From patchwork Sun Mar 17 16:39:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13594738 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DFE651CA87; Sun, 17 Mar 2024 16:39:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710693559; cv=none; b=RNSmtrYIP+NDCj/wyMQS+t4ydZjXjD8GHeRPOQMxaJbmttI1Jc10Uw81X7Cc1MWrIGWqApdHV7WH5I1oVS4iXcVCa8fffOIZehxCeceOpgUJtN8lysnMThy58U+oZENOKayyIKI3SOxeEpqzxE4QAm4akb/UzdXbfXRknk2ISvg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710693559; c=relaxed/simple; bh=XK9GqXralr4+IiJ50cBl84PJADfWi3fhstXWHq38QcU=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=kJp5zAQ5YauL3GjG1j/3Ys8ugm8iQbuNCB9GMlyaRDW2F8egafgwIt5iW4GNn/0HnBL/6HdvfgrUm+bVVCHPl1acWpmfZMnbfYh3LKCrZlKCu4eg610aboc8fprKIW14w+tsnGdRsLJlKGXb6CFBXJReYz4yCghCbzRE6ggiWKQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=G6C7gOdA; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="G6C7gOdA" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B29B9C433C7; Sun, 17 Mar 2024 16:39:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1710693558; bh=XK9GqXralr4+IiJ50cBl84PJADfWi3fhstXWHq38QcU=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=G6C7gOdA7PJt/sF4XwiheIUD175NRZXOzto455cx4e/0RZGL1SwWDWxVTO5EH3OWr 8eDkZ4mMKkLvvPNag+KbG2MRfRYMdmkxger06etzcTJ8i//P7Pn91nl2WMN+lMwnQL 6UFI9oA9hAXJQHHjuoEPCgXPKDJh9NE5rmLWQkMGYt4Dz7wkxC/L43mofBl2SBdUDB Nd8kh/So0M0YPBAgWUYEce4y99sKlBJ/ghmn3AdeuSPBem3oYcZJVFe0URuLI08DDG 6qh4JebMpXyqC/VP4TTsoEK496nlJ4CqxUfZNxHxWIY3zWPPAvZzuzab6foUsAUFj6 QDj99dCOOSNNw== Date: Sun, 17 Mar 2024 09:39:18 -0700 Subject: [PATCH 1/3] common/verity: enable fsverity for XFS From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, djwong@kernel.org, zlang@redhat.com Cc: Andrey Albershteyn , fsverity@lists.linux.dev, fstests@vger.kernel.org, linux-fsdevel@vger.kernel.org, guan@eryu.me, linux-xfs@vger.kernel.org Message-ID: <171069248850.2687004.5662408567138574298.stgit@frogsfrogsfrogs> In-Reply-To: <171069248832.2687004.7611830288449050659.stgit@frogsfrogsfrogs> References: <171069248832.2687004.7611830288449050659.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Andrey Albershteyn XFS supports verity and can be enabled for -g verity group. Signed-off-by: Andrey Albershteyn --- common/verity | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/common/verity b/common/verity index 03d175ce1b..df4eb5dee7 100644 --- a/common/verity +++ b/common/verity @@ -43,7 +43,16 @@ _require_scratch_verity() # The filesystem may be aware of fs-verity but have it disabled by # CONFIG_FS_VERITY=n. Detect support via sysfs. - if [ ! -e /sys/fs/$fstyp/features/verity ]; then + case $FSTYP in + xfs) + _scratch_unmount + _check_scratch_xfs_features VERITY &>>$seqres.full + _scratch_mount + ;; + *) + test -e /sys/fs/$fstyp/features/verity + esac + if [ ! $? ]; then _notrun "kernel $fstyp isn't configured with verity support" fi @@ -201,6 +210,9 @@ _scratch_mkfs_verity() ext4|f2fs) _scratch_mkfs -O verity ;; + xfs) + _scratch_mkfs -i verity + ;; btrfs) _scratch_mkfs ;; @@ -407,6 +419,21 @@ _fsv_scratch_corrupt_merkle_tree() done _scratch_mount ;; + xfs) + local ino=$(stat -c '%i' $file) + local attr_offset=$(( $offset % $FSV_BLOCK_SIZE )) + local attr_index=$(printf "%08d" $(( offset - attr_offset ))) + _scratch_unmount + # Attribute name is 8 bytes long (index of Merkle tree page) + _scratch_xfs_db -x -c "inode $ino" \ + -c "attr_modify -f -m 8 -o $attr_offset $attr_index \"BUG\"" \ + >>$seqres.full + # In case bsize == 4096 and merkle block size == 1024, by + # modifying attribute with 'attr_modify