From patchwork Mon Feb 12 16:57:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13553712 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 900B33D561 for ; Mon, 12 Feb 2024 16:59:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757197; cv=none; b=WEAQU39epu1oCO2dgHfVASK1nxAONoetE1d+TwgnzsbGFGhpR3k3bQ23rfzIQeF1GYT8egg3lwl0y2sE3mxmpZlL6DRpqBwyBe/1QSAnpmCqqiXJ16GRQoiwF8x44QVZaiPaV1TFdMsOhKSYYvq2U3BlrYNvcl6+bIsp16iVnNQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757197; c=relaxed/simple; bh=grAu43Eie92E+XOQ7d04C6cdM5uR0Ox/AK1rLCL9Nso=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=W1tIZhQRwvDUU/q9YBRXxSjq7LOkS1K8TcdrBi6whfMW0gVyvTok+YrGuh+G9q6DZtNCX+mu6/JABdfkixRxENk1vZd26l+1u29zAyQQLJ1JjHJP7fbuS5tI72qSm2lfhmGBv9tVhX1cd9HiC8CqY18u7CoiEJkl7GTyYc1ZvOg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=JGX4LkD3; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="JGX4LkD3" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707757193; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qXH4oA7cWAgzu2mxLxXFHd34t/bbMKvcNeTx3/w9/Kc=; b=JGX4LkD3z+4cf9qGvLoDyncZK6lwHkNYoNzaRGH6G8iZoz9NkFMVvuXbvrQZaRfb+kkmti VuDMWeKhcFxvQwO4+GyW2vNBtAQ6boUREzwPwYKx2KYygWOIC6loXHMHKWtYIqEY5TqPq5 hiX/SiP2UC6dBg0/noZIhAJ3vWBQvUc= Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-45-dr_fO5U4NNe8rl7tiqP6_g-1; Mon, 12 Feb 2024 11:59:52 -0500 X-MC-Unique: dr_fO5U4NNe8rl7tiqP6_g-1 Received: by mail-ed1-f71.google.com with SMTP id 4fb4d7f45d1cf-561bc69fbe5so578231a12.2 for ; Mon, 12 Feb 2024 08:59:52 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707757191; x=1708361991; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qXH4oA7cWAgzu2mxLxXFHd34t/bbMKvcNeTx3/w9/Kc=; b=gK62E2CBacOlYyeURID+CWg3yOkAs+17oF1b4D0GTXHBS12J3gf/bYzm9DUcYJ0tux yVvw9XkTMxfsSrHFHqDrcnL9Vlwbw2H55udRG5S6wRoCYqRNy0IdxTHxak/kIgAIGWdB fbz8suvp9MfwVfPhhe3nhYllmFBO0wCqcgs0tsCPbTDVEMjqSHKnCCyVbquVdZ46Iw7f QDjCn4aT8WtIMvgdL2sMA4EMA3y3eLy0gVqLfteJfi10Q18zYrF26hLbiyh35uCkCKWp 4fCKcG79gqJCpmtKYG26JXwEz201HgbpEuEYyxbR8PzsBlDxJbfBNEvJVzlN/uAWsd2y n5zw== X-Gm-Message-State: AOJu0YzNYDmUfE0MYNaMWWdatgRKkSqs8al8VnPyhdmNlgjJYQy5oW9X lmVg+notbX/0rgU1lLhTQXSkK4kdTtlVHao+T9lHwYNlaKMMUmzZv/Svq6GCRNVLFLHPeVbJnXk SLLjbx3JmB5WyjadWVhLwIN4ONEDzzuXbaWvqNKwd7hR+31uB1RHrlznNXGJxQ5iEgne1zp1rPQ pq24AooIXYHY1D4t0uy3J7JK1+eMIaBhv0ZxJT6Is= X-Received: by 2002:aa7:d7d4:0:b0:560:f198:2487 with SMTP id e20-20020aa7d7d4000000b00560f1982487mr5725053eds.25.1707757190847; Mon, 12 Feb 2024 08:59:50 -0800 (PST) X-Google-Smtp-Source: AGHT+IFLTFCgjo7kG8sCDmOGPNpbHgDlSUUvJl8h+Af/sj+QMHQFJDSJruZtXYf+qgH+oOeYv5g8Jg== X-Received: by 2002:aa7:d7d4:0:b0:560:f198:2487 with SMTP id e20-20020aa7d7d4000000b00560f1982487mr5725032eds.25.1707757190528; Mon, 12 Feb 2024 08:59:50 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCUfEo4gBfEtirxv7HSr/88kXx7viNjV4HuFhlzUNIiY6IyNW2AWYmZVS4vQmlg90MWz21goBMarPo6dXNa+9eqUrYrm+vCO3BlCUvfdJ6ynwFiac43yD1m01qUPoWkHG1jp/r9sPnS4/ER4K+0uXiJmHEn0AzD/xStG3C/M/vXIdJWHySWWcXmngt8x2D0+veb4zPn8QcxNwCDm59PtK4BSAsixgL9l2cON1i6+AKvcLXm8nxCWUt+4Glmj41+v Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id 14-20020a0564021f4e00b0056176e95a88sm2620261edz.32.2024.02.12.08.59.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Feb 2024 08:59:50 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn , Eric Biggers Subject: [PATCH v4 01/25] fsverity: remove hash page spin lock Date: Mon, 12 Feb 2024 17:57:58 +0100 Message-Id: <20240212165821.1901300-2-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240212165821.1901300-1-aalbersh@redhat.com> References: <20240212165821.1901300-1-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com The spin lock is not necessary here as it can be replaced with memory barrier which should be better performance-wise. When Merkle tree block size differs from page size, in is_hash_block_verified() two things are modified during check - a bitmap and PG_checked flag of the page. Each bit in the bitmap represent verification status of the Merkle tree blocks. PG_checked flag tells if page was just re-instantiated or was in pagecache. Both of this states are shared between verification threads. Page which was re-instantiated can not have already verified blocks (bit set in bitmap). The spin lock was used to allow only one thread to modify both of these states and keep order of operations. The only requirement here is that PG_Checked is set strictly after bitmap is updated. This way other threads which see that PG_Checked=1 (page cached) knows that bitmap is up-to-date. Otherwise, if PG_Checked is set before bitmap is cleared, other threads can see bit=1 and therefore will not perform verification of that Merkle tree block. However, there's still the case when one thread is setting a bit in verify_data_block() and other thread is clearing it in is_hash_block_verified(). This can happen if two threads get to !PageChecked branch and one of the threads is rescheduled before resetting the bitmap. This is fine as at worst blocks are re-verified in each thread. Signed-off-by: Eric Biggers Reviewed-by: Andrey Albershteyn Signed-off-by: Andrey Albershteyn --- fs/verity/fsverity_private.h | 1 - fs/verity/open.c | 1 - fs/verity/verify.c | 48 ++++++++++++++++++------------------ 3 files changed, 24 insertions(+), 26 deletions(-) diff --git a/fs/verity/fsverity_private.h b/fs/verity/fsverity_private.h index a6a6b2749241..b3506f56e180 100644 --- a/fs/verity/fsverity_private.h +++ b/fs/verity/fsverity_private.h @@ -69,7 +69,6 @@ struct fsverity_info { u8 file_digest[FS_VERITY_MAX_DIGEST_SIZE]; const struct inode *inode; unsigned long *hash_block_verified; - spinlock_t hash_page_init_lock; }; #define FS_VERITY_MAX_SIGNATURE_SIZE (FS_VERITY_MAX_DESCRIPTOR_SIZE - \ diff --git a/fs/verity/open.c b/fs/verity/open.c index 6c31a871b84b..fdeb95eca3af 100644 --- a/fs/verity/open.c +++ b/fs/verity/open.c @@ -239,7 +239,6 @@ struct fsverity_info *fsverity_create_info(const struct inode *inode, err = -ENOMEM; goto fail; } - spin_lock_init(&vi->hash_page_init_lock); } return vi; diff --git a/fs/verity/verify.c b/fs/verity/verify.c index 904ccd7e8e16..4fcad0825a12 100644 --- a/fs/verity/verify.c +++ b/fs/verity/verify.c @@ -19,7 +19,6 @@ static struct workqueue_struct *fsverity_read_workqueue; static bool is_hash_block_verified(struct fsverity_info *vi, struct page *hpage, unsigned long hblock_idx) { - bool verified; unsigned int blocks_per_page; unsigned int i; @@ -43,12 +42,20 @@ static bool is_hash_block_verified(struct fsverity_info *vi, struct page *hpage, * re-instantiated from the backing storage are re-verified. To do * this, we use PG_checked again, but now it doesn't really mean * "checked". Instead, now it just serves as an indicator for whether - * the hash page is newly instantiated or not. + * the hash page is newly instantiated or not. If the page is new, as + * indicated by PG_checked=0, we clear the bitmap bits for the page's + * blocks since they are untrustworthy, then set PG_checked=1. + * Otherwise we return the bitmap bit for the requested block. * - * The first thread that sees PG_checked=0 must clear the corresponding - * bitmap bits, then set PG_checked=1. This requires a spinlock. To - * avoid having to take this spinlock in the common case of - * PG_checked=1, we start with an opportunistic lockless read. + * Multiple threads may execute this code concurrently on the same page. + * This is safe because we use memory barriers to ensure that if a + * thread sees PG_checked=1, then it also sees the associated bitmap + * clearing to have occurred. Also, all writes and their corresponding + * reads are atomic, and all writes are safe to repeat in the event that + * multiple threads get into the PG_checked=0 section. (Clearing a + * bitmap bit again at worst causes a hash block to be verified + * redundantly. That event should be very rare, so it's not worth using + * a lock to avoid. Setting PG_checked again has no effect.) */ if (PageChecked(hpage)) { /* @@ -58,24 +65,17 @@ static bool is_hash_block_verified(struct fsverity_info *vi, struct page *hpage, smp_rmb(); return test_bit(hblock_idx, vi->hash_block_verified); } - spin_lock(&vi->hash_page_init_lock); - if (PageChecked(hpage)) { - verified = test_bit(hblock_idx, vi->hash_block_verified); - } else { - blocks_per_page = vi->tree_params.blocks_per_page; - hblock_idx = round_down(hblock_idx, blocks_per_page); - for (i = 0; i < blocks_per_page; i++) - clear_bit(hblock_idx + i, vi->hash_block_verified); - /* - * A write memory barrier is needed here to give RELEASE - * semantics to the below SetPageChecked() operation. - */ - smp_wmb(); - SetPageChecked(hpage); - verified = false; - } - spin_unlock(&vi->hash_page_init_lock); - return verified; + blocks_per_page = vi->tree_params.blocks_per_page; + hblock_idx = round_down(hblock_idx, blocks_per_page); + for (i = 0; i < blocks_per_page; i++) + clear_bit(hblock_idx + i, vi->hash_block_verified); + /* + * A write memory barrier is needed here to give RELEASE semantics to + * the below SetPageChecked() operation. + */ + smp_wmb(); + SetPageChecked(hpage); + return false; } /* From patchwork Mon Feb 12 16:57:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13553711 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C00693D3A5 for ; Mon, 12 Feb 2024 16:59:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757197; cv=none; b=ks38uCrStm3wBHn8mzW/FU/HYegcZMvJgRgGneVQUIwH/tQWL55JyC1QJfvywrYtKQ9DAJ6HxUqR85+n8s0idc+53lbcT4C8WUipmWn7Uo8fAU8Y6F0eU4IS4f4BW3r8OoV+HFf4klcezVGP/AN1Yw+prSOBqyq/zW62hLkXYPo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757197; c=relaxed/simple; bh=87EPGtfLnNyrrHm7LdrhSWDHeKqbwuyh0xK6FyLRPoU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=ke3f9HpUX/iEMEXWga2b/2PVEyjxZyeri6ar2YvFdIPs/CTe825mipQaa9fPPfFNQn9XMDm24VdwRrE/EQ7UnmW3Qz0F4AlWLwwnpTUiAqhrN/n34qRCM7l+hb+hhC8AlagVYFV43xVMBu8Kq1i7zg5d3IQxnpj1VPpzixeIvy8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=HrxwRAXn; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="HrxwRAXn" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707757194; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HwoEMzof6tyueQTnUsTnW4349H23j9VoC/QRGqyWkKM=; b=HrxwRAXnnyGQgiAbRekd0sQgdD30m+KOWtaAibvPe3T+M61r0WsV/xIqovK9yykIj6XTOh D+Onm7JC47yijnSnvEctBHsFleOAneWIGIP8O9LRdL35IKYkOYln12dQcrqsjKUHZuUsir Kjk1XBdnULkFAGvfK6aZGZ2AYLGxLHE= Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-78-SnffbE2SMqK9G8w2tA2Udg-1; Mon, 12 Feb 2024 11:59:53 -0500 X-MC-Unique: SnffbE2SMqK9G8w2tA2Udg-1 Received: by mail-ed1-f71.google.com with SMTP id 4fb4d7f45d1cf-55ffcfed2ffso4899044a12.0 for ; Mon, 12 Feb 2024 08:59:53 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707757192; x=1708361992; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HwoEMzof6tyueQTnUsTnW4349H23j9VoC/QRGqyWkKM=; b=r2KFMH3pV9COiWm/QYWAMkhjKa4vCiNbSHF5jKUyNPam7aaF0MjSiqkjom+0wcO7V1 rxKX63lmvFsYWsnfsxqLvhXN2bHs3xWn/ZiXOxIg0FYN8ye1U3WMhCT+L4ayqLGGJ1ox d4Z2BtL5jIoNS9XZFlLC7Rr3DCH2XN1uJp1FJaHHB0CsSW/3J4vFecjp9Zv84LPx/MhI QwJ8t8xjj3JJbESf6UXVRRCzvVTXXTYWQXoRdlR5UN6J1gC7AN1xCJwQ02xLxC0vMdV4 O5ZWl3nFaC6dWBAMu1r3MPANp1WiHaocDWJWkwL8xkWDDmvXN7K4jOlIajYs4WDIUzTX dCsQ== X-Gm-Message-State: AOJu0YzmiZsih1U/23CSmZSasuOO3AJLTph4cjcWbljk7oTzmsY2eMQF JqEbHS/p8xc6bKqlANXFmMU3tzLjO9ceGsWILNSvIWUeSMkJkAFqogviPz8vNog03350skBk91i IL/ykbdjCwdoirZVEdU8KMEqhLv3UE8wm3ZJZ/v+X+m2qK5dlKud18h6hXSmYJznwKut4FzQq23 epx5y159XHbdhksJU5C+0mf96ABnv1SXq5ukZ+KGw= X-Received: by 2002:aa7:d981:0:b0:560:f90e:4da3 with SMTP id u1-20020aa7d981000000b00560f90e4da3mr98359eds.0.1707757192171; Mon, 12 Feb 2024 08:59:52 -0800 (PST) X-Google-Smtp-Source: AGHT+IHfoUglQy6VQsrJO7Bagpl3UpwVFuud3MHrG+CNzln++dGXQv+WdUFa5OXovBNIauYyQ9cb3w== X-Received: by 2002:aa7:d981:0:b0:560:f90e:4da3 with SMTP id u1-20020aa7d981000000b00560f90e4da3mr98331eds.0.1707757191771; Mon, 12 Feb 2024 08:59:51 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCXhqGB6LbMhOcQTOQgMj83RdGTEaY3whGVGA8PGqFvwppxAzy8CpFHJkl6rYQf2kAItMH8HOxTUL6AGyf+3FSY2zvJsR/pI04kLc506uc4/aJwM48k67gNBX62vrEnp4WvkoJxC7o6d+vBiHtYj0hTnoc5ObmWXKh4xKDS8jI5CkjTcQvGZk8kwP+thsw+hRdRPVWZSlSpcD56gF6LDBDXIw4kTlNenUcMBMLN++ug0Xu4lNlSPOI2gA0xs9/NG9dVt9+p1cKx9JUmsoeI31hAT Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id 14-20020a0564021f4e00b0056176e95a88sm2620261edz.32.2024.02.12.08.59.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Feb 2024 08:59:51 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Allison Henderson , Mark Tinguely , Dave Chinner Subject: [PATCH v4 02/25] xfs: add parent pointer support to attribute code Date: Mon, 12 Feb 2024 17:57:59 +0100 Message-Id: <20240212165821.1901300-3-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240212165821.1901300-1-aalbersh@redhat.com> References: <20240212165821.1901300-1-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com From: Allison Henderson Add the new parent attribute type. XFS_ATTR_PARENT is used only for parent pointer entries; it uses reserved blocks like XFS_ATTR_ROOT. Signed-off-by: Mark Tinguely Signed-off-by: Dave Chinner Signed-off-by: Allison Henderson Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong --- fs/xfs/libxfs/xfs_attr.c | 3 ++- fs/xfs/libxfs/xfs_da_format.h | 5 ++++- fs/xfs/libxfs/xfs_log_format.h | 1 + fs/xfs/scrub/attr.c | 2 +- fs/xfs/xfs_trace.h | 3 ++- 5 files changed, 10 insertions(+), 4 deletions(-) diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c index e965a48e7db9..1292ab043b4f 100644 --- a/fs/xfs/libxfs/xfs_attr.c +++ b/fs/xfs/libxfs/xfs_attr.c @@ -924,7 +924,8 @@ xfs_attr_set( struct xfs_inode *dp = args->dp; struct xfs_mount *mp = dp->i_mount; struct xfs_trans_res tres; - bool rsvd = (args->attr_filter & XFS_ATTR_ROOT); + bool rsvd = (args->attr_filter & (XFS_ATTR_ROOT | + XFS_ATTR_PARENT)); int error, local; int rmt_blks = 0; unsigned int total; diff --git a/fs/xfs/libxfs/xfs_da_format.h b/fs/xfs/libxfs/xfs_da_format.h index 24f9d1461f9a..18e8c7d44ab8 100644 --- a/fs/xfs/libxfs/xfs_da_format.h +++ b/fs/xfs/libxfs/xfs_da_format.h @@ -703,12 +703,15 @@ struct xfs_attr3_leafblock { #define XFS_ATTR_LOCAL_BIT 0 /* attr is stored locally */ #define XFS_ATTR_ROOT_BIT 1 /* limit access to trusted attrs */ #define XFS_ATTR_SECURE_BIT 2 /* limit access to secure attrs */ +#define XFS_ATTR_PARENT_BIT 3 /* parent pointer attrs */ #define XFS_ATTR_INCOMPLETE_BIT 7 /* attr in middle of create/delete */ #define XFS_ATTR_LOCAL (1u << XFS_ATTR_LOCAL_BIT) #define XFS_ATTR_ROOT (1u << XFS_ATTR_ROOT_BIT) #define XFS_ATTR_SECURE (1u << XFS_ATTR_SECURE_BIT) +#define XFS_ATTR_PARENT (1u << XFS_ATTR_PARENT_BIT) #define XFS_ATTR_INCOMPLETE (1u << XFS_ATTR_INCOMPLETE_BIT) -#define XFS_ATTR_NSP_ONDISK_MASK (XFS_ATTR_ROOT | XFS_ATTR_SECURE) +#define XFS_ATTR_NSP_ONDISK_MASK \ + (XFS_ATTR_ROOT | XFS_ATTR_SECURE | XFS_ATTR_PARENT) /* * Alignment for namelist and valuelist entries (since they are mixed diff --git a/fs/xfs/libxfs/xfs_log_format.h b/fs/xfs/libxfs/xfs_log_format.h index 269573c82808..eb7406c6ea41 100644 --- a/fs/xfs/libxfs/xfs_log_format.h +++ b/fs/xfs/libxfs/xfs_log_format.h @@ -972,6 +972,7 @@ struct xfs_icreate_log { */ #define XFS_ATTRI_FILTER_MASK (XFS_ATTR_ROOT | \ XFS_ATTR_SECURE | \ + XFS_ATTR_PARENT | \ XFS_ATTR_INCOMPLETE) /* diff --git a/fs/xfs/scrub/attr.c b/fs/xfs/scrub/attr.c index 83c7feb38714..49f91cc85a65 100644 --- a/fs/xfs/scrub/attr.c +++ b/fs/xfs/scrub/attr.c @@ -494,7 +494,7 @@ xchk_xattr_rec( /* Retrieve the entry and check it. */ hash = be32_to_cpu(ent->hashval); badflags = ~(XFS_ATTR_LOCAL | XFS_ATTR_ROOT | XFS_ATTR_SECURE | - XFS_ATTR_INCOMPLETE); + XFS_ATTR_INCOMPLETE | XFS_ATTR_PARENT); if ((ent->flags & badflags) != 0) xchk_da_set_corrupt(ds, level); if (ent->flags & XFS_ATTR_LOCAL) { diff --git a/fs/xfs/xfs_trace.h b/fs/xfs/xfs_trace.h index 0984a1c884c7..07e8a69f8e56 100644 --- a/fs/xfs/xfs_trace.h +++ b/fs/xfs/xfs_trace.h @@ -83,7 +83,8 @@ struct xfs_perag; #define XFS_ATTR_FILTER_FLAGS \ { XFS_ATTR_ROOT, "ROOT" }, \ { XFS_ATTR_SECURE, "SECURE" }, \ - { XFS_ATTR_INCOMPLETE, "INCOMPLETE" } + { XFS_ATTR_INCOMPLETE, "INCOMPLETE" }, \ + { XFS_ATTR_PARENT, "PARENT" } DECLARE_EVENT_CLASS(xfs_attr_list_class, TP_PROTO(struct xfs_attr_list_context *ctx), From patchwork Mon Feb 12 16:58:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13553713 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9DC0B3D579 for ; Mon, 12 Feb 2024 16:59:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757198; cv=none; b=QXs6AU25bOsO/5mdMiBLsAFyuq9BQpH/MRG0TKOqp/5zUF80Qu4doqbTIycK56q0MbAShcb9dkVdZtjIw3V4P9fHLQ1FLYMigevWvPHMF9MuEBeigraYrReo8kq9v28HfJ1umYwf4o6UleTlIyk1O+JwtxXJAlmlbhHLnPSMHbk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757198; c=relaxed/simple; bh=iGCn00rEq7PG+afvZlZGmDPn+zqmaqJVYlT49tydKx4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=HbnFhvQIgNpApQseoeKaYA+Kg18V/+dN97tQuKF29Q1CDAd5SnoPD+VRyNtLIc8RJexUSxKiNN7+PgQ1lVLK6zeEDhnHtHA+lqge1b1owQGsoQrn0w/yLKLgZjsNJk4IcIHQ4YwKAJyfJO+Pa69d1n0mud6nLZW1QCW26K/sL5U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=DZlDNRJe; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="DZlDNRJe" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707757195; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=oBcesGNJ85C40O8Wbwe4Jalf+KuBJVBEen9IDHFprmk=; b=DZlDNRJejcf91GdjjB1qR0FUKz2VgVP1DLqYLLfyM6g1gX9D3q2sVjEfuVuwFuH5Yb5HXF b1e1hZbGsLTGGNL5ROB9xyAPzES1BUm4YVzz6EoltbW3+zHgx2+lzwLBrkENUoeJXgBdd2 VPz2+G4DYM75sVeLv4lD097COD1OH+Q= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-569-crAihOj2NduWxpiBwXdKIg-1; Mon, 12 Feb 2024 11:59:54 -0500 X-MC-Unique: crAihOj2NduWxpiBwXdKIg-1 Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-a3cd3e65328so32323666b.0 for ; Mon, 12 Feb 2024 08:59:54 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707757193; x=1708361993; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=oBcesGNJ85C40O8Wbwe4Jalf+KuBJVBEen9IDHFprmk=; b=QBP9K44DBtdK1f3JR0pcZqptp1A/KM7xP+A9jMfRIUTI2/xUjppjV0jH5B/HjPR90g C9pJ1XuYyKUl+7K1ancuwTJnLNR9ENI2TDvmiQw7ktLZZVADVmTE12VH0AtjpM1akix2 rVi4+i6spi6tnL0L/RVT2XThhbIgeZvJ1Qlo6euv6bPGD3gjGgc30ybFPIgJgkVY4jU1 /T9L2HjnqhDUU+58DxJC12renG6SrJhxJi+L8fmtQvyl41H6FrAOelkEaEOddnJY8FEy dAzD0SIAiUKfeLSN/AJmFwzSylVqesTrPeoD05kXMVkYIlk+ARrTeLCNNbklUIruoBda TCmQ== X-Gm-Message-State: AOJu0YxwAeb4nOTd38yN//7H46SnzT2vZofedlSxgJmvXgWY5rINWunX Fkji5BTx3DLaTvtdZE0IDaFCVqolJaUxEKToRyaaBsR1j69sf9mVs3Sh8/NMvRNC7ACiw/HKjZw dU0w/LNpn78lxyg9B4+rIFY2YpHflafMiBJK9CiDgxRydUpGdlngnJsnszwigLNC6hi+GwWokh4 qHaZ9RZ3PUITRR7MmgGWddHyVYwgG8cEnEsqBgEOQ= X-Received: by 2002:aa7:d38c:0:b0:55f:8c38:36a9 with SMTP id x12-20020aa7d38c000000b0055f8c3836a9mr5424658edq.42.1707757192779; Mon, 12 Feb 2024 08:59:52 -0800 (PST) X-Google-Smtp-Source: AGHT+IHuAQY974HjwvfUXd9S/s2x7iBcid/UjzWaSIP6F1pOXoRVZe6HEND0f94MhpBhdqSR92/o6g== X-Received: by 2002:aa7:d38c:0:b0:55f:8c38:36a9 with SMTP id x12-20020aa7d38c000000b0055f8c3836a9mr5424640edq.42.1707757192557; Mon, 12 Feb 2024 08:59:52 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCUGdzvN1PlvyWuInXAHyDTNZDbZ3DXfxNsW3DTnGhPYQmdNWEbiWbsvxSno4SsYIW0Gcc8LWGDwRbTSQjOvUTlNaq3J5lBwDWuoz3D61CyakzhU+/Ztf5vms14kBfBl/qVaSH9L8ZAthUJf82RYURpX4L4q69P/l+ZSHjyspsgs02K9geKDabKzvF1PUu2mwvnnBAFZcgcXNEYnNv6JM0AnWcmeZWP24ZAuM994uoKNEWHfrsbobAzZthWH4rHt Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id 14-20020a0564021f4e00b0056176e95a88sm2620261edz.32.2024.02.12.08.59.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Feb 2024 08:59:52 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Allison Henderson , Dave Chinner Subject: [PATCH v4 03/25] xfs: define parent pointer ondisk extended attribute format Date: Mon, 12 Feb 2024 17:58:00 +0100 Message-Id: <20240212165821.1901300-4-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240212165821.1901300-1-aalbersh@redhat.com> References: <20240212165821.1901300-1-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com From: Allison Henderson We need to define the parent pointer attribute format before we start adding support for it into all the code that needs to use it. The EA format we will use encodes the following information: name={parent inode #, parent inode generation, dirent namehash} value={dirent name} The inode/gen gives all the information we need to reliably identify the parent without requiring child->parent lock ordering, and allows userspace to do pathname component level reconstruction without the kernel ever needing to verify the parent itself as part of ioctl calls. Storing the dirent name hash in the key reduces hash collisions if a file is hardlinked multiple times in the same directory. By using the NVLOOKUP mode in the extended attribute code to match parent pointers using both the xattr name and value, we can identify the exact parent pointer EA we need to modify/remove in rename/unlink operations without searching the entire EA space. By storing the dirent name, we have enough information to be able to validate and reconstruct damaged directory trees. Earlier iterations of this patchset encoded the directory offset in the parent pointer key, but this format required repair to keep that in sync across directory rebuilds, which is unnecessary complexity. Signed-off-by: Dave Chinner Signed-off-by: Allison Henderson Reviewed-by: Darrick J. Wong [djwong: replace diroffset with the namehash in the pptr key] Signed-off-by: Darrick J. Wong --- fs/xfs/libxfs/xfs_da_format.