both commands require an attribute name to be specified, and the attr_set\n"
-" command allows an optional value length (-v) to be provided as well.\n"
+" Both commands together with 'attr_modify' require an attribute name to be\n"
+" specified. The attr_set and attr_modify commands allow an optional value\n"
+" length (-v) to be provided as well.\n"
 " There are 4 namespace flags:\n"
 "  -r -- 'root'\n"
 "  -u -- 'user'		(default)\n"
@@ -48,6 +56,9 @@ attrset_help(void)
 " For attr_set, these options further define the type of set operation:\n"
 "  -C -- 'create'    - create attribute, fail if it already exists\n"
 "  -R -- 'replace'   - replace attribute, fail if it does not exist\n"
+" attr_modify command provides more of the following options:\n"
+"  -m -- 'name length'   - specify length of the name (handy with binary names)\n"
+"  -o -- 'value offset'   - offset new value within old attr's value\n"
 " The backward compatibility mode 'noattr2' can be emulated (-n) also.\n"
 "\n"));
 }
@@ -60,6 +71,7 @@ attrset_init(void)
 
 	add_command(&attr_set_cmd);
 	add_command(&attr_remove_cmd);
+	add_command(&attr_modify_cmd);
 }
 
 static int
@@ -263,3 +275,189 @@ attr_remove_f(
 		libxfs_irele(args.dp);
 	return 0;
 }
+
+static int
+attr_modify_f(
+	int			argc,
+	char			**argv)
+{
+	struct xfs_da_args	args = { };
+	int			c;
+	int			offset = 0;
+	char			*sp;
+	char			*converted;
+	uint8_t			*name;
+	int			namelen = 0;
+	uint8_t			*value;
+	int			valuelen = 0;
+
+	if (cur_typ == NULL) {
+		dbprintf(_("no current type\n"));
+		return 0;
+	}
+
+	if (cur_typ->typnm != TYP_INODE) {
+		dbprintf(_("current type is not inode\n"));
+		return 0;
+	}
+
+	while ((c = getopt(argc, argv, "rusnv:o:m:")) != EOF) {
+		switch (c) {
+		/* namespaces */
+		case 'r':
+			args.attr_filter |= LIBXFS_ATTR_ROOT;
+			args.attr_filter &= ~LIBXFS_ATTR_SECURE;
+			break;
+		case 'u':
+			args.attr_filter &= ~(LIBXFS_ATTR_ROOT |
+					      LIBXFS_ATTR_SECURE);
+			break;
+		case 's':
+			args.attr_filter |= LIBXFS_ATTR_SECURE;
+			args.attr_filter &= ~LIBXFS_ATTR_ROOT;
+			break;
+
+		case 'n':
+			/*
+			 * We never touch attr2 these days; leave this here to
+			 * avoid breaking scripts.
+			 */
+			break;
+
+		case 'o':
+			offset = strtol(optarg, &sp, 0);
+			if (*sp != '\0' || offset < 0 || offset > 64 * 1024) {
+				dbprintf(_("bad attr_modify offset %s\n"),
+						optarg);
+				return 0;
+			}
+			break;
+
+		case 'v':
+			valuelen = strtol(optarg, &sp, 0);
+			if (*sp != '\0' || offset < 0 || valuelen > 64 * 1024) {
+				dbprintf(_("bad attr_modify value len %s\n"),
+						optarg);
+				return 0;
+			}
+			break;
+
+		case 'm':
+			namelen = strtol(optarg, &sp, 0);
+			if (*sp != '\0' || offset < 0 || namelen > MAXNAMELEN) {
+				dbprintf(_("bad attr_modify name len %s\n"),
+						optarg);
+				return 0;
+			}
+			break;
+
+		default:
+			dbprintf(_("bad option for attr_modify command\n"));
+			return 0;
+		}
+	}
+
+	if (optind != argc - 2) {
+		dbprintf(_("too few options for attr_modify\n"));
+		return 0;
+	}
+
+	if (namelen >= MAXNAMELEN) {
+		dbprintf(_("name too long\n"));
+		return 0;
+	}
+
+	if (!namelen) {
+		if (argv[optind][0] == '#')
+			namelen = strlen(argv[optind])/2;
+		if (argv[optind][0] == '"')
+			namelen = strlen(argv[optind]) - 2;
+	}
+
+	name = xcalloc(namelen, sizeof(uint8_t));
+	converted = convert_arg(argv[optind], (int)(namelen*8));
+	if (!converted) {
+		dbprintf(_("invalid name\n"));
+		goto out_free_name;
+	}
+
+	memcpy(name, converted, namelen);
+	args.name = (const uint8_t *)name;
+	args.namelen = namelen;
+
+	optind++;
+
+	if (valuelen > 64 * 1024) {
+		dbprintf(_("value too long\n"));
+		goto out_free_name;
+	}
+
+	if (!valuelen) {
+		if (argv[optind][0] == '#')
+			valuelen = strlen(argv[optind])/2;
+		if (argv[optind][0] == '"')
+			valuelen = strlen(argv[optind]) - 2;
+	}
+
+	if ((valuelen + offset) > 64 * 1024) {
+		dbprintf(_("offsetted value too long\n"));
+		goto out_free_name;
+	}
+
+	value = xcalloc(valuelen, sizeof(uint8_t));
+	converted = convert_arg(argv[optind], (int)(valuelen*8));
+	if (!converted) {
+		dbprintf(_("invalid value\n"));
+		goto out_free_value;
+	}
+	memcpy(value, converted, valuelen);
+
+	if (libxfs_iget(mp, NULL, iocur_top->ino, 0, &args.dp)) {
+		dbprintf(_("failed to iget inode %llu\n"),
+			(unsigned long long)iocur_top->ino);
+		goto out;
+	}
+
+	if (libxfs_attr_get(&args)) {
+		dbprintf(_("failed to get attr '%s' from inode %llu\n"),
+			args.name, (unsigned long long)iocur_top->ino);
+		goto out;
+	}
+
+	if (valuelen + offset > args.valuelen) {
+		dbprintf(_("new value too long\n"));
+		goto out;
+	}
+
+	/* As args.valuelen is now set let's get args.value */
+	if (libxfs_attr_get(&args)) {
+		dbprintf(_("failed to get attr '%s' from inode %llu\n"),
+			args.name, (unsigned long long)iocur_top->ino);
+		goto out;
+	}
+
+	/* modify value */
+	memcpy((uint8_t *)args.value + offset, value, valuelen);
+
+	args.attr_flags = XATTR_REPLACE;
+	args.attr_flags &= ~XATTR_CREATE;
+	if (libxfs_attr_set(&args)) {
+		dbprintf(_("failed to set attr '%s' from inode %llu\n"),
+			(unsigned char *)args.name,
+			(unsigned long long)iocur_top->ino);
+		goto out;
+	}
+
+	/* refresh with updated inode contents */
+	set_cur_inode(iocur_top->ino);
+
+out:
+	if (args.dp)
+		libxfs_irele(args.dp);
+	xfree(args.value);
+out_free_value:
+	xfree(value);
+out_free_name:
+	xfree(name);
+	return 0;
+}
diff --git a/db/write.c b/db/write.c
index 96dea705..9295dbc9 100644
--- a/db/write.c
+++ b/db/write.c
@@ -511,7 +511,7 @@ convert_oct(
  * are adjusted in the buffer so that the first input bit is to be be written to
  * the first bit in the output.
  */
-static char *
+char *
 convert_arg(
 	char		*arg,
 	int		bit_length)
diff --git a/db/write.h b/db/write.h
index e24e07d4..4ba04d03 100644
--- a/db/write.h
+++ b/db/write.h
@@ -6,6 +6,7 @@
 
