From patchwork Tue Dec 13 17:29:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13072271 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 09ABBC4167B for ; Tue, 13 Dec 2022 17:31:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236368AbiLMRa5 (ORCPT ); Tue, 13 Dec 2022 12:30:57 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49002 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236113AbiLMRah (ORCPT ); Tue, 13 Dec 2022 12:30:37 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 00BEE2315F for ; Tue, 13 Dec 2022 09:29:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1670952582; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=b6NsA/Xg/ZlBOc/kTzK8dUjJC76dBdCS+EN14dWWQLg=; b=UJ8OU4UNpODsiYGUamIFbrHunC38RGvYHVuOP6noDgSuTir5YyfSfegmcdT3VGKOY6592R i8bbpyBmU4ormeFA0ddzqdo1G0Dz64c8dwjxELmWkTH1bQ6Bp2ZIANRsWD63bEj1YMqeWC s5mcQpSatUFWKObZa3dCCISEzKHgoTw= Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-269-TwkPC35vOFigesIw8uJ5Fg-1; Tue, 13 Dec 2022 12:29:41 -0500 X-MC-Unique: TwkPC35vOFigesIw8uJ5Fg-1 Received: by mail-ed1-f69.google.com with SMTP id m18-20020a056402511200b0046db14dc1c9so7719354edd.10 for ; Tue, 13 Dec 2022 09:29:40 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=b6NsA/Xg/ZlBOc/kTzK8dUjJC76dBdCS+EN14dWWQLg=; b=Of2yQcvlUzE3qUyPGvzdmWWHYnevJe3iimr5ld1xPsK3CWkWpoRWdWgMEbTvdJQFRA a/yIZdGl4S00dumklfl5/XNhOp+JRJq18lygAxeFrYq4pVuvObGcPvv3wsuqO7KixKNv nRq7EGNdmJFylBsotkwDjdYEmGUm5WZp6GfXjMIsR+0fPoa3HjMEhdnnK0VCd8cN2gWk HNG0lRKggLF9GdyFseQOXcPYjbdsErQFmMYDbsHnRhW7UBhjsISGQ9/nIQ1SglYFN2Mn CAgwAbbiBeiB/IlXmHdWHYCTsm6TnvUXMRUqtPxnoZyeO3xDwtKitsL9cxrpKxskAncY 8ang== X-Gm-Message-State: ANoB5pl+eAN56SJCdb+o9KAIE6aG7aXlDh2zrtxcWb5ySYtbM6H5VP18 tEQYXpeVeHFO2QYvYVAgO8vClQ0+I7i9DOgdBw/GTuM9bBCA7rlRv7IJSUz56wakxJallgriqHu JqLFKe0PevsB+WSxl7nn0Kklu X-Received: by 2002:a05:6402:5505:b0:45c:835b:8fb5 with SMTP id fi5-20020a056402550500b0045c835b8fb5mr17687133edb.32.1670952579707; Tue, 13 Dec 2022 09:29:39 -0800 (PST) X-Google-Smtp-Source: AA0mqf7qjioCE+Wh1+KtVn789k/6rYbXqUD3RgR71ElXoL1vUuQD8oUVn4IS2CUeadEQp2swqGUVJw== X-Received: by 2002:a05:6402:5505:b0:45c:835b:8fb5 with SMTP id fi5-20020a056402550500b0045c835b8fb5mr17687123edb.32.1670952579568; Tue, 13 Dec 2022 09:29:39 -0800 (PST) Received: from aalbersh.remote.csb ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id ec14-20020a0564020d4e00b0047025bf942bsm1204187edb.16.2022.12.13.09.29.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Dec 2022 09:29:39 -0800 (PST) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org Cc: Andrey Albershteyn Subject: [RFC PATCH 01/11] xfs: enable large folios in xfs_setup_inode() Date: Tue, 13 Dec 2022 18:29:25 +0100 Message-Id: <20221213172935.680971-2-aalbersh@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20221213172935.680971-1-aalbersh@redhat.com> References: <20221213172935.680971-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org This is more appropriate place to set large folios flag as other mapping's flags are set here. This will also allow to conditionally enable large folios based on inode's diflags (e.g. fs-verity). Signed-off-by: Andrey Albershteyn Reviewed-by: Dave Chinner --- fs/xfs/xfs_icache.c | 2 -- fs/xfs/xfs_iops.c | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/xfs/xfs_icache.c b/fs/xfs/xfs_icache.c index f35e2cee52655..8679739160507 100644 --- a/fs/xfs/xfs_icache.c +++ b/fs/xfs/xfs_icache.c @@ -88,7 +88,6 @@ xfs_inode_alloc( /* VFS doesn't initialise i_mode or i_state! */ VFS_I(ip)->i_mode = 0; VFS_I(ip)->i_state = 0; - mapping_set_large_folios(VFS_I(ip)->i_mapping); XFS_STATS_INC(mp, vn_active); ASSERT(atomic_read(&ip->i_pincount) == 0); @@ -323,7 +322,6 @@ xfs_reinit_inode( inode->i_rdev = dev; inode->i_uid = uid; inode->i_gid = gid; - mapping_set_large_folios(inode->i_mapping); return error; } diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c index 10a5e85f2a709..9c90cfcecabc2 100644 --- a/fs/xfs/xfs_iops.c +++ b/fs/xfs/xfs_iops.c @@ -1292,6 +1292,8 @@ xfs_setup_inode( gfp_mask = mapping_gfp_mask(inode->i_mapping); mapping_set_gfp_mask(inode->i_mapping, (gfp_mask & ~(__GFP_FS))); + mapping_set_large_folios(inode->i_mapping); + /* * If there is no attribute fork no ACL can exist on this inode, * and it can't have any file capabilities attached to it either. From patchwork Tue Dec 13 17:29:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13072268 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E55E8C4332F for ; Tue, 13 Dec 2022 17:30:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236331AbiLMRal (ORCPT ); Tue, 13 Dec 2022 12:30:41 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49054 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236257AbiLMRa2 (ORCPT ); Tue, 13 Dec 2022 12:30:28 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A33E02126F for ; Tue, 13 Dec 2022 09:29:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1670952582; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=X7aOzaH8w1oPNGJxdFvZ299A/3LW0IWhj+uSH4co6uo=; b=Sfn/uPTavwIbXoKuto3CiPB1cGl6GbhtQIcZt5QeikF6F5qHpxkX6sz483hV6IOtGTfMIr EJBfNHnTSeXN9Krnm068Ek1sKEXXyegpmmIY0w5Ncusmx9Kys/FrD9k8f9ogJrWhDEvWf5 Zbtfk+ZH+1ejG/Ept8mPX9CkYP74fJE= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-64-3aRh06ULPViHELg_FhBiNg-1; Tue, 13 Dec 2022 12:29:41 -0500 X-MC-Unique: 3aRh06ULPViHELg_FhBiNg-1 Received: by mail-ej1-f69.google.com with SMTP id xh12-20020a170906da8c00b007413144e87fso9706123ejb.14 for ; Tue, 13 Dec 2022 09:29:41 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=X7aOzaH8w1oPNGJxdFvZ299A/3LW0IWhj+uSH4co6uo=; b=lUosU9kEYGxRd0zoDEUodnxz2HuF7GUYa4sz8vHaCXuxl7tFHRIHGCxNdLYHetK3xF LmQBBh71nmDgXJN/iZItx5HrRJk97ZbjU8LPpltRgbTxiTuykViYloduDCpzLuaFyYOI peBAw8sbL0ps5cawOmI2oQG/LAMa3dYFtHofGologyhFE0PnS+j7om6OPbw5D1FdLLja bSVMDU6EZ9IOxmgd+NBNMwF65+jQqhdcXkz1hXUWH2fyPV/1ysUw4vR3ZLPb60KkdcSI 43+c83HQqChIInP+pECtVd4NDjnm2V+wTvPJ9ttz/+UP9pAO4XY9SqyTPJh33C0kEylC vYEQ== X-Gm-Message-State: ANoB5pldVJlTjD8N6z5Jy4eCzICG3Mk/nHWIct5E3uRnBXPUIKaykOkl 0Zhh1qno/i9uxckTDYbo5/AsDD7HEludmhXafzwfxVDtgusuv2AboJQ5mZ9nQwQnf9MOhPA1RMj c80k6D43NCTE3QgdeOf/870g/ X-Received: by 2002:aa7:d4d6:0:b0:46a:a94a:e424 with SMTP id t22-20020aa7d4d6000000b0046aa94ae424mr18886511edr.40.1670952580568; Tue, 13 Dec 2022 09:29:40 -0800 (PST) X-Google-Smtp-Source: AA0mqf5aVRp2Bd9Ma/3Z+2HR9K9G5JRA0WyHS7yqf2ie0nMXqV9Ii28qX8GFd8o1XgjlG6pHoLu+qw== X-Received: by 2002:aa7:d4d6:0:b0:46a:a94a:e424 with SMTP id t22-20020aa7d4d6000000b0046aa94ae424mr18886502edr.40.1670952580439; Tue, 13 Dec 2022 09:29:40 -0800 (PST) Received: from aalbersh.remote.csb ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id ec14-20020a0564020d4e00b0047025bf942bsm1204187edb.16.2022.12.13.09.29.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Dec 2022 09:29:40 -0800 (PST) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org Cc: Andrey Albershteyn Subject: [RFC PATCH 02/11] pagemap: add mapping_clear_large_folios() wrapper Date: Tue, 13 Dec 2022 18:29:26 +0100 Message-Id: <20221213172935.680971-3-aalbersh@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20221213172935.680971-1-aalbersh@redhat.com> References: <20221213172935.680971-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org Add wrapper to clear mapping's large folio flag. This is handy for disabling large folios on already existing inodes (e.g. future XFS integration of fs-verity). Signed-off-by: Andrey Albershteyn --- include/linux/pagemap.