From patchwork Sun Dec 29 13:39:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13922697 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4C0FA1531C8 for ; Sun, 29 Dec 2024 13:39:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479595; cv=none; b=iKB9LnuDBBqRv169UTFgnSJvRvEQ+8qws+vt6EhbR8zaEOVz9VptUjn7cn95TQFUHZLFjmp64tB9BMllpI5CeGDk5fR/4m4sJYCQi2oSdCEV+LpU5ezzdQJzbfaiIQVbuh3itPLs7Bn1EIXPjweDvhJIL1Zl9UxWyF1ziByP+84= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479595; c=relaxed/simple; bh=ury2ZCpj2oRDcCXM3o8wbv9LWfBQM6b+c55TqhEj7Uk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=sV0pSxCUREB/+1A8Q5XG4kv1UbrevTI9jvIspFezc7RJnpwKaXbxTjmHvAygE1fCTETv3wzUEQj3PUVZ4PaDAIRiM7Y4F69wiknOJKIIMrHuNOpwP8zFPCUYCmk8syd7/NsvDJNSu8RACnQIbINjFDiogF1UDTmOA1+EqM2f00Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=ifhf5aZm; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="ifhf5aZm" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1735479593; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CLPzSOF171L8Iu/G0j9B+HGWnH9fS6NCxkJyAqZgWlA=; b=ifhf5aZm0jRKzRtPoTjDhLNsvo2oYEPj+9PFTvdT/iN1Y+H2tdTcxKTLGGMkmHCnhCTLMW ljHFdp/HuI+pNXHq5FggjktdkYuKdgPHs1JrWgfTQ+FBN0oOUJlrtRonbjiZqPlo+w4WAZ 0zcWRpxTPQFyL3ShoiavTlAe0NXO30M= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-121-cLkAsdb7OT6X-9zdatwkvQ-1; Sun, 29 Dec 2024 08:39:52 -0500 X-MC-Unique: cLkAsdb7OT6X-9zdatwkvQ-1 X-Mimecast-MFC-AGG-ID: cLkAsdb7OT6X-9zdatwkvQ Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-aaf5cb29e46so12505866b.0 for ; Sun, 29 Dec 2024 05:39:52 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735479590; x=1736084390; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CLPzSOF171L8Iu/G0j9B+HGWnH9fS6NCxkJyAqZgWlA=; b=dMhanHgwrXMfJtxXHmCdfN69LYLLp8ap+U5iIaMSWk09mnXn05xJWb5uZ5Fj+Bu5jV culE8tTBsvlmU9LD7CrYx7BKCQbWi1pQtkbGQz5HlK/1pbfhOamVXKqLF2B8pffkaeGn vlGwMyS0EinKVXlxtmampa5vlAqSGOxafRYohLfT107hwKGeQ+auY6lEooMpU9otHiKu RCfMKCIogFJVAHCYftoSUL5FILnjpYA6aG/1SKeghD2hfYVKUvVrsKoxTsOouf/45ujO 1yjecGTZv/d+/9gNiHroi/PWOyJGd8iV7ub9m+Tu0ygp4mnRWctKpsrjrDh1MqA4BpqI +F4Q== X-Gm-Message-State: AOJu0YzmfIPLS0wLHCR2VJQaen0a3Ix0XGzsz6ZIz0fJg1miBpu3Ybxv k3bGLYg/2ZpDhfE0Q4e2fAmopmr5MsciA23Jz5RYFZ5A4J22jZlmcRGb+/KJpLvssPlbAcZzpn5 1J1tUGif5dhfWAMkmQv2x+Gl0N04bxCJOKhYf9sfNr9UzfuqVBS+ybo3Z2tAtscHg4n2EBT5nQE mQgvFDz1WhY2AdY6bstV3vZrcj+pjAztJhIrzSNi5s X-Gm-Gg: ASbGncvbz/GQN/a9tvJD9K8ZHJcMDW8MIGFSOMeHw4puvKJNSGZXAdBBhrem5SOJQw9 WgqFflmpNAbiWQ8jCwYW980wAWbPfTbEKUAcm+v1LOe3DIRRoen4/zLmm2/tsY1OY4mI8AaV9El +JDc8ppxWH92qutulamrwsZ36alOCO2F8B8THuDqfsPa8S+ptmgwvLIhFVwyKJHTEDEZ3SU33QF zh2epBJG8IZpj6AUv2q//WDDeJ4NibgGC1NesMhWN+bqlz+IWehOMc16MwU9idAkXBNrztGKoJV qFFwFZw1vz3LsF8= X-Received: by 2002:a17:907:d1c:b0:aa6:aa8a:9088 with SMTP id a640c23a62f3a-aac3444a76emr2228122866b.41.1735479590063; Sun, 29 Dec 2024 05:39:50 -0800 (PST) X-Google-Smtp-Source: AGHT+IEzY+7C/XPhmsKHPWy/qsSLuAQm5PP5QPsjKDP5vlNKue3XkJEI6ixgNc7tD0rkZsGSODcgmw== X-Received: by 2002:a17:907:d1c:b0:aa6:aa8a:9088 with SMTP id a640c23a62f3a-aac3444a76emr2228120266b.41.1735479589536; Sun, 29 Dec 2024 05:39:49 -0800 (PST) Received: from thinky.redhat.com (ip-217-030-074-039.aim-net.cz. [217.30.74.39]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aac0f070a7bsm1355017766b.201.2024.12.29.05.39.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Dec 2024 05:39:49 -0800 (PST) From: Andrey Albershteyn X-Google-Original-From: Andrey Albershteyn To: linux-xfs@vger.kernel.org Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de, Andrey Albershteyn Subject: [PATCH 01/24] fs: add FS_XFLAG_VERITY for verity files Date: Sun, 29 Dec 2024 14:39:04 +0100 Message-ID: <20241229133927.1194609-2-aalbersh@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org> References: <20241229133350.1192387-1-aalbersh@kernel.org> <20241229133927.1194609-1-aalbersh@kernel.org> Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Andrey Albershteyn Add extended attribute FS_XFLAG_VERITY for inodes with fs-verity enabled. Signed-off-by: Andrey Albershteyn [djwong: fix broken verity flag checks] Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong --- Documentation/filesystems/fsverity.rst | 8 ++++++++ fs/ioctl.c | 11 +++++++++++ include/uapi/linux/fs.h | 1 + 3 files changed, 20 insertions(+) diff --git a/Documentation/filesystems/fsverity.rst b/Documentation/filesystems/fsverity.rst index 76e538217868..ea4ab52b6598 100644 --- a/Documentation/filesystems/fsverity.rst +++ b/Documentation/filesystems/fsverity.rst @@ -336,6 +336,14 @@ the file has fs-verity enabled. This can perform better than FS_IOC_GETFLAGS and FS_IOC_MEASURE_VERITY because it doesn't require opening the file, and opening verity files can be expensive. +FS_IOC_FSGETXATTR +----------------- + +Since Linux v6.9, the FS_IOC_FSGETXATTR ioctl sets FS_XFLAG_VERITY (0x00020000) +in the returned flags when the file has verity enabled. Note that this attribute +cannot be set with FS_IOC_FSSETXATTR as enabling verity requires input +parameters. See FS_IOC_ENABLE_VERITY. + .. _accessing_verity_files: Accessing verity files diff --git a/fs/ioctl.c b/fs/ioctl.c index 638a36be31c1..3484941ec30d 100644 --- a/fs/ioctl.c +++ b/fs/ioctl.c @@ -480,6 +480,8 @@ void fileattr_fill_xflags(struct fileattr *fa, u32 xflags) fa->flags |= FS_DAX_FL; if (fa->fsx_xflags & FS_XFLAG_PROJINHERIT) fa->flags |= FS_PROJINHERIT_FL; + if (fa->fsx_xflags & FS_XFLAG_VERITY) + fa->flags |= FS_VERITY_FL; } EXPORT_SYMBOL(fileattr_fill_xflags); @@ -510,6 +512,8 @@ void fileattr_fill_flags(struct fileattr *fa, u32 flags) fa->fsx_xflags |= FS_XFLAG_DAX; if (fa->flags & FS_PROJINHERIT_FL) fa->fsx_xflags |= FS_XFLAG_PROJINHERIT; + if (fa->flags & FS_VERITY_FL) + fa->fsx_xflags |= FS_XFLAG_VERITY; } EXPORT_SYMBOL(fileattr_fill_flags); @@ -640,6 +644,13 @@ static int fileattr_set_prepare(struct inode *inode, !(S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode))) return -EINVAL; + /* + * Verity cannot be changed through FS_IOC_FSSETXATTR/FS_IOC_SETFLAGS. + * See FS_IOC_ENABLE_VERITY. + */ + if ((fa->fsx_xflags ^ old_ma->fsx_xflags) & FS_XFLAG_VERITY) + return -EINVAL; + /* Extent size hints of zero turn off the flags. */ if (fa->fsx_extsize == 0) fa->fsx_xflags &= ~(FS_XFLAG_EXTSIZE | FS_XFLAG_EXTSZINHERIT); diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h index 753971770733..803f1c47f187 100644 --- a/include/uapi/linux/fs.h +++ b/include/uapi/linux/fs.h @@ -158,6 +158,7 @@ struct fsxattr { #define FS_XFLAG_FILESTREAM 0x00004000 /* use filestream allocator */ #define FS_XFLAG_DAX 0x00008000 /* use DAX for IO */ #define FS_XFLAG_COWEXTSIZE 0x00010000 /* CoW extent size allocator hint */ +#define FS_XFLAG_VERITY 0x00020000 /* fs-verity enabled */ #define FS_XFLAG_HASATTR 0x80000000 /* no DIFLAG for this */ /* the read-only stuff doesn't really belong here, but any other place is From patchwork Sun Dec 29 13:39:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13922698 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D3EB015820C for ; Sun, 29 Dec 2024 13:39:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479596; cv=none; b=kQZhc5Cdow90IdEy8YFS7+ezTOr6oOg2D/XfpjPcBJbcnXCgPFPx27+puKEU4OvHgVYMqai6PxJ2BghT6qnRmI6EDUAzePFjHAFd+slZKpm6dqcsj42VI9F4y9H0mQIyfuj3uyU/kXSE0iSevQHhJ6BVa03kb9SyuqrCAzHcqMY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479596; c=relaxed/simple; bh=clwKI/CoxNJf6c+DASnqNhBJAYjjidaK4A5ZxUeAbJc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=EVj0wJJXS6JB9YIc7MTt8dnfUEYge8k48TmsTqWpBe/pz5MVONEgMHIc6KUteE/SQgUrv42OljPhvNb3W3pPJOj/ujmoFPBN/1p3ItdsY+vs7lvq50xpjKAqAbKv45GBFe7ien1WQDTY6UrJocYiekl9eZ5DQEZfc3SiRSG8nZ8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=dSj12onI; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="dSj12onI" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1735479594; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fDcnlmN5z1C4hB5ZDM4Cxn9hBX+7G2B1kPIQLTQvAnA=; b=dSj12onIHacZyJwarCVt/7+KBS6vsMIMFc+sxIO2Xi2CYj9EOqzfwelOYzQqjQJzsOKLcE 3pJlPyZShp7S7Ua+GTv7rkzr7kyG4SPjgXHdKYhNuY+7Uo0lcjp9o3gr3lfs6I0pi0RAlx DxJ9gh6nUaO+TJXa+omlNFl3yJjR8u4= Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com [209.85.208.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-228-Gztw198GNHCjgJCfyr-4gA-1; Sun, 29 Dec 2024 08:39:52 -0500 X-MC-Unique: Gztw198GNHCjgJCfyr-4gA-1 X-Mimecast-MFC-AGG-ID: Gztw198GNHCjgJCfyr-4gA Received: by mail-ed1-f72.google.com with SMTP id 4fb4d7f45d1cf-5d3d2d60d3fso967357a12.3 for ; Sun, 29 Dec 2024 05:39:52 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735479591; x=1736084391; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fDcnlmN5z1C4hB5ZDM4Cxn9hBX+7G2B1kPIQLTQvAnA=; b=YSUunYCUliQFJTS+KQc1FKIGRIQMUT10bK69ov3NoYW9Yrw8151vQTF2aI2h1R/C1d Lwt0Vbwh8JG4I4GHflxhAveIwItRz831jR7ifGOMlKE2A4t4CQtwN+Plgfuj/Ll3TYdS PugBgvg/dzLSWgi09WllTtJNzxZdFDdSKIrkaOoSgVQs+VR5eLIGUr5bu69pscx2ICwa O9EkfkAYAyhuZG6lWzKjkkNwnnJvwQpYo4UiKyyHJ/vNvAinVEp1hig+XpxCv/4B/6I7 FhEarCcaWr/26z9Dk9XM13ommO1SdrowxqwnhHn9lpzYSXjgdtlOho6GpNwb1/Z0UexC urQw== X-Gm-Message-State: AOJu0YwlPZUhY5Z9wMM/3wXsnrWg4Rq/lLaeH5pZ3SaeJmQ2+2f6x9/1 ztjpVjeVaV3FVhgHaV4AmvhxhY+MY5jnUMb1mayeZ2MDmYioubmqiyDrysCFuL8+GKA8L+HoZTh BMjsqDOAv+8ptvdgPjjkRFhxGpVoYR9whTcbb2Ylaz4dgeVWK2N/DqwaECKmiV0w4U83omA8aSm TgXGXx1c4kuQp0e7ZvGhXJ9vrrSX7JjYiEagyMFdF6 X-Gm-Gg: ASbGncsdpXuSDOrlOlNJ/N/jyzMnUp6AZqemb/jYM2rj8um79DfpQRuJmMBz5W8DrlP 9YcXTfa+8hfTRTfHq0fSeeTxbo2oAHlyTKuNGlOZGuDJA6I1oXdwNpDfjlZs5sauVx6MkUV6W8M zCJQiaMzjcz6nM1IyxF25ArUeD6f3X03DIhImOZjPdYbkxkz8UD0I583+5AcSzrxUV8Y2k+pR4b afN0V7ckRNhH+65zoX4G7AodkFxXey58n2NZWElwljbiJkK+fNOfulVeMQhkQTuwkuMNEZRzyLl sw6ujgLxE5/rZcc= X-Received: by 2002:a17:907:60d2:b0:aa6:7933:8b26 with SMTP id a640c23a62f3a-aac27028437mr2740263866b.9.1735479590755; Sun, 29 Dec 2024 05:39:50 -0800 (PST) X-Google-Smtp-Source: AGHT+IHiJTMEbj1ID4N+/KKZfTGw2gL2g2DEqKO8pQbk9R0BxpuRcesrZO47vcvoKyxWw5kTem9TGA== X-Received: by 2002:a17:907:60d2:b0:aa6:7933:8b26 with SMTP id a640c23a62f3a-aac27028437mr2740261566b.9.1735479590363; Sun, 29 Dec 2024 05:39:50 -0800 (PST) Received: from thinky.redhat.com (ip-217-030-074-039.aim-net.cz. [217.30.74.39]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aac0f070a7bsm1355017766b.201.2024.12.29.05.39.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Dec 2024 05:39:49 -0800 (PST) From: Andrey Albershteyn X-Google-Original-From: Andrey Albershteyn To: linux-xfs@vger.kernel.org Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de, Andrey Albershteyn Subject: [PATCH 02/24] fsverity: pass tree_blocksize to end_enable_verity() Date: Sun, 29 Dec 2024 14:39:05 +0100 Message-ID: <20241229133927.1194609-3-aalbersh@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org> References: <20241229133350.1192387-1-aalbersh@kernel.org> <20241229133927.1194609-1-aalbersh@kernel.org> Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Andrey Albershteyn XFS will need to know tree_blocksize to remove the tree in case of an error. The size is needed to calculate offsets of particular Merkle tree blocks. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong [djwong: I put ebiggers' suggested changes in a separate patch] Signed-off-by: Darrick J. Wong --- fs/btrfs/verity.c | 4 +++- fs/ext4/verity.c | 3 ++- fs/f2fs/verity.c | 3 ++- fs/verity/enable.c | 6 ++++-- include/linux/fsverity.h | 4 +++- 5 files changed, 14 insertions(+), 6 deletions(-) diff --git a/fs/btrfs/verity.c b/fs/btrfs/verity.c index e97ad824ae16..dc142c4b24dc 100644 --- a/fs/btrfs/verity.c +++ b/fs/btrfs/verity.c @@ -620,6 +620,7 @@ static int btrfs_begin_enable_verity(struct file *filp) * @desc: verity descriptor to write out (NULL in error conditions) * @desc_size: size of the verity descriptor (variable with signatures) * @merkle_tree_size: size of the merkle tree in bytes + * @tree_blocksize: the Merkle tree block size * * If desc is null, then VFS is signaling an error occurred during verity * enable, and we should try to rollback. Otherwise, attempt to finish verity. @@ -627,7 +628,8 @@ static int btrfs_begin_enable_verity(struct file *filp) * Returns 0 on success, negative error code on error. */ static int btrfs_end_enable_verity(struct file *filp, const void *desc, - size_t desc_size, u64 merkle_tree_size) + size_t desc_size, u64 merkle_tree_size, + unsigned int tree_blocksize) { struct btrfs_inode *inode = BTRFS_I(file_inode(filp)); int ret = 0; diff --git a/fs/ext4/verity.c b/fs/ext4/verity.c index d9203228ce97..839ebf7d42ca 100644 --- a/fs/ext4/verity.c +++ b/fs/ext4/verity.c @@ -189,7 +189,8 @@ static int ext4_write_verity_descriptor(struct inode *inode, const void *desc, } static int ext4_end_enable_verity(struct file *filp, const void *desc, - size_t desc_size, u64 merkle_tree_size) + size_t desc_size, u64 merkle_tree_size, + unsigned int tree_blocksize) { struct inode *inode = file_inode(filp); const int credits = 2; /* superblock and inode for ext4_orphan_del() */ diff --git a/fs/f2fs/verity.c b/fs/f2fs/verity.c index 2287f238ae09..ff9308ca04aa 100644 --- a/fs/f2fs/verity.c +++ b/fs/f2fs/verity.c @@ -144,7 +144,8 @@ static int f2fs_begin_enable_verity(struct file *filp) } static int f2fs_end_enable_verity(struct file *filp, const void *desc, - size_t desc_size, u64 merkle_tree_size) + size_t desc_size, u64 merkle_tree_size, + unsigned int tree_blocksize) { struct inode *inode = file_inode(filp); struct f2fs_sb_info *sbi = F2FS_I_SB(inode); diff --git a/fs/verity/enable.c b/fs/verity/enable.c index c284f46d1b53..04e060880b79 100644 --- a/fs/verity/enable.c +++ b/fs/verity/enable.c @@ -274,7 +274,8 @@ static int enable_verity(struct file *filp, * Serialized with ->begin_enable_verity() by the inode lock. */ inode_lock(inode); - err = vops->end_enable_verity(filp, desc, desc_size, params.tree_size); + err = vops->end_enable_verity(filp, desc, desc_size, params.tree_size, + params.block_size); inode_unlock(inode); if (err) { fsverity_err(inode, "%ps() failed with err %d", @@ -300,7 +301,8 @@ static int enable_verity(struct file *filp, rollback: inode_lock(inode); - (void)vops->end_enable_verity(filp, NULL, 0, params.tree_size); + (void)vops->end_enable_verity(filp, NULL, 0, params.tree_size, + params.block_size); inode_unlock(inode); goto out; } diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h index 1eb7eae580be..ac58b19f23d3 100644 --- a/include/linux/fsverity.h +++ b/include/linux/fsverity.h @@ -51,6 +51,7 @@ struct fsverity_operations { * @desc: the verity descriptor to write, or NULL on failure * @desc_size: size of verity descriptor, or 0 on failure * @merkle_tree_size: total bytes the Merkle tree took up + * @tree_blocksize: the Merkle tree block size * * If desc == NULL, then enabling verity failed and the filesystem only * must do any necessary cleanups. Else, it must also store the given @@ -65,7 +66,8 @@ struct fsverity_operations { * Return: 0 on success, -errno on failure */ int (*end_enable_verity)(struct file *filp, const void *desc, - size_t desc_size, u64 merkle_tree_size); + size_t desc_size, u64 merkle_tree_size, + unsigned int tree_blocksize); /** * Get the verity descriptor of the given inode. From patchwork Sun Dec 29 13:39:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13922699 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E89A515820C for ; Sun, 29 Dec 2024 13:39:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479598; cv=none; b=lJTTsamSaB9xRbGrUvS1gSCcmpS6JQErpdauCVMPULEbnFG7W1aD2GWKsF0kYh+pvjdxZ6uopKiIFBu4wIbVdH8DfknrQj+epfPj8ytqxNRpjYE6uS+uL8q9cEG5oi4fRky9eVQKKR5+LcNYlloqH9+4fAwvsMdaW2c7Kje+yWU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479598; c=relaxed/simple; bh=z3WWgutTJCzUozrBtuUrdSjR344jzF9uMNESBKX3gCU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=a3DQMVwbbx6Iv/Yi5Hw77mrZCczGem0g4s/zpGHWSfh6fF85+5d1evY64RCAKuReJJh5R9whVMiWMRGmZ2+OZsS5UsLvEMnZRpevsZTDHnMaln/gSACDNIsF2geMQ7IFWnz7yuN2YGNmy9zAmXbs6f3eB+TL65GuxwfqyxOxakM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=ernwytzm; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="ernwytzm" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1735479596; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=m0MBuGNI6HR7jmCAEhKFjjSPTPJAQEO92w7mKWia3t0=; b=ernwytzmnyJ90vSDyzgsK4bXzKK3eOjnZ4Ath9/9L7M8I+yvroCb7zbCewufeZRnBMn/LY mufR5kmFGTTUlSu/CTbqpHVkj0AckNVahtm+As9IB9bWUiJGGeRFeL10VEQgQ3j7QSj8Y+ 5l6fuzfywHkTl7kaPPU2MG9bvEHY0vc= Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-46-rpol3eXmPayTd2TrhR7q4A-1; Sun, 29 Dec 2024 08:39:54 -0500 X-MC-Unique: rpol3eXmPayTd2TrhR7q4A-1 X-Mimecast-MFC-AGG-ID: rpol3eXmPayTd2TrhR7q4A Received: by mail-ed1-f70.google.com with SMTP id 4fb4d7f45d1cf-5d3eea3b9aaso7093125a12.1 for ; Sun, 29 Dec 2024 05:39:54 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735479593; x=1736084393; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=m0MBuGNI6HR7jmCAEhKFjjSPTPJAQEO92w7mKWia3t0=; b=KFnu+sbqhhxorAgrxoXSW1/3jLRpZdD5xiEFnfTI/ySEriU4tezFRenFrLGSgfoYo6 L/iigRvIWAPh52wC/YD2YWZthcrYTXNPHBVU7plii2uxgdz0WG48m7q4RSOu3G3/Em8J fEDkSsMYjL7sKC2Rq7M/sYiOqUEKR2lSfm9yiyC2dBfHi0kimdCfI5oRUdQCyVOk3rrV zTNfETX42YMAnGkQlOSHxRF5bn19crHlE00hYncdrplb5FkL6P2aMCM+leG3io7W978K dMc3oGGkehH9C7KauATtzECbKT7I7I7UJzjCGgmoqzECak0Vwg8lNaY7K4MkA6ajFQlU YChQ== X-Gm-Message-State: AOJu0YzMkBeDVqGQdY3bF7sgNWqrW0b785GdszL6Bcq+6WPFrDXzqcAP rvcjStSwfLLbLL4K7paTz7uvCdXp3z5VgRTYnnQcA6mzjgU7m7hYztnFidT6mrsZCctprxVR+E4 JeNvUuokFh3rPI2YNFAIzQ6AkjO8+lyq0pdf+1XLFv8B1LThgyOdOWDt53ZQmoAazi59Wci4MB/ O+gPB1ztYohUQcQsufBmRMRmQC4d67QOB9vS4ktm3B X-Gm-Gg: ASbGnctdlxMgQLmUbckdQFjUbT1C101kchFspxE7bqh8rY1oJSUAmY0M6O8TJU7LglF YDgucJEfiSxS7Hjq3PHlkuMXCcdYKgu1PQsO7rGJwulxaS70b9mtg0FEDXNMq6D+cNEmwB7B8kg gloPinIm5dsaB15GnjgZQfUDZ8yb0PLsoZ5NOUCwIroF9nGqfRZ+jgviw1CCW4Sp5JsGtd59a0F 5CPZi11l0EhzoXVUI+LLKlbRb4krpast32fpNfnFDwL2mxgZV8VyQoljS4r3rOYZgJJAhkgVQz4 AKwg/ASMV+SEs/E= X-Received: by 2002:a05:6402:4405:b0:5d2:7199:ac2 with SMTP id 4fb4d7f45d1cf-5d81dd83e12mr76534282a12.2.1735479592731; Sun, 29 Dec 2024 05:39:52 -0800 (PST) X-Google-Smtp-Source: AGHT+IGurAbU87sITgKNnfB7hWEP7sDCOuMcwDVDAwR6BNA6+XSHp4ZSvKgnItEZxApcRLKGWKNrvQ== X-Received: by 2002:a05:6402:4405:b0:5d2:7199:ac2 with SMTP id 4fb4d7f45d1cf-5d81dd83e12mr76534210a12.2.1735479592250; Sun, 29 Dec 2024 05:39:52 -0800 (PST) Received: from thinky.redhat.com (ip-217-030-074-039.aim-net.cz. [217.30.74.39]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aac0f070a7bsm1355017766b.201.2024.12.29.05.39.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Dec 2024 05:39:50 -0800 (PST) From: Andrey Albershteyn X-Google-Original-From: Andrey Albershteyn To: linux-xfs@vger.kernel.org Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de, Andrey Albershteyn Subject: [PATCH 03/24] fsverity: add tracepoints Date: Sun, 29 Dec 2024 14:39:06 +0100 Message-ID: <20241229133927.1194609-4-aalbersh@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org> References: <20241229133350.1192387-1-aalbersh@kernel.org> <20241229133927.1194609-1-aalbersh@kernel.org> Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Andrey Albershteyn fs-verity previously had debug printk but it was removed. This patch adds trace points to the same places where printk were used (with a few additional ones). Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong [djwong: fix formatting] Signed-off-by: Darrick J. Wong --- MAINTAINERS | 1 + fs/verity/enable.c | 4 + fs/verity/fsverity_private.h | 2 + fs/verity/init.c | 1 + fs/verity/verify.c | 8 ++ include/trace/events/fsverity.h | 143 ++++++++++++++++++++++++++++++++ 6 files changed, 159 insertions(+) create mode 100644 include/trace/events/fsverity.h diff --git a/MAINTAINERS b/MAINTAINERS index e6e71b05710b..62ec363f3b6b 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -9394,6 +9394,7 @@ T: git https://git.kernel.org/pub/scm/fs/fsverity/linux.git F: Documentation/filesystems/fsverity.rst F: fs/verity/ F: include/linux/fsverity.h +F: include/trace/events/fsverity.h F: include/uapi/linux/fsverity.h FT260 FTDI USB-HID TO I2C BRIDGE DRIVER diff --git a/fs/verity/enable.c b/fs/verity/enable.c index 04e060880b79..9f743f916010 100644 --- a/fs/verity/enable.c +++ b/fs/verity/enable.c @@ -227,6 +227,8 @@ static int enable_verity(struct file *filp, if (err) goto out; + trace_fsverity_enable(inode, ¶ms); + /* * Start enabling verity on this file, serialized by the inode lock. * Fail if verity is already enabled or is already being enabled. @@ -269,6 +271,8 @@ static int enable_verity(struct file *filp, goto rollback; } + trace_fsverity_tree_done(inode, vi, ¶ms); + /* * Tell the filesystem to finish enabling verity on the file. * Serialized with ->begin_enable_verity() by the inode lock. diff --git a/fs/verity/fsverity_private.h b/fs/verity/fsverity_private.h index b3506f56e180..04dd471d791c 100644 --- a/fs/verity/fsverity_private.h +++ b/fs/verity/fsverity_private.h @@ -154,4 +154,6 @@ static inline void fsverity_init_signature(void) void __init fsverity_init_workqueue(void); +#include + #endif /* _FSVERITY_PRIVATE_H */ diff --git a/fs/verity/init.c b/fs/verity/init.c index f440f0e61e3e..43f18914a6cd 100644 --- a/fs/verity/init.c +++ b/fs/verity/init.c @@ -5,6 +5,7 @@ * Copyright 2019 Google LLC */ +#define CREATE_TRACE_POINTS #include "fsverity_private.h" #include diff --git a/fs/verity/verify.c b/fs/verity/verify.c index 4fcad0825a12..25fb795655e9 100644 --- a/fs/verity/verify.c +++ b/fs/verity/verify.c @@ -109,6 +109,9 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, /* Byte offset of the wanted hash relative to @addr */ unsigned int hoffset; } hblocks[FS_VERITY_MAX_LEVELS]; + + trace_fsverity_verify_data_block(inode, params, data_pos); + /* * The index of the previous level's block within that level; also the * index of that block's hash within the current level. @@ -184,6 +187,9 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, want_hash = _want_hash; kunmap_local(haddr); put_page(hpage); + trace_fsverity_merkle_hit(inode, data_pos, hblock_idx, + level, + hoffset >> params->log_digestsize); goto descend; } hblocks[level].page = hpage; @@ -219,6 +225,8 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, want_hash = _want_hash; kunmap_local(haddr); put_page(hpage); + trace_fsverity_verify_merkle_block(inode, hblock_idx, + level, hoffset >> params->log_digestsize); } /* Finally, verify the data block. */ diff --git a/include/trace/events/fsverity.h b/include/trace/events/fsverity.h new file mode 100644 index 000000000000..dab220884b89 --- /dev/null +++ b/include/trace/events/fsverity.h @@ -0,0 +1,143 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#undef TRACE_SYSTEM +#define TRACE_SYSTEM fsverity + +#if !defined(_TRACE_FSVERITY_H) || defined(TRACE_HEADER_MULTI_READ) +#define _TRACE_FSVERITY_H + +#include + +struct fsverity_descriptor; +struct merkle_tree_params; +struct fsverity_info; + +TRACE_EVENT(fsverity_enable, + TP_PROTO(const struct inode *inode, + const struct merkle_tree_params *params), + TP_ARGS(inode, params), + TP_STRUCT__entry( + __field(ino_t, ino) + __field(u64, data_size) + __field(unsigned