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/fs/xfs/libxfs/xfs_da_format.h b/fs/xfs/libxfs/xfs_da_format.h index 18e8c7d44ab8..e5eacfe75021 100644 --- a/fs/xfs/libxfs/xfs_da_format.h +++ b/fs/xfs/libxfs/xfs_da_format.h @@ -867,4 +867,24 @@ static inline unsigned int xfs_dir2_dirblock_bytes(struct xfs_sb *sbp) xfs_failaddr_t xfs_da3_blkinfo_verify(struct xfs_buf *bp, struct xfs_da3_blkinfo *hdr3); +/* + * Parent pointer attribute format definition + * + * The xattr name encodes the parent inode number, generation and the crc32c + * hash of the dirent name. + * + * The xattr value contains the dirent name. + */ +struct xfs_parent_name_rec { + __be64 p_ino; + __be32 p_gen; + __be32 p_namehash; +}; + +/* + * Maximum size of the dirent name that can be stored in a parent pointer. + * This matches the maximum dirent name length. + */ +#define XFS_PARENT_DIRENT_NAME_MAX_SIZE (MAXNAMELEN - 1) + #endif /* __XFS_DA_FORMAT_H__ */ From patchwork Mon Feb 12 16:58:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13553714 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1A3313D566 for ; Mon, 12 Feb 2024 16:59:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757199; cv=none; b=cIe/7olOuAAS4ewvPj8A4T5TQWiAL0pBvjM7LZxSBbwtf+cfOYLTBZppibxSs6DUBRmEvoBc6AM1xQQPIgURwXGX+SIw4PZPDSrnFPBwLPmVjZhOY54lR0SepyU1uuCKDM5uuaAPoZn0PjaC9/0YYoaz2mmwqFBxzd6KpOs4VTk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757199; c=relaxed/simple; bh=9JqrbAfmSsH3ERdkRpC8IPSggMzVJkaaLqkB8F5T9EI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=kmO2ezO/TNoIuPjB3R2Mav+37LgTwDYUaEyGW8BcZtLQO1Q9zR1AYOm4EV4ZwEpzs4JPE7QkyT/9uKPF84QGVQHhOe/HtepxVOwp222Us+EtiJELjw5V59/+RUaEvZN2vyllaSvKOsUAJ0DGd8hntk/d0ZMfZGnvRaVxTITYK/o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=OCl37wxL; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="OCl37wxL" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707757197; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7qFP4poM8gEvIFjfXy0QwY6pOEwAMOFuQs9zumtA0Rw=; b=OCl37wxLW77LIi4aWd5GTlnI/mv58BOdGlKQKMFaMbd6mILNFU1jCzBct2qouDE3tU+bcA Et8y9ciO8Q0pA66vXfmJVEgShRTegiwG6R1ijmfWCxSoZ7EnEWntFuSyPezQgjJVkwbuyT EHdy9x0vAyl4qQVslNQiivbLwsXcuJ4= Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-202-0R3CCYpdOBuDIL2F-Ankgg-1; Mon, 12 Feb 2024 11:59:55 -0500 X-MC-Unique: 0R3CCYpdOBuDIL2F-Ankgg-1 Received: by mail-ed1-f71.google.com with SMTP id 4fb4d7f45d1cf-560f41972easo1934620a12.0 for ; Mon, 12 Feb 2024 08:59:55 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707757194; x=1708361994; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7qFP4poM8gEvIFjfXy0QwY6pOEwAMOFuQs9zumtA0Rw=; b=A1EBDMoK5E7+HLjjuhkOsFDDNXuqQvVU56m/pcOqt0cBZ8+hs+RF7i3TiQUNcDtRxR z1i8XPxUAjMUPEKj83HmAM1RFNqZEL4MM7mR2EZ2R+2iDyGm2PbLNeT79SF5DK3oEvBk iDaux76Ux37xylA8r/w3SSfNzj7Ld1MEEiuhQxOBBWt+ImRxhG/50qITzMktmeN/y7k5 5FF8ndY8kFC/R2x8BR/oGSVyTYLOKaQ1+heThbR4xsAGFFTDWLakvdpNPa320cYCL0So GAL+0mduFXGGfEJK3M6BdwqRRvxOKfqxeHtSIpTE7tcvUpWWBPQSV0ca3IaNbpaENG+8 UTjw== X-Gm-Message-State: AOJu0YyPKhljFqCt0BUD81nb7hCeYed6sqAkfVJdEqbu9pfH2UMvKBV+ R1RjHRWOnrEP8Pm5kLVvXjqlX8p4EzkPCnDjklB0BdaEDoHSvaoM1QoyeAKrXbuwjCXoip+GdEV ngMwxf/5aK9d0NeJru9165idxsehEIIamXfnXdByZH6jKu3ArOMsLSxskbJyn3f63DezRiUth05 nlAzJnEJ4wrl1KBh1zMyvHcrrWmX6emh8j6eSVrIg= X-Received: by 2002:a50:f617:0:b0:561:9652:5637 with SMTP id c23-20020a50f617000000b0056196525637mr3659222edn.37.1707757194158; Mon, 12 Feb 2024 08:59:54 -0800 (PST) X-Google-Smtp-Source: AGHT+IGyqJb1xpGFjqn3vJ1D5hirpPLDzmRKHxkeP+Sul2WzwXFn0vPfXCQQQxMCa6uPvEMMQbzT7A== X-Received: by 2002:a50:f617:0:b0:561:9652:5637 with SMTP id c23-20020a50f617000000b0056196525637mr3659193edn.37.1707757193796; Mon, 12 Feb 2024 08:59:53 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCW15t2/qN+81/gTVJVaHFlHCRoy1SV6DbG8x2VqPSugS1HhtAx2zTTQr1Q6u1PNlEg5V3nZUjaI7j76OEk8aQIdPjXyyZ97YD83BdXLq5oWzaUmPfTVHnUVDAOhBo8DD1s78Ei6+LZkX6u/4zBrMQ6IoPRwXTgJ6nyEE86RRpNBv5bhUrRADnka3myGH6mexm5lulkydp/ZHrbv/9EupTI1msGa8udBR2ij Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id 14-20020a0564021f4e00b0056176e95a88sm2620261edz.32.2024.02.12.08.59.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Feb 2024 08:59:53 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Allison Henderson Subject: [PATCH v4 04/25] xfs: add parent pointer validator functions Date: Mon, 12 Feb 2024 17:58:01 +0100 Message-Id: <20240212165821.1901300-5-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240212165821.1901300-1-aalbersh@redhat.com> References: <20240212165821.1901300-1-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com From: Allison Henderson Attribute names of parent pointers are not strings. So we need to modify attr_namecheck to verify parent pointer records when the XFS_ATTR_PARENT flag is set. At the same time, we need to validate attr values during log recovery if the xattr is really a parent pointer. Signed-off-by: Allison Henderson Reviewed-by: Darrick J. Wong [djwong: move functions to xfs_parent.c, adjust for new disk format] Signed-off-by: Darrick J. Wong --- fs/xfs/Makefile | 1 + fs/xfs/libxfs/xfs_attr.c | 10 ++- fs/xfs/libxfs/xfs_attr.h | 3 +- fs/xfs/libxfs/xfs_da_format.h | 8 +++ fs/xfs/libxfs/xfs_parent.c | 113 ++++++++++++++++++++++++++++++++++ fs/xfs/libxfs/xfs_parent.h | 19 ++++++ fs/xfs/scrub/attr.c | 2 +- fs/xfs/xfs_attr_item.c | 6 +- fs/xfs/xfs_attr_list.c | 14 +++-- 9 files changed, 165 insertions(+), 11 deletions(-) create mode 100644 fs/xfs/libxfs/xfs_parent.c create mode 100644 fs/xfs/libxfs/xfs_parent.h diff --git a/fs/xfs/Makefile b/fs/xfs/Makefile index fbe3cdc79036..8be90c685b0b 100644 --- a/fs/xfs/Makefile +++ b/fs/xfs/Makefile @@ -41,6 +41,7 @@ xfs-y += $(addprefix libxfs/, \ xfs_inode_buf.o \ xfs_log_rlimit.o \ xfs_ag_resv.o \ + xfs_parent.o \ xfs_rmap.o \ xfs_rmap_btree.o \ xfs_refcount.o \ diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c index 1292ab043b4f..f9846df41669 100644 --- a/fs/xfs/libxfs/xfs_attr.c +++ b/fs/xfs/libxfs/xfs_attr.c @@ -26,6 +26,7 @@ #include "xfs_trace.h" #include "xfs_attr_item.h" #include "xfs_xattr.h" +#include "xfs_parent.h" struct kmem_cache *xfs_attr_intent_cache; @@ -1514,9 +1515,14 @@ xfs_attr_node_get( /* Returns true if the attribute entry name is valid. */ bool xfs_attr_namecheck( - const void *name, - size_t length) + struct xfs_mount *mp, + const void *name, + size_t length, + unsigned int flags) { + if (flags & XFS_ATTR_PARENT) + return xfs_parent_namecheck(mp, name, length, flags); + /* * MAXNAMELEN includes the trailing null, but (name/length) leave it * out, so use >= for the length check. diff --git a/fs/xfs/libxfs/xfs_attr.h b/fs/xfs/libxfs/xfs_attr.h index 81be9b3e4004..92711c8d2a9f 100644 --- a/fs/xfs/libxfs/xfs_attr.h +++ b/fs/xfs/libxfs/xfs_attr.h @@ -547,7 +547,8 @@ int xfs_attr_get(struct xfs_da_args *args); int xfs_attr_set(struct xfs_da_args *args); int xfs_attr_set_iter(struct xfs_attr_intent *attr); int xfs_attr_remove_iter(struct xfs_attr_intent *attr); -bool xfs_attr_namecheck(const void *name, size_t length); +bool xfs_attr_namecheck(struct xfs_mount *mp, const void *name, size_t length, + unsigned int flags); int xfs_attr_calc_size(struct xfs_da_args *args, int *local); void xfs_init_attr_trans(struct xfs_da_args *args, struct xfs_trans_res *tres, unsigned int *total); diff --git a/fs/xfs/libxfs/xfs_da_format.h b/fs/xfs/libxfs/xfs_da_format.h index e5eacfe75021..1b79c4de90bc 100644 --- a/fs/xfs/libxfs/xfs_da_format.h +++ b/fs/xfs/libxfs/xfs_da_format.h @@ -746,6 +746,14 @@ xfs_attr3_leaf_name(xfs_attr_leafblock_t *leafp, int idx) return &((char *)leafp)[be16_to_cpu(entries[idx].nameidx)]; } +static inline int +xfs_attr3_leaf_flags(xfs_attr_leafblock_t *leafp, int idx) +{ + struct xfs_attr_leaf_entry *entries = xfs_attr3_leaf_entryp(leafp); + + return entries[idx].flags; +} + static inline xfs_attr_leaf_name_remote_t * xfs_attr3_leaf_name_remote(xfs_attr_leafblock_t *leafp, int idx) { diff --git a/fs/xfs/libxfs/xfs_parent.c b/fs/xfs/libxfs/xfs_parent.c new file mode 100644 index 000000000000..1d45f926c13a --- /dev/null +++ b/fs/xfs/libxfs/xfs_parent.c @@ -0,0 +1,113 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (c) 2022-2024 Oracle. + * All rights reserved. + */ +#include "xfs.h" +#include "xfs_fs.h" +#include "xfs_format.h" +#include "xfs_da_format.h" +#include "xfs_log_format.h" +#include "xfs_shared.h" +#include "xfs_trans_resv.h" +#include "xfs_mount.h" +#include "xfs_bmap_btree.h" +#include "xfs_inode.h" +#include "xfs_error.h" +#include "xfs_trace.h" +#include "xfs_trans.h" +#include "xfs_da_btree.h" +#include "xfs_attr.h" +#include "xfs_dir2.h" +#include "xfs_dir2_priv.h" +#include "xfs_attr_sf.h" +#include "xfs_bmap.h" +#include "xfs_defer.h" +#include "xfs_log.h" +#include "xfs_xattr.h" +#include "xfs_parent.h" +#include "xfs_trans_space.h" + +/* + * Parent pointer attribute handling. + * + * Because the attribute value is a filename component, it will never be longer + * than 255 bytes. This means the attribute will always be a local format + * attribute as it is xfs_attr_leaf_entsize_local_max() for v5 filesystems will + * always be larger than this (max is 75% of block size). + * + * Creating a new parent attribute will always create a new attribute - there + * should never, ever be an existing attribute in the tree for a new inode. + * ENOSPC behavior is problematic - creating the inode without the parent + * pointer is effectively a corruption, so we allow parent attribute creation + * to dip into the reserve block pool to avoid unexpected ENOSPC errors from + * occurring. + */ + +/* Return true if parent pointer EA name is valid. */ +bool +xfs_parent_namecheck( + struct xfs_mount *mp, + const struct xfs_parent_name_rec *rec, + size_t reclen, + unsigned int attr_flags) +{ + if (!(attr_flags & XFS_ATTR_PARENT)) + return false; + + /* pptr updates use logged xattrs, so we should never see this flag */ + if (attr_flags & XFS_ATTR_INCOMPLETE) + return false; + + if (reclen != sizeof(struct xfs_parent_name_rec)) + return false; + + /* Only one namespace bit allowed. */ + if (hweight32(attr_flags & XFS_ATTR_NSP_ONDISK_MASK) > 1) + return false; + + return true; +} + +/* Return true if parent pointer EA value is valid. */ +bool +xfs_parent_valuecheck( + struct xfs_mount *mp, + const void *value, + size_t valuelen) +{ + if (valuelen == 0 || valuelen > XFS_PARENT_DIRENT_NAME_MAX_SIZE) + return false; + + if (value == NULL) + return false; + + return true; +} + +/* Return true if the ondisk parent pointer is consistent. */ +bool +xfs_parent_hashcheck( + struct xfs_mount *mp, + const struct xfs_parent_name_rec *rec, + const void *value, + size_t valuelen) +{ + struct xfs_name dname = { + .name = value, + .len = valuelen, + }; + xfs_ino_t p_ino; + + /* Valid dirent name? */ + if (!xfs_dir2_namecheck(value, valuelen)) + return false; + + /* Valid inode number? */ + p_ino = be64_to_cpu(rec->p_ino); + if (!xfs_verify_dir_ino(mp, p_ino)) + return false; + + /* Namehash matches name? */ + return be32_to_cpu(rec->p_namehash) == xfs_dir2_hashname(mp, &dname); +} diff --git a/fs/xfs/libxfs/xfs_parent.h b/fs/xfs/libxfs/xfs_parent.h new file mode 100644 index 000000000000..fcfeddb645f6 --- /dev/null +++ b/fs/xfs/libxfs/xfs_parent.h @@ -0,0 +1,19 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (c) 2022-2024 Oracle. + * All Rights Reserved. + */ +#ifndef __XFS_PARENT_H__ +#define __XFS_PARENT_H__ + +/* Metadata validators */ +bool xfs_parent_namecheck(struct xfs_mount *mp, + const struct xfs_parent_name_rec *rec, size_t reclen, + unsigned int attr_flags); +bool xfs_parent_valuecheck(struct xfs_mount *mp, const void *value, + size_t valuelen); +bool xfs_parent_hashcheck(struct xfs_mount *mp, + const struct xfs_parent_name_rec *rec, const void *value, + size_t valuelen); + +#endif /* __XFS_PARENT_H__ */ diff --git a/fs/xfs/scrub/attr.c b/fs/xfs/scrub/attr.c index 49f91cc85a65..9a1f59f7b5a4 100644 --- a/fs/xfs/scrub/attr.c +++ b/fs/xfs/scrub/attr.c @@ -195,7 +195,7 @@ xchk_xattr_listent( } /* Does this name make sense? */ - if (!xfs_attr_namecheck(name, namelen)) { + if (!xfs_attr_namecheck(sx->sc->mp, name, namelen, flags)) { xchk_fblock_set_corrupt(sx->sc, XFS_ATTR_FORK, args.blkno); goto fail_xref; } diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index 9e02111bd890..6f6eeaaa9010 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -588,7 +588,8 @@ xfs_attr_recover_work( */ attrp = &attrip->attri_format; if (!xfs_attri_validate(mp, attrp) || - !xfs_attr_namecheck(nv->name.i_addr, nv->name.i_len)) + !xfs_attr_namecheck(mp, nv->name.i_addr, nv->name.i_len, + attrp->alfi_attr_filter)) return -EFSCORRUPTED; attr = xfs_attri_recover_work(mp, dfp, attrp, &ip, nv); @@ -728,7 +729,8 @@ xlog_recover_attri_commit_pass2( return -EFSCORRUPTED; } - if (!xfs_attr_namecheck(attr_name, attri_formatp->alfi_name_len)) { + if (!xfs_attr_namecheck(mp, attr_name, attri_formatp->alfi_name_len, + attri_formatp->alfi_attr_filter)) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, item->ri_buf[1].i_addr, item->ri_buf[1].i_len); return -EFSCORRUPTED; diff --git a/fs/xfs/xfs_attr_list.c b/fs/xfs/xfs_attr_list.c index e368ad671e26..1521ca2f0ce3 100644 --- a/fs/xfs/xfs_attr_list.c +++ b/fs/xfs/xfs_attr_list.c @@ -58,6 +58,7 @@ xfs_attr_shortform_list( struct xfs_attr_sf_sort *sbuf, *sbp; struct xfs_attr_sf_hdr *sf = dp->i_af.if_data; struct xfs_attr_sf_entry *sfe; + struct xfs_mount *mp = dp->i_mount; int sbsize, nsbuf, count, i; int error = 0; @@ -81,8 +82,9 @@ xfs_attr_shortform_list( (dp->i_af.if_bytes + sf->count * 16) < context->bufsize)) { for (i = 0, sfe = xfs_attr_sf_firstentry(sf); i < sf->count; i++) { if (XFS_IS_CORRUPT(context->dp->i_mount, - !xfs_attr_namecheck(sfe->nameval, - sfe->namelen))) + !xfs_attr_namecheck(mp, sfe->nameval, + sfe->namelen, + sfe->flags))) return -EFSCORRUPTED; context->put_listent(context, sfe->flags, @@ -173,8 +175,9 @@ xfs_attr_shortform_list( cursor->offset = 0; } if (XFS_IS_CORRUPT(context->dp->i_mount, - !xfs_attr_namecheck(sbp->name, - sbp->namelen))) { + !xfs_attr_namecheck(mp, sbp->name, + sbp->namelen, + sbp->flags))) { error = -EFSCORRUPTED; goto out; } @@ -464,7 +467,8 @@ xfs_attr3_leaf_list_int( } if (XFS_IS_CORRUPT(context->dp->i_mount, - !xfs_attr_namecheck(name, namelen))) + !xfs_attr_namecheck(mp, name, namelen, + entry->flags))) return -EFSCORRUPTED; context->put_listent(context, entry->flags, name, namelen, valuelen); From patchwork Mon Feb 12 16:58:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13553715 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2D3A83DB92 for ; Mon, 12 Feb 2024 16:59:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757200; cv=none; b=OOcfUL4zBB3werOQ+vOVzFbd2KAqI/TP8Z1dTgrO9EPb9lHtCFMj7j4C2Q6iidBPlv09YJN7u6zfQ9BucMJFRxWyi8/G+QzBH81ODgkR96NWlZGbeNevH0/zTpDjqf1ht2AR6nXUOUNcHlafbJpVufAC7ZIW1kcaBFu4/nGUGvE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757200; c=relaxed/simple; bh=cvhOJNMgYbCTZs0crMMOB5Pl60dq3zxJ6bSAHeiofko=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=uSwTEyO0pkHEhCwOLTTVRKoXz5DgB+6rDEeB4IEbtswU++C8BLnXJLHJU44n7TS1vLgmk323Ni39DWjCJnkxHc1SobEHL4w10NM2i7jKwdnGi1nUJczx+mCd2oNTSCjtVf35ytz4fHFDsWeI6kopk4+fA548YWr8YhpQQ3T8/C4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=DXWmkN7M; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="DXWmkN7M" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707757198; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2eZDjHaP7Kupt8d6Iu2ty2GFMw3W0f+xpOseohnHwTk=; b=DXWmkN7MGzRYZsJupSZTfLdpmB3wsGURiXqmp0phEtdpXMRU65YgjqVWGRBTLgMyxpg26b iGqTauCBZJUMKKz6BDtIBJzFFv6yRHJuuuVhsyIjDuiphP85zAspnF7dI4eN9n3dLMx2zB EjUOtlr7Bwt27+0wTx+7YYaDmOyzJQE= Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-345-oKW59rG_NYmVKSBBglWSwg-1; Mon, 12 Feb 2024 11:59:57 -0500 X-MC-Unique: oKW59rG_NYmVKSBBglWSwg-1 Received: by mail-ed1-f71.google.com with SMTP id 4fb4d7f45d1cf-5597da35ebbso2420665a12.2 for ; Mon, 12 Feb 2024 08:59:56 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707757195; x=1708361995; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2eZDjHaP7Kupt8d6Iu2ty2GFMw3W0f+xpOseohnHwTk=; b=ofS2GbRcgdYw6NoXgiBzbRFNH6T7ScvnYSCexUuDj5duniChoOjII1SLyTohxymFSc gWjKwhOOc1Iu9c4c/40fwwnHax1kCHtHV1DmsBu87Rd/fiqvToK1yjnOPkRNaz8+oBCp +DyqOQT3kIoVIn1m3Fu4J1ESHGCiWD9QUKIWMORzamKE/rXahCP1jNPkbTIN3yG3m4WY 0FarunV6cISoThTOvrLtFisNHB/1QexUB3/l6amJfnwtIUT6/Ltsud6wJTxIX6F5ubu2 yBDHsYTts38x6eTOzzWrWOcW2PyDrGNXt03MSwCvD9thMcBRaWbgX+HZG/OPnjYpRdWo fLMg== X-Gm-Message-State: AOJu0YzNP5MS9ijpDkXGOQ3N0T4XhMF4Q9C3xagK0/UNj14PcNu0xtLu 6cKUYm7y50pYHeDmJDbGvlCEgkerSXo0P+20rqgHMqnNKTlNCRo692BKBDoqptIKYIaSiJiwctF iakgLxmQpi3hXZUxQa3SXeUwmdu/ZUiMegAvLJMIAuVnHMZI41d3KMNtBtNzuobDjthHSXh1Adw JA2Mve/fOJIKTHSjh96zW6z62VBCIX/W2wOHqV6Io= X-Received: by 2002:a05:6402:544:b0:55f:c3c1:34e with SMTP id i4-20020a056402054400b0055fc3c1034emr1476956edx.15.1707757195430; Mon, 12 Feb 2024 08:59:55 -0800 (PST) X-Google-Smtp-Source: AGHT+IGyQP1vpD0d7s1DLfQrdN0VArL3Z7/S/UGhBKfUY5OPPaBlXP9kgpE6F85URgM94E6HCoBQBw== X-Received: by 2002:a05:6402:544:b0:55f:c3c1:34e with SMTP id i4-20020a056402054400b0055fc3c1034emr1476936edx.15.1707757195175; Mon, 12 Feb 2024 08:59:55 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCVMULeE9s3nH+f2UMQCVjIYAATNr91A4Ha5f9VSJraW6oqpiPL3tmAHAY6PdEz054BS664a2YaRiaMUr/8qUiCssI9wfT114LLRO4KVxI9+V0jszODBczr1+t3NlI/Rz45VtOoo6Ui5gEPxUDyPQKU3N9O2/8/ta9Zk1gx9LBEHd/xz9LtHu9mXtCI9WUv9KptxyN5Fs3L6rp+W5VAUwLQh/y9gvRq8YnP/ Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id 14-20020a0564021f4e00b0056176e95a88sm2620261edz.32.2024.02.12.08.59.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Feb 2024 08:59:54 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v4 05/25] fs: add FS_XFLAG_VERITY for verity files Date: Mon, 12 Feb 2024 17:58:02 +0100 Message-Id: <20240212165821.1901300-6-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240212165821.1901300-1-aalbersh@redhat.com> References: <20240212165821.1901300-1-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Add extended attribute FS_XFLAG_VERITY for inodes with fs-verity enabled. Signed-off-by: Andrey Albershteyn --- Documentation/filesystems/fsverity.rst | 12 ++++++++++++ fs/ioctl.c | 11 +++++++++++ include/uapi/linux/fs.h | 1 + 3 files changed, 24 insertions(+) diff --git a/Documentation/filesystems/fsverity.rst b/Documentation/filesystems/fsverity.rst index 13e4b18e5dbb..19e59e87999e 100644 --- a/Documentation/filesystems/fsverity.rst +++ b/Documentation/filesystems/fsverity.rst @@ -326,6 +326,18 @@ the file has fs-verity enabled. This can perform better than FS_IOC_GETFLAGS and FS_IOC_MEASURE_VERITY because it doesn't require opening the file, and opening verity files can be expensive. +FS_IOC_FSGETXATTR +----------------- + +Since Linux v6.9, FS_XFLAG_VERITY (0x00020000) file attribute is set for verity +files. The attribute can be observed via lsattr. + + [root@vm:~]# lsattr /mnt/test/foo + --------------------V- /mnt/test/foo + +Note that this attribute cannot be set with FS_IOC_FSSETXATTR as enabling verity +requires input parameters. See FS_IOC_ENABLE_VERITY. + .. _accessing_verity_files: Accessing verity files diff --git a/fs/ioctl.c b/fs/ioctl.c index 76cf22ac97d7..38c00e47c069 100644 --- a/fs/ioctl.c +++ b/fs/ioctl.c @@ -481,6 +481,8 @@ void fileattr_fill_xflags(struct fileattr *fa, u32 xflags) fa->flags |= FS_DAX_FL; if (fa->fsx_xflags & FS_XFLAG_PROJINHERIT) fa->flags |= FS_PROJINHERIT_FL; + if (fa->fsx_xflags & FS_XFLAG_VERITY) + fa->flags |= FS_VERITY_FL; } EXPORT_SYMBOL(fileattr_fill_xflags); @@ -511,6 +513,8 @@ void fileattr_fill_flags(struct fileattr *fa, u32 flags) fa->fsx_xflags |= FS_XFLAG_DAX; if (fa->flags & FS_PROJINHERIT_FL) fa->fsx_xflags |= FS_XFLAG_PROJINHERIT; + if (fa->flags & FS_VERITY_FL) + fa->fsx_xflags |= FS_XFLAG_VERITY; } EXPORT_SYMBOL(fileattr_fill_flags); @@ -641,6 +645,13 @@ static int fileattr_set_prepare(struct inode *inode, !(S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode))) return -EINVAL; + /* + * Verity cannot be set through FS_IOC_FSSETXATTR/FS_IOC_SETFLAGS. + * See FS_IOC_ENABLE_VERITY + */ + if (fa->fsx_xflags & FS_XFLAG_VERITY) + return -EINVAL; + /* Extent size hints of zero turn off the flags. */ if (fa->fsx_extsize == 0) fa->fsx_xflags &= ~(FS_XFLAG_EXTSIZE | FS_XFLAG_EXTSZINHERIT); diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h index 48ad69f7722e..6e63ea832d4f 100644 --- a/include/uapi/linux/fs.h +++ b/include/uapi/linux/fs.h @@ -140,6 +140,7 @@ struct fsxattr { #define FS_XFLAG_FILESTREAM 0x00004000 /* use filestream allocator */ #define FS_XFLAG_DAX 0x00008000 /* use DAX for IO */ #define FS_XFLAG_COWEXTSIZE 0x00010000 /* CoW extent size allocator hint */ +#define FS_XFLAG_VERITY 0x00020000 /* fs-verity sealed inode */ #define FS_XFLAG_HASATTR 0x80000000 /* no DIFLAG for this */ /* the read-only stuff doesn't really belong here, but any other place is From patchwork Mon Feb 12 16:58:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13553716 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4AF393E487 for ; Mon, 12 Feb 2024 17:00:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757202; cv=none; b=rKufShnpotSrtTokpe8K3Rb1yRTcalPxTgZhywR2KjudO8UYef4wMpgi89EoSmpnl6sXtdsFN9x8ZUVhte7yLnBmgIxswXoLsJAbudJXNbQA58QFQaY4KUz/Bgc7fGke07JxPOhf+SKiy/UB3miZJwEVyRpED42OFZfTFk+NvFM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757202; c=relaxed/simple; bh=J8eqmJ+xrgEjOXP2VKM/OiQv88UWMfaFDCsYsiGjLNY=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=Kx8UgGYmXs6QJHwwg7XMpzKGwhfM+5+CnzD+dasxan3RzQxmHm6vPX/NV58X+oyq1aet4Qo4qmfQMsbKC8HYEVa+m6MozS3vo5d4K12yf+JjhDrMylM1CEnchpoBcCBU3hkr5iDTyFkTyU5jyWKkclAGAPLiKewCgZtKXtuVWmQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=KMpX+AW3; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="KMpX+AW3" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707757199; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Tj+M9muz5Mq0wRvQVjpVNnfnNXBZ0GExMp5ECK241aI=; b=KMpX+AW3k0iqxb+VAgtT3loxvnOumkeJGH2ghIsNRBd1jewvQuuGguBc87p9me4ruz5jdx oD6z3QpW5sbDA1s1Io7XbbDfOmCiIYonL3RNjzMcHKqUk5rml2vDkTVzTKx7RG8mIh8Lci caeIpquHdKucNgKxOKSE5ENgrOdAHEE= Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com [209.85.208.