 struct field;
 
+extern char	*convert_arg(char *arg, int bit_length);
 extern void	write_init(void);
 extern void	write_block(const field_t *fields, int argc, char **argv);
 extern void	write_struct(const field_t *fields, int argc, char **argv);

From patchwork Sun Mar 17 16:37:44 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Darrick J. Wong" <djwong@kernel.org>
X-Patchwork-Id: 13594732
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 382451CD11;
	Sun, 17 Mar 2024 16:37:44 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1710693465; cv=none;
 b=nZlUHN/mWvWbychDL7v04E2IZE/rUHsih+ZGeF4HL7fxBpmA9p3b22uONWdxZeqcRW04zrdZ0YWo1Qj98Mm0c2IWOigYsGdmICkvSMGNjTtbqcPfpc8om5SX4MPJiKr0wwKkBBIUPUz3f2lKWxgE1g+GVtdebXgo4EkbMCw7t+s=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1710693465; c=relaxed/simple;
	bh=7KR5QG05a5iw5iF04hooLILvIXBX0ycR2j/5TnBxR/c=;
	h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=sZK9TBadZ44y1TCMn+CTfoV53Q4KZac0fvcuop2Q/CQAzonsOFheb7TAtgNKtyFwoOkCrb8kXAKKuFLnHnXk+LHJX4pXW+Cy68t41+KtbXu3KPgElwyEmEJmrAKIpfe8ktSNSa7/7xZaC/K0nB/W5co/9wVFhSojRhOdIotUCLA=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=RtZPEYb0; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="RtZPEYb0"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id C119DC433F1;
	Sun, 17 Mar 2024 16:37:44 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1710693464;
	bh=7KR5QG05a5iw5iF04hooLILvIXBX0ycR2j/5TnBxR/c=;
	h=Date:Subject:From:To:Cc:In-Reply-To:References:From;
	b=RtZPEYb08qZZtIFaF0HzvLjtRogDYfXRwj/HjAk22yAZHnk2f10uOh7oYF0Vdpavs
	 8OHG2YKZCJ/t5W1QVpQJNSpO7EMcxN+srtoGPme1nDlewucitGYn68mxnv9m3O2Nu7
	 fFHvGD1CPMMfELO5RbjaxDxjD1cE8kINCs2OCHoLb6DPyV9RhdnQ2nTzpS2hnQJ4x+
	 wmcYuzFTNBhAcdVl7g8Hhi6mZVhKIInDcdiuy+ngIlmaYT3vvF/DtlRsVgV08/EkE6
	 mMB1S/37kGezvy5m5I2a4dPMA4F1NIVGiUISld/k5obbjHogZKtqmQBsMKdFAuo6VL
	 FaYauhfT87KLQ==
Date: Sun, 17 Mar 2024 09:37:44 -0700
Subject: [PATCH 15/20] xfs_db: make attr_set/remove/modify be able to handle
 fs-verity attrs
From: "Darrick J. Wong" <djwong@kernel.org>
To: aalbersh@redhat.com, djwong@kernel.org, cem@kernel.org,
 ebiggers@kernel.org
Cc: fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org,
 linux-xfs@vger.kernel.org
Message-ID: <171069247882.2685643.11040631435359813980.stgit@frogsfrogsfrogs>
In-Reply-To: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
References: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
User-Agent: StGit/0.19
Precedence: bulk
X-Mailing-List: fsverity@lists.linux.dev
List-Id: <fsverity.lists.linux.dev>
List-Subscribe: <mailto:fsverity+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:fsverity+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Andrey Albershteyn <aalbersh@redhat.com>

Signed-off-by: Andrey Albershteyn <aalbersh@redhat.com>
---
 db/attrset.c             |   28 ++++++++++++++++++++++------
 libxfs/libxfs_api_defs.h |    1 +
 2 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/db/attrset.c b/db/attrset.c
index 7249294a..f64f0cd9 100644
--- a/db/attrset.c
+++ b/db/attrset.c
@@ -26,15 +26,15 @@ static void		attrset_help(void);
 
 static const cmdinfo_t	attr_set_cmd =
 	{ "attr_set", "aset", attr_set_f, 1, -1, 0,
-	  N_("[-r|-s|-u] [-n] [-R|-C] [-v n] name"),
+	  N_("[-r|-s|-u|-f] [-n] [-R|-C] [-v n] name"),
 	  N_("set the named attribute on the current inode"), attrset_help };
 static const cmdinfo_t	attr_remove_cmd =
 	{ "attr_remove", "aremove", attr_remove_f, 1, -1, 0,
-	  N_("[-r|-s|-u] [-n] name"),
+	  N_("[-r|-s|-u|-f] [-n] name"),
 	  N_("remove the named attribute from the current inode"), attrset_help };
 static const cmdinfo_t	attr_modify_cmd =
 	{ "attr_modify", "amodify", attr_modify_f, 1, -1, 0,
-	  N_("[-r|-s|-u] [-o n] [-v n] [-m n] name value"),
+	  N_("[-r|-s|-u|-f] [-o n] [-v n] [-m n] name value"),
 	  N_("modify value of the named attribute of the current inode"),
 		attrset_help };
 
@@ -52,6 +52,7 @@ attrset_help(void)
 "  -r -- 'root'\n"
 "  -u -- 'user'		(default)\n"
 "  -s -- 'secure'\n"
+"  -f -- 'fs-verity'\n"
 "\n"
 " For attr_set, these options further define the type of set operation:\n"
 "  -C -- 'create'    - create attribute, fail if it already exists\n"
@@ -92,7 +93,7 @@ attr_set_f(
 		return 0;
 	}
 