int, block_size) + __field(unsigned int, num_levels) + __field(u64, tree_size) + ), + TP_fast_assign( + __entry->ino = inode->i_ino; + __entry->data_size = i_size_read(inode); + __entry->block_size = params->block_size; + __entry->num_levels = params->num_levels; + __entry->tree_size = params->tree_size; + ), + TP_printk("ino %lu data size %llu tree size %llu block size %u levels %u", + (unsigned long) __entry->ino, + __entry->data_size, + __entry->tree_size, + __entry->block_size, + __entry->num_levels) +); + +TRACE_EVENT(fsverity_tree_done, + TP_PROTO(const struct inode *inode, const struct fsverity_info *vi, + const struct merkle_tree_params *params), + TP_ARGS(inode, vi, params), + TP_STRUCT__entry( + __field(ino_t, ino) + __field(unsigned int, levels) + __field(unsigned int, block_size) + __field(u64, tree_size) + __dynamic_array(u8, root_hash, params->digest_size) + __dynamic_array(u8, file_digest, params->digest_size) + ), + TP_fast_assign( + __entry->ino = inode->i_ino; + __entry->levels = params->num_levels; + __entry->block_size = params->block_size; + __entry->tree_size = params->tree_size; + memcpy(__get_dynamic_array(root_hash), vi->root_hash, __get_dynamic_array_len(root_hash)); + memcpy(__get_dynamic_array(file_digest), vi->file_digest, __get_dynamic_array_len(file_digest)); + ), + TP_printk("ino %lu levels %d block_size %d tree_size %lld root_hash %s digest %s", + (unsigned long) __entry->ino, + __entry->levels, + __entry->block_size, + __entry->tree_size, + __print_hex_str(__get_dynamic_array(root_hash), __get_dynamic_array_len(root_hash)), + __print_hex_str(__get_dynamic_array(file_digest), __get_dynamic_array_len(file_digest))) +); + +TRACE_EVENT(fsverity_verify_data_block, + TP_PROTO(const struct inode *inode, + const struct merkle_tree_params *params, + u64 data_pos), + TP_ARGS(inode, params, data_pos), + TP_STRUCT__entry( + __field(ino_t, ino) + __field(u64, data_pos) + __field(unsigned int, block_size) + ), + TP_fast_assign( + __entry->ino = inode->i_ino; + __entry->data_pos = data_pos; + __entry->block_size = params->block_size; + ), + TP_printk("ino %lu pos %lld merkle_blocksize %u", + (unsigned long) __entry->ino, + __entry->data_pos, + __entry->block_size) +); + +TRACE_EVENT(fsverity_merkle_hit, + TP_PROTO(const struct inode *inode, u64 data_pos, + unsigned long hblock_idx, unsigned int level, + unsigned int hidx), + TP_ARGS(inode, data_pos, hblock_idx, level, hidx), + TP_STRUCT__entry( + __field(ino_t, ino) + __field(u64, data_pos) + __field(unsigned long, hblock_idx) + __field(unsigned int, level) + __field(unsigned int, hidx) + ), + TP_fast_assign( + __entry->ino = inode->i_ino; + __entry->data_pos = data_pos; + __entry->hblock_idx = hblock_idx; + __entry->level = level; + __entry->hidx = hidx; + ), + TP_printk("ino %lu data_pos %llu hblock_idx %lu level %u hidx %u", + (unsigned long) __entry->ino, + __entry->data_pos, + __entry->hblock_idx, + __entry->level, + __entry->hidx) +); + +TRACE_EVENT(fsverity_verify_merkle_block, + TP_PROTO(const struct inode *inode, unsigned long index, + unsigned int level, unsigned int hidx), + TP_ARGS(inode, index, level, hidx), + TP_STRUCT__entry( + __field(ino_t, ino) + __field(unsigned long, index) + __field(unsigned int, level) + __field(unsigned int, hidx) + ), + TP_fast_assign( + __entry->ino = inode->i_ino; + __entry->index = index; + __entry->level = level; + __entry->hidx = hidx; + ), + TP_printk("ino %lu index %lu level %u hidx %u", + (unsigned long) __entry->ino, + __entry->index, + __entry->level, + __entry->hidx) +); + +#endif /* _TRACE_FSVERITY_H */ + +/* This part must be outside protection */ +#include From patchwork Sun Dec 29 13:39:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13922700 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A8D47172767 for ; Sun, 29 Dec 2024 13:39:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479600; cv=none; b=TjNP+uzU065XyRpqk95xHzTCzGgnubXpiSS+WEStVoXRq9G2maJ412WLsyVqeLfZmZtEgLYBPR+x7Rw5ng966POUORmbPfEQTSOB6u+i59J9R+NFezH3ZUe4sLaq5mmOUtgBoFRph5O8nEtBb6EeAYG2ZPQX5Lv2gg8L7Bapdlo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479600; c=relaxed/simple; bh=FeLYIbIkz4YILs161qworv+9BnUXObjeWtlI0dmF8DQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=NXSPtf2sGjh3ETkhEgLc4w3mxW4Uh8dEp6QPi1tvOCppuJ1u0FEQRwIqOVBX8kD2z8VOTkPQ+3T08SptyIBiIT1xHJxLUQVZHh+sf1O+uajB2olf57688TZggZN10A/0fQmrDVvSSe4a59pZJUpmxVINy9lRNjYMSwNxXl0n5XQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=eWEiPklo; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="eWEiPklo" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1735479597; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aAApPEx/wtD0xZR72NMuqW3jhzv1pbBasWUws4OC64M=; b=eWEiPkloQwvvCmnITwXAXquAhjpSquDNztN8TCJyO3zLp41ntpopwIbvrKCsYnrRLlh+Dm bRh+4BVudqzpNoGsTnfcwn1gf/IR6vV4GPgygHiVkmdGTWOD9IGjc+cNN/I7gpf9m72gwC s4m2lBfx1gXa5y/YZq+luUWIctd3tJs= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-582-rFsb2oFTNYqKaNey8ZgO8g-1; Sun, 29 Dec 2024 08:39:56 -0500 X-MC-Unique: rFsb2oFTNYqKaNey8ZgO8g-1 X-Mimecast-MFC-AGG-ID: rFsb2oFTNYqKaNey8ZgO8g Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-aa6a831f93cso914410066b.1 for ; Sun, 29 Dec 2024 05:39:56 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735479595; x=1736084395; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=aAApPEx/wtD0xZR72NMuqW3jhzv1pbBasWUws4OC64M=; b=XyOmf/LMRHG1NGJCT2vsQUBYTp/hNLqBtZQw967qAw39xkGc/FQPhzmRhLUk0enkol OQe35j6p9A6nmDGNeSBhp/YXF72zqv6OAxzfOoTlMfsyhHZX9oaGlx34fm6/XUbwCIpg S1mbzUXBMVAy1ZaON93t8tPRdv6vDgd4kByoW0b6r+DsXBR46v3MCl3Ldv0QbqOZt9sG Lk2AlRJPJBnUJbPhwo4+ptLamztrhlB3VyTXCEVyHWVoxcvmct2WSH8sDZ8SsSDrKLLY HbHnSRMQcacldK08u6aUX5AqpaDPUJS6oHC1zANyjTte+AOma1Dqew3jy4h/jErNhxvr 7Zhg== X-Gm-Message-State: AOJu0YxcK4e5dQukwUVai66pgAbETz8nEbSNaU2PtDDcCVnQzv7J5YP0 FmuxyIA0+lzP3GnvzfaUrRdX97+TpDACiprwo5Up9FMZE+zXKmpv8O9jLJYoGbKCKLUIYG30Jd4 CHkvKZ95VdtLrqq1QnicjQ1UEnPRU8VDcde/8eE4fWhU3LdE7YJu/JBgSu7iEzp9zTCbZvKldYT 8BjbZVT+rDh7LOsBrvnNtj4cDeHHM1HRaw1kEhZMpS X-Gm-Gg: ASbGnctFbEiDJ7SGrfD6InFL0RidMwPKz3fc+q/LoZJF5Wu1wqbSMOepwO8uPBBdmed nBCt2tkJO0OXq5AayLcXroOSrPtAjzOeDgOzLBB5qAa8GMS6FY1fJTbCEiqrzybK95FVRx6qQNK EHzVOFVHec8c50VjpqnbR4vq7N6bRapUquURZFikUBDUCOodQnY3SMDWiJx9w+g/ZKhl1nJC6PN U+SH9NCOBLXW5rCSCPZpYE9IQoWjUrgcPlM7sx04+fCiuvQoh0cUkGQMqHejPCl0uHqHyBI77Su ehrbur8Cnwr4kyg= X-Received: by 2002:a17:906:dc8e:b0:aa6:9e0f:d985 with SMTP id a640c23a62f3a-aac2d470b87mr3240546666b.35.1735479594759; Sun, 29 Dec 2024 05:39:54 -0800 (PST) X-Google-Smtp-Source: AGHT+IHwh2KYCj4TZ9+xld3MiBRps8At9LDLG9PzeBHyaeHlj4svGiaGOgb8oZNWGKFX85Gzp6Ys5Q== X-Received: by 2002:a17:906:dc8e:b0:aa6:9e0f:d985 with SMTP id a640c23a62f3a-aac2d470b87mr3240543966b.35.1735479594351; Sun, 29 Dec 2024 05:39:54 -0800 (PST) Received: from thinky.redhat.com (ip-217-030-074-039.aim-net.cz. [217.30.74.39]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aac0f070a7bsm1355017766b.201.2024.12.29.05.39.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Dec 2024 05:39:52 -0800 (PST) From: Andrey Albershteyn X-Google-Original-From: Andrey Albershteyn To: linux-xfs@vger.kernel.org Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de Subject: [PATCH 04/24] fsverity: pass the new tree size and block size to ->begin_enable_verity Date: Sun, 29 Dec 2024 14:39:07 +0100 Message-ID: <20241229133927.1194609-5-aalbersh@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org> References: <20241229133350.1192387-1-aalbersh@kernel.org> <20241229133927.1194609-1-aalbersh@kernel.org> Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: "Darrick J. Wong" When starting up the process of enabling fsverity on a file, pass the new size of the merkle tree and the merkle tree block size to the fs implementation. XFS will want this information later to try to clean out a failed previous enablement attempt. Signed-off-by: Darrick J. Wong --- fs/btrfs/verity.c | 3 ++- fs/ext4/verity.c | 3 ++- fs/f2fs/verity.c | 3 ++- fs/verity/enable.c | 3 ++- include/linux/fsverity.h | 5 ++++- 5 files changed, 12 insertions(+), 5 deletions(-) diff --git a/fs/btrfs/verity.c b/fs/btrfs/verity.c index dc142c4b24dc..d7fa7274b4b0 100644 --- a/fs/btrfs/verity.c +++ b/fs/btrfs/verity.c @@ -578,7 +578,8 @@ static int finish_verity(struct btrfs_inode *inode, const void *desc, * * Returns 0 on success, negative error code on failure. */ -static int btrfs_begin_enable_verity(struct file *filp) +static int btrfs_begin_enable_verity(struct file *filp, u64 merkle_tree_size, + unsigned int tree_blocksize) { struct btrfs_inode *inode = BTRFS_I(file_inode(filp)); struct btrfs_root *root = inode->root; diff --git a/fs/ext4/verity.c b/fs/ext4/verity.c index 839ebf7d42ca..b95f31f7debb 100644 --- a/fs/ext4/verity.c +++ b/fs/ext4/verity.c @@ -99,7 +99,8 @@ static int pagecache_write(struct inode *inode, const void *buf, size_t count, return 0; } -static int ext4_begin_enable_verity(struct file *filp) +static int ext4_begin_enable_verity(struct file *filp, u64 merkle_tree_size, + unsigned int tree_blocksize) { struct inode *inode = file_inode(filp); const int credits = 2; /* superblock and inode for ext4_orphan_add() */ diff --git a/fs/f2fs/verity.c b/fs/f2fs/verity.c index ff9308ca04aa..cef3baa13b80 100644 --- a/fs/f2fs/verity.c +++ b/fs/f2fs/verity.c @@ -115,7 +115,8 @@ struct fsverity_descriptor_location { __le64 pos; }; -static int f2fs_begin_enable_verity(struct file *filp) +static int f2fs_begin_enable_verity(struct file *filp, u64 merkle_tree_size, + unsigned int tree_blocksize) { struct inode *inode = file_inode(filp); int err; diff --git a/fs/verity/enable.c b/fs/verity/enable.c index 9f743f916010..1d4a6de96014 100644 --- a/fs/verity/enable.c +++ b/fs/verity/enable.c @@ -237,7 +237,8 @@ static int enable_verity(struct file *filp, if (IS_VERITY(inode)) err = -EEXIST; else - err = vops->begin_enable_verity(filp); + err = vops->begin_enable_verity(filp, params.tree_size, + params.block_size); inode_unlock(inode); if (err) goto out; diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h index ac58b19f23d3..81b07909d783 100644 --- a/include/linux/fsverity.h +++ b/include/linux/fsverity.h @@ -33,6 +33,8 @@ struct fsverity_operations { * Begin enabling verity on the given file. * * @filp: a readonly file descriptor for the file + * @merkle_tree_size: total bytes the Merkle tree will take up + * @tree_blocksize: the Merkle tree block size * * The filesystem must do any needed filesystem-specific preparations * for enabling verity, e.g. evicting inline data. It also must return @@ -42,7 +44,8 @@ struct fsverity_operations { * * Return: 0 on success, -errno on failure */ - int (*begin_enable_verity)(struct file *filp); + int (*begin_enable_verity)(struct file *filp, u64 merkle_tree_size, + unsigned int tree_blocksize); /** * End enabling verity on the given file. From patchwork Sun Dec 29 13:39:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13922701 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 02A0F17BEBF for ; Sun, 29 Dec 2024 13:39:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479600; cv=none; b=OikYMHhwrRgUdt2WGKpR0jSmGD0n/BPGEEb7wEih5qWAP/VgbE6jzrG0WFYqH9P0gMlwPvhPDUs3JrxpeqlT9LZ2iDcUvfQgwjR/JlixgqZJsWvoK6kC3T73qpon/R8BysPwX0ZptAsjbweqsdMLbgCW4zv0ujejYu+qIhF/n9g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479600; c=relaxed/simple; bh=3BGJqaxkQ2MYyntK7M74rTstb9gVXjogrJidmy46oW8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=UwVCfEm1NmoRUprk2WnBI0uBM7kqErYkbqgca0VbyA7bH/YyYbtTlmn9whwMH7D69VyzDxeHDasL8nouXtjtE4rzk2qlw/8CI0IdmeLiAF+QA6uVk7hsCJQ8OY2lY/OysiHAEC1jgHjvT6Mss+mfBC03Qgc50ST1OKv8RUodyK4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=XH4rHE86; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="XH4rHE86" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1735479598; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2wcWYe+1pMOW3NXnOlpwusgwOeTruxUvp3Jmd5YbPhQ=; b=XH4rHE86dZMu5yl/nFuH1g1v+XmVi2/Ize2x47fXV1/TWYMWZHlWr7lVjKZ0CjGPAcbUuM rAf5I0b5D80F1PuXIMrj/VKsb/uqDLfAdKafFRYzO1iTKi+3Dn7g9sXgdQzsBg9BwqNf7D E8E6Zkf12eDAuYaymTCGR6+aMubX7nU= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-586-6oQFImulMESROmF0DdoCMg-1; Sun, 29 Dec 2024 08:39:57 -0500 X-MC-Unique: 6oQFImulMESROmF0DdoCMg-1 X-Mimecast-MFC-AGG-ID: 6oQFImulMESROmF0DdoCMg Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-aaf5cb29e46so12527366b.0 for ; Sun, 29 Dec 2024 05:39:56 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735479595; x=1736084395; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2wcWYe+1pMOW3NXnOlpwusgwOeTruxUvp3Jmd5YbPhQ=; b=kI9DIEacrLc6QrmF6N+YgHHYLG1AJ5j39MdLMApFfmbZjuE0j6DcjoyfmOdVlCjcS/ oKS32a+tfneCwfHb+hP6Ajkms36Hgc6vwYlBnrI4Go2mQJa9X8gJdHFlCsKY9tM9bKhv iPxnp3/YICCCVIzBMX3cQq3Rgx9un6WQSL3mzKlIjEbOqtMa2lpc3mMYNTR2LViQJ3SH F672uHDWUXSVFh97vS3zafkzYIKnUwfb/wvYnESXkfC2ZnFYWpD2c7EES507hFgRTjYs zr7EH6MYp6TwyePFlbynsxEGpgKQtbY4sBsQM96UWyTcoEWyqT5VPHQKcWE9RVVYS3eX yD3w== X-Gm-Message-State: AOJu0Yz8OGQuF2DRsYVrRgS1RHfg9O9S5dxz9pjZnsfJyQ06FJFNKg7r 3AjtB2wFcJhIhhTz3+TiU7N5LchfGZdRrjde7rg7uDsL+PyA0ZOoBDLWvvMHLfHLcVnZlLtZ1W5 zgHyTfSvZJaaeM9EQiSgM0Co/yfJ/RWoXDEpKHznnDCo8x7zP1vQTVBEQqsSiIuPOTB5ydWhqIJ TlUekK0vBNanPMRkoSayPd07UEDuSZabg0VYNS9Cj4 X-Gm-Gg: ASbGncum2xTTbHgehdf11+EtkbKZRqEpSWr2YNkC0HkCspAWK58fmwMBngCmOouqmo+ NKoBOr39Nt36PwkQhboDSgbzm9RQulRYZi4ndXdmgOxeLQdQLBm2amfiOPvMe1n8SP5cr/ZH1NM fkma3QbnLEqjnz/QiLKiM7LpaQH8ECnDQTlcfXOfrVIuh/xrQzcpe7GT2z+Q69UR0BFHbSba+aS Dx090pY2ABi4uTzrMEJi1+0L24XIlY1MMccGOi1oin8LJonkUaH8hTzW5ZJrPzi7G3ZDMjbHORD BREQ50jwdVD/2NM= X-Received: by 2002:a17:907:9621:b0:aab:f8e8:53b9 with SMTP id a640c23a62f3a-aac345f427dmr3132240066b.58.1735479595349; Sun, 29 Dec 2024 05:39:55 -0800 (PST) X-Google-Smtp-Source: AGHT+IH1JJdMo1zqRPonsX/aIw0+9RYxjEbwZRMAGolNHZsczthyIcdkgIs5SlkK+JMq/1nSyS6guw== X-Received: by 2002:a17:907:9621:b0:aab:f8e8:53b9 with SMTP id a640c23a62f3a-aac345f427dmr3132236066b.58.1735479594869; Sun, 29 Dec 2024 05:39:54 -0800 (PST) Received: from thinky.redhat.com (ip-217-030-074-039.aim-net.cz. [217.30.74.39]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aac0f070a7bsm1355017766b.201.2024.12.29.05.39.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Dec 2024 05:39:54 -0800 (PST) From: Andrey Albershteyn X-Google-Original-From: Andrey Albershteyn To: linux-xfs@vger.kernel.org Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de Subject: [PATCH 05/24] fsverity: expose merkle tree geometry to callers Date: Sun, 29 Dec 2024 14:39:08 +0100 Message-ID: <20241229133927.1194609-6-aalbersh@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org> References: <20241229133350.1192387-1-aalbersh@kernel.org> <20241229133927.1194609-1-aalbersh@kernel.org> Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: "Darrick J. Wong" Create a function that will return selected information about the geometry of the merkle tree. Online fsck for XFS will need this piece to perform basic checks of the merkle tree. Signed-off-by: Darrick J. Wong --- fs/verity/open.c | 37 +++++++++++++++++++++++++++++++++++++ include/linux/fsverity.h | 11 +++++++++++ 2 files changed, 48 insertions(+) diff --git a/fs/verity/open.c b/fs/verity/open.c index fdeb95eca3af..de1d0bd6e703 100644 --- a/fs/verity/open.c +++ b/fs/verity/open.c @@ -407,6 +407,43 @@ void __fsverity_cleanup_inode(struct inode *inode) } EXPORT_SYMBOL_GPL(__fsverity_cleanup_inode); +/** + * fsverity_merkle_tree_geometry() - return Merkle tree geometry + * @inode: the inode to query + * @block_size: will be set to the log2 of the size of a merkle tree block + * @block_size: will be set to the size of a merkle tree block, in bytes + * @tree_size: will be set to the size of the merkle tree, in bytes + * + * Callers are not required to have opened the file. + * + * Return: 0 for success, -ENODATA if verity is not enabled, or any of the + * error codes that can result from loading verity information while opening a + * file. + */ +int fsverity_merkle_tree_geometry(struct inode *inode, u8 *log_blocksize, + unsigned int *block_size, u64 *tree_size) +{ + struct fsverity_info *vi; + int error; + + if (!IS_VERITY(inode)) + return -ENODATA; + + error = ensure_verity_info(inode); + if (error) + return error; + + vi = inode->i_verity_info; + if (log_blocksize) + *log_blocksize = vi->tree_params.log_blocksize; + if (block_size) + *block_size = vi->tree_params.block_size; + if (tree_size) + *tree_size = vi->tree_params.tree_size; + return 0; +} +EXPORT_SYMBOL_GPL(fsverity_merkle_tree_geometry); + void __init fsverity_init_info_cache(void) { fsverity_info_cachep = KMEM_CACHE_USERCOPY( diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h index 81b07909d783..8627b11082b0 100644 --- a/include/linux/fsverity.h +++ b/include/linux/fsverity.h @@ -157,6 +157,9 @@ int __fsverity_file_open(struct inode *inode, struct file *filp); int __fsverity_prepare_setattr(struct dentry *dentry, struct iattr *attr); void __fsverity_cleanup_inode(struct inode *inode); +int fsverity_merkle_tree_geometry(struct inode *inode, u8 *log_blocksize, + unsigned int *block_size, u64 *tree_size); + /** * fsverity_cleanup_inode() - free the inode's verity info, if present * @inode: an inode being evicted @@ -229,6 +232,14 @@ static inline void fsverity_cleanup_inode(struct inode *inode) { } +static inline int fsverity_merkle_tree_geometry(struct inode *inode, + u8 *log_blocksize, + unsigned int *block_size, + u64 *tree_size) +{ + return -EOPNOTSUPP; +} + /* read_metadata.c */ static inline int fsverity_ioctl_read_metadata(struct file *filp, From patchwork Sun Dec 29 13:39:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13922702 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 97C66158520 for ; Sun, 29 Dec 2024 13:40:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479602; cv=none; b=V2qi5cqhcQKD+zCh18QhYp3BpFR6oArJYHKmSLOCcEE7kNlukQvKKrOnZtZTIndH9glijYU170rjF3pxE0vRK0Sgx3SiBISsCuIrxwXAez/+X+IzeahvRGHekmKRETIZEDrHgutfInO0QZlSum8AUMqbqtsSfvBtzt/SFCAe198= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479602; c=relaxed/simple; bh=0mNIQX8gch+qYA08sKOXBzWRU9EW8UlYCDoU1mhQ9lk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=PbVMSycH+enABbsywpunkSXKtwMN0qEBXvhpBvbHrKEdZTV6wKuk/eA79SBzDkLCv9UOWewwCvFTUGdOFYMUUM6UMbXrI4aQFf+i/yLAGZ/xVNNUNoMqObK2ql3xTge6zh5vXaZzZq9y8Gk8ROVU4shZceNrooyZAFB49LqxCSY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=MI0bSgQc; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="MI0bSgQc" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1735479599; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=NMvYZcQ/EIYbNsIgLOjJCZcJX1yFiaquR92t12jBkMo=; b=MI0bSgQcnuOYs45hCzlWFIWq1pgClhtluThf0C8CKnRa5LU6TAU8ezt9GvQr8P/7niPdc3 HboH6SdYOo1DlRLOokV0MkDE5PSwRadOrdUeKDRugcbeMVKDaWvUdMrOs7vmOnzo8Mumiq 64l8jjwsQpD1UIE6L+3F5OmE7+KAzSU= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-377-M9QLOi0hPF2wwzve6BbnMQ-1; Sun, 29 Dec 2024 08:39:58 -0500 X-MC-Unique: M9QLOi0hPF2wwzve6BbnMQ-1 X-Mimecast-MFC-AGG-ID: M9QLOi0hPF2wwzve6BbnMQ Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-aa67fcbb549so143090566b.0 for ; Sun, 29 Dec 2024 05:39:58 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735479597; x=1736084397; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NMvYZcQ/EIYbNsIgLOjJCZcJX1yFiaquR92t12jBkMo=; b=oUjNYp4EvIuCrR7NiR/mR2j9U1feKtDDV5vub+GWBrE8lrumWnc/MpCX+d7F4CPW0+ JnYUodz0XEC63QCiPfiVzmgtNCigKsKwIljSjSRIrFV7dEa4E/Ow76VgP2IFl5+w5vV3 X/fcCfXl3CnyWBjem6Ez0MGHDLWLDDWyk8+wWYkB/dXKDYhN4mvvRRuCicMX88MsBTwr W5C923zaAQ3hA+vJlTO934O/q9EjH7Rvaraomy3WSvsNmgt/cAQf5JWyhGvwdvImOtab QlBVv8SHGNZBkamlC4AFldKL2EZC/Ectb2ublTSmdUPvQO5pI+U1forufUZnpdVEjV30 Telg== X-Gm-Message-State: AOJu0YwjzTQ7TCXTks7pRq2YKSfnS45ricWcVB0XmRSVPo9OrYXGAJg3 HQGBgP4AghVoEdRBDfCpk5ejs0JG5jwzes+jw5d/3WgZetO2aSY7sqzLMZVOEMvmfzyQT6rvHRX TMZBMTKU/0MMtPD0cJAF7mfpYkvGAXo364efYBuYJZPIT11TANYI4GptedZecEbnIC7zZtbBqLK 9pE8/yfyPknY/tPKO72SVFtGvARPM5AAeetUG4mVv+ X-Gm-Gg: ASbGncubtQDsIXBfuGb074At0xXZlQqS8//J6HF6W6gaSRmEx/lmg2Z4iWx+GUcItCj SB8tYzSXxXg6WCLOYGs7tis8ea89PXOkMEzWMDKdOLkbBnWbLci4pUv8JNVHSQ/tjptSS73mxXO oXnQUCwmop5P/cqHtYKC+AzGGWDIvTaT51Kvou1DqI25ANWwHZHxXVxoVcj6UhioLg9JfupxVjf +qjKve3EBRFZDnuiEosWpGjNGu0mWvIqRaTL+e4DigPkVVUNhqIA85Z69E4DyFIjljIr5zSJhKO EBZbOvWMTn42g5o= X-Received: by 2002:a17:907:7fa9:b0:aab:d8de:217e with SMTP id a640c23a62f3a-aac2c005b7amr2682807866b.26.1735479596841; Sun, 29 Dec 2024 05:39:56 -0800 (PST) X-Google-Smtp-Source: AGHT+IHmz2YbaosdBF8itUyBBy05yAOn9Tmm0RoJJZOChFreWOe29O+s05Ttm1LbXoFO4H0vwN5nqQ== X-Received: by 2002:a17:907:7fa9:b0:aab:d8de:217e with SMTP id a640c23a62f3a-aac2c005b7amr2682805866b.26.1735479596366; Sun, 29 Dec 2024 05:39:56 -0800 (PST) Received: from thinky.redhat.com (ip-217-030-074-039.aim-net.cz. [217.30.74.39]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aac0f070a7bsm1355017766b.201.2024.12.29.05.39.