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/linux/pagemap.h b/include/linux/pagemap.h index bbccb40442224..63ca600bdf8f7 100644 --- a/include/linux/pagemap.h +++ b/include/linux/pagemap.h @@ -306,6 +306,11 @@ static inline void mapping_set_large_folios(struct address_space *mapping) __set_bit(AS_LARGE_FOLIO_SUPPORT, &mapping->flags); } +static inline void mapping_clear_large_folios(struct address_space *mapping) +{ + __clear_bit(AS_LARGE_FOLIO_SUPPORT, &mapping->flags); +} + /* * Large folio support currently depends on THP. These dependencies are * being worked on but are not yet fixed. From patchwork Tue Dec 13 17:29:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13072272 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A4C0CC4332F for ; Tue, 13 Dec 2022 17:31:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236109AbiLMRbA (ORCPT ); Tue, 13 Dec 2022 12:31:00 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49170 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236302AbiLMRai (ORCPT ); Tue, 13 Dec 2022 12:30:38 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F283922BEA for ; Tue, 13 Dec 2022 09:29:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1670952584; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PYjmeLrT3i6/hh4pTFXkLdj6FOGAvtP6dMYWRjFj29Y=; b=GS/EseoW2PUQ4iCSBEhMkdaDdcBWLASeaUbgv8Ft6Cr+GU0Eb8oZoeBg147gug9R3EQwmx R1SELNCR7iarN27P5xNBz1esUt3qrl1D2cRUJWEBURf6OCewSc7h9OfJ12j41g55dPccTE wZ5YkXGNisZ7VGNEwWAHyS3UDCxBgHg= Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-554-SC0lo9p9O3ub92PdFZrafQ-1; Tue, 13 Dec 2022 12:29:42 -0500 X-MC-Unique: SC0lo9p9O3ub92PdFZrafQ-1 Received: by mail-ed1-f71.google.com with SMTP id f17-20020a056402355100b00466481256f6so7669119edd.19 for ; Tue, 13 Dec 2022 09:29:42 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PYjmeLrT3i6/hh4pTFXkLdj6FOGAvtP6dMYWRjFj29Y=; b=dgWqp3VOp6wchAb27Qkta6uF8xsQXyBsSbbNKEDyz7mnjgenDh5JSF7gQHtJ76y32j GONlAIGto0Vdj6hOYL6x4cVqjeXj7S5UdMNK1Mh2BGmRj9imetHVdn4fDOSe0Mp+m6Wv dIUGshBt8k/KOw/9fPiTHvVQIqpTsdyhts2Od9nIn2IQTXS818mOdo99oynVOB3WfRxj O9PZpd5TowM6l5R+MNG1gwZsSKiYGQchKKwoVMGoWGiIr4Kp3qb5L1N8oYu3FKJjMpqG s+Y5T4fqEPzcMBSGKq/UvdtdMqkXMOwRLGQWihUzHMBufFwOn9dHk+aswWVuxiPB72LA W1fA== X-Gm-Message-State: ANoB5plARfEO+YftC4utVWExx+aAx0SXbrcdj7eDMuJQKkPTXqhON9Jy Yjo3CXh27sFhcD+xFuiYlWPRslrSa8V5HT1bSucRLCtRZD99VuWZayQV2HC1TYKAbzSb1UJLQVS klMTm11ArgMhEdm0H3WqNFTUA X-Received: by 2002:a05:6402:5305:b0:461:c6f8:fb72 with SMTP id eo5-20020a056402530500b00461c6f8fb72mr15805611edb.10.1670952581512; Tue, 13 Dec 2022 09:29:41 -0800 (PST) X-Google-Smtp-Source: AA0mqf73zYXk5C4Q9RiYEiIPI9dK+R4yDd40bqcxblgQCA8+sa8kOvFSja6W/u4rGCy7njSqJOO9Vg== X-Received: by 2002:a05:6402:5305:b0:461:c6f8:fb72 with SMTP id eo5-20020a056402530500b00461c6f8fb72mr15805603edb.10.1670952581288; Tue, 13 Dec 2022 09:29:41 -0800 (PST) Received: from aalbersh.remote.csb ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id ec14-20020a0564020d4e00b0047025bf942bsm1204187edb.16.2022.12.13.09.29.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Dec 2022 09:29:40 -0800 (PST) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org Cc: Andrey Albershteyn Subject: [RFC PATCH 03/11] xfs: add attribute type for fs-verity Date: Tue, 13 Dec 2022 18:29:27 +0100 Message-Id: <20221213172935.680971-4-aalbersh@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20221213172935.680971-1-aalbersh@redhat.com> References: <20221213172935.680971-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org The Merkle tree pages and descriptor are stored in the extended attributes of the inode. Add new attribute type for fs-verity metadata. Skip fs-verity attributes for getfattr as it can not parse binary page names. Signed-off-by: Andrey Albershteyn --- fs/xfs/libxfs/xfs_da_format.h | 5 ++++- fs/xfs/libxfs/xfs_log_format.h | 1 + fs/xfs/xfs_trace.h | 1 + fs/xfs/xfs_xattr.c | 3 +++ 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/fs/xfs/libxfs/xfs_da_format.h b/fs/xfs/libxfs/xfs_da_format.h index 75b13807145d1..778bf2b476618 100644 --- a/fs/xfs/libxfs/xfs_da_format.h +++ b/fs/xfs/libxfs/xfs_da_format.h @@ -689,14 +689,17 @@ struct xfs_attr3_leafblock { #define XFS_ATTR_ROOT_BIT 1 /* limit access to trusted attrs */ #define XFS_ATTR_SECURE_BIT 2 /* limit access to secure attrs */ #define XFS_ATTR_PARENT_BIT 3 /* parent pointer attrs */ +#define XFS_ATTR_VERITY_BIT 4 /* verity merkle tree and descriptor */ #define XFS_ATTR_INCOMPLETE_BIT 7 /* attr in middle of create/delete */ #define XFS_ATTR_LOCAL (1u << XFS_ATTR_LOCAL_BIT) #define XFS_ATTR_ROOT (1u << XFS_ATTR_ROOT_BIT) #define XFS_ATTR_SECURE (1u << XFS_ATTR_SECURE_BIT) #define XFS_ATTR_PARENT (1u << XFS_ATTR_PARENT_BIT) +#define XFS_ATTR_VERITY (1u << XFS_ATTR_VERITY_BIT) #define XFS_ATTR_INCOMPLETE (1u << XFS_ATTR_INCOMPLETE_BIT) #define XFS_ATTR_NSP_ONDISK_MASK \ - (XFS_ATTR_ROOT | XFS_ATTR_SECURE | XFS_ATTR_PARENT) + (XFS_ATTR_ROOT | XFS_ATTR_SECURE | XFS_ATTR_PARENT | \ + XFS_ATTR_VERITY) /* * Alignment for namelist and valuelist entries (since they are mixed diff --git a/fs/xfs/libxfs/xfs_log_format.h b/fs/xfs/libxfs/xfs_log_format.h index 727b5a8580285..678eacb7925c9 100644 --- a/fs/xfs/libxfs/xfs_log_format.h +++ b/fs/xfs/libxfs/xfs_log_format.h @@ -968,6 +968,7 @@ struct xfs_icreate_log { #define XFS_ATTRI_FILTER_MASK (XFS_ATTR_ROOT | \ XFS_ATTR_SECURE | \ XFS_ATTR_PARENT | \ + XFS_ATTR_VERITY | \ XFS_ATTR_INCOMPLETE) /* diff --git a/fs/xfs/xfs_trace.h b/fs/xfs/xfs_trace.h index 372d871bccc5e..5eceb259cc5f7 100644 --- a/fs/xfs/xfs_trace.h +++ b/fs/xfs/xfs_trace.h @@ -78,6 +78,7 @@ struct xfs_icwalk; #define XFS_ATTR_FILTER_FLAGS \ { XFS_ATTR_ROOT, "ROOT" }, \ { XFS_ATTR_SECURE, "SECURE" }, \ + { XFS_ATTR_VERITY, "VERITY" }, \ { XFS_ATTR_INCOMPLETE, "INCOMPLETE" } DECLARE_EVENT_CLASS(xfs_attr_list_class, diff --git a/fs/xfs/xfs_xattr.c b/fs/xfs/xfs_xattr.c index 5b57f6348d630..acbfa29d04af0 100644 --- a/fs/xfs/xfs_xattr.c +++ b/fs/xfs/xfs_xattr.c @@ -237,6 +237,9 @@ xfs_xattr_put_listent( if (flags & XFS_ATTR_PARENT) return; + if (flags & XFS_ATTR_VERITY) + return; + if (flags & XFS_ATTR_ROOT) { #ifdef CONFIG_XFS_POSIX_ACL if (namelen == SGI_ACL_FILE_SIZE && From patchwork Tue Dec 13 17:29:28 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13072274 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7BECEC10F1B for ; Tue, 13 Dec 2022 17:31:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236320AbiLMRbE (ORCPT ); Tue, 13 Dec 2022 12:31:04 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49068 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236303AbiLMRai (ORCPT ); Tue, 13 Dec 2022 12:30:38 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 705CC23170 for ; Tue, 13 Dec 2022 09:29:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1670952585; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dpUw5Y2TLDVtTXCSF2V9Ww7xiFXDGmNlxyIGTd/fNF8=; b=gVaJ6cdtj8d9Q9J0BAwIHzjSRcHrhV1QV42UfL3dM+RdSu0JqXlckgWOO1tUHSSBeHXtRi tSGt/yIFAzpQEMkPnF0FXblXiTsSWld2unXlYEUt9Y63gJIk51Z+0HNjupZANPLHR1PtX/ FSqkFWc+dYNXCfoJ3292OyNGABdztVk= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-562-EPT1BlQxOtqmflzdfRbwVQ-1; Tue, 13 Dec 2022 12:29:43 -0500 X-MC-Unique: EPT1BlQxOtqmflzdfRbwVQ-1 Received: by mail-ej1-f70.google.com with SMTP id ga21-20020a1709070c1500b007c171be7cd7so4134223ejc.20 for ; Tue, 13 Dec 2022 09:29:43 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dpUw5Y2TLDVtTXCSF2V9Ww7xiFXDGmNlxyIGTd/fNF8=; b=YvcEJZRVLB2Vv72zQzFc0zCmaO8kXet3ol5w+BsB/sm9H00InZB7p+GFeIVqA0bWyU /wvCvCQW7gSMOp6UtMIp7L8+Ajuzws/7SeaGDEcCHU8Sns6oJ6Tdg3OQYTbuvRvkDx6W iyZrOvfWns25HNOv+vi9haPpdDwyym60rVklwe4VYZZDwNadQG0st2FI38ry++nuFXfF 6Z5BlvQZQMmMnCc9KP1tdIcDooH3H/Xx5ElyCceSgWZ+xlRuHkGV72gM2ekJKPwjuTbF wSA7gUthl9eo+SM5lF35k5Bw5kbqBVb6JRsha5hlYMzw0vMyvoeUc0uXZxk+8d31bvBo 5SSg== X-Gm-Message-State: ANoB5pmpB6XKiPmTUT2knKDLuhiaNa64jGflUmLq8+4gUuCf8oXcxoY1 OVokBvX4ZxJ8wmSr0vm4u0Cm88n4ILjdq++x+ToPvvlv+LBfp59qNYY0nTg9fhoZSjrrswiDlPN g4IvlA582tjyjAvFVuidekaOu X-Received: by 2002:aa7:d814:0:b0:46f:d952:a0c with SMTP id v20-20020aa7d814000000b0046fd9520a0cmr8877986edq.20.1670952582278; Tue, 13 Dec 2022 09:29:42 -0800 (PST) X-Google-Smtp-Source: AA0mqf7PlCjp9cbbaShxk8BtTSop2M36G/FuymBo9yWHBHKi3JC/lYLxCB5Njfs0kRqD07nB5KwLEQ== X-Received: by 2002:aa7:d814:0:b0:46f:d952:a0c with SMTP id v20-20020aa7d814000000b0046fd9520a0cmr8877979edq.20.1670952582152; Tue, 13 Dec 2022 09:29:42 -0800 (PST) Received: from aalbersh.remote.csb ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id ec14-20020a0564020d4e00b0047025bf942bsm1204187edb.16.2022.12.13.09.29.