-	while ((c = getopt(argc, argv, "rusCRnv:")) != EOF) {
+	while ((c = getopt(argc, argv, "rusfCRnv:")) != EOF) {
 		switch (c) {
 		/* namespaces */
 		case 'r':
@@ -107,6 +108,11 @@ attr_set_f(
 			args.attr_filter |= LIBXFS_ATTR_SECURE;
 			args.attr_filter &= ~LIBXFS_ATTR_ROOT;
 			break;
+		case 'f':
+			args.attr_filter |= LIBXFS_ATTR_VERITY;
+			args.attr_filter &= ~(LIBXFS_ATTR_ROOT |
+					      LIBXFS_ATTR_SECURE);
+			break;
 
 		/* modifiers */
 		case 'C':
@@ -208,7 +214,7 @@ attr_remove_f(
 		return 0;
 	}
 
-	while ((c = getopt(argc, argv, "rusn")) != EOF) {
+	while ((c = getopt(argc, argv, "rusfn")) != EOF) {
 		switch (c) {
 		/* namespaces */
 		case 'r':
@@ -223,6 +229,11 @@ attr_remove_f(
 			args.attr_filter |= LIBXFS_ATTR_SECURE;
 			args.attr_filter &= ~LIBXFS_ATTR_ROOT;
 			break;
+		case 'f':
+			args.attr_filter |= LIBXFS_ATTR_VERITY;
+			args.attr_filter &= ~(LIBXFS_ATTR_ROOT |
+					      LIBXFS_ATTR_SECURE);
+			break;
 
 		case 'n':
 			/*
@@ -301,7 +312,7 @@ attr_modify_f(
 		return 0;
 	}
 
-	while ((c = getopt(argc, argv, "rusnv:o:m:")) != EOF) {
+	while ((c = getopt(argc, argv, "rusfnv:o:m:")) != EOF) {
 		switch (c) {
 		/* namespaces */
 		case 'r':
@@ -316,6 +327,11 @@ attr_modify_f(
 			args.attr_filter |= LIBXFS_ATTR_SECURE;
 			args.attr_filter &= ~LIBXFS_ATTR_ROOT;
 			break;
+		case 'f':
+			args.attr_filter |= LIBXFS_ATTR_VERITY;
+			args.attr_filter &= ~(LIBXFS_ATTR_ROOT |
+					      LIBXFS_ATTR_SECURE);
+			break;
 
 		case 'n':
 			/*
diff --git a/libxfs/libxfs_api_defs.h b/libxfs/libxfs_api_defs.h
index ccc92a83..04a5dad5 100644
--- a/libxfs/libxfs_api_defs.h
+++ b/libxfs/libxfs_api_defs.h
@@ -15,6 +15,7 @@
  */
 #define LIBXFS_ATTR_ROOT		XFS_ATTR_ROOT
 #define LIBXFS_ATTR_SECURE		XFS_ATTR_SECURE
+#define LIBXFS_ATTR_VERITY		XFS_ATTR_VERITY
 
 #define xfs_agfl_size			libxfs_agfl_size
 #define xfs_agfl_walk			libxfs_agfl_walk

From patchwork Sun Mar 17 16:37:59 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Darrick J. Wong" <djwong@kernel.org>
X-Patchwork-Id: 13594733
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D7AE61CD11;
	Sun, 17 Mar 2024 16:38:00 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1710693480; cv=none;
 b=VdaA+1ch09Kp9LBD+3aQ7G8MJ+aASxA5L3sQiGEYW5mrGX7U7g0QyRL+6x0ICLLqX+6xWInWhBZjPqgGRvLCTnAhgMkbmwceG7Oye5CtaayR9uj4CHUGSI72zTdTUljd55ALZCQ8KD+HOnIWPeLkj9Wgh3kT8M1f4+hXhdZ/taI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1710693480; c=relaxed/simple;
	bh=5TMuct5iysN+++jCX0ghHaVBGM32xVUZYZTaz/c5VEQ=;
	h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=ppOv9fL488tI0DuyFKcZNfFvYfasUntDJQXS5dGQtUDTeUpXBPTmYh4HPx5i/WDHP89d9g/goyhAC98i8oucAmNuQhVrF7rgY5It2Olb1HikFYvLm9ijQhbWhjfsBUc8tVRMlayxcdQzW8I4oLyIUkWFuYsmc/eOuE3JzLnGZks=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=pL2ghk4c; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="pL2ghk4c"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 65680C433C7;
	Sun, 17 Mar 2024 16:38:00 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1710693480;
	bh=5TMuct5iysN+++jCX0ghHaVBGM32xVUZYZTaz/c5VEQ=;
	h=Date:Subject:From:To:Cc:In-Reply-To:References:From;
	b=pL2ghk4c1HNbKLsiTvFVDvUt9uFkqMzG2NjGgWGdW8oYc+UksJ0S/0wYsH+sG14M+
	 NbRpcRMC9SIGAtftEm777rnoISqLFspjlx8GdvOr27ehy4Vu9wa9MhYwOXcymLvEDv
	 RjV0hwUZMh2UmPfHbdbvf4OUGyDW1Pyzy+JuT6/7vm1jxm9LL6U7pOQxh9k1OsiNpu
	 JBvxlveYViBShy8qe7g2dNXSurBTvOQOdOLCnwf2Fg7d3TRqlt566S79kWDsIz+7Kl
	 frLA057xbQeCfgGFy0Z2+rIG2vrFT3HVYE6R1pzwKUxKTGv/gJlkF2mSWetvIKMx/3
	 OxkPWFxvxu3Qw==
Date: Sun, 17 Mar 2024 09:37:59 -0700
Subject: [PATCH 16/20] man: document attr_modify command
From: "Darrick J. Wong" <djwong@kernel.org>
To: aalbersh@redhat.com, djwong@kernel.org, cem@kernel.org,
 ebiggers@kernel.org
Cc: "Darrick J. Wong" <djwong@djwong.org>, fsverity@lists.linux.dev,
 linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org
Message-ID: <171069247896.2685643.7638335950847568851.stgit@frogsfrogsfrogs>
In-Reply-To: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
References: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
User-Agent: StGit/0.19
Precedence: bulk
X-Mailing-List: fsverity@lists.linux.dev
List-Id: <fsverity.lists.linux.dev>
List-Subscribe: <mailto:fsverity+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:fsverity+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Darrick J. Wong <djwong@djwong.org>

Add some documentation for the new attr_modify command.  I'm not sure
all what this this supposed to do, but there needs to be /something/ to
satisfy the documentation tests.