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Dec 2024 05:39:55 -0800 (PST) From: Andrey Albershteyn X-Google-Original-From: Andrey Albershteyn To: linux-xfs@vger.kernel.org Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de Subject: [PATCH 06/24] fsverity: report validation errors back to the filesystem Date: Sun, 29 Dec 2024 14:39:09 +0100 Message-ID: <20241229133927.1194609-7-aalbersh@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org> References: <20241229133350.1192387-1-aalbersh@kernel.org> <20241229133927.1194609-1-aalbersh@kernel.org> Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: "Darrick J. Wong" Provide a new function call so that validation errors can be reported back to the filesystem. Signed-off-by: Darrick J. Wong --- fs/verity/verify.c | 4 ++++ include/linux/fsverity.h | 14 ++++++++++++++ include/trace/events/fsverity.h | 19 +++++++++++++++++++ 3 files changed, 37 insertions(+) diff --git a/fs/verity/verify.c b/fs/verity/verify.c index 25fb795655e9..587f3a4eb34e 100644 --- a/fs/verity/verify.c +++ b/fs/verity/verify.c @@ -242,6 +242,10 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, data_pos, level - 1, params->hash_alg->name, hsize, want_hash, params->hash_alg->name, hsize, real_hash); + trace_fsverity_file_corrupt(inode, data_pos, params->block_size); + if (inode->i_sb->s_vop->file_corrupt) + inode->i_sb->s_vop->file_corrupt(inode, data_pos, + params->block_size); error: for (; level > 0; level--) { kunmap_local(hblocks[level - 1].addr); diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h index 8627b11082b0..9b79aaaa6626 100644 --- a/include/linux/fsverity.h +++ b/include/linux/fsverity.h @@ -125,6 +125,20 @@ struct fsverity_operations { */ int (*write_merkle_tree_block)(struct inode *inode, const void *buf, u64 pos, unsigned int size); + + /** + * Notify the filesystem that file data is corrupt. + * + * @inode: the inode being validated + * @pos: the file position of the invalid data + * @len: the length of the invalid data + * + * This function is called when fs-verity detects that a portion of a + * file's data is inconsistent with the Merkle tree, or a Merkle tree + * block needed to validate the data is inconsistent with the level + * above it. + */ + void (*file_corrupt)(struct inode *inode, loff_t pos, size_t len); }; #ifdef CONFIG_FS_VERITY diff --git a/include/trace/events/fsverity.h b/include/trace/events/fsverity.h index dab220884b89..375fdddac6a9 100644 --- a/include/trace/events/fsverity.h +++ b/include/trace/events/fsverity.h @@ -137,6 +137,25 @@ TRACE_EVENT(fsverity_verify_merkle_block, __entry->hidx) ); +TRACE_EVENT(fsverity_file_corrupt, + TP_PROTO(const struct inode *inode, loff_t pos, size_t len), + TP_ARGS(inode, pos, len), + TP_STRUCT__entry( + __field(ino_t, ino) + __field(loff_t, pos) + __field(size_t, len) + ), + TP_fast_assign( + __entry->ino = inode->i_ino; + __entry->pos = pos; + __entry->len = len; + ), + TP_printk("ino %lu pos %llu len %zu", + (unsigned long) __entry->ino, + __entry->pos, + __entry->len) +); + #endif /* _TRACE_FSVERITY_H */ /* This part must be outside protection */ From patchwork Sun Dec 29 13:39:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13922703 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2FEE315B54A for ; Sun, 29 Dec 2024 13:40:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479602; cv=none; b=jibGfv+CAlcGhkYpCsS6UQKNJysEZ5TYSMKs6EnuT3iPL7kmgkE3c30RqwmXK+IQ9apGGfHMpZU0CdoqnWMK3Uundmbd2uKlGM+n4kM/0LGG0mcUtx6Tw4oMspdNomziBNrGBhQ56/T1Se34NNRMoLalcJHUjp9a/tJ5NoA5VUI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479602; c=relaxed/simple; bh=h4thaH+k6JXo+/ZgSxveN7DUXvlOmoN53VohtIjiy7M=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=mJ1xAAaiGr40Kp6tMYE+vruyPP9xF0KDyTwFssVehGN+QkuA5O11oyCJ9V+cWGYc9peDSBIxeFUIUhqEebbN5Ut4EZWcOOIB6CIJUbxnjzRfNiaCiuApXeq4luByR5g4+qN9Lj437mZ7w8nJuOV/e9cwLa5po87ePSV98iEyVdk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=IxaVj5PH; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="IxaVj5PH" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1735479600; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MWSZyb8SBRy90m1wEqbld08O/xzWXycggg1gdAQ8WZE=; b=IxaVj5PHUBCp/bJNOOnPI69BxHtAlguOR+AIUtfkkhBIQ+xzqlt9u0lrEA47TSZPp319b5 Fix7zwKJM01bHPOvqmYzZPxbqOEulVeMTNagIRZcW56pM7Xx35w1k0v3rbZJg5qPbyF/OD BUzD8V4KhOZLYapRQ2d34eKf3hE2ons= Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-636-68nsGADVNKa0COjrKLsYvg-1; Sun, 29 Dec 2024 08:39:59 -0500 X-MC-Unique: 68nsGADVNKa0COjrKLsYvg-1 X-Mimecast-MFC-AGG-ID: 68nsGADVNKa0COjrKLsYvg Received: by mail-ed1-f70.google.com with SMTP id 4fb4d7f45d1cf-5d3f01eeef8so7495786a12.0 for ; Sun, 29 Dec 2024 05:39:58 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735479597; x=1736084397; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MWSZyb8SBRy90m1wEqbld08O/xzWXycggg1gdAQ8WZE=; b=UurCsilH2+SLhJtpBQojBe3h0T22635ptHp7NYaFp06GqTkA0gtMMVbz1Jbop0xdzy hdus2xKtoJCJZdtvvsn1xLh1TNtAmP8o7syFnDLsodsKPiGbAsK+Lur2e+mdGBRX0Wrq glLqwaLoBj20yk6gf7Kj+J6i3E+xjYXkqOzOgWaYho4Bg6prPE7REKj/CRSiw+qNdB3t 5n42Hs/GQiz5OfvAAftX/gK4PwVZ4wRYT2vz2UTLbDWILZWxP458dTnmqfq1idHq1czu RM+sabbL+SI9xr7DgGgsF+Aiqq+qetQeqhViYjiexkX9Ry4aJloDmsbnIJy58qqGE0oa 6UKg== X-Gm-Message-State: AOJu0YwgYlRrgyJFSNWzDzGUIuuZdUhYUrEI7i8fuON8X7bpD+a2aqHS 3MHOIbyEVl/5Oi3HWMz/ePrJCcLJFZ7phPhQjeQePbcIyVZLuTbzQbafOGCRGlDcweMp3BSMmKZ Kjwqhy65/4B8eEtjfN03DaDnsyGzf61dA2wQZohbRENGIYh1EGnT0WB9KtqBdHmQg8Ivp6j+VKk F6EnEujctfmbn5Tyliw6Dw8qggs+KXcF4j0L8szVFN X-Gm-Gg: ASbGncvKPvC5/Y/tEp6p/i4Kk/kn5pg+B48fzQio0+kT87Hy6tx3uL1oAkN8yQ/DEuy EyOHvsdf6Kn6KrCZpYr6AD0XTNK+DAv8NiNShhXNGsCNzR153RZLK3g/DhL3bA1jJ5LAm3Vl+Kl cCxPAX0bMmlYQW3FqtEKUcNoXoaHjrl5M91fv/5Q9ZtrDvQj7qgxRDSrGug2Td3wjUMBoceZrZH IJcFjgordYnZKnwtlH2imUHFMYVJaV6PWmnkeI5naHUxtxvAEEouhDexfwSNklB4oe91dpjmAk3 5gXiyrGr2NmxDRs= X-Received: by 2002:a50:cc48:0:b0:5d3:cf89:bd3e with SMTP id 4fb4d7f45d1cf-5d81de1c92cmr61739905a12.30.1735479597389; Sun, 29 Dec 2024 05:39:57 -0800 (PST) X-Google-Smtp-Source: AGHT+IHHWl1XsEsS+k9rOlJgYZQGRexZKirN1Je8S19ny16JWOJGdelwSKeW1CZj2FtIZ80Wa5o29Q== X-Received: by 2002:a50:cc48:0:b0:5d3:cf89:bd3e with SMTP id 4fb4d7f45d1cf-5d81de1c92cmr61739840a12.30.1735479596981; Sun, 29 Dec 2024 05:39:56 -0800 (PST) Received: from thinky.redhat.com (ip-217-030-074-039.aim-net.cz. [217.30.74.39]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aac0f070a7bsm1355017766b.201.2024.12.29.05.39.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Dec 2024 05:39:56 -0800 (PST) From: Andrey Albershteyn X-Google-Original-From: Andrey Albershteyn To: linux-xfs@vger.kernel.org Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de, Andrey Albershteyn Subject: [PATCH 07/24] fsverity: flush pagecache before enabling verity Date: Sun, 29 Dec 2024 14:39:10 +0100 Message-ID: <20241229133927.1194609-8-aalbersh@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org> References: <20241229133350.1192387-1-aalbersh@kernel.org> <20241229133927.1194609-1-aalbersh@kernel.org> Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Andrey Albershteyn XFS uses iomap interface to write Merkle tree. The writeback distinguish between data and Merkle tree pages via XFS_VERITY_CONSTRUCTION flag set on inode. Data pages could get in a way in writeback path when the file is read-only and Merkle tree construction already started. Flush the page cache before enabling fsverity. Signed-off-by: Andrey Albershteyn --- fs/verity/enable.c | 5 +++++ fs/verity/verify.c | 1 + 2 files changed, 6 insertions(+) diff --git a/fs/verity/enable.c b/fs/verity/enable.c index 1d4a6de96014..af4fcbb6363d 100644 --- a/fs/verity/enable.c +++ b/fs/verity/enable.c @@ -11,6 +11,7 @@ #include #include #include +#include struct block_buffer { u32 filled; @@ -374,6 +375,10 @@ int fsverity_ioctl_enable(struct file *filp, const void __user *uarg) if (!S_ISREG(inode->i_mode)) return -EINVAL; + err = filemap_write_and_wait(inode->i_mapping); + if (err) + return err; + err = mnt_want_write_file(filp); if (err) /* -EROFS */ return err; diff --git a/fs/verity/verify.c b/fs/verity/verify.c index 587f3a4eb34e..940f59bf3f53 100644 --- a/fs/verity/verify.c +++ b/fs/verity/verify.c @@ -9,6 +9,7 @@ #include #include +#include static struct workqueue_struct *fsverity_read_workqueue; From patchwork Sun Dec 29 13:39:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13922704 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 25C921531C8 for ; Sun, 29 Dec 2024 13:40:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479603; cv=none; b=COK8h0I26DQM+XVpyWNxIKbCY/9VpA4i05P1Tvpg/Em21ZwvV12gyT1QquGAKG2m+XFNJDu9DZ8o+980t1LfwqrTOohsPZEqm7N7au5xK/7DWBHKaMMu0lHaYfS+pdibExSpmqf4JVkhDp6S09+UVaZ0wFvqinye8CYVR9Ro9gQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479603; c=relaxed/simple; bh=XNinaXSPJmgYTh8AdPTPO7bMbduUBu+jJX7rkFAtKU8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=kuq1Lcu9fcWFjgowMJst91nEo7JYWUJT/IHFKzWo00JT85zRmQqXzSvHZ2SQjBWcwxo0DejSxeI9zS/j4og1klv6KV4GaAhUcA7/O9d0dAndiEjflJqJAW7iPVHdmybncHegUM91HplMC1O6br2Fp7nFmXpicGSpmg6AZ6rYY/U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=fWPpw8AY; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="fWPpw8AY" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1735479601; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=DUyQ46j7i3FCz045BQwP8r/HtNpQ0SxbbrN/t47Mnls=; b=fWPpw8AY4c47W977pRc09TLeK+OEJVnAxK9AnppUAWWugzvpf96TA3A5WM1id59+6srLyK zT8laLt2BHa2ckNvwWbRhdSqPu+MxTh5SreJRShsD8fOi1gdvWo8W89gI8W77JTf2pvo+s L2mi8jo/4XragUKI8dBeJyzEZDcf04Y= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-499-zp0oWYEEOACSidp1d8zs6Q-1; Sun, 29 Dec 2024 08:39:59 -0500 X-MC-Unique: zp0oWYEEOACSidp1d8zs6Q-1 X-Mimecast-MFC-AGG-ID: zp0oWYEEOACSidp1d8zs6Q Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-aa67fcbb549so143091166b.0 for ; Sun, 29 Dec 2024 05:39:59 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735479598; x=1736084398; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DUyQ46j7i3FCz045BQwP8r/HtNpQ0SxbbrN/t47Mnls=; b=qSHsbJdHTOYVRFBfekKxTnRwVgtCV2vmC8phoDDiFg04l8rHMe/YWhJvQKMTExNSaa iQvk6VnmwRUyBCYluGyJ18UusVFRsOngQsCIz5AHEVscFkOl/g9VLnCxuGzi8M7ReVvb 7m+9BGP0iWgANBPoXjtP8iOsYqyu1MZ6njKirTCbv9QpOmQHqGDeVtxIFx/DuSUopRe4 ONFqequfaIfgF8g3mwI88/2OYNCnD+y+3yUHWTZfaoG213Q4mqZoHW4yz8pR7q/aeGmo ZyCPyi4k/0kDC5ziBUAEn7+MV7H6GqOOih7SRCCfDEVF6CJdpOlVDH/gzXXMXitgzy72 HMnA== X-Gm-Message-State: AOJu0YxhHKVSGH3AJDp6bB/9P0SFA0ed8E+kboJqPf0AnWvrkk8L/lO7 OCwPv5NfsuskivKEb/29ahN0f8t0mUwrG6JMzrlYkjUWuDDCcsnsaFu54CLeuIXTVQPYl8gcq1K 8T+Oc4/20PrM6n6opz9vbRG3IL3uP1qekCf3sj0+SH6JEAzmhN1phA3z7Ry/VxqL97oAmCSBjaY QEUAp/S3nvQaLLYlhyoT/4av03EuhNHlMxovi7o4GH X-Gm-Gg: ASbGncvKms3bfow74G4+GN5j59u4d57M2CEnZltJFoDrC44F4PwwAJTCaWVn8sG9rzX oOf8dpZusdGtcUcfvoHGRZS5fw0vqegF266ocEGP25LrJU2LQGtMRmX0I+H5IsgO0yp6aHiccw0 YwDZ/V83Drz5nv9a+iiBNn6n2I193JAaM1Zh8NUgrqMQGyo6qK0Z9gWEDa9XeizRV0cF827UJFY CeU+3Cc9WvVKWhDHtJe5/TwsbvHmGJRvrYtMGoDkozA9GegCs3fUR4uGmSDBeIg5x/3JgDB/5ZQ k+1TF4pOOsAKZmc= X-Received: by 2002:a17:907:971e:b0:aa6:b63a:4521 with SMTP id a640c23a62f3a-aac2ad87883mr2724412466b.15.1735479598223; Sun, 29 Dec 2024 05:39:58 -0800 (PST) X-Google-Smtp-Source: AGHT+IHhe4W+8MgIFqP7mP+EhFQ3NVA3G9sIteQmQT2SstQkWQK2JFRqG7oQE5wgHUnHyLnHQ3Jehg== X-Received: by 2002:a17:907:971e:b0:aa6:b63a:4521 with SMTP id a640c23a62f3a-aac2ad87883mr2724410266b.15.1735479597829; Sun, 29 Dec 2024 05:39:57 -0800 (PST) Received: from thinky.redhat.com (ip-217-030-074-039.aim-net.cz. [217.30.74.39]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aac0f070a7bsm1355017766b.201.2024.12.29.05.39.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Dec 2024 05:39:57 -0800 (PST) From: Andrey Albershteyn X-Google-Original-From: Andrey Albershteyn To: linux-xfs@vger.kernel.org Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de, Andrey Albershteyn Subject: [PATCH 08/24] iomap: integrate fs-verity verification into iomap's read path Date: Sun, 29 Dec 2024 14:39:11 +0100 Message-ID: <20241229133927.1194609-9-aalbersh@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org> References: <20241229133350.1192387-1-aalbersh@kernel.org> <20241229133927.1194609-1-aalbersh@kernel.org> Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Andrey Albershteyn This patch adds fs-verity verification into iomap's read path. After BIO's io operation is complete the data are verified against fs-verity's Merkle tree. Verification work is done in a separate workqueue. The read path ioend iomap_read_ioend are stored side by side with BIOs if FS_VERITY is enabled. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong [djwong: fix doc warning] Signed-off-by: Darrick J. Wong --- fs/iomap/buffered-io.c | 30 ++++++++++++++++++++++++++++-- include/linux/iomap.h | 5 +++++ 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/fs/iomap/buffered-io.c b/fs/iomap/buffered-io.c index d6231f4f78d9..59c0ff6fb6b7 100644 --- a/fs/iomap/buffered-io.c +++ b/fs/iomap/buffered-io.c @@ -6,6 +6,7 @@ #include #include #include +#include #include #include #include @@ -23,6 +24,8 @@ #define IOEND_BATCH_SIZE 4096 +#define IOMAP_POOL_SIZE (4 * (PAGE_SIZE / SECTOR_SIZE)) + /* * Structure allocated for each folio to track per-block uptodate, dirty state * and I/O completions. @@ -362,6 +365,19 @@ static inline bool iomap_block_needs_zeroing(const struct iomap_iter *iter, !(srcmap->flags & IOMAP_F_BEYOND_EOF)); } +#ifdef CONFIG_FS_VERITY +void +iomap_read_fsverity_end_io_work(struct work_struct *work) +{ + struct iomap_read_ioend *fbio = + container_of(work, struct iomap_read_ioend, io_work); + + fsverity_verify_bio(&fbio->io_bio); + iomap_read_end_io(&fbio->io_bio); +} + +#endif /* CONFIG_FS_VERITY */ + static loff_t iomap_readpage_iter(const struct iomap_iter *iter, struct iomap_readpage_ctx *ctx, loff_t offset) { @@ -376,6 +392,10 @@ static loff_t iomap_readpage_iter(const struct iomap_iter *iter, struct iomap_read_ioend *ioend; const struct iomap *srcmap = iomap_iter_srcmap(iter); + /* Fail reads from broken fsverity files immediately. */ + if (IS_VERITY(iter->inode) && !fsverity_active(iter->inode)) + return -EIO; + if (iomap->type == IOMAP_INLINE) return iomap_read_inline_data(iter, folio); @@ -387,6 +407,12 @@ static loff_t iomap_readpage_iter(const struct iomap_iter *iter, if (iomap_block_needs_zeroing(iter, pos)) { folio_zero_range(folio, poff, plen); + if (!(srcmap->flags & IOMAP_F_BEYOND_EOF) && + fsverity_active(iter->inode) && + !fsverity_verify_blocks(folio, plen, poff)) { + return -EIO; + } + iomap_set_range_uptodate(folio, poff, plen); goto done; } @@ -2176,13 +2202,13 @@ static int __init iomap_buffered_init(void) int error = 0; error = bioset_init(&iomap_read_ioend_bioset, - 4 * (PAGE_SIZE / SECTOR_SIZE), + IOMAP_POOL_SIZE, offsetof(struct iomap_read_ioend, io_bio), BIOSET_NEED_BVECS); if (error) return error; - return bioset_init(&iomap_ioend_bioset, 4 * (PAGE_SIZE / SECTOR_SIZE), + return bioset_init(&iomap_ioend_bioset, IOMAP_POOL_SIZE, offsetof(struct iomap_ioend, io_bio), BIOSET_NEED_BVECS); } diff --git a/include/linux/iomap.h b/include/linux/iomap.h index 261772431fae..e4704b337ac1 100644 --- a/include/linux/iomap.h +++ b/include/linux/iomap.h @@ -326,6 +326,11 @@ struct iomap_readpage_ctx { }; void iomap_read_end_io(struct bio *bio); +#ifdef CONFIG_FS_VERITY +void iomap_read_fsverity_end_io_work(struct work_struct *work); +#else +#define iomap_read_fsverity_end_io_work (0) +#endif /* CONFIG_FS_VERITY */ ssize_t iomap_file_buffered_write(struct kiocb *iocb, struct iov_iter *from, const struct iomap_ops *ops, void *private); int iomap_read_folio_ctx(struct iomap_readpage_ctx *ctx, From patchwork Sun Dec 29 13:39:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13922705 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5B1BB157E99 for ; Sun, 29 Dec 2024 13:40:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479604; cv=none; b=fD/jeqCgC1V5J89vSQS9+p6MLcnqYt4k6O4g9moaux+oAIiySu05N6+ZcOAfaLlJE6Lx1/dQ/Qfg5ErWQtmbcabM2Q4YG+e/azGPTyjFInAjmMrGAs/3l9jETzxCxxTaXk5hlkYfq+fo7ZiZnJlrjEeFz3jp4AtnRvJZxj0WXtI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479604; c=relaxed/simple; bh=mL6BYOb9iVJUkzRLLHSVvoCKeUjA4pvkrdDQ5LOTecQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=jDRDaguQD95rOyGGTO3Zk+Q5LR6/WqG3Cvrm0mxOQKqUn9QFSi/aaOxeIeN2lXnV4NluMHcLuFNekdxqNyM8RhI/aYIVMwU4OFhreRto6pQbk2iT6snXsBG89zKFbvR7ArRI62gaJxi2+4Tp1zXA6kNhRZi1hqxbQU7Vlbb7UUE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=YdvfNroZ; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="YdvfNroZ" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1735479602; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fbfZtBhFstrJOsIWM9Coj0Xnd2Pgk7XzR+tJsEUgMS8=; b=YdvfNroZKT42/jMeorVHS7v4TE38Bq77mCgZ7BRk3dYfFeGp/9cQOpLgC4ysUhqq1wq8GU qUnXUlQShaY4b12L61os0KCmFTHRb29ammtFULtSEQQ/K7ZpUKWAmnsjq5GgEkAi06TnpN KRVpZ6PHiux5PCGu5Fm3npxqTBBcrYU= Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com [209.85.208.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-298-heJOcLq9OE-Zqqyh__x7Yw-1; Sun, 29 Dec 2024 08:40:01 -0500 X-MC-Unique: heJOcLq9OE-Zqqyh__x7Yw-1 X-Mimecast-MFC-AGG-ID: heJOcLq9OE-Zqqyh__x7Yw Received: by mail-ed1-f72.google.com with SMTP id 4fb4d7f45d1cf-5d3cef3ed56so6378833a12.1 for ; Sun, 29 Dec 2024 05:40:01 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735479599; x=1736084399; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fbfZtBhFstrJOsIWM9Coj0Xnd2Pgk7XzR+tJsEUgMS8=; b=qrpUbQaCZ8eoWFjf0q15/MBB3y9AR/Tw9rHdyqhV+Q29sWlAmOp3jUnb/FgW5jYX4c D/ol3KF1MWUna9nKk9pkGy1IqLy3DeOv3y1DeQ4oyWSffthfp3dKH5Ojc66opIUWQ71B o2bXy1D8zoF3USsD7oYoKGuDUAInmRvCzuh4mWxYvMEX4L+pASJnkg8/2DuvmthOAMIw dQFrO7c5FneKRdXgsGSW1YdLRmZ7V82+pGa4x/I84tLbMj4gIIPc/8wYFVynpGgvTHzi UnDTnpULbAsSEtDapJWOa+95plDGAGju1QyI3SJ3OR9449BliqsnY3fy1k8yxTYWDMCh F+xw== X-Gm-Message-State: AOJu0YxdN8l91k1662HoVnxj+foc67uE8ATPiJiecJH3xy0Bf5Wp9K/a mNVeZYprJlzfbwKSdHmAaKxGR8xHhfDyqYZibbFKIJcfknt2KVtgHdJhpAAToWX/nF1aSNhqWrj kcmVkC/nEcRd6oKXGsnxgr8sCi1r+fRivawwbKW92Tn7/C8yH0n+Gdq7dahJMmZjuvAWpDYGTp/ CXOmVwKAXOMH5TYP5E/3D5i/PU1B3w3vMs/xrSyan5 X-Gm-Gg: ASbGnct0ilr2ukhbHKC7xBDSLgw/jleQL5LjCC2GeU/wWET9tGLeFnKTe42xIHHwhRh 9jZ5+aShwJ4QYvH7Dt0S1TiHv1SpP9ZUkG+Ib7Rk7kGLO09cF43U4e2esvgdXEOkpHVLzrHyk1B LxKzJ2+XXSXNc3kGku5bUcBYkB72xXpX1J7Ek9vWomJsbJstdbVGGisfgybagL6GEug9RqKZQ5f ZqeaL8VQCwZz+5rRFyetpzJwxtDfFxYAkCwfILBlcvJ7e/Dm/7JzzBsbTYtvSD3yTHiG1wrcXKU Y4kaAX3zQ7aIhgQ= X-Received: by 2002:a05:6402:210a:b0:5d0:81af:4a43 with SMTP id 4fb4d7f45d1cf-5d81dc797b5mr26119239a12.0.1735479598742; Sun, 29 Dec 2024 05:39:58 -0800 (PST) X-Google-Smtp-Source: AGHT+IFAd2c3Tuf/USZ3PhNWqa5OfWKOEIf3A/R+h++d/6gJ9DEQPd+56BVel1TgJzir5EEkPBmdHQ== X-Received: by 2002:a05:6402:210a:b0:5d0:81af:4a43 with SMTP id 4fb4d7f45d1cf-5d81dc797b5mr26119214a12.0.1735479598427; Sun, 29 Dec 2024 05:39:58 -0800 (PST) Received: from thinky.redhat.com (ip-217-030-074-039.aim-net.cz. [217.30.74.39]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aac0f070a7bsm1355017766b.201.2024.12.29.05.39.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Dec 2024 05:39:58 -0800 (PST) From: Andrey Albershteyn X-Google-Original-From: Andrey Albershteyn To: linux-xfs@vger.kernel.org Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de Subject: [PATCH 09/24] xfs: use an empty transaction to protect xfs_attr_get from deadlocks Date: Sun, 29 Dec 2024 14:39:12 +0100 Message-ID: <20241229133927.1194609-10-aalbersh@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org> References: <20241229133350.1192387-1-aalbersh@kernel.org> <20241229133927.1194609-1-aalbersh@kernel.org> Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: "Darrick J. Wong" Wrap the xfs_attr_get_ilocked call in xfs_attr_get with an empty transaction so that we cannot livelock the kernel if someone injects a loop into the attr structure or the attr fork bmbt. Signed-off-by: Darrick J. Wong --- fs/xfs/libxfs/xfs_attr.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c index e452ca55241f..3f3699e9c203 100644 --- a/fs/xfs/libxfs/xfs_attr.c +++ b/fs/xfs/libxfs/xfs_attr.c @@ -274,6 +274,8 @@ xfs_attr_get( XFS_STATS_INC(args->dp->i_mount, xs_attr_get); + ASSERT(!args->trans); + if (xfs_is_shutdown(args->dp->i_mount)) return -EIO; @@ -286,8 +288,14 @@ xfs_attr_get( /* Entirely possible to look up a name which doesn't exist */ args->op_flags = XFS_DA_OP_OKNOENT; + error = xfs_trans_alloc_empty(args->dp->i_mount, &args->trans); + if (error) + return error; + lock_mode = xfs_ilock_attr_map_shared(args->dp); error = xfs_attr_get_ilocked(args); + xfs_trans_cancel(args->trans); + args->trans = NULL; xfs_iunlock(args->dp, lock_mode); return error; From patchwork Sun Dec 29 13:39:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13922706 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E623415820C for ; Sun, 29 Dec 2024 13:40:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479606; cv=none; b=KX5dz6T5QJ/SrUpHtEbphPV0X+kNplOE23vo0Pg4O6EcjYD3/JsHOhYLKGhFk1MAGy4/CsxKZ8VaSSnPOxqVv2PQttLwo0/n4rPX3q3Y1kSdcHuN1IMKwrQ+a7ntyzxhtcM6bsfzoJ7iIo+aZ/fGKd9fefynHTroXTN+gdHLwzI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479606; c=relaxed/simple; bh=SX7S02qPBMQobYOitruwdNBmCawcJJlvEKSGyl7lh5s=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=etiuCu+fAPBjUaFWMpRC86wDrHbaOqDmB81ndcf/VVkpLCsqKHpY9OVwamYYahswL9q6OgmPqeMhOALdLb4oCKThXRLBEoVLrIb9/7JK2+j+yj1Qc7h9tahqCjb/CZyX5G9n/+0xSbUHxvm+62qIvQ3u4XvVGZiUIzYJwHK5XVY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=DBe+Dqs0; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="DBe+Dqs0" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1735479604; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=f8MOnnCVLq3zKR7sisANDSKCrP8PowsY4sVfHwdkRZk=; b=DBe+Dqs0OuyDzgwOz7m1SPrE3Hr6Tg/PGDjg6zC84vVrH96gzDocPY3mJ2cG7WDfq8XOwz QRWg5JSKD4s6TWC26c85KLv9IJiWgiUG7LRojl/dI0i6oacB5NvRFExYmhYc+Za/9nK3lT WcF8A12IDX0oO/MPCbXL/0IxKtidFmc= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-283-AyubXBbZNt-VN4wzFY5TXw-1; Sun, 29 Dec 2024 08:40:02 -0500 X-MC-Unique: AyubXBbZNt-VN4wzFY5TXw-1 X-Mimecast-MFC-AGG-ID: AyubXBbZNt-VN4wzFY5TXw Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-aa6869e15ebso131640366b.1 for ; Sun, 29 Dec 2024 05:40:02 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735479601; x=1736084401; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=f8MOnnCVLq3zKR7sisANDSKCrP8PowsY4sVfHwdkRZk=; b=cc32H80Q1BQ8Uu/fCvbwHl5oOHA9BvomG9fagkPYmOjZuta041CRsanxaR22MeF3pF 7M57PoxTiugf8p7xAsDXd9bhGdfJat/R0gygrg6mZd3bkFgZhmhlOT3Mne3us05n1Zfd /yoet/VvpFDUYoQ8/w9rAwDrQpFabkVjadsfaVTe0GloxZVbUU9EIt165BblfErFnLMI Hk2lA3M37V9MOo5/pTvXV6Z982+SjYQqH3yD7lsqTEq4raRIiJpYlxUQZnXiGGQ8VZCm oxpw6fdOy0/iHmNXFjfzIIiPnp2SjmpAoqJxxTvmen4CP2VRZXUQAmURUEXRbuhQ8KLy TFCQ== X-Gm-Message-State: AOJu0YxSRgr4FPTFl7zw7gAKAIQLaoK4Or34yATXlJ+ktKjZWLiRd2Uk A9KOwLp+ysfgUVTO55hxLmAb95greLdr8FjT/pQiZHPklAb1PpSGAY5l6AMRQDCsG//3CmpsWju yyrb7iCLRn6Qb25owYp7h4uCfG02wxJvBLXFACe3GFeLhcNIFHME8tLHVRH/FWS8IAvgDoTmZ06 xxinG3vf66JC5dVHRs+4UItg4y5LxEIRWi1Kp1+URI X-Gm-Gg: ASbGnctMeBJJWW0PnhQyVvJOkgaV0VjnrBHHnldNNVjO9ov9t5Zu8mHuncPrYG4QFFv OnXZL0xKDZEt2tZqrs3LFKzPUrMUZMytheGOM0PQG/v8zpzLE/PmuPZkW8xb+1N/z7xv3d/E+ac 7QIGyGghtj1P5R1lK2x3jCi9kqoHJzTmSujoCw0spVJ3YtuFFPfBaD7K0Fc1TLeP9xZWJlq6RQP eTjRIHxyor6TdUBE3OiOJRoasqUkGiigt8PKYpN1ZnkIJbnnbxAjSx5mc41PN4M9nbqET/tlx5D XaugfBUT5ZKVuZk= X-Received: by 2002:a17:906:478b:b0:aa6:950c:ae1a with SMTP id a640c23a62f3a-aac349cbbb7mr2849132566b.30.1735479601073; Sun, 29 Dec 2024 05:40:01 -0800 (PST) X-Google-Smtp-Source: AGHT+IGW/CzGG+m2uGEjhDWG5TWb/R9IaPMNPDTOXzmJG68jutOXSUa/mBqfarwNWEMgq/CbYXTEJA== X-Received: by 2002:a17:906:478b:b0:aa6:950c:ae1a with SMTP id a640c23a62f3a-aac349cbbb7mr2849128666b.30.1735479600560; Sun, 29 Dec 2024 05:40:00 -0800 (PST) Received: from thinky.redhat.com (ip-217-030-074-039.aim-net.cz. [217.30.74.39]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aac0f070a7bsm1355017766b.201.2024.12.29.05.39.