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-394-ybcRP213PGWqX3ZcZ_klqQ-1; Mon, 12 Feb 2024 11:59:58 -0500 X-MC-Unique: ybcRP213PGWqX3ZcZ_klqQ-1 Received: by mail-ed1-f72.google.com with SMTP id 4fb4d7f45d1cf-55ffcfed2ffso4899111a12.0 for ; Mon, 12 Feb 2024 08:59:57 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707757196; x=1708361996; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Tj+M9muz5Mq0wRvQVjpVNnfnNXBZ0GExMp5ECK241aI=; b=qiyw/HNeOyMcleKQdZfOx3KVsXcFwzbJa02+RB9orCHZ3dxAB4u3y4PgUChHSDN+e9 uZuoH5YXcT/+UEba9jcgniB/4wXKQG2M36d0DJBOZ6LkPT/TtVQ07/EdTG0+W+kvlT63 Byhy9dlmf8hFrX4SPfp0ruYjGHHINPgGfSXbwwD776LXoaegfsZiaVyS4hD6o+j1Fs0j G6QvcSLWZOO7Mud3uMBqA3WB98X9WWeXRD48eKi3u7vBQh6OlaCpsfQ4kukGhDqLZugl w4n47VtMtgUEuvYZb4mxYLa2iahAYOB/r4Zumxe5IuvTZEgMQLwktruOmYUV6/9sTnXC Iwzg== X-Gm-Message-State: AOJu0Yw+rc/XShAcLAmQaErZKfcbP1pPXBgEdAv5DXfQoxQ1nOBoHzXB oJukwVWFi3LRFTmaSegd4pa5yGu7At9ZKV3UDYXpWxuFO+Yifs57IxRI0dixnj8siHXEvxtvKN7 +nluRQWtD3hrOjIgqjyYxDcDHgliSaEUSaPxari5F5jJZDL+888rg6otnuFE/R2S3DdFrKXd2pC xUw3vhT40qCb0ROxZSPSp36Uybh4wmhWiG0EfmQFY= X-Received: by 2002:a05:6402:643:b0:561:a278:db1d with SMTP id u3-20020a056402064300b00561a278db1dmr67929edx.6.1707757196616; Mon, 12 Feb 2024 08:59:56 -0800 (PST) X-Google-Smtp-Source: AGHT+IEtqgz4uDExeajTYum89SlbgYY0K3Z01N1uVXi9SYRLiSvtRtku9Z+tCv2eTqpRFWJ/gbf9fg== X-Received: by 2002:a05:6402:643:b0:561:a278:db1d with SMTP id u3-20020a056402064300b00561a278db1dmr67909edx.6.1707757196375; Mon, 12 Feb 2024 08:59:56 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCXd8xaYpRWEUrz+josrTDL3E9m0a+PSI6wgXDuVhsf3ik78yVwT2Ddbg3N5a663Pq2+tpp6LpEMQlBz08yajX0H7kOwxBeuZdhVdQPzfxc+WqGEDp4BbZLcDH7J/vo26O5JT9BJQYaQ5GHeJmXRxLSTy9tSrH3cdl3PvAgFyDxa7FiOozrc3PfBWwJFQdz6ZJWpICF6sP79f5bYix07U88Jvt8Gejd0cC7N Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id 14-20020a0564021f4e00b0056176e95a88sm2620261edz.32.2024.02.12.08.59.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Feb 2024 08:59:55 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v4 06/25] fsverity: pass log_blocksize to end_enable_verity() Date: Mon, 12 Feb 2024 17:58:03 +0100 Message-Id: <20240212165821.1901300-7-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240212165821.1901300-1-aalbersh@redhat.com> References: <20240212165821.1901300-1-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com XFS will need to know log_blocksize to remove the tree in case of an error. The size is needed to calculate offsets of particular Merkle tree blocks. Signed-off-by: Andrey Albershteyn --- fs/btrfs/verity.c | 4 +++- fs/ext4/verity.c | 3 ++- fs/f2fs/verity.c | 3 ++- fs/verity/enable.c | 6 ++++-- include/linux/fsverity.h | 4 +++- 5 files changed, 14 insertions(+), 6 deletions(-) diff --git a/fs/btrfs/verity.c b/fs/btrfs/verity.c index 66e2270b0dae..84e9b1480241 100644 --- a/fs/btrfs/verity.c +++ b/fs/btrfs/verity.c @@ -621,6 +621,7 @@ static int btrfs_begin_enable_verity(struct file *filp) * @desc: verity descriptor to write out (NULL in error conditions) * @desc_size: size of the verity descriptor (variable with signatures) * @merkle_tree_size: size of the merkle tree in bytes + * @tree_blocksize: size of the Merkle tree block * * If desc is null, then VFS is signaling an error occurred during verity * enable, and we should try to rollback. Otherwise, attempt to finish verity. @@ -628,7 +629,8 @@ static int btrfs_begin_enable_verity(struct file *filp) * Returns 0 on success, negative error code on error. */ static int btrfs_end_enable_verity(struct file *filp, const void *desc, - size_t desc_size, u64 merkle_tree_size) + size_t desc_size, u64 merkle_tree_size, + unsigned int tree_blocksize) { struct btrfs_inode *inode = BTRFS_I(file_inode(filp)); int ret = 0; diff --git a/fs/ext4/verity.c b/fs/ext4/verity.c index 2f37e1ea3955..da2095a81349 100644 --- a/fs/ext4/verity.c +++ b/fs/ext4/verity.c @@ -189,7 +189,8 @@ static int ext4_write_verity_descriptor(struct inode *inode, const void *desc, } static int ext4_end_enable_verity(struct file *filp, const void *desc, - size_t desc_size, u64 merkle_tree_size) + size_t desc_size, u64 merkle_tree_size, + unsigned int tree_blocksize) { struct inode *inode = file_inode(filp); const int credits = 2; /* superblock and inode for ext4_orphan_del() */ diff --git a/fs/f2fs/verity.c b/fs/f2fs/verity.c index 4fc95f353a7a..b4461b9f47a3 100644 --- a/fs/f2fs/verity.c +++ b/fs/f2fs/verity.c @@ -144,7 +144,8 @@ static int f2fs_begin_enable_verity(struct file *filp) } static int f2fs_end_enable_verity(struct file *filp, const void *desc, - size_t desc_size, u64 merkle_tree_size) + size_t desc_size, u64 merkle_tree_size, + unsigned int tree_blocksize) { struct inode *inode = file_inode(filp); struct f2fs_sb_info *sbi = F2FS_I_SB(inode); diff --git a/fs/verity/enable.c b/fs/verity/enable.c index c284f46d1b53..04e060880b79 100644 --- a/fs/verity/enable.c +++ b/fs/verity/enable.c @@ -274,7 +274,8 @@ static int enable_verity(struct file *filp, * Serialized with ->begin_enable_verity() by the inode lock. */ inode_lock(inode); - err = vops->end_enable_verity(filp, desc, desc_size, params.tree_size); + err = vops->end_enable_verity(filp, desc, desc_size, params.tree_size, + params.block_size); inode_unlock(inode); if (err) { fsverity_err(inode, "%ps() failed with err %d", @@ -300,7 +301,8 @@ static int enable_verity(struct file *filp, rollback: inode_lock(inode); - (void)vops->end_enable_verity(filp, NULL, 0, params.tree_size); + (void)vops->end_enable_verity(filp, NULL, 0, params.tree_size, + params.block_size); inode_unlock(inode); goto out; } diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h index 1eb7eae580be..ab7b0772899b 100644 --- a/include/linux/fsverity.h +++ b/include/linux/fsverity.h @@ -51,6 +51,7 @@ struct fsverity_operations { * @desc: the verity descriptor to write, or NULL on failure * @desc_size: size of verity descriptor, or 0 on failure * @merkle_tree_size: total bytes the Merkle tree took up + * @tree_blocksize: size of the Merkle tree block * * If desc == NULL, then enabling verity failed and the filesystem only * must do any necessary cleanups. Else, it must also store the given @@ -65,7 +66,8 @@ struct fsverity_operations { * Return: 0 on success, -errno on failure */ int (*end_enable_verity)(struct file *filp, const void *desc, - size_t desc_size, u64 merkle_tree_size); + size_t desc_size, u64 merkle_tree_size, + unsigned int tree_blocksize); /** * Get the verity descriptor of the given inode. From patchwork Mon Feb 12 16:58:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13553719 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D3CB43E47B for ; Mon, 12 Feb 2024 17:00:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757206; cv=none; b=d5Yk8gPiXoeRXQ9L9BRrwp+u/FHx/8V0hLlVmCjHHWit5kf9ah1hr8PXGUqxwm+PWyU0GXrPupyYsbUfcXLbS4RTx6fAbHK7mwRahxqk32HWt5JMTLm+6XAUB2hxhzP7tF0FWvQqrPXda6XiOyj3vZdvxX+Ivow69Zy/meNhXQM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757206; c=relaxed/simple; bh=ykhQfKWuHsV04EnI2o5RitgAdbOcIAZZrnDV0B1Wz7o=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=ARhvmEnfi7vk9hrt6fZoZpKDYY4gCd2SGBq5DXk+frLZx6jVmfYE6bjJ/OVG3omCqtvYZ5KOD/mjVKU5dAIVoH8JJNzdQ9mFhkLoO7Eo0XQik6WYIBrWJ6bcKxjeBomTAByx7VuT2M8WBNloSq2vIX5UhfcN7uaR0yquTsIcAik= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=TylLTPph; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="TylLTPph" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707757201; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1rjcwZ0Rr2XiOc2/6/uRIjv653Za/HHrJ87P2SLK6dc=; b=TylLTPphbuZp8FeFKRXWSFSsyehEU5Fup/gwwnLX7frESOQH3Wc2Bdys1JqTntMDW+2c2s B+hczUIXYr/gc811NNrFELi7sIj8TtNgNgf5DPEBCtvlkneAJth9l/ZsrVBlMDYxHco5K+ B1pPp7hCUSa79ApUjnzgeeYM5lJPbww= Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-255-cCAf81BVMHKKy1sADszlRA-1; Mon, 12 Feb 2024 12:00:00 -0500 X-MC-Unique: cCAf81BVMHKKy1sADszlRA-1 Received: by mail-ed1-f71.google.com with SMTP id 4fb4d7f45d1cf-55926c118e5so2583475a12.3 for ; Mon, 12 Feb 2024 08:59:59 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707757198; x=1708361998; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1rjcwZ0Rr2XiOc2/6/uRIjv653Za/HHrJ87P2SLK6dc=; b=LqBmBDV63RIslU28mOg5sICV0bTWsos6f9QJJ5daBaJ7oa1Lpiaj/qtOrJHGK5u/wV ILGf4jcgN9rgSLwV+k+Lvh1ufIgiSqsy/JGjK5DwT4kWoeOHkYzx3Kp4VqRGO+QAuF8q V+U/bx8xsiIeU+syJcViDRHBHVH26Loo0lctA1QD2Um2IAz7/mQnnfQ9Z/qiRZUpOTZ/ Vp7iCTnL8DxZdQjAVv8bQapxuiLHMV0iKeTUgu/hTbxHAEsybEIEPXVuTNHIhv+Uxe0B aLYh0nt412bZINf8ooh2JyWBIwiVvfEcvR4tLvF6LVbQesVZX29LYlgEltiUCaTWMujo ajzQ== X-Gm-Message-State: AOJu0YyjcRXTfhcRj9THXvm9qCH9emHSlrZxcTsCxTVbfiaNwKjm7jCx +TMYPwL8++8m3V5ROzY5NWpZ1ouKcry/+OT8kSuwuyiOx08W75yPgTcy7YwyFl7okgx16MaTP62 OrtUKx+RyPcyqbrjqmFQGOiEly4D8XxrltB9WVAU9AgfFKq6Iqon/ULhiXNsIfiSG7DRBWwMy5N pHn9JFv35smRFOqNrKmm/ipt6FhJPU7cO0QAdzUKc= X-Received: by 2002:aa7:ce09:0:b0:561:d4f0:eb14 with SMTP id d9-20020aa7ce09000000b00561d4f0eb14mr1075081edv.24.1707757198315; Mon, 12 Feb 2024 08:59:58 -0800 (PST) X-Google-Smtp-Source: AGHT+IGrV4HkefzeD/lUvcrVUp0NxzWYYoatrN1WUPjbxa5Ak0YKZMHd6cREY48MPKQV1piavId3wg== X-Received: by 2002:aa7:ce09:0:b0:561:d4f0:eb14 with SMTP id d9-20020aa7ce09000000b00561d4f0eb14mr1075053edv.24.1707757197684; Mon, 12 Feb 2024 08:59:57 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCXoL6yMAYidy/lOKRY2jPCMiORGPkk95YuL1jAOO6tNDyxcUsB4d9UtXuoZT8q5rUy2U0Lr+iRt791uvwUuvGhpt64KzZpG2EF3repx8hifvPytV0NLwughyrDoPid3EKCsskNtxMrKtoAA6JCt7wFpVJNwR77UiOGGL4awivMvbJ+7h65gk6ebsBlI8Y0Ik9hdyZBfrPVgfbjC8on5SyYor5LSJJmcwbym Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id 14-20020a0564021f4e00b0056176e95a88sm2620261edz.32.2024.02.12.08.59.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Feb 2024 08:59:56 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v4 07/25] fsverity: support block-based Merkle tree caching Date: Mon, 12 Feb 2024 17:58:04 +0100 Message-Id: <20240212165821.1901300-8-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240212165821.1901300-1-aalbersh@redhat.com> References: <20240212165821.1901300-1-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com In the current implementation fs-verity expects filesystem to provide PAGEs filled with Merkle tree blocks. Then, when fs-verity is done with processing the blocks, reference to PAGE is freed. This doesn't fit well with the way XFS manages its memory. To allow XFS integrate fs-verity this patch changes fs-verity verification code to take Merkle tree blocks instead of PAGE reference. Then, adds a thin compatibility layer to work with both approaches. This way ext4, f2fs, and btrfs are still able to pass PAGE references and XFS can pass reference to Merkle tree blocks stored in XFS's buffer infrastructure. Another addition is invalidation functions which tells fs-verity to mark part of Merkle tree as not verified. These functions are used by filesystem to tell fs-verity to invalidate blocks which were evicted from memory. Depending on Merkle tree block size fs-verity is using either bitmap or PG_checked flag to track "verified" status of the blocks. With a Merkle tree block caching (XFS) there is no PAGE to flag it as verified. fs-verity always uses bitmap to track verified blocks for filesystems which use block caching. As verification function now works only with blocks - memory barriers, used for verified status updates, are moved from is_hash_block_verified() to fsverity_invalidate_page/range(). Depending on block or page caching, fs-verity clears bits in bitmap based on PG_checked or from filesystem call out. Further this patch allows filesystem to make additional processing on verified pages instead of just dropping a reference via fsverity_drop_block(). This will be used by XFS for internal buffer cache manipulation in further patches. The btrfs, ext4, and f2fs just drop the reference. As btrfs, ext4 and f2fs return page with Merkle tree blocks this patch also adds fsverity_read_merkle_tree_block() which wraps addressing blocks in the page. Signed-off-by: Andrey Albershteyn --- fs/verity/fsverity_private.h | 27 ++++ fs/verity/open.c | 8 +- fs/verity/read_metadata.c | 48 +++--- fs/verity/verify.c | 280 ++++++++++++++++++++++++----------- include/linux/fsverity.h | 69 +++++++++ 5 files changed, 316 insertions(+), 116 deletions(-) diff --git a/fs/verity/fsverity_private.h b/fs/verity/fsverity_private.h index b3506f56e180..72ac1cdd9e63 100644 --- a/fs/verity/fsverity_private.h +++ b/fs/verity/fsverity_private.h @@ -154,4 +154,31 @@ static inline void fsverity_init_signature(void) void __init fsverity_init_workqueue(void); +/** + * fsverity_drop_block() - drop block obtained with ->read_merkle_tree_block() + * @inode: inode in use for verification or metadata reading + * @block: block to be dropped + * + * Calls out back to filesystem if ->drop_block() is set, otherwise, drop the + * reference in the block->context. + */ +void fsverity_drop_block(struct inode *inode, + struct fsverity_blockbuf *block); + +/** + * fsverity_read_block_from_page() - general function to read Merkle tree block + * @inode: inode in use for verification or metadata reading + * @pos: byte offset of the block within the Merkle tree + * @block: block to read + * @num_ra_pages: number of pages to readahead, may be ignored + * + * Depending on fs implementation use read_merkle_tree_block() or + * read_merkle_tree_page() to read blocks. + */ +int fsverity_read_merkle_tree_block(struct inode *inode, + u64 pos, + struct fsverity_blockbuf *block, + unsigned int log_blocksize, + unsigned long num_ra_pages); + #endif /* _FSVERITY_PRIVATE_H */ diff --git a/fs/verity/open.c b/fs/verity/open.c index fdeb95eca3af..6e6922b4b014 100644 --- a/fs/verity/open.c +++ b/fs/verity/open.c @@ -213,7 +213,13 @@ struct fsverity_info *fsverity_create_info(const struct inode *inode, if (err) goto fail; - if (vi->tree_params.block_size != PAGE_SIZE) { + /* + * If fs passes Merkle tree blocks to fs-verity (e.g. XFS), then + * fs-verity should use hash_block_verified bitmap as there's no page + * to mark it with PG_checked. + */ + if (vi->tree_params.block_size != PAGE_SIZE || + inode->i_sb->s_vop->read_merkle_tree_block) { /* * When the Merkle tree block size and page size differ, we use * a bitmap to keep track of which hash blocks have been diff --git a/fs/verity/read_metadata.c b/fs/verity/read_metadata.c index f58432772d9e..7e153356e7bc 100644 --- a/fs/verity/read_metadata.c +++ b/fs/verity/read_metadata.c @@ -16,9 +16,10 @@ static int fsverity_read_merkle_tree(struct inode *inode, const struct fsverity_info *vi, void __user *buf, u64 offset, int length) { - const struct fsverity_operations *vops = inode->i_sb->s_vop; u64 end_offset; - unsigned int offs_in_page; + unsigned int offs_in_block; + const unsigned int block_size = vi->tree_params.block_size; + const u8 log_blocksize = vi->tree_params.log_blocksize; pgoff_t index, last_index; int retval = 0; int err = 0; @@ -26,42 +27,39 @@ static int fsverity_read_merkle_tree(struct inode *inode, end_offset = min(offset + length, vi->tree_params.tree_size); if (offset >= end_offset) return 0; - offs_in_page = offset_in_page(offset); - last_index = (end_offset - 1) >> PAGE_SHIFT; + offs_in_block = offset & (block_size - 1); + last_index = (end_offset - 1) >> log_blocksize; /* - * Iterate through each Merkle tree page in the requested range and copy - * the requested portion to userspace. Note that the Merkle tree block - * size isn't important here, as we are returning a byte stream; i.e., - * we can just work with pages even if the tree block size != PAGE_SIZE. + * Iterate through each Merkle tree block in the requested range and + * copy the requested portion to userspace. Note that we are returning + * a byte stream, so PAGE_SIZE & block_size are not important here. */ - for (index = offset >> PAGE_SHIFT; index <= last_index; index++) { + for (index = offset >> log_blocksize; index <= last_index; index++) { unsigned long num_ra_pages = min_t(unsigned long, last_index - index + 1, inode->i_sb->s_bdi->io_pages); unsigned int bytes_to_copy = min_t(u64, end_offset - offset, - PAGE_SIZE - offs_in_page); - struct page *page; - const void *virt; + block_size - offs_in_block); + struct fsverity_blockbuf block; - page = vops->read_merkle_tree_page(inode, index, num_ra_pages); - if (IS_ERR(page)) { - err = PTR_ERR(page); - fsverity_err(inode, - "Error %d reading Merkle tree page %lu", - err, index); + block.size = block_size; + if (fsverity_read_merkle_tree_block(inode, + index << log_blocksize, + &block, log_blocksize, + num_ra_pages)) { + fsverity_drop_block(inode, &block); + err = -EIO; break; } - virt = kmap_local_page(page); - if (copy_to_user(buf, virt + offs_in_page, bytes_to_copy)) { - kunmap_local(virt); - put_page(page); + if (copy_to_user(buf, block.kaddr + offs_in_block, bytes_to_copy)) { + fsverity_drop_block(inode, &block); err = -EFAULT; break; } - kunmap_local(virt); - put_page(page); + fsverity_drop_block(inode, &block); + block.kaddr = NULL; retval += bytes_to_copy; buf += bytes_to_copy; @@ -72,7 +70,7 @@ static int fsverity_read_merkle_tree(struct inode *inode, break; } cond_resched(); - offs_in_page = 0; + offs_in_block = 0; } return retval ? retval : err; } diff --git a/fs/verity/verify.c b/fs/verity/verify.c index 4fcad0825a12..414ec3321fe6 100644 --- a/fs/verity/verify.c +++ b/fs/verity/verify.c @@ -13,69 +13,18 @@ static struct workqueue_struct *fsverity_read_workqueue; /* - * Returns true if the hash block with index @hblock_idx in the tree, located in - * @hpage, has already been verified. + * Returns true if the hash block with index @hblock_idx in the tree has + * already been verified. */ -static bool is_hash_block_verified(struct fsverity_info *vi, struct page *hpage, +static bool is_hash_block_verified(struct fsverity_info *vi, + struct fsverity_blockbuf *block, unsigned long hblock_idx) { - unsigned int blocks_per_page; - unsigned int i; - - /* - * When the Merkle tree block size and page size are the same, then the - * ->hash_block_verified bitmap isn't allocated, and we use PG_checked - * to directly indicate whether the page's block has been verified. - * - * Using PG_checked also guarantees that we re-verify hash pages that - * get evicted and re-instantiated from the backing storage, as new - * pages always start out with PG_checked cleared. - */ + /* Merkle tree block size == PAGE_SIZE */ if (!vi->hash_block_verified) - return PageChecked(hpage); + return block->verified; - /* - * When the Merkle tree block size and page size differ, we use a bitmap - * to indicate whether each hash block has been verified. - * - * However, we still need to ensure that hash pages that get evicted and - * re-instantiated from the backing storage are re-verified. To do - * this, we use PG_checked again, but now it doesn't really mean - * "checked". Instead, now it just serves as an indicator for whether - * the hash page is newly instantiated or not. If the page is new, as - * indicated by PG_checked=0, we clear the bitmap bits for the page's - * blocks since they are untrustworthy, then set PG_checked=1. - * Otherwise we return the bitmap bit for the requested block. - * - * Multiple threads may execute this code concurrently on the same page. - * This is safe because we use memory barriers to ensure that if a - * thread sees PG_checked=1, then it also sees the associated bitmap - * clearing to have occurred. Also, all writes and their corresponding - * reads are atomic, and all writes are safe to repeat in the event that - * multiple threads get into the PG_checked=0 section. (Clearing a - * bitmap bit again at worst causes a hash block to be verified - * redundantly. That event should be very rare, so it's not worth using - * a lock to avoid. Setting PG_checked again has no effect.) - */ - if (PageChecked(hpage)) { - /* - * A read memory barrier is needed here to give ACQUIRE - * semantics to the above PageChecked() test. - */ - smp_rmb(); - return test_bit(hblock_idx, vi->hash_block_verified); - } - blocks_per_page = vi->tree_params.blocks_per_page; - hblock_idx = round_down(hblock_idx, blocks_per_page); - for (i = 0; i < blocks_per_page; i++) - clear_bit(hblock_idx + i, vi->hash_block_verified); - /* - * A write memory barrier is needed here to give RELEASE semantics to - * the below SetPageChecked() operation. - */ - smp_wmb(); - SetPageChecked(hpage); - return false; + return test_bit(hblock_idx, vi->hash_block_verified); } /* @@ -95,15 +44,15 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, const struct merkle_tree_params *params = &vi->tree_params; const unsigned int hsize = params->digest_size; int level; + int err; + int num_ra_pages; u8 _want_hash[FS_VERITY_MAX_DIGEST_SIZE]; const u8 *want_hash; u8 real_hash[FS_VERITY_MAX_DIGEST_SIZE]; /* The hash blocks that are traversed, indexed by level */ struct { - /* Page containing the hash block */ - struct page *page; - /* Mapped address of the hash block (will be within @page) */ - const void *addr; + /* Buffer containing the hash block */ + struct fsverity_blockbuf block; /* Index of the hash block in the tree overall */ unsigned long index; /* Byte offset of the wanted hash relative to @addr */ @@ -144,10 +93,8 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, unsigned long next_hidx; unsigned long hblock_idx; pgoff_t hpage_idx; - unsigned int hblock_offset_in_page; unsigned int hoffset; - struct page *hpage; - const void *haddr; + struct fsverity_blockbuf *block = &hblocks[level].block; /* * The index of the block in the current level; also the index @@ -161,33 +108,27 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, /* Index of the hash page in the tree overall */ hpage_idx = hblock_idx >> params->log_blocks_per_page; - /* Byte offset of the hash block within the page */ - hblock_offset_in_page = - (hblock_idx << params->log_blocksize) & ~PAGE_MASK; - /* Byte offset of the hash within the block */ hoffset = (hidx << params->log_digestsize) & (params->block_size - 1); - hpage = inode->i_sb->s_vop->read_merkle_tree_page(inode, - hpage_idx, level == 0 ? min(max_ra_pages, - params->tree_pages - hpage_idx) : 0); - if (IS_ERR(hpage)) { + num_ra_pages = level == 0 ? + min(max_ra_pages, params->tree_pages - hpage_idx) : 0; + err = fsverity_read_merkle_tree_block( + inode, hblock_idx << params->log_blocksize, block, + params->log_blocksize, num_ra_pages); + if (err) { fsverity_err(inode, - "Error %ld reading Merkle tree page %lu", - PTR_ERR(hpage), hpage_idx); + "Error %d reading Merkle tree block %lu", + err, hblock_idx); goto error; } - haddr = kmap_local_page(hpage) + hblock_offset_in_page; - if (is_hash_block_verified(vi, hpage, hblock_idx)) { - memcpy(_want_hash, haddr + hoffset, hsize); + if (is_hash_block_verified(vi, block, hblock_idx)) { + memcpy(_want_hash, block->kaddr + hoffset, hsize); want_hash = _want_hash; - kunmap_local(haddr); - put_page(hpage); + fsverity_drop_block(inode, block); goto descend; } - hblocks[level].page = hpage; - hblocks[level].addr = haddr; hblocks[level].index = hblock_idx; hblocks[level].hoffset = hoffset; hidx = next_hidx; @@ -197,8 +138,8 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, descend: /* Descend the tree verifying hash blocks. */ for (; level > 0; level--) { - struct page *hpage = hblocks[level - 1].page; - const void *haddr = hblocks[level - 1].addr; + struct fsverity_blockbuf *block = &hblocks[level - 1].block; + const void *haddr = block->kaddr; unsigned long hblock_idx = hblocks[level - 1].index; unsigned int hoffset = hblocks[level - 1].hoffset; @@ -213,12 +154,10 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, */ if (vi->hash_block_verified) set_bit(hblock_idx, vi->hash_block_verified); - else - SetPageChecked(hpage); + block->verified = true; memcpy(_want_hash, haddr + hoffset, hsize); want_hash = _want_hash; - kunmap_local(haddr); - put_page(hpage); + fsverity_drop_block(inode, block); } /* Finally, verify the data block. */ @@ -236,8 +175,7 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, params->hash_alg->name, hsize, real_hash); error: for (; level > 0; level--) { - kunmap_local(hblocks[level - 1].addr); - put_page(hblocks[level - 1].page); + fsverity_drop_block(inode, &hblocks[level - 1].block); } return false; } @@ -362,3 +300,165 @@ void __init fsverity_init_workqueue(void) if (!fsverity_read_workqueue) panic("failed to allocate fsverity_read_queue"); } + +/** + * fsverity_invalidate_range() - invalidate range of Merkle tree blocks + * @inode: inode to which this Merkle tree blocks belong + * @offset: offset into the Merkle tree + * @size: number of bytes to invalidate starting from @offset + * + * This function invalidates/clears "verified" state of all Merkle tree blocks + * in the Merkle tree within the range starting from 'offset' to 'offset + size'. + * + * Note! As this function clears fs-verity bitmap and can be run from multiple + * threads simultaneously, filesystem has to take care of operation ordering + * while invalidating Merkle tree and caching it. See fsverity_invalidate_page() + * as reference. + */ +void fsverity_invalidate_range(struct inode *inode, loff_t offset, + size_t size) +{ + struct fsverity_info *vi = inode->i_verity_info; + const unsigned int log_blocksize = vi->tree_params.log_blocksize; + unsigned int i; + pgoff_t index = offset >> log_blocksize; + unsigned int blocks = size >> log_blocksize; + + if (offset + size > vi->tree_params.tree_size) { + fsverity_err(inode, +"Trying to invalidate beyond Merkle tree (tree %lld, offset %lld, size %ld)", + vi->tree_params.tree_size, offset, size); + return; + } + + for (i = 0; i < blocks; i++) + clear_bit(index + i, vi->hash_block_verified); +} +EXPORT_SYMBOL_GPL(fsverity_invalidate_range); + +/* fsverity_invalidate_page() - invalidate Merkle tree blocks in the page + * @inode: inode to which this Merkle tree blocks belong + * @page: page which contains blocks which need to be invalidated + * @index: index of the first Merkle tree block in the page + * + * This function invalidates "verified" state of all Merkle tree blocks within + * the 'page'. + * + * When the Merkle tree block size and page size are the same, then the + * ->hash_block_verified bitmap isn't allocated, and we use PG_checked + * to directly indicate whether the page's block has been verified. This + * function does nothing in this case as page is invalidated by evicting from + * the memory. + * + * Using PG_checked also guarantees that we re-verify hash pages that + * get evicted and re-instantiated from the backing storage, as new + * pages always start out with PG_checked cleared. + */ +void fsverity_invalidate_page(struct inode *inode, struct page *page, + pgoff_t index) +{ + unsigned int blocks_per_page; + struct fsverity_info *vi = inode->i_verity_info; + const unsigned int log_blocksize = vi->tree_params.log_blocksize; + + /* + * If bitmap is not allocated, that means that fs-verity uses PG_checked + * to track verification status of the blocks. + */ + if (!vi->hash_block_verified) + return; + + /* + * When the Merkle tree block size and page size differ, we use a bitmap + * to indicate whether each hash block has been verified. + * + * However, we still need to ensure that hash pages that get evicted and + * re-instantiated from the backing storage are re-verified. To do + * this, we use PG_checked again, but now it doesn't really mean + * "checked". Instead, now it just serves as an indicator for whether + * the hash page is newly instantiated or not. If the page is new, as + * indicated by PG_checked=0, we clear the bitmap bits for the page's + * blocks since they are untrustworthy, then set PG_checked=1. + * + * Multiple threads may execute this code concurrently on the same page. + * This is safe because we use memory barriers to ensure that if a + * thread sees PG_checked=1, then it also sees the associated bitmap + * clearing to have occurred. Also, all writes and their corresponding + * reads are atomic, and all writes are safe to repeat in the event that + * multiple threads get into the PG_checked=0 section. (Clearing a + * bitmap bit again at worst causes a hash block to be verified + * redundantly. That event should be very rare, so it's not worth using + * a lock to avoid. Setting PG_checked again has no effect.) + */ + if (PageChecked(page)) { + /* + * A read memory barrier is needed here to give ACQUIRE + * semantics to the above PageChecked() test. + */ + smp_rmb(); + return; + } + + blocks_per_page = vi->tree_params.blocks_per_page; + index = round_down(index, blocks_per_page); + fsverity_invalidate_range(inode, index << log_blocksize, PAGE_SIZE); + /* + * A write memory barrier is needed here to give RELEASE + * semantics to the below SetPageChecked() operation. + */ + smp_wmb(); + SetPageChecked(page); +} + +void fsverity_drop_block(struct inode *inode, + struct fsverity_blockbuf *block) +{ + if (inode->i_sb->s_vop->drop_block) + inode->i_sb->s_vop->drop_block(block); + else { + struct page *page = (struct page *)block->context; + + /* Merkle tree block size == PAGE_SIZE; */ + if (block->verified) + SetPageChecked(page); + + kunmap_local(block->kaddr); + put_page(page); + } +} + +int fsverity_read_merkle_tree_block(struct inode *inode, + u64 pos, + struct fsverity_blockbuf *block, + unsigned int log_blocksize, + unsigned long num_ra_pages) +{ + struct page *page; + int err = 0; + unsigned long index = pos >> PAGE_SHIFT; + + if (inode->i_sb->s_vop->read_merkle_tree_block) + return inode->i_sb->s_vop->read_merkle_tree_block( + inode, pos, block, log_blocksize, num_ra_pages); + + page = inode->i_sb->s_vop->read_merkle_tree_page( + inode, index, num_ra_pages); + if (IS_ERR(page)) { + err = PTR_ERR(page); + fsverity_err(inode, + "Error %d reading Merkle tree page %lu", + err, index); + return PTR_ERR(page); + } + + fsverity_invalidate_page(inode, page, index); + /* + * For the block size == PAGE_SIZE case set ->verified. The PG_checked + * indicates whether block in the page is verified. + */ + block->verified = PageChecked(page); + block->kaddr = kmap_local_page(page) + (pos & (PAGE_SIZE - 1)); + block->context = page; + + return 0; +} diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h index ab7b0772899b..fb2d4fccec0c 100644 --- a/include/linux/fsverity.h +++ b/include/linux/fsverity.h @@ -26,6 +26,36 @@ /* Arbitrary limit to bound the kmalloc() size. Can be changed. */ #define FS_VERITY_MAX_DESCRIPTOR_SIZE 16384 +/** + * struct fsverity_blockbuf - Merkle Tree block + * @kaddr: virtual address of the block's data + * @size: buffer size + * @verified: true if block is verified against Merkle tree + * @context: filesystem private context + * + * Buffer containing single Merkle Tree block. These buffers are passed + * - to filesystem, when fs-verity is building/writing merkel tree, + * - from filesystem, when fs-verity is reading merkle tree from a disk. + * Filesystems sets kaddr together with size to point to a memory which contains + * Merkle tree block. Same is done by fs-verity when Merkle tree is need to be + * written down to disk. + * + * While reading the tree, fs-verity calls ->read_merkle_tree_block followed by + * ->drop_block to let filesystem know that memory can be freed. + * + * For Merkle tree block == PAGE_SIZE, fs-verity sets verified flag to true if + * block in the buffer was verified. + * + * The context is optional. This field can be used by filesystem to passthrough + * state from ->read_merkle_tree_block to ->drop_block. + */ +struct fsverity_blockbuf { + void *kaddr; + unsigned int size; + bool verified; + void *context; +}; + /* Verity operations for filesystems */ struct fsverity_operations { @@ -107,6 +137,32 @@ struct fsverity_operations { pgoff_t index, unsigned long num_ra_pages); + /** + * Read a Merkle tree block of the given inode. + * @inode: the inode + * @pos: byte offset of the block within the Merkle tree + * @block: block buffer for filesystem to point it to the block + * @log_blocksize: size of the expected block + * @num_ra_pages: The number of pages with blocks that should be + * prefetched starting at @index if the page at @index + * isn't already cached. Implementations may ignore this + * argument; it's only a performance optimization. + * + * This can be called at any time on an open verity file. It may be + * called by multiple processes concurrently. + * + * As filesystem does caching of the blocks, this functions needs to tell + * fsverity which blocks are not valid anymore (were evicted from memory) + * by calling fsverity_invalidate_range(). + * + * Return: 0 on success, -errno on failure + */ + int (*read_merkle_tree_block)(struct inode *inode, + u64 pos, + struct fsverity_blockbuf *block, + unsigned int log_blocksize, + unsigned long num_ra_pages); + /** * Write a Merkle tree block to the given inode. * @@ -122,6 +178,16 @@ struct fsverity_operations { */ int (*write_merkle_tree_block)(struct inode *inode, const void *buf, u64 pos, unsigned int size); + + /** + * Release the reference to a Merkle tree block + * + * @page: the block to release + * + * This is called when fs-verity is done with a block obtained with + * ->read_merkle_tree_block(). + */ + void (*drop_block)(struct fsverity_blockbuf *block); }; #ifdef CONFIG_FS_VERITY @@ -175,6 +241,9 @@ int fsverity_ioctl_read_metadata(struct file *filp, const void __user *uarg); bool fsverity_verify_blocks(struct folio *folio, size_t len, size_t offset); void fsverity_verify_bio(struct bio *bio); void fsverity_enqueue_verify_work(struct work_struct *work); +void fsverity_invalidate_range(struct inode *inode, loff_t offset, size_t size); +void fsverity_invalidate_page(struct inode *inode, struct page *page, + pgoff_t index); #else /* !CONFIG_FS_VERITY */ From patchwork Mon Feb 12 16:58:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13553717 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9C5C93D986 for ; Mon, 12 Feb 2024 17:00:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757204; cv=none; b=d6fCnAoLuVrLzOBY1E9jxGO4UZTP6i/mQWdoIUaXAA4fp+h80HBFgzOEPHd0zBbPppn6UQ9vvlBPankNR2GUpTVsDasn6L1x/RiTR3WvA439X1P8bGVwf37MdaoagKz2AandQtgaWu4YLK3M0NEI4srq6pWoR2cR5j2i2yB9twQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757204; c=relaxed/simple; bh=Q08TchXbWoihQ6fCDPoRO1eBKpAe+M20FpfPKv5WSZw=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=C6cWQxR0GZjhomZTE2XM+Y9+v4e3QfI9bWVtR84s5HV8dQ8jRl3CjDtueJpaavbeA0zncgGGZOdPoZ6KMGz9u8cKcfejqVuSBiXPVmww7OfaNpI5iVFqwwEZicrwPR7on8vfanClztxSUO0AZmDuXD6gOKKbSBoevN6O8yQgKa0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=ZZpusOWd; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="ZZpusOWd" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707757201; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=crv7tlQVsJYaSE0CXLWFrc5tM7MlAUbMwi6wgSZcz7Q=; b=ZZpusOWdRAC1Vgfr5NfY1+iTAKb79EQJekBX51QCQHtOhswaq/knkQGSH9aJrKk7spI93k 9auSVH+mIzjyKFgb0WVTOH8fP+SlsmAXP9Cp846UcrSv0UOlas0MBSYJJ6n/qMncGi2EFV 1rKJKf8bgREzCm3Cbau+6DZD8ocqJSw= Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-325-VCwUCDvyMSuw-3MH2X75ww-1; Mon, 12 Feb 2024 12:00:00 -0500 X-MC-Unique: VCwUCDvyMSuw-3MH2X75ww-1 Received: by mail-ed1-f70.google.com with SMTP id 4fb4d7f45d1cf-561bc69fbe5so578285a12.2 for ; Mon, 12 Feb 2024 09:00:00 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707757198; x=1708361998; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=crv7tlQVsJYaSE0CXLWFrc5tM7MlAUbMwi6wgSZcz7Q=; b=m3UKGfG1S3fXp7EqOw0BSoFqW7hSV7tf7ptJveXRLeX4ny/ug5o214xh/UZ0nsrRBn z19zf+9Dh0zQ3nbmtaQKSZu8yTjOclXF9+29jcTNiMnYQaT5rIEwMt8vmQgteJuolGco VsM3EytnK39FhMNnTHqsGO+4d/zi/Hxa3hxcAUVQeXmvX0huUVL4A6UQXJPsCUhiKtbh 3g+adCf2QvbT/lxAPAUBWyX6ctw6bVxA7usCA353tyyBrtX+JbLYgM32XcfY/yVt+x/L TuSGYlGXg2hfjGDh2WvNtywPQ145zTr0pHqbDDKNLWIh4KtdiJ9w11KBjevuvLL6wwDO +inA== X-Gm-Message-State: AOJu0Yyb0QaKuu7kOd/4jnKqcyQTNwDrfNrGUvamhoeWV9Hkjr1ebsL3 63ejGQ1Ve6OBUIHUchnD+JREK8tmqG0zaFoXt6zl+NPZcJFFvhnMk9332G/ued86H93rgZLqanZ lVUzqddFSbDREd2C9o+EG61EOKHmRaeWoo6EvFQZJc+St58r1EXYx3YS0QU2he7r3G5Zw+KQ7vR z+NmU5faFhSHpmAAsa9ycp9OzjC9dqvU0wP01EeYk= X-Received: by 2002:a05:6402:345c:b0:561:aa6:3976 with SMTP id l28-20020a056402345c00b005610aa63976mr5516179edc.9.1707757198699; Mon, 12 Feb 2024 08:59:58 -0800 (PST) X-Google-Smtp-Source: AGHT+IEyUpx63MaPiRn9G9d80PqG5/lPqN+lnyfZ044mU8iFlZoxsi4myrnOKyNNVRWSMfwjy5f9cA== X-Received: by 2002:a05:6402:345c:b0:561:aa6:3976 with SMTP id l28-20020a056402345c00b005610aa63976mr5516157edc.9.1707757198461; Mon, 12 Feb 2024 08:59:58 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCUJHgORsjctOZtKHJJrXjpPkQj9xVQ8t62rizLdYxISuAgVKlsiORGXpyr2a1TZXip5eAkHUIKj1oM2JN9IrK2xES+fAztqn0P/sPcQrR0M1WfMRpPj9bwmv/MIMT/uG6Tq9KyekX5qr4Ds94g0nAWedC9yEessfRRcD8GkC+SHy/9h9nHaXhV8+3j5YtHPsK1BalYd8M6F2khs6Jl6gIUr2Uhk7sSYQVCX Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id 14-20020a0564021f4e00b0056176e95a88sm2620261edz.32.2024.02.12.08.59.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Feb 2024 08:59:58 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v4 08/25] fsverity: calculate readahead in bytes instead of pages Date: Mon, 12 Feb 2024 17:58:05 +0100 Message-Id: <20240212165821.1901300-9-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240212165821.1901300-1-aalbersh@redhat.com> References: <20240212165821.1901300-1-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Replace readahead unit from pages to bytes as fs-verity is now mainly works with blocks instead of pages. Signed-off-by: Andrey Albershteyn --- fs/verity/fsverity_private.h | 4 ++-- fs/verity/verify.c | 41 +++++++++++++++++++----------------- include/linux/fsverity.h | 6 +++--- 3 files changed, 27 insertions(+), 24 deletions(-) diff --git a/fs/verity/fsverity_private.h b/fs/verity/fsverity_private.h index 72ac1cdd9e63..2bf1f94d437c 100644 --- a/fs/verity/fsverity_private.h +++ b/fs/verity/fsverity_private.h @@ -170,7 +170,7 @@ void fsverity_drop_block(struct inode *inode, * @inode: inode in use for verification or metadata reading * @pos: byte offset of the block within the Merkle tree * @block: block to read - * @num_ra_pages: number of pages to readahead, may be ignored + * @ra_bytes: number of bytes to readahead, may be ignored * * Depending on fs implementation use read_merkle_tree_block() or * read_merkle_tree_page() to read blocks. @@ -179,6 +179,6 @@ int fsverity_read_merkle_tree_block(struct inode *inode, u64 pos, struct fsverity_blockbuf *block, unsigned int log_blocksize, - unsigned long num_ra_pages); + u64 ra_bytes); #endif /* _FSVERITY_PRIVATE_H */ diff --git a/fs/verity/verify.c b/fs/verity/verify.c index 414ec3321fe6..6f4ff420c075 100644 --- a/fs/verity/verify.c +++ b/fs/verity/verify.c @@ -39,13 +39,12 @@ static bool is_hash_block_verified(struct fsverity_info *vi, */ static bool verify_data_block(struct inode *inode, struct fsverity_info *vi, - const void *data, u64 data_pos, unsigned long max_ra_pages) + const void *data, u64 data_pos, u64 max_ra_bytes) { const struct merkle_tree_params *params = &vi->tree_params; const unsigned int hsize = params->digest_size; int level; int err; - int num_ra_pages; u8 _want_hash[FS_VERITY_MAX_DIGEST_SIZE]; const u8 *want_hash; u8 real_hash[FS_VERITY_MAX_DIGEST_SIZE]; @@ -92,9 +91,11 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, for (level = 0; level < params->num_levels; level++) { unsigned long next_hidx; unsigned long hblock_idx; - pgoff_t hpage_idx; unsigned int hoffset; struct fsverity_blockbuf *block = &hblocks[level].block; + u64 block_offset; + u64 ra_bytes = 0; + u64 tree_size; /* * The index of the block in the current level; also the index @@ -105,18 +106,20 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, /* Index of the hash block in the tree overall */ hblock_idx = params->level_start[level] + next_hidx; - /* Index of the hash page in the tree overall */ - hpage_idx = hblock_idx >> params->log_blocks_per_page; + /* Offset of the Merkle tree block into the tree */ + block_offset = hblock_idx << params->log_blocksize; /* Byte offset of the hash within the block */ hoffset = (hidx << params->log_digestsize) & (params->block_size - 1); - num_ra_pages = level == 0 ? - min(max_ra_pages, params->tree_pages - hpage_idx) : 0; + if (level == 0) { + tree_size = params->tree_pages << PAGE_SHIFT; + ra_bytes = min(max_ra_bytes, (tree_size - block_offset)); + } err = fsverity_read_merkle_tree_block( - inode, hblock_idx << params->log_blocksize, block, - params->log_blocksize, num_ra_pages); + inode, block_offset, block, + params->log_blocksize, ra_bytes); if (err) { fsverity_err(inode, "Error %d reading Merkle tree block %lu", @@ -182,7 +185,7 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, static bool verify_data_blocks(struct folio *data_folio, size_t len, size_t offset, - unsigned long max_ra_pages) + u64 max_ra_bytes) { struct inode *inode = data_folio->mapping->host; struct fsverity_info *vi = inode->i_verity_info; @@ -200,7 +203,7 @@ verify_data_blocks(struct folio *data_folio, size_t len, size_t offset, data = kmap_local_folio(data_folio, offset); valid = verify_data_block(inode, vi, data, pos + offset, - max_ra_pages); + max_ra_bytes); kunmap_local(data); if (!valid) return false; @@ -246,24 +249,24 @@ EXPORT_SYMBOL_GPL(fsverity_verify_blocks); void fsverity_verify_bio(struct bio *bio) { struct folio_iter fi; - unsigned long max_ra_pages = 0; + u64 max_ra_bytes = 0; if (bio->bi_opf & REQ_RAHEAD) { /* * If this bio is for data readahead, then we also do readahead * of the first (largest) level of the Merkle tree. Namely, - * when a Merkle tree page is read, we also try to piggy-back on - * some additional pages -- up to 1/4 the number of data pages. + * when a Merkle tree is read, we also try to piggy-back on + * some additional bytes -- up to 1/4 of data. * * This improves sequential read performance, as it greatly * reduces the number of I/O requests made to the Merkle tree. */ - max_ra_pages = bio->bi_iter.bi_size >> (PAGE_SHIFT + 2); + max_ra_bytes = bio->bi_iter.bi_size >> 2; } bio_for_each_folio_all(fi, bio) { if (!verify_data_blocks(fi.folio, fi.length, fi.offset, - max_ra_pages)) { + max_ra_bytes)) { bio->bi_status = BLK_STS_IOERR; break; } @@ -431,7 +434,7 @@ int fsverity_read_merkle_tree_block(struct inode *inode, u64 pos, struct fsverity_blockbuf *block, unsigned int log_blocksize, - unsigned long num_ra_pages) + u64 ra_bytes) { struct page *page; int err = 0; @@ -439,10 +442,10 @@ int fsverity_read_merkle_tree_block(struct inode *inode, if (inode->i_sb->s_vop->read_merkle_tree_block) return inode->i_sb->s_vop->read_merkle_tree_block( - inode, pos, block, log_blocksize, num_ra_pages); + inode, pos, block, log_blocksize, ra_bytes); page = inode->i_sb->s_vop->read_merkle_tree_page( - inode, index, num_ra_pages); + inode, index, (ra_bytes >> PAGE_SHIFT)); if (IS_ERR(page)) { err = PTR_ERR(page); fsverity_err(inode, diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h index fb2d4fccec0c..7bb0e044c44e 100644 --- a/include/linux/fsverity.h +++ b/include/linux/fsverity.h @@ -143,8 +143,8 @@ struct fsverity_operations { * @pos: byte offset of the block within the Merkle tree * @block: block buffer for filesystem to point it to the block * @log_blocksize: size of the expected block - * @num_ra_pages: The number of pages with blocks that should be - * prefetched starting at @index if the page at @index + * @ra_bytes: The number of bytes that should be + * prefetched starting at @pos if the data at @pos * isn't already cached. Implementations may ignore this * argument; it's only a performance optimization. * @@ -161,7 +161,7 @@ struct fsverity_operations { u64 pos, struct fsverity_blockbuf *block, unsigned int log_blocksize, - unsigned long num_ra_pages); + u64 ra_bytes); /** * Write a Merkle tree block to the given inode. From patchwork Mon Feb 12 16:58:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13553718 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 76ADE3D56B for ; Mon, 12 Feb 2024 17:00:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757206; cv=none; b=MluZp0m1bTEHAh5xhRiwA0NdrvO8H35AXYXRZoYd1TMFs/SDtolkzb79D+mEadDd7tHS/A4100wxfNHV4MjOAOaZz+Eh3c3RAxF4ny0iSVLUNE7FzQchFADwR054F4AJWg/jcOrMKCvQIbwVXMhGTQoEhUDF00/XR9J3SbaexhU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757206; c=relaxed/simple; bh=wpwwkUMQQ1oCVKokCsM4qLWIq0nv9cKIzEH2+0qCgCE=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=q37hwoFeSK9GOjrmjoVfrRG6oRlde3LP9Ii6aW8ytZ8VXjwB/N9oAJ8kMxer67VeGMEVNwbzWBw+joSpTK26SC25bJnTfwbJk7IL8tTOApaqV+WjNVnVtbh+DgwdeJh4gDSSWKdkeGX1RyRIrk/ZlB42RlHYnXNrsCrF2IyBifU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=A2KcEnUD; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="A2KcEnUD" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707757203; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OS1TTVXUwoueTLFTvYK+vY3u9o7lEMipfR1U95f36dE=; b=A2KcEnUDp/O4Dhf9j1MmI836GH18TMEqEEk8xnXt7qmxVSArwrZtB1u4VJPsXPgLCHBcaj idieYgZQTaUxcGyp9IxPbEKm7lwZFmBmkULvngV+8+mi9UNWb5I90HQZCoVxy6ox+oUrSK OKgfoyvd8FmtvW0JfjzFWDUo2PHa810= Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com [209.85.208.