Signed-off-by: Darrick J. Wong <djwong@djwong.org>
---
 man/man8/xfs_db.8 |   34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/man/man8/xfs_db.8 b/man/man8/xfs_db.8
index a7f6d55e..d4651eb4 100644
--- a/man/man8/xfs_db.8
+++ b/man/man8/xfs_db.8
@@ -184,6 +184,40 @@ Displays the length, free block count, per-AG reservation size, and per-AG
 reservation usage for a given AG.
 If no argument is given, display information for all AGs.
 .TP
+.BI "attr_modify [\-r|\-u|\-s|\-f] [\-o n] [\-v n] [\-m n] name value
+Modifies an extended attribute on the current file with the given name.
+
+If the
+.B name
+is a string that can be converted into an integer value, it will be.
+.RS 1.0i
+.TP 0.4i
+.B \-r
+Sets the attribute in the root namespace.
+Only one namespace option can be specified.
+.TP
+.B \-u
+Sets the attribute in the user namespace.
+Only one namespace option can be specified.
+.TP
+.B \-s
+Sets the attribute in the secure namespace.
+Only one namespace option can be specified.
+.TP
+.B \-f
+Sets the attribute in the verity namespace.
+Only one namespace option can be specified.
+.TP
+.B \-m
+Length of the attr name.
+.TP
+.B \-o
+Offset into the attr value to place the new contents.
+.TP
+.B \-v
+Length of the attr value.
+.RE
+.TP
 .BI "attr_remove [\-r|\-u|\-s] [\-n] " name
 Remove the specified extended attribute from the current file.
 .RS 1.0i

From patchwork Sun Mar 17 16:38:15 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Darrick J. Wong" <djwong@kernel.org>
X-Patchwork-Id: 13594734
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6CA1D1367;
	Sun, 17 Mar 2024 16:38:16 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1710693496; cv=none;
 b=ZevMIkkobyTwvHPBPENnpCLsT1sDmHpJWU5SdkNX1DdoQA8GtH9bv1jJDbxHxrweltaY4fDrDRho7V2QuJ0w340la31vgoYra85tAqtL08Pu7iyP5CvDTgSysHcdsT3HpfZYmylSyo9QW2lwEPNF2FiNOg7/PkLXKzKBjDrSueM=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1710693496; c=relaxed/simple;
	bh=m9uYBM+z6JIsaUdVOrWiTr2xD3YQa0/L8E420J4/JOQ=;
	h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=kLeCZbF8Y64QERhWX+z8dumV7deCTCK3JRQY7FH5cC/v+TAMYGHnMKbEQFUJNRwBh5b1F7cnBnlf3oG1HccneNQ3nCLCJnsv0bONV1BJ+LP6CLkb8lsQlbAqSAOSIeFsIv4zKKj2Z176ardnngTbHfknQY6Y1T0xJQLQswYHYNk=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=qGeAM0mx; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="qGeAM0mx"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 087CAC433C7;
	Sun, 17 Mar 2024 16:38:16 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1710693496;
	bh=m9uYBM+z6JIsaUdVOrWiTr2xD3YQa0/L8E420J4/JOQ=;
	h=Date:Subject:From:To:Cc:In-Reply-To:References:From;
	b=qGeAM0mxMr/bEzuQRrrlYWMe7I3vH70Wd1FNEJ802I9CCAlPuhzHyyRPrIBBa6jJJ
	 CWugOXJ5jsYkqUuCq0SCd+JU154QPpahuLSR7R+B3KBTqI+pIz7XCeYAbeogdf8Pny
	 R7pXvFOLX/LvatnrbU1nJGYC020OfA4FOPsOCHaZOS7NLT+4BgjSV24r8/IWmgv2ks
	 zb7SPqCEXJ8j3v6pPA5LX9NL9cKDqRjz7ZJ3HxSWSj5OUXYyupEsrGtYOa9huDob7t
	 H5BfHmfARygRPIu0fl1ziIFXFq9Zmxt6alI5M6V1VEp8SCDqyWpl7ODH4MDDeHbXL/
	 gL+YQYfG7S4Qg==
Date: Sun, 17 Mar 2024 09:38:15 -0700
Subject: [PATCH 17/20] xfs_db: dump verity features and metadata
From: "Darrick J. Wong" <djwong@kernel.org>
To: aalbersh@redhat.com, djwong@kernel.org, cem@kernel.org,
 ebiggers@kernel.org
Cc: fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org,
 linux-xfs@vger.kernel.org
Message-ID: <171069247910.2685643.16760656404093565318.stgit@frogsfrogsfrogs>
In-Reply-To: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
References: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
User-Agent: StGit/0.19
Precedence: bulk
X-Mailing-List: fsverity@lists.linux.dev
List-Id: <fsverity.lists.linux.dev>
List-Subscribe: <mailto:fsverity+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:fsverity+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Darrick J. Wong <djwong@kernel.org>

Teach the debugger how to decode the merkle tree block number in the
attr name, and to display the fact that this is a verity filesystem.

Signed-off-by: Darrick J. Wong <djwong@kernel.org>
---
 db/sb.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/db/sb.c b/db/sb.c
index b48767f4..cd51f748 100644
--- a/db/sb.c
+++ b/db/sb.c
@@ -706,6 +706,8 @@ version_string(
 		strcat(s, ",NEEDSREPAIR");
 	if (xfs_has_large_extent_counts(mp))
 		strcat(s, ",NREXT64");
+	if (xfs_has_verity(mp))
+		strcat(s, ",VERITY");
 	return s;
 }
 