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Dec 2024 05:39:58 -0800 (PST) From: Andrey Albershteyn X-Google-Original-From: Andrey Albershteyn To: linux-xfs@vger.kernel.org Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de Subject: [PATCH 10/24] xfs: don't let xfs_bmap_first_unused overflow a xfs_dablk_t Date: Sun, 29 Dec 2024 14:39:13 +0100 Message-ID: <20241229133927.1194609-11-aalbersh@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org> References: <20241229133350.1192387-1-aalbersh@kernel.org> <20241229133927.1194609-1-aalbersh@kernel.org> Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: "Darrick J. Wong" The directory/xattr code uses xfs_bmap_first_unused to find a contiguous chunk of file range that can hold a particular value. Unfortunately, file offsets are 64-bit quantities, whereas the dir/attr block number type (xfs_dablk_t) is a 32-bit quantity. If an integer truncation occurs here, we will corrupt the file. Therefore, check for a file offset that would truncate and return EFBIG in that case. Signed-off-by: Darrick J. Wong --- fs/xfs/libxfs/xfs_attr_remote.c | 3 +++ fs/xfs/libxfs/xfs_da_btree.c | 3 +++ fs/xfs/libxfs/xfs_da_format.h | 3 +++ 3 files changed, 9 insertions(+) diff --git a/fs/xfs/libxfs/xfs_attr_remote.c b/fs/xfs/libxfs/xfs_attr_remote.c index e90a62c61f28..2bd225b1772c 100644 --- a/fs/xfs/libxfs/xfs_attr_remote.c +++ b/fs/xfs/libxfs/xfs_attr_remote.c @@ -529,6 +529,9 @@ xfs_attr_rmt_find_hole( if (error) return error; + if (lfileoff > XFS_MAX_DABLK) + return -EFBIG; + args->rmtblkno = (xfs_dablk_t)lfileoff; args->rmtblkcnt = blkcnt; diff --git a/fs/xfs/libxfs/xfs_da_btree.c b/fs/xfs/libxfs/xfs_da_btree.c index 17d9e6154f19..6c6c7bab87fb 100644 --- a/fs/xfs/libxfs/xfs_da_btree.c +++ b/fs/xfs/libxfs/xfs_da_btree.c @@ -2308,6 +2308,9 @@ xfs_da_grow_inode_int( if (error) return error; + if (*bno > XFS_MAX_DABLK) + return -EFBIG; + /* * Try mapping it in one filesystem block. */ diff --git a/fs/xfs/libxfs/xfs_da_format.h b/fs/xfs/libxfs/xfs_da_format.h index 48bebcd1e226..ee9635c04197 100644 --- a/fs/xfs/libxfs/xfs_da_format.h +++ b/fs/xfs/libxfs/xfs_da_format.h @@ -748,6 +748,9 @@ struct xfs_attr3_leafblock { */ #define XFS_ATTR_LEAF_NAME_ALIGN ((uint)sizeof(xfs_dablk_t)) +/* Maximum file block offset of a directory or an xattr. */ +#define XFS_MAX_DABLK ((xfs_dablk_t)-1U) + static inline int xfs_attr3_leaf_hdr_size(struct xfs_attr_leafblock *leafp) { From patchwork Sun Dec 29 13:39:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13922707 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F165F17E00E for ; Sun, 29 Dec 2024 13:40:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479607; cv=none; b=mi95gGepapVNxcCbiFDyY3P+ShTvEQT+ZH4d/CkYVaaylywjZV4T3RcmqFfiSajPdTINtNtG84xBsiQ4Q9/o7jbe5ucx4OaF1FqN4Zm0+QP/UHKFA3Hd+T9Aoz/zQMWGoQu4MO92rqB2a9KinVOaUQXYBrECLX95K+uy4Fg+chc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479607; c=relaxed/simple; bh=mX0ZmjIkN4wXiz9FOHYvuCekEqK/zLaegkzWaxEbLs8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=iyuBYiuMjDG3UpFPclhRjsaKRNAqubnfKDTLzZdpF6o6Z6zr7GSBB5/qKFwoii1XxSvoeLqFFLe0HhXhP/LNP6OrUzl2xadBhjN/bm9KI2ax+VD/nlsMazU/JPN1NN5XahnS3bwKSiowYm+7xuVcNShyYMcl56ivqVDEQMv6m50= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=gfsX0HLk; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="gfsX0HLk" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1735479605; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EfzzENznNjiArzXXpC/lPrIcwVfvkYN0yXyHZK/T2KY=; b=gfsX0HLkykLyLqQfukTionFT4wLzbzVCC/BbmsON7NFunZs0xe8ICfaSwWMXvFofE1DPyn NdYtsYKVMEf3ostT4QZzuHy90TX/NqtNZDXlyS2cYpgIj0L+TiLBbX7vSfMWyD0r9YcPbt /yT8l3t8blAKzyBHOvTZPzkBk/tsRVE= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-459-7M8Xzn2uM02wmF3qEhE0_Q-1; Sun, 29 Dec 2024 08:40:03 -0500 X-MC-Unique: 7M8Xzn2uM02wmF3qEhE0_Q-1 X-Mimecast-MFC-AGG-ID: 7M8Xzn2uM02wmF3qEhE0_Q Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-aa63b02c69cso116626666b.0 for ; Sun, 29 Dec 2024 05:40:03 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735479602; x=1736084402; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=EfzzENznNjiArzXXpC/lPrIcwVfvkYN0yXyHZK/T2KY=; b=EjYKFYEa9XzTJK8o+fVaYms7VY2I2xOD3qcnB+Su2uOhxpZxgETwzPge7CeoWvRbsg ZJXAJFHsNiZ193PZZK0Yt5QczKa0O09ucWo2g4ncCmk4JbZVbwAK+0I2movbRFjtZTbL o1M96ECX5rIfJLeyK27wTPRP/pAfec5YU7lszEf8K5wkpuO5jjYi2h+c1cRqtLZDLKYN fvKCwNJcZPtwfW9ZZuQ11dAPyFIYbhEcky/ndoBY/45EMD74J1sVlQsslxYuM4OMvfsf LcU+Mf2UDiJNXJvQfm9o9kZ26o0axk3OkilNBe5To4sdGnyX34nNbB1MNUjT5+L6yKsr caBw== X-Gm-Message-State: AOJu0YypDgug6OyoVyAeOCDSoJqjbi8hiPlMX27GocRERo4jiJA0A95z up1PQYDwyrRvFw4umVddcmzHfQBQR8Ycs8OetK7vmeE/7hkmeFkfKYL+PshI7huMwinQfx8coi0 AkBXUwoS31/Pi5KPco/m0zfPmdhTsFymtzIvNQcuRO6Mcq97zr3cYnPElTjcS7bn70A8iEr10AS wht7nVcNK57eSUFshVNJ/Td9WbirjOsEjwjwJGg56Q X-Gm-Gg: ASbGncvMri1g458R8G4L2J7EBUgfyZI0D6YvqgcJuhF6x4iXD+rZE5Tl+wkJSKVwAR+ KPmAWYKvqY+8UzAAF6H5QkpGU+7JhE1Izg0wj6asbM8UjAK0DUtskUSKZ171BA/QXJJnXtlHgA/ A+utHA69+tdSNYS6Jf7sD2qWsM5n+b85tjr1ojyTYGJwe9vII9yECozcCf20TOAgxURo81hco4v lKxaXYdBWURIImaT0fXAbpuNbTMGQdZ4MQkGkWRtktWlrpvtSQVo3QqqnY4YYib5Lzz87soajI5 caD0ax3pd3wIh38= X-Received: by 2002:a17:907:2d22:b0:aa6:acbe:1a81 with SMTP id a640c23a62f3a-aac0822b57cmr3499862166b.21.1735479601731; Sun, 29 Dec 2024 05:40:01 -0800 (PST) X-Google-Smtp-Source: AGHT+IESiVurSjCHap/EpvbDpF/hykMB7e+RDuTG0nXUM2jmmvlh2shxU4YyohiAym6IDLMInwArOg== X-Received: by 2002:a17:907:2d22:b0:aa6:acbe:1a81 with SMTP id a640c23a62f3a-aac0822b57cmr3499859766b.21.1735479601387; Sun, 29 Dec 2024 05:40:01 -0800 (PST) Received: from thinky.redhat.com (ip-217-030-074-039.aim-net.cz. [217.30.74.39]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aac0f070a7bsm1355017766b.201.2024.12.29.05.40.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Dec 2024 05:40:00 -0800 (PST) From: Andrey Albershteyn X-Google-Original-From: Andrey Albershteyn To: linux-xfs@vger.kernel.org Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de, Andrey Albershteyn Subject: [PATCH 11/24] xfs: add attribute type for fs-verity Date: Sun, 29 Dec 2024 14:39:14 +0100 Message-ID: <20241229133927.1194609-12-aalbersh@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org> References: <20241229133350.1192387-1-aalbersh@kernel.org> <20241229133927.1194609-1-aalbersh@kernel.org> Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Andrey Albershteyn The Merkle tree blocks and descriptor are stored in the extended attributes of the inode. Add new attribute type for fs-verity metadata. Add XFS_ATTR_INTERNAL_MASK to skip parent pointer and fs-verity attributes as those are only for internal use. While we're at it add a few comments in relevant places that internally visible attributes are not suppose to be handled via interface defined in xfs_xattr.c. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong --- fs/xfs/libxfs/xfs_da_format.h | 11 ++++++++--- fs/xfs/libxfs/xfs_log_format.h | 1 + fs/xfs/xfs_trace.h | 3 ++- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/fs/xfs/libxfs/xfs_da_format.h b/fs/xfs/libxfs/xfs_da_format.h index ee9635c04197..060cedb4c12d 100644 --- a/fs/xfs/libxfs/xfs_da_format.h +++ b/fs/xfs/libxfs/xfs_da_format.h @@ -717,20 +717,24 @@ struct xfs_attr3_leafblock { #define XFS_ATTR_SECURE_BIT 2 /* limit access to secure attrs */ #define XFS_ATTR_PARENT_BIT 3 /* parent pointer attrs */ #define XFS_ATTR_RMCRC_SEL_BIT 4 /* which CRC field is primary */ +#define XFS_ATTR_VERITY_BIT 5 /* verity merkle tree and descriptor */ #define XFS_ATTR_INCOMPLETE_BIT 7 /* attr in middle of create/delete */ #define XFS_ATTR_LOCAL (1u << XFS_ATTR_LOCAL_BIT) #define XFS_ATTR_ROOT (1u << XFS_ATTR_ROOT_BIT) #define XFS_ATTR_SECURE (1u << XFS_ATTR_SECURE_BIT) #define XFS_ATTR_PARENT (1u << XFS_ATTR_PARENT_BIT) #define XFS_ATTR_RMCRC_SEL (1u << XFS_ATTR_RMCRC_SEL_BIT) +#define XFS_ATTR_VERITY (1u << XFS_ATTR_VERITY_BIT) #define XFS_ATTR_INCOMPLETE (1u << XFS_ATTR_INCOMPLETE_BIT) #define XFS_ATTR_NSP_ONDISK_MASK (XFS_ATTR_ROOT | \ XFS_ATTR_SECURE | \ - XFS_ATTR_PARENT) + XFS_ATTR_PARENT | \ + XFS_ATTR_VERITY) /* Private attr namespaces not exposed to userspace */ -#define XFS_ATTR_PRIVATE_NSP_MASK (XFS_ATTR_PARENT) +#define XFS_ATTR_PRIVATE_NSP_MASK (XFS_ATTR_PARENT | \ + XFS_ATTR_VERITY) #define XFS_ATTR_ONDISK_MASK (XFS_ATTR_NSP_ONDISK_MASK | \ XFS_ATTR_LOCAL | \ @@ -740,7 +744,8 @@ struct xfs_attr3_leafblock { { XFS_ATTR_LOCAL, "local" }, \ { XFS_ATTR_ROOT, "root" }, \ { XFS_ATTR_SECURE, "secure" }, \ - { XFS_ATTR_PARENT, "parent" } + { XFS_ATTR_PARENT, "parent" }, \ + { XFS_ATTR_VERITY, "verity" } /* * Alignment for namelist and valuelist entries (since they are mixed diff --git a/fs/xfs/libxfs/xfs_log_format.h b/fs/xfs/libxfs/xfs_log_format.h index 9f1b02a599d2..1d07e12a9a30 100644 --- a/fs/xfs/libxfs/xfs_log_format.h +++ b/fs/xfs/libxfs/xfs_log_format.h @@ -1045,6 +1045,7 @@ struct xfs_icreate_log { #define XFS_ATTRI_FILTER_MASK (XFS_ATTR_ROOT | \ XFS_ATTR_SECURE | \ XFS_ATTR_PARENT | \ + XFS_ATTR_VERITY | \ XFS_ATTR_INCOMPLETE) /* diff --git a/fs/xfs/xfs_trace.h b/fs/xfs/xfs_trace.h index 5c3b8929179d..de937b3770d3 100644 --- a/fs/xfs/xfs_trace.h +++ b/fs/xfs/xfs_trace.h @@ -103,7 +103,8 @@ struct xfs_rtgroup; { XFS_ATTR_ROOT, "ROOT" }, \ { XFS_ATTR_SECURE, "SECURE" }, \ { XFS_ATTR_INCOMPLETE, "INCOMPLETE" }, \ - { XFS_ATTR_PARENT, "PARENT" } + { XFS_ATTR_PARENT, "PARENT" }, \ + { XFS_ATTR_VERITY, "VERITY" } DECLARE_EVENT_CLASS(xfs_attr_list_class, TP_PROTO(struct xfs_attr_list_context *ctx), From patchwork Sun Dec 29 13:39:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13922708 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 84434158858 for ; Sun, 29 Dec 2024 13:40:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479608; cv=none; b=UAhhMiJW6KKIvE8vIrQ7eVV91Xd7CEe7BrznuJ+3Zbmnp+8c5ZZJ+9kcC9n+Y6h0moCuXl08ngdFIDpxBYVD0ZC5MHYmfcF+P0VjUuKH8DW6BA9Z6LmievnhQ32+yrkTyvB3piEwCaH0t/xBovppobGB2IPiB/ZUR8li7jFWrR0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479608; c=relaxed/simple; bh=bRFtmwciGLkLnE3amW3DkrNNqSW4Wq2yLBfn5SeHFns=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=spSUh9aPcIduXKZzwHRDh92p0ostF1uHO8DVZihmL5HEh5tL9+fLZQkBNQDwAXdfGglFz6mOxMDzva9b3O7gN579R8Zt8MA5+Tlkale/DSy1qI5UK/xQX2Zff4u1xTVvVeDWp4H0bPMLdBj0++C+TICEpQ/2KcMPuVJmRgHmkug= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=dy8gSPLf; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="dy8gSPLf" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1735479605; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/tOj4fSNP9GoPdgEKvzjKClHLkqzd6cbpBDc09lPS3A=; b=dy8gSPLfm2R1mF3Bz57SQ83VcEQEjpi2DzzLLF1jrBNHlgVfht5dEHtAE7qcpCfYdQh4XJ qbDwE8IYYg9aPIbFFImLjVU7OZG4joK4bjV55J335OHzHbO5H/5e9AMkWBGiQYqYr4GSKb vcKy+/8YKdh8R5mRHXWrTJv7IcSx6uw= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-349-2U1DPFyPPI60M7KYG_Ldcg-1; Sun, 29 Dec 2024 08:40:04 -0500 X-MC-Unique: 2U1DPFyPPI60M7KYG_Ldcg-1 X-Mimecast-MFC-AGG-ID: 2U1DPFyPPI60M7KYG_Ldcg Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-aa6a7bea04cso243781766b.3 for ; Sun, 29 Dec 2024 05:40:04 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735479602; x=1736084402; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/tOj4fSNP9GoPdgEKvzjKClHLkqzd6cbpBDc09lPS3A=; b=EXvmzX+XtiWRanCopMa/IHnQ0nlesR+B5+4m5IZsANDTGy5uXgN9pJjBFRx3Me8uh/ kceAV8Wpnh+CAC3SGBHn5l2mvhVi4nuyC8Q8owvvCPIxtSN2pc3BqmpU0FXpGdp+Oh3a xHGGx9O48fRnroRj0LYssjGVqysHtJwIPYgr7RRLDVjsYwHlIvhJNxAUC6dISz5fUnrY YF3RU+vAR6CpDnjwSJH6NfgFpmQFr1q4DeZ7L2TxNE4V2Sm2RpqTj7kp1HCDUrvQqC5i DQbsYeKIT3dquViHSINmzscwzeoQn09S+O1X2lJHxXxZnv7fw1EK4ZdtCk8cWkLmD/Hw CZRw== X-Gm-Message-State: AOJu0YwkYNZMzKlR3QsMQ6bO7HwBGPsI1z8m8xQB9DndtmE5nbxzPu8K ccv7hRwyFgcAfQqygH4/8/CjtFoqLUoBpdZbYXKkBT20mhvWXkqh1lXbfd6btnNb0wA5l5VXSbO D2XueoKbL0Bnj4HC/yHmsgUSYNd8HelnXxnAL74vdFRp/CAuxjLM74kKGmhiear6xPCc0vm2OpO kMA9mtJV91vsudgSHbp9tH44bjRIhS4SzApIP8d7ym X-Gm-Gg: ASbGncuA9zaVf32oP7C3NU3YEN8PVBZCPcyu8B79uec3DXv4kpOIoX6Tm4E8LdBFyKZ nnWsycKD6i2LS9jOKqx1ywkoCKww0Bi5WrM33EqXWGy709D5NGeiCkExJfcUCTPGqFR6LUQCZBg 633HDOpfGziKBuX5oHUNDnbYvaGoxb1e9ouEifc/4Vxe4S9GJVddpXRnkvbtQWRtK1gEMo8tU97 +cBX0aR18HL2UjxAYdEQZLhZGJBgij9PKomldpnzFV/fEXSb0cjQnp3kOMKohXtneRigH7ZyoSi 779qaSEHHE8o5mg= X-Received: by 2002:a17:907:7f16:b0:aaf:f1a:d2ad with SMTP id a640c23a62f3a-aaf0f1ade0amr1304236866b.50.1735479602476; Sun, 29 Dec 2024 05:40:02 -0800 (PST) X-Google-Smtp-Source: AGHT+IG3Mlda80/RXUxGcSdIzyLpvbDO3719L/Gv9NTXhSWTa0dJDJQZESB9xr0XFQR3seuHjVuK3g== X-Received: by 2002:a17:907:7f16:b0:aaf:f1a:d2ad with SMTP id a640c23a62f3a-aaf0f1ade0amr1304234366b.50.1735479602056; Sun, 29 Dec 2024 05:40:02 -0800 (PST) Received: from thinky.redhat.com (ip-217-030-074-039.aim-net.cz. [217.30.74.39]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aac0f070a7bsm1355017766b.201.2024.12.29.05.40.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Dec 2024 05:40:01 -0800 (PST) From: Andrey Albershteyn X-Google-Original-From: Andrey Albershteyn To: linux-xfs@vger.kernel.org Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de, Andrey Albershteyn Subject: [PATCH 12/24] xfs: add fs-verity ro-compat flag Date: Sun, 29 Dec 2024 14:39:15 +0100 Message-ID: <20241229133927.1194609-13-aalbersh@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org> References: <20241229133350.1192387-1-aalbersh@kernel.org> <20241229133927.1194609-1-aalbersh@kernel.org> Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Andrey Albershteyn To mark inodes with fs-verity enabled the new XFS_DIFLAG2_VERITY flag will be added in further patch. This requires ro-compat flag to let older kernels know that fs with fs-verity can not be modified. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong --- fs/xfs/libxfs/xfs_format.h | 1 + fs/xfs/libxfs/xfs_sb.c | 2 ++ fs/xfs/xfs_mount.h | 2 ++ 3 files changed, 5 insertions(+) diff --git a/fs/xfs/libxfs/xfs_format.h b/fs/xfs/libxfs/xfs_format.h index 334ca8243b19..aefeda01f60f 100644 --- a/fs/xfs/libxfs/xfs_format.h +++ b/fs/xfs/libxfs/xfs_format.h @@ -372,6 +372,7 @@ xfs_sb_has_compat_feature( #define XFS_SB_FEAT_RO_COMPAT_RMAPBT (1 << 1) /* reverse map btree */ #define XFS_SB_FEAT_RO_COMPAT_REFLINK (1 << 2) /* reflinked files */ #define XFS_SB_FEAT_RO_COMPAT_INOBTCNT (1 << 3) /* inobt block counts */ +#define XFS_SB_FEAT_RO_COMPAT_VERITY (1 << 4) /* fs-verity */ #define XFS_SB_FEAT_RO_COMPAT_ALL \ (XFS_SB_FEAT_RO_COMPAT_FINOBT | \ XFS_SB_FEAT_RO_COMPAT_RMAPBT | \ diff --git a/fs/xfs/libxfs/xfs_sb.c b/fs/xfs/libxfs/xfs_sb.c index 20395ba66b94..9945ad33a460 100644 --- a/fs/xfs/libxfs/xfs_sb.c +++ b/fs/xfs/libxfs/xfs_sb.c @@ -165,6 +165,8 @@ xfs_sb_version_to_features( features |= XFS_FEAT_REFLINK; if (sbp->sb_features_ro_compat & XFS_SB_FEAT_RO_COMPAT_INOBTCNT) features |= XFS_FEAT_INOBTCNT; + if (sbp->sb_features_ro_compat & XFS_SB_FEAT_RO_COMPAT_VERITY) + features |= XFS_FEAT_VERITY; if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_FTYPE) features |= XFS_FEAT_FTYPE; if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_SPINODES) diff --git a/fs/xfs/xfs_mount.h b/fs/xfs/xfs_mount.h index 1fa4a57421c3..dab6bc3ae0cf 100644 --- a/fs/xfs/xfs_mount.h +++ b/fs/xfs/xfs_mount.h @@ -331,6 +331,7 @@ typedef struct xfs_mount { #define XFS_FEAT_EXCHANGE_RANGE (1ULL << 27) /* exchange range */ #define XFS_FEAT_METADIR (1ULL << 28) /* metadata directory tree */ #define XFS_FEAT_DXATTR (1ULL << 29) /* directly mapped xattrs */ +#define XFS_FEAT_VERITY (1ULL << 30) /* fs-verity */ /* Mount features */ #define XFS_FEAT_NOATTR2 (1ULL << 48) /* disable attr2 creation */ @@ -388,6 +389,7 @@ __XFS_HAS_FEAT(large_extent_counts, NREXT64) __XFS_HAS_FEAT(exchange_range, EXCHANGE_RANGE) __XFS_HAS_FEAT(metadir, METADIR) __XFS_HAS_FEAT(dxattr, DXATTR) +__XFS_HAS_FEAT(verity, VERITY) static inline bool xfs_has_rtgroups(struct xfs_mount *mp) { From patchwork Sun Dec 29 13:39:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13922709 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3E127172767 for ; Sun, 29 Dec 2024 13:40:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479609; cv=none; b=p5T1YA0ixB3bG/Y1iKdlKxnZx8QlnHNH2E1aw3yFSL8oYc2rcY/ZevtU1rzTRULsT5+sk97NYPZM65tE27sw57uJKm4t9gpT7FeoO5th2xUMFmyGXo08sAfWsLjlKbHBgtzi5QNdq5WDvaROwBPBbM3u4dqR/SBoUtboIKf8S/o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479609; c=relaxed/simple; bh=ar1k2/FktHgAAFIVZAcUmwjkf5d52p2g0CTD+fKLkMc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=pp+q0jK2nOXu69qNCyUVDA/BoUFwmq0jd7TEr/NzALY7VVRLYnh/N5FLxZ8LTIaZvcwHrtYt4nObMRIeJ2gqq6jyqMNaYM1lzdFjJfDXBcOVhkC62sKCDJSwTUHVgT0nOo3IsFztazlujVl+YTswBbBfPS5ydcJtjWjhN4I2Y4c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=a91KL4e8; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="a91KL4e8" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1735479607; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=J5cP+QZWQKVsyjYSN5k7dzWdWw44VtuDeCRQbuPFX0g=; b=a91KL4e8eygEcz6FYA+8DtwaumShaiTMTNZc3ODhOcX50AdYl/fBGmfyz4D1Qy7wbgsnA0 4jkpZixxbJe6uBmWeVnI5i9ZiCOmxdLvLgVityCAwJovhNyTptYCoxNNM8TXRlICq7EB64 VopJthjqWesO0wH+24TlNT69Hlu2iN8= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-27-nSuT23LzOhqdCZ6Po9ykvQ-1; Sun, 29 Dec 2024 08:40:06 -0500 X-MC-Unique: nSuT23LzOhqdCZ6Po9ykvQ-1 X-Mimecast-MFC-AGG-ID: nSuT23LzOhqdCZ6Po9ykvQ Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-aa66f6ce6bfso624232266b.2 for ; Sun, 29 Dec 2024 05:40:05 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735479605; x=1736084405; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=J5cP+QZWQKVsyjYSN5k7dzWdWw44VtuDeCRQbuPFX0g=; b=S1VEssHMIXVbVAUDIndUGyB/1NesqRjHmAnxwF4R+cjcctMqjolgc9rshYHxe1kYg2 ZZnKPp5XeL8eRblxlRUxqiAMzT/z+jUQnU33/tfzo35CViX4+ydLfnnh8owi5sH+/XH1 OjX30BEkm5D658gqAaSyYCfrPnmX/70xmh37LwVhg0y7LgvogK1QCRseN/Y/rC9FyI4X SH4qE4jEpp9Cde4tpWAAcSuh1sOP3JZhUhHD1kcpaG6Mr8jlZg1eA1e/QhWKKk0fQf95 rewSMo0s/2iu0w1AcxuZP2J6ZjS+hOGhPF02pKRwTojp4tc3wZb6mXEg6WSTBV0tMhSY Lt/g== X-Gm-Message-State: AOJu0YzUYJrnhSwHhhLqLQWyD2Yl+v2AFb6nPdvq3AobS7TggoV5b11p xvasxHHV2FrsDwSR9ENrdn3T3T375ShVIYNlAsoFsTOr1bT1QZ5WcuU6zuS8AEpPow2TMHZSgZe ULjAnJFX2F+7h/FOfDO8mNqrA492LWqLOYzcMusY1DPu471sg1eDKqjAwVxfaia8SPF+l9WZdbJ AENKFtRdsClb0IVchBIIkQvbUGjzOigdGKGty4ND8S X-Gm-Gg: ASbGncsSZV9WBlyrg921T2NFRrOnJbhRiL08N1KeWg6+9oIDdzYc5CHrjL582cnOs8s Xo3AIAFcPJ61DS5Sk+GqXf/qDehK1tA1UDLuwzfWpnSxD0DHYhP/BZf6NQmXH6jCf0CFP9zUimF Edou8xIZWaCOfqBEBPzPoWbnrJDZ1YVsKHTYGtw3ZtrRntJkXZfX5CsGXvXmCO2TN8PN2N5q+7f /ACuj7t3g45bJd825bnir2yaWH7HYxgtCu3ezghwpnFQqSModuQajqqS2tFVRU9+CoNjYUTZX4M C//bvGK+iqPUl8s= X-Received: by 2002:a17:906:7314:b0:aa6:8cbc:8d15 with SMTP id a640c23a62f3a-aac2ad9e06emr2706267466b.14.1735479604631; Sun, 29 Dec 2024 05:40:04 -0800 (PST) X-Google-Smtp-Source: AGHT+IHP2U/7oLFtoQ08rBDq9ryh04pkSlc4zo/DAqh+/5wuZ7zAW9M922x7J9FSH1dC9Ep4uTZaOg== X-Received: by 2002:a17:906:7314:b0:aa6:8cbc:8d15 with SMTP id a640c23a62f3a-aac2ad9e06emr2706264366b.14.1735479604195; Sun, 29 Dec 2024 05:40:04 -0800 (PST) Received: from thinky.redhat.com (ip-217-030-074-039.aim-net.cz. [217.30.74.39]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aac0f070a7bsm1355017766b.201.2024.12.29.05.40.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Dec 2024 05:40:02 -0800 (PST) From: Andrey Albershteyn X-Google-Original-From: Andrey Albershteyn To: linux-xfs@vger.kernel.org Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de, Andrey Albershteyn Subject: [PATCH 13/24] xfs: add inode on-disk VERITY flag Date: Sun, 29 Dec 2024 14:39:16 +0100 Message-ID: <20241229133927.1194609-14-aalbersh@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org> References: <20241229133350.1192387-1-aalbersh@kernel.org> <20241229133927.1194609-1-aalbersh@kernel.org> Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Andrey Albershteyn Add flag to mark inodes which have fs-verity enabled on them (i.e. descriptor exist and tree is built). Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong --- fs/xfs/libxfs/xfs_format.h | 7 ++++++- fs/xfs/libxfs/xfs_inode_buf.c | 8 ++++++++ fs/xfs/libxfs/xfs_inode_util.c | 2 ++ fs/xfs/xfs_iops.c | 2 ++ 4 files changed, 18 insertions(+), 1 deletion(-) diff --git a/fs/xfs/libxfs/xfs_format.h b/fs/xfs/libxfs/xfs_format.h index aefeda01f60f..df84c275837d 100644 --- a/fs/xfs/libxfs/xfs_format.h +++ b/fs/xfs/libxfs/xfs_format.h @@ -1215,16 +1215,21 @@ static inline void xfs_dinode_put_rdev(struct xfs_dinode *dip, xfs_dev_t rdev) */ #define XFS_DIFLAG2_METADATA_BIT 5 +/* Inode sealed by fsverity */ +#define XFS_DIFLAG2_VERITY_BIT 6 + #define XFS_DIFLAG2_DAX (1ULL << XFS_DIFLAG2_DAX_BIT) #define XFS_DIFLAG2_REFLINK (1ULL << XFS_DIFLAG2_REFLINK_BIT) #define XFS_DIFLAG2_COWEXTSIZE (1ULL << XFS_DIFLAG2_COWEXTSIZE_BIT) #define XFS_DIFLAG2_BIGTIME (1ULL << XFS_DIFLAG2_BIGTIME_BIT) #define XFS_DIFLAG2_NREXT64 (1ULL << XFS_DIFLAG2_NREXT64_BIT) #define XFS_DIFLAG2_METADATA (1ULL << XFS_DIFLAG2_METADATA_BIT) +#define XFS_DIFLAG2_VERITY (1ULL << XFS_DIFLAG2_VERITY_BIT) #define XFS_DIFLAG2_ANY \ (XFS_DIFLAG2_DAX | XFS_DIFLAG2_REFLINK | XFS_DIFLAG2_COWEXTSIZE | \ - XFS_DIFLAG2_BIGTIME | XFS_DIFLAG2_NREXT64 | XFS_DIFLAG2_METADATA) + XFS_DIFLAG2_BIGTIME | XFS_DIFLAG2_NREXT64 | XFS_DIFLAG2_METADATA | \ + XFS_DIFLAG2_VERITY) static inline bool xfs_dinode_has_bigtime(const struct xfs_dinode *dip) { diff --git a/fs/xfs/libxfs/xfs_inode_buf.c b/fs/xfs/libxfs/xfs_inode_buf.c index 424861fbf1bd..9ba57a1efa50 100644 --- a/fs/xfs/libxfs/xfs_inode_buf.c +++ b/fs/xfs/libxfs/xfs_inode_buf.c @@ -726,6 +726,14 @@ xfs_dinode_verify( if ((flags2 & XFS_DIFLAG2_REFLINK) && (flags & XFS_DIFLAG_REALTIME)) return __this_address; + /* only regular files can have fsverity */ + if (flags2 & XFS_DIFLAG2_VERITY) { + if (!xfs_has_verity(mp)) + return __this_address; + if ((mode & S_IFMT) != S_IFREG) + return __this_address; + } + /* COW extent size hint validation */ fa = xfs_inode_validate_cowextsize(mp, be32_to_cpu(dip->di_cowextsize), mode, flags, flags2); diff --git a/fs/xfs/libxfs/xfs_inode_util.c b/fs/xfs/libxfs/xfs_inode_util.c index deb0b7c00a1f..d2bbb4ca1ecd 100644 --- a/fs/xfs/libxfs/xfs_inode_util.c +++ b/fs/xfs/libxfs/xfs_inode_util.c @@ -126,6 +126,8 @@ xfs_ip2xflags( flags |= FS_XFLAG_DAX; if (ip->i_diflags2 & XFS_DIFLAG2_COWEXTSIZE) flags |= FS_XFLAG_COWEXTSIZE; + if (ip->i_diflags2 & XFS_DIFLAG2_VERITY) + flags |= FS_XFLAG_VERITY; } if (xfs_inode_has_attr_fork(ip)) diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c index 207e0dadffc3..47203b8923aa 100644 --- a/fs/xfs/xfs_iops.c +++ b/fs/xfs/xfs_iops.c @@ -1286,6 +1286,8 @@ xfs_diflags_to_iflags( flags |= S_NOATIME; if (init && xfs_inode_should_enable_dax(ip)) flags |= S_DAX; + if (xflags & FS_XFLAG_VERITY) + flags |= S_VERITY; /* * S_DAX can only be set during inode initialization and is never set by From patchwork Sun Dec 29 13:39:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13922710 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2FF08158858 for ; Sun, 29 Dec 2024 13:40:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479610; cv=none; b=YL/Er3JLiVQ25AESFzBUSk6Wf7ZgrMWQpV4q3dBXIJ8lz4lisyS8T+QV4ydM6Zcfe1UVc8nbxPqIdMHLpqyPCqHkP0bTREyrg5m5n7RfXtCbeAkBlfNtk7YubiZDaYp6kVApQLgRb51ptwM4+qtk9/WXGaSf8i8eeLQEhIa4X5w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479610; c=relaxed/simple; bh=93/3urfxAt0DpQZHCjcjAoUb/WZncQAKA6xs5MIkCR8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=hf8x0bXDG7U/ZnU830qYXufiR1IEf8mnBPPe8d2JBbG/+mHUb2rxA5ApwuPt17NWb1G3x3jhRfseKKwo2mVDCynB05DiSal9EZdoX5tFBzvdQRBh0+IbpP7/Wp/eJUVJ8RErhdd3CvYtDPxnQStiA4MhxUyA/y1HU9hFh1Y01lU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=E6odcVmD; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="E6odcVmD" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1735479608; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=J1do80XOcI2G1ofCeVFUgjbKOVIrTOij9h2lmh48ylI=; b=E6odcVmDIXxTbsVvFHwUX0enTrxMzovJeGbNBTxSJbl5UinPeLoUOJne6tFs91adKwWdXR DEGstWs4D9KOcNsBHZKYMXLHqc8HArUzcql1/c8A+j4UZ3nRYaWQLKlKu1uctYL8q9/5wH XTwdMds9KV5/gWo294HbmJNm6PXiFRQ= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-692-dVHNCpkPPgeTg3547nHMFw-1; Sun, 29 Dec 2024 08:40:06 -0500 X-MC-Unique: dVHNCpkPPgeTg3547nHMFw-1 X-Mimecast-MFC-AGG-ID: dVHNCpkPPgeTg3547nHMFw Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-aa6704ffcaeso74782566b.2 for ; Sun, 29 Dec 2024 05:40:06 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735479605; x=1736084405; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=J1do80XOcI2G1ofCeVFUgjbKOVIrTOij9h2lmh48ylI=; b=Gg9s6H15M2RmRnfkV/pv3f4Po/WWMttu2at6Vf2IesQkn2CUVnmcYqd08PxFoaJ6AU mdxfuKiJc1A7lUu5Oe5nWt+gXX1njx319//P+rr7VREnpqxE6klr2lFT+CBxO6+tK6eO N5F0tH++anmUon5BMvvOVR+4gF5Mrxb9ZaaGA+L2sD3C4+dqZf44WsGPVj/SrG5c+fAT kRmMFylu0KTRAcnR8oTjo6NQK2z+QDEzrOQyO09W48HXtsPbYxPl+H3/vHSfZ0Ax2GS8 FinP0ZtBBZimBdsQlBgy+NHnI/+EW6eYcRvEePvgyNU4dciyhAU9RRj78/3qPrnPr4JL SgOQ== X-Gm-Message-State: AOJu0Yw40V9bH7AZy8ipXU9oOt9HeHJvSmJPghmlbob+RJ1QNzEuCBiI VV/abJjKR5EeiddgckMM51J6mc/NznzR6tkGEx3Mbl+MKRd7EF3Q10nCG8tyW6ab/G0jBaqmCg0 qhDO6T8EEKFE+5lwP6OVaTqfQCvSi7RPgrVVMRPecVPFwiFHfLhMi/qxefAVMSV1QQOF+6iDi45 Siw+q5L05nKczD3HQ78gHmgGcRqVFHp/L5Di0f+KCA X-Gm-Gg: ASbGncsHEceyBbg4XCnHOHY7wGoAEV1JPz0Td8qz1zb3IcY6bwOy1iD+vU1kEg6A0V4 /b/E3HPPNo7L1FKiYxRnyaYM7e2QAWQ6YwurRMfJGHZPeR4Ze9RnLCVsROFBwS7jid8TkCKNtnh 8+rh4Iyzpq5h+JV7Y7hQBowuEE4XxLLzXGgHZGbbAWiJqL6NrpnjL9FRpyACMRMaB/BO3DVX5iQ gxSxKpKmhr6WOSwesn9ksogNFgg3jA2rbS/DwlrkXUDnPOi/sZqGA1VEIxYi5sZXqtdAjmk+oV3 Dh/auA6cUv92gGg= X-Received: by 2002:a17:907:c10:b0:aa6:74a9:ce6e with SMTP id a640c23a62f3a-aac2ad7fa23mr2903232866b.16.1735479605459; Sun, 29 Dec 2024 05:40:05 -0800 (PST) X-Google-Smtp-Source: AGHT+IEQdExpM/5xnKmqWZ+rvOxhXWJzEx3mF6IZbQt+z1C4g4X4iEwQh6xlIVlsOHjMh9p9LQdNzQ== X-Received: by 2002:a17:907:c10:b0:aa6:74a9:ce6e with SMTP id a640c23a62f3a-aac2ad7fa23mr2903230266b.16.1735479605040; Sun, 29 Dec 2024 05:40:05 -0800 (PST) Received: from thinky.redhat.com (ip-217-030-074-039.aim-net.cz. [217.30.74.39]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aac0f070a7bsm1355017766b.201.2024.12.29.05.40.