| Message ID | 20181119052324.31456-6-chandan@linux.vnet.ibm.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | Remove fs specific fscrypt and fsverity build config options | expand |
On Mon, Nov 19, 2018 at 10:53:22AM +0530, Chandan Rajendra wrote: > This commit now uses IS_VERITY() macro to check if fsverity is > enabled on an inode. > > Signed-off-by: Chandan Rajendra <chandan@linux.vnet.ibm.com> This patch causes a massive number of fsverity tests. I suspect it's due to a mismatch between the ext4's inode flags as opposed to the VFS inode's flags. I'll take a closer look in the next day or two. Cheers, - Ted
On Mon, Nov 26, 2018 at 12:36:15PM -0500, Theodore Y. Ts'o wrote: > On Mon, Nov 19, 2018 at 10:53:22AM +0530, Chandan Rajendra wrote: > > This commit now uses IS_VERITY() macro to check if fsverity is > > enabled on an inode. > > > > Signed-off-by: Chandan Rajendra <chandan@linux.vnet.ibm.com> > > This patch causes a massive number of fsverity tests. I suspect it's > due to a mismatch between the ext4's inode flags as opposed to the VFS > inode's flags. I'll take a closer look in the next day or two. > > Cheers, > > - Ted It's missing the following to set S_VERITY during the FS_IOC_ENABLE_VERITY ioctl: diff --git a/fs/ext4/super.c b/fs/ext4/super.c index ed933e64e95f..82b45cceb39b 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -1344,6 +1344,11 @@ static int ext4_set_verity(struct inode *inode, loff_t data_i_size) err = ext4_reserve_inode_write(handle, inode, &iloc); if (err == 0) { ext4_set_inode_flag(inode, EXT4_INODE_VERITY); + /* + * Update inode->i_flags - S_VERITY will be enabled, + * S_DAX may be disabled + */ + ext4_set_inode_flags(inode); EXT4_I(inode)->i_disksize = data_i_size; err = ext4_mark_iloc_dirty(handle, inode, &iloc); }
On Monday, November 26, 2018 11:06:15 PM IST Theodore Y. Ts'o wrote: > On Mon, Nov 19, 2018 at 10:53:22AM +0530, Chandan Rajendra wrote: > > This commit now uses IS_VERITY() macro to check if fsverity is > > enabled on an inode. > > > > Signed-off-by: Chandan Rajendra <chandan@linux.vnet.ibm.com> > > This patch causes a massive number of fsverity tests. I suspect it's > due to a mismatch between the ext4's inode flags as opposed to the VFS > inode's flags. I'll take a closer look in the next day or two. > I will check this and report back soon.
On Monday, November 26, 2018 11:06:15 PM IST Theodore Y. Ts'o wrote: > On Mon, Nov 19, 2018 at 10:53:22AM +0530, Chandan Rajendra wrote: > > This commit now uses IS_VERITY() macro to check if fsverity is > > enabled on an inode. > > > > Signed-off-by: Chandan Rajendra <chandan@linux.vnet.ibm.com> > > This patch causes a massive number of fsverity tests. I suspect it's > due to a mismatch between the ext4's inode flags as opposed to the VFS > inode's flags. I'll take a closer look in the next day or two. > > Cheers, > > - Ted > > Hi Ted, I have fixed the problem. I will check the fix once again tomorrow and execute the tests. I will be able to post the patches by end of tomorrow. I will take a look at the commits that you have added at git://git.kernel.org/pub/scm/linux/kernel/git/tytso/fscrypt.git test-working tomorrow.
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h index db21df885186..64bf9fb7ef18 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -2296,15 +2296,6 @@ extern unsigned ext4_free_clusters_after_init(struct super_block *sb, struct ext4_group_desc *gdp); ext4_fsblk_t ext4_inode_to_goal_block(struct inode *); -static inline bool ext4_verity_inode(struct inode *inode) -{ -#ifdef CONFIG_EXT4_FS_VERITY - return ext4_test_inode_flag(inode, EXT4_INODE_VERITY); -#else - return false; -#endif -} - #ifdef CONFIG_FS_ENCRYPTION static inline int ext4_fname_setup_filename(struct inode *dir, const struct qstr *iname, diff --git a/fs/ext4/file.c b/fs/ext4/file.c index cb4b69ef01a2..30fbd663354f 100644 --- a/fs/ext4/file.c +++ b/fs/ext4/file.c @@ -444,7 +444,7 @@ static int ext4_file_open(struct inode * inode, struct file * filp) if (ret) return ret; - if (ext4_verity_inode(inode)) { + if (IS_VERITY(inode)) { ret = fsverity_file_open(inode, filp); if (ret) return ret; diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index ae6794649817..3786740b73fa 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -3884,7 +3884,7 @@ static ssize_t ext4_direct_IO(struct kiocb *iocb, struct iov_iter *iter) return 0; #endif - if (ext4_verity_inode(inode)) + if (IS_VERITY(inode)) return 0; /* @@ -4726,7 +4726,7 @@ static bool ext4_should_use_dax(struct inode *inode) return false; if (IS_ENCRYPTED(inode)) return false; - if (ext4_verity_inode(inode)) + if (IS_VERITY(inode)) return false; return true; } @@ -4750,9 +4750,11 @@ void ext4_set_inode_flags(struct inode *inode) new_fl |= S_DAX; if (flags & EXT4_ENCRYPT_FL) new_fl |= S_ENCRYPTED; + if (flags & EXT4_VERITY_FL) + new_fl |= S_VERITY; inode_set_flags(inode, new_fl, S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC|S_DAX| - S_ENCRYPTED); + S_ENCRYPTED|S_VERITY); } static blkcnt_t ext4_inode_blocks(struct ext4_inode *raw_inode, @@ -5510,7 +5512,7 @@ int ext4_setattr(struct dentry *dentry, struct iattr *attr) if (error) return error; - if (ext4_verity_inode(inode)) { + if (IS_VERITY(inode)) { error = fsverity_prepare_setattr(dentry, attr); if (error) return error; diff --git a/fs/ext4/readpage.c b/fs/ext4/readpage.c index 7252f0a60cdb..2c037df629dd 100644 --- a/fs/ext4/readpage.c +++ b/fs/ext4/readpage.c @@ -206,7 +206,7 @@ static void mpage_end_io(struct bio *bio) static inline loff_t ext4_readpage_limit(struct inode *inode) { #ifdef CONFIG_EXT4_FS_VERITY - if (ext4_verity_inode(inode)) { + if (IS_VERITY(inode)) { if (inode->i_verity_info) /* limit to end of metadata region */ return fsverity_full_i_size(inode);
This commit now uses IS_VERITY() macro to check if fsverity is enabled on an inode. Signed-off-by: Chandan Rajendra <chandan@linux.vnet.ibm.com> --- fs/ext4/ext4.h | 9 --------- fs/ext4/file.c | 2 +- fs/ext4/inode.c | 10 ++++++---- fs/ext4/readpage.c | 2 +- 4 files changed, 8 insertions(+), 15 deletions(-)