From patchwork Sun Mar 17 16:38:31 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Darrick J. Wong" <djwong@kernel.org>
X-Patchwork-Id: 13594735
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id CB7BA1C695;
	Sun, 17 Mar 2024 16:38:31 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1710693511; cv=none;
 b=klBTwb4cuLLJIcwJ4NKtoWr2CM0fvvZ6+s9INhJnnKFTFTobG7GKR5K+VyDjtpQtIHiyY4QXyMR0qCFBuFWPX8g60dli4Ordxh1y90jlpWUJQQI5sexkZ5n1b8T16b0uaewQ/1ff30gqQ5snhErSGdQQ5k+uJLsZ4tvhFK8Qy/g=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1710693511; c=relaxed/simple;
	bh=SKNjAW7IOXroQvyBJmA0riw3nQ2K4jFMyqXxyHhe2XM=;
	h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=dJWB7WrqYTxbz3Bp+RfYKkH43Bkr4nRRUSTmi3KiYpmZrK5S8Xn2ayT4+04+Pi/D2Yw5VRcCVJJqu6u8d4+1m3XhRZKJ+X9psPlJaO/CVALIFhUjgKe3N0hM2vvoxV2W/53HbVqutFJXcWqgHzzfi5ZFWm9pf7V+USEgO+kusoU=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=J1QwWMLr; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="J1QwWMLr"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9FDACC433C7;
	Sun, 17 Mar 2024 16:38:31 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1710693511;
	bh=SKNjAW7IOXroQvyBJmA0riw3nQ2K4jFMyqXxyHhe2XM=;
	h=Date:Subject:From:To:Cc:In-Reply-To:References:From;
	b=J1QwWMLrdTlUHeNEhn0x8jponuJNspk1v04tWXmTA9rnwXCB4bL6SUUrS7e8nAssh
	 DkIb2/51Hrn6b31FRptSOaAfokf9lcfvxCclMMd68N8sES8lr47pR6O3JTooBGGX/V
	 hjoPIM2i+gu3PxQhkaJg1uKHdzPn2+P/Au5JEktGTsaj8KM30T1H0oSEnTkmgstVkz
	 tE1aHqPyoSPuA8G3ojreYSE504WZKq79PDilFOhZw2UBd2bru5YqcWMMPlKh8Ky9P1
	 CfOdw5JBHHp5TZX5fkAg9S+Ag05XSUVY3ZoK/Dyj1Y5Vu7dSSgz41xyo3eXE9kPsj6
	 f3w7pfn2z97ZA==
Date: Sun, 17 Mar 2024 09:38:31 -0700
Subject: [PATCH 18/20] xfs_db: dump merkle tree data
From: "Darrick J. Wong" <djwong@kernel.org>
To: aalbersh@redhat.com, djwong@kernel.org, cem@kernel.org,
 ebiggers@kernel.org
Cc: fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org,
 linux-xfs@vger.kernel.org
Message-ID: <171069247924.2685643.16135242621398561444.stgit@frogsfrogsfrogs>
In-Reply-To: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
References: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
User-Agent: StGit/0.19
Precedence: bulk
X-Mailing-List: fsverity@lists.linux.dev
List-Id: <fsverity.lists.linux.dev>
List-Subscribe: <mailto:fsverity+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:fsverity+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Darrick J. Wong <djwong@kernel.org>

Teach the debugger to dump the specific fields in the fsverity xattr
blocks.

Signed-off-by: Darrick J. Wong <djwong@kernel.org>
---
 db/attr.c      |   94 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 db/attrshort.c |   22 +++++++++++++
 2 files changed, 115 insertions(+), 1 deletion(-)

diff --git a/db/attr.c b/db/attr.c
index ba722e14..d00bf921 100644
--- a/db/attr.c
+++ b/db/attr.c
@@ -33,6 +33,9 @@ static int	attr_remote_data_count(void *obj, int startoff);
 static int	attr3_remote_hdr_count(void *obj, int startoff);
 static int	attr3_remote_data_count(void *obj, int startoff);
 
+static int	attr_leaf_name_local_merkle_count(void *obj, int startoff);
+static int	attr_leaf_name_remote_merkle_count(void *obj, int startoff);
+
 const field_t	attr_hfld[] = {
 	{ "", FLDT_ATTR, OI(0), C1, 0, TYP_NONE },
 	{ NULL }
@@ -82,6 +85,9 @@ const field_t	attr_leaf_entry_flds[] = {
 	{ "local", FLDT_UINT1,
 	  OI(LEOFF(flags) + bitsz(uint8_t) - XFS_ATTR_LOCAL_BIT - 1), C1, 0,
 	  TYP_NONE },
+	{ "verity", FLDT_UINT1,
+	  OI(LEOFF(flags) + bitsz(uint8_t) - XFS_ATTR_VERITY_BIT - 1), C1, 0,
+	  TYP_NONE },
 	{ "pad2", FLDT_UINT8X, OI(LEOFF(pad2)), C1, FLD_SKIPALL, TYP_NONE },
 	{ NULL }
 };
@@ -108,6 +114,10 @@ const field_t	attr_leaf_map_flds[] = {
 
 #define	LNOFF(f)	bitize(offsetof(xfs_attr_leaf_name_local_t, f))
 #define	LVOFF(f)	bitize(offsetof(xfs_attr_leaf_name_remote_t, f))
+#define	MKLOFF(f)	bitize(offsetof(xfs_attr_leaf_name_local_t, nameval) + \
+			       offsetof(struct xfs_verity_merkle_key, f))
+#define	MKROFF(f)	bitize(offsetof(xfs_attr_leaf_name_remote_t, name) + \
+			       offsetof(struct xfs_verity_merkle_key, f))
 const field_t	attr_leaf_name_flds[] = {
 	{ "valuelen", FLDT_UINT16D, OI(LNOFF(valuelen)),
 	  attr_leaf_name_local_count, FLD_COUNT, TYP_NONE },
@@ -115,6 +125,8 @@ const field_t	attr_leaf_name_flds[] = {
 	  attr_leaf_name_local_count, FLD_COUNT, TYP_NONE },
 	{ "name", FLDT_CHARNS, OI(LNOFF(nameval)),
 	  attr_leaf_name_local_name_count, FLD_COUNT, TYP_NONE },
+	{ "merkle_off", FLDT_UINT64X, OI(MKLOFF(vi_merkleoff)),
+	  attr_leaf_name_local_merkle_count, FLD_COUNT, TYP_NONE },
 	{ "value", FLDT_CHARNS, attr_leaf_name_local_value_offset,
 	  attr_leaf_name_local_value_count, FLD_COUNT|FLD_OFFSET, TYP_NONE },
 	{ "valueblk", FLDT_UINT32X, OI(LVOFF(valueblk)),
@@ -125,6 +137,8 @@ const field_t	attr_leaf_name_flds[] = {
 	  attr_leaf_name_remote_count, FLD_COUNT, TYP_NONE },
 	{ "name", FLDT_CHARNS, OI(LVOFF(name)),
 	  attr_leaf_name_remote_name_count, FLD_COUNT, TYP_NONE },
+	{ "merkle_off", FLDT_UINT64X, OI(MKROFF(vi_merkleoff)),
+	  attr_leaf_name_remote_merkle_count, FLD_COUNT, TYP_NONE },
 	{ NULL }
 };
 