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Dec 2024 05:40:04 -0800 (PST) From: Andrey Albershteyn X-Google-Original-From: Andrey Albershteyn To: linux-xfs@vger.kernel.org Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de, Andrey Albershteyn Subject: [PATCH 14/24] xfs: initialize fs-verity on file open and cleanup on inode destruction Date: Sun, 29 Dec 2024 14:39:17 +0100 Message-ID: <20241229133927.1194609-15-aalbersh@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org> References: <20241229133350.1192387-1-aalbersh@kernel.org> <20241229133927.1194609-1-aalbersh@kernel.org> Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Andrey Albershteyn fs-verity will read and attach metadata (not the tree itself) from a disk for those inodes which already have fs-verity enabled. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong --- fs/xfs/xfs_file.c | 8 ++++++++ fs/xfs/xfs_super.c | 2 ++ 2 files changed, 10 insertions(+) diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c index 9a435b1ff264..67381e728b41 100644 --- a/fs/xfs/xfs_file.c +++ b/fs/xfs/xfs_file.c @@ -32,6 +32,7 @@ #include #include #include +#include static const struct vm_operations_struct xfs_file_vm_ops; @@ -1258,11 +1259,18 @@ xfs_file_open( struct inode *inode, struct file *file) { + int error; + if (xfs_is_shutdown(XFS_M(inode->i_sb))) return -EIO; file->f_mode |= FMODE_NOWAIT | FMODE_CAN_ODIRECT; if (xfs_inode_can_atomicwrite(XFS_I(inode))) file->f_mode |= FMODE_CAN_ATOMIC_WRITE; + + error = fsverity_file_open(inode, file); + if (error) + return error; + return generic_file_open(inode, file); } diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c index 4ab93adaab0c..3de6717e4fad 100644 --- a/fs/xfs/xfs_super.c +++ b/fs/xfs/xfs_super.c @@ -52,6 +52,7 @@ #include #include #include +#include static const struct super_operations xfs_super_operations; @@ -678,6 +679,7 @@ xfs_fs_destroy_inode( ASSERT(!rwsem_is_locked(&inode->i_rwsem)); XFS_STATS_INC(ip->i_mount, vn_rele); XFS_STATS_INC(ip->i_mount, vn_remove); + fsverity_cleanup_inode(inode); xfs_inode_mark_reclaimable(ip); } From patchwork Sun Dec 29 13:39:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13922711 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 214DD17B50A for ; Sun, 29 Dec 2024 13:40:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479611; cv=none; b=aKTajIDrGwIO+KyQP32FKatJ9X0pS55nxLEJ6UVdwITiL22MvnPK0QtO/PWxlCaaoTXIN5dnvydhLue32iCLF7VnpbqpD1wFzL7epOoSGMZKq+TuNkcu1hfzzUzIz/yiQiiwy0Jp0rHh44pf8HgxsK/mq3JsAnOmDXGK/bq5yrw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479611; c=relaxed/simple; bh=iVAvD5S6+YCutnI9hQ8VPIEtzQUgRwMGkFQ+P22Z8a0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=a5n40ZLYmeggCJYKXvWKQPnvicQRKTi3oVI65y5Qb3YTJXrHIfUOvvHY1k3uE+1lsXjjTyh1BRbux2sVAWbrrL2PkRaWonOu6AkH8gPVsZlINE6yaqPG81W9ku170QVIv2lqO3BWo+WZLpfAOSXtB8ayU5vSFDT+ezIOIlJBFXE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=Vy/DTKPm; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="Vy/DTKPm" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1735479609; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YElkSPrbhFHpSRjF4mCmp1Gp8kG42SIKQZMkph0MDjI=; b=Vy/DTKPmehaOujL6GCzGYJTqIpo/ANKeQLfTzOjqqO174Q2Vs6GXQ8Jj1Fvp8QEv+7q2ye 1rGjEPdtTF/mOZ/JBt7cr/5IX3YHSnfjFHW7RDYDHYm0fhIXn+itkWOBJetiJ73VF/fUyw bkKmWYwZSqNFKk+cR6cF/xNPcM1pZ2c= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-390--aWfsFsKOnKlSD_Fi9Q8VA-1; Sun, 29 Dec 2024 08:40:07 -0500 X-MC-Unique: -aWfsFsKOnKlSD_Fi9Q8VA-1 X-Mimecast-MFC-AGG-ID: -aWfsFsKOnKlSD_Fi9Q8VA Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-aab9f30ac00so682893966b.3 for ; Sun, 29 Dec 2024 05:40:07 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735479606; x=1736084406; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YElkSPrbhFHpSRjF4mCmp1Gp8kG42SIKQZMkph0MDjI=; b=IvbiOLQBTg6Pt9tondpHKogFR9ra1iiux0q8HcuOyXRAQNFBP7iNxHGAXoMrXTYHqG DdtW9fwVGKJYEKMzLIjbQVb+6yF5BYod7Lm6pm9fy23ycjo0Uj7FVVee4iKIj7BX6iJ8 OI3a04aqW/ueQsLBBrI/IVc297EaLIjRYFmTRuvaJ57KEK9pJKTtyLWLMHndO9PPPDKi vtOUrILnLHJNpTVYaPNinZWh1J+y2YtPOAx0uj6ZeQLNdAsr9iyC6yfhxBpDYUeXwfmG 0EPT3M2ZDLySEUd9DrEViLVyXYHXNNr6owEmM5M2wE2bP2FJfNGWCNjuMYj7UJgbQMan RLiw== X-Gm-Message-State: AOJu0YzXCnyhWAyjbvi3/7AMI+UmsiTI57gfGV5KNQWbNNpz6XViW4Ea E0UuH/b7oXIaZuyO/RrpDW/8Y7ai8kEJDt8JBV3d2yUnBywTDE9TuuQZxu6Tk3vz/PQWDhsfl0H yP0bhE7qJXiR+dQr5QccFevqFBpDKA/kY543nAYOmJVZSI/YG/Jeusx4FXTJ2z/myWxhD38UvuM a04cgwLyRM6REFNI5LmLdwC78f+xvuUFuPIdpTToI4 X-Gm-Gg: ASbGncver8SV2iYuCYvyqQYoLMX8m7ZuAFzfiJUTKJJULk39mO759qIurpKm3+6bjTF qNJgI2L0hzKOC3RpV0mOiPe9EZ1zD//qHvIYddLeCQOcMZDu2PvfRYQmOvKc4ywXVNPNJZezR5w epZwQtiVExHMRA3fRZw9jkeqh1CKSus4XOC+Hra1Jm05tLfuFo16s8ujwCdp9WcAPYDUsJzHprH B1XRGx15GQNKLQZYrjSRMsfsqSaXm1IMtroRA6wbudZNOXQIpmVieo5m0rZ2JyIejDXgdqf3s68 +NZ4d1O+dDO1ZG8= X-Received: by 2002:a17:907:94c6:b0:aa6:79fa:b47d with SMTP id a640c23a62f3a-aac2703375bmr2936803466b.1.1735479606090; Sun, 29 Dec 2024 05:40:06 -0800 (PST) X-Google-Smtp-Source: AGHT+IE78NsMqEWexSxeC+63+yl7zVA9oxry3VtbaABTlYThWwLJjvBcHh9EwOIiyUvq8LI7f0YceQ== X-Received: by 2002:a17:907:94c6:b0:aa6:79fa:b47d with SMTP id a640c23a62f3a-aac2703375bmr2936800966b.1.1735479605618; Sun, 29 Dec 2024 05:40:05 -0800 (PST) Received: from thinky.redhat.com (ip-217-030-074-039.aim-net.cz. [217.30.74.39]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aac0f070a7bsm1355017766b.201.2024.12.29.05.40.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Dec 2024 05:40:05 -0800 (PST) From: Andrey Albershteyn X-Google-Original-From: Andrey Albershteyn To: linux-xfs@vger.kernel.org Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de, Andrey Albershteyn Subject: [PATCH 15/24] xfs: don't allow to enable DAX on fs-verity sealed inode Date: Sun, 29 Dec 2024 14:39:18 +0100 Message-ID: <20241229133927.1194609-16-aalbersh@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org> References: <20241229133350.1192387-1-aalbersh@kernel.org> <20241229133927.1194609-1-aalbersh@kernel.org> Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Andrey Albershteyn fs-verity doesn't support DAX. Forbid filesystem to enable DAX on inodes which already have fs-verity enabled. The opposite is checked when fs-verity is enabled, it won't be enabled if DAX is. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong [djwong: fix typo in subject] Signed-off-by: Darrick J. Wong --- fs/xfs/xfs_iops.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c index 47203b8923aa..d653ae6b1636 100644 --- a/fs/xfs/xfs_iops.c +++ b/fs/xfs/xfs_iops.c @@ -1258,6 +1258,8 @@ xfs_inode_should_enable_dax( return false; if (!xfs_inode_supports_dax(ip)) return false; + if (ip->i_diflags2 & XFS_DIFLAG2_VERITY) + return false; if (xfs_has_dax_always(ip->i_mount)) return true; if (ip->i_diflags2 & XFS_DIFLAG2_DAX) From patchwork Sun Dec 29 13:39:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13922712 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 373701802AB for ; Sun, 29 Dec 2024 13:40:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479611; cv=none; b=SawIVvCPSvtTPQxYgaHGAvD67sSnUhDBuBIR7M+HB0B+eTGwDW82LIoj9x2vn+Oe3s7l0VlDqMFDyykGcRuT2RCQJzp4MC7WadGCuC8IMoV/775a9YEdmQqXHch7NKYZg4xtkrmDk53dBqWbuBQGdBhC9h69I4z9NjmRNfn3CBs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479611; c=relaxed/simple; bh=2etNIHJX1cUMBUrOy3mjDINBs4hdyJ1LNN60xaPcMoY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ubARM/BgU7GNxPZMYeCTfemFelz4hdq89HFYlSjWFXiEPU8AJiX1uN8YUi5wnMb9xMGqThndiCfWAgAnj+82kO7iCgTz8cwKosE0wMZvdyUNXvv0eRIj0wZ5TpVOq5TMuvLQRkq1Fd8G+FledfxHhnysppd0TGppMhD/E1gEmnQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=f4hYHnKc; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="f4hYHnKc" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1735479609; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8KXtwd7kZb511gKUyjHXPqRvu6lVG9Lwj5SXMU90UaE=; b=f4hYHnKcWs2ALKfLDrrAcwOTWKddEdazEsjUXpVPmpy8+mObLHBtDtlGKM+jmFCfPIi2LD 04Q1GjWZOh8uB0EEseQfjuznaRYXYSOPnEKvKKlQh4q3286gHZcXYLZD/ytHAhzBQdZgBq LyO+i5P4HWoZsN5evIUM8PfS3+cRJVI= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-100-t4biDXTkMVyEKyc_IR-pLA-1; Sun, 29 Dec 2024 08:40:08 -0500 X-MC-Unique: t4biDXTkMVyEKyc_IR-pLA-1 X-Mimecast-MFC-AGG-ID: t4biDXTkMVyEKyc_IR-pLA Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-aa67fcbb549so143095766b.0 for ; Sun, 29 Dec 2024 05:40:08 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735479607; x=1736084407; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8KXtwd7kZb511gKUyjHXPqRvu6lVG9Lwj5SXMU90UaE=; b=KTah/U73gXsDS8/IbYwUzccnWwJuOVMy+nm3x8pUZiSET8ve4sohofiDnNRW6tNl3T vRMF0u0lqWQXknBBBUjyBa40ZhKrD6HQ0eMaSwl7SWOCDPbjoU1RgqNx/c4VZPYOEj4h N6MoBj3RPlwJfYajumP3Uc3liPA4aWzzqh9SNNYi9Y77FO+W7gzm/JqNsxEgPH7JCJbQ hKv6xHYFUlkT32sbeAgmm0TQOTqVHrt4cFtq/7TEJH0b0RuSflsQ9BiMTOQ5FcoHNoxz Syi1jcW065Co2axc4cYmdB/M04n/lLs5HQ7op1OuWWc0leN/4oFbMeXaLMftegXC1PBA KbtQ== X-Gm-Message-State: AOJu0Yxs7iuOa+ip1Kk++5+e3gQMApHj8eyN4SsDZ3QqtzpoCroPioME iRUDkTEkdqV/qwvWmzbC3hULkFC87/h1WjB886iebt8LzRpMQgmY7BEinD4HS7PyOKgY/NlClNC 3xCx8gkRMuvRQ3bBAnLHdbaL++rw7UKgki8XTGDodqo8niHN5F1R3Ef26L+fhNQ3umPK+grif/b iINn9/4bdRi5sNWYXyJTMvM0wiVMAqjiALz/zb8AoT X-Gm-Gg: ASbGnctDwMCYiUk0P3N1IiRUuFWcuwwUsJrqm1oNNzBwL24AZZ8tWD38/RyYTq2QQDU mwqtFiS27VdQaOIDi+TV20szFDlg239QBz8da5YI/mVocpOTCqRaJSFO3T3hIh69hVf+Hrp2Q44 VAJm+QKuW6ac8qlr5uG2KZ69Ent7e0oim20hwVEadx6ltBbS2fwywheCjmMdrbygqs2ikspK+w4 FJxnZneC49bQ5xeDjN703wToIgrj348kkEjsK6iqF20e23R3GFHCQddCqniJOkG994ISoOLcXGH NBSiu9K91vX7usw= X-Received: by 2002:a17:907:268d:b0:aa6:b4b3:5925 with SMTP id a640c23a62f3a-aac2ad8476amr2333806766b.14.1735479606807; Sun, 29 Dec 2024 05:40:06 -0800 (PST) X-Google-Smtp-Source: AGHT+IG3WMifOpNbSrxeq/36j9lI+SK6BZmNFICjeFonwIixpoqpLF3eVg6K0vE5WGYmjQ8braAAvA== X-Received: by 2002:a17:907:268d:b0:aa6:b4b3:5925 with SMTP id a640c23a62f3a-aac2ad8476amr2333804566b.14.1735479606327; Sun, 29 Dec 2024 05:40:06 -0800 (PST) Received: from thinky.redhat.com (ip-217-030-074-039.aim-net.cz. [217.30.74.39]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aac0f070a7bsm1355017766b.201.2024.12.29.05.40.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Dec 2024 05:40:05 -0800 (PST) From: Andrey Albershteyn X-Google-Original-From: Andrey Albershteyn To: linux-xfs@vger.kernel.org Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de, Andrey Albershteyn Subject: [PATCH 16/24] xfs: disable direct read path for fs-verity files Date: Sun, 29 Dec 2024 14:39:19 +0100 Message-ID: <20241229133927.1194609-17-aalbersh@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org> References: <20241229133350.1192387-1-aalbersh@kernel.org> <20241229133927.1194609-1-aalbersh@kernel.org> Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Andrey Albershteyn The direct path is not supported on verity files. Attempts to use direct I/O path on such files should fall back to buffered I/O path. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong [djwong: fix braces] Signed-off-by: Darrick J. Wong --- fs/xfs/xfs_file.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c index 67381e728b41..8c26347a0a2f 100644 --- a/fs/xfs/xfs_file.c +++ b/fs/xfs/xfs_file.c @@ -257,7 +257,8 @@ xfs_file_dax_read( struct kiocb *iocb, struct iov_iter *to) { - struct xfs_inode *ip = XFS_I(iocb->ki_filp->f_mapping->host); + struct inode *inode = iocb->ki_filp->f_mapping->host; + struct xfs_inode *ip = XFS_I(inode); ssize_t ret = 0; trace_xfs_file_dax_read(iocb, to); @@ -310,10 +311,18 @@ xfs_file_read_iter( if (IS_DAX(inode)) ret = xfs_file_dax_read(iocb, to); - else if (iocb->ki_flags & IOCB_DIRECT) + else if ((iocb->ki_flags & IOCB_DIRECT) && !fsverity_active(inode)) ret = xfs_file_dio_read(iocb, to); - else + else { + /* + * In case fs-verity is enabled, we also fallback to the + * buffered read from the direct read path. Therefore, + * IOCB_DIRECT is set and need to be cleared (see + * generic_file_read_iter()) + */ + iocb->ki_flags &= ~IOCB_DIRECT; ret = xfs_file_buffered_read(iocb, to); + } if (ret > 0) XFS_STATS_ADD(mp, xs_read_bytes, ret); From patchwork Sun Dec 29 13:39:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13922714 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 979DD157E99 for ; Sun, 29 Dec 2024 13:40:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479615; cv=none; b=GEqzNejNlolQC2+e9kmMgzowuY7tptKd/4p6bmCfOaCLvc/Pw4OwqmYSnCJXv7AmZgy7VWgR7jmJJQg846rl1KfbRVxS51TM5irCSRDqceDl+lOqgAw7PXxzcBYPkTvwQB5JgO/xTQdpE3jvr7/JRy50l+1grR461jt3UpW9U6U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479615; c=relaxed/simple; bh=YeKPhqJM1Nl6IWzbXqu35q0M/POMmMK4E2A57Tgc6g4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=U7FyS82UVuOQeXvS6QGS3w8cGn9d/YuwAOXFpnsyh+Ozs7HW3BmG4nuFfBwssQoqjlMJ571QAW4k+kofnFvjfk7StUBPCaDZRRyLiKGt9hRuW09QPwQmpmvYLLWiYZPZU1616nnV/PjTNR8avHS23wclf20rH+WId/5o2T+1KZQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=dSKaU6qz; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="dSKaU6qz" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1735479611; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Y16F8dn40v9E2WGmSRw8sn/6QguEwQow4jk5Rxdt5/I=; b=dSKaU6qzBWYxatIZ/BXyPuTOoKxeymcPdZZ9D64KwjWJUArSUrZKHwgxxgkteq15Vxl0S0 GPdjfcCHixrPrpGXnlr2JHCKYqmcF3nw9vovyU/6YJUEThz08mxgPrMxZKiG73cW90nu58 pa17ok7YwtJuJYs9IMRhC70MkcR3lJ8= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-452-l9Td--R_MGGoMG6scr3WVw-1; Sun, 29 Dec 2024 08:40:10 -0500 X-MC-Unique: l9Td--R_MGGoMG6scr3WVw-1 X-Mimecast-MFC-AGG-ID: l9Td--R_MGGoMG6scr3WVw Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-aa6869e15ebso131643766b.1 for ; Sun, 29 Dec 2024 05:40:09 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735479608; x=1736084408; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Y16F8dn40v9E2WGmSRw8sn/6QguEwQow4jk5Rxdt5/I=; b=ZF2eMelFpNySH1vC1c/2hAlS0A2MqA3mG7MY/PrW91ij35Qp9GYUy+hXcvm2nZdWyR wCzNT+BW/xBp4NIWDBdEERFB/NlMi0vXTFXbYO3YnYvDb16KJZ6HgYOCU8HgA2rjut6P m9HxCtKQyMbADrAHkDXQITenZWPTzDcop/Yn0DgoCYwOlhY+LHPzHJq9Da8vGkghxNro V6jelv/GEUscL5bkgQZQl1v7j9yplDTbstoVSZgFNTmS6e+j7kCbnqb/driHFuSeQb6H RcZIGbAtAx/+qNVoArnPlyfuw/4HrrJ075gZcrcVTBfIxbYBMWJdCvw7yonNsZjX0Poe ySLA== X-Gm-Message-State: AOJu0YxHSxU/BHAqsohtBaAI0s22nAcvA2EtfGU4sRAwsE9X+VPtRy7C nzdzIPJEA4AgwdrYRBxOcbV8Te1CczfVH10RYgbVL82yVPBW3lHvgWgPlfxcUx6RT6baCnDyxh0 g4I7qKzCeWOoNO3m73iQx1AbIHzCOFoF+/Ri+IGAuGEGcS2cp3GNWCQfBuhIg2PWyLAeD31jvGX L7DHgTp3R3ZyDODX3gL+pvnkLEPvi6bt4j+wNWMozK X-Gm-Gg: ASbGncttvt9y1BCt+PyrHcfkWaxe7FHSbBIEu7iVUNEFdJMH70qKwTCNzV85mrRG0qT nmHWUF9jZcSj9j/f+/Z5YhyVQ9mWVOB1+B6g0x0nLi1mOiRaZkufX/eNlQ825Ht4Zw7qBlTiBHt TEU8u3zVLh/PBrLZsxbLo2R1zpmXON3vfnN73WbSp34lS6Af0EVZzpgEJQZ3SXzf8uFYN/XuxEP ljUJ8KrLtfQAx+mULbWovJ8rUEK9QGLY8/ArdND5tPCioirvdxP1d47DESvIpALNp8Uw/8cL0pq OXjaL9i14vAQz5A= X-Received: by 2002:a17:907:94c7:b0:aa6:42d8:afac with SMTP id a640c23a62f3a-aac08155190mr3794996666b.15.1735479607830; Sun, 29 Dec 2024 05:40:07 -0800 (PST) X-Google-Smtp-Source: AGHT+IEnUp/AgduUyj2iiTh1WYhWz0eaAzZVkRbJKvP6sWQtqS7hjOBg4SE4Mr1SO/7VP2efTZSfFg== X-Received: by 2002:a17:907:94c7:b0:aa6:42d8:afac with SMTP id a640c23a62f3a-aac08155190mr3794991666b.15.1735479607118; Sun, 29 Dec 2024 05:40:07 -0800 (PST) Received: from thinky.redhat.com (ip-217-030-074-039.aim-net.cz. [217.30.74.39]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aac0f070a7bsm1355017766b.201.2024.12.29.05.40.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Dec 2024 05:40:06 -0800 (PST) From: Andrey Albershteyn X-Google-Original-From: Andrey Albershteyn To: linux-xfs@vger.kernel.org Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de, Andrey Albershteyn Subject: [PATCH 17/24] xfs: add fs-verity support Date: Sun, 29 Dec 2024 14:39:20 +0100 Message-ID: <20241229133927.1194609-18-aalbersh@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org> References: <20241229133350.1192387-1-aalbersh@kernel.org> <20241229133927.1194609-1-aalbersh@kernel.org> Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Andrey Albershteyn Add integration with fs-verity. The XFS store fs-verity metadata in the extended file attributes. The metadata consist of verity descriptor and Merkle tree blocks. The descriptor is stored under "vdesc" extended attribute. The Merkle tree blocks are stored under binary indexes which are offsets into the Merkle tree. When fs-verity is enabled on an inode, the XFS_IVERITY_CONSTRUCTION flag is set meaning that the Merkle tree is being build. The initialization ends with storing of verity descriptor and setting inode on-disk flag (XFS_DIFLAG2_VERITY). The verification on read is done in read path of iomap. Merkle tree blocks are indexed by a per-AG rhashtable to reduce the time it takes to load a block from disk in a manner that doesn't bloat struct xfs_inode. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong [djwong: replace caching implementation with an xarray, other cleanups] Signed-off-by: Darrick J. Wong --- fs/xfs/Makefile | 2 + fs/xfs/libxfs/xfs_ag.h | 1 + fs/xfs/libxfs/xfs_attr.c | 4 + fs/xfs/libxfs/xfs_da_format.h | 14 + fs/xfs/libxfs/xfs_ondisk.h | 4 + fs/xfs/libxfs/xfs_verity.c | 58 +++++ fs/xfs/libxfs/xfs_verity.h | 13 + fs/xfs/xfs_aops.c | 56 +++- fs/xfs/xfs_fsops.c | 1 + fs/xfs/xfs_fsverity.c | 471 ++++++++++++++++++++++++++++++++++ fs/xfs/xfs_fsverity.h | 54 ++++ fs/xfs/xfs_inode.h | 2 + fs/xfs/xfs_iomap.h | 2 + fs/xfs/xfs_mount.c | 1 + fs/xfs/xfs_super.c | 9 + fs/xfs/xfs_trace.c | 1 + fs/xfs/xfs_trace.h | 39 +++ 17 files changed, 730 insertions(+), 2 deletions(-) create mode 100644 fs/xfs/libxfs/xfs_verity.c create mode 100644 fs/xfs/libxfs/xfs_verity.h create mode 100644 fs/xfs/xfs_fsverity.c create mode 100644 fs/xfs/xfs_fsverity.h diff --git a/fs/xfs/Makefile b/fs/xfs/Makefile index ed9b0dabc1f1..ebee7b75e5ae 100644 --- a/fs/xfs/Makefile +++ b/fs/xfs/Makefile @@ -57,6 +57,7 @@ xfs-y += $(addprefix libxfs/, \ xfs_trans_resv.o \ xfs_trans_space.o \ xfs_types.o \ + xfs_verity.o \ ) # xfs_rtbitmap is shared with libxfs xfs-$(CONFIG_XFS_RT) += $(addprefix libxfs/, \ @@ -140,6 +141,7 @@ xfs-$(CONFIG_XFS_POSIX_ACL) += xfs_acl.o xfs-$(CONFIG_SYSCTL) += xfs_sysctl.o xfs-$(CONFIG_COMPAT) += xfs_ioctl32.o xfs-$(CONFIG_EXPORTFS_BLOCK_OPS) += xfs_pnfs.o +xfs-$(CONFIG_FS_VERITY) += xfs_fsverity.o # notify failure ifeq ($(CONFIG_MEMORY_FAILURE),y) diff --git a/fs/xfs/libxfs/xfs_ag.h b/fs/xfs/libxfs/xfs_ag.h index 1f24cfa27321..ea30f982771e 100644 --- a/fs/xfs/libxfs/xfs_ag.h +++ b/fs/xfs/libxfs/xfs_ag.h @@ -89,6 +89,7 @@ struct xfs_perag { /* background prealloc block trimming */ struct delayed_work pag_blockgc_work; + #endif /* __KERNEL__ */ }; diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c index 3f3699e9c203..9c416d2506a4 100644 --- a/fs/xfs/libxfs/xfs_attr.c +++ b/fs/xfs/libxfs/xfs_attr.c @@ -28,6 +28,7 @@ #include "xfs_xattr.h" #include "xfs_parent.h" #include "xfs_iomap.h" +#include "xfs_verity.h" struct kmem_cache *xfs_attr_intent_cache; @@ -1766,6 +1767,9 @@ xfs_attr_namecheck( if (!xfs_attr_check_namespace(attr_flags)) return false; + if (attr_flags & XFS_ATTR_VERITY) + return xfs_verity_namecheck(attr_flags, name, length); + /* * MAXNAMELEN includes the trailing null, but (name/length) leave it * out, so use >= for the length check. diff --git a/fs/xfs/libxfs/xfs_da_format.h b/fs/xfs/libxfs/xfs_da_format.h index 060cedb4c12d..cb49e2629bb5 100644 --- a/fs/xfs/libxfs/xfs_da_format.h +++ b/fs/xfs/libxfs/xfs_da_format.h @@ -924,4 +924,18 @@ struct xfs_parent_rec { __be32 p_gen; } __packed; +/* + * fs-verity attribute name format + * + * Merkle tree blocks are stored under extended attributes of the inode. The + * name of the attributes are byte positions into the merkle data. + */ +struct xfs_merkle_key { + __be64 mk_pos; +}; + +/* ondisk xattr name used for the fsverity descriptor */ +#define XFS_VERITY_DESCRIPTOR_NAME "vdesc" +#define XFS_VERITY_DESCRIPTOR_NAME_LEN (sizeof(XFS_VERITY_DESCRIPTOR_NAME) - 1) + #endif /* __XFS_DA_FORMAT_H__ */ diff --git a/fs/xfs/libxfs/xfs_ondisk.h b/fs/xfs/libxfs/xfs_ondisk.h index 2617081bf989..e4ac5a0a01fd 100644 --- a/fs/xfs/libxfs/xfs_ondisk.h +++ b/fs/xfs/libxfs/xfs_ondisk.h @@ -292,6 +292,10 @@ xfs_check_ondisk_structs(void) XFS_CHECK_SB_OFFSET(sb_rgextents, 276); XFS_CHECK_SB_OFFSET(sb_rgblklog, 280); XFS_CHECK_SB_OFFSET(sb_pad, 281); + + /* fs-verity xattrs */ + XFS_CHECK_STRUCT_SIZE(struct xfs_merkle_key, 8); + XFS_CHECK_VALUE(sizeof(XFS_VERITY_DESCRIPTOR_NAME), 6); } #endif /* __XFS_ONDISK_H */ diff --git a/fs/xfs/libxfs/xfs_verity.c b/fs/xfs/libxfs/xfs_verity.c new file mode 100644 index 000000000000..ff02c5c840b5 --- /dev/null +++ b/fs/xfs/libxfs/xfs_verity.c @@ -0,0 +1,58 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright (C) 2023 Red Hat, Inc. + */ +#include "xfs.h" +#include "xfs_shared.h" +#include "xfs_format.h" +#include "xfs_da_format.h" +#include "xfs_da_btree.h" +#include "xfs_trans_resv.h" +#include "xfs_mount.h" +#include "xfs_inode.h" +#include "xfs_log_format.h" +#include "xfs_attr.h" +#include "xfs_verity.h" + +/* Set a merkle tree pos in preparation for setting merkle tree attrs. */ +void +xfs_merkle_key_to_disk( + struct xfs_merkle_key *key, + uint64_t pos) +{ + key->mk_pos = cpu_to_be64(pos); +} + +/* Retrieve the merkle tree pos from the attr data. */ +uint64_t +xfs_merkle_key_from_disk( + const void *attr_name, + int namelen) +{ + const struct xfs_merkle_key *key = attr_name; + + ASSERT(namelen == sizeof(struct xfs_merkle_key)); + + return be64_to_cpu(key->mk_pos); +} + +/* Return true if verity attr name is valid. */ +bool +xfs_verity_namecheck( + unsigned int attr_flags, + const void *name, + int namelen) +{ + if (!