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-130-I0NlhmgqOWGf4-Gic13YTg-1; Mon, 12 Feb 2024 12:00:01 -0500 X-MC-Unique: I0NlhmgqOWGf4-Gic13YTg-1 Received: by mail-ed1-f72.google.com with SMTP id 4fb4d7f45d1cf-560f41972easo1934658a12.0 for ; Mon, 12 Feb 2024 09:00:01 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707757200; x=1708362000; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=OS1TTVXUwoueTLFTvYK+vY3u9o7lEMipfR1U95f36dE=; b=heuMZ4ClECtRBthWaJwG1ygAyjnwHFCPTsvySsQrkrV5MeEMMjURfmBy5KHCdeKkMP lmQbkecT7nKl1z2piX/7X3d31jArl1QWI49gPIGEE7/EPNDtRLTuUxdfZOmxLHgqiDOo 1/W7drF9HNV2OTn0HSo1oxr0rW7nTeS2VCIyjEfO+YfXCYw/ci81dCNIiF3dOzP3fte+ 7pBX6ca+1NLKCTjbyiAm3bvGqXDCW+JhUyIvapCZKNrk42fHUBdsYOS5ZrwRa54DbZ6i dOlahHGvvWpxi/9J4ggJxH5hK1/gSdSYaWHkGtnbYWkRaEDRQe+e+D8g1fTeAJLgcouN YFMQ== X-Gm-Message-State: AOJu0YzNsrh93z2T0j9wk117hWNKZHltTaLOfmCwuJgOPfr+MM9se0I2 Bhqk4dkvQf+t7pRWLiNRz3CEukSTIF/2wwZ4v7DzlaL483oNTcaW3JHPKNBAYzOfX8Vu2L2qyuR 6jU2BoVnNQzEMKpUVu3dIHiJNPHb9gJNomcqZrBBEb0MP6iPPftB/wf5Cng7wExeaykpC3ohE6A WoWkL4EHgcV/KLvjRuOJad2B8yBDVW7nK5Wl+NfoI= X-Received: by 2002:a05:6402:340a:b0:560:d8f:7def with SMTP id k10-20020a056402340a00b005600d8f7defmr4952874edc.17.1707757200201; Mon, 12 Feb 2024 09:00:00 -0800 (PST) X-Google-Smtp-Source: AGHT+IFXs4sVH479tj2ZtRasutF5KZELjjn6nPEsO6+MLMpUqOCGNpWr46bM8IgDBprWb0bvFS6oAQ== X-Received: by 2002:a05:6402:340a:b0:560:d8f:7def with SMTP id k10-20020a056402340a00b005600d8f7defmr4952856edc.17.1707757199839; Mon, 12 Feb 2024 08:59:59 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCX54n73+DMnZitQfTasX1dPQoZeopMMHvZHa+36is0tgm/fSeiwsLtpwj1J6UOZOo536zkHYgsslO4Qku0W9vVQXMzosV85pKyfKmah9GXD9tBY6bat7QItE1BveRvKIv4c60LeD6raZ+h07EBVXT6zMdwYkwSej4BYGiJCFa06ANz5vPJUol+eqA3YRdCbVaCX9LEhOgI9hV0DJTZr/hynSgC8tHQmKx3o Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id 14-20020a0564021f4e00b0056176e95a88sm2620261edz.32.2024.02.12.08.59.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Feb 2024 08:59:58 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v4 09/25] fsverity: add tracepoints Date: Mon, 12 Feb 2024 17:58:06 +0100 Message-Id: <20240212165821.1901300-10-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240212165821.1901300-1-aalbersh@redhat.com> References: <20240212165821.1901300-1-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com fs-verity previously had debug printk but it was removed. This patch adds trace points to the same places where printk were used (with a few additional ones). Signed-off-by: Andrey Albershteyn --- fs/verity/enable.c | 3 + fs/verity/fsverity_private.h | 2 + fs/verity/init.c | 1 + fs/verity/signature.c | 2 + fs/verity/verify.c | 10 ++ include/trace/events/fsverity.h | 184 ++++++++++++++++++++++++++++++++ 6 files changed, 202 insertions(+) create mode 100644 include/trace/events/fsverity.h diff --git a/fs/verity/enable.c b/fs/verity/enable.c index 04e060880b79..945eba0092ab 100644 --- a/fs/verity/enable.c +++ b/fs/verity/enable.c @@ -227,6 +227,8 @@ static int enable_verity(struct file *filp, if (err) goto out; + trace_fsverity_enable(inode, desc, ¶ms); + /* * Start enabling verity on this file, serialized by the inode lock. * Fail if verity is already enabled or is already being enabled. @@ -255,6 +257,7 @@ static int enable_verity(struct file *filp, fsverity_err(inode, "Error %d building Merkle tree", err); goto rollback; } + trace_fsverity_tree_done(inode, desc, ¶ms); /* * Create the fsverity_info. Don't bother trying to save work by diff --git a/fs/verity/fsverity_private.h b/fs/verity/fsverity_private.h index 2bf1f94d437c..4ac9786235b5 100644 --- a/fs/verity/fsverity_private.h +++ b/fs/verity/fsverity_private.h @@ -181,4 +181,6 @@ int fsverity_read_merkle_tree_block(struct inode *inode, unsigned int log_blocksize, u64 ra_bytes); +#include + #endif /* _FSVERITY_PRIVATE_H */ diff --git a/fs/verity/init.c b/fs/verity/init.c index cb2c9aac61ed..3769d2dc9e3b 100644 --- a/fs/verity/init.c +++ b/fs/verity/init.c @@ -5,6 +5,7 @@ * Copyright 2019 Google LLC */ +#define CREATE_TRACE_POINTS #include "fsverity_private.h" #include diff --git a/fs/verity/signature.c b/fs/verity/signature.c index 90c07573dd77..c1f08bb32ed1 100644 --- a/fs/verity/signature.c +++ b/fs/verity/signature.c @@ -53,6 +53,8 @@ int fsverity_verify_signature(const struct fsverity_info *vi, struct fsverity_formatted_digest *d; int err; + trace_fsverity_verify_signature(inode, signature, sig_size); + if (sig_size == 0) { if (fsverity_require_signatures) { fsverity_err(inode, diff --git a/fs/verity/verify.c b/fs/verity/verify.c index 6f4ff420c075..4375b0cd176e 100644 --- a/fs/verity/verify.c +++ b/fs/verity/verify.c @@ -57,6 +57,7 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, /* Byte offset of the wanted hash relative to @addr */ unsigned int hoffset; } hblocks[FS_VERITY_MAX_LEVELS]; + trace_fsverity_verify_block(inode, data_pos); /* * The index of the previous level's block within that level; also the * index of that block's hash within the current level. @@ -129,6 +130,9 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, if (is_hash_block_verified(vi, block, hblock_idx)) { memcpy(_want_hash, block->kaddr + hoffset, hsize); want_hash = _want_hash; + trace_fsverity_merkle_tree_block_verified(inode, + hblock_idx, + FSVERITY_TRACE_DIR_ASCEND); fsverity_drop_block(inode, block); goto descend; } @@ -160,6 +164,8 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi, block->verified = true; memcpy(_want_hash, haddr + hoffset, hsize); want_hash = _want_hash; + trace_fsverity_merkle_tree_block_verified(inode, hblock_idx, + FSVERITY_TRACE_DIR_DESCEND); fsverity_drop_block(inode, block); } @@ -334,6 +340,8 @@ void fsverity_invalidate_range(struct inode *inode, loff_t offset, return; } + trace_fsverity_invalidate_blocks(inode, index, blocks); + for (i = 0; i < blocks; i++) clear_bit(index + i, vi->hash_block_verified); } @@ -440,6 +448,8 @@ int fsverity_read_merkle_tree_block(struct inode *inode, int err = 0; unsigned long index = pos >> PAGE_SHIFT; + trace_fsverity_read_merkle_tree_block(inode, pos, log_blocksize); + if (inode->i_sb->s_vop->read_merkle_tree_block) return inode->i_sb->s_vop->read_merkle_tree_block( inode, pos, block, log_blocksize, ra_bytes); diff --git a/include/trace/events/fsverity.h b/include/trace/events/fsverity.h new file mode 100644 index 000000000000..3cc429d21443 --- /dev/null +++ b/include/trace/events/fsverity.h @@ -0,0 +1,184 @@ +// SPDX-License-Identifier: GPL-2.0 +#undef TRACE_SYSTEM +#define TRACE_SYSTEM fsverity + +#if !defined(_TRACE_FSVERITY_H) || defined(TRACE_HEADER_MULTI_READ) +#define _TRACE_FSVERITY_H + +#include + +struct fsverity_descriptor; +struct merkle_tree_params; +struct fsverity_info; + +#define FSVERITY_TRACE_DIR_ASCEND (1ul << 0) +#define FSVERITY_TRACE_DIR_DESCEND (1ul << 1) +#define FSVERITY_HASH_SHOWN_LEN 20 + +TRACE_EVENT(fsverity_enable, + TP_PROTO(struct inode *inode, struct fsverity_descriptor *desc, + struct merkle_tree_params *params), + TP_ARGS(inode, desc, params), + TP_STRUCT__entry( + __field(ino_t, ino) + __field(u64, data_size) + __field(unsigned int, block_size) + __field(unsigned int, num_levels) + __field(u64, tree_size) + ), + TP_fast_assign( + __entry->ino = inode->i_ino; + __entry->data_size = desc->data_size; + __entry->block_size = params->block_size; + __entry->num_levels = params->num_levels; + __entry->tree_size = params->tree_size; + ), + TP_printk("ino %lu data size %llu tree size %llu block size %u levels %u", + (unsigned long) __entry->ino, + __entry->data_size, + __entry->tree_size, + __entry->block_size, + __entry->num_levels) +); + +TRACE_EVENT(fsverity_tree_done, + TP_PROTO(struct inode *inode, struct fsverity_descriptor *desc, + struct merkle_tree_params *params), + TP_ARGS(inode, desc, params), + TP_STRUCT__entry( + __field(ino_t, ino) + __field(unsigned int, levels) + __field(unsigned int, tree_blocks) + __field(u64, tree_size) + __array(u8, tree_hash, 64) + ), + TP_fast_assign( + __entry->ino = inode->i_ino; + __entry->levels = params->num_levels; + __entry->tree_blocks = + params->tree_size >> params->log_blocksize; + __entry->tree_size = params->tree_size; + memcpy(__entry->tree_hash, desc->root_hash, 64); + ), + TP_printk("ino %lu levels %d tree_blocks %d tree_size %lld root_hash %s", + (unsigned long) __entry->ino, + __entry->levels, + __entry->tree_blocks, + __entry->tree_size, + __print_hex(__entry->tree_hash, 64)) +); + +TRACE_EVENT(fsverity_verify_block, + TP_PROTO(struct inode *inode, u64 offset), + TP_ARGS(inode, offset), + TP_STRUCT__entry( + __field(ino_t, ino) + __field(u64, offset) + __field(unsigned int, block_size) + ), + TP_fast_assign( + __entry->ino = inode->i_ino; + __entry->offset = offset; + __entry->block_size = + inode->i_verity_info->tree_params.block_size; + ), + TP_printk("ino %lu data offset %lld data block size %u", + (unsigned long) __entry->ino, + __entry->offset, + __entry->block_size) +); + +TRACE_EVENT(fsverity_merkle_tree_block_verified, + TP_PROTO(struct inode *inode, u64 index, u8 direction), + TP_ARGS(inode, index, direction), + TP_STRUCT__entry( + __field(ino_t, ino) + __field(u64, index) + __field(u8, direction) + ), + TP_fast_assign( + __entry->ino = inode->i_ino; + __entry->index = index; + __entry->direction = direction; + ), + TP_printk("ino %lu block index %llu %s", + (unsigned long) __entry->ino, + __entry->index, + __entry->direction == 0 ? "ascend" : "descend") +); + +TRACE_EVENT(fsverity_invalidate_blocks, + TP_PROTO(struct inode *inode, u64 index, size_t blocks), + TP_ARGS(inode, index, blocks), + TP_STRUCT__entry( + __field(ino_t, ino) + __field(unsigned int, block_size) + __field(u64, offset) + __field(u64, index) + __field(size_t, blocks) + ), + TP_fast_assign( + __entry->ino = inode->i_ino; + __entry->block_size = inode->i_verity_info->tree_params.log_blocksize; + __entry->offset = index << __entry->block_size; + __entry->index = index; + __entry->blocks = blocks; + ), + TP_printk("ino %lu tree offset %llu block index %llu num blocks %zx", + (unsigned long) __entry->ino, + __entry->offset, + __entry->index, + __entry->blocks) +); + +TRACE_EVENT(fsverity_read_merkle_tree_block, + TP_PROTO(struct inode *inode, u64 offset, unsigned int log_blocksize), + TP_ARGS(inode, offset, log_blocksize), + TP_STRUCT__entry( + __field(ino_t, ino) + __field(u64, offset) + __field(u64, index) + __field(unsigned int, block_size) + ), + TP_fast_assign( + __entry->ino = inode->i_ino; + __entry->offset = offset; + __entry->index = offset >> log_blocksize; + __entry->block_size = 1 << log_blocksize; + ), + TP_printk("ino %lu tree offset %llu block index %llu block hize %u", + (unsigned long) __entry->ino, + __entry->offset, + __entry->index, + __entry->block_size) +); + +TRACE_EVENT(fsverity_verify_signature, + TP_PROTO(const struct inode *inode, const u8 *signature, size_t sig_size), + TP_ARGS(inode, signature, sig_size), + TP_STRUCT__entry( + __field(ino_t, ino) + __dynamic_array(u8, signature, sig_size) + __field(size_t, sig_size) + __field(size_t, sig_size_show) + ), + TP_fast_assign( + __entry->ino = inode->i_ino; + memcpy(__get_dynamic_array(signature), signature, sig_size); + __entry->sig_size = sig_size; + __entry->sig_size_show = (sig_size > FSVERITY_HASH_SHOWN_LEN ? + FSVERITY_HASH_SHOWN_LEN : sig_size); + ), + TP_printk("ino %lu sig_size %lu %s%s%s", + (unsigned long) __entry->ino, + __entry->sig_size, + (__entry->sig_size ? "sig " : ""), + __print_hex(__get_dynamic_array(signature), + __entry->sig_size_show), + (__entry->sig_size ? "..." : "")) +); + +#endif /* _TRACE_FSVERITY_H */ + +/* This part must be outside protection */ +#include From patchwork Mon Feb 12 16:58:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13553720 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DFE403EA93 for ; Mon, 12 Feb 2024 17:00:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757207; cv=none; b=VXRYn/NHqrDXvVnZn9OLgnP4RYQNUcvgslLpLz6UGKEA3SBTs3OdN6gvYPEL2SDihsPQoncuw4nNN0KODxwve/qM3E4MPKuZtGfKP5IMHarovd4zYCsaZqR1U+3e0TCa0QBceVbKnrmn4+iSPgvVMJCZHWBAu02TS1SQYA0a0hY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757207; c=relaxed/simple; bh=gqPwTi/iI7+V5Msjzc3RNk/M6KJnaDdjZn8/50/WjMg=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=aq0uxQOPr80T/z70Akw5e1JIevQSlqT6qMtV/lVYLmopvefxdl8FTPOMxun6shnhpIFWVZEh8ly5Sci1lhxIdt5mXbiunhQrPB2z3T4nydx3/Ci69Mfu6YNrkfTI9UUoWoFu5Ckq+exqS1Y0vPdib0HXUK7rj3AYXxAit6KRz2g= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=Iermi8yg; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="Iermi8yg" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707757204; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+rOTZjO78lnXVnaORi03L3fAP8ZzltwHyB9rd8lOsoc=; b=Iermi8ygA/IclsUpSLUxpfYA7SpTowYoRgq5cK+6LOWivPfvvXXuHN97t/Bd1WEQ0rbFxJ AFslqW42fU96+oJHDrrJjPez/hluFmjH/ERilpTBi4R/Z6g4jskPN9fXaaODvwDuKdJ882 L+LfeO4UUr7C+Xa3oSAYDgew/7T1RZQ= Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com [209.85.208.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-9-agZlrGznMHKneVg3xtB_2Q-1; Mon, 12 Feb 2024 12:00:03 -0500 X-MC-Unique: agZlrGznMHKneVg3xtB_2Q-1 Received: by mail-ed1-f72.google.com with SMTP id 4fb4d7f45d1cf-55fc415b15aso3641747a12.0 for ; Mon, 12 Feb 2024 09:00:03 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707757201; x=1708362001; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+rOTZjO78lnXVnaORi03L3fAP8ZzltwHyB9rd8lOsoc=; b=nXSYTETfkHBUpktSc9sbaWEOJ9U97MgDLSnd3MnE7XByOhRpipe/PNbSpleolqnwnw M9vjEZDlROpGfZe4P/e9seXRKPMb2/DmXodav2UqtzldJC7D6G6gQvQy+HYUc0sJ5Sg4 nEZMdzQQU5vuiHkzRo/lRTQUqAY2K8yFidylUcMG7pQDSoia20kwOY30Pg/oNFECEjvu dyX3F+L9S1e7vvTykiBpOo0g3rJGN02KTNzPVv+AFROis7H3bQinKRBXQglR9V7b1clq 31quUziW/br0zpNNk1p+siJ4LPGStxn+DkjwkLbqEFHZrhp14CCYdB+nbx4SezYAgYNR SuKw== X-Gm-Message-State: AOJu0YxbgVaY16cOhgG2ukPRDdx8W4MAGgFnLDcdPI2gS6o2QFrZL06Q en4CJqYj/kbOn4SJ136BH5cVB3vbw0PtgEgxdm/LnleVo0mQrTiJGFnYz7tyHes/o+IPme4vCC3 Ic9AGqGZKhqLJKfqCwxJBjusRdsqPvvEdI0RgXzhOLEk7M6j4C6J7LWoyF496HN/QLzsrXMBQzm LCyiMXUoBiko5fs3N3++63c9lwkecHV1/Lt52rBqI= X-Received: by 2002:a05:6402:6c7:b0:561:4562:6187 with SMTP id n7-20020a05640206c700b0056145626187mr57903edy.12.1707757201651; Mon, 12 Feb 2024 09:00:01 -0800 (PST) X-Google-Smtp-Source: AGHT+IEZ8SZf79gVOrdJ0iUSk5/4gUmg7Ux3jY3Tr4bex34FhvPUTKw5RxYr3uZN3CEUwPMXFTSt5A== X-Received: by 2002:a05:6402:6c7:b0:561:4562:6187 with SMTP id n7-20020a05640206c700b0056145626187mr57879edy.12.1707757201244; Mon, 12 Feb 2024 09:00:01 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCWWYxbCTfNPhC0MnK6pSKt2cSwVhRAaS3e2KP3aw2uflsIVje+1GJjjdpw1Ig3E9PdGGN3xcnyzSIGbQi6Ld7Vw7/pwcSGBLovUV3Gsw73FuhBNk3sBabFRUGUtqRXi/HM03r4G0P3glfUTEWBtovChrPYze1thK5fK4HG0pUWKYR8emz6T1cgk+Yup/uB5RtWotrKbp+A39jZvpTJRh/Jh2oiAPy1Ab+1GXQ8fOeDEaY95/4U+ Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id 14-20020a0564021f4e00b0056176e95a88sm2620261edz.32.2024.02.12.08.59.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Feb 2024 09:00:00 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn , Christoph Hellwig Subject: [PATCH v4 10/25] iomap: integrate fsverity verification into iomap's read path Date: Mon, 12 Feb 2024 17:58:07 +0100 Message-Id: <20240212165821.1901300-11-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240212165821.1901300-1-aalbersh@redhat.com> References: <20240212165821.1901300-1-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com This patch adds fsverity verification into iomap's read path. After BIO's io operation is complete the data are verified against fsverity's Merkle tree. Verification work is done in a separate workqueue. Even though fsverity can create its own workqueue, this patch allows filesystems to pass any workqueue for fs-verity verification work items. This is handy for XFS as fsverity's high priority global workqueue isn't the best fit (potential livelock, global cross-filesystem queue). The read path ioend iomap_read_ioend are stored side by side with BIOs if FS_VERITY is enabled. Signed-off-by: Andrey Albershteyn Signed-off-by: Christoph Hellwig --- fs/erofs/data.c | 4 +- fs/gfs2/aops.c | 4 +- fs/iomap/buffered-io.c | 102 ++++++++++++++++++++++++++++++++++++----- fs/xfs/xfs_aops.c | 4 +- fs/zonefs/file.c | 4 +- include/linux/iomap.h | 6 ++- 6 files changed, 103 insertions(+), 21 deletions(-) diff --git a/fs/erofs/data.c b/fs/erofs/data.c index c98aeda8abb2..462917830b50 100644 --- a/fs/erofs/data.c +++ b/fs/erofs/data.c @@ -356,12 +356,12 @@ int erofs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, */ static int erofs_read_folio(struct file *file, struct folio *folio) { - return iomap_read_folio(folio, &erofs_iomap_ops); + return iomap_read_folio(folio, &erofs_iomap_ops, NULL); } static void erofs_readahead(struct readahead_control *rac) { - return iomap_readahead(rac, &erofs_iomap_ops); + return iomap_readahead(rac, &erofs_iomap_ops, NULL); } static sector_t erofs_bmap(struct address_space *mapping, sector_t block) diff --git a/fs/gfs2/aops.c b/fs/gfs2/aops.c index 974aca9c8ea8..ede423796125 100644 --- a/fs/gfs2/aops.c +++ b/fs/gfs2/aops.c @@ -452,7 +452,7 @@ static int gfs2_read_folio(struct file *file, struct folio *folio) if (!gfs2_is_jdata(ip) || (i_blocksize(inode) == PAGE_SIZE && !folio_buffers(folio))) { - error = iomap_read_folio(folio, &gfs2_iomap_ops); + error = iomap_read_folio(folio, &gfs2_iomap_ops, NULL); } else if (gfs2_is_stuffed(ip)) { error = stuffed_read_folio(ip, folio); } else { @@ -527,7 +527,7 @@ static void gfs2_readahead(struct readahead_control *rac) else if (gfs2_is_jdata(ip)) mpage_readahead(rac, gfs2_block_map); else - iomap_readahead(rac, &gfs2_iomap_ops); + iomap_readahead(rac, &gfs2_iomap_ops, NULL); } /** diff --git a/fs/iomap/buffered-io.c b/fs/iomap/buffered-io.c index 093c4515b22a..719c3dec9652 100644 --- a/fs/iomap/buffered-io.c +++ b/fs/iomap/buffered-io.c @@ -6,6 +6,7 @@ #include #include #include +#include #include #include #include @@ -289,6 +290,7 @@ struct iomap_readpage_ctx { bool cur_folio_in_bio; struct bio *bio; struct readahead_control *rac; + struct workqueue_struct *wq; }; /** @@ -330,6 +332,57 @@ static inline bool iomap_block_needs_zeroing(const struct iomap_iter *iter, pos >= i_size_read(iter->inode); } +#ifdef CONFIG_FS_VERITY +struct iomap_fsverity_bio { + struct work_struct work; + struct bio bio; +}; +static struct bio_set iomap_fsverity_bioset; + +static void +iomap_read_fsverify_end_io_work(struct work_struct *work) +{ + struct iomap_fsverity_bio *fbio = + container_of(work, struct iomap_fsverity_bio, work); + + fsverity_verify_bio(&fbio->bio); + iomap_read_end_io(&fbio->bio); +} + +static void +iomap_read_fsverity_end_io(struct bio *bio) +{ + struct iomap_fsverity_bio *fbio = + container_of(bio, struct iomap_fsverity_bio, bio); + + INIT_WORK(&fbio->work, iomap_read_fsverify_end_io_work); + queue_work(bio->bi_private, &fbio->work); +} +#endif /* CONFIG_FS_VERITY */ + +static struct bio *iomap_read_bio_alloc(struct inode *inode, + struct block_device *bdev, int nr_vecs, gfp_t gfp, + struct workqueue_struct *wq) +{ + struct bio *bio; + +#ifdef CONFIG_FS_VERITY + if (fsverity_active(inode)) { + bio = bio_alloc_bioset(bdev, nr_vecs, REQ_OP_READ, gfp, + &iomap_fsverity_bioset); + if (bio) { + bio->bi_private = wq; + bio->bi_end_io = iomap_read_fsverity_end_io; + } + return bio; + } +#endif + bio = bio_alloc(bdev, nr_vecs, REQ_OP_READ, gfp); + if (bio) + bio->bi_end_io = iomap_read_end_io; + return bio; +} + static loff_t iomap_readpage_iter(const struct iomap_iter *iter, struct iomap_readpage_ctx *ctx, loff_t offset) { @@ -353,6 +406,12 @@ static loff_t iomap_readpage_iter(const struct iomap_iter *iter, if (iomap_block_needs_zeroing(iter, pos)) { folio_zero_range(folio, poff, plen); + if (fsverity_active(iter->inode) && + !fsverity_verify_blocks(folio, plen, poff)) { + folio_set_error(folio); + goto done; + } + iomap_set_range_uptodate(folio, poff, plen); goto done; } @@ -370,28 +429,29 @@ static loff_t iomap_readpage_iter(const struct iomap_iter *iter, !bio_add_folio(ctx->bio, folio, plen, poff)) { gfp_t gfp = mapping_gfp_constraint(folio->mapping, GFP_KERNEL); gfp_t orig_gfp = gfp; - unsigned int nr_vecs = DIV_ROUND_UP(length, PAGE_SIZE); if (ctx->bio) submit_bio(ctx->bio); if (ctx->rac) /* same as readahead_gfp_mask */ gfp |= __GFP_NORETRY | __GFP_NOWARN; - ctx->bio = bio_alloc(iomap->bdev, bio_max_segs(nr_vecs), - REQ_OP_READ, gfp); + + ctx->bio = iomap_read_bio_alloc(iter->inode, iomap->bdev, + bio_max_segs(DIV_ROUND_UP(length, PAGE_SIZE)), + gfp, ctx->wq); + /* * If the bio_alloc fails, try it again for a single page to * avoid having to deal with partial page reads. This emulates * what do_mpage_read_folio does. */ if (!ctx->bio) { - ctx->bio = bio_alloc(iomap->bdev, 1, REQ_OP_READ, - orig_gfp); + ctx->bio = iomap_read_bio_alloc(iter->inode, + iomap->bdev, 1, orig_gfp, ctx->wq); } if (ctx->rac) ctx->bio->bi_opf |= REQ_RAHEAD; ctx->bio->bi_iter.bi_sector = sector; - ctx->bio->bi_end_io = iomap_read_end_io; bio_add_folio_nofail(ctx->bio, folio, plen, poff); } @@ -405,7 +465,8 @@ static loff_t iomap_readpage_iter(const struct iomap_iter *iter, return pos - orig_pos + plen; } -int iomap_read_folio(struct folio *folio, const struct iomap_ops *ops) +int iomap_read_folio(struct folio *folio, const struct iomap_ops *ops, + struct workqueue_struct *wq) { struct iomap_iter