@@ -258,7 +272,19 @@ __attr_leaf_name_local_count(
 	struct xfs_attr_leaf_entry      *e,
 	int				i)
 {
-	return (e->flags & XFS_ATTR_LOCAL) != 0;
+	struct xfs_attr_leaf_name_local	*l;
+
+	if (!(e->flags & XFS_ATTR_LOCAL))
+		return 0;
+
+	if ((e->flags & XFS_ATTR_NSP_ONDISK_MASK) == XFS_ATTR_VERITY) {
+		l = xfs_attr3_leaf_name_local(leaf, i);
+
+		if (l->namelen == sizeof(struct xfs_verity_merkle_key))
+			return 0;
+	}
+
+	return 1;
 }
 
 static int
@@ -270,6 +296,64 @@ attr_leaf_name_local_count(
 				    __attr_leaf_name_local_count);
 }
 
+static int
+__attr_leaf_name_local_merkle_count(
+	struct xfs_attr_leafblock	*leaf,
+	struct xfs_attr_leaf_entry      *e,
+	int				i)
+{
+	struct xfs_attr_leaf_name_local	*l;
+
+	if ((e->flags & XFS_ATTR_NSP_ONDISK_MASK) != XFS_ATTR_VERITY)
+		return 0;
+	if (!(e->flags & XFS_ATTR_LOCAL))
+		return 0;
+
+	l = xfs_attr3_leaf_name_local(leaf, i);
+	if (l->namelen != sizeof(struct xfs_verity_merkle_key))
+		return 0;
+
+	return 1;
+}
+
+static int
+attr_leaf_name_local_merkle_count(
+	void				*obj,
+	int				startoff)
+{
+	return attr_leaf_entry_walk(obj, startoff,
+			__attr_leaf_name_local_merkle_count);
+}
+
+static int
+__attr_leaf_name_remote_merkle_count(
+	struct xfs_attr_leafblock	*leaf,
+	struct xfs_attr_leaf_entry      *e,
+	int				i)
+{
+	struct xfs_attr_leaf_name_remote	*r;
+
+	if ((e->flags & XFS_ATTR_NSP_ONDISK_MASK) != XFS_ATTR_VERITY)
+		return 0;
+	if (e->flags & XFS_ATTR_LOCAL)
+		return 0;
+
+	r = xfs_attr3_leaf_name_remote(leaf, i);
+	if (r->namelen != sizeof(struct xfs_verity_merkle_key))
+		return 0;
+
+	return 1;
+}
+
+static int
+attr_leaf_name_remote_merkle_count(
+	void				*obj,
+	int				startoff)
+{
+	return attr_leaf_entry_walk(obj, startoff,
+			__attr_leaf_name_remote_merkle_count);
+}
+
 static int
 __attr_leaf_name_local_name_count(
 	struct xfs_attr_leafblock	*leaf,
@@ -282,6 +366,10 @@ __attr_leaf_name_local_name_count(
 		return 0;
 
 	l = xfs_attr3_leaf_name_local(leaf, i);
+	if ((e->flags & XFS_ATTR_NSP_ONDISK_MASK) == XFS_ATTR_VERITY &&
+	    l->namelen == sizeof(struct xfs_verity_merkle_key))
+		return 0;
+
 	return l->namelen;
 }
 
@@ -373,6 +461,10 @@ __attr_leaf_name_remote_name_count(
 		return 0;
 
 	r = xfs_attr3_leaf_name_remote(leaf, i);
+	if ((e->flags & XFS_ATTR_NSP_ONDISK_MASK) == XFS_ATTR_VERITY &&
+	    r->namelen == sizeof(struct xfs_verity_merkle_key))
+		return 0;
+
 	return r->namelen;
 }
 
diff --git a/db/attrshort.c b/db/attrshort.c
index 7c386d46..4a850016 100644
--- a/db/attrshort.c
+++ b/db/attrshort.c
@@ -13,6 +13,7 @@
 #include "attrshort.h"
 
 static int	attr_sf_entry_name_count(void *obj, int startoff);
+static int	attr_sf_entry_merkle_count(void *obj, int startoff);
 static int	attr_sf_entry_value_count(void *obj, int startoff);
 static int	attr_sf_entry_value_offset(void *obj, int startoff, int idx);
 static int	attr_shortform_list_count(void *obj, int startoff);
@@ -33,6 +34,8 @@ const field_t	attr_sf_hdr_flds[] = {
 };
 
 #define	EOFF(f)	bitize(offsetof(struct xfs_attr_sf_entry, f))
+#define	MKOFF(f) bitize(offsetof(struct xfs_attr_sf_entry, nameval) + \
+			offsetof(struct xfs_verity_merkle_key, f))
 const field_t	attr_sf_entry_flds[] = {
 	{ "namelen", FLDT_UINT8D, OI(EOFF(namelen)), C1, 0, TYP_NONE },
 	{ "valuelen", FLDT_UINT8D, OI(EOFF(valuelen)), C1, 0, TYP_NONE },
@@ -43,13 +46,32 @@ const field_t	attr_sf_entry_flds[] = {
 	{ "secure", FLDT_UINT1,
 	  OI(EOFF(flags) + bitsz(uint8_t) - XFS_ATTR_SECURE_BIT - 1), C1, 0,
 	  TYP_NONE },
+	{ "verity", FLDT_UINT1,
+	  OI(EOFF(flags) + bitsz(uint8_t) - XFS_ATTR_VERITY_BIT - 1), C1, 0,
+	  TYP_NONE },
 	{ "name", FLDT_CHARNS, OI(EOFF(nameval)), attr_sf_entry_name_count,
 	  FLD_COUNT, TYP_NONE },
+	{ "merkle_off", FLDT_UINT32X, OI(MKOFF(vi_merkleoff)),
+	  attr_sf_entry_merkle_count, FLD_COUNT, TYP_NONE },
 	{ "value", FLDT_CHARNS, attr_sf_entry_value_offset,
 	  attr_sf_entry_value_count, FLD_COUNT|FLD_OFFSET, TYP_NONE },
 	{ NULL }
 };
 
+static int
+attr_sf_entry_merkle_count(
+	void				*obj,
+	int				startoff)
+{
+	struct xfs_attr_sf_entry	*e;
+
+	ASSERT(bitoffs(startoff) == 0);
+	e = (struct xfs_attr_sf_entry *)((char *)obj + byteize(startoff));
+	if ((e->flags & XFS_ATTR_NSP_ONDISK_MASK) == XFS_ATTR_VERITY)
+		return 1;
+	return 0;
+}
+
 static int
 attr_sf_entry_name_count(
 	void				*obj,