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Dec 2022 09:29:41 -0800 (PST) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org Cc: Andrey Albershteyn Subject: [RFC PATCH 04/11] xfs: add fs-verity ro-compat flag Date: Tue, 13 Dec 2022 18:29:28 +0100 Message-Id: <20221213172935.680971-5-aalbersh@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20221213172935.680971-1-aalbersh@redhat.com> References: <20221213172935.680971-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org To mark inodes sealed with fs-verity the new XFS_DIFLAG2_VERITY flag will be added in further patch. This requires ro-compat flag to let older kernels know that fs with fs-verity can not be modified. Signed-off-by: Andrey Albershteyn --- fs/xfs/libxfs/xfs_format.h | 10 ++++++---- fs/xfs/libxfs/xfs_sb.c | 2 ++ fs/xfs/xfs_mount.h | 2 ++ 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/fs/xfs/libxfs/xfs_format.h b/fs/xfs/libxfs/xfs_format.h index f413819b2a8aa..2b76e646e6f14 100644 --- a/fs/xfs/libxfs/xfs_format.h +++ b/fs/xfs/libxfs/xfs_format.h @@ -353,11 +353,13 @@ xfs_sb_has_compat_feature( #define XFS_SB_FEAT_RO_COMPAT_RMAPBT (1 << 1) /* reverse map btree */ #define XFS_SB_FEAT_RO_COMPAT_REFLINK (1 << 2) /* reflinked files */ #define XFS_SB_FEAT_RO_COMPAT_INOBTCNT (1 << 3) /* inobt block counts */ +#define XFS_SB_FEAT_RO_COMPAT_VERITY (1 << 4) /* fs-verity */ #define XFS_SB_FEAT_RO_COMPAT_ALL \ - (XFS_SB_FEAT_RO_COMPAT_FINOBT | \ - XFS_SB_FEAT_RO_COMPAT_RMAPBT | \ - XFS_SB_FEAT_RO_COMPAT_REFLINK| \ - XFS_SB_FEAT_RO_COMPAT_INOBTCNT) + (XFS_SB_FEAT_RO_COMPAT_FINOBT | \ + XFS_SB_FEAT_RO_COMPAT_RMAPBT | \ + XFS_SB_FEAT_RO_COMPAT_REFLINK | \ + XFS_SB_FEAT_RO_COMPAT_INOBTCNT| \ + XFS_SB_FEAT_RO_COMPAT_VERITY) #define XFS_SB_FEAT_RO_COMPAT_UNKNOWN ~XFS_SB_FEAT_RO_COMPAT_ALL static inline bool xfs_sb_has_ro_compat_feature( diff --git a/fs/xfs/libxfs/xfs_sb.c b/fs/xfs/libxfs/xfs_sb.c index a59bf09495b1d..5c975879f5664 100644 --- a/fs/xfs/libxfs/xfs_sb.c +++ b/fs/xfs/libxfs/xfs_sb.c @@ -161,6 +161,8 @@ xfs_sb_version_to_features( features |= XFS_FEAT_REFLINK; if (sbp->sb_features_ro_compat & XFS_SB_FEAT_RO_COMPAT_INOBTCNT) features |= XFS_FEAT_INOBTCNT; + if (sbp->sb_features_ro_compat & XFS_SB_FEAT_RO_COMPAT_VERITY) + features |= XFS_FEAT_VERITY; if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_FTYPE) features |= XFS_FEAT_FTYPE; if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_SPINODES) diff --git a/fs/xfs/xfs_mount.h b/fs/xfs/xfs_mount.h index 8aca2cc173ac1..3da28271011d1 100644 --- a/fs/xfs/xfs_mount.h +++ b/fs/xfs/xfs_mount.h @@ -279,6 +279,7 @@ typedef struct xfs_mount { #define XFS_FEAT_BIGTIME (1ULL << 24) /* large timestamps */ #define XFS_FEAT_NEEDSREPAIR (1ULL << 25) /* needs xfs_repair */ #define XFS_FEAT_NREXT64 (1ULL << 26) /* large extent counters */ +#define XFS_FEAT_VERITY (1ULL << 27) /* fs-verity */ /* Mount features */ #define XFS_FEAT_NOATTR2 (1ULL << 48) /* disable attr2 creation */ @@ -342,6 +343,7 @@ __XFS_HAS_FEAT(inobtcounts, INOBTCNT) __XFS_HAS_FEAT(bigtime, BIGTIME) __XFS_HAS_FEAT(needsrepair, NEEDSREPAIR) __XFS_HAS_FEAT(large_extent_counts, NREXT64) +__XFS_HAS_FEAT(verity, VERITY) /* * Mount features From patchwork Tue Dec 13 17:29:29 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13072275 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 42C53C4332F for ; Tue, 13 Dec 2022 17:31:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235699AbiLMRbI (ORCPT ); Tue, 13 Dec 2022 12:31:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49172 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236315AbiLMRaj (ORCPT ); Tue, 13 Dec 2022 12:30:39 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5AC3823167 for ; Tue, 13 Dec 2022 09:29:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1670952585; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Nn5AV0iauh40sGcbOOXIUaQzVDgF5CNNvId9f7BzBCg=; b=cojLhd5zAJMHSNXi1rVZiA5Un1lCpaIyfVNiDQCEj7cXvDh2qlx4pf247P1CTy1lBkt9AI L8iSaoZ8lxTYSQ4mj2BZbMAvVSUJnSjTYDYPUdYHeK7oImTfDt8B3dIQl+ehK3tUK8KeI0 l9yvboS/j69Bv6PrrlfJm/0tT84SOjM= Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-576-VkuLXk0lNE6Nl0HrxwdKLA-1; Tue, 13 Dec 2022 12:29:44 -0500 X-MC-Unique: VkuLXk0lNE6Nl0HrxwdKLA-1 Received: by mail-ed1-f69.google.com with SMTP id z16-20020a05640235d000b0046d0912ae25so7687956edc.5 for ; Tue, 13 Dec 2022 09:29:44 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Nn5AV0iauh40sGcbOOXIUaQzVDgF5CNNvId9f7BzBCg=; b=3skW4p6ZoyYS4h820scU7HDHmFbojVU1KPj54bvEGqIMJtner75tTX6s3SGrUoeal7 oD4+qb4ybWnOZy3tjPbqp0zmcLdlu8b0kkOaK2fsKwpyb/gQBqwLf1s0VVfy81qsB98h RBg0Iid3nO5+SLUk+BF9/jwI+hJmzwTJnChpNXQrFoI7iPM7zW4pQU1dsmp0rHNx+6Jr jrz3+clZrrGsbaCM4PRDAV1NpsDPr4tmDuE9I/pKjMXMzHSA2afgxfkAv++w6SDvI9MM 4/aZSlZOx+wRQTAOYE3SaaxKjy72V2dl7lkGGBYu6+ZbmQ/d7sJEFaGLrYujdMmsgb/5 v8Vg== X-Gm-Message-State: ANoB5pnjvtJhENea6f+woOA/fu/aFNyt5Py2x3ozZ8jtdnYcZ5On7KVP OWBrthh8oDN50D+htJUwmZpC9/6r7IkwRtK79t4sl2c1nZ24fqOA+Bznww2O/TJbjhNZjTxVOeC 6Nc0WpXuMf7L+wLNZEWkZhcvu X-Received: by 2002:a05:6402:e06:b0:461:9764:15f0 with SMTP id h6-20020a0564020e0600b00461976415f0mr18787466edh.38.1670952583168; Tue, 13 Dec 2022 09:29:43 -0800 (PST) X-Google-Smtp-Source: AA0mqf6qdM1QaM3TVFAFyYeHnK+MxQfi4OtkyAMx8DAcTi2ppVi2HCox+UIpJMvIS8HSe3W6ErI54w== X-Received: by 2002:a05:6402:e06:b0:461:9764:15f0 with SMTP id h6-20020a0564020e0600b00461976415f0mr18787454edh.38.1670952582994; Tue, 13 Dec 2022 09:29:42 -0800 (PST) Received: from aalbersh.remote.csb ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id ec14-20020a0564020d4e00b0047025bf942bsm1204187edb.16.2022.12.13.09.29.