iter = { .inode = folio->mapping->host, @@ -414,6 +475,7 @@ int iomap_read_folio(struct folio *folio, const struct iomap_ops *ops) }; struct iomap_readpage_ctx ctx = { .cur_folio = folio, + .wq = wq, }; int ret; @@ -471,6 +533,7 @@ static loff_t iomap_readahead_iter(const struct iomap_iter *iter, * iomap_readahead - Attempt to read pages from a file. * @rac: Describes the pages to be read. * @ops: The operations vector for the filesystem. + * @wq: Workqueue for post-I/O processing (only need for fsverity) * * This function is for filesystems to call to implement their readahead * address_space operation. @@ -482,7 +545,8 @@ static loff_t iomap_readahead_iter(const struct iomap_iter *iter, * function is called with memalloc_nofs set, so allocations will not cause * the filesystem to be reentered. */ -void iomap_readahead(struct readahead_control *rac, const struct iomap_ops *ops) +void iomap_readahead(struct readahead_control *rac, const struct iomap_ops *ops, + struct workqueue_struct *wq) { struct iomap_iter iter = { .inode = rac->mapping->host, @@ -491,6 +555,7 @@ void iomap_readahead(struct readahead_control *rac, const struct iomap_ops *ops) }; struct iomap_readpage_ctx ctx = { .rac = rac, + .wq = wq, }; trace_iomap_readahead(rac->mapping->host, readahead_count(rac)); @@ -1996,10 +2061,25 @@ iomap_writepages(struct address_space *mapping, struct writeback_control *wbc, } EXPORT_SYMBOL_GPL(iomap_writepages); +#define IOMAP_POOL_SIZE (4 * (PAGE_SIZE / SECTOR_SIZE)) + static int __init iomap_init(void) { - return bioset_init(&iomap_ioend_bioset, 4 * (PAGE_SIZE / SECTOR_SIZE), - offsetof(struct iomap_ioend, io_inline_bio), - BIOSET_NEED_BVECS); + int error; + + error = bioset_init(&iomap_ioend_bioset, IOMAP_POOL_SIZE, + offsetof(struct iomap_ioend, io_inline_bio), + BIOSET_NEED_BVECS); +#ifdef CONFIG_FS_VERITY + if (error) + return error; + + error = bioset_init(&iomap_fsverity_bioset, IOMAP_POOL_SIZE, + offsetof(struct iomap_fsverity_bio, bio), + BIOSET_NEED_BVECS); + if (error) + bioset_exit(&iomap_ioend_bioset); +#endif + return error; } fs_initcall(iomap_init); diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c index 813f85156b0c..7a6627404160 100644 --- a/fs/xfs/xfs_aops.c +++ b/fs/xfs/xfs_aops.c @@ -553,14 +553,14 @@ xfs_vm_read_folio( struct file *unused, struct folio *folio) { - return iomap_read_folio(folio, &xfs_read_iomap_ops); + return iomap_read_folio(folio, &xfs_read_iomap_ops, NULL); } STATIC void xfs_vm_readahead( struct readahead_control *rac) { - iomap_readahead(rac, &xfs_read_iomap_ops); + iomap_readahead(rac, &xfs_read_iomap_ops, NULL); } static int diff --git a/fs/zonefs/file.c b/fs/zonefs/file.c index 6ab2318a9c8e..d7a166bf15ac 100644 --- a/fs/zonefs/file.c +++ b/fs/zonefs/file.c @@ -112,12 +112,12 @@ static const struct iomap_ops zonefs_write_iomap_ops = { static int zonefs_read_folio(struct file *unused, struct folio *folio) { - return iomap_read_folio(folio, &zonefs_read_iomap_ops); + return iomap_read_folio(folio, &zonefs_read_iomap_ops, NULL); } static void zonefs_readahead(struct readahead_control *rac) { - iomap_readahead(rac, &zonefs_read_iomap_ops); + iomap_readahead(rac, &zonefs_read_iomap_ops, NULL); } /* diff --git a/include/linux/iomap.h b/include/linux/iomap.h index 96dd0acbba44..c7522eb3a8ea 100644 --- a/include/linux/iomap.h +++ b/include/linux/iomap.h @@ -262,8 +262,10 @@ int iomap_file_buffered_write_punch_delalloc(struct inode *inode, struct iomap *iomap, loff_t pos, loff_t length, ssize_t written, int (*punch)(struct inode *inode, loff_t pos, loff_t length)); -int iomap_read_folio(struct folio *folio, const struct iomap_ops *ops); -void iomap_readahead(struct readahead_control *, const struct iomap_ops *ops); +int iomap_read_folio(struct folio *folio, const struct iomap_ops *ops, + struct workqueue_struct *wq); +void iomap_readahead(struct readahead_control *, const struct iomap_ops *ops, + struct workqueue_struct *wq); bool iomap_is_partially_uptodate(struct folio *, size_t from, size_t count); struct folio *iomap_get_folio(struct iomap_iter *iter, loff_t pos, size_t len); bool iomap_release_folio(struct folio *folio, gfp_t gfp_flags); From patchwork Mon Feb 12 16:58:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13553721 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 315CC3D576 for ; Mon, 12 Feb 2024 17:00:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757209; cv=none; b=SQaQvAKPEMIZXOP/ZiHbl5jWQDsg9b9hbXbdM6h8aP4ruYce9e9fI2CrtBlDNemO3nx8GRoNrmnm+RhXjhXlU7l6cfUSHO+sCabV6tgDoxsjhDjrJWkm9j12dWY8//EqQQUU+7alkDVv/6+txCWveSvkPoPY4fOpJxgnwdQiHII= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757209; c=relaxed/simple; bh=vytFJhafSlNOFYEGf84JO8aTnuZyHLMQrT6EUAXU8QA=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=JGvimGM8qKki5426MjcR/WnfUciuMZBQso0rz2DLi62JCu+Tbrfd3fcgl31tb1chmMT+1SKK1O/ik0+m9AGTst2B+lk5XASSCKpRcfMu8ht8moC2wvzq8UyF+kdSd2iYFglsN/31FrNchk7atXqjCY8mTkrSZoSh/mLbtvGblRk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=LQVOfVFs; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="LQVOfVFs" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707757206; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ebt0keKqegC1RQu3ybPvxOlJeNn/hqPElNtU8o7e1Xg=; b=LQVOfVFs6IhoMUxhDqLc+1IwhkAtDMXU7Y6j0kpsaL+4IXpzCveM9qFAgMuexlNz7GoM9q Fn/MEGllrwfsOe8VrSmwPJyVWnBKtjMBt5cd2VdRiIywdIpGRI96vwBv+8a7gsMxpsD3zG CDrSiokKGgiNjb4zFN1LL05Hp1WL+l4= Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-81-xFPb-wO0PZ2tVhI6r3xJyQ-1; Mon, 12 Feb 2024 12:00:05 -0500 X-MC-Unique: xFPb-wO0PZ2tVhI6r3xJyQ-1 Received: by mail-ed1-f71.google.com with SMTP id 4fb4d7f45d1cf-5605a2937d4so2492472a12.1 for ; Mon, 12 Feb 2024 09:00:04 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707757203; x=1708362003; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ebt0keKqegC1RQu3ybPvxOlJeNn/hqPElNtU8o7e1Xg=; b=DWkw3SjTezaG62XTQApFWJBM3DT3BpgCyNeAXEJffmxpj8ghfWFOXOFvYqUIdJ0qcL d7DHS2Nw+unvCJto9nEztNt29WhoGbw7+0puGFUhGO3vQR+F91Ii6tIiUIwQsV1i51Ms EGM6Ja/1JAi2NqA/Krm355OwOogFvPY3h2AWuiKmWVjljYcnQgp6dAEzxu2dyaCW9rNk KMn6DTnSVMO7U8tySAOHp++bR+EOrYYFw13nnyZJsNP4Xm+3PWQhuSnLad4mRWWZwqsB 9UH74vmRefQB0rc7ISnhc0lJUMMYTCs3hL+xE+B0LRYmaWuPgAAq59BdW+0WbN7g/lyL qWww== X-Gm-Message-State: AOJu0YwtFmCWN+yxac3DYbZqIdoeazZ+DLSt8E1lEZOqeZocvb3frRLN 3zRNDlHolx3OPFfclxzW/J29QhwrFocbo8mMRiSs+Q00Qy7D81gMSJ0xr4ZKnOnzGBMm5+jBGwn 6ftbmr5KNC7A1LnuNPD5x9NouBSK+m8umYRUQv892kKMJNzlk0lLzR3Ct2NsHGSJLXAwyLOmFiU ltJ5z5zQDHxvbwJDyXSbUN/IG7b0G1qdebRueGOso= X-Received: by 2002:aa7:d7c9:0:b0:560:58f:7148 with SMTP id e9-20020aa7d7c9000000b00560058f7148mr5859424eds.34.1707757203682; Mon, 12 Feb 2024 09:00:03 -0800 (PST) X-Google-Smtp-Source: AGHT+IH5d7NhSXUd+Ka9mWVzMAjZ/5gYk1koRVf36bry7me67qozD1nqge7/dD2Vllab+yEamrtJ+g== X-Received: by 2002:aa7:d7c9:0:b0:560:58f:7148 with SMTP id e9-20020aa7d7c9000000b00560058f7148mr5859407eds.34.1707757203481; Mon, 12 Feb 2024 09:00:03 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCXv5yKVk4z2uZA0lhzKt7e5aAhzh2djpqVE42qk88sc1IcDfr7k1epqpOlxq9cCgGoiM3JkoS98ubqWE2iYwMMgVUDxjUqgmNwh7i/1FsrE94bZKrSmgASPboLl4u/cpkAlt0hBmWNoBgoyVk1UvAyqI6x3m9JJ7z73My/znP7Wo/ElrYulT1ky1ZcFmXukQBQRECf2gvpqKOfOYQAJ7Gz7L6peUHGquvy5 Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id 14-20020a0564021f4e00b0056176e95a88sm2620261edz.32.2024.02.12.09.00.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Feb 2024 09:00:01 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v4 11/25] xfs: add XBF_VERITY_SEEN xfs_buf flag Date: Mon, 12 Feb 2024 17:58:08 +0100 Message-Id: <20240212165821.1901300-12-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240212165821.1901300-1-aalbersh@redhat.com> References: <20240212165821.1901300-1-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com One of essential ideas of fs-verity is that pages which are already verified won't need to be re-verified if they still in page cache. XFS will store Merkle tree blocks in extended file attributes. When read extended attribute data is put into xfs_buf. fs-verity uses PG_checked flag to track status of the blocks in the page. This flag can has two meanings - page was re-instantiated and the only block in the page is verified. However, in XFS, the data in the buffer is not aligned with xfs_buf pages and we don't have a reference to these pages. Moreover, these pages are released when value is copied out in xfs_attr code. In other words, we can not directly mark underlying xfs_buf's pages as verified as it's done by fs-verity for other filesystems. One way to track that these pages were processed by fs-verity is to mark buffer as verified instead. If buffer is evicted the incore XBF_VERITY_SEEN flag is lost. When the xattr is read again xfs_attr_get() returns new buffer without the flag. The xfs_buf's flag is then used to tell fs-verity this buffer was cached or not. The second state indicated by PG_checked is if the only block in the PAGE is verified. This is not the case for XFS as there could be multiple blocks in single buffer (page size 64k block size 4k). This is handled by fs-verity bitmap. fs-verity is always uses bitmap for XFS despite of Merkle tree block size. The meaning of the flag is that value of the extended attribute in the buffer is processed by fs-verity. Signed-off-by: Andrey Albershteyn --- fs/xfs/xfs_buf.h | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/fs/xfs/xfs_buf.h b/fs/xfs/xfs_buf.h index b470de08a46c..8f418f726592 100644 --- a/fs/xfs/xfs_buf.h +++ b/fs/xfs/xfs_buf.h @@ -24,14 +24,15 @@ struct xfs_buf; #define XFS_BUF_DADDR_NULL ((xfs_daddr_t) (-1LL)) -#define XBF_READ (1u << 0) /* buffer intended for reading from device */ -#define XBF_WRITE (1u << 1) /* buffer intended for writing to device */ -#define XBF_READ_AHEAD (1u << 2) /* asynchronous read-ahead */ -#define XBF_NO_IOACCT (1u << 3) /* bypass I/O accounting (non-LRU bufs) */ -#define XBF_ASYNC (1u << 4) /* initiator will not wait for completion */ -#define XBF_DONE (1u << 5) /* all pages in the buffer uptodate */ -#define XBF_STALE (1u << 6) /* buffer has been staled, do not find it */ -#define XBF_WRITE_FAIL (1u << 7) /* async writes have failed on this buffer */ +#define XBF_READ (1u << 0) /* buffer intended for reading from device */ +#define XBF_WRITE (1u << 1) /* buffer intended for writing to device */ +#define XBF_READ_AHEAD (1u << 2) /* asynchronous read-ahead */ +#define XBF_NO_IOACCT (1u << 3) /* bypass I/O accounting (non-LRU bufs) */ +#define XBF_ASYNC (1u << 4) /* initiator will not wait for completion */ +#define XBF_DONE (1u << 5) /* all pages in the buffer uptodate */ +#define XBF_STALE (1u << 6) /* buffer has been staled, do not find it */ +#define XBF_WRITE_FAIL (1u << 7) /* async writes have failed on this buffer */ +#define XBF_VERITY_SEEN (1u << 8) /* buffer was processed by fs-verity */ /* buffer type flags for write callbacks */ #define _XBF_INODES (1u << 16)/* inode buffer */ @@ -65,6 +66,7 @@ typedef unsigned int xfs_buf_flags_t; { XBF_DONE, "DONE" }, \ { XBF_STALE, "STALE" }, \ { XBF_WRITE_FAIL, "WRITE_FAIL" }, \ + { XBF_VERITY_SEEN, "VERITY_SEEN" }, \ { _XBF_INODES, "INODES" }, \ { _XBF_DQUOTS, "DQUOTS" }, \ { _XBF_LOGRECOVERY, "LOG_RECOVERY" }, \ From patchwork Mon Feb 12 16:58:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13553722 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D46623F9C3 for ; Mon, 12 Feb 2024 17:00:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757211; cv=none; b=ShN0Hsu3uLiHe1Ii0haw1OLGmQP64xofQqTufQ8Ts7WfMF3DXuwiLNR6ZUHzJ0Lwq/A3h+Lq3yWUxsq7XMTYQmErBCkg8VTvUTOgs00V61Udl3mWIuGYbyyiduGISIEjkyZ6JFfdSzug++hLCCnN8iMoSidxP+KE3DIS8pqyd7o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757211; c=relaxed/simple; bh=7l53g4r9uK3eL4SXXr6ZAW/3PpM1Ss0BM47wmOGH+oU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=i+4wo4w0u2dcHlZ9R+84QZlSSOBOh6WCO7YXv5o67EXINYrWrPRyDRE/bQDM2Hdi6KmnvJheQy6f70zP4sOekEdV84F9+z5pbHxae/ARLrC+Qv8WTfznxKpy47RcnPWJzPNTbSeHF1wdZG8RDkjJjNJe9QYR0jVV+X8nek/1lV0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=WMjRr1ZY; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="WMjRr1ZY" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707757208; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RflzGF+DQN60/OpUvC96cyl+K5968zvCI4MfQmmPzEc=; b=WMjRr1ZYjZUKJZI+bvMYdhqH1GM8zcl+oHgBWrC3HWQp8x+7kxmGNBT+MDrDXrDh7ZH0oP poIPjy0OMXpkaO72bB9qTjDxr+74l0o3E8VOIi7DNZCBEnSEG8cC1YeFFBjMu1Sj9KHfxt jBc7EJM3Z649eUtWD8swiD7nGhPBK70= Received: from mail-lj1-f199.google.com (mail-lj1-f199.google.com [209.85.208.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-418-FHIi1PheNeSxfznp_X488w-1; Mon, 12 Feb 2024 12:00:07 -0500 X-MC-Unique: FHIi1PheNeSxfznp_X488w-1 Received: by mail-lj1-f199.google.com with SMTP id 38308e7fff4ca-2d101f2e09fso5535891fa.2 for ; Mon, 12 Feb 2024 09:00:07 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707757206; x=1708362006; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RflzGF+DQN60/OpUvC96cyl+K5968zvCI4MfQmmPzEc=; b=oeiZrf2JkZTCsXmYCDl558XebkjeSw7kMf2M5+LM7nA6T4ZPDTpWc77EPB+qqvIfLB aB+EbpGr1s54QzR4zSed/L+0l988t9zjQ8i5xhcCpK0sA5BKamsEsRlh4QUK2rBpuEPF g6cxwJw2eGav8OeP3RNchkheecSuAGCCCCrPpQ1hbrcvzxuRq6FMEdJPac88GK3Q27KV Fo/XlCuc+0Ul4YGxzPkvKM+WDmExNvWNCeixW7u3BIwyp/dUoFqQTQwT5LcOH/z+qUoB EGUx/IpiMrbbGFz3Qkz3Ivofxl3I6xn8p69qwpTVMw6ONjfdt8NGzdqth4j84ZaGugxS wDJQ== X-Gm-Message-State: AOJu0Ywllkb3OqLiWAPr7uY4pnMQ+mMwyJwhkoMCZrEaXIxU/wk1HST0 5SUDWqwUULD+A/eyhEqdlRhzCQ5XGY4QOxRXUDrWEvdfvXq3lVWfa4ZokombFMP+NRcWMDcql6/ 24e7f5E2yYwBN5GS3wCQIKHb9ZahFJOqJNEgD9I2+xPhmdH1bsHnrOt7bWpP/Zx1AXADnVxe1SZ HXI3piDQULSBXnVZsFwQL4mhU7MyuvYRvVIJ5gJI0= X-Received: by 2002:a2e:a714:0:b0:2d0:c3f8:d3b7 with SMTP id s20-20020a2ea714000000b002d0c3f8d3b7mr4320308lje.8.1707757205942; Mon, 12 Feb 2024 09:00:05 -0800 (PST) X-Google-Smtp-Source: AGHT+IG72MY/zWOPQ2v6XwG+yAyFluuh1CkAYjSjeHPHCrF1ln3wDLd477OAaxYVkHR1fVJIi26RWQ== X-Received: by 2002:a2e:a714:0:b0:2d0:c3f8:d3b7 with SMTP id s20-20020a2ea714000000b002d0c3f8d3b7mr4320288lje.8.1707757205588; Mon, 12 Feb 2024 09:00:05 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCUCI5xWx6JvLyWfSAJ6Q4WFI2AndwXEgkjcWOi3n7UScazaiXlJQ3F+5O3ZEeLnF3mMvZUMM0Kqk2f6Elig3wKaA0R4H3TluAWPPO6pG3SjLSFg5pBrn8aRmVycUWixqOVOv+k7yfAnsc5xBH+B9zh0oK5WbAWxOLh7Eq3i2nz9PR12zhEnwLMV2j69+GVLpDZbKGuppdns9JNzBj4DslocMxNUPuwqDyFW Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id 14-20020a0564021f4e00b0056176e95a88sm2620261edz.32.2024.02.12.09.00.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Feb 2024 09:00:03 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v4 12/25] xfs: add XFS_DA_OP_BUFFER to make xfs_attr_get() return buffer Date: Mon, 12 Feb 2024 17:58:09 +0100 Message-Id: <20240212165821.1901300-13-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240212165821.1901300-1-aalbersh@redhat.com> References: <20240212165821.1901300-1-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com With XBF_VERITY_SEEN flag on xfs_buf XFS can track which buffers contain verified Merkle tree blocks. However, we also need to expose the buffer to pass a reference of underlying page to fs-verity. This patch adds XFS_DA_OP_BUFFER to tell xfs_attr_get() to xfs_buf_hold() underlying buffer and return it as xfs_da_args->bp. The caller must then xfs_buf_rele() the buffer. Therefore, XFS will hold a reference to xfs_buf till fs-verity is verifying xfs_buf's content. Signed-off-by: Andrey Albershteyn --- fs/xfs/libxfs/xfs_attr.c | 5 ++++- fs/xfs/libxfs/xfs_attr_leaf.c | 7 +++++++ fs/xfs/libxfs/xfs_attr_remote.c | 13 +++++++++++-- fs/xfs/libxfs/xfs_da_btree.h | 5 ++++- 4 files changed, 26 insertions(+), 4 deletions(-) diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c index f9846df41669..8e3138af4a5f 100644 --- a/fs/xfs/libxfs/xfs_attr.c +++ b/fs/xfs/libxfs/xfs_attr.c @@ -252,6 +252,8 @@ xfs_attr_get_ilocked( * If the attribute is found, but exceeds the size limit set by the caller in * args->valuelen, return -ERANGE with the size of the attribute that was found * in args->valuelen. + * + * Using XFS_DA_OP_BUFFER the caller have to release the buffer args->bp. */ int xfs_attr_get( @@ -270,7 +272,8 @@ xfs_attr_get( args->hashval = xfs_da_hashname(args->name, args->namelen); /* Entirely possible to look up a name which doesn't exist */ - args->op_flags = XFS_DA_OP_OKNOENT; + args->op_flags = XFS_DA_OP_OKNOENT | + (args->op_flags & XFS_DA_OP_BUFFER); lock_mode = xfs_ilock_attr_map_shared(args->dp); error = xfs_attr_get_ilocked(args); diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c index 6374bf107242..51aa5d5df76c 100644 --- a/fs/xfs/libxfs/xfs_attr_leaf.c +++ b/fs/xfs/libxfs/xfs_attr_leaf.c @@ -2449,6 +2449,13 @@ xfs_attr3_leaf_getvalue( name_loc = xfs_attr3_leaf_name_local(leaf, args->index); ASSERT(name_loc->namelen == args->namelen); ASSERT(memcmp(args->name, name_loc->nameval, args->namelen) == 0); + + /* must be released by the caller */ + if (args->op_flags & XFS_DA_OP_BUFFER) { + xfs_buf_hold(bp); + args->bp = bp; + } + return xfs_attr_copy_value(args, &name_loc->nameval[args->namelen], be16_to_cpu(name_loc->valuelen)); diff --git a/fs/xfs/libxfs/xfs_attr_remote.c b/fs/xfs/libxfs/xfs_attr_remote.c index d440393b40eb..72908e0e1c86 100644 --- a/fs/xfs/libxfs/xfs_attr_remote.c +++ b/fs/xfs/libxfs/xfs_attr_remote.c @@ -424,9 +424,18 @@ xfs_attr_rmtval_get( error = xfs_attr_rmtval_copyout(mp, bp, args->dp->i_ino, &offset, &valuelen, &dst); - xfs_buf_relse(bp); - if (error) + xfs_buf_unlock(bp); + /* must be released by the caller */ + if (args->op_flags & XFS_DA_OP_BUFFER) + args->bp = bp; + else + xfs_buf_rele(bp); + + if (error) { + if (args->op_flags & XFS_DA_OP_BUFFER) + xfs_buf_rele(args->bp); return error; + } /* roll attribute extent map forwards */ lblkno += map[i].br_blockcount; diff --git a/fs/xfs/libxfs/xfs_da_btree.h b/fs/xfs/libxfs/xfs_da_btree.h index 706baf36e175..1534f4102a47 100644 --- a/fs/xfs/libxfs/xfs_da_btree.h +++ b/fs/xfs/libxfs/xfs_da_btree.h @@ -59,6 +59,7 @@ typedef struct xfs_da_args { uint8_t filetype; /* filetype of inode for directories */ void *value; /* set of bytes (maybe contain NULLs) */ int valuelen; /* length of value */ + struct xfs_buf *bp; /* OUT: xfs_buf which contains the attr */ unsigned int attr_filter; /* XFS_ATTR_{ROOT,SECURE,INCOMPLETE} */ unsigned int attr_flags; /* XATTR_{CREATE,REPLACE} */ xfs_dahash_t hashval; /* hash value of name */ @@ -93,6 +94,7 @@ typedef struct xfs_da_args { #define XFS_DA_OP_REMOVE (1u << 6) /* this is a remove operation */ #define XFS_DA_OP_RECOVERY (1u << 7) /* Log recovery operation */ #define XFS_DA_OP_LOGGED (1u << 8) /* Use intent items to track op */ +#define XFS_DA_OP_BUFFER (1u << 9) /* Return underlying buffer */ #define XFS_DA_OP_FLAGS \ { XFS_DA_OP_JUSTCHECK, "JUSTCHECK" }, \ @@ -103,7 +105,8 @@ typedef struct xfs_da_args { { XFS_DA_OP_NOTIME, "NOTIME" }, \ { XFS_DA_OP_REMOVE, "REMOVE" }, \ { XFS_DA_OP_RECOVERY, "RECOVERY" }, \ - { XFS_DA_OP_LOGGED, "LOGGED" } + { XFS_DA_OP_LOGGED, "LOGGED" }, \ + { XFS_DA_OP_BUFFER, "BUFFER" } /* * Storage for holding state during Btree searches and split/join ops. From patchwork Mon Feb 12 16:58:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13553724 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5FC833F9EC for ; Mon, 12 Feb 2024 17:00:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757216; cv=none; b=RwCHanKKsXX+r9G42dE59U2CpQifOtwIbFk4NkR1f6G5LNZ0bmvm5zBk4+36Jr3BboHjobTg0/iNdAE7bAFMCDa3IhZXwCOIKKuQNFfEDGjUCIN/KnbMMzcK+P93cg4BsBJiK/0Q++AWmArvOU2F5RA1FogRX9yDGpN5yzR1muU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757216; c=relaxed/simple; bh=hmR+S5AY0nRCFeAH5bAxDWzUXlpVSiwnk6LNs/KSvyE=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=ZgCZOH51e7JG6dyULyF+F0osuXqYVhLgElLylYrl2BPryDZvgok6MYHpBsMnlX2GIedzxVHshwMJVGOsyDzJU9l8Mel0SwZnzmaGyAsFkj92SwQxrg8TMZ0T1AddddR4gfcr06VKE3y0/5zH7jA6ni6oeuhWlUIpHmOGV77kg2k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=TR9y+Ilp; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="TR9y+Ilp" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707757213; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AmNNlJPhUFaXIob1BwyjdQcuVkHPCpZ8IwBssOpb1Po=; b=TR9y+IlpjMKAtbJoS9x36pctDndSxvK/PMPRqV4HUcjgOSqxNtIgCOGpxYyziRwqZFWad6 KReveKXMbOHe4ayz9Mjh/nARKJgSwZbmPRSxVittfqBNgivRhGhE3fEjTqqor/8HkEgGD4 cozCe4OFAZ6oGr2xE1WjGl+/9zMzjGE= Received: from mail-lj1-f197.google.com (mail-lj1-f197.google.com [209.85.208.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-266-pXe2IapyNCyF2Qj942sR8Q-1; Mon, 12 Feb 2024 12:00:09 -0500 X-MC-Unique: pXe2IapyNCyF2Qj942sR8Q-1 Received: by mail-lj1-f197.google.com with SMTP id 38308e7fff4ca-2d055407fa4so32378401fa.0 for ; Mon, 12 Feb 2024 09:00:09 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707757207; x=1708362007; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=AmNNlJPhUFaXIob1BwyjdQcuVkHPCpZ8IwBssOpb1Po=; b=TMt/Z/lmIoIYBsCPdliQZ5HhtCZfJ8z/rzbhMR9+4vMOJXty6HeCREJXipXfx37Apa KZ5eHEW9xAgWl3+b5a+ubs0YeWyhCzhh3sL1+pwNkCHfK3RTpWn0bSpKisqghx6C4hWS gx5bDfKC06jKNI7Ukouniw9zbei+Uyr7eDasxGfiCT03C5eMdBgaqqjsWYKf11SoZj8G 0Rp6AE+jnfY/wnwSovcA1m/V4SjjSTCrPK3DrYvgkJN723PAAjBwMjauNvJ6RniMsHi9 shYEL2HYS86xB4VcVd/Kut51C9B8LOoCs05njJNDldf2E63JID3ky3gKDwsAv3DJUxNT Fvlw== X-Gm-Message-State: AOJu0YzSHs0iKjEXM7qyhTN2Q33tNHdU1/5324CYV66TLvjvKA8GpB79 VqXr3SjIC8zyQu6Z8lMccDd2NeDNogcKr5mU8v+IflwosA0f+G2THELTj45xsI4VKsBWPicbCBZ B+OIu/UzdGPpbd4G3ucZ3B/Cz4uJufshW9kAShNmWP4pO27BTlX/YEGrL4hdTXlq6ibp87k+YeX 3vZHAbprah/SNoSbrw8OF7oVNYb9/ONVpHrB85zQo= X-Received: by 2002:a05:651c:cf:b0:2d0:cf14:c190 with SMTP id 15-20020a05651c00cf00b002d0cf14c190mr4346987ljr.50.1707757207124; Mon, 12 Feb 2024 09:00:07 -0800 (PST) X-Google-Smtp-Source: AGHT+IHyrud5wesvlVfmqztFwgue5DmNAK+DEbeWoNwqXMq50tEhnxQmKL0df6lGsY5NyQZ3shEGHw== X-Received: by 2002:a05:651c:cf:b0:2d0:cf14:c190 with SMTP id 15-20020a05651c00cf00b002d0cf14c190mr4346969ljr.50.1707757206827; Mon, 12 Feb 2024 09:00:06 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCWJTI843yXTJ0emfk+epBVW2Le2UXrN5BlrF0Bou7qm6A8KahxOqRBQllpGfPzXBzdoSauxL9r6u49ZS1kbiVX9NrgbkiV5CEXwk+11AVv9RHcJQVy+m4zL/XoXw+eNTH+a9VZoNpjdQfgdrvg9ZwU+YsvEBTPGfZG1m0DDZnEv4O3CXY70pYIHx8DTC6DQG25L7O5IP5wjNRbPzB0pEw7YGYCtNqXRWlTA Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id 14-20020a0564021f4e00b0056176e95a88sm2620261edz.32.2024.02.12.09.00.