(attr_flags & XFS_ATTR_VERITY)) + return false; + + /* + * Merkle tree pages are stored under u64 indexes; verity descriptor + * blocks are held in a named attribute. + */ + if (namelen != sizeof(struct xfs_merkle_key) && + namelen != XFS_VERITY_DESCRIPTOR_NAME_LEN) + return false; + + return true; +} diff --git a/fs/xfs/libxfs/xfs_verity.h b/fs/xfs/libxfs/xfs_verity.h new file mode 100644 index 000000000000..5813665c5a01 --- /dev/null +++ b/fs/xfs/libxfs/xfs_verity.h @@ -0,0 +1,13 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright (C) 2022 Red Hat, Inc. + */ +#ifndef __XFS_VERITY_H__ +#define __XFS_VERITY_H__ + +void xfs_merkle_key_to_disk(struct xfs_merkle_key *key, uint64_t pos); +uint64_t xfs_merkle_key_from_disk(const void *attr_name, int namelen); +bool xfs_verity_namecheck(unsigned int attr_flags, const void *name, + int namelen); + +#endif /* __XFS_VERITY_H__ */ diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c index 559a3a577097..bcc51628dbdd 100644 --- a/fs/xfs/xfs_aops.c +++ b/fs/xfs/xfs_aops.c @@ -19,6 +19,8 @@ #include "xfs_reflink.h" #include "xfs_errortag.h" #include "xfs_error.h" +#include "xfs_fsverity.h" +#include struct xfs_writepage_ctx { struct iomap_writepage_ctx ctx; @@ -132,6 +134,10 @@ xfs_end_ioend( if (!error && xfs_ioend_is_append(ioend)) error = xfs_setfilesize(ip, ioend->io_offset, ioend->io_size); + + /* This IO was to the Merkle tree region */ + if (xfs_fsverity_in_region(ioend->io_offset)) + error = xfs_fsverity_end_ioend(ip, ioend); done: iomap_finish_ioends(ioend, error); memalloc_nofs_restore(nofs_flag); @@ -512,19 +518,65 @@ xfs_vm_bmap( return iomap_bmap(mapping, block, &xfs_read_iomap_ops); } +static void +xfs_read_end_io( + struct bio *bio) +{ + struct iomap_read_ioend *ioend = + container_of(bio, struct iomap_read_ioend, io_bio); + struct xfs_inode *ip = XFS_I(ioend->io_inode); + + WARN_ON_ONCE(!queue_work(ip->i_mount->m_postread_workqueue, + &ioend->io_work)); +} + +static void +xfs_prepare_read_ioend( + struct iomap_read_ioend *ioend) +{ + if (ioend->io_flags & IOMAP_F_BEYOND_EOF) { + INIT_WORK(&ioend->io_work, &xfs_attr_verify_args); + ioend->io_bio.bi_end_io = &xfs_read_end_io; + return; + } + + if (!fsverity_active(ioend->io_inode)) + return; + + INIT_WORK(&ioend->io_work, &iomap_read_fsverity_end_io_work); + ioend->io_bio.bi_end_io = &xfs_read_end_io; +} + +static const struct iomap_readpage_ops xfs_readpage_ops = { + .prepare_ioend = &xfs_prepare_read_ioend, +}; + STATIC int xfs_vm_read_folio( struct file *unused, struct folio *folio) { - return iomap_read_folio(folio, &xfs_read_iomap_ops); + struct iomap_readpage_ops xfs_readpage_ops = { + .prepare_ioend = xfs_prepare_read_ioend + }; + struct iomap_readpage_ctx ctx = { + .cur_folio = folio, + .ops = &xfs_readpage_ops, + }; + + return iomap_read_folio_ctx(&ctx, &xfs_read_iomap_ops); } STATIC void xfs_vm_readahead( struct readahead_control *rac) { - iomap_readahead(rac, &xfs_read_iomap_ops); + struct iomap_readpage_ctx ctx = { + .rac = rac, + .ops = &xfs_readpage_ops, + }; + + iomap_readahead_ctx(&ctx, &xfs_read_iomap_ops); } static int diff --git a/fs/xfs/xfs_fsops.c b/fs/xfs/xfs_fsops.c index 28dde215c899..3962ce5e3023 100644 --- a/fs/xfs/xfs_fsops.c +++ b/fs/xfs/xfs_fsops.c @@ -21,6 +21,7 @@ #include "xfs_ag.h" #include "xfs_ag_resv.h" #include "xfs_trace.h" +#include "xfs_fsverity.h" /* * Write new AG headers to disk. Non-transactional, but need to be diff --git a/fs/xfs/xfs_fsverity.c b/fs/xfs/xfs_fsverity.c new file mode 100644 index 000000000000..0af0f22ff075 --- /dev/null +++ b/fs/xfs/xfs_fsverity.c @@ -0,0 +1,471 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright (C) 2023 Red Hat, Inc. + */ +#include "xfs.h" +#include "xfs_shared.h" +#include "xfs_format.h" +#include "xfs_da_format.h" +#include "xfs_da_btree.h" +#include "xfs_trans_resv.h" +#include "xfs_mount.h" +#include "xfs_inode.h" +#include "xfs_log_format.h" +#include "xfs_attr.h" +#include "xfs_verity.h" +#include "xfs_bmap_util.h" +#include "xfs_log_format.h" +#include "xfs_trans.h" +#include "xfs_attr_leaf.h" +#include "xfs_trace.h" +#include "xfs_quota.h" +#include "xfs_ag.h" +#include "xfs_fsverity.h" +#include "xfs_iomap.h" +#include "xfs_bmap.h" +#include "xfs_format.h" +#include +#include + +/* + * Initialize an args structure to load or store the fsverity descriptor. + * Caller must ensure @args is zeroed except for value and valuelen. + */ +static inline void +xfs_fsverity_init_vdesc_args( + struct xfs_inode *ip, + struct xfs_da_args *args) +{ + args->geo = ip->i_mount->m_attr_geo; + args->whichfork = XFS_ATTR_FORK, + args->attr_filter = XFS_ATTR_VERITY; + args->op_flags = XFS_DA_OP_OKNOENT; + args->dp = ip; + args->owner = ip->i_ino; + args->name = XFS_VERITY_DESCRIPTOR_NAME; + args->namelen = XFS_VERITY_DESCRIPTOR_NAME_LEN; + xfs_attr_sethash(args); +} + +/* + * Initialize an args structure to load or store a merkle tree block. + * Caller must ensure @args is zeroed except for value and valuelen. + */ +inline void +xfs_fsverity_init_merkle_args( + struct xfs_inode *ip, + struct xfs_merkle_key *key, + uint64_t merkleoff, + struct xfs_da_args *args) +{ + xfs_merkle_key_to_disk(key, merkleoff); + args->geo = ip->i_mount->m_attr_geo; + args->whichfork = XFS_ATTR_FORK, + args->attr_filter = XFS_ATTR_VERITY; + args->op_flags = XFS_DA_OP_OKNOENT; + args->dp = ip; + args->owner = ip->i_ino; + args->name = (const uint8_t *)key; + args->namelen = sizeof(struct xfs_merkle_key); + args->region_offset = XFS_FSVERITY_MTREE_OFFSET; + xfs_attr_sethash(args); +} + +/* Delete the verity descriptor. */ +static int +xfs_fsverity_delete_descriptor( + struct xfs_inode *ip) +{ + struct xfs_da_args args = { }; + + xfs_fsverity_init_vdesc_args(ip, &args); + return xfs_attr_set(&args, XFS_ATTRUPDATE_REMOVE, false); +} + +/* Delete a merkle tree block. */ +static int +xfs_fsverity_delete_merkle_block( + struct xfs_inode *ip, + u64 pos) +{ + struct xfs_merkle_key name; + struct xfs_da_args args = { }; + + xfs_fsverity_init_merkle_args(ip, &name, pos, &args); + return xfs_attr_set(&args, XFS_ATTRUPDATE_REMOVE, false); +} + +/* Retrieve the verity descriptor. */ +static int +xfs_fsverity_get_descriptor( + struct inode *inode, + void *buf, + size_t buf_size) +{ + struct xfs_inode *ip = XFS_I(inode); + struct xfs_da_args args = { + .value = buf, + .valuelen = buf_size, + }; + int error = 0; + + /* + * The fact that (returned attribute size) == (provided buf_size) is + * checked by xfs_attr_copy_value() (returns -ERANGE). No descriptor + * is treated as a short read so that common fsverity code will + * complain. + */ + xfs_fsverity_init_vdesc_args(ip, &args); + error = xfs_attr_get(&args); + if (error == -ENOATTR) + return 0; + if (error) + return error; + + return args.valuelen; +} + +/* + * Clear out old fsverity metadata before we start building a new one. This + * could happen if, say, we crashed while building fsverity data. + */ +static int +xfs_fsverity_delete_stale_metadata( + struct xfs_inode *ip, + u64 new_tree_size, + unsigned int tree_blocksize) +{ + u64 pos; + int error = 0; + + /* + * Delete as many merkle tree blocks in increasing blkno order until we + * don't find any more. That ought to be good enough for avoiding + * dead bloat without excessive runtime. + */ + for (pos = new_tree_size; !error; pos += tree_blocksize) { + if (fatal_signal_pending(current)) + return -EINTR; + error = xfs_fsverity_delete_merkle_block(ip, pos); + if (error) + break; + } + + return error != -ENOATTR ? error : 0; +} + +/* Prepare to enable fsverity by clearing old metadata. */ +static int +xfs_fsverity_begin_enable( + struct file *filp, + u64 merkle_tree_size, + unsigned int tree_blocksize) +{ + struct inode *inode = file_inode(filp); + struct xfs_inode *ip = XFS_I(inode); + int error; + + xfs_assert_ilocked(ip, XFS_IOLOCK_EXCL); + + if (IS_DAX(inode)) + return -EINVAL; + + if (xfs_iflags_test_and_set(ip, XFS_VERITY_CONSTRUCTION)) + return -EBUSY; + + error = xfs_qm_dqattach(ip); + if (error) + return error; + + return xfs_fsverity_delete_stale_metadata(ip, merkle_tree_size, + tree_blocksize); +} + +/* Try to remove all the fsverity metadata after a failed enablement. */ +static int +xfs_fsverity_delete_metadata( + struct xfs_inode *ip, + u64 merkle_tree_size, + unsigned int tree_blocksize) +{ + u64 pos; + int error; + + if (!merkle_tree_size) + return 0; + + for (pos = 0; pos < merkle_tree_size; pos += tree_blocksize) { + if (fatal_signal_pending(current)) + return -EINTR; + error = xfs_fsverity_delete_merkle_block(ip, pos); + if (error == -ENOATTR) + error = 0; + if (error) + return error; + } + + error = xfs_fsverity_delete_descriptor(ip); + return error != -ENOATTR ? error : 0; +} + +/* Complete (or fail) the process of enabling fsverity. */ +static int +xfs_fsverity_end_enable( + struct file *filp, + const void *desc, + size_t desc_size, + u64 merkle_tree_size, + unsigned int tree_blocksize) +{ + struct xfs_da_args args = { + .value = (void *)desc, + .valuelen = desc_size, + }; + struct inode *inode = file_inode(filp); + struct xfs_inode *ip = XFS_I(inode); + struct xfs_mount *mp = ip->i_mount; + struct xfs_trans *tp; + int error = 0; + + xfs_assert_ilocked(ip, XFS_IOLOCK_EXCL); + + /* fs-verity failed, just cleanup */ + if (desc == NULL) + goto out; + + xfs_fsverity_init_vdesc_args(ip, &args); + error = xfs_attr_set(&args, XFS_ATTRUPDATE_UPSERT, false); + if (error) + goto out; + + error = filemap_write_and_wait(inode->i_mapping); + if (error) + goto out; + + /* Set fsverity inode flag */ + error = xfs_trans_alloc_inode(ip, &M_RES(mp)->tr_ichange, + 0, 0, false, &tp); + if (error) + goto out; + + /* + * Ensure that we've persisted the verity information before we enable + * it on the inode and tell the caller we have sealed the inode. + */ + ip->i_diflags2 |= XFS_DIFLAG2_VERITY; + + xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); + xfs_trans_set_sync(tp); + + error = xfs_trans_commit(tp); + xfs_iunlock(ip, XFS_ILOCK_EXCL); + + if (!error) + inode->i_flags |= S_VERITY; + +out: + if (error) { + int error2; + + error2 = xfs_fsverity_delete_metadata(ip, + merkle_tree_size, tree_blocksize); + if (error2) + xfs_alert(ip->i_mount, + "ino 0x%llx failed to clean up new fsverity metadata, err %d", + ip->i_ino, error2); + } + + xfs_iflags_clear(ip, XFS_VERITY_CONSTRUCTION); + return error; +} + +static int +xfs_fsverity_read_iomap_begin( + struct inode *inode, + loff_t pos, + loff_t length, + unsigned flags, + struct iomap *iomap, + struct iomap *srcmap) +{ + struct xfs_inode *ip = XFS_I(inode); + struct xfs_merkle_key name; + struct xfs_da_args args = { }; + + pos = pos & XFS_FSVERITY_MTREE_MASK; + xfs_fsverity_init_merkle_args(ip, &name, pos, &args); + + return xfs_attr_read_iomap(&args, iomap); +} + +const struct iomap_ops xfs_fsverity_read_iomap_ops = { + .iomap_begin = xfs_fsverity_read_iomap_begin, +}; + +static int +xfs_fsverity_write_iomap_begin( + struct inode *inode, + loff_t pos, + loff_t length, + unsigned flags, + struct iomap *iomap, + struct iomap *srcmap) +{ + struct xfs_inode *ip = XFS_I(inode); + struct xfs_mount *mp = ip->i_mount; + struct xfs_da_args args; + struct xfs_merkle_key name; + loff_t xattr_name; + unsigned int xattr_size; + int error; + + if (xfs_is_shutdown(mp)) + return -EIO; + + pos = pos & XFS_FSVERITY_MTREE_MASK; + + /* We always allocate one xattr block, as this block will be used by + * iomap. Even for smallest Merkle trees */ + /* TODO this can be optimized to use shortname attributes */ + xattr_size = mp->m_attr_geo->blksize; + xattr_name = pos & ~(xattr_size - 1); + + xfs_fsverity_init_merkle_args(ip, &name, xattr_name, &args); + args.valuelen = xattr_size; + args.region_offset = XFS_FSVERITY_MTREE_OFFSET; + + error = xfs_attr_write_iomap(&args, iomap); + if (error) + return error; + + /* Offset into xattr block. One block can have multiple merkle tree + * blocks */ + iomap->offset += (pos & (xattr_size - 1)); + /* Instead of attribute size (which blksize) use requested + * size */ + iomap->length = length; + + return 0; +} + +int +xfs_fsverity_end_ioend( + struct xfs_inode *ip, + struct iomap_ioend *ioend) +{ + struct xfs_da_args args; + struct xfs_merkle_key name; + loff_t pos; + struct bio bio = ioend->io_bio; + void *addr; + int error; + struct folio *folio = bio_first_folio_all(&bio); + + pos = ioend->io_offset & XFS_FSVERITY_MTREE_MASK; + xfs_fsverity_init_merkle_args(ip, &name, pos, &args); + args.valuelen = ioend->io_size; + addr = kmap_local_folio(folio, 0); + args.value = addr; + error = xfs_attr_write_end_ioend(&args); + kunmap_local(addr); + + return error; +} + +const struct iomap_ops xfs_fsverity_write_iomap_ops = { + .iomap_begin = xfs_fsverity_write_iomap_begin, +}; + +void +xfs_attr_verify_args( + struct work_struct *work) +{ + struct xfs_inode *ip; + void *addr; + struct xfs_merkle_key name; + struct xfs_da_args args; + int error; + struct iomap_read_ioend *ioend = + container_of(work, struct iomap_read_ioend, io_work); + struct bio *bio = &ioend->io_bio; + struct folio *folio = bio_first_folio_all(bio); + + ip = XFS_I(ioend->io_inode); + xfs_fsverity_init_merkle_args(ip, &name, ioend->io_offset, &args); + addr = kmap_local_folio(folio, 0); + args.valuelen = ioend->io_size; + args.value = addr; + error = xfs_attr_read_end_io(&args); + kunmap_local(addr); + if (error) + bio->bi_status = BLK_STS_IOERR; + iomap_read_end_io(bio); +} + +/* Retrieve a merkle tree block. */ +static struct page * +xfs_fsverity_read_merkle( + struct inode *inode, + pgoff_t index, + unsigned long num_ra_pages) +{ + struct folio *folio; + unsigned int block_size; + u64 tree_size; + int error; + u8 log_blocksize; + + error = fsverity_merkle_tree_geometry(inode, &log_blocksize, &block_size, + &tree_size); + if (error) + return ERR_PTR(error); + + struct ioregion region = { + .inode = inode, + .pos = index << log_blocksize, + .length = block_size, + .offset = XFS_FSVERITY_MTREE_OFFSET, + .ops = &xfs_fsverity_read_iomap_ops, + }; + + folio = iomap_read_region(®ion); + if (IS_ERR(folio)) + return ERR_CAST(folio); + + /* Wait for buffered read to finish */ + error = folio_wait_locked_killable(folio); + if (error) + return ERR_PTR(error); + if (IS_ERR(folio) || !folio_test_uptodate(folio)) + return ERR_PTR(-EFSCORRUPTED); + + return folio_file_page(folio, 0); +} + +/* Write a merkle tree block. */ +static int +xfs_fsverity_write_merkle( + struct inode *inode, + const void *buf, + u64 pos, + unsigned int size) +{ + struct ioregion region = { + .inode = inode, + .pos = pos, + .buf = buf, + .length = size, + .offset = XFS_FSVERITY_MTREE_OFFSET, + .ops = &xfs_fsverity_write_iomap_ops, + }; + + return iomap_write_region(®ion); +} + +const struct fsverity_operations xfs_fsverity_ops = { + .begin_enable_verity = xfs_fsverity_begin_enable, + .end_enable_verity = xfs_fsverity_end_enable, + .get_verity_descriptor = xfs_fsverity_get_descriptor, + .read_merkle_tree_page = xfs_fsverity_read_merkle, + .write_merkle_tree_block = xfs_fsverity_write_merkle, +}; diff --git a/fs/xfs/xfs_fsverity.h b/fs/xfs/xfs_fsverity.h new file mode 100644 index 000000000000..c14b01508349 --- /dev/null +++ b/fs/xfs/xfs_fsverity.h @@ -0,0 +1,54 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright (C) 2022 Red Hat, Inc. + */ +#ifndef __XFS_FSVERITY_H__ +#define __XFS_FSVERITY_H__ + +#include "xfs_inode.h" +#include "xfs_da_format.h" +#include "xfs_da_btree.h" +#include + +#ifdef CONFIG_FS_VERITY + +/* Merkle tree location in page cache. We take memory region from the inode's + * address space for Merkle tree. */ +#define XFS_FSVERITY_MTREE_OFFSET (1 << 30) +#define XFS_FSVERITY_MTREE_MASK (XFS_FSVERITY_MTREE_OFFSET - 1) + +inline void +xfs_fsverity_init_merkle_args( + struct xfs_inode *ip, + struct xfs_merkle_key *key, + uint64_t merkleoff, + struct xfs_da_args *args); + +struct xfs_merkle_bkey { + /* inumber of the file */ + xfs_ino_t ino; + + /* the position of the block in the Merkle tree (in bytes) */ + u64 pos; +}; + +int +xfs_fsverity_end_ioend( + struct xfs_inode *ip, + struct iomap_ioend *ioend); + +static inline bool +xfs_fsverity_in_region( + loff_t pos) +{ + return pos >= XFS_FSVERITY_MTREE_OFFSET; +}; +void xfs_attr_verify_args(struct work_struct *work); + +extern const struct fsverity_operations xfs_fsverity_ops; +#else +#define xfs_fsverity_bmbt_irec(ip, key, merkleoff, args) (0) +#define xfs_fsverity_end_ioend(ip, ioend) (0) +#endif /* CONFIG_FS_VERITY */ + +#endif /* __XFS_FSVERITY_H__ */ diff --git a/fs/xfs/xfs_inode.h b/fs/xfs/xfs_inode.h index 1648dc5a8068..e0b2e7acdf74 100644 --- a/fs/xfs/xfs_inode.h +++ b/fs/xfs/xfs_inode.h @@ -404,6 +404,8 @@ xfs_inode_can_atomicwrite( */ #define XFS_IREMAPPING (1U << 15) +#define XFS_VERITY_CONSTRUCTION (1U << 16) /* merkle tree construction */ + /* All inode state flags related to inode reclaim. */ #define XFS_ALL_IRECLAIM_FLAGS (XFS_IRECLAIMABLE | \ XFS_IRECLAIM | \ diff --git a/fs/xfs/xfs_iomap.h b/fs/xfs/xfs_iomap.h index 8347268af727..d6cbd675e96a 100644 --- a/fs/xfs/xfs_iomap.h +++ b/fs/xfs/xfs_iomap.h @@ -53,5 +53,7 @@ extern const struct iomap_ops xfs_read_iomap_ops; extern const struct iomap_ops xfs_seek_iomap_ops; extern const struct iomap_ops xfs_xattr_iomap_ops; extern const struct iomap_ops xfs_dax_write_iomap_ops; +extern const struct iomap_ops xfs_fsverity_read_iomap_ops; +extern const struct iomap_ops xfs_fsverity_write_iomap_ops; #endif /* __XFS_IOMAP_H__*/ diff --git a/fs/xfs/xfs_mount.c b/fs/xfs/xfs_mount.c index 5918f433dba7..0f60eedf3d76 100644 --- a/fs/xfs/xfs_mount.c +++ b/fs/xfs/xfs_mount.c @@ -37,6 +37,7 @@ #include "xfs_rtbitmap.h" #include "xfs_metafile.h" #include "xfs_rtgroup.h" +#include "xfs_fsverity.h" #include "scrub/stats.h" static DEFINE_MUTEX(xfs_uuid_table_mutex); diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c index 3de6717e4fad..88862092f838 100644 --- a/fs/xfs/xfs_super.c +++ b/fs/xfs/xfs_super.c @@ -30,6 +30,7 @@ #include "xfs_filestream.h" #include "xfs_quota.h" #include "xfs_sysfs.h" +#include "xfs_fsverity.h" #include "xfs_ondisk.h" #include "xfs_rmap_item.h" #include "xfs_refcount_item.h" @@ -53,6 +54,7 @@ #include #include #include +#include static const struct super_operations xfs_super_operations; @@ -1555,6 +1557,9 @@ xfs_fs_fill_super( sb->s_quota_types = QTYPE_MASK_USR | QTYPE_MASK_GRP | QTYPE_MASK_PRJ; #endif sb->s_op = &xfs_super_operations; +#ifdef CONFIG_FS_VERITY + sb->s_vop = &xfs_fsverity_ops; +#endif /* * Delay mount work if the debug hook is set. This is debug @@ -1799,6 +1804,10 @@ xfs_fs_fill_super( xfs_set_resuming_quotaon(mp); mp->m_qflags &= ~XFS_QFLAGS_MNTOPTS; + if (xfs_has_verity(mp)) + xfs_warn(mp, + "EXPERIMENTAL fsverity feature in use. Use at your own risk!"); + error = xfs_mountfs(mp); if (error) goto out_filestream_unmount; diff --git a/fs/xfs/xfs_trace.c b/fs/xfs/xfs_trace.c index 8f530e69c18a..6e5a1b17c2f4 100644 --- a/fs/xfs/xfs_trace.c +++ b/fs/xfs/xfs_trace.c @@ -49,6 +49,7 @@ #include "xfs_metafile.h" #include "xfs_metadir.h" #include "xfs_rtgroup.h" +#include "xfs_fsverity.h" /* * We include this last to have the helpers above available for the trace diff --git a/fs/xfs/xfs_trace.h b/fs/xfs/xfs_trace.h index de937b3770d3..0bd6d1e992e2 100644 --- a/fs/xfs/xfs_trace.h +++ b/fs/xfs/xfs_trace.h @@ -98,6 +98,7 @@ struct xfs_rmap_intent; struct xfs_refcount_intent; struct xfs_metadir_update; struct xfs_rtgroup; +struct xfs_merkle_bkey; #define XFS_ATTR_FILTER_FLAGS \ { XFS_ATTR_ROOT, "ROOT" }, \ @@ -5576,6 +5577,44 @@ DEFINE_EVENT(xfs_metadir_class, name, \ TP_ARGS(dp, name, ino)) DEFINE_METADIR_EVENT(xfs_metadir_lookup); +#ifdef CONFIG_FS_VERITY +DECLARE_EVENT_CLASS(xfs_fsverity_cache_class, + TP_PROTO(struct xfs_mount *mp, const struct xfs_merkle_bkey *key, + unsigned long caller_ip), + TP_ARGS(mp, key, caller_ip), + TP_STRUCT__entry( + __field(dev_t, dev) + __field(xfs_ino_t, ino) + __field(u64, pos) + __field(void *, caller_ip) + ), + TP_fast_assign( + __entry->dev = mp->m_super->s_dev; + __entry->ino = key->ino; + __entry->pos = key->pos; + __entry->caller_ip = (void *)caller_ip; + ), + TP_printk("dev %d:%d ino 0x%llx pos 0x%llx caller %pS", + MAJOR(__entry->dev), MINOR(__entry->dev), + __entry->ino, + __entry->pos, + __entry->caller_ip) +) + +#define DEFINE_XFS_FSVERITY_CACHE_EVENT(name) \ +DEFINE_EVENT(xfs_fsverity_cache_class, name, \ + TP_PROTO(struct xfs_mount *mp, const struct xfs_merkle_bkey *key, \ + unsigned long caller_ip), \ + TP_ARGS(mp, key, caller_ip)) +DEFINE_XFS_FSVERITY_CACHE_EVENT(xfs_fsverity_cache_miss); +DEFINE_XFS_FSVERITY_CACHE_EVENT(xfs_fsverity_cache_hit); +DEFINE_XFS_FSVERITY_CACHE_EVENT(xfs_fsverity_cache_reuse); +DEFINE_XFS_FSVERITY_CACHE_EVENT(xfs_fsverity_cache_store); +DEFINE_XFS_FSVERITY_CACHE_EVENT(xfs_fsverity_cache_drop); +DEFINE_XFS_FSVERITY_CACHE_EVENT(xfs_fsverity_cache_unmount); +DEFINE_XFS_FSVERITY_CACHE_EVENT(xfs_fsverity_cache_reclaim); +#endif /* CONFIG_XFS_VERITY */ + #endif /* _TRACE_XFS_H */ #undef TRACE_INCLUDE_PATH From patchwork Sun Dec 29 13:39:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13922713 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 18DB81802DD for ; Sun, 29 Dec 2024 13:40:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479613; cv=none; b=LnINNOqq9esgCUFu2WJLW+MYnyFGumn2Vv+T+vflLEE5eit8336BHe5mdniLS3cgIUEpMUt17ifUQG72/ME35i5JCrwvpP7xwm3Wi5qH/hXc+5GXCz0REwVTQF3+bAcmrH3TbGImG07Tx3pi78HQqclc7l1SfG9kqXbJVZXR0iY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479613; c=relaxed/simple; bh=N8RVdmpPnZBuMa5Pfn5hVuX/MEjByoo7Thk+QXfgBF4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ssqpOUZQCQf5afslCW/GOlLpahBXUZ0pKUVgwXXkBKYJo/WMPOBOzALcZFff3Clo8uldYAI+GG7gkNd9pEDWutiiMYB4kQu06n8TmccYqxxNK+MW5u7vG2ASANgmke8ImwyaJNOjF8MWi0q0rlmUor0ks//47zeIgTH6hIQH4Bo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=ej7MYXg3; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="ej7MYXg3" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1735479611; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=SKqvGMHV0G2e1Wn/lNtT2JOVfUfOsFAA3Jr+OPEhvqI=; b=ej7MYXg3IKBh9TbEmbRHHqGJwpNlAtsuzwjfbScu1eGI6KeN6ggXA/RaqssSJH0U6QavaI CqiZwc+n54AUsAZc0wY6u170JSXL35exhY+di4H6i3p2de9qLHqtYZ3+e5Z0+WTqfF9JI4 r3RLlQbsXLR+7GtNl5th3isbv6ojvw8= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-132-Impo84X2PQK8MOP5Egz__Q-1; Sun, 29 Dec 2024 08:40:09 -0500 X-MC-Unique: Impo84X2PQK8MOP5Egz__Q-1 X-Mimecast-MFC-AGG-ID: Impo84X2PQK8MOP5Egz__Q Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-aa689b88293so168772566b.3 for ; Sun, 29 Dec 2024 05:40:09 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735479608; x=1736084408; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=SKqvGMHV0G2e1Wn/lNtT2JOVfUfOsFAA3Jr+OPEhvqI=; b=pPm8v8eBBGhoEWQS0mvit4n7qoNm5h2lmlgQqQl9FYT3mWSQenepWWDKvi8ac/NmUD HGAL3xmPqWJsYK1Rn0P338SpfVNb3M7b4ROUd6dci5VPTNHQ2csGkrpnPAZM8RuLwbdq 69szMnHtJIsVdHaiR7fKuPSMJSQ98TXA0lxXQt4KZI9BDfO2sOiN/0u6ue6vDXtpb1CG Mfq2AsdSgfYF0mPFa5AnAneIjJmVYQig1DIdMfRAEUO1owem/T07k7UPtIFtTaCl0RaY cgcctqwbVljxWAbCJSWFzwfJvF89scfbJjMnX+qkrSaA0ExPRjAhRUWQZrb+NrL7ydBR NeSg== X-Gm-Message-State: AOJu0YyyWS61Mc81Y7F/qyFlYDd5VutjRo973cQ4Iyyhaye8gZyQ1J3q RbS4OG7I50Wl5VfqCoTDAPVnpF8GIhWm836oyKvlMWeZW0lJvjlmn6OgksGLZv1tF9wv9l4DuVT uc0jO80BZA1NY5RFmCZoKPyuX4jrabCdp2ZiIKia0jijzreuTq+OfkvLNecQLuLaCP6uaFAw+xy V95YRXKBiLEDxN4A/8OoOlfSrngTub+UaHf55WiBjT X-Gm-Gg: ASbGncs89y0cU00XSv/U0WI+0noxENnjTEvKQa84ebiGoncwYHFisKbyZRF7+F7lfAN RgXNbqYZxEfJ9QMhtaiCKJ8Dfwp+D0pEaLdcB4oAAmlT7nZ8Ob06gv545gNYE0kKEjpno7Pslkc iovKOTDviadygghVJFgZsppZaI+ZhQtoLPMpUoMnTmORGOt2HUZUP3WQ9kYyG8v/Mb0LJuvPvv7 pnP/tY9RO7ets0TD4sKiqBR8O4tm8h3YWv24JsWjrPn4Cp3x7vNGqwlNdbmN9Ur0oZNCUA+/oOj lAHsTP7T2FUHyDM= X-Received: by 2002:a17:907:3d86:b0:aa6:8e72:e50b with SMTP id a640c23a62f3a-aac3366a0c0mr3359335766b.56.1735479608294; Sun, 29 Dec 2024 05:40:08 -0800 (PST) X-Google-Smtp-Source: AGHT+IHTJbzfsEvk0lee+SMjszHI1ukq8N6+6R9Qot4wYaWPbb9EauV1k02a6dWvvKDNoBozLjaLJQ== X-Received: by 2002:a17:907:3d86:b0:aa6:8e72:e50b with SMTP id a640c23a62f3a-aac3366a0c0mr3359333566b.56.1735479607915; Sun, 29 Dec 2024 05:40:07 -0800 (PST) Received: from thinky.redhat.com (ip-217-030-074-039.aim-net.cz. [217.30.74.39]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aac0f070a7bsm1355017766b.201.2024.12.29.05.40.