From patchwork Sun Mar 17 16:38:46 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Darrick J. Wong" <djwong@kernel.org>
X-Patchwork-Id: 13594736
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 800DF1CA87;
	Sun, 17 Mar 2024 16:38:47 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1710693527; cv=none;
 b=fRFmfpyweCr4blbpHBFJuss2LF9NNMw1iSmVkLSce01NA0BN1nL8jkzLsiIKcPYRHaeXiwKcAA+hDs9p75JoeJuV/ikb3Ebzaz4rcqn5iCrV9XhGG9ti/Z5krSdKwOq1qhtJSqAWuKuQogt55YXtVlrPMaezkrP5ss47Q3Xvi/k=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1710693527; c=relaxed/simple;
	bh=YonbOlo7kZSrSHU+riF5JjnXy5xT6SgrOFqAqO9Lx1A=;
	h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=H5rrVtGxqjx0OKCm+1O3/r/dX848jd1n2Ypnep3NafoCohCV+hr1X1kCgtPZPLuVc3SNwv0FfbPoOVb30NRDvmPseI5KmnKg6FY3ySsuCKEXraa1jS5VjKVVHVnM08bcz/+p//FOImmcaS/rUAhdKvnTtzD/G4vvjhxqv5Iunuo=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=Ny/Swwi0; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="Ny/Swwi0"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 56A9EC433C7;
	Sun, 17 Mar 2024 16:38:47 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1710693527;
	bh=YonbOlo7kZSrSHU+riF5JjnXy5xT6SgrOFqAqO9Lx1A=;
	h=Date:Subject:From:To:Cc:In-Reply-To:References:From;
	b=Ny/Swwi0tvnl6I7rDvXBsh3Rfr7eEL7kxXVBjAg6MZEoK5oKTX0MbDXtY+QV977u/
	 MC6r2lyUiuHoRdKDliGyzuOfPQwfgM9G99P4v3ih0JEbo+D9RA/xXnrxY4xM1VvPIb
	 +sYYuXplXZoMqz/fYx+pnaonYaWYHYEtDsxhlhY/vbhENCEWmRz9T3OWyJXt2Ny975
	 zVJa+Kj1rwbPRr4hB4lSWh6qtczniWk3tC7ZViRH2DdMswfXCccNu51CKGnJl09FhB
	 0cIJQ/0KxijzR56tjwoWb6iPsISxPO9R/b1gu8ECsAGuEUAiKNxfBpZIuFBRkWpKPC
	 6LT2dkwb0i8SQ==
Date: Sun, 17 Mar 2024 09:38:46 -0700
Subject: [PATCH 19/20] xfs_repair: junk fsverity xattrs when unnecessary
From: "Darrick J. Wong" <djwong@kernel.org>
To: aalbersh@redhat.com, djwong@kernel.org, cem@kernel.org,
 ebiggers@kernel.org
Cc: fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org,
 linux-xfs@vger.kernel.org
Message-ID: <171069247937.2685643.15009445761715327565.stgit@frogsfrogsfrogs>
In-Reply-To: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
References: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
User-Agent: StGit/0.19
Precedence: bulk
X-Mailing-List: fsverity@lists.linux.dev
List-Id: <fsverity.lists.linux.dev>
List-Subscribe: <mailto:fsverity+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:fsverity+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Darrick J. Wong <djwong@kernel.org>

Remove any fs-verity extended attributes when the filesystem doesn't
support fs-verity.

Signed-off-by: Darrick J. Wong <djwong@kernel.org>
---
 repair/attr_repair.c |   24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/repair/attr_repair.c b/repair/attr_repair.c
index 9c41cb21..5225950c 100644
--- a/repair/attr_repair.c
+++ b/repair/attr_repair.c
@@ -313,6 +313,13 @@ process_shortform_attr(
 					NULL, currententry->namelen,
 					currententry->valuelen);
 
+		if ((currententry->flags & XFS_ATTR_VERITY) &&
+		    !xfs_has_verity(mp)) {
+			do_warn(
+ _("verity metadata found on filesystem that doesn't support verity\n"));
+			junkit |= 1;
+		}
+
 		remainingspace = remainingspace -
 					xfs_attr_sf_entsize(currententry);
 
@@ -513,6 +520,15 @@ process_leaf_attr_local(
 			return -1;
 		}
 	}
+
+	if ((entry->flags & XFS_ATTR_VERITY) && !xfs_has_verity(mp)) {
+		do_warn(
+ _("verity metadata found in attribute entry %d in attr block %u, inode %"
+   PRIu64 " on filesystem that doesn't support verity\n"),
+				i, da_bno, ino);
+		return -1;
+	}
+
 	return xfs_attr_leaf_entsize_local(local->namelen,
 						be16_to_cpu(local->valuelen));
 }
@@ -549,6 +565,14 @@ process_leaf_attr_remote(
 		return -1;
 	}
 
+	if ((entry->flags & XFS_ATTR_VERITY) && !xfs_has_verity(mp)) {
+		do_warn(
+ _("verity metadata found in attribute entry %d in attr block %u, inode %"
+   PRIu64 " on filesystem that doesn't support verity\n"),
+				i, da_bno, ino);
+		return -1;
+	}
+
 	value = malloc(be32_to_cpu(remotep->valuelen));
 	if (value == NULL) {
 		do_warn(