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Feb 2024 09:00:06 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v4 13/25] xfs: introduce workqueue for post read IO work Date: Mon, 12 Feb 2024 17:58:10 +0100 Message-Id: <20240212165821.1901300-14-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240212165821.1901300-1-aalbersh@redhat.com> References: <20240212165821.1901300-1-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com As noted by Dave there are two problems with using fs-verity's workqueue in XFS: 1. High priority workqueues are used within XFS to ensure that data IO completion cannot stall processing of journal IO completions. Hence using a WQ_HIGHPRI workqueue directly in the user data IO path is a potential filesystem livelock/deadlock vector. 2. The fsverity workqueue is global - it creates a cross-filesystem contention point. This patch adds per-filesystem, per-cpu workqueue for fsverity work. Signed-off-by: Andrey Albershteyn --- fs/xfs/xfs_aops.c | 15 +++++++++++++-- fs/xfs/xfs_linux.h | 1 + fs/xfs/xfs_mount.h | 1 + fs/xfs/xfs_super.c | 9 +++++++++ 4 files changed, 24 insertions(+), 2 deletions(-) diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c index 7a6627404160..70e444c151b2 100644 --- a/fs/xfs/xfs_aops.c +++ b/fs/xfs/xfs_aops.c @@ -548,19 +548,30 @@ xfs_vm_bmap( return iomap_bmap(mapping, block, &xfs_read_iomap_ops); } +static inline struct workqueue_struct * +xfs_fsverity_wq( + struct address_space *mapping) +{ + if (fsverity_active(mapping->host)) + return XFS_I(mapping->host)->i_mount->m_postread_workqueue; + return NULL; +} + STATIC int xfs_vm_read_folio( struct file *unused, struct folio *folio) { - return iomap_read_folio(folio, &xfs_read_iomap_ops, NULL); + return iomap_read_folio(folio, &xfs_read_iomap_ops, + xfs_fsverity_wq(folio->mapping)); } STATIC void xfs_vm_readahead( struct readahead_control *rac) { - iomap_readahead(rac, &xfs_read_iomap_ops, NULL); + iomap_readahead(rac, &xfs_read_iomap_ops, + xfs_fsverity_wq(rac->mapping)); } static int diff --git a/fs/xfs/xfs_linux.h b/fs/xfs/xfs_linux.h index d7873e0360f0..9c76e025b5d8 100644 --- a/fs/xfs/xfs_linux.h +++ b/fs/xfs/xfs_linux.h @@ -64,6 +64,7 @@ typedef __u32 xfs_nlink_t; #include #include #include +#include #include #include diff --git a/fs/xfs/xfs_mount.h b/fs/xfs/xfs_mount.h index 503fe3c7edbf..f64bf75f50d6 100644 --- a/fs/xfs/xfs_mount.h +++ b/fs/xfs/xfs_mount.h @@ -109,6 +109,7 @@ typedef struct xfs_mount { struct xfs_mru_cache *m_filestream; /* per-mount filestream data */ struct workqueue_struct *m_buf_workqueue; struct workqueue_struct *m_unwritten_workqueue; + struct workqueue_struct *m_postread_workqueue; struct workqueue_struct *m_reclaim_workqueue; struct workqueue_struct *m_sync_workqueue; struct workqueue_struct *m_blockgc_wq; diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c index 5a2512d20bd0..b2b6c1f24c42 100644 --- a/fs/xfs/xfs_super.c +++ b/fs/xfs/xfs_super.c @@ -553,6 +553,12 @@ xfs_init_mount_workqueues( if (!mp->m_unwritten_workqueue) goto out_destroy_buf; + mp->m_postread_workqueue = alloc_workqueue("xfs-pread/%s", + XFS_WQFLAGS(WQ_FREEZABLE | WQ_MEM_RECLAIM), + 0, mp->m_super->s_id); + if (!mp->m_postread_workqueue) + goto out_destroy_postread; + mp->m_reclaim_workqueue = alloc_workqueue("xfs-reclaim/%s", XFS_WQFLAGS(WQ_FREEZABLE | WQ_MEM_RECLAIM), 0, mp->m_super->s_id); @@ -586,6 +592,8 @@ xfs_init_mount_workqueues( destroy_workqueue(mp->m_reclaim_workqueue); out_destroy_unwritten: destroy_workqueue(mp->m_unwritten_workqueue); +out_destroy_postread: + destroy_workqueue(mp->m_postread_workqueue); out_destroy_buf: destroy_workqueue(mp->m_buf_workqueue); out: @@ -601,6 +609,7 @@ xfs_destroy_mount_workqueues( destroy_workqueue(mp->m_inodegc_wq); destroy_workqueue(mp->m_reclaim_workqueue); destroy_workqueue(mp->m_unwritten_workqueue); + destroy_workqueue(mp->m_postread_workqueue); destroy_workqueue(mp->m_buf_workqueue); } From patchwork Mon Feb 12 16:58:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13553723 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 53C023F8E6 for ; Mon, 12 Feb 2024 17:00:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757214; cv=none; b=i0kwEa3andc38JOpFend0QL/Zl+l9DUMGCGheJXiUiUFGLVfotWI2WfdcEkHrVIi8r7PIF44cZmUprZZ/tlyKNZPXL5AfNCYQxAydZmbQB34PyCgOT4shn+VLimO05wAQzTsjsyoJwn2DXdlKu7KmgNi7puSZOftyTFJBDdjIJ0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757214; c=relaxed/simple; bh=VFVpQAY1yHQkk5bXii9EmNF0UK6uzvEHbR0wcMktVt8=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=DYYjY79jIKSGd5DmcK128TDd2aLEuxNed9utpuA+wRLNZavy7pHGk4c2SX0tCaY11V9WXpyVg61DpZxKL+W9QsmubE6e4h05nNCMvXjwUl0kivlGwTnktMBvE/6mMDdF0jbtSp3GqmoZuSlZgjsOdCcZPEo7dJrUCfJyglGHrWA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=aBWWGPKR; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="aBWWGPKR" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707757212; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tiuisFhZ01Xx+frHUN8loKfI2Y8CDrnkd+/7+0mxXSk=; b=aBWWGPKRzyLlBBS9H5j95zDlpl1j+sui7bzDOPF+gSCi6etMS8Tb0V8svPwXMCsJ0x1A// bvSfHlrlMSpXnOg4mIDRHrV+FjvkflrhbrurMoMTS0ZJiKxNqMxM4LIu6KkA19AO2aQ1J8 34sG4lARD+SkbsuzeylJFEy6yl0smc0= Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-422-Ars4POsjMlydJKrteZX49w-1; Mon, 12 Feb 2024 12:00:11 -0500 X-MC-Unique: Ars4POsjMlydJKrteZX49w-1 Received: by mail-ed1-f70.google.com with SMTP id 4fb4d7f45d1cf-55ffcfed2ffso4899354a12.0 for ; Mon, 12 Feb 2024 09:00:10 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707757209; x=1708362009; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tiuisFhZ01Xx+frHUN8loKfI2Y8CDrnkd+/7+0mxXSk=; b=Lmc77F8LPkBvgWxtFTtW6RMsgVJWh3OVwJDTX/0+SSrreyXuskHEq1hHtcckH0bhKt HEr5B9gIm4DGoLoM1gbsw9FM5xifCZtnScp5zChFC8128qSX0r8QfeKcawzOxFq5aGvv m4NAd/hgqrwIJTfx/UZrgYZQZGWeHEXOYr2+P11Le+xO6iMis7+BpRi9jGPUVFnqwF6T zP7D1dDkfUjdP/yX28hS0oTE9Paa2hfP1E450st3/K10EJMrllZSeudAlBZ4f0lAXpPr DFZA3weJF1wvcyaPkD6cghUeu7ST7wByYE22qmlB/AQonWbSPEPhhjx7WRezxiYi2Pgg 7isg== X-Gm-Message-State: AOJu0Yzg7vDUMAQ/5eyJfQIOse02IkrEkREKwmlzvYfHeR/IE+MP7rHr DWocoh4H0UU8FNgqMqdKg1V8Egw/ExmvgvLX2rh7U93sjuu0yqCDFgQqzEulVjOBprg7QgL6gPv wAm9iFaf3lnCJBf65nXQqD+ctpxu6UOmSPPKtvFi+WaJbgEXVGIzR2dvGEEMLDUXRZNaJ5sj2dH zjFV5bQImE91bBsHRi6cj3dpWa0ATeObi7nhJX/7U= X-Received: by 2002:a05:6402:4588:b0:561:3704:329c with SMTP id ig8-20020a056402458800b005613704329cmr56798edb.8.1707757209541; Mon, 12 Feb 2024 09:00:09 -0800 (PST) X-Google-Smtp-Source: AGHT+IEuxzAP71PoZ30mFTqexOTp5LBYKtJ1+ia4lDX9BR+UnguJoMAMEB3bfsNjY6wGbLunlbH8qA== X-Received: by 2002:a05:6402:4588:b0:561:3704:329c with SMTP id ig8-20020a056402458800b005613704329cmr56785edb.8.1707757209289; Mon, 12 Feb 2024 09:00:09 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCWJ95d5sD/ABfexBLVCukFXxEVdPLi2uxPrxq7h7b6O3r5tRvyWmiChUW+KM4oxHqBFYBWUnH72E7n0u80Zs611q5Fi612VDRRm7DoOPBaTIRABRrH4jviKk85ZoQQVlLdyUwnYHmTBJk81tLGwMWnm6xqpTXCO9x3/LCRXpxTZCFUeR8RtoofFPTwbSctB5lVaw/S7oQktEVdvGbcwHFXWj8nCQ9uGt64q Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id 14-20020a0564021f4e00b0056176e95a88sm2620261edz.32.2024.02.12.09.00.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Feb 2024 09:00:07 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v4 14/25] xfs: add attribute type for fs-verity Date: Mon, 12 Feb 2024 17:58:11 +0100 Message-Id: <20240212165821.1901300-15-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240212165821.1901300-1-aalbersh@redhat.com> References: <20240212165821.1901300-1-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com The Merkle tree blocks and descriptor are stored in the extended attributes of the inode. Add new attribute type for fs-verity metadata. Add XFS_ATTR_INTERNAL_MASK to skip parent pointer and fs-verity attributes as those are only for internal use. While we're at it add a few comments in relevant places that internally visible attributes are not suppose to be handled via interface defined in xfs_xattr.c. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong --- fs/xfs/libxfs/xfs_da_format.h | 10 +++++++++- fs/xfs/libxfs/xfs_log_format.h | 1 + fs/xfs/xfs_ioctl.c | 5 +++++ fs/xfs/xfs_trace.h | 3 ++- fs/xfs/xfs_xattr.c | 10 ++++++++++ 5 files changed, 27 insertions(+), 2 deletions(-) diff --git a/fs/xfs/libxfs/xfs_da_format.h b/fs/xfs/libxfs/xfs_da_format.h index 1b79c4de90bc..05b82e5b64fa 100644 --- a/fs/xfs/libxfs/xfs_da_format.h +++ b/fs/xfs/libxfs/xfs_da_format.h @@ -704,14 +704,22 @@ struct xfs_attr3_leafblock { #define XFS_ATTR_ROOT_BIT 1 /* limit access to trusted attrs */ #define XFS_ATTR_SECURE_BIT 2 /* limit access to secure attrs */ #define XFS_ATTR_PARENT_BIT 3 /* parent pointer attrs */ +#define XFS_ATTR_VERITY_BIT 4 /* verity merkle tree and descriptor */ #define XFS_ATTR_INCOMPLETE_BIT 7 /* attr in middle of create/delete */ #define XFS_ATTR_LOCAL (1u << XFS_ATTR_LOCAL_BIT) #define XFS_ATTR_ROOT (1u << XFS_ATTR_ROOT_BIT) #define XFS_ATTR_SECURE (1u << XFS_ATTR_SECURE_BIT) #define XFS_ATTR_PARENT (1u << XFS_ATTR_PARENT_BIT) +#define XFS_ATTR_VERITY (1u << XFS_ATTR_VERITY_BIT) #define XFS_ATTR_INCOMPLETE (1u << XFS_ATTR_INCOMPLETE_BIT) #define XFS_ATTR_NSP_ONDISK_MASK \ - (XFS_ATTR_ROOT | XFS_ATTR_SECURE | XFS_ATTR_PARENT) + (XFS_ATTR_ROOT | XFS_ATTR_SECURE | XFS_ATTR_PARENT | \ + XFS_ATTR_VERITY) + +/* + * Internal attributes not exposed to the user + */ +#define XFS_ATTR_INTERNAL_MASK (XFS_ATTR_PARENT | XFS_ATTR_VERITY) /* * Alignment for namelist and valuelist entries (since they are mixed diff --git a/fs/xfs/libxfs/xfs_log_format.h b/fs/xfs/libxfs/xfs_log_format.h index eb7406c6ea41..8bc83d9645fe 100644 --- a/fs/xfs/libxfs/xfs_log_format.h +++ b/fs/xfs/libxfs/xfs_log_format.h @@ -973,6 +973,7 @@ struct xfs_icreate_log { #define XFS_ATTRI_FILTER_MASK (XFS_ATTR_ROOT | \ XFS_ATTR_SECURE | \ XFS_ATTR_PARENT | \ + XFS_ATTR_VERITY | \ XFS_ATTR_INCOMPLETE) /* diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c index f02b6e558af5..048d83acda0a 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c @@ -352,6 +352,11 @@ static unsigned int xfs_attr_filter( u32 ioc_flags) { + /* + * Only externally visible attributes should be specified here. + * Internally used attributes (such as parent pointers or fs-verity) + * should not be exposed to userspace. + */ if (ioc_flags & XFS_IOC_ATTR_ROOT) return XFS_ATTR_ROOT; if (ioc_flags & XFS_IOC_ATTR_SECURE) diff --git a/fs/xfs/xfs_trace.h b/fs/xfs/xfs_trace.h index 07e8a69f8e56..0dd78a43c1f1 100644 --- a/fs/xfs/xfs_trace.h +++ b/fs/xfs/xfs_trace.h @@ -84,7 +84,8 @@ struct xfs_perag; { XFS_ATTR_ROOT, "ROOT" }, \ { XFS_ATTR_SECURE, "SECURE" }, \ { XFS_ATTR_INCOMPLETE, "INCOMPLETE" }, \ - { XFS_ATTR_PARENT, "PARENT" } + { XFS_ATTR_PARENT, "PARENT" }, \ + { XFS_ATTR_VERITY, "VERITY" } DECLARE_EVENT_CLASS(xfs_attr_list_class, TP_PROTO(struct xfs_attr_list_context *ctx), diff --git a/fs/xfs/xfs_xattr.c b/fs/xfs/xfs_xattr.c index 364104e1b38a..e4c88dde4e44 100644 --- a/fs/xfs/xfs_xattr.c +++ b/fs/xfs/xfs_xattr.c @@ -20,6 +20,13 @@ #include +/* + * This file defines interface to work with externally visible extended + * attributes, such as those in user, system or security namespaces. This + * interface should not be used for internally used attributes (consider + * xfs_attr.c). + */ + /* * Get permission to use log-assisted atomic exchange of file extents. * @@ -244,6 +251,9 @@ xfs_xattr_put_listent( ASSERT(context->count >= 0); + if (flags & XFS_ATTR_INTERNAL_MASK) + return; + if (flags & XFS_ATTR_ROOT) { #ifdef CONFIG_XFS_POSIX_ACL if (namelen == SGI_ACL_FILE_SIZE && From patchwork Mon Feb 12 16:58:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13553725 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 93C423D98B for ; Mon, 12 Feb 2024 17:00:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757217; cv=none; b=QhU9vcI6SWgbiYjCAEwi1dXYay6ZWUKDFyLGQv9PjdhOoLbrVzdty1pIbtzynsk1GHvuZck7MUi6dd5ZeKbc0i3I3RPCON4W7L4xS6CKb99f4u2qX4Qk8A2JUqXZrfIdeORvvHwhy9h7/joEvzssISfB+uVRLyzmVDqns6m8K0g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757217; c=relaxed/simple; bh=1ibjZZPlzIICrNjR9KHrVV/6aFSEbEoifUAOegz0qp0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=fvbuWdrJbk9qrmoiX64q++SV4GIQbxuebr4fCHChwTaA++Q3d/TdxL0R6ZAqWTfSGTH42Z+sfR7FD7fjQNwytMaGTtM47W2j9eVIzfzxoCCO0gsVrSz6KPkBaz7fRTpRqo/b9eWY7TEPtngnzGoWEfcLEiLa1+Rx0mCKw8ZG3AI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=RBs2cQVu; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="RBs2cQVu" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707757214; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QJ4tEZc1B7qqsV4bfz01n/jViHsnzIbXDrJkDK06xlg=; b=RBs2cQVufiL109Yr5Nf2vGErHEu8MYGEaEIEqykDsDstxOoGHZvhO5QB7K+g0zFC9Fdh0n x+CMv56wBEIVNnH5iU/bWN9aUbRU5tpVEoC/9kCqsT0Xnbx0IemEfw1xh2HV6YKOwC3lQD JrMufA2+VdEfc1V4lmoSHy+aNzEMIUg= Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-222-bBrTciPxP3iKCIJ40GNt-Q-1; Mon, 12 Feb 2024 12:00:13 -0500 X-MC-Unique: bBrTciPxP3iKCIJ40GNt-Q-1 Received: by mail-ed1-f71.google.com with SMTP id 4fb4d7f45d1cf-55fe7a5330aso1895169a12.3 for ; Mon, 12 Feb 2024 09:00:13 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707757212; x=1708362012; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QJ4tEZc1B7qqsV4bfz01n/jViHsnzIbXDrJkDK06xlg=; b=gbo01FN5icweEsxueXD1rind4a8+CAmJsqVQfqsx/GpJjcjbyoiDPNSMBag+SesbiF Adjk/hsnivZrBu0uRKkGu4KX6SSlxP4HQtg7r3y5nOYx/43yB1nu1KtQeO49JIcwO7vu YDnhpBTIuPjT/FcEHJjgdMGQJ03bjdeiIR1CwcPM0KViWX4oxVCtFbRDck6nKzjjW/Tn CxY2BGK3b9zXYByp6mGOeNYpsHPn9rp3UI0m1zZuERO/fbuy9+yfsKWTDSu1i7lxsMO3 edwMgFn/JGmZG6xXUGnctIqoCCj5w1C9u7/8yGOH6fXMj2rUXAlSB0GNNO826eqdqYZ/ giQQ== X-Gm-Message-State: AOJu0YwePuR5RxIAuwt+bPjeM0hi1Vc7NGm+QxiUepdkPSF8A7ETZpyK RA2HqOwh9e1m/Gtkx26qD6wMeSckfDnQp5iqTbWT8FgGEcR3/rhmd8PgQ2rOLP/P+ybtIVcesWV OPHSh3nyC2jo14pp2WFisXtZYLKosNaSHSqIxQoamSoDGAzHDa14Q1gqZUwyq3KMLDvua5m2lzJ VQEq3MVwK9/9O20JbVZo75+eRvJV7wOp+9qEgUd2w= X-Received: by 2002:aa7:d5c2:0:b0:560:cae:53f7 with SMTP id d2-20020aa7d5c2000000b005600cae53f7mr5267850eds.35.1707757212349; Mon, 12 Feb 2024 09:00:12 -0800 (PST) X-Google-Smtp-Source: AGHT+IFtHWiUhFcZMOEIL20WFxm6YxAN9efCZM6AXt/SbYB3/Uod4FAFOPMud3uNt5aY1GfxgzC8Ng== X-Received: by 2002:aa7:d5c2:0:b0:560:cae:53f7 with SMTP id d2-20020aa7d5c2000000b005600cae53f7mr5267750eds.35.1707757210095; Mon, 12 Feb 2024 09:00:10 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCWZwL63Q7TybuygEI8oPrsklBEsbINljyc7dI1P9zh0zKm43UvLoPSz6Voa45VYmbbg9YyikPKZfW1nu3FIqydRr0jb/4S0VGz0iq3/zOCRgrbmzCCg2NY6dWVJja1Nq09J5b1kg2Awn8IKxk7CIOK6rX+0feKGuxDpmCrjQuywbkD11kx4rVgurB6kBl5DVX1uIVvXSwajZcJHbIum+00H8Vm9jiAh1Uoj Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id 14-20020a0564021f4e00b0056176e95a88sm2620261edz.32.2024.02.12.09.00.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Feb 2024 09:00:09 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v4 15/25] xfs: make xfs_buf_get() to take XBF_* flags Date: Mon, 12 Feb 2024 17:58:12 +0100 Message-Id: <20240212165821.1901300-16-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240212165821.1901300-1-aalbersh@redhat.com> References: <20240212165821.1901300-1-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Allow passing XBF_* buffer flags from xfs_buf_get(). This will allow fs-verity to specify flag for increased buffer size. Signed-off-by: Andrey Albershteyn --- fs/xfs/libxfs/xfs_attr_remote.c | 2 +- fs/xfs/libxfs/xfs_sb.c | 2 +- fs/xfs/xfs_buf.h | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/fs/xfs/libxfs/xfs_attr_remote.c b/fs/xfs/libxfs/xfs_attr_remote.c index 72908e0e1c86..5762135dc2a6 100644 --- a/fs/xfs/libxfs/xfs_attr_remote.c +++ b/fs/xfs/libxfs/xfs_attr_remote.c @@ -521,7 +521,7 @@ xfs_attr_rmtval_set_value( dblkno = XFS_FSB_TO_DADDR(mp, map.br_startblock), dblkcnt = XFS_FSB_TO_BB(mp, map.br_blockcount); - error = xfs_buf_get(mp->m_ddev_targp, dblkno, dblkcnt, &bp); + error = xfs_buf_get(mp->m_ddev_targp, dblkno, dblkcnt, 0, &bp); if (error) return error; bp->b_ops = &xfs_attr3_rmt_buf_ops; diff --git a/fs/xfs/libxfs/xfs_sb.c b/fs/xfs/libxfs/xfs_sb.c index 5bb6e2bd6dee..f08108c9a297 100644 --- a/fs/xfs/libxfs/xfs_sb.c +++ b/fs/xfs/libxfs/xfs_sb.c @@ -1100,7 +1100,7 @@ xfs_update_secondary_sbs( error = xfs_buf_get(mp->m_ddev_targp, XFS_AG_DADDR(mp, pag->pag_agno, XFS_SB_DADDR), - XFS_FSS_TO_BB(mp, 1), &bp); + XFS_FSS_TO_BB(mp, 1), 0, &bp); /* * If we get an error reading or writing alternate superblocks, * continue. xfs_repair chooses the "best" superblock based diff --git a/fs/xfs/xfs_buf.h b/fs/xfs/xfs_buf.h index 8f418f726592..80566ee444f8 100644 --- a/fs/xfs/xfs_buf.h +++ b/fs/xfs/xfs_buf.h @@ -245,11 +245,12 @@ xfs_buf_get( struct xfs_buftarg *target, xfs_daddr_t blkno, size_t numblks, + xfs_buf_flags_t flags, struct xfs_buf **bpp) { DEFINE_SINGLE_BUF_MAP(map, blkno, numblks); - return xfs_buf_get_map(target, &map, 1, 0, bpp); + return xfs_buf_get_map(target, &map, 1, flags, bpp); } static inline int From patchwork Mon Feb 12 16:58:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13553726 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7A56E3D99E for ; Mon, 12 Feb 2024 17:00:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757219; cv=none; b=mflEYEZ2FaFq4EKh3Q7njKg8uC0Iq2q+LPiiqA2n11tmAaZE8LX2mlfgO3w+weU+07G4Jc5lG4vr7X5D3AwFvoTQ3rfEDH0GQsvg+ZIaqB2AniKko+RBgr2HJvcB62TNXEH6phVfKV+HEBXlnxnd99YqSyo29qIK+yCUC9S93+Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757219; c=relaxed/simple; bh=wNIW/W+YCPZOMVmYt21a2Fgepob4iaeWS1zUwwO+tX4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=lz3bwf7ybFJxvpE++wNNUCB7ER+vp4zmtmrh+Gvt0y1Mj9fYVOUKhlQVzUOl/pLGK/uizw+Rmk509pWXxxeePrSIqLlIISW5epen1FAxsSwQy2z3/9oTYPzrDRNgyTuxdJvurG8YEnxC+BFtmQZsansE2uYQ/dg55LYRnquWYgU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=bs0VLqkg; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="bs0VLqkg" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707757216; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HjNaCcVPbGjsbiOXI+W7wF6VbX0l3c5qvi60YHzKwuo=; b=bs0VLqkgrAhrmW1Z3fxplEpVQnlcNh/bgnHAoqWB1YRzJPgfDSEsF3A4051ZFfJUYo/7VW PgUDYA446oYIh0e0inTqEp6fyMlCA/U7ClDYcTLsOJbrNNany6z5dyuN9glcrUQTme4Tqo F1e7W02bnLPZfMiEkzhWX1SHIEZNy1A= Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-352-C3W0X_m_OQunTGK67Xz2IQ-1; Mon, 12 Feb 2024 12:00:15 -0500 X-MC-Unique: C3W0X_m_OQunTGK67Xz2IQ-1 Received: by mail-ed1-f70.google.com with SMTP id 4fb4d7f45d1cf-560fc724014so1826025a12.2 for ; Mon, 12 Feb 2024 09:00:15 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707757214; x=1708362014; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HjNaCcVPbGjsbiOXI+W7wF6VbX0l3c5qvi60YHzKwuo=; b=cxDmoejcbax9NglSM5TXOele+CcJFykkAox4Y/r9w88qo2qAleZHfu/wpfIIoXYJyD P4Mo6t9N6Uoiwkh8IQlkeZhhqnInwcA2eHgqgBk8GCJtWx+MaQWOSlNJAR+37sc4zQuo 9YvYTFRknirLQD+4nFWOo8rOUtCGTLZ3PaKzLN3HkIscfwnp+70+oYNFYjrMqjdt27Dw a2yUCfdX1YEB+2wQksxZ7jLjcrmsL0SRskwwwd9Pmt2yauvI2ZFGlQIyon9p9w2y+Z4h dm9l2lQH0PCOFAE3MXLqamkzmA/OuDXskBmoOlZJ30wPe5itn098r4ZEsGuQnu1hV0Kr pxRg== X-Gm-Message-State: AOJu0Yxo6I3nFvq3B/6wge9DtfHFPJyPsh/rjOpsZ2B07BNxa8CgiR79 j/AVVGxl8OEPpWkh9ELHiv1Cw6wbhWQcHC2nrUMjcasZCLoM6hjekXOYdMmLgL71iO7y8e0TkJ+ CA34XcI9qF0DHg8q8DlVHiR/O+pAOL1gv6HukfzAVIYsv9t25s5JxvXPRrCpwKWi/DqJhy1qvJ7 8DtKCwfwnZVHef2HEvtpWECwSK8ZIn0PkGZNTTXo4= X-Received: by 2002:a05:6402:340f:b0:560:c70f:9a0a with SMTP id k15-20020a056402340f00b00560c70f9a0amr5749038edc.1.1707757214036; Mon, 12 Feb 2024 09:00:14 -0800 (PST) X-Google-Smtp-Source: AGHT+IGaVyoDnUYHyjbhnfm0ylTX+NNCK45Hn8iWWe9/m395Kzs+0F05MXh/leILB7t1EK6GC5zbnw== X-Received: by 2002:a05:6402:340f:b0:560:c70f:9a0a with SMTP id k15-20020a056402340f00b00560c70f9a0amr5748998edc.1.1707757213387; Mon, 12 Feb 2024 09:00:13 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCVD8cj7TfTbKAJSOPfBbwNerkXbl4qtSTAJv587exJ1YNV30AX02UMtG7ezAhc0pcs6K0RJBtgByE/mknC7NxOtxFgDDxrlHdwvGmnwdtFpmutdySih3hgtJgKqHfd29qFzB3ut117WfLVCqLzImoBR+sXvwPO35RCReUKQfwL+nIsWpvz2UyFPLgBQ1A6Qz3nHw6tL3Hqqg9AN2rjL3RVO942AtvHYHzGP Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id 14-20020a0564021f4e00b0056176e95a88sm2620261edz.32.2024.02.12.09.00.