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Dec 2024 05:40:07 -0800 (PST) From: Andrey Albershteyn X-Google-Original-From: Andrey Albershteyn To: linux-xfs@vger.kernel.org Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de, Andrey Albershteyn Subject: [PATCH 18/24] xfs: add writeback page mapping for fs-verity Date: Sun, 29 Dec 2024 14:39:21 +0100 Message-ID: <20241229133927.1194609-19-aalbersh@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org> References: <20241229133350.1192387-1-aalbersh@kernel.org> <20241229133927.1194609-1-aalbersh@kernel.org> Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Data from severity region is not mapped as file data but as a set of extended attributes. Add mapping function which removes region offset and map n-th page to attribute with name n. Signed-off-by: Andrey Albershteyn --- fs/xfs/xfs_aops.c | 85 ++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 80 insertions(+), 5 deletions(-) diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c index bcc51628dbdd..976d77277e95 100644 --- a/fs/xfs/xfs_aops.c +++ b/fs/xfs/xfs_aops.c @@ -20,6 +20,7 @@ #include "xfs_errortag.h" #include "xfs_error.h" #include "xfs_fsverity.h" +#include "xfs_attr.h" #include struct xfs_writepage_ctx { @@ -132,7 +133,8 @@ xfs_end_ioend( else if (ioend->io_type == IOMAP_UNWRITTEN) error = xfs_iomap_write_unwritten(ip, offset, size, false); - if (!error && xfs_ioend_is_append(ioend)) + if (!error && !xfs_fsverity_in_region(ioend->io_offset) && + xfs_ioend_is_append(ioend)) error = xfs_setfilesize(ip, ioend->io_offset, ioend->io_size); /* This IO was to the Merkle tree region */ @@ -472,14 +474,87 @@ static const struct iomap_writeback_ops xfs_writeback_ops = { .discard_folio = xfs_discard_folio, }; +static int +xfs_fsverity_map_blocks( + struct iomap_writepage_ctx *wpc, + struct inode *inode, + loff_t offset, + unsigned int len) +{ + struct xfs_inode *ip = XFS_I(inode); + struct xfs_mount *mp = ip->i_mount; + int error = 0; + int nmap = 1; + loff_t pos; + int seq; + struct xfs_bmbt_irec imap; + struct xfs_da_args args; + struct xfs_merkle_key name; + loff_t xattr_name; + + if (xfs_is_shutdown(mp)) + return -EIO; + + pos = (offset & XFS_FSVERITY_MTREE_MASK); + /* We always write one attribute block, but each block can have multiple + * Merkle tree blocks */ + ASSERT(!is_power_of_2(len)); + xattr_name = pos & ~(len - 1); + + xfs_fsverity_init_merkle_args(ip, &name, xattr_name, &args); + + error = xfs_attr_get(&args); + if (error) + return error; + + ASSERT(args->dp->i_af.if_format != XFS_DINODE_FMT_LOCAL); + xfs_ilock(ip, XFS_ILOCK_SHARED); + error = xfs_bmapi_read(ip, (xfs_fileoff_t)args.rmtblkno, + args.rmtblkcnt, &imap, &nmap, + XFS_BMAPI_ATTRFORK); + xfs_iunlock(ip, XFS_ILOCK_SHARED); + if (error) + return error; + + /* Instead of xattr extent offset, which will be over data, we need + * merkle tree offset in page cache */ + imap.br_startoff = + XFS_B_TO_FSBT(mp, xattr_name | XFS_FSVERITY_MTREE_OFFSET); + + seq = xfs_iomap_inode_sequence(ip, IOMAP_F_XATTR); + xfs_bmbt_to_iomap(ip, &wpc->iomap, &imap, 0, IOMAP_F_XATTR, seq); + + trace_xfs_map_blocks_found(ip, offset, len, XFS_ATTR_FORK, &imap); + + /* We want this to be separate from other IO as we will do + * CRC update on IO completion */ + wpc->iomap.flags |= IOMAP_F_NO_MERGE; + + return 0; +} + +static const struct iomap_writeback_ops xfs_writeback_verity_ops = { + .map_blocks = xfs_fsverity_map_blocks, + .prepare_ioend = xfs_prepare_ioend, + .discard_folio = xfs_discard_folio, +}; + STATIC int xfs_vm_writepages( - struct address_space *mapping, - struct writeback_control *wbc) + struct address_space *mapping, + struct writeback_control *wbc) { - struct xfs_writepage_ctx wpc = { }; + struct xfs_writepage_ctx wpc = { }; + struct xfs_inode *ip = XFS_I(mapping->host); - xfs_iflags_clear(XFS_I(mapping->host), XFS_ITRUNCATED); + xfs_iflags_clear(ip, XFS_ITRUNCATED); + + if (xfs_iflags_test(ip, XFS_VERITY_CONSTRUCTION)) { + wbc->range_start = XFS_FSVERITY_MTREE_OFFSET; + wbc->range_end = LLONG_MAX; + return iomap_writepages_unbound(mapping, wbc, &wpc.ctx, + &xfs_writeback_verity_ops); + } return iomap_writepages(mapping, wbc, &wpc.ctx, &xfs_writeback_ops); } From patchwork Sun Dec 29 13:39:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13922715 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 96AFD172767 for ; Sun, 29 Dec 2024 13:40:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479615; cv=none; b=cd8is87T8rWBSuBzOcDwCajhB6QOVAC8cSBswfdTf3IzJJuZmVtiQHmWLWG+ZfkzhP6hZl+FQ66U32jHne+guKExGr17mZm4JEq2ZNxAnfyAjLQ90lNd/8/Yp4Bu3jj961JQnmB2cKT5m+1LRqbHbKeJzgK9UH1bCyW2P/JLNtM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479615; c=relaxed/simple; bh=UOO5WIkoVcMwr9Osx1Ts3c6uyPlk/bHm2gr6jDN+9M4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=QnaBZ4csahWZm3m5tBIWrJI70hZz5hld1iD8kk1PN0KRMBNDLqXJWdmtylLC9P2xO2GcLEoTtps+YBRIEzDiqGC7GFpsZ6m4UETBxZHYZAonBzsBp9jzWBmFlAriOBceLF2zki3y7JlXq19ckL0m65wqEunbat9e5v76wKjDX+E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=GFAOOEyI; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="GFAOOEyI" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1735479612; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9VBDYY8YsqmepvnZrhH2SrGNKASbUKPW898jWxTGVMo=; b=GFAOOEyIZSCcOatCUOit9td3R2CS+4MQlaQJKCCUaIL9enaVq+mTbJeiMf0jU84VRxQzyU LL01vlfG2ShUY+IQdedAFGcb9On9/z6z7TZ9LZ6y2vxxmixkT8IZEJp/r+abevGsTFTUa2 1oW549ILaQSljjPRJJU7dgdDL8yGTxM= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-186-VQx614OhPe-vp61MK1cOxw-1; Sun, 29 Dec 2024 08:40:11 -0500 X-MC-Unique: VQx614OhPe-vp61MK1cOxw-1 X-Mimecast-MFC-AGG-ID: VQx614OhPe-vp61MK1cOxw Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-aa67f18cb95so155439666b.1 for ; Sun, 29 Dec 2024 05:40:11 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735479610; x=1736084410; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9VBDYY8YsqmepvnZrhH2SrGNKASbUKPW898jWxTGVMo=; b=o3eusl5+ECu61J9H/3jwBFwdh4M0RKth+yb6Szf3j6g+P37VrJ/CBPcEMkQR1wCbwY RnpNSmR9hEpFfruh+owavLQdzmlxeFPDlkpTahYy2TbAf3JavGqUEZBIfulmBIKiNBr0 EQEzqvbIQkK+cKC/SmNlDcL0V+s6YsZkANj4K3Ml7uTTpD7BEYNqYh3jLIWDH5FRNTak +Sw/gmX+qiSQHoOOnb+6eVgHy1tY1SOeg+YoNdpsvvFoAuOuFiVehmdwRK8OOSc+5KFx 7ior5ULo261/C0kEdgg92lhq+33N3n6aSuRTovLTHdteGONZMuakydxLZdXBPwKoCifl 6t9Q== X-Gm-Message-State: AOJu0YyrP0011Dn6Qsxvtj5wWzpYO6fBmvAMxlRoSX1pwP+3b9PTPxA7 3UuChrN7n3eCMb9ohff6evzYDdpixhbRUH/1Uf9CwpY3kJ+iz18aQ7FKC+pHD/ced/0ptag3OLJ jTTNHdBm81uhIDv/Pg6+VZF3vILyR/BN0Jsipc4hpKiQBg0kZyc/77iCntN9ZJavUcUduoeXz5v tDG2bm5hTO1AmIaB29c25HFhxXgmSZOJSGV0Dj1Fa2 X-Gm-Gg: ASbGncv+7wj1XyEfSfX1t09CD8VMfsjmwOdevgRsstPc3Vf5VJySGXBYsQ3TKhUNmNg n2N4EsXeUnfQ/lW0CrDWv3srrrq3PYDRl5KDRghrrkXJ8znwHF9xvl2ZKDw0O44jT8Wx9TrB++/ nJpIGMTk/0f3N+3FdUZAvX6+A/DcLXf2B31p9KlJpW2kUC/X4OrggUkKcTzwFzGsOpHFXHTi67y ztyr9Z0zP/iRhXsSA/PHmxTCTyhiUWosClL3FG2Kuep4bgAdC+j5f5dJ0KD0yWMjZ0GHLM66hV1 on8aFmnJ/Zq1g0o= X-Received: by 2002:a17:907:9715:b0:aa6:8ce6:1928 with SMTP id a640c23a62f3a-aac334f7a7amr3166807666b.48.1735479610021; Sun, 29 Dec 2024 05:40:10 -0800 (PST) X-Google-Smtp-Source: AGHT+IFCtwjBAkE2JQ2dVcwGNLsmstRAGCwUsWbTAIPGg8XHjMlSGeXl8YRQTHrAwL5nNHYMVYRkMQ== X-Received: by 2002:a17:907:9715:b0:aa6:8ce6:1928 with SMTP id a640c23a62f3a-aac334f7a7amr3166805066b.48.1735479609554; Sun, 29 Dec 2024 05:40:09 -0800 (PST) Received: from thinky.redhat.com (ip-217-030-074-039.aim-net.cz. [217.30.74.39]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aac0f070a7bsm1355017766b.201.2024.12.29.05.40.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Dec 2024 05:40:08 -0800 (PST) From: Andrey Albershteyn X-Google-Original-From: Andrey Albershteyn To: linux-xfs@vger.kernel.org Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de, Andrey Albershteyn Subject: [PATCH 19/24] xfs: use merkle tree offset as attr hash Date: Sun, 29 Dec 2024 14:39:22 +0100 Message-ID: <20241229133927.1194609-20-aalbersh@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org> References: <20241229133350.1192387-1-aalbersh@kernel.org> <20241229133927.1194609-1-aalbersh@kernel.org> Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: "Darrick J. Wong" I was exploring the fsverity metadata with xfs_db after creating a 220MB verity file, and I noticed the following in the debugger output: entries[0-75] = [hashval,nameidx,incomplete,root,secure,local,parent,verity] 0:[0,4076,0,0,0,0,0,1] 1:[0,1472,0,0,0,1,0,1] 2:[0x800,4056,0,0,0,0,0,1] 3:[0x800,4036,0,0,0,0,0,1] ... 72:[0x12000,2716,0,0,0,0,0,1] 73:[0x12000,2696,0,0,0,0,0,1] 74:[0x12800,2676,0,0,0,0,0,1] 75:[0x12800,2656,0,0,0,0,0,1] ... nvlist[0].merkle_off = 0x18000 nvlist[1].merkle_off = 0 nvlist[2].merkle_off = 0x19000 nvlist[3].merkle_off = 0x1000 ... nvlist[71].merkle_off = 0x5b000 nvlist[72].merkle_off = 0x44000 nvlist[73].merkle_off = 0x5c000 nvlist[74].merkle_off = 0x45000 nvlist[75].merkle_off = 0x5d000 Within just this attr leaf block, there are 76 attr entries, but only 38 distinct hash values. There are 415 merkle tree blocks for this file, but we already have hash collisions. This isn't good performance from the standard da hash function because we're mostly shifting and rolling zeroes around. However, we don't even have to do that much work -- the merkle tree block keys are themslves u64 values. Truncate that value to 32 bits (the size of xfs_dahash_t) and use that for the hash. We won't have any collisions between merkle tree blocks until that tree grows to 2^32nd blocks. On a 4k block filesystem, we won't hit that unless the file contains more than 2^49 bytes, assuming sha256. As a side effect, the keys for merkle tree blocks get written out in roughly sequential order, though I didn't observe any change in performance. Signed-off-by: Darrick J. Wong Reviewed-by: Andrey Albershteyn --- fs/xfs/libxfs/xfs_attr.c | 2 ++ fs/xfs/libxfs/xfs_da_format.h | 6 ++++++ fs/xfs/libxfs/xfs_verity.c | 16 ++++++++++++++++ fs/xfs/libxfs/xfs_verity.h | 1 + 4 files changed, 25 insertions(+) diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c index 9c416d2506a4..05021456578b 100644 --- a/fs/xfs/libxfs/xfs_attr.c +++ b/fs/xfs/libxfs/xfs_attr.c @@ -612,6 +612,8 @@ xfs_attr_hashval( if (attr_flags & XFS_ATTR_PARENT) return xfs_parent_hashattr(mp, name, namelen, value, valuelen); + if (attr_flags & XFS_ATTR_VERITY) + return xfs_verity_hashname(name, namelen); return xfs_attr_hashname(name, namelen); } diff --git a/fs/xfs/libxfs/xfs_da_format.h b/fs/xfs/libxfs/xfs_da_format.h index cb49e2629bb5..99ca5594ad02 100644 --- a/fs/xfs/libxfs/xfs_da_format.h +++ b/fs/xfs/libxfs/xfs_da_format.h @@ -938,4 +938,10 @@ struct xfs_merkle_key { #define XFS_VERITY_DESCRIPTOR_NAME "vdesc" #define XFS_VERITY_DESCRIPTOR_NAME_LEN (sizeof(XFS_VERITY_DESCRIPTOR_NAME) - 1) +/* + * Merkle tree blocks cannot be smaller than 1k in size, so the hash function + * can right-shift the merkle offset by this amount without losing anything. + */ +#define XFS_VERITY_HASH_SHIFT (10) + #endif /* __XFS_DA_FORMAT_H__ */ diff --git a/fs/xfs/libxfs/xfs_verity.c b/fs/xfs/libxfs/xfs_verity.c index ff02c5c840b5..8c470014b915 100644 --- a/fs/xfs/libxfs/xfs_verity.c +++ b/fs/xfs/libxfs/xfs_verity.c @@ -56,3 +56,19 @@ xfs_verity_namecheck( return true; } + +/* + * Compute name hash for a verity attribute. For merkle tree blocks, we want + * to use the merkle tree block offset as the hash value to avoid collisions + * between blocks unless the merkle tree becomes larger than 2^32 blocks. + */ +xfs_dahash_t +xfs_verity_hashname( + const uint8_t *name, + unsigned int namelen) +{ + if (namelen != sizeof(struct xfs_merkle_key)) + return xfs_attr_hashname(name, namelen); + + return xfs_merkle_key_from_disk(name, namelen) >> XFS_VERITY_HASH_SHIFT; +} diff --git a/fs/xfs/libxfs/xfs_verity.h b/fs/xfs/libxfs/xfs_verity.h index 5813665c5a01..3d7485c511d5 100644 --- a/fs/xfs/libxfs/xfs_verity.h +++ b/fs/xfs/libxfs/xfs_verity.h @@ -9,5 +9,6 @@ void xfs_merkle_key_to_disk(struct xfs_merkle_key *key, uint64_t pos); uint64_t xfs_merkle_key_from_disk(const void *attr_name, int namelen); bool xfs_verity_namecheck(unsigned int attr_flags, const void *name, int namelen); +xfs_dahash_t xfs_verity_hashname(const uint8_t *name, unsigned int namelen); #endif /* __XFS_VERITY_H__ */ From patchwork Sun Dec 29 13:39:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13922716 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5F3661802DD for ; Sun, 29 Dec 2024 13:40:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479615; cv=none; b=RGKQ14usZhnlNuizEfhdSMHmfuSkxqBfoaP2q6cYh72Cs48Jtkx7lKoI6Jo6lE84a0DE0S7BI1v0do5hc+KxMDNNON2Dy73eCnUqap7LSw+4UI+3rUBHyCulcBn5Sd1jRd4zdHgOi3R2eYMVsVwDoHOv6EMEtFbyaFQsJtpKlvE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479615; c=relaxed/simple; bh=k0IYQJKTdGPCEUVgwekBfv9miGMMNGcBQ3ZUmc2oHnw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=oaB84HNkLpdN/r+oHiSrIDfwTbF4gIOnUEULZGA+aPAfNKWVDVycA6XyR36CGOkTxpZCYtoJCi2N0RyqyZ636V2wYSZp0ESpaHRIIXPHVlZTf6ey/I/jtsQ7yXaxDOKFCmb6Iu+JKnQCY3RPFdNTS5LE7ayBKm2aPGkvVijdNcM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=MOIS3q/q; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="MOIS3q/q" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1735479613; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IXYZ9D7xkG1mJFs0k/2a3I9IVQy9Tfy5TMzEFr6Qfm4=; b=MOIS3q/qgSd4Y8E24SCogMqS+dtH0qoVSuV6cOZWiAW/MBPsdhUKmwS5KLKRZb85qbHEC1 CIGawvfTlfchSGUA9D6Rvjfq0bdzRY2whbI9mw6qFN+IzH5Qka4gBAyKo15MVtGVrrk51s FgNIPiQu1HBqBqXSX/YFEz676bp520o= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-249-hHY_Zy7fMdiuXr5PpzgB7g-1; Sun, 29 Dec 2024 08:40:12 -0500 X-MC-Unique: hHY_Zy7fMdiuXr5PpzgB7g-1 X-Mimecast-MFC-AGG-ID: hHY_Zy7fMdiuXr5PpzgB7g Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-aa6a7bea04cso243785566b.3 for ; Sun, 29 Dec 2024 05:40:11 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735479610; x=1736084410; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IXYZ9D7xkG1mJFs0k/2a3I9IVQy9Tfy5TMzEFr6Qfm4=; b=b7G4bmxuSgNosU54uFujCa5C0VyYqxrRR5hwTYUZJzXbRcT9iJYT1wUQpPLONfzNys YXs+PYjXV5ZRg0wC7y0rRfPvKMwo48796hjJRG9GlVpaxlSVSnKsLgpRkcRi9dbdMVB7 fbxS8fb1hNeEAUT8JqgZy0khVULZfJ069ygRMZrOvDMfB7GcbgPprXSNFxpo901jr/y+ MhFBJCV5UidrKSqCeEIQAeIi+ANY2v+JxWUs25zWYXaDtrChQ/DIsS2Q9IlWYyEyG354 Bnq362GlZEO5OsAFjiZA8JBIEYa21UlDLjSxleVHSszBI5vaIhrBh/24PIjjNUCrLy3e 3QkA== X-Gm-Message-State: AOJu0Yz+m9j33wX3TrHyfDDg/4EalWBgyo+gqRhBHf3qiPxoijsY+rtF sybW+WQ8Spx8/tVTBl8NsxoncTYjWa3vxBD9AxcZVqQksO7wPyu+KSHz3/z2BUL17Z1I9AEpXYW 7gUQOnazjY7AZZ0X2ndP5zTel19Zc2QRitGwLuyO0pnL7ulebIqvRLFNJes7FJCACli0VK4yhOY E3PQ5eGDkDDJ0iP820AtyOBquLBxKMqijvY/dn5Fm3 X-Gm-Gg: ASbGncuiCFZ83bMz4tsWwXF037pKduoo3PwuV0FWVcHGZFYTvOp3j9sPkN92tUjXzlX kl/ddpclv5eCM1Os4x4RWXvpIZwcKi/fOM9K6DsdTUJbsLpAFbxmvNh9jKcvLitpjFrbln0z3N1 HwwaFioFSCmaFFK3OgsefjnpNR2+sqidxLbKTk3WIH1OI/mNaCtLaV2ywo19tyYoSmlVmS/c5pt orZSSquy7Xh2Gs4Sdf4c7HzieM9YZj1SaZiioeXfsfyVT5rSlR5ORZ9irhugmf/1Xse9vmHvdJl mmPTwqiqEZx41NA= X-Received: by 2002:a17:907:9812:b0:aa6:738c:2ddc with SMTP id a640c23a62f3a-aac2d4472bamr3192135166b.4.1735479610574; Sun, 29 Dec 2024 05:40:10 -0800 (PST) X-Google-Smtp-Source: AGHT+IEeHX+ULyROg8ApWhEsAdG9LyJnC36OcQG57fxX/wMBQREBoHdtFiMAG+zklVDsz3G1zEylqw== X-Received: by 2002:a17:907:9812:b0:aa6:738c:2ddc with SMTP id a640c23a62f3a-aac2d4472bamr3192132766b.4.1735479610185; Sun, 29 Dec 2024 05:40:10 -0800 (PST) Received: from thinky.redhat.com (ip-217-030-074-039.aim-net.cz. [217.30.74.39]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aac0f070a7bsm1355017766b.201.2024.12.29.05.40.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Dec 2024 05:40:09 -0800 (PST) From: Andrey Albershteyn X-Google-Original-From: Andrey Albershteyn To: linux-xfs@vger.kernel.org Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de, Andrey Albershteyn Subject: [PATCH 20/24] xfs: add fs-verity ioctls Date: Sun, 29 Dec 2024 14:39:23 +0100 Message-ID: <20241229133927.1194609-21-aalbersh@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org> References: <20241229133350.1192387-1-aalbersh@kernel.org> <20241229133927.1194609-1-aalbersh@kernel.org> Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Andrey Albershteyn Add fs-verity ioctls to enable, dump metadata (descriptor and Merkle tree pages) and obtain file's digest. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong [djwong: remove unnecessary casting] Signed-off-by: Darrick J. Wong --- fs/xfs/xfs_ioctl.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c index 0789c18aaa18..e62260a77b75 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c @@ -44,6 +44,7 @@ #include #include +#include /* Return 0 on success or positive error */ int @@ -1410,6 +1411,21 @@ xfs_file_ioctl( case XFS_IOC_COMMIT_RANGE: return xfs_ioc_commit_range(filp, arg); + case FS_IOC_ENABLE_VERITY: + if (!xfs_has_verity(mp)) + return -EOPNOTSUPP; + return fsverity_ioctl_enable(filp, arg); + + case FS_IOC_MEASURE_VERITY: + if (!xfs_has_verity(mp)) + return -EOPNOTSUPP; + return fsverity_ioctl_measure(filp, arg); + + case FS_IOC_READ_VERITY_METADATA: + if (!xfs_has_verity(mp)) + return -EOPNOTSUPP; + return fsverity_ioctl_read_metadata(filp, arg); + default: return -ENOTTY; } From patchwork Sun Dec 29 13:39:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13922718 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BF607157E99 for ; Sun, 29 Dec 2024 13:40:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479618; cv=none; b=ALMTK2cxqPOk+u2h8XeTk7p+NpafiimKO7JRucZkmRpbSrR/9yC1Tcj4MMT5JWRbK1aDhOfk+65SfPkyhQblp2AmpD+2McaBCRiKR49zLHu/+twQvBqVVDq/hCmFq8La1p2xnszvx+GQvce1nw9zulavxoAfkw0S6WLLwkkAFP8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479618; c=relaxed/simple; bh=JTZQIiMQfpYsMOHaD2DGukmLLnfy3FjBxR12tCIVKII=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=kUBgQGpbo+jB4f+qF0oYZea6ogTmwOA56EnjlOFmJqvBwA2S6FukvUXJzv9jRl/b0qXLFAo2q35ObJk/RlddKhfZaOnYqFGXyUN1aTVeC/oHaqz7u3MuWq2ylu1OI9W904P5jX3foFy0PxBFg4SZkSjC8kfFm1JaK/3XX/FQl0c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=K0Pq393S; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="K0Pq393S" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1735479614; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xcUJ7JOultRHJq27A+Cdj/bYFCb0r9yIRc71c1wyytY=; b=K0Pq393SBIsS9UmM0FPoZFws8XGUrUGEcqcw4+4hk42wmQh+ETUA6jjnqxEtvPa2mkX13T 4p7harujf0J+I3/1IFFnZErwqlfVysB7hBvctxDGroxlNRHtUoWgrnKABe8vN7zKUfpkR3 PRV55PgQmvbC3cDMvLRgnK0j/XXfU2c= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-397-moZWfMfdNHaP_XIfUdDJnw-1; Sun, 29 Dec 2024 08:40:13 -0500 X-MC-Unique: moZWfMfdNHaP_XIfUdDJnw-1 X-Mimecast-MFC-AGG-ID: moZWfMfdNHaP_XIfUdDJnw Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-aab9f30ac00so682895566b.3 for ; Sun, 29 Dec 2024 05:40:13 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735479612; x=1736084412; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xcUJ7JOultRHJq27A+Cdj/bYFCb0r9yIRc71c1wyytY=; b=VYpAWP98cVhdG4D4o+Pc5XM9vjSJFzH45xaHnnR+pXlGV3H+vyYIaeDPKnIYik0apK fnZXIacNjBdx2cTCYjeNlsn4udMuAVAhhh2QhZdFXjXWXHpagrS/S0xIU0/T2jSIX0zv QYRpz/plCtzP8H3uWb5hHBR05ziRAhbPuqsTtDJg9dZlgWL3piamuzUBtqtoWthfFvLQ cQtPyrB1K8usYEj8D7pcEbwNqpOVfL9baRwLW2PZtWsvIErSZdW8XSkDNNpetHdAcYeQ 4rABq0FLsJYVjtF8d97EBU8hxj7Bc4P5A7Zu883Dbz7wC/Tvw+QJRBxNKxriVzCVU2xW qUGQ== X-Gm-Message-State: AOJu0YxAwQuw8QAmC2dW/7XKtLbBatczLzVZ2FQYq7uBbvKyTHV4EW1L syA02zl7HfAtT3WrhfCx4ojIi8CKAA8FlV803etKjuaRAfEliHY6fb8Ukim5TAEyJ50NpNIwcLp xn/mos7VDPl29OGFinpHl0YyrJ9PCRhHqkfcVnDmYlvuobYqc+CVFS/snlBXw+iBnTmt5JoKLbS AEyROIVb1y4fs7etcsIKAK2Kef1c5betU/TiZj2z73 X-Gm-Gg: ASbGncv/sPVS7ld9UT6Mz3Jl7c0AYyMr5z4jQZVNPWoXqc64C740dq5331B/SQ1ABf3 EtAgDS0Tm7Ry4ucPwLaDc0fuSsNtHVLkGp0KRE0HWzgjQRmuZQE8IcdUNnQEJpuuHYek1jbtfMH S6PGCBfQo4dd937Kv/NaNWcnksiI5C5gHYjRTbOXtd9PPed3pO3vv4thYUVB5di3ay5BHSAnr0u gEiRDqAJikZgpLrb89vIGGxESKWU3VUqQk0n0GWe49zo991FXJvAlnHn2HbG/lXi7UYxcpIi2hO 8uoQsRnM7qGUTZM= X-Received: by 2002:a17:907:9490:b0:aac:4ed:b4ec with SMTP id a640c23a62f3a-aac2ad8ab93mr3025608466b.14.1735479611984; Sun, 29 Dec 2024 05:40:11 -0800 (PST) X-Google-Smtp-Source: AGHT+IE5BxcYvceuzuNGMRGNdo5UK8nz0R4s+sNTE2lYU1InBjdBblkU6E2oOr4FQXwiE5nEZR0skg== X-Received: by 2002:a17:907:9490:b0:aac:4ed:b4ec with SMTP id a640c23a62f3a-aac2ad8ab93mr3025605466b.14.1735479611623; Sun, 29 Dec 2024 05:40:11 -0800 (PST) Received: from thinky.redhat.com (ip-217-030-074-039.aim-net.cz. [217.30.74.39]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aac0f070a7bsm1355017766b.201.2024.12.29.05.40.