@@ -344,6 +344,15 @@ static int print_fileattr(const char *path, u64 attr, void *user)
return PRINT_DUMP(user, path, "fileattr", "fileattr=0x%llu", attr);
}
+static int print_enable_verity (const char *path, u8 algorithm, u32 block_size,
+ int salt_len, char *salt,
+ int sig_len, char *sig, void *user)
+{
+ return PRINT_DUMP(user, path, "enable_verity",
+ "algorithm=%u block_size=%u salt_len=%d sig_len=%d",
+ algorithm, block_size, salt_len, sig_len);
+}
+
struct btrfs_send_ops btrfs_print_send_ops = {
.subvol = print_subvol,
.snapshot = print_snapshot,
@@ -369,4 +378,5 @@ struct btrfs_send_ops btrfs_print_send_ops = {
.encoded_write = print_encoded_write,
.fallocate = print_fallocate,
.fileattr = print_fileattr,
+ .enable_verity = print_enable_verity,
};
@@ -39,6 +39,7 @@
#include <sys/uio.h>
#include <sys/xattr.h>
#include <linux/fs.h>
+#include <linux/fsverity.h>
#include <uuid/uuid.h>
#include <zlib.h>
@@ -1333,6 +1334,55 @@ static int process_fileattr(const char *path, u64 attr, void *user)
return 0;
}
+static int process_enable_verity(const char *path, u8 algorithm, u32 block_size,
+ int salt_len, char *salt,
+ int sig_len, char *sig, void *user)
+{
+ int ret;
+ struct btrfs_receive *rctx = user;
+ char full_path[PATH_MAX];
+ struct fsverity_enable_arg verity_args = {
+ .version = 1,
+ .hash_algorithm = algorithm,
+ .block_size = block_size,
+ };
+ if (salt_len) {
+ verity_args.salt_size = salt_len;
+ verity_args.salt_ptr = (__u64)salt;
+ }
+ if (sig_len) {
+ verity_args.sig_size = sig_len;
+ verity_args.sig_ptr = (__u64)sig;
+ }
+ int ioctl_fd;
+
+ ret = path_cat_out(full_path, rctx->full_subvol_path, path);
+ if (ret < 0) {
+ error("write: path invalid: %s", path);
+ goto out;
+ }
+
+ ioctl_fd = open(full_path, O_RDONLY);
+ if (ioctl_fd < 0) {
+ ret = -errno;
+ error("cannot open %s for verity ioctl: %m", full_path);
+ goto out;
+ }
+
+ /*
+ * Enabling verity denies write access, so it cannot be done with an
+ * open writeable file descriptor.
+ */
+ close_inode_for_write(rctx);
+ ret = ioctl(ioctl_fd, FS_IOC_ENABLE_VERITY, &verity_args);
+ if (ret < 0)
+ fprintf(stderr, "Failed to enable verity on %s: %d\n", full_path, ret);
+
+ close(ioctl_fd);
+out:
+ return ret;
+}
+
static struct btrfs_send_ops send_ops = {
.subvol = process_subvol,
.snapshot = process_snapshot,
@@ -1358,6 +1408,7 @@ static struct btrfs_send_ops send_ops = {
.encoded_write = process_encoded_write,
.fallocate = process_fallocate,
.fileattr = process_fileattr,
+ .enable_verity = process_enable_verity,
};
static int do_receive(struct btrfs_receive *rctx, const char *tomnt,
@@ -353,6 +353,12 @@ static int read_and_process_cmd(struct btrfs_send_stream *sctx)
char *xattr_name = NULL;
void *xattr_data = NULL;
void *data = NULL;
+ u8 verity_algorithm;
+ u32 verity_block_size;
+ int verity_salt_len;
+ void *verity_salt = NULL;
+ int verity_sig_len;
+ void *verity_sig = NULL;
struct timespec at;
struct timespec ct;
struct timespec mt;
@@ -537,6 +543,16 @@ static int read_and_process_cmd(struct btrfs_send_stream *sctx)
TLV_GET_U64(sctx, BTRFS_SEND_A_SIZE, &tmp);
ret = sctx->ops->update_extent(path, offset, tmp, sctx->user);
break;
+ case BTRFS_SEND_C_ENABLE_VERITY:
+ TLV_GET_STRING(sctx, BTRFS_SEND_A_PATH, &path);
+ TLV_GET_U8(sctx, BTRFS_SEND_A_VERITY_ALGORITHM, &verity_algorithm);
+ TLV_GET_U32(sctx, BTRFS_SEND_A_VERITY_BLOCK_SIZE, &verity_block_size);
+ TLV_GET(sctx, BTRFS_SEND_A_VERITY_SALT_DATA, &verity_salt, &verity_salt_len);
+ TLV_GET(sctx, BTRFS_SEND_A_VERITY_SIG_DATA, &verity_sig, &verity_sig_len);
+ ret = sctx->ops->enable_verity(path, verity_algorithm, verity_block_size,
+ verity_salt_len, verity_salt,
+ verity_sig_len, verity_sig, sctx->user);
+ break;
case BTRFS_SEND_C_END:
ret = 1;
break;
@@ -60,6 +60,9 @@ struct btrfs_send_ops {
int (*fallocate)(const char *path, int mode, u64 offset, u64 len,
void *user);
int (*fileattr)(const char *path, u64 attr, void *user);
+ int (*enable_verity)(const char *path, u8 algorithm, u32 block_size,
+ int salt_len, char *salt,
+ int sig_len, char *sig, void *user);
};
int btrfs_read_and_process_send_stream(int fd,
@@ -102,8 +102,10 @@ enum btrfs_send_cmd {
BTRFS_SEND_C_ENCODED_WRITE = 25,
BTRFS_SEND_C_MAX_V2 = 25,
+ BTRFS_SEND_C_ENABLE_VERITY = 26,
+ BTRFS_SEND_C_MAX_V3 = 26,
/* End */
- BTRFS_SEND_C_MAX = 25,
+ BTRFS_SEND_C_MAX = 26,
};
/* attributes in send stream */
@@ -170,8 +172,15 @@ enum {
BTRFS_SEND_A_ENCRYPTION = 31,
BTRFS_SEND_A_MAX_V2 = 31,
+ /* Version 3 */
+ BTRFS_SEND_A_VERITY_ALGORITHM = 32,
+ BTRFS_SEND_A_VERITY_BLOCK_SIZE = 33,
+ BTRFS_SEND_A_VERITY_SALT_DATA = 34,
+ BTRFS_SEND_A_VERITY_SIG_DATA = 35,
+ BTRFS_SEND_A_MAX_V3 = 35,
+
/* End */
- BTRFS_SEND_A_MAX = 31,
+ BTRFS_SEND_A_MAX = 35,
};
#endif
Process an enable_verity cmd by running the enable verity ioctl on the file. Since enabling verity denies write access to the file, it is important that we don't have any open write file descriptors. This also revs the send stream format to version 3 with no format changes besides the new commands and attributes. Signed-off-by: Boris Burkov <boris@bur.io> -- Changes for v2: - remove verity.h copy, use UAPI --- cmds/receive-dump.c | 10 +++++++++ cmds/receive.c | 51 ++++++++++++++++++++++++++++++++++++++++++++ common/send-stream.c | 16 ++++++++++++++ common/send-stream.h | 3 +++ kernel-shared/send.h | 13 +++++++++-- 5 files changed, 91 insertions(+), 2 deletions(-)