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Dec 2022 09:29:42 -0800 (PST) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org Cc: Andrey Albershteyn Subject: [RFC PATCH 05/11] xfs: add inode on-disk VERITY flag Date: Tue, 13 Dec 2022 18:29:29 +0100 Message-Id: <20221213172935.680971-6-aalbersh@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20221213172935.680971-1-aalbersh@redhat.com> References: <20221213172935.680971-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org Add flag to mark inodes which have fs-verity enabled on them (i.e. descriptor exist and tree is built). Signed-off-by: Andrey Albershteyn --- fs/xfs/libxfs/xfs_format.h | 4 +++- fs/xfs/xfs_inode.c | 2 ++ fs/xfs/xfs_iops.c | 2 ++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/fs/xfs/libxfs/xfs_format.h b/fs/xfs/libxfs/xfs_format.h index 2b76e646e6f14..6950a4ef19967 100644 --- a/fs/xfs/libxfs/xfs_format.h +++ b/fs/xfs/libxfs/xfs_format.h @@ -1073,16 +1073,18 @@ static inline void xfs_dinode_put_rdev(struct xfs_dinode *dip, xfs_dev_t rdev) #define XFS_DIFLAG2_COWEXTSIZE_BIT 2 /* copy on write extent size hint */ #define XFS_DIFLAG2_BIGTIME_BIT 3 /* big timestamps */ #define XFS_DIFLAG2_NREXT64_BIT 4 /* large extent counters */ +#define XFS_DIFLAG2_VERITY_BIT 5 /* inode sealed by fsverity */ #define XFS_DIFLAG2_DAX (1 << XFS_DIFLAG2_DAX_BIT) #define XFS_DIFLAG2_REFLINK (1 << XFS_DIFLAG2_REFLINK_BIT) #define XFS_DIFLAG2_COWEXTSIZE (1 << XFS_DIFLAG2_COWEXTSIZE_BIT) #define XFS_DIFLAG2_BIGTIME (1 << XFS_DIFLAG2_BIGTIME_BIT) #define XFS_DIFLAG2_NREXT64 (1 << XFS_DIFLAG2_NREXT64_BIT) +#define XFS_DIFLAG2_VERITY (1 << XFS_DIFLAG2_VERITY_BIT) #define XFS_DIFLAG2_ANY \ (XFS_DIFLAG2_DAX | XFS_DIFLAG2_REFLINK | XFS_DIFLAG2_COWEXTSIZE | \ - XFS_DIFLAG2_BIGTIME | XFS_DIFLAG2_NREXT64) + XFS_DIFLAG2_BIGTIME | XFS_DIFLAG2_NREXT64 | XFS_DIFLAG2_VERITY) static inline bool xfs_dinode_has_bigtime(const struct xfs_dinode *dip) { diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c index f08a2d5f96ad4..8d9c9697d3619 100644 --- a/fs/xfs/xfs_inode.c +++ b/fs/xfs/xfs_inode.c @@ -636,6 +636,8 @@ xfs_ip2xflags( flags |= FS_XFLAG_DAX; if (ip->i_diflags2 & XFS_DIFLAG2_COWEXTSIZE) flags |= FS_XFLAG_COWEXTSIZE; + if (ip->i_diflags2 & XFS_DIFLAG2_VERITY) + flags |= FS_VERITY_FL; } if (xfs_inode_has_attr_fork(ip)) diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c index 9c90cfcecabc2..b229d25c1c3d6 100644 --- a/fs/xfs/xfs_iops.c +++ b/fs/xfs/xfs_iops.c @@ -1236,6 +1236,8 @@ xfs_diflags_to_iflags( flags |= S_NOATIME; if (init && xfs_inode_should_enable_dax(ip)) flags |= S_DAX; + if (xflags & FS_VERITY_FL) + flags |= S_VERITY; /* * S_DAX can only be set during inode initialization and is never set by From patchwork Tue Dec 13 17:29:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13072277 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 86C42C4332F for ; Tue, 13 Dec 2022 17:31:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236046AbiLMRbi (ORCPT ); Tue, 13 Dec 2022 12:31:38 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49180 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236262AbiLMRan (ORCPT ); Tue, 13 Dec 2022 12:30:43 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7DEFE2338C for ; Tue, 13 Dec 2022 09:29:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1670952589; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=DMVdYEIjGzzgVCYG3YnfAdNBSxBfSOUyway7T/qxVAM=; b=EPPcIlxEx/API2vsSodwikaOvjd5ittuUfdOaebZuJLy8sxwkiDhrgQVtMNhFRyMZ2vJIf xldeGkDbEsnXUpcmZ2JANokqpezVc/CubbmTgQqbU7hrynlQPSghALcfQIsOsJwwABVBYj 0lIdzbY0+WyCkgi1CDxEsXsdE+hXPX4= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-226-iXwPUxe7NkmLoqvCpmsDwA-1; Tue, 13 Dec 2022 12:29:46 -0500 X-MC-Unique: iXwPUxe7NkmLoqvCpmsDwA-1 Received: by mail-ej1-f70.google.com with SMTP id qb2-20020a1709077e8200b007bf01e43797so9793459ejc.13 for ; Tue, 13 Dec 2022 09:29:45 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DMVdYEIjGzzgVCYG3YnfAdNBSxBfSOUyway7T/qxVAM=; b=b31+fe9ZI2qUrezgXyiwvvDH7YLfSf7iET+Sgo9tFMsqqXyo3vyrxMmRo1RLzvQOFp dyiELxH1BTwQlnM/Sje5ZS7a+62qVzWOOfSwEAmBVmt0fVvhaPmrmTwwlX/FOZ/4qTJo gcIy+px8hQ3GuOoGYt5XzgH78rmiLB9RWCt0FJ7fnMoL+qQr9S364/t4gCbWEBoMKGIK QXw5vWs1VHddsZ4rjyLUQMVCWBJhQ5qCWl+Zec4ECiQ6kaeW3fDhgFXzKMVwyweq0xBr LbfX2j+rjD1J/42so3jmv1vYfyeGubvqehIGEopZPN19tVoyLQT044CX9tWMA7Keg45W LF5g== X-Gm-Message-State: ANoB5pkQ4rvENMa6YrlFKhgDuarMz/m2YC3Gc2dTlPbNqjVbJhBLj7Bk vUFdnWY3huqUHhkGRffSUNe+gqEGJ4pdHQWfDLOrzFqADoa01udMdeJCAeaSx5mjovqO4+XqROl Q2xMw0hxznrv24eOAjjW0Y8Lr X-Received: by 2002:a05:6402:f19:b0:46f:7453:a999 with SMTP id i25-20020a0564020f1900b0046f7453a999mr17902901eda.39.1670952584654; Tue, 13 Dec 2022 09:29:44 -0800 (PST) X-Google-Smtp-Source: AA0mqf5dpb+BtrXOV48EoDvxcYKIw/k9+7UnUHv1T33vANcGszfmmkbpje/gNx4hIvVmQXcwPVhXtQ== X-Received: by 2002:a05:6402:f19:b0:46f:7453:a999 with SMTP id i25-20020a0564020f1900b0046f7453a999mr17902886eda.39.1670952584513; Tue, 13 Dec 2022 09:29:44 -0800 (PST) Received: from aalbersh.remote.csb ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id ec14-20020a0564020d4e00b0047025bf942bsm1204187edb.16.2022.12.13.09.29.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Dec 2022 09:29:43 -0800 (PST) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org Cc: Andrey Albershteyn Subject: [RFC PATCH 06/11] xfs: initialize fs-verity on file open and cleanup on inode destruction Date: Tue, 13 Dec 2022 18:29:30 +0100 Message-Id: <20221213172935.680971-7-aalbersh@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20221213172935.680971-1-aalbersh@redhat.com> References: <20221213172935.680971-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org fs-verity will read and attach metadata (not the tree itself) from a disk for those inodes which already have fs-verity enabled. Signed-off-by: Andrey Albershteyn --- fs/xfs/xfs_file.c | 8 ++++++++ fs/xfs/xfs_super.c | 2 ++ 2 files changed, 10 insertions(+) diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c index 242165580e682..5eadd9a37c50e 100644 --- a/fs/xfs/xfs_file.c +++ b/fs/xfs/xfs_file.c @@ -32,6 +32,7 @@ #include #include #include +#include static const struct vm_operations_struct xfs_file_vm_ops; @@ -1170,9 +1171,16 @@ xfs_file_open( struct inode *inode, struct file *file) { + int error = 0; + if (xfs_is_shutdown(XFS_M(inode->i_sb))) return -EIO; file->f_mode |= FMODE_NOWAIT | FMODE_BUF_RASYNC | FMODE_BUF_WASYNC; + + error = fsverity_file_open(inode, file); + if (error) + return error; + return generic_file_open(inode, file); } diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c index 8f1e9b9ed35d9..50c2c819ba940 100644 --- a/fs/xfs/xfs_super.c +++ b/fs/xfs/xfs_super.c @@ -45,6 +45,7 @@ #include #include #include +#include static const struct super_operations xfs_super_operations; @@ -647,6 +648,7 @@ xfs_fs_destroy_inode( ASSERT(!rwsem_is_locked(&inode->i_rwsem)); XFS_STATS_INC(ip->i_mount, vn_rele); XFS_STATS_INC(ip->i_mount, vn_remove); + fsverity_cleanup_inode(inode); xfs_inode_mark_reclaimable(ip); } From patchwork Tue Dec 13 17:29:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13072270 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3AAFFC4167B for ; Tue, 13 Dec 2022 17:30:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236350AbiLMRas (ORCPT ); Tue, 13 Dec 2022 12:30:48 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49178 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235878AbiLMRah (ORCPT ); Tue, 13 Dec 2022 12:30:37 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 920D323152 for ; Tue, 13 Dec 2022 09:29:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1670952588; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=P1G95qaTROMe5TeWa2MEdzfjCg/0RQKcVeEKeOMEgQQ=; b=cI2JJuD1orAfSLLixAInkYfRyZIU/EpyuWDkGFHz9TM06HokyMvAwrfig8Vcae75eBiBA4 Vfyc+UIYwj1rYKrZeX2eqv6/UmTEeasbx/RmtzUzrH/Wa+sbqc+MJc4O3ynpix72Mcdol/ QDEETqWSQKWfP7nULZplXsOJ+JZDrS0= Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-652-FJ7n8XV7MISQnbGx160IjQ-1; Tue, 13 Dec 2022 12:29:46 -0500 X-MC-Unique: FJ7n8XV7MISQnbGx160IjQ-1 Received: by mail-ed1-f71.google.com with SMTP id b13-20020a056402350d00b00464175c3f1eso7711714edd.11 for ; Tue, 13 Dec 2022 09:29:46 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=P1G95qaTROMe5TeWa2MEdzfjCg/0RQKcVeEKeOMEgQQ=; b=dLelhNE0msOD/zMQ2TrQTiMyHOxlUNjjQmFXNRzgiJT11iLusT8PRnCiXaC/XdGrp9 5tTKjtgM2tcwTdwb5as8fCqc4BjNCRnf9yV1ubfVclA6JqVS6XM0OFB+4mNBoe2wnF87 Fm5uzf2T2HciXYxcPthyS+ziRELmR9Rku5Dxdh+XeE8njbF/fadpGFs1XDDbs/NKcuHS TxMQ8OXhhOEacJFEjPt4ebuI3UeSAKeYD2uxC8LKghX6I0G5GE71kn2pyLPNAexEuKC3 7ZGQfOd/XooINnRgbfHJ5p7ufI8LgXoUm3kuOWDjryj0uJ4ic112zR6enpXVxepirlX/ 3z+Q== X-Gm-Message-State: ANoB5pnuGE6jbGvXHHInHJ2LhlWCC/QGCAhnmyDmU/MSN16gGHl1g1E5 SSZbyMeS68YdRiKQtr4XxgOjhEdOM7VRQWcFz0fzMUNAYSW59rWBws/kovObqIERXAf021XKXuO hjjLyS/9CO+7J0aV/ZIpsePva X-Received: by 2002:a05:6402:65a:b0:46c:2034:f481 with SMTP id u26-20020a056402065a00b0046c2034f481mr21253796edx.8.1670952585544; Tue, 13 Dec 2022 09:29:45 -0800 (PST) X-Google-Smtp-Source: AA0mqf49GadwBBNQqxZylW80lnXLXsFDzu+9jd/T//0zrTD7s7L3ad+tNrjoVsQREKpKn+QzrVVffg== X-Received: by 2002:a05:6402:65a:b0:46c:2034:f481 with SMTP id u26-20020a056402065a00b0046c2034f481mr21253788edx.8.1670952585386; Tue, 13 Dec 2022 09:29:45 -0800 (PST) Received: from aalbersh.remote.csb ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id ec14-20020a0564020d4e00b0047025bf942bsm1204187edb.16.2022.12.13.09.29.