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Dec 2024 05:40:10 -0800 (PST) From: Andrey Albershteyn X-Google-Original-From: Andrey Albershteyn To: linux-xfs@vger.kernel.org Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de, Andrey Albershteyn Subject: [PATCH 21/24] xfs: advertise fs-verity being available on filesystem Date: Sun, 29 Dec 2024 14:39:24 +0100 Message-ID: <20241229133927.1194609-22-aalbersh@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org> References: <20241229133350.1192387-1-aalbersh@kernel.org> <20241229133927.1194609-1-aalbersh@kernel.org> Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: "Darrick J. Wong" Advertise that this filesystem supports fsverity. Signed-off-by: Darrick J. Wong Reviewed-by: Andrey Albershteyn --- fs/xfs/libxfs/xfs_fs.h | 1 + fs/xfs/libxfs/xfs_sb.c | 2 ++ 2 files changed, 3 insertions(+) diff --git a/fs/xfs/libxfs/xfs_fs.h b/fs/xfs/libxfs/xfs_fs.h index 41ce4d3d650e..5cfd4043cb9b 100644 --- a/fs/xfs/libxfs/xfs_fs.h +++ b/fs/xfs/libxfs/xfs_fs.h @@ -247,6 +247,7 @@ typedef struct xfs_fsop_resblks { #define XFS_FSOP_GEOM_FLAGS_EXCHANGE_RANGE (1 << 24) /* exchange range */ #define XFS_FSOP_GEOM_FLAGS_PARENT (1 << 25) /* linux parent pointers */ #define XFS_FSOP_GEOM_FLAGS_METADIR (1 << 26) /* metadata directories */ +#define XFS_FSOP_GEOM_FLAGS_VERITY (1 << 27) /* fs-verity */ /* * Minimum and maximum sizes need for growth checks. diff --git a/fs/xfs/libxfs/xfs_sb.c b/fs/xfs/libxfs/xfs_sb.c index 9945ad33a460..b8fd1759ebe8 100644 --- a/fs/xfs/libxfs/xfs_sb.c +++ b/fs/xfs/libxfs/xfs_sb.c @@ -1500,6 +1500,8 @@ xfs_fs_geometry( geo->flags |= XFS_FSOP_GEOM_FLAGS_EXCHANGE_RANGE; if (xfs_has_metadir(mp)) geo->flags |= XFS_FSOP_GEOM_FLAGS_METADIR; + if (xfs_has_verity(mp)) + geo->flags |= XFS_FSOP_GEOM_FLAGS_VERITY; geo->rtsectsize = sbp->sb_blocksize; geo->dirblocksize = xfs_dir2_dirblock_bytes(sbp); From patchwork Sun Dec 29 13:39:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13922717 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5C8A81802DD for ; Sun, 29 Dec 2024 13:40:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479618; cv=none; b=BOoFn15ZIn4Tm6caPRUJVKyJQ6UCcEYd8PWpHObpxfl8Aja0qbz/EnIWGSPGVXu7setyARkrLSGbwJzKs3zdfp9dcoTt9WOgoe4HmX5drlG/bnSLOFGBAZfloPjijvU7+bMhUk09IWLCHwLVyQPPa95FVeUlkWZSLIgT7GOTpSI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479618; c=relaxed/simple; bh=pXNy5mdyaApodqdBWAxuwdlRdTctnri2FNMPiVW5+Js=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=aCy0a88vwdlSEZP827FD8RWf+anWAtXFpEn3u8136kVmPnN8vXfuCijUwveCVnrkJto0RnecD3yIjx6PLG9epdviCs4TnHlnsjZSXP27lZk88d8/eNQz0ds+YBeqdaESpKM/Kbcsf1/xFKTjkII2+KWOHOpmQVwvt7OfZONs9XI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=DS/pitRR; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="DS/pitRR" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1735479615; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=l4ozYW84s47q9Bj0WEH/x+ltj2loii9ZQPIFFtrz2aQ=; b=DS/pitRRW7l6GqKQbpTytXDPNXWd25HvWI1B+bmYkV2tg3ZEfluPyLL6aQ5MYKWQCbFKXv KnoqSXoQtEsNH69iw8/rgZnzdWmXyzxTaO9LF7qEXUOrmulokIesB+ieWKMPq5qjs547LI J18EZB1aT7QgH+UaSg1zEt8NhjcPD/U= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-327-aeHfekJQMZujc5nkL9ZM7g-1; Sun, 29 Dec 2024 08:40:14 -0500 X-MC-Unique: aeHfekJQMZujc5nkL9ZM7g-1 X-Mimecast-MFC-AGG-ID: aeHfekJQMZujc5nkL9ZM7g Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-aa6869e15ebso131645266b.1 for ; Sun, 29 Dec 2024 05:40:14 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735479613; x=1736084413; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=l4ozYW84s47q9Bj0WEH/x+ltj2loii9ZQPIFFtrz2aQ=; b=YS6ABBTwGJL6omvPheZQ3z6G5gIVLays+LrymlhipNly6oOCjRZJj6iuuwSmmqPIbd R6wz8KsvQFbD1FedPLWvddsWAV2h2n8yyUBO4Ih+0iOd0oxk3BlTw+yrGvLaN1fWJJGb PRVIS8AnNz7GL5OFbcR9bCrCiOfCSgtQEF6S9KWDhmpL5/SG6a5qUJ3ayqi+xbgf06ou 1/wvhqGJmlzq1DhFFcslOV1ncsfYuM8+Xk/OoCX1u2R6hyJLtm5f6uDejjzIddIzogX5 XWcv67NMxR5YWyQiK2/cPc+LdPQx57UfVu7lm9+cRXmN7XXs1V8nrM6AKfdT9tTOn3zz 8RkQ== X-Gm-Message-State: AOJu0Yzw0o9cNTwwm01co4THqOnqPhEVXaHjPztyt8pJJxRzBp6wg/NE niTeEqPq1Aa9MLg33TBbDw3v0qk9ldrWuyJZXFvq9Re5oY9CsHnpy/R7Wo3EMSoVRRlY6ij+FtZ dqdxu1uJvqDUQUZXwTJfGS/P3zusQymkw+mMHvymmc3KuehOL+Gu+K4uc+67nTlltiS7Sum2GjW vXLpbOKkOydWYrEoCxqarAy0ke+PUitGN4bvzh/AqZ X-Gm-Gg: ASbGncsi086gOm7Eon5ePFnoWjtCT8QmlClNQ5G/fnGvbyE7b9wgYBg+VHhHK4hOKKU RL6VgZGn8TmHFloRWhod4A14mQZL0hnUw5PnjIhQAtxuHq0u6uW56j85x2z0ihJuOcUPtzAocng OChjuV+hR43rt0ISRHtKr1piQfA4MC2eT+WCurBFj9guXOOXDPw5RHzrAWmTq2CqtlD3oKbVzbC BVNrIBohdZJKY5ue7grDgpU+hJNlaLnx2W84w15b1nFavkhONsBpoMcWpkMaTINBjF4fYwWR9NE ApekVX+gFZ9slec= X-Received: by 2002:a17:906:6a21:b0:aab:edc2:ccef with SMTP id a640c23a62f3a-aac080fe36dmr2989878266b.2.1735479612694; Sun, 29 Dec 2024 05:40:12 -0800 (PST) X-Google-Smtp-Source: AGHT+IHEFQUufCVpwF3syzzXZMa8hzVoTT64kYSgDe6VzFFzdGdn2uNmACQH5XYeOEZTXVJjgJcWHg== X-Received: by 2002:a17:906:6a21:b0:aab:edc2:ccef with SMTP id a640c23a62f3a-aac080fe36dmr2989875366b.2.1735479612162; Sun, 29 Dec 2024 05:40:12 -0800 (PST) Received: from thinky.redhat.com (ip-217-030-074-039.aim-net.cz. [217.30.74.39]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aac0f070a7bsm1355017766b.201.2024.12.29.05.40.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Dec 2024 05:40:11 -0800 (PST) From: Andrey Albershteyn X-Google-Original-From: Andrey Albershteyn To: linux-xfs@vger.kernel.org Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de Subject: [PATCH 22/24] xfs: check and repair the verity inode flag state Date: Sun, 29 Dec 2024 14:39:25 +0100 Message-ID: <20241229133927.1194609-23-aalbersh@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org> References: <20241229133350.1192387-1-aalbersh@kernel.org> <20241229133927.1194609-1-aalbersh@kernel.org> Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: "Darrick J. Wong" If an inode has the incore verity iflag set, make sure that we can actually activate fsverity on that inode. If activation fails due to a fsverity metadata validation error, clear the flag. The usage model for fsverity requires that any program that cares about verity state is required to call statx/getflags to check that the flag is set after opening the file, so clearing the flag will not compromise that model. Signed-off-by: Darrick J. Wong --- fs/xfs/scrub/attr.c | 7 ++++ fs/xfs/scrub/common.c | 68 +++++++++++++++++++++++++++++++++++++ fs/xfs/scrub/common.h | 3 ++ fs/xfs/scrub/inode.c | 7 ++++ fs/xfs/scrub/inode_repair.c | 36 ++++++++++++++++++++ 5 files changed, 121 insertions(+) diff --git a/fs/xfs/scrub/attr.c b/fs/xfs/scrub/attr.c index d911cf9cad20..1f840d79cc9d 100644 --- a/fs/xfs/scrub/attr.c +++ b/fs/xfs/scrub/attr.c @@ -646,6 +646,13 @@ xchk_xattr( if (!xfs_inode_hasattr(sc->ip)) return -ENOENT; + /* + * If this is a verity file that won't activate, we cannot check the + * merkle tree geometry. + */ + if (xchk_inode_verity_broken(sc->ip)) + xchk_set_incomplete(sc); + /* Allocate memory for xattr checking. */ error = xchk_setup_xattr_buf(sc, 0); if (error == -ENOMEM) diff --git a/fs/xfs/scrub/common.c b/fs/xfs/scrub/common.c index 5cbd94b56582..00c07335725d 100644 --- a/fs/xfs/scrub/common.c +++ b/fs/xfs/scrub/common.c @@ -42,6 +42,8 @@ #include "scrub/health.h" #include "scrub/tempfile.h" +#include + /* Common code for the metadata scrubbers. */ /* @@ -1573,3 +1575,69 @@ xchk_inode_rootdir_inum(const struct xfs_inode *ip) return mp->m_metadirip->i_ino; return mp->m_rootip->i_ino; } + +/* + * If this inode has S_VERITY set on it, read the merkle tree geometry, which + * will activate the incore fsverity context for this file. If the activation + * fails with anything other than ENOMEM, the file is corrupt, which we can + * detect later with fsverity_active. + * + * Callers must hold the IOLOCK and must not hold the ILOCK of sc->ip because + * activation reads xattrs. @blocksize and @treesize will be filled out with + * merkle tree geometry if they are not NULL pointers. + */ +int +xchk_inode_setup_verity( + struct xfs_scrub *sc, + unsigned int *blocksize, + u64 *treesize) +{ + unsigned int bs; + u64 ts; + int error; + + if (!IS_VERITY(VFS_I(sc->ip))) + return 0; + + error = fsverity_merkle_tree_geometry(VFS_I(sc->ip), NULL, &bs, &ts); + switch (error) { + case 0: + /* fsverity is active; return tree geometry. */ + if (blocksize) + *blocksize = bs; + if (treesize) + *treesize = ts; + break; + case -ENODATA: + case -EMSGSIZE: + case -EINVAL: + case -EFSCORRUPTED: + case -EFBIG: + /* + * The nonzero errno codes above are the error codes that can + * be returned from fsverity on metadata validation errors. + * Set the geometry to zero. + */ + if (blocksize) + *blocksize = 0; + if (treesize) + *treesize = 0; + return 0; + default: + /* runtime errors */ + return error; + } + + return 0; +} + +/* + * Is this a verity file that failed to activate? Callers must have tried to + * activate fsverity via xchk_inode_setup_verity. + */ +bool +xchk_inode_verity_broken( + struct xfs_inode *ip) +{ + return IS_VERITY(VFS_I(ip)) && !fsverity_active(VFS_I(ip)); +} diff --git a/fs/xfs/scrub/common.h b/fs/xfs/scrub/common.h index 9ff3cafd8679..f3631c603dd4 100644 --- a/fs/xfs/scrub/common.h +++ b/fs/xfs/scrub/common.h @@ -274,6 +274,9 @@ void xchk_fsgates_enable(struct xfs_scrub *sc, unsigned int scrub_fshooks); int xchk_inode_is_allocated(struct xfs_scrub *sc, xfs_agino_t agino, bool *inuse); +int xchk_inode_setup_verity(struct xfs_scrub *sc, unsigned int *blocksize, + u64 *treesize); +bool xchk_inode_verity_broken(struct xfs_inode *ip); bool xchk_inode_is_dirtree_root(const struct xfs_inode *ip); bool xchk_inode_is_sb_rooted(const struct xfs_inode *ip); diff --git a/fs/xfs/scrub/inode.c b/fs/xfs/scrub/inode.c index 25ee66e7649d..661b548460e4 100644 --- a/fs/xfs/scrub/inode.c +++ b/fs/xfs/scrub/inode.c @@ -36,6 +36,10 @@ xchk_prepare_iscrub( xchk_ilock(sc, XFS_IOLOCK_EXCL); + error = xchk_inode_setup_verity(sc, NULL, NULL); + if (error) + return error; + error = xchk_trans_alloc(sc, 0); if (error) return error; @@ -815,6 +819,9 @@ xchk_inode( if (S_ISREG(VFS_I(sc->ip)->i_mode)) xchk_inode_check_reflink_iflag(sc, sc->ip->i_ino); + if (xchk_inode_verity_broken(sc->ip)) + xchk_ino_set_corrupt(sc, sc->sm->sm_ino); + xchk_inode_check_unlinked(sc); xchk_inode_xref(sc, sc->ip->i_ino, &di); diff --git a/fs/xfs/scrub/inode_repair.c b/fs/xfs/scrub/inode_repair.c index 5a58ddd27bd2..72b97b625517 100644 --- a/fs/xfs/scrub/inode_repair.c +++ b/fs/xfs/scrub/inode_repair.c @@ -572,6 +572,8 @@ xrep_dinode_flags( dip->di_nrext64_pad = 0; else if (dip->di_version >= 3) dip->di_v3_pad = 0; + if (!xfs_has_verity(mp) || !S_ISREG(mode)) + flags2 &= ~XFS_DIFLAG2_VERITY; if (flags2 & XFS_DIFLAG2_METADATA) { xfs_failaddr_t fa; @@ -1443,6 +1445,10 @@ xrep_dinode_core( if (iget_error) return iget_error; + error = xchk_inode_setup_verity(sc, NULL, NULL); + if (error) + return error; + error = xchk_trans_alloc(sc, 0); if (error) return error; @@ -1852,6 +1858,27 @@ xrep_inode_unlinked( return 0; } +/* + * If this file is a fsverity file, xchk_prepare_iscrub or xrep_dinode_core + * should have activated it. If it's still not active, then there's something + * wrong with the verity descriptor and we should turn it off. + */ +STATIC int +xrep_inode_verity( + struct xfs_scrub *sc) +{ + struct inode *inode = VFS_I(sc->ip); + + if (xchk_inode_verity_broken(sc->ip)) { + sc->ip->i_diflags2 &= ~XFS_DIFLAG2_VERITY; + inode->i_flags &= ~S_VERITY; + + xfs_trans_log_inode(sc->tp, sc->ip, XFS_ILOG_CORE); + } + + return 0; +} + /* Repair an inode's fields. */ int xrep_inode( @@ -1901,6 +1928,15 @@ xrep_inode( return error; } + /* + * Disable fsverity if it cannot be activated. Activation failure + * prohibits the file from being opened, so there cannot be another + * program with an open fd to what it thinks is a verity file. + */ + error = xrep_inode_verity(sc); + if (error) + return error; + /* Reconnect incore unlinked list */ error = xrep_inode_unlinked(sc); if (error) From patchwork Sun Dec 29 13:39:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13922719 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9611617BEBF for ; Sun, 29 Dec 2024 13:40:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479619; cv=none; b=ODvPeSPE/jE68jnXVj10Y+sf3+L9wJgByQYknvm18V72pe1YxpdzsEH8fskGIeSKGohrLHl+U+09ARFQiXuweiJh9rdzKI5eEs6jgKT0wsDfamjR/zrq2QsklhhFwIJz2j6QHaC2XJQS5KF7KAb2F26NEG+v/KelGWVtZl+1boU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479619; c=relaxed/simple; bh=2BVroiZKMwtIoXBaD3dZ7cyKCtOsa2zOIE1T910w6sY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=A4ijvIeIuSUZ2hM/3t5Nn0UIbvGRqyWEi/CmAbxMavQBugJUXslfOws2V2iep+ra9cq9dMPI7LiMTmn9b8NHXWgNmYGbPgJW16op7mpoaRaNFQ9rH+7Uc/DIjPbJAu87bzKO9zH7iVRVf6D7+4CDWDgLOACAV8DAhrkBacL/6P4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=Y3b/smW+; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="Y3b/smW+" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1735479616; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/xV17dexnfWgI0ooIiF/Bbpu+fsC1cOfUOx4O3UUhSs=; b=Y3b/smW+Np492Hs9gTu9agasi8Fb0jmLbEv6RBqg6MLcMx+fHst8fBoPxerTx1hTC75+yH JE3nmLZ1agJ3QyipZz13qLLUO5w5iXBULDhwcLa7ztEafz1mc68nx+YhjNEQS83PzxJiiJ 7LRH/VjsS4maPpe4iu97TzTa22QO0aA= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-369-fs429BowP3-fM1MpwCeoKA-1; Sun, 29 Dec 2024 08:40:15 -0500 X-MC-Unique: fs429BowP3-fM1MpwCeoKA-1 X-Mimecast-MFC-AGG-ID: fs429BowP3-fM1MpwCeoKA Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-aa6a87f324cso76210466b.1 for ; Sun, 29 Dec 2024 05:40:15 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735479613; x=1736084413; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/xV17dexnfWgI0ooIiF/Bbpu+fsC1cOfUOx4O3UUhSs=; b=EYvmwad4QEQCqjl1wGVGcBG6GOTHit5o08tMF091l/a5I/dcKn5Cm3Wi/5EzeDsLaX bKkexNNSpvUwkxuDgxw5nQlOGR5q+ZP0VGdOh11qFg7o1jAiYCWygdaUr9ZoLVueViRM rdrkipvKDw8qOxl91B9eLgyy1dQENfANhqGwQO0MrP0AiYkHcMLtdSM+RmT09unJxOaE EYwoc/HBbRnP/5qZMJ8jLxzTZ6F97OChvQN/dKkrQQjLZf0E4M8Do1CiGpiXIYgA1lTH cyK9xXk7zan7zLir3Sz3Fllg+J8OOXuxLj1q8kltTSTYnptDNYVv/WrsYPjrGYof3f14 2kAg== X-Gm-Message-State: AOJu0YyMnzl0zJddTx5mEctNkccOOM4dUyv7p+TBUSD8LeV9h8qBqowh MK2s/D8V6cpKIS/BKItrhRvD0P29mH5eZQnprXxzoaMUkdUYcEmptcB6T0a91OuPHnhyjTJm6+/ pIP3glHbM36LXqQPPsbc3yv5c5WbPR1ikGM0Ng6a1U9SN3bryZqr62X1Tl7NN+clxMw2ziRi3gP Sc+axXziM75Joq/Aj5r9rXjCN0NNRBDtXqS+WGV00H X-Gm-Gg: ASbGncs/dRtM9KLvuTFnVvTcycD0qIdIG6Jg/e33aXOcEPc+ekBs+ijZyM0gG2rKQUQ yw9t7UnKHA69uSFbeH3lJ/oiAxQu+qk/nZKx8wl7QwuDXMlmMmnaPqaZZaB8b9Tef9UuIbv+eWE qtQQp5D2D8HRRHELSL0/5BZyb8wdjlA/UOBBw8r3rrsxUg2gtJCMQIf1tnae4NNBbeS5h326msr qWHxENN+rSBBKpGrAk1AELYsa6TIZRMJ1nQ2+YIEXOxZkJlpLdGZz4qJ/sYZYIfPf/42wL4v+V2 RdBcVCH/+qmQ+hw= X-Received: by 2002:a17:906:c14f:b0:aa6:8e9e:1b5 with SMTP id a640c23a62f3a-aac27026ce8mr3233216666b.3.1735479613264; Sun, 29 Dec 2024 05:40:13 -0800 (PST) X-Google-Smtp-Source: AGHT+IF/bxzq/qQ1NkUWGDrMuGdE8Ze1WCao7Q9NNH9lXIcsIInd1CtZJIL5NxEUGffGK8hFgos9xw== X-Received: by 2002:a17:906:c14f:b0:aa6:8e9e:1b5 with SMTP id a640c23a62f3a-aac27026ce8mr3233214166b.3.1735479612892; Sun, 29 Dec 2024 05:40:12 -0800 (PST) Received: from thinky.redhat.com (ip-217-030-074-039.aim-net.cz. [217.30.74.39]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aac0f070a7bsm1355017766b.201.2024.12.29.05.40.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Dec 2024 05:40:12 -0800 (PST) From: Andrey Albershteyn X-Google-Original-From: Andrey Albershteyn To: linux-xfs@vger.kernel.org Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de, Andrey Albershteyn Subject: [PATCH 23/24] xfs: report verity failures through the health system Date: Sun, 29 Dec 2024 14:39:26 +0100 Message-ID: <20241229133927.1194609-24-aalbersh@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org> References: <20241229133350.1192387-1-aalbersh@kernel.org> <20241229133927.1194609-1-aalbersh@kernel.org> Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: "Darrick J. Wong" Record verity failures and report them through the health system. Signed-off-by: Darrick J. Wong Reviewed-by: Andrey Albershteyn --- fs/xfs/libxfs/xfs_fs.h | 1 + fs/xfs/libxfs/xfs_health.h | 4 +++- fs/xfs/xfs_fsverity.c | 11 +++++++++++ fs/xfs/xfs_health.c | 1 + 4 files changed, 16 insertions(+), 1 deletion(-) diff --git a/fs/xfs/libxfs/xfs_fs.h b/fs/xfs/libxfs/xfs_fs.h index 5cfd4043cb9b..65978a2708ea 100644 --- a/fs/xfs/libxfs/xfs_fs.h +++ b/fs/xfs/libxfs/xfs_fs.h @@ -419,6 +419,7 @@ struct xfs_bulkstat { #define XFS_BS_SICK_SYMLINK (1 << 6) /* symbolic link remote target */ #define XFS_BS_SICK_PARENT (1 << 7) /* parent pointers */ #define XFS_BS_SICK_DIRTREE (1 << 8) /* directory tree structure */ +#define XFS_BS_SICK_DATA (1 << 9) /* file data */ /* * Project quota id helpers (previously projid was 16bit only diff --git a/fs/xfs/libxfs/xfs_health.h b/fs/xfs/libxfs/xfs_health.h index d34986ac18c3..a24006180bda 100644 --- a/fs/xfs/libxfs/xfs_health.h +++ b/fs/xfs/libxfs/xfs_health.h @@ -102,6 +102,7 @@ struct xfs_rtgroup; /* Don't propagate sick status to ag health summary during inactivation */ #define XFS_SICK_INO_FORGET (1 << 12) #define XFS_SICK_INO_DIRTREE (1 << 13) /* directory tree structure */ +#define XFS_SICK_INO_DATA (1 << 14) /* file data */ /* Primary evidence of health problems in a given group. */ #define XFS_SICK_FS_PRIMARY (XFS_SICK_FS_COUNTERS | \ @@ -136,7 +137,8 @@ struct xfs_rtgroup; XFS_SICK_INO_XATTR | \ XFS_SICK_INO_SYMLINK | \ XFS_SICK_INO_PARENT | \ - XFS_SICK_INO_DIRTREE) + XFS_SICK_INO_DIRTREE | \ + XFS_SICK_INO_DATA) #define XFS_SICK_INO_ZAPPED (XFS_SICK_INO_BMBTD_ZAPPED | \ XFS_SICK_INO_BMBTA_ZAPPED | \ diff --git a/fs/xfs/xfs_fsverity.c b/fs/xfs/xfs_fsverity.c index 0af0f22ff075..967f75a1f97d 100644 --- a/fs/xfs/xfs_fsverity.c +++ b/fs/xfs/xfs_fsverity.c @@ -24,6 +24,7 @@ #include "xfs_iomap.h" #include "xfs_bmap.h" #include "xfs_format.h" +#include "xfs_health.h" #include #include @@ -462,10 +463,20 @@ xfs_fsverity_write_merkle( return iomap_write_region(®ion); } +static void +xfs_fsverity_file_corrupt( + struct inode *inode, + loff_t pos, + size_t len) +{ + xfs_inode_mark_sick(XFS_I(inode), XFS_SICK_INO_DATA); +} + const struct fsverity_operations xfs_fsverity_ops = { .begin_enable_verity = xfs_fsverity_begin_enable, .end_enable_verity = xfs_fsverity_end_enable, .get_verity_descriptor = xfs_fsverity_get_descriptor, .read_merkle_tree_page = xfs_fsverity_read_merkle, .write_merkle_tree_block = xfs_fsverity_write_merkle, + .file_corrupt = xfs_fsverity_file_corrupt, }; diff --git a/fs/xfs/xfs_health.c b/fs/xfs/xfs_health.c index c7c2e6561998..a61b27cc6be7 100644 --- a/fs/xfs/xfs_health.c +++ b/fs/xfs/xfs_health.c @@ -485,6 +485,7 @@ static const struct ioctl_sick_map ino_map[] = { { XFS_SICK_INO_DIR_ZAPPED, XFS_BS_SICK_DIR }, { XFS_SICK_INO_SYMLINK_ZAPPED, XFS_BS_SICK_SYMLINK }, { XFS_SICK_INO_DIRTREE, XFS_BS_SICK_DIRTREE }, + { 0, 0 }, }; /* Fill out bulkstat health info. */ From patchwork Sun Dec 29 13:39:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13922720 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 041D4158858 for ; Sun, 29 Dec 2024 13:40:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479619; cv=none; b=sYgWBw9wrlBqhD+Xqu4tpddnX5YJQAc3t/Lw3zcg4iDf0P44J1z7BeAHeW50sGIChN5gZA4TYqdKrxEc6Pd8PMf4nAINlgm3qKDTG5ETLyJzevX9O4462/liyli4HGM0CKuipP2uU396ZlhkHk4gcDRX7eMDJAgqfioUj7wyau8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735479619; c=relaxed/simple; bh=YoRoL1TBFcrSncyWJhCTPMkMdg0wun7X0lTpOFQqTrM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ij5J3KY634EUlPx904F4TUehoz6OF8QDFpzF7pT5bDnDR5D4kP3bcPejQqHBo4/GftMfbyJci4oR1qo/tESvE90XRa/eiqHf1wgLgDYh57b5P+DCBLlUZxFzcXUyMzojkQg4r4Magw5AXVA7202CL75Uk2s6lTU0NeTr8wK8H/4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=Nl7Ztbtm; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="Nl7Ztbtm" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1735479616; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=taqbHKqNQ1u6e8lcdtpbfFyqmFmBX0Dm3LL6BLSroSQ=; b=Nl7ZtbtmT8kCuXLXdhnt1t20DXHT0UMKxjfVi1/HIxjVLUIBRcIezMeoySIFmoWZpF4xO/ qHPnM57RL/WINY3n704PDg3Ni5Ma4sDm83aWkULNheMsoiracYFN5Utm/hUeBbTIxjAjKo h5/uRmSGdrRt3BfGULx7rIEKiNPdUzQ= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-197-WNJQDV5TPfmK_CDmEzlZnA-1; Sun, 29 Dec 2024 08:40:15 -0500 X-MC-Unique: WNJQDV5TPfmK_CDmEzlZnA-1 X-Mimecast-MFC-AGG-ID: WNJQDV5TPfmK_CDmEzlZnA Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-aa680e17f6dso627508666b.1 for ; Sun, 29 Dec 2024 05:40:15 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735479614; x=1736084414; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=taqbHKqNQ1u6e8lcdtpbfFyqmFmBX0Dm3LL6BLSroSQ=; b=HdM9iqQrx3G0a1DAPDVOeUq99CjT1Co1cWFo54o9DcGIXtIZq+B74ONc2vLEXzO/pu pC+lixU/q8tnL3ETO4ZRrJn+TO15gvWWdabFodoF/Zxe/tqmHEGrl12xzPUtzWQSCD+Y w1aDyyxJYCLzTonekY6NIQGGKw/H2wbRODnW+2bu8kpRMlH8c2YBsNgbAl9fwYgTEKe1 vTYJ9kSPZ6SIYzobCrJHPDhsfd6YjTigkk0FHRhTpQk5TweX3+dBEpMoH9ONbnpMIibb Iydd3JmH2+6LH3DGzjWfXFE8y4qlKtHD6d6k3e0pL6b0G9o18bxZYvsVVmmcUQDvpEa5 N6Xw== X-Gm-Message-State: AOJu0YyenGG5IIx4ugQQVmOsgcCoueNM5K15rDsccig7Y2NkgMw2yW7C LZ8uu45Nlt7IeyAisbXA10AAIEoggTDCqbzWv01txaBCCi0h+wRtDHtJWOEXYQ7dy1ND6J8CRaq Ig3s9FqH+YNkAs8LRivBbWfA9KYEQqbxZIPrV/u7ZRZfXjzaA4W8xB22MZbe5WpTSjmdh4rF6b6 UcdYgad+2KycS3J8mNrhDIKHZ1/F7RDRo1YRO0Ch+r X-Gm-Gg: ASbGnctHc6AKSw34k4kRas1noXNMiCjgR/KqsyinDKPzdnVWV6UaZD+It5XbJ4iHlO1 FLi4oo9nVnUv0ykMNGY3sg5fWrciCopb8sCmc0z/ggqLyNkaqsHLx5HDzAq3H1U4BjNeaC5ykkQ q4Ce9PkEOtpZznG68qgcWLkn//JbnkOM9aE+HkgX2Gyw3J1r1LxYLKWjHFXFvA41A5ODbmqinYO tmXPvJeYz11c5Yv+HRqJtBi994lLAEGIPvNR08Kgbe/OAw/6umvss5DU3lFemOyw7nPAXVJOT+V o4eblqf37jGsWaE= X-Received: by 2002:a05:6402:1590:b0:5d0:d818:559d with SMTP id 4fb4d7f45d1cf-5d81dda6576mr79196111a12.11.1735479614439; Sun, 29 Dec 2024 05:40:14 -0800 (PST) X-Google-Smtp-Source: AGHT+IGZaSB1sdlMJNh7UtmLHUBWOFvkI0R3B2hLOii6h/vXB1iFeL49kZCoKJdUgMolq1KMTBJc3g== X-Received: by 2002:a05:6402:1590:b0:5d0:d818:559d with SMTP id 4fb4d7f45d1cf-5d81dda6576mr79196057a12.11.1735479614109; Sun, 29 Dec 2024 05:40:14 -0800 (PST) Received: from thinky.redhat.com (ip-217-030-074-039.aim-net.cz. [217.30.74.39]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aac0f070a7bsm1355017766b.201.2024.12.29.05.40.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Dec 2024 05:40:13 -0800 (PST) From: Andrey Albershteyn X-Google-Original-From: Andrey Albershteyn To: linux-xfs@vger.kernel.org Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de, Andrey Albershteyn Subject: [PATCH 24/24] xfs: enable ro-compat fs-verity flag Date: Sun, 29 Dec 2024 14:39:27 +0100 Message-ID: <20241229133927.1194609-25-aalbersh@kernel.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org> References: <20241229133350.1192387-1-aalbersh@kernel.org> <20241229133927.1194609-1-aalbersh@kernel.org> Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Andrey Albershteyn Finalize fs-verity integration in XFS by making kernel fs-verity aware with ro-compat flag. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong [djwong: add spaces] Signed-off-by: Darrick J. Wong --- fs/xfs/libxfs/xfs_format.h | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/fs/xfs/libxfs/xfs_format.h b/fs/xfs/libxfs/xfs_format.h index df84c275837d..6eb10300ff31 100644 --- a/fs/xfs/libxfs/xfs_format.h +++ b/fs/xfs/libxfs/xfs_format.h @@ -374,10 +374,11 @@ xfs_sb_has_compat_feature( #define XFS_SB_FEAT_RO_COMPAT_INOBTCNT (1 << 3) /* inobt block counts */ #define XFS_SB_FEAT_RO_COMPAT_VERITY (1 << 4) /* fs-verity */ #define XFS_SB_FEAT_RO_COMPAT_ALL \ - (XFS_SB_FEAT_RO_COMPAT_FINOBT | \ - XFS_SB_FEAT_RO_COMPAT_RMAPBT | \ - XFS_SB_FEAT_RO_COMPAT_REFLINK| \ - XFS_SB_FEAT_RO_COMPAT_INOBTCNT) + (XFS_SB_FEAT_RO_COMPAT_FINOBT | \ + XFS_SB_FEAT_RO_COMPAT_RMAPBT | \ + XFS_SB_FEAT_RO_COMPAT_REFLINK | \ + XFS_SB_FEAT_RO_COMPAT_INOBTCNT | \ + XFS_SB_FEAT_RO_COMPAT_VERITY) #define XFS_SB_FEAT_RO_COMPAT_UNKNOWN ~XFS_SB_FEAT_RO_COMPAT_ALL static inline bool xfs_sb_has_ro_compat_feature(