we can corrupt quota + # account. Let's repair it + _scratch_xfs_repair > $seqres.full 2>&1 + _scratch_mount + ;; *) _fail "_fsv_scratch_corrupt_merkle_tree() unimplemented on $FSTYP" ;; From patchwork Sun Mar 17 16:39:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13594739 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 87D0F1CA87; Sun, 17 Mar 2024 16:39:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710693574; cv=none; b=u+jCtYfa2mLCHFR6cmRXo5zw0q6Rxa7qaEJPD77dCl2VvWKBUCoqrM9Mih13pOLHLoXZxBPzOyvNOLVBOJbIVPVqgpQ+AYDbrVfsbDbqwt928+3aYUbQfu0LP3c7/l4T3KM12WD46kRyPxsi3nf7Nu0X4c7/8fpL3gKejGOgRow= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710693574; c=relaxed/simple; bh=uPUaxD4rjARHFn8+5tfCguPT+oSw2DgMHoTuBM/TGU0=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=mSKTF3Yt5/urc8UQqGKf36O2w6bui3yCP3/8SE1bkkoADzOjMqb0W6F5B8+uAX8LGKdkQ0LXzNCRA4twGQBilPer+2wP/52lwp8R7bkP3E4TzV5SkoD+w4uwODzrwnNoDo2y2+Os9H58hXYygPnGMF9/Bqdsu/Lc0uusz5BIN6I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=VCUiIyMR; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="VCUiIyMR" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5E6D0C433F1; Sun, 17 Mar 2024 16:39:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1710693574; bh=uPUaxD4rjARHFn8+5tfCguPT+oSw2DgMHoTuBM/TGU0=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=VCUiIyMR5PfC3vJWB5a0QnPtCZUSw1nzqRE1du7aIubKiBFvqXCg5MOOV/v7z6UoJ SQTlsWbt02PBWDXjpkh3HoXwk4A0WCjJ6RkvrglF4R5KQ8mnqoyGKmGT4n+jBssA02 VFN7tKM+WWGC1HPUy9qorKtZi/a8Sx3xLqV+xnSyxJgfAc8iKQI8oF2ZBxDXJ/u1qs d9SJdXT3P2OBp2/GSuNB7U4ymzqR4rYclfkyXn3dC156nQv1R8sStfr285YNltfTiT yK+K71Q3DVPHSI5z8M3/61FlgmJ7eakApViRPBMKJmHnlJR/ow9p68m7fOLvD+WQou +xdtMWVorD5iA== Date: Sun, 17 Mar 2024 09:39:33 -0700 Subject: [PATCH 2/3] xfs/{021,122}: adapt to fsverity xattrs From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, djwong@kernel.org, zlang@redhat.com Cc: fsverity@lists.linux.dev, fstests@vger.kernel.org, linux-fsdevel@vger.kernel.org, guan@eryu.me, linux-xfs@vger.kernel.org Message-ID: <171069248865.2687004.1285202749756679401.stgit@frogsfrogsfrogs> In-Reply-To: <171069248832.2687004.7611830288449050659.stgit@frogsfrogsfrogs> References: <171069248832.2687004.7611830288449050659.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Adjust these tests to accomdate the use of xattrs to store fsverity metadata. Signed-off-by: Darrick J. Wong --- tests/xfs/021 | 3 +++ tests/xfs/122.out | 1 + 2 files changed, 4 insertions(+) diff --git a/tests/xfs/021 b/tests/xfs/021 index ef307fc064..dcecf41958 100755 --- a/tests/xfs/021 +++ b/tests/xfs/021 @@ -118,6 +118,7 @@ _scratch_xfs_db -r -c "inode $inum_1" -c "print a.sfattr" | \ perl -ne ' /\.secure/ && next; /\.parent/ && next; +/\.verity/ && next; print unless /^\d+:\[.*/;' echo "*** dump attributes (2)" @@ -128,6 +129,7 @@ _scratch_xfs_db -r -c "inode $inum_2" -c "a a.bmx[0].startblock" -c print \ | perl -ne ' s/,secure//; s/,parent//; +s/,verity//; s/info.hdr/info/; /hdr.info.crc/ && next; /hdr.info.bno/ && next; @@ -135,6 +137,7 @@ s/info.hdr/info/; /hdr.info.lsn/ && next; /hdr.info.owner/ && next; /\.parent/ && next; +/\.verity/ && next; s/^(hdr.info.magic =) 0x3bee/\1 0xfbee/; s/^(hdr.firstused =) (\d+)/\1 FIRSTUSED/; s/^(hdr.freemap\[0-2] = \[base,size]).*/\1 [FREEMAP..]