From patchwork Sun Mar 17 16:39:02 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Darrick J. Wong" <djwong@kernel.org>
X-Patchwork-Id: 13594737
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 34DC41CA87;
	Sun, 17 Mar 2024 16:39:03 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1710693543; cv=none;
 b=IaTa/Ztt29J4ak9E3me+GsTpUU3J+w3cymxR9Wqev/3ZpmDZVrKcVutrXQ9GcgVaLMsYh9j1PHqMoabfE5Hyw1r8CTkrGWYX8ReQloynveTqXiN+zAQkZokfd9iotPhkKf/OcHIfNu4b+yo/lMuMb+pntC/nzHc6fZUUGD7VAVE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1710693543; c=relaxed/simple;
	bh=sQpc0kmxBtO4UBUhStV0HJX0r8qKG+wP7go6XMJGgxw=;
	h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=EpOcWXS0kABxxaxsERglN+w1UPCPiCjHB9+O5LS06uiNOLYvvR9jjiBtV4S26xVqAZ9KhhXoqMgh53zz04FLezZ+6lMz5eVbel1t7nfzqBsh4sou1g8glhm1e088AKxuglXpJEsRqE7MgrbO0MRBmqYgC+HrVZNPWchX1a7Pez8=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=UdAIkMEs; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="UdAIkMEs"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0C68DC433C7;
	Sun, 17 Mar 2024 16:39:03 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1710693543;
	bh=sQpc0kmxBtO4UBUhStV0HJX0r8qKG+wP7go6XMJGgxw=;
	h=Date:Subject:From:To:Cc:In-Reply-To:References:From;
	b=UdAIkMEskTR/S/WGLI7y4Wqf2AI7XwyB9tFElEO3lsunFWmZxfBeqo24K+Hd9Otex
	 18pHJ5G6AdLVV5jagjPQ5pdyuOjw0E5GiX4m/aTxg/IdLQCIfNwqBPLKVbnICuuH9E
	 65bm586XXV5B3Xe0VltS9ynVKFOtGleCcmQMr0pG+Ui4ReFD4CuCyWGE1hNlkERbWj
	 aA2CjeTBrBB5k2p9pmCiIWuO20WagFAivvuQZ4TJ5gyPhmhocCl6RcFWwuTc12BRG8
	 Gkcg+X+5ccIBgT5wPeJI4Fz4COieXuRjiuSv9lsWtsf1oUkufLkr10JIDW3NlbUtiL
	 1UheMcoembTVw==
Date: Sun, 17 Mar 2024 09:39:02 -0700
Subject: [PATCH 20/20] mkfs.xfs: add verity parameter
From: "Darrick J. Wong" <djwong@kernel.org>
To: aalbersh@redhat.com, djwong@kernel.org, cem@kernel.org,
 ebiggers@kernel.org
Cc: fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org,
 linux-xfs@vger.kernel.org
Message-ID: <171069247951.2685643.5838885180227203125.stgit@frogsfrogsfrogs>
In-Reply-To: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
References: <171069247657.2685643.11583844772215446491.stgit@frogsfrogsfrogs>
User-Agent: StGit/0.19
Precedence: bulk
X-Mailing-List: fsverity@lists.linux.dev
List-Id: <fsverity.lists.linux.dev>
List-Subscribe: <mailto:fsverity+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:fsverity+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

From: Andrey Albershteyn <aalbersh@redhat.com>

fs-verity brings on-disk changes (inode flag). Add parameter to
enable (default disabled) fs-verity flag in superblock. This will
make newly create filesystem read-only for older kernels.

Signed-off-by: Andrey Albershteyn <aalbersh@redhat.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
[djwong: make this an -i(node) option, edit manpage]
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
---
 man/man8/mkfs.xfs.8.in |    4 ++++
 mkfs/xfs_mkfs.c        |   19 +++++++++++++++++--
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/man/man8/mkfs.xfs.8.in b/man/man8/mkfs.xfs.8.in
index 8060d342..4864b4d4 100644
--- a/man/man8/mkfs.xfs.8.in
+++ b/man/man8/mkfs.xfs.8.in
@@ -670,6 +670,10 @@ If the value is omitted, 1 is assumed.
 This feature will be enabled when possible.
 This feature is only available for filesystems formatted with -m crc=1.
 .TP
+.BI verity[= value]
+This flag activates verity support, which enables sealing of regular file data
+with hashes and cryptographic signatures.
+This feature is only available for filesystems formatted with -m crc=1.
 .RE
 .PP
 .PD 0
diff --git a/mkfs/xfs_mkfs.c b/mkfs/xfs_mkfs.c
index d6fa48ed..dec5edaf 100644
--- a/mkfs/xfs_mkfs.c
+++ b/mkfs/xfs_mkfs.c
@@ -90,6 +90,7 @@ enum {
 	I_PROJID32BIT,
 	I_SPINODES,
 	I_NREXT64,
+	I_VERITY,
 	I_MAX_OPTS,
 };
 
@@ -469,6 +470,7 @@ static struct opt_params iopts = {
 		[I_PROJID32BIT] = "projid32bit",
 		[I_SPINODES] = "sparse",
 		[I_NREXT64] = "nrext64",
+		[I_VERITY] = "verity",
 		[I_MAX_OPTS] = NULL,
 	},
 	.subopt_params = {
@@ -523,7 +525,13 @@ static struct opt_params iopts = {
 		  .minval = 0,
 		  .maxval = 1,
 		  .defaultval = 1,
-		}
+		},
+		{ .index = I_VERITY,
+		  .conflicts = { { NULL, LAST_CONFLICT } },
+		  .minval = 0,
+		  .maxval = 1,
+		  .defaultval = 1,
+		},
 	},
 };
 
@@ -889,6 +897,7 @@ struct sb_feat_args {
 	bool	nodalign;
 	bool	nortalign;
 	bool	nrext64;
+	bool	verity;			/* XFS_SB_FEAT_RO_COMPAT_VERITY */
 };
 
 struct cli_params {
@@ -1024,7 +1033,7 @@ usage( void )
 			    sectsize=num,concurrency=num]\n\
 /* force overwrite */	[-f]\n\
 /* inode size */	[-i perblock=n|size=num,maxpct=n,attr=0|1|2,\n\
-			    projid32bit=0|1,sparse=0|1,nrext64=0|1]\n\
+			    projid32bit=0|1,sparse=0|1,nrext64=0|1,verity=0|1]\n\
 /* no discard */	[-K]\n\
 /* log subvol */	[-l agnum=n,internal,size=num,logdev=xxx,version=n\n\
 			    sunit=value|su=num,sectsize=num,lazy-count=0|1,\n\
@@ -1722,6 +1731,9 @@ inode_opts_parser(
 	case I_NREXT64:
 		cli->sb_feat.nrext64 = getnum(value, opts, subopt);
 		break;
+	case I_VERITY:
+		cli->sb_feat.verity = getnum(value, opts, subopt);
+		break;
 	default:
 		return -EINVAL;
 	}
@@ -3478,6 +3490,8 @@ sb_set_features(
 		sbp->sb_features_ro_compat |= XFS_SB_FEAT_RO_COMPAT_REFLINK;
 	if (fp->inobtcnt)
 		sbp->sb_features_ro_compat |= XFS_SB_FEAT_RO_COMPAT_INOBTCNT;
+	if (fp->verity)
+		sbp->sb_features_ro_compat |= XFS_SB_FEAT_RO_COMPAT_VERITY;
 	if (fp->bigtime)
 		sbp->sb_features_incompat |= XFS_SB_FEAT_INCOMPAT_BIGTIME;
 
@@ -4339,6 +4353,7 @@ main(
 			.nortalign = false,
 			.bigtime = true,
 			.nrext64 = true,
+			.verity = false,
 			/*
 			 * When we decide to enable a new feature by default,
 			 * please remember to update the mkfs conf files.