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Dec 2022 09:29:44 -0800 (PST) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org Cc: Andrey Albershteyn Subject: [RFC PATCH 07/11] xfs: disable direct read path for fs-verity sealed files Date: Tue, 13 Dec 2022 18:29:31 +0100 Message-Id: <20221213172935.680971-8-aalbersh@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20221213172935.680971-1-aalbersh@redhat.com> References: <20221213172935.680971-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org The direct path is not supported on verity files. Attempts to use direct I/O path on such files should fall back to buffered I/O path. Signed-off-by: Andrey Albershteyn --- fs/xfs/xfs_file.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c index 5eadd9a37c50e..fb4181e38a19d 100644 --- a/fs/xfs/xfs_file.c +++ b/fs/xfs/xfs_file.c @@ -245,7 +245,8 @@ xfs_file_dax_read( struct kiocb *iocb, struct iov_iter *to) { - struct xfs_inode *ip = XFS_I(iocb->ki_filp->f_mapping->host); + struct inode *inode = iocb->ki_filp->f_mapping->host; + struct xfs_inode *ip = XFS_I(inode); ssize_t ret = 0; trace_xfs_file_dax_read(iocb, to); @@ -298,10 +299,17 @@ xfs_file_read_iter( if (IS_DAX(inode)) ret = xfs_file_dax_read(iocb, to); - else if (iocb->ki_flags & IOCB_DIRECT) + else if (iocb->ki_flags & IOCB_DIRECT && !fsverity_active(inode)) ret = xfs_file_dio_read(iocb, to); - else + else { + /* + * In case fs-verity is enabled, we also fallback to the + * buffered read from the direct read path. Therefore, + * IOCB_DIRECT is set and need to be cleared + */ + iocb->ki_flags &= ~IOCB_DIRECT; ret = xfs_file_buffered_read(iocb, to); + } if (ret > 0) XFS_STATS_ADD(mp, xs_read_bytes, ret); From patchwork Tue Dec 13 17:29:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13072273 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A3B00C10F1B for ; Tue, 13 Dec 2022 17:31:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236317AbiLMRbB (ORCPT ); Tue, 13 Dec 2022 12:31:01 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49182 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236310AbiLMRaj (ORCPT ); Tue, 13 Dec 2022 12:30:39 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E183023381 for ; Tue, 13 Dec 2022 09:29:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1670952589; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=r0lyKZLytTPe2tgsoK8ec8CNBM0ybARfQleJk6OVIIM=; b=FTWI/44Yv8CWHo51W0omCQAVQQwlYEzZbbQFYXYdumFcXwA0YsDJOW0ZdkPswuwYtm/WOQ i4k/jw1/mvwo/2BJAruohVo6bgxI8PJkeuqvqzejVz369GR16Xo6L2HN6h9C/lT7K8/L9h X7L3mD5wUQHia2q1+LKMTSe3vJZA9EU= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-56-IoF2YPiuObyTZou2fvpgZw-1; Tue, 13 Dec 2022 12:29:47 -0500 X-MC-Unique: IoF2YPiuObyTZou2fvpgZw-1 Received: by mail-ej1-f69.google.com with SMTP id nb4-20020a1709071c8400b007c18ba778e9so1881041ejc.16 for ; Tue, 13 Dec 2022 09:29:47 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=r0lyKZLytTPe2tgsoK8ec8CNBM0ybARfQleJk6OVIIM=; b=3kJeTSgla9WoOQsfqhYDZkDvvlRtDQRqRIrwE3IcKpjeWCPLUVTYPxgy42fTD8mR/c Zh7EmoOvCoD2l1I+GnlG/F3Psw1hw1HVI1s4nv+Ih4Y3xgaDFTnPyGWGwvAXNIJ/TYdF xpT0Zzi7J9VU+UhQDRVMlrg/8WF54JOQDOA8ljQG78yCLiV/pOv3PIspTWD5nsQI4SPM ndS9LCzcwLaDtjCZfrpbrvn7yM2ciIfDfIdA+tf4sRTV1CfHMG6OqkO8aTxPBFqHbfaA vEi/EgUPES9HTsL+UU0ktMfId35HCRG+ET9UX+UZ3qwIAWYw1QptPWGNjll9WfbRtG/0 jhlQ== X-Gm-Message-State: ANoB5pny2+h2eTb2O0/XmJFtP09AZ1tGHrjPYqHOZ6NqLO+fNDiMOB79 uUxPPVHGVPdYKPz1qPESNz6JusvoAUadr0iXdr10pitdKp7FoRApAc15h5yMZeMqZsfUtDYrETL NBwlARpRBg9+PUI4afWlx9ckL X-Received: by 2002:a05:6402:5389:b0:461:fc07:b9a7 with SMTP id ew9-20020a056402538900b00461fc07b9a7mr22768384edb.2.1670952586865; Tue, 13 Dec 2022 09:29:46 -0800 (PST) X-Google-Smtp-Source: AA0mqf4MMVU2ZSTGshSUNs1Im4i1IYGnQpezMKu2iDzHR1GIoaE/NP6NezsSzt33Apg0fNAeBJPfMA== X-Received: by 2002:a05:6402:5389:b0:461:fc07:b9a7 with SMTP id ew9-20020a056402538900b00461fc07b9a7mr22768369edb.2.1670952586679; Tue, 13 Dec 2022 09:29:46 -0800 (PST) Received: from aalbersh.remote.csb ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id ec14-20020a0564020d4e00b0047025bf942bsm1204187edb.16.2022.12.13.09.29.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Dec 2022 09:29:46 -0800 (PST) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org Cc: Andrey Albershteyn Subject: [RFC PATCH 08/11] xfs: don't enable large folios on fs-verity sealed inode Date: Tue, 13 Dec 2022 18:29:32 +0100 Message-Id: <20221213172935.680971-9-aalbersh@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20221213172935.680971-1-aalbersh@redhat.com> References: <20221213172935.680971-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org fs-verity doesn't work with large folios. Don't enable large folios on those inode which are already sealed with fs-verity (indicated by diflag). Signed-off-by: Andrey Albershteyn Reviewed-by: Dave Chinner --- fs/xfs/xfs_iops.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c index b229d25c1c3d6..a4c8db588690e 100644 --- a/fs/xfs/xfs_iops.c +++ b/fs/xfs/xfs_iops.c @@ -1294,7 +1294,12 @@ xfs_setup_inode( gfp_mask = mapping_gfp_mask(inode->i_mapping); mapping_set_gfp_mask(inode->i_mapping, (gfp_mask & ~(__GFP_FS))); - mapping_set_large_folios(inode->i_mapping); + /* + * As fs-verity doesn't support folios so far, we won't enable them on + * sealed inodes + */ + if (!IS_VERITY(inode)) + mapping_set_large_folios(inode->i_mapping); /* * If there is no attribute fork no ACL can exist on this inode, From patchwork Tue Dec 13 17:29:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13072276 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E950DC4332F for ; Tue, 13 Dec 2022 17:31:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236397AbiLMRbP (ORCPT ); Tue, 13 Dec 2022 12:31:15 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49194 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236334AbiLMRam (ORCPT ); Tue, 13 Dec 2022 12:30:42 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B9F8823392 for ; Tue, 13 Dec 2022 09:29:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1670952590; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hsBd8ArpKwpbm0RyMTCOHVrg4CJrwS1iGz8TYLb3WGg=; b=eSdGuVPudibN4ZdPhmTINkL/Ei0NhU+Htm4a8xR8Cba5V0N+g+zoRoKS7FB6EY8KGPkHmC vUgvwYEBaN6/qKmpf59udBuf7Fd5LcEOjxA9bziWE6709vEpR9JUv8KTqXt0h8cE+H+nKQ 4rqd5eayMRhidsvOByKgHaYZ6zBpLII= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-369-QgwHhmcBOcOP1gkQB1aWuw-1; Tue, 13 Dec 2022 12:29:48 -0500 X-MC-Unique: QgwHhmcBOcOP1gkQB1aWuw-1 Received: by mail-ej1-f71.google.com