/; diff --git a/tests/xfs/122.out b/tests/xfs/122.out index 3a99ce77bb..ff886b4eec 100644 --- a/tests/xfs/122.out +++ b/tests/xfs/122.out @@ -141,6 +141,7 @@ sizeof(struct xfs_scrub_vec) = 16 sizeof(struct xfs_scrub_vec_head) = 32 sizeof(struct xfs_swap_extent) = 64 sizeof(struct xfs_unmount_log_format) = 8 +sizeof(struct xfs_verity_merkle_key) = 8 sizeof(struct xfs_xmd_log_format) = 16 sizeof(struct xfs_xmi_log_format) = 80 sizeof(union xfs_rtword_raw) = 4 From patchwork Sun Mar 17 16:39:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13594740 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 39AF41CA87; Sun, 17 Mar 2024 16:39:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710693590; cv=none; b=TTPkTsTtu0JkZJT0nhmUReXUOG2JPBmDcetgCx/74lJveu9UCsPuwuZt54juiIW+l96iDnQsHiGrmktDM2AM/4bG0oylanriT5gPCQ4vPjn5ZIHSz1avfWMs2OTVFNQsOhKgcSXcSNA/59lNNhtpyspQ6l5apn2Wv7/xIG5pOE8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710693590; c=relaxed/simple; bh=tbVDTT9yipK8GZjcwshsu0g1SJYd7tjWpGAO062ZMTU=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=dpJJICbxbdTzQyPTjsnEA2/FFb+q28V/kWh6ZUpRqzI/gTsdY+UIEZ3WKqHOLXQtwT1cb+ECiLJrq3wi2ntLszRNLJXG16xf7YJsqz/BAqpVJRIoYKqnRAfTet2zKkhcD0F/K7l1MDpF/yJkN+Hq+MBwtcV7NC0VkT8+mbqvoXw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=qNQ9V18F; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="qNQ9V18F" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0D792C433C7; Sun, 17 Mar 2024 16:39:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1710693590; bh=tbVDTT9yipK8GZjcwshsu0g1SJYd7tjWpGAO062ZMTU=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=qNQ9V18FxZtfv39DzSiuY3D67+/ix2uDsFUVsUZEtI8gvghBA1+c61dhlGFjcuqid pCPP/lmxiu40cfSTGyGj+E9y6wxtGeWwKWNUNJjZEvD7d+Bxdhay+fxNLlf1jpRclo drgVIpY2BnIKg3lRBDaNy/NqjL1X0CCycnZKpFyrJbc3K1HHVTjFRna3pICe9F/P5N 0Gctmq9D/fsPdcNUr2dCVzxq3b6JZXEf/B+Se91heN5Q5nOe+sqVn33LhiwkEEiofp 3u6BwNEmXTOInzYKM5FuhwToUA/pld8bT9k7z0C+UEt/GPmqnXjWYUwYWjwNi1DSB9 TEkVNQs+yXzgw== Date: Sun, 17 Mar 2024 09:39:49 -0700 Subject: [PATCH 3/3] common/populate: add verity files to populate xfs images From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, djwong@kernel.org, zlang@redhat.com Cc: fsverity@lists.linux.dev, fstests@vger.kernel.org, linux-fsdevel@vger.kernel.org, guan@eryu.me, linux-xfs@vger.kernel.org Message-ID: <171069248879.2687004.6949510262710192001.stgit@frogsfrogsfrogs> In-Reply-To: <171069248832.2687004.7611830288449050659.stgit@frogsfrogsfrogs> References: <171069248832.2687004.7611830288449050659.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong If verity is enabled on a filesystem, we should create some sample verity files. Signed-off-by: Darrick J. Wong --- common/populate | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/common/populate b/common/populate index 35071f4210..3f3ec0480d 100644 --- a/common/populate +++ b/common/populate @@ -520,6 +520,27 @@ _scratch_xfs_populate() { done fi + # verity merkle trees + is_verity="$(_xfs_has_feature "$SCRATCH_MNT" verity -v)" + if [ $is_verity -gt 0 ]; then + echo "+ fsverity" + + # Create a biggish file with all zeroes, because metadump + # won't preserve data blocks and we don't want the hashes to + # stop working for our sample fs. + for ((pos = 0, i = 88; pos < 23456789; pos += 234567, i++)); do + $XFS_IO_PROG -f -c "pwrite -S 0 $pos 234567" "$SCRATCH_MNT/verity" + done + + fsverity enable "$SCRATCH_MNT/verity" + + # Create a sparse file + $XFS_IO_PROG -f -c "pwrite -S 0 0 3" "$SCRATCH_MNT/sparse_verity" + truncate -s 23456789 "$SCRATCH_MNT/sparse_verity" + $XFS_IO_PROG -f -c "pwrite -S 0 23456789 3" "$SCRATCH_MNT/sparse_verity" + fsverity enable "$SCRATCH_MNT/sparse_verity" + fi + # Copy some real files (xfs tests, I guess...) echo "+ real files" test $fill -ne 0 && __populate_fill_fs "${SCRATCH_MNT}" 5