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Feb 2024 09:00:12 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v4 16/25] xfs: add XBF_DOUBLE_ALLOC to increase size of the buffer Date: Mon, 12 Feb 2024 17:58:13 +0100 Message-Id: <20240212165821.1901300-17-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240212165821.1901300-1-aalbersh@redhat.com> References: <20240212165821.1901300-1-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com For fs-verity integration, XFS needs to supply kaddr'es of Merkle tree blocks to fs-verity core and track which blocks are already verified. One way to track verified status is to set xfs_buf flag (previously added XBF_VERITY_SEEN). When xfs_buf is evicted from memory we loose verified status. Otherwise, fs-verity hits the xfs_buf which is still in cache and contains already verified blocks. However, the leaf blocks which are read to the xfs_buf contains leaf headers. xfs_attr_get() allocates new pages and copies out the data without header. Those newly allocated pages with extended attribute data are not attached to the buffer anymore. Add new XBF_DOUBLE_ALLOC which makes xfs_buf allocates x2 memory for the buffer. Additional memory will be used for a copy of the attribute data but without any headers. Also, make xfs_attr_rmtval_get() to copy data to the buffer itself if XFS asked for fs-verity block. Signed-off-by: Andrey Albershteyn --- fs/xfs/libxfs/xfs_attr_remote.c | 26 ++++++++++++++++++++++++-- fs/xfs/xfs_buf.c | 6 +++++- fs/xfs/xfs_buf.h | 2 ++ 3 files changed, 31 insertions(+), 3 deletions(-) diff --git a/fs/xfs/libxfs/xfs_attr_remote.c b/fs/xfs/libxfs/xfs_attr_remote.c index 5762135dc2a6..1d32041412cc 100644 --- a/fs/xfs/libxfs/xfs_attr_remote.c +++ b/fs/xfs/libxfs/xfs_attr_remote.c @@ -392,12 +392,22 @@ xfs_attr_rmtval_get( int blkcnt = args->rmtblkcnt; int i; int offset = 0; + int flags = 0; + void *addr; trace_xfs_attr_rmtval_get(args); ASSERT(args->valuelen != 0); ASSERT(args->rmtvaluelen == args->valuelen); + /* + * We also check for _OP_BUFFER as we want to trigger on + * verity blocks only, not on verity_descriptor + */ + if (args->attr_filter & XFS_ATTR_VERITY && + args->op_flags & XFS_DA_OP_BUFFER) + flags = XBF_DOUBLE_ALLOC; + valuelen = args->rmtvaluelen; while (valuelen > 0) { nmap = ATTR_RMTVALUE_MAPSIZE; @@ -417,10 +427,21 @@ xfs_attr_rmtval_get( dblkno = XFS_FSB_TO_DADDR(mp, map[i].br_startblock); dblkcnt = XFS_FSB_TO_BB(mp, map[i].br_blockcount); error = xfs_buf_read(mp->m_ddev_targp, dblkno, dblkcnt, - 0, &bp, &xfs_attr3_rmt_buf_ops); + flags, &bp, &xfs_attr3_rmt_buf_ops); if (error) return error; + /* + * For fs-verity we allocated more space. That space is + * filled with the same xattr data but without leaf + * headers. Point args->value to that data + */ + if (flags & XBF_DOUBLE_ALLOC) { + addr = xfs_buf_offset(bp, BBTOB(bp->b_length)); + args->value = addr; + dst = addr; + } + error = xfs_attr_rmtval_copyout(mp, bp, args->dp->i_ino, &offset, &valuelen, &dst); @@ -521,7 +542,8 @@ xfs_attr_rmtval_set_value( dblkno = XFS_FSB_TO_DADDR(mp, map.br_startblock), dblkcnt = XFS_FSB_TO_BB(mp, map.br_blockcount); - error = xfs_buf_get(mp->m_ddev_targp, dblkno, dblkcnt, 0, &bp); + error = xfs_buf_get(mp->m_ddev_targp, dblkno, dblkcnt, + XBF_DOUBLE_ALLOC, &bp); if (error) return error; bp->b_ops = &xfs_attr3_rmt_buf_ops; diff --git a/fs/xfs/xfs_buf.c b/fs/xfs/xfs_buf.c index 8e5bd50d29fe..2645e64f2439 100644 --- a/fs/xfs/xfs_buf.c +++ b/fs/xfs/xfs_buf.c @@ -328,6 +328,9 @@ xfs_buf_alloc_kmem( xfs_km_flags_t kmflag_mask = KM_NOFS; size_t size = BBTOB(bp->b_length); + if (flags & XBF_DOUBLE_ALLOC) + size *= 2; + /* Assure zeroed buffer for non-read cases. */ if (!(flags & XBF_READ)) kmflag_mask |= KM_ZERO; @@ -358,6 +361,7 @@ xfs_buf_alloc_pages( { gfp_t gfp_mask = __GFP_NOWARN; long filled = 0; + int mul = (bp->b_flags & XBF_DOUBLE_ALLOC) ? 2 : 1; if (flags & XBF_READ_AHEAD) gfp_mask |= __GFP_NORETRY; @@ -365,7 +369,7 @@ xfs_buf_alloc_pages( gfp_mask |= GFP_NOFS; /* Make sure that we have a page list */ - bp->b_page_count = DIV_ROUND_UP(BBTOB(bp->b_length), PAGE_SIZE); + bp->b_page_count = DIV_ROUND_UP(BBTOB(bp->b_length*mul), PAGE_SIZE); if (bp->b_page_count <= XB_PAGES) { bp->b_pages = bp->b_page_array; } else { diff --git a/fs/xfs/xfs_buf.h b/fs/xfs/xfs_buf.h index 80566ee444f8..8ca8760c401e 100644 --- a/fs/xfs/xfs_buf.h +++ b/fs/xfs/xfs_buf.h @@ -33,6 +33,7 @@ struct xfs_buf; #define XBF_STALE (1u << 6) /* buffer has been staled, do not find it */ #define XBF_WRITE_FAIL (1u << 7) /* async writes have failed on this buffer */ #define XBF_VERITY_SEEN (1u << 8) /* buffer was processed by fs-verity */ +#define XBF_DOUBLE_ALLOC (1u << 9) /* double allocated space */ /* buffer type flags for write callbacks */ #define _XBF_INODES (1u << 16)/* inode buffer */ @@ -67,6 +68,7 @@ typedef unsigned int xfs_buf_flags_t; { XBF_STALE, "STALE" }, \ { XBF_WRITE_FAIL, "WRITE_FAIL" }, \ { XBF_VERITY_SEEN, "VERITY_SEEN" }, \ + { XBF_DOUBLE_ALLOC, "DOUBLE_ALLOC" }, \ { _XBF_INODES, "INODES" }, \ { _XBF_DQUOTS, "DQUOTS" }, \ { _XBF_LOGRECOVERY, "LOG_RECOVERY" }, \ From patchwork Mon Feb 12 16:58:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13553727 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3D6643D97F for ; Mon, 12 Feb 2024 17:00:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757220; cv=none; b=DqIf+CWBwq0nElxdsj+ZrgUjGFD1W7X4I56gYR5/ckK1fnBC5i5YFyNA3JwozxKaA4IXSXeuIntGawrvLELg87pho1OP5lcXhiS50+FUOLH/Yb5s8izXLBfia+UJu42SiVdG6BNmmBozpuiSNOhF/87Z1u44T4qSnz2Z3Q3DUs0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757220; c=relaxed/simple; bh=pVmlSRKI77dHrm8r3OHykDJVeVPxd3lIODzreg53UVg=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=qOr6DZM+qL9Vuo13A9X2Rx78QlnszZkHqMIcI40pCvUNiM01rB352ZAaGgABvd2QmUaK4tsyF199kCgRvFDGvfwDaXo9etocr2WIESsmKeXKk1loLxrr4aGPFfO1Nd8cQcMbIGSddF9ArODWz3ji47DN+BqPfVePkFkvpDtoLVg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=J/XyIR1O; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="J/XyIR1O" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707757217; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fphYrB6sUkyfpqUcwfmVchz36DNELZ1YDE/WUi+9F/o=; b=J/XyIR1OJsleJDLMDaySVkTK+9iDc04WZtk7CzqorrTpAJRIdEaG6B3QeQNuUyFPcHZWP5 EiCItIyRcLd8qQF1Pummyys2W7a9dPPU/rBXA52omkFigKT2qtr6qrwjW+4KxhSA1WbVEa lOWw51RoEbJuzwmvWcGnrj3WCM3/oUI= Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-690-umO9B58nO4aFs-wWSdCnQg-1; Mon, 12 Feb 2024 12:00:16 -0500 X-MC-Unique: umO9B58nO4aFs-wWSdCnQg-1 Received: by mail-ed1-f71.google.com with SMTP id 4fb4d7f45d1cf-56001d4c9c8so2107783a12.0 for ; Mon, 12 Feb 2024 09:00:16 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707757215; x=1708362015; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fphYrB6sUkyfpqUcwfmVchz36DNELZ1YDE/WUi+9F/o=; b=cdNzjvKKoHbxVEY2d1R5iDNiMCBs2yrSUjX5JheaHIvlpa87KQfwIDhyJbWArYoz+f gCtC+4VOisqMCJQ8tmu/0Kw7aboQwIozO6jsLERM6RvPYjYGzdhzLDcT5rGMDiwy0esx 1V7mS2QGNw5eb/MikIxMKaifvZSK78Ab4dDxlw4QIZsfcYZpedawnaAi7JJqpm+5K9OC NgEyCbiA7g+cCTnLuTVhwk8Gf+Y+y0m7U7WI3ebE/wpc97f7iJYeiDF8Vj/X3sAIgnEq TksuLUSkyuH1i4T5Nh0+ut1m9ltPP4mTo/vqCbEIaBr8aENtZ/lv8IdQheh0Fuyu9Em5 LmJg== X-Gm-Message-State: AOJu0YyznGzVlsID38fDHOsUEVUg4ff501URUFbvvl+FVjtFSbWqoI+p OXbJ9kZj5MV3K43q/vdICMBn87uPcBTfTZzMwjpY7TAsZoXrp4IPW3eoENdTtDSjGEbEsn/YYSW 2g2oqsuTFYezLkpeD79/yiFMar58vCmwPxqmLpyoEUMtIAgNR+RlcD//LMPkNJiIvsjl+N+y1MQ TKY93DfQoHN2FWwsrwQvwyFEzZg36eitt7qW6N8OA= X-Received: by 2002:a05:6402:3182:b0:561:9653:339b with SMTP id di2-20020a056402318200b005619653339bmr3101063edb.6.1707757214802; Mon, 12 Feb 2024 09:00:14 -0800 (PST) X-Google-Smtp-Source: AGHT+IGwXyTc1WDID6ZK3dghl3ZVDvmLmjzfMuJagmfzU9Q45OSVgWpX4Xn14kp782bIiAYg+O5YzQ== X-Received: by 2002:a05:6402:3182:b0:561:9653:339b with SMTP id di2-20020a056402318200b005619653339bmr3101050edb.6.1707757214474; Mon, 12 Feb 2024 09:00:14 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCWr/msPaoxmdV6je+9fjRcJyx0FORnDgMNTVsrKDBO77lk7qytfj7mACy32Wl5c1ILnbEJUGH70jkuuGtrgPTPFmH97wlyoLBwoUYry2j/rOtyJJkiPAHDWtAdQHX3SGTTZjk4fe0n+nH0SNee1OfRhzqnoBPcVAKkUUtlvn1LThhagniTPFQUxltPDo73CsbJsqbvP59ndRbiCO3y/FNlMUtbBk5L2Blyq Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id 14-20020a0564021f4e00b0056176e95a88sm2620261edz.32.2024.02.12.09.00.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Feb 2024 09:00:13 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v4 17/25] xfs: add fs-verity ro-compat flag Date: Mon, 12 Feb 2024 17:58:14 +0100 Message-Id: <20240212165821.1901300-18-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240212165821.1901300-1-aalbersh@redhat.com> References: <20240212165821.1901300-1-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com To mark inodes with fs-verity enabled the new XFS_DIFLAG2_VERITY flag will be added in further patch. This requires ro-compat flag to let older kernels know that fs with fs-verity can not be modified. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong --- fs/xfs/libxfs/xfs_format.h | 1 + fs/xfs/libxfs/xfs_sb.c | 2 ++ fs/xfs/xfs_mount.h | 2 ++ 3 files changed, 5 insertions(+) diff --git a/fs/xfs/libxfs/xfs_format.h b/fs/xfs/libxfs/xfs_format.h index 382ab1e71c0b..e36718c93539 100644 --- a/fs/xfs/libxfs/xfs_format.h +++ b/fs/xfs/libxfs/xfs_format.h @@ -353,6 +353,7 @@ xfs_sb_has_compat_feature( #define XFS_SB_FEAT_RO_COMPAT_RMAPBT (1 << 1) /* reverse map btree */ #define XFS_SB_FEAT_RO_COMPAT_REFLINK (1 << 2) /* reflinked files */ #define XFS_SB_FEAT_RO_COMPAT_INOBTCNT (1 << 3) /* inobt block counts */ +#define XFS_SB_FEAT_RO_COMPAT_VERITY (1 << 4) /* fs-verity */ #define XFS_SB_FEAT_RO_COMPAT_ALL \ (XFS_SB_FEAT_RO_COMPAT_FINOBT | \ XFS_SB_FEAT_RO_COMPAT_RMAPBT | \ diff --git a/fs/xfs/libxfs/xfs_sb.c b/fs/xfs/libxfs/xfs_sb.c index f08108c9a297..dcb6b15714b1 100644 --- a/fs/xfs/libxfs/xfs_sb.c +++ b/fs/xfs/libxfs/xfs_sb.c @@ -163,6 +163,8 @@ xfs_sb_version_to_features( features |= XFS_FEAT_REFLINK; if (sbp->sb_features_ro_compat & XFS_SB_FEAT_RO_COMPAT_INOBTCNT) features |= XFS_FEAT_INOBTCNT; + if (sbp->sb_features_ro_compat & XFS_SB_FEAT_RO_COMPAT_VERITY) + features |= XFS_FEAT_VERITY; if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_FTYPE) features |= XFS_FEAT_FTYPE; if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_SPINODES) diff --git a/fs/xfs/xfs_mount.h b/fs/xfs/xfs_mount.h index f64bf75f50d6..5de007989b71 100644 --- a/fs/xfs/xfs_mount.h +++ b/fs/xfs/xfs_mount.h @@ -290,6 +290,7 @@ typedef struct xfs_mount { #define XFS_FEAT_BIGTIME (1ULL << 24) /* large timestamps */ #define XFS_FEAT_NEEDSREPAIR (1ULL << 25) /* needs xfs_repair */ #define XFS_FEAT_NREXT64 (1ULL << 26) /* large extent counters */ +#define XFS_FEAT_VERITY (1ULL << 27) /* fs-verity */ /* Mount features */ #define XFS_FEAT_NOATTR2 (1ULL << 48) /* disable attr2 creation */ @@ -353,6 +354,7 @@ __XFS_HAS_FEAT(inobtcounts, INOBTCNT) __XFS_HAS_FEAT(bigtime, BIGTIME) __XFS_HAS_FEAT(needsrepair, NEEDSREPAIR) __XFS_HAS_FEAT(large_extent_counts, NREXT64) +__XFS_HAS_FEAT(verity, VERITY) /* * Mount features From patchwork Mon Feb 12 16:58:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13553728 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1AE2F3FB1E for ; Mon, 12 Feb 2024 17:00:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757221; cv=none; b=geVs5a5opC/YOJKSXDr3IIjcz5fHAp9i4CobWnggNuooER6/BalQO+rjMQf0WIFJkhp2tw/OUc7yqkEra0fqJfFQlWNHrbztbl54szSkhx6gFoem9VhCS20Pm0JTjvzARIEfFJKHwh8pDA7orIO/hJjtZza3TuizkZdNY9VfsUU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757221; c=relaxed/simple; bh=5efDprULe6taPXbMIbssh9R9ZTvpV1+LRg5VBOs1ncI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=rYDzEuCeY92fGd72UFlIGQ/aL8n/UzD8PrpycwMEO9wHgHH05LBmrwKmDGHdrbjZ+Otxix9TXlSsFZm9PwfNMYhJ4zA4uGYcVpOYlY8b11NZbdzPML/og0LGcKPJwK5xJG2Ij2nNbGUKQFFEvERbQF7vA0KdQFwH9ZbG3yrmf0s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=AfmU0LjR; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="AfmU0LjR" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707757219; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JU0n6o39Qx9ylv78PJjsl41s62AUUJ55j4stQvjouKk=; b=AfmU0LjRjreOyTIWqWD3onJOqur3roHyTNDVQwFTkzbQS8gAPuhV+eYd6MQIcgqUEDmlcO oOw1WeFX5CU79UPS8ereCv7D/rvuFHSlyu+6iWd5mDV1LADqRACMU2HryjTvjtD5LxjTBn kqy22ATtDEbw+RgtqdBPmCRPGVGTLGM= Received: from mail-lj1-f200.google.com (mail-lj1-f200.google.com [209.85.208.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-425-6vkU4-lYPNq2EZfbWgskpw-1; Mon, 12 Feb 2024 12:00:17 -0500 X-MC-Unique: 6vkU4-lYPNq2EZfbWgskpw-1 Received: by mail-lj1-f200.google.com with SMTP id 38308e7fff4ca-2d0c647f8ddso36267561fa.3 for ; Mon, 12 Feb 2024 09:00:17 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707757216; x=1708362016; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JU0n6o39Qx9ylv78PJjsl41s62AUUJ55j4stQvjouKk=; b=ZZmED631liHVYCXAi5dr3dKG2G9wAVZlBNU8t7/eZNz1Cc4IE1NBvDoGNy4f2ifEYl WH2NkcCUNnL3nskep1gWQjPGylEkVD2ItG9Crwo3zsNk21vikjpmam3CQy71Lu17AiHK VmDmVlG0VuZFCvLVqgJjOE4HDs+k6qla2PnWkc4+yBzvAtGlwwCJ4ktHsPt3sjVDm/KP eQnDqeEWNGyaaAJGJmDEq1/OgttS5ZCqpI/TBpBOG/vdGUjVt5FzEMXL/ZzXE4utOlx1 c+Cp4FrgQ9oR5WN2c44QAE3huszYsj/XTTOzmtoe4KnHBZndXOcqdNfOK7ymLXl7Xj7z 60rw== X-Gm-Message-State: AOJu0YzKFDTOeLiYHX6OW2K0NBWcWUKdW58TA+j0AclFvD8iZD4liwoR u81OoML4THUOocbJNdQy0h70dMudC0Gtv+oblC+sLL8EpUzxbEXC2jdr++T25UacnXfg2FulPWW 5IZhcGT4oQrZDvTrEeBR1Peb1KD1qDtbogIel1nQS21GclJnu+VsBTa3VaCTO2YpD3kASoYsEki eTNASahtXL0lhmHdk7kYdHnue9ng0FFW04sV5DcK4= X-Received: by 2002:a2e:a586:0:b0:2d0:b758:93a5 with SMTP id m6-20020a2ea586000000b002d0b75893a5mr5900130ljp.18.1707757216170; Mon, 12 Feb 2024 09:00:16 -0800 (PST) X-Google-Smtp-Source: AGHT+IGWfgm/7xQWafBoXVO5m9B2+ecerqMNgmsVK2YVSO0I9LtMY6feCLDnkZOBYsU2n0tsoz4y0g== X-Received: by 2002:a2e:a586:0:b0:2d0:b758:93a5 with SMTP id m6-20020a2ea586000000b002d0b75893a5mr5900112ljp.18.1707757215872; Mon, 12 Feb 2024 09:00:15 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCVn/DPoAemeqvTkQ5zPfLy0hfJFjk4TKK9KhFtVG/UOJ0tl9rOXnZCBL8KZ35eC5xFC6HRbtaADDRpp9DzBfnmNOnXh/NJJ2tH4savAB+mNHahiaMS1HqsVSp99kIhOulubeOW05Q8flG8Rj8GTfbLcvB7+d6vIzEk3qyIoCg29wS/er+jC/w7fwJlPStbzeOShAmMTlvX7WCihOqzG7zVA6CevqmamhlIf Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id 14-20020a0564021f4e00b0056176e95a88sm2620261edz.32.2024.02.12.09.00.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Feb 2024 09:00:14 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v4 18/25] xfs: add inode on-disk VERITY flag Date: Mon, 12 Feb 2024 17:58:15 +0100 Message-Id: <20240212165821.1901300-19-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240212165821.1901300-1-aalbersh@redhat.com> References: <20240212165821.1901300-1-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Add flag to mark inodes which have fs-verity enabled on them (i.e. descriptor exist and tree is built). Signed-off-by: Andrey Albershteyn --- fs/xfs/libxfs/xfs_format.h | 4 +++- fs/xfs/xfs_inode.c | 2 ++ fs/xfs/xfs_iops.c | 2 ++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/fs/xfs/libxfs/xfs_format.h b/fs/xfs/libxfs/xfs_format.h index e36718c93539..ea78b595aa97 100644 --- a/fs/xfs/libxfs/xfs_format.h +++ b/fs/xfs/libxfs/xfs_format.h @@ -1086,16 +1086,18 @@ static inline void xfs_dinode_put_rdev(struct xfs_dinode *dip, xfs_dev_t rdev) #define XFS_DIFLAG2_COWEXTSIZE_BIT 2 /* copy on write extent size hint */ #define XFS_DIFLAG2_BIGTIME_BIT 3 /* big timestamps */ #define XFS_DIFLAG2_NREXT64_BIT 4 /* large extent counters */ +#define XFS_DIFLAG2_VERITY_BIT 5 /* inode sealed by fsverity */ #define XFS_DIFLAG2_DAX (1 << XFS_DIFLAG2_DAX_BIT) #define XFS_DIFLAG2_REFLINK (1 << XFS_DIFLAG2_REFLINK_BIT) #define XFS_DIFLAG2_COWEXTSIZE (1 << XFS_DIFLAG2_COWEXTSIZE_BIT) #define XFS_DIFLAG2_BIGTIME (1 << XFS_DIFLAG2_BIGTIME_BIT) #define XFS_DIFLAG2_NREXT64 (1 << XFS_DIFLAG2_NREXT64_BIT) +#define XFS_DIFLAG2_VERITY (1 << XFS_DIFLAG2_VERITY_BIT) #define XFS_DIFLAG2_ANY \ (XFS_DIFLAG2_DAX | XFS_DIFLAG2_REFLINK | XFS_DIFLAG2_COWEXTSIZE | \ - XFS_DIFLAG2_BIGTIME | XFS_DIFLAG2_NREXT64) + XFS_DIFLAG2_BIGTIME | XFS_DIFLAG2_NREXT64 | XFS_DIFLAG2_VERITY) static inline bool xfs_dinode_has_bigtime(const struct xfs_dinode *dip) { diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c index 1fd94958aa97..6289a0c49780 100644 --- a/fs/xfs/xfs_inode.c +++ b/fs/xfs/xfs_inode.c @@ -629,6 +629,8 @@ xfs_ip2xflags( flags |= FS_XFLAG_DAX; if (ip->i_diflags2 & XFS_DIFLAG2_COWEXTSIZE) flags |= FS_XFLAG_COWEXTSIZE; + if (ip->i_diflags2 & XFS_DIFLAG2_VERITY) + flags |= FS_XFLAG_VERITY; } if (xfs_inode_has_attr_fork(ip)) diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c index a0d77f5f512e..8972274b8bc0 100644 --- a/fs/xfs/xfs_iops.c +++ b/fs/xfs/xfs_iops.c @@ -1242,6 +1242,8 @@ xfs_diflags_to_iflags( flags |= S_NOATIME; if (init && xfs_inode_should_enable_dax(ip)) flags |= S_DAX; + if (xflags & FS_XFLAG_VERITY) + flags |= S_VERITY; /* * S_DAX can only be set during inode initialization and is never set by From patchwork Mon Feb 12 16:58:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13553729 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1BA9D3E464 for ; Mon, 12 Feb 2024 17:00:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757222; cv=none; b=qZqlMePcZJQORyQ24+bTYnjWrvWiNWfl5Np/5zqG4xOCMPJy+08YON0hUWHCSNIkbA/YWfR7OCxe9vYC4NKehQSCmOpY5w1Q4j3tll4Q0rCsmbqmotAGqk+OWMMefX5wdyZOP1rIiRhJ/pXInKGQ+g3AYbFA7AGk7b8RKIvfaz4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757222; c=relaxed/simple; bh=uRpqcFHztW6mv8ys9x1B06hDBwaQZHF8LlWlh4KeXNk=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=saRuZUXGHKsCcukDySpb5ZEgAsMC0H4Pr6tRtt1itn8TJNILCe/pjfxGMcG5hEqxZZ9p8a/O9P45qWQycYV48g1zBcQ/Tcs3yacnA9pnNWxCssqkzP+mHeUizgaMhV5W9CsHLwCpvJdLf6EvXop35Jd4p+0CzoE4Q9B/Tfo8y+I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=OPbr9eVJ; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="OPbr9eVJ" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707757220; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=K4IPa0qcdOfoZGhIk7o1SuO7zkizJ6265PJwpzaMwSg=; b=OPbr9eVJIRCra1k6wEgVqjv831ZNQddpSPxnvRZ4u6rScJOqi1skcXgncn7XjazXMjiQL4 0c7UNB1pIMD2GS1OdXK/waSFOa1Dw4/xssQThVBtTLkTfpCPPvMQU/S5uJlgooU5+1IO7Z NQZX6o5CYHuYB/MsF5EV43Xd+94Jsok= Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com [209.85.208.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-3-7Hm1OvLwOw-p_gPTvJbsuA-1; Mon, 12 Feb 2024 12:00:18 -0500 X-MC-Unique: 7Hm1OvLwOw-p_gPTvJbsuA-1 Received: by mail-ed1-f72.google.com with SMTP id 4fb4d7f45d1cf-5597da35ebbso2421005a12.2 for ; Mon, 12 Feb 2024 09:00:18 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707757217; x=1708362017; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=K4IPa0qcdOfoZGhIk7o1SuO7zkizJ6265PJwpzaMwSg=; b=e4IpA7PFBpXLEC1AckVtV7mBLbb3q4gHifXdzWEGSBYs1owUxrHM+Gs9BrMR6z9FFZ ErD6obOLi/eRqAgJn0bbsuzen7Dg36FVFQ1W2+P84RyhKX0J49x6s6NkJDNX8ZGMydKi 4soAsh+Yv7qz/LCgZQeAQ9kMvKhQt+62lOLuQ+rcqOLokp2X9525fJL6SmBUv2bx665O INKBsoZV6aswf1EwgCUcBzKzU4JAQ+BQeyQ1KQmZLwJiZKililZeFcvS5dmll1r21tYV oyYYn7Zi5IaNVBURAZLnWjfykk9X6GhVf2SyN5RpktMI/AUAz9ynw0UoSa3l+18QAP9x QziA== X-Gm-Message-State: AOJu0YzwLlNUrfE//3IGyMyOqxJt8ExK96E0puO2WFSu9tJo23SAGZ6w cY1qnuKiekXSt3EtraySE08TMSanLI7miEIRUtgOdrW7VIkwm6dnZBzmtJ0TuUNgJKLGHOLznuS dqSwP0s+uZeW5WK2jG2Xx3tlGPmUuGIxyyxzC4FijcXvlxx200HC4BZhXvKGwCHP3rismiloCzr muD4DT7hPdmAHv9UMyT2AurfZ+yvGfsiecKqSDGJw= X-Received: by 2002:aa7:c38d:0:b0:561:dd88:cffc with SMTP id k13-20020aa7c38d000000b00561dd88cffcmr465754edq.28.1707757217499; Mon, 12 Feb 2024 09:00:17 -0800 (PST) X-Google-Smtp-Source: AGHT+IHksA5ai7JOoS0uklOVKI1iGk/wOmBYywj8HWtXzARiX88G09MpjFmNbBH4phxpiPQJH/VdNw== X-Received: by 2002:aa7:c38d:0:b0:561:dd88:cffc with SMTP id k13-20020aa7c38d000000b00561dd88cffcmr465738edq.28.1707757217252; Mon, 12 Feb 2024 09:00:17 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCXR1m0bOpBoqPXPgXXYaM9xtNMBrhn4WE1Pg/SJk4bnMQdTF9h8ffsK3KWu15iaJi6Z23nltfiz5dIXnKMptfo4UjJ0x/eI7CWd4H2jF97ZLwCYDKHPNU2p2YlMAanXkf+nNaNF0xypLv5AaDh61uecKausA88SdVC6PnzrvLFKxQbUkiSyZ3hdYGSeHT4kr6p3yDrqqsiA5JLSxLyJaGGrWGufxilwbyNg Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id 14-20020a0564021f4e00b0056176e95a88sm2620261edz.32.2024.02.12.09.00.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Feb 2024 09:00:16 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v4 19/25] xfs: initialize fs-verity on file open and cleanup on inode destruction Date: Mon, 12 Feb 2024 17:58:16 +0100 Message-Id: <20240212165821.1901300-20-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240212165821.1901300-1-aalbersh@redhat.com> References: <20240212165821.1901300-1-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com fs-verity will read and attach metadata (not the tree itself) from a disk for those inodes which already have fs-verity enabled. Signed-off-by: Andrey Albershteyn --- fs/xfs/xfs_file.c | 8 ++++++++ fs/xfs/xfs_super.c | 2 ++ 2 files changed, 10 insertions(+) diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c index e33e5e13b95f..ed36cd088926 100644 --- a/fs/xfs/xfs_file.c +++ b/fs/xfs/xfs_file.c @@ -31,6 +31,7 @@ #include #include #include +#include static const struct vm_operations_struct xfs_file_vm_ops; @@ -1228,10 +1229,17 @@ xfs_file_open( struct inode *inode, struct file *file) { + int error = 0; + if (xfs_is_shutdown(XFS_M(inode->i_sb))) return -EIO; file->f_mode |= FMODE_NOWAIT | FMODE_BUF_RASYNC | FMODE_BUF_WASYNC | FMODE_DIO_PARALLEL_WRITE | FMODE_CAN_ODIRECT; + + error = fsverity_file_open(inode, file); + if (error) + return error; + return generic_file_open(inode, file); } diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c index b2b6c1f24c42..4737101edab9 100644 --- a/fs/xfs/xfs_super.c +++ b/fs/xfs/xfs_super.c @@ -48,6 +48,7 @@ #include #include #include +#include static const struct super_operations xfs_super_operations; @@ -672,6 +673,7 @@ xfs_fs_destroy_inode( ASSERT(!rwsem_is_locked(&inode->i_rwsem)); XFS_STATS_INC(ip->i_mount, vn_rele); XFS_STATS_INC(ip->i_mount, vn_remove); + fsverity_cleanup_inode(inode); xfs_inode_mark_reclaimable(ip); } From patchwork Mon Feb 12 16:58:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13553730 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0AEFD3FB1E for ; Mon, 12 Feb 2024 17:00:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757223; cv=none; b=MqRzZbsBQ9KPQMFk6VrVKaiwck9tIdMzSifjXb/h/cMZz8b7UO4c833aoyQf0gCtSK9M3xdQ1R4O2j8LOXPAp7uFL5HBimhyLGantm6GuD2+pz94rBVAZjPK9B2GfmZ+eeVWmnyf/hXoF2KuBQkOgMkkmwgwLMmOaAAeHlVbd2k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757223; c=relaxed/simple; bh=vdHiY+5n22LurY8Opd20329Jh2sRmadcybRUqQPyIPs=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=UymugsEeYpX3j5unVJmcPB48t0/mygm/1FaRcxYY93E030oAm+/pydzKJja9MomM2ZKHo3u5VkSgVMycHzeBcDjrx6nlMN0th0ps81ccT+qNSJK2lkYRQ4WUWVXzc8FP8nTf9gRToh1f9WaVHM3HzBLeBtDZ+UrBmEWcldvK91I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=ap0e/sTk; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="ap0e/sTk" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707757221; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dJCZCHIXGjyZyLUGP8rE/I4QvbwAG0uLO2o/5Ew8lzA=; b=ap0e/sTk7myeRYV3c5Cn29+802yQ36dc9mWtSLpOcg1HkNo5Ivg+KajmPMdub6fL5Xw2JV J5fwTlcUCblSyLlE+xk7E6S242HqxSPouHJfCRzXUvmMxmTVaQeShFTQan1d/atUl0pSk1 AQeUNEVMGVLsh2ijN7Yf5ZkY699MkHk= Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-568-kagy7WpWMVajollX8Mg0OA-1; Mon, 12 Feb 2024 12:00:20 -0500 X-MC-Unique: kagy7WpWMVajollX8Mg0OA-1 Received: by mail-ed1-f69.google.com with SMTP id 4fb4d7f45d1cf-55ffcfed2ffso4899509a12.0 for ; Mon, 12 Feb 2024 09:00:19 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707757218; x=1708362018; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dJCZCHIXGjyZyLUGP8rE/I4QvbwAG0uLO2