with SMTP id qb2-20020a1709077e8200b007bf01e43797so9793554ejc.13 for ; Tue, 13 Dec 2022 09:29:48 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hsBd8ArpKwpbm0RyMTCOHVrg4CJrwS1iGz8TYLb3WGg=; b=PYGk28ptDH6rZ9r4Xh7Rkm8aCzfMw5+vVFomG6pOZ892N5+P7UIUa0D+zE3454To+M goT3VqSNOkH6nmpYVuP6sFvw29/wUR58Uw40RPiHmmXo2Uv3oQBY6FCP71VRD5fRRPgi LTx0u5ELrSuUXfDKmdL7AWlYGlT7a9CW/wTFeV64TNGk3sXRKfvfNXemChO+OyGvlsGf Nk6Nnu0896PhfXDN14TYaGDtcV2KRdU3XT3QmZwOSMx81Hj+wuVhjhX7Yi5gY/kbUhEr 70XrPAghE9tDlOXh8260XLr/UmiV8vXLBAhIVEX6PCpE1VOZNV3bx9PdvztB6g1jiGzF d7eA== X-Gm-Message-State: ANoB5pmMAlHkFM4mfqQpJ+UiQ9d9yLzYZeuAW9FfwXvRPztNyTzHGv2e +eHradbpn6F7LFDGvnuoUr3m7l31Hd21hIlEt1f0MSuP9Y+yVqeUdbJ/pRqnyonyxh65yA1eZlr JlYc9t5i2ylzO0y7Qj6nnIrgX X-Received: by 2002:a05:6402:1947:b0:462:7b9a:686f with SMTP id f7-20020a056402194700b004627b9a686fmr16937281edz.4.1670952587624; Tue, 13 Dec 2022 09:29:47 -0800 (PST) X-Google-Smtp-Source: AA0mqf5/nzk/5ko7ikx1EaJwRFAERJfYlAqOuXuVinbYx0ZIZjaFcSJ2Xf6NmzqQahi9qwhjZixOoQ== X-Received: by 2002:a05:6402:1947:b0:462:7b9a:686f with SMTP id f7-20020a056402194700b004627b9a686fmr16937270edz.4.1670952587473; Tue, 13 Dec 2022 09:29:47 -0800 (PST) Received: from aalbersh.remote.csb ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id ec14-20020a0564020d4e00b0047025bf942bsm1204187edb.16.2022.12.13.09.29.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Dec 2022 09:29:47 -0800 (PST) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org Cc: Andrey Albershteyn Subject: [RFC PATCH 09/11] iomap: fs-verity verification on page read Date: Tue, 13 Dec 2022 18:29:33 +0100 Message-Id: <20221213172935.680971-10-aalbersh@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20221213172935.680971-1-aalbersh@redhat.com> References: <20221213172935.680971-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org Add fs-verity page verification in read IO path. The verification itself is offloaded into workqueue (provided by fs-verity). The work_struct items are allocated from bioset side by side with bio being processed. As inodes with fs-verity doesn't use large folios we check only first page of the folio for errors (set by fs-verity if verification failed). Signed-off-by: Andrey Albershteyn --- fs/iomap/buffered-io.c | 80 +++++++++++++++++++++++++++++++++++++++--- include/linux/iomap.h | 5 +++ 2 files changed, 81 insertions(+), 4 deletions(-) diff --git a/fs/iomap/buffered-io.c b/fs/iomap/buffered-io.c index 91ee0b308e13d..b7abc2f806cfc 100644 --- a/fs/iomap/buffered-io.c +++ b/fs/iomap/buffered-io.c @@ -17,6 +17,7 @@ #include #include #include +#include #include "trace.h" #include "../internal.h" @@ -42,6 +43,7 @@ static inline struct iomap_page *to_iomap_page(struct folio *folio) } static struct bio_set iomap_ioend_bioset; +static struct bio_set iomap_readend_bioset; static struct iomap_page * iomap_page_create(struct inode *inode, struct folio *folio, unsigned int flags) @@ -189,9 +191,39 @@ static void iomap_read_end_io(struct bio *bio) int error = blk_status_to_errno(bio->bi_status); struct folio_iter fi; - bio_for_each_folio_all(fi, bio) + bio_for_each_folio_all(fi, bio) { + /* + * As fs-verity doesn't work with multi-page folios, verity + * inodes have large folios disabled (only single page folios + * are used) + */ + if (!error) + error = PageError(folio_page(fi.folio, 0)); + iomap_finish_folio_read(fi.folio, fi.offset, fi.length, error); + } + bio_put(bio); + /* The iomap_readend has been freed by bio_put() */ +} + +static void iomap_read_work_end_io( + struct work_struct *work) +{ + struct iomap_readend *ctx = + container_of(work, struct iomap_readend, read_work); + struct bio *bio = &ctx->read_inline_bio; + + fsverity_verify_bio(bio); + iomap_read_end_io(bio); +} + +static void iomap_read_work_io(struct bio *bio) +{ + struct iomap_readend *ctx = + container_of(bio, struct iomap_readend, read_inline_bio); + + fsverity_enqueue_verify_work(&ctx->read_work); } struct iomap_readpage_ctx { @@ -264,6 +296,7 @@ static loff_t iomap_readpage_iter(const struct iomap_iter *iter, loff_t orig_pos = pos; size_t poff, plen; sector_t sector; + struct iomap_readend *readend; if (iomap->type == IOMAP_INLINE) return iomap_read_inline_data(iter, folio); @@ -276,7 +309,21 @@ static loff_t iomap_readpage_iter(const struct iomap_iter *iter, if (iomap_block_needs_zeroing(iter, pos)) { folio_zero_range(folio, poff, plen); - iomap_set_range_uptodate(folio, iop, poff, plen); + if (!fsverity_active(iter->inode)) { + iomap_set_range_uptodate(folio, iop, poff, plen); + goto done; + } + + /* + * As fs-verity doesn't work with folios sealed inodes have + * multi-page folios disabled and we can check on first and only + * page + */ + if (fsverity_verify_page(folio_page(folio, 0))) + iomap_set_range_uptodate(folio, iop, poff, plen); + else + folio_set_error(folio); + goto done; } @@ -297,8 +344,18 @@ static loff_t iomap_readpage_iter(const struct iomap_iter *iter, if (ctx->rac) /* same as readahead_gfp_mask */ gfp |= __GFP_NORETRY | __GFP_NOWARN; - ctx->bio = bio_alloc(iomap->bdev, bio_max_segs(nr_vecs), + if (fsverity_active(iter->inode)) { + ctx->bio = bio_alloc_bioset(iomap->bdev, + bio_max_segs(nr_vecs), REQ_OP_READ, + GFP_NOFS, &iomap_readend_bioset); + readend = container_of(ctx->bio, + struct iomap_readend, + read_inline_bio); + INIT_WORK(&readend->read_work, iomap_read_work_end_io); + } else { + ctx->bio = bio_alloc(iomap->bdev, bio_max_segs(nr_vecs), REQ_OP_READ, gfp); + } /* * If the bio_alloc fails, try it again for a single page to * avoid having to deal with partial page reads. This emulates @@ -311,7 +368,11 @@ static loff_t iomap_readpage_iter(const struct iomap_iter *iter, if (ctx->rac) ctx->bio->bi_opf |= REQ_RAHEAD; ctx->bio->bi_iter.bi_sector = sector; - ctx->bio->bi_end_io = iomap_read_end_io; + if (fsverity_active(iter->inode)) + ctx->bio->bi_end_io = iomap_read_work_io; + else + ctx->bio->bi_end_io = iomap_read_end_io; + bio_add_folio(ctx->bio, folio, plen, poff); } @@ -1546,6 +1607,17 @@ EXPORT_SYMBOL_GPL(iomap_writepages); static int __init iomap_init(void) { +#ifdef CONFIG_FS_VERITY + int error = 0; + + error = bioset_init(&iomap_readend_bioset, + 4 * (PAGE_SIZE / SECTOR_SIZE), + offsetof(struct iomap_readend, read_inline_bio), + BIOSET_NEED_BVECS); + if (error) + return error; +#endif + return bioset_init(&iomap_ioend_bioset, 4 * (PAGE_SIZE / SECTOR_SIZE), offsetof(struct iomap_ioend, io_inline_bio), BIOSET_NEED_BVECS); diff --git a/include/linux/iomap.h b/include/linux/iomap.h index 238a03087e17e..dbdef159b20d7 100644 --- a/include/linux/iomap.h +++ b/include/linux/iomap.h @@ -264,6 +264,11 @@ struct iomap_ioend { struct bio io_inline_bio; /* MUST BE LAST! */ }; +struct iomap_readend { + struct work_struct read_work; /* post read work (fs-verity) */ + struct bio read_inline_bio;/* MUST BE LAST! */ +}; + struct iomap_writeback_ops { /* * Required, maps the blocks so that writeback can be performed on From patchwork Tue Dec 13 17:29:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13072278 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6C4FAC10F1B for ; Tue, 13 Dec 2022 17:31:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236412AbiLMRbj (ORCPT ); Tue, 13 Dec 2022 12:31:39 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49192 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236282AbiLMRap (ORCPT ); Tue, 13 Dec 2022 12:30:45 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B34F223395 for ; Tue, 13 Dec 2022 09:29:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1670952591; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7AcOPhjBNP3YYrMH1MpqCjdI1yvhV6rSsFzQUZOjVA4=; b=HCAdOtqgvacJlmz5RDVuH8rOFKWP1xAll4afd7NCuXeGvMlDGvd3avZLoLaK6Xs7NPYHp3 VIm0y/3Qh6Ob2LgHzSU1b8/54D+LC7K19VQJx/FW4l5AWvZFnNT360gGErq/fFnDwMIEtd Bv0ULfkxfD4lF6IbTuARoJMdTTcz3CA= Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-489-eI0QdseXPMS2UBZDTiEfEA-1; Tue, 13 Dec 2022 12:29:49 -0500 X-MC-Unique: eI0QdseXPMS2UBZDTiEfEA-1 Received: by mail-ed1-f69.google.com with SMTP id y20-20020a056402271400b0046c9a6ec30fso7686591edd.14 for ; Tue, 13 Dec 2022 09:29:49 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7AcOPhjBNP3YYrMH1MpqCjdI1yvhV6rSsFzQUZOjVA4=; b=Ublz6+sGO7kmMAwerQLQbbuftYF5f3ogycbgo7MyxlxIR+JjIJwxBJhk7ZmyEm7M/D dJvuP+IrVXY8oJKafRZ+wD52aDRUZAR9jGUAAFHtDalepT4kM1C4gAzsUVbEeCUDvZ4D HYfQs1Zeyd/gAy0aGctrT+lOihyC9BNochGqqpZlu/0bM43MlCZAzbcIlBKoDZmnAbEJ m344zBfFwijIFDYY6waFKpUMqVig4JvEc0Zu+xPy8NWBA82B+8Qvatd5QI9mldRx3sHF Gr4PBj3or7bMdXooSvuuza5rBnBB+pxg6aa98WFXJP8iKmId7prqA0/iNrzrGCJCmg+6 Y++w== X-Gm-Message-State: ANoB5pnLYL9LsTp6RJbKOQ8A1vI+iwqC4CBQk+uj2KhUzogLSk+P+fok Z2WpGm9qOLREtqFGD2U0OORsDpNVxu+G898NxzIM4Ki3FFYR4zY4l0ao5Q5F4qiSfNh+evzVgQV 5hQsmw+RkIeXTDb/DHTqXzYep X-Received: by 2002:a05:6402:294d:b0:45c:cd16:aeae with SMTP id ed13-20020a056402294d00b0045ccd16aeaemr17634083edb.13.1670952588698; Tue, 13 Dec 2022 09:29:48 -0800 (PST) X-Google-Smtp-Source: AA0mqf7g+f81AoDPxBBSymiyRRy+EhAfrPjPqsbZz/ctE8vnernSk7jZGWtN7Vj8WarlzeMC5phV4A== X-Received: by 2002:a05:6402:294d:b0:45c:cd16:aeae with SMTP id ed13-20020a056402294d00b0045ccd16aeaemr17634066edb.13.1670952588390; Tue, 13 Dec 2022 09:29:48 -0800 (PST) Received: from aalbersh.remote.csb ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id ec14-20020a0564020d4e00b0047025bf942bsm1204187edb.16.2022.12.13.09.29.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Dec 2022 09:29:47 -0800 (PST) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org Cc: Andrey Albershteyn Subject: [RFC PATCH 10/11] xfs: add fs-verity support Date: Tue, 13 Dec 2022 18:29:34 +0100 Message-Id: <20221213172935.680971-11-aalbersh@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20221213172935.680971-1-aalbersh@redhat.com> References: <20221213172935.680971-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org Add integration with fs-verity. The XFS store fs-verity metadata in the extended attributes. The metadata consist of verity descriptor and Merkle tree pages. The descriptor is stored under "verity_descriptor" extended attribute. The Merkle tree pages are stored under binary indexes. When fs-verity is enabled on an inode, the XFS_IVERITY flag is set meaning that the Merkle tree is being build. Then, pagecache is flushed and large folios are disabled as these aren't yet supported by fs-verity. This is done in xfs_begin_enable_verity() to make sure that fs-verity operations on the inode don't populate cache with large folios during a tree build. The initialization ends with storing of verity descriptor and setting inode on-disk flag (XFS_DIFLAG2_VERITY). Also add check that block size == PAGE_SIZE as fs-verity doesn't support different sizes yet. Signed-off-by: Andrey Albershteyn --- fs/xfs/Makefile | 1 + fs/xfs/libxfs/xfs_attr.c | 8 ++ fs/xfs/xfs_inode.h | 1 + fs/xfs/xfs_super.c | 10 ++ fs/xfs/xfs_verity.c | 203 +++++++++++++++++++++++++++++++++++++++ fs/xfs/xfs_verity.h | 19 ++++ 6 files changed, 242 insertions(+) create mode 100644 fs/xfs/xfs_verity.c create mode 100644 fs/xfs/xfs_verity.h diff --git a/fs/xfs/Makefile b/fs/xfs/Makefile index 42d0496fdad7d..5afa8ae5b3b7f 100644 --- a/fs/xfs/Makefile +++ b/fs/xfs/Makefile @@ -131,6 +131,7 @@ xfs-$(CONFIG_XFS_POSIX_ACL) += xfs_acl.o xfs-$(CONFIG_SYSCTL) += xfs_sysctl.o xfs-$(CONFIG_COMPAT) += xfs_ioctl32.o xfs-$(CONFIG_EXPORTFS_BLOCK_OPS) += xfs_pnfs.o +xfs-$(CONFIG_FS_VERITY) += xfs_verity.o # notify failure ifeq ($(CONFIG_MEMORY_FAILURE),y) diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c index 57080ea4c869b..42013fc99b76a 100644 --- a/fs/xfs/libxfs/xfs_attr.c +++ b/fs/xfs/libxfs/xfs_attr.c @@ -26,6 +26,7 @@ #include "xfs_trace.h" #include "xfs_attr_item.h" #include "xfs_xattr.h" +#include "xfs_verity.h" struct kmem_cache *xfs_attr_intent_cache; @@ -1632,6 +1633,13 @@ xfs_attr_namecheck( return xfs_verify_pptr(mp, (struct xfs_parent_name_rec *)name); } + if (flags & XFS_ATTR_VERITY) { + if (length != sizeof(__be64) && + length != XFS_VERITY_DESCRIPTOR_NAME_LEN) + return false; + return true; + } + return xfs_str_attr_namecheck(name, length); } diff --git a/fs/xfs/xfs_inode.h b/fs/xfs/xfs_inode.h index 5735de32beebd..070631adac572 100644 --- a/fs/xfs/xfs_inode.h +++ b/fs/xfs/xfs_inode.h @@ -325,6 +325,7 @@ static inline bool xfs_inode_has_large_extent_counts(struct xfs_inode *ip) * plain old IRECLAIMABLE inode. */ #define XFS_INACTIVATING (1 << 13) +#define XFS_IVERITY (1 << 14) /* merkle tree is in progress */ /* All inode state flags related to inode reclaim. */ #define XFS_ALL_IRECLAIM_FLAGS (XFS_IRECLAIMABLE | \ diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c index 50c2c819ba940..a3c89d2c06a8a 100644 --- a/fs/xfs/xfs_super.c +++ b/fs/xfs/xfs_super.c @@ -41,6 +41,7 @@ #include "xfs_attr_item.h" #include "xfs_xattr.h" #include "xfs_iunlink_item.h" +#include "xfs_verity.h" #include #include @@ -1469,6 +1470,9 @@ xfs_fs_fill_super( sb->s_quota_types = QTYPE_MASK_USR | QTYPE_MASK_GRP | QTYPE_MASK_PRJ; #endif sb->s_op = &xfs_super_operations; +#ifdef CONFIG_FS_VERITY + sb->s_vop = &xfs_verity_ops; +#endif /* * Delay mount work if the debug hook is set. This is debug @@ -1669,6 +1673,12 @@ xfs_fs_fill_super( xfs_alert(mp, "EXPERIMENTAL parent pointer feature enabled. Use at your own risk!"); + if (xfs_has_verity(mp) && mp->m_super->s_blocksize != PAGE_SIZE) { + xfs_alert(mp, + "Cannot use fs-verity with block size != PAGE_SIZE"); + goto out_filestream_unmount; + } + error = xfs_mountfs(mp); if (error) goto out_filestream_unmount; diff --git a/fs/xfs/xfs_verity.c b/fs/xfs/xfs_verity.c new file mode 100644 index 0000000000000..112a72d0b0ca7 --- /dev/null +++ b/fs/xfs/xfs_verity.c @@ -0,0 +1,203 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2022 Red Hat, Inc. + */ +#include "xfs.h" +#include "xfs_shared.h" +#include "xfs_format.h" +#include "xfs_da_format.h" +#include "xfs_da_btree.h" +#include "xfs_trans_resv.h" +#include "xfs_mount.h" +#include "xfs_inode.h" +#include "xfs_attr.h" +#include "xfs_verity.h" +#include "xfs_bmap_util.h" +#include "xfs_log_format.h" +#include "xfs_trans.h" + +static int +xfs_get_verity_descriptor( + struct inode *inode, + void *buf, + size_t buf_size) +{ + struct xfs_inode *ip = XFS_I(inode); + int error = 0; + struct xfs_da_args args = { + .dp = ip, + .attr_filter = XFS_ATTR_VERITY, + .name = (const uint8_t *)XFS_VERITY_DESCRIPTOR_NAME, + .namelen = XFS_VERITY_DESCRIPTOR_NAME_LEN, + .valuelen = buf_size, + }; + + error = xfs_attr_get(&args); + if (error) + return error; + + if (buf_size == 0) + return args.valuelen; + + if (args.valuelen > buf_size) { + kmem_free(args.value); + return -ERANGE; + } + + memcpy(buf, args.value, buf_size); + + kmem_free(args.value); + return args.valuelen; +} + +static int +xfs_begin_enable_verity( + struct file *filp) +{ + struct inode *inode = file_inode(filp); + struct xfs_inode *ip = XFS_I(inode); + int error = 0; + + if (IS_DAX(inode)) + return -EINVAL; + + if (xfs_iflags_test(ip, XFS_IVERITY)) + return -EBUSY; + xfs_iflags_set(ip, XFS_IVERITY); + + /* + * As fs-verity doesn't support multi-page folios yet, flush everything + * from page cache and disable it + */ + filemap_invalidate_lock(inode->i_mapping); + + inode_dio_wait(inode); + error = xfs_flush_unmap_range(ip, 0, XFS_ISIZE(ip)); + if (error) + goto out; + mapping_clear_large_folios(inode->i_mapping); + +out: + filemap_invalidate_unlock(inode->i_mapping); + if (error) + xfs_iflags_clear(ip, XFS_IVERITY); + return error; +} + +static int +xfs_end_enable_verity( + struct file *filp, + const void *desc, + size_t desc_size, + u64 merkle_tree_size) +{ + struct inode *inode = file_inode(filp); + struct xfs_inode *ip = XFS_I(inode); + struct xfs_mount *mp = ip->i_mount; + struct xfs_trans *tp; + struct xfs_da_args args = { + .dp = ip, + .whichfork = XFS_ATTR_FORK, + .attr_filter = XFS_ATTR_VERITY, + .attr_flags = XATTR_CREATE, + .name = (const uint8_t *)XFS_VERITY_DESCRIPTOR_NAME, + .namelen = XFS_VERITY_DESCRIPTOR_NAME_LEN, + .value = (void *)desc, + .valuelen = desc_size, + }; + int error = 0; + + /* fs-verity failed, just cleanup */ + if (desc == NULL) { + mapping_set_large_folios(inode->i_mapping); + goto out; + } + + error = xfs_attr_set(&args); + if (error) + goto out; + + /* Set fsverity inode flag */ + error = xfs_trans_alloc(mp, &M_RES(mp)->tr_ichange, 0, 0, 0, &tp); + if (error) + goto out; + + xfs_ilock(ip, XFS_ILOCK_EXCL); + xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL); + + ip->i_diflags2 |= XFS_DIFLAG2_VERITY; + inode->i_flags |= S_VERITY; + + xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); + error = xfs_trans_commit(tp); + +out: + if (error) + mapping_set_large_folios(inode->i_mapping); + + xfs_iflags_clear(ip, XFS_IVERITY); + return error; +} + +static struct page * +xfs_read_merkle_tree_page( + struct inode *inode, + pgoff_t index, + unsigned long num_ra_pages) +{ + struct xfs_inode *ip = XFS_I(inode); + struct page *page; + __be64 name = cpu_to_be64(index); + struct xfs_da_args args = { + .dp = ip, + .attr_filter = XFS_ATTR_VERITY, + .name = (const uint8_t *)&name, + .namelen = sizeof(__be64), + .valuelen = PAGE_SIZE, + }; + int error = 0; + + error = xfs_attr_get(&args); + if (error) + return ERR_PTR(-EFAULT); + + page = alloc_page(GFP_KERNEL); + if (!page) + return ERR_PTR(-ENOMEM); + + memcpy(page_address(page), args.value, args.valuelen); + + kmem_free(args.value); + return page; +} + +static int +xfs_write_merkle_tree_block( + struct inode *inode, + const void *buf, + u64 index, + int log_blocksize) +{ + struct xfs_inode *ip = XFS_I(inode); + __be64 name = cpu_to_be64(index); + struct xfs_da_args args = { + .dp = ip, + .whichfork = XFS_ATTR_FORK, + .attr_filter = XFS_ATTR_VERITY, + .attr_flags = XATTR_CREATE, + .name = (const uint8_t *)&name, + .namelen = sizeof(__be64), + .value = (void *)buf, + .valuelen = 1 << log_blocksize, + }; + + return xfs_attr_set(&args); +} + +const struct fsverity_operations xfs_verity_ops = { + .begin_enable_verity = &xfs_begin_enable_verity, + .end_enable_verity = &xfs_end_enable_verity, + .get_verity_descriptor = &xfs_get_verity_descriptor, + .read_merkle_tree_page = &xfs_read_merkle_tree_page, + .write_merkle_tree_block = &xfs_write_merkle_tree_block, +}; diff --git a/fs/xfs/xfs_verity.h b/fs/xfs/xfs_verity.h new file mode 100644 index 0000000000000..ae5d87ca32a86 --- /dev/null +++ b/fs/xfs/xfs_verity.h @@ -0,0 +1,19 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2022 Red Hat, Inc. + */ +#ifndef __XFS_VERITY_H__ +#define __XFS_VERITY_H__ + +#include + +#define XFS_VERITY_DESCRIPTOR_NAME "verity_descriptor" +#define XFS_VERITY_DESCRIPTOR_NAME_LEN 17 + +#ifdef CONFIG_FS_VERITY +extern const struct fsverity_operations xfs_verity_ops; +#else +#define xfs_verity_ops NULL +#endif /* CONFIG_FS_VERITY */ + +#endif /* __XFS_VERITY_H__ */ From patchwork Tue Dec 13 17:29:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13072279 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 88CB5C10F1B for ; Tue, 13 Dec 2022 17:31:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236415AbiLMRbw (ORCPT ); Tue, 13 Dec 2022 12:31:52 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49200 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235962AbiLMRas (ORCPT ); Tue, 13 Dec 2022 12:30:48 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2C92123397 for ; Tue, 13 Dec 2022 09:29:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1670952591; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+GiG0BGe80J6W6TnK0jiJK/bNKCYrNUMGHoKQBGkRkw=; b=fa0+ibUbJCodjilQmYgM4XGPvdANJdFMbXcLv9sCwuMZ/GxepQ18BAcVlPyxSZKlyME6Wt s7r5rX1RgR1+S+I+QjZx91KV+vfe0a9eVzyKoN/OjvpFyrseVL/ICMqzCCn91G5UWmB7fR c1nkFu8xPNe7sAaeFid1K3ajBKsJfhc= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-587-FXl_S_ZcPYiv6ayb4KD6fg-1; Tue, 13 Dec 2022 12:29:50 -0500 X-MC-Unique: FXl_S_ZcPYiv6ayb4KD6fg-1 Received: by mail-ej1-f69.google.com with SMTP id hq42-20020a1709073f2a00b007c100387d64so9616279ejc.3 for ; Tue, 13 Dec 2022 09:29:50 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+GiG0BGe80J6W6TnK0jiJK/bNKCYrNUMGHoKQBGkRkw=; b=0dFXbEC8Bj46Gf8vM041SjxIbxz/nNsfVXpETvWwDn3oVkXpg5BWFUbVZNYIKagpVl 6kbt54PqXoqysCs23kQcEGTUI6ZIz3TtDFXSHU09Xd4Hw1P0teHOiR819NKReI12FU+2 HenWUnz51Gf6ExuF7PmDLwOjKtmDzgooMIWEUVpoEQYxAw5bCr1wOd0x88g0HfOT+805 kjUiE0MNUnQHaJuzODEF2iGwXxZT3YOHf/ksg0ucb3SsofpB0z6llB3k3DleQ2uxscBR OMXceK/yA3l3RIr41itwnhLGji07wlaFWZSpR/A6aH9M74NxdMtBQ29GwpWQduGcaM66 YBgw== X-Gm-Message-State: ANoB5pkWIlh4DUeO1LMYOaNdo7CqgR4jInR5U36hfo+FcZyoaFCfmv9w oCMJpqgwriUA/LfLZCbWcPl3wbCOVOsox6wq6MCaX1VicJ6ThSMTGYPopoJwUJ535QbAw7U5lVZ Q9u9hqrW3LEv1RW/ccEeUjJWE X-Received: by 2002:a05:6402:2986:b0:45c:834b:f298 with SMTP id eq6-20020a056402298600b0045c834bf298mr16957704edb.21.1670952589314; Tue, 13 Dec 2022 09:29:49 -0800 (PST) X-Google-Smtp-Source: AA0mqf4+VYAsy05Ni1/O+l//FoyYcD0DzahMvHdo1dYl84a/uMCpesHVM+J1EHD+ElFaOaTbL4DKPQ== X-Received: by 2002:a05:6402:2986:b0:45c:834b:f298 with SMTP id eq6-20020a056402298600b0045c834bf298mr16957692edb.21.1670952589140; Tue, 13 Dec 2022 09:29:49 -0800 (PST) Received: from aalbersh.remote.csb ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id ec14-20020a0564020d4e00b0047025bf942bsm1204187edb.16.2022.12.13.09.29.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Dec 2022 09:29:48 -0800 (PST) From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org Cc: Andrey Albershteyn Subject: [RFC PATCH 11/11] xfs: add fs-verity ioctls Date: Tue, 13 Dec 2022 18:29:35 +0100 Message-Id: <20221213172935.680971-12-aalbersh@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20221213172935.680971-1-aalbersh@redhat.com> References: <20221213172935.680971-1-aalbersh@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org Add fs-verity ioctls to enable, dump metadata (descriptor and Merkle tree pages) and obtain file's digest. Signed-off-by: Andrey Albershteyn --- fs/xfs/xfs_ioctl.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c index 3cd46d030ccdc..dff3672c16140 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c @@ -43,6 +43,7 @@ #include #include #include +#include /* * xfs_find_handle maps from userspace xfs_fsop_handlereq structure to @@ -2267,6 +2268,16 @@ xfs_file_ioctl( return error; } + case FS_IOC_ENABLE_VERITY: + return fsverity_ioctl_enable(filp, (const void __user *)arg); + + case FS_IOC_MEASURE_VERITY: + return fsverity_ioctl_measure(filp, (void __user *)arg); + + case FS_IOC_READ_VERITY_METADATA: + return fsverity_ioctl_read_metadata(filp, + (const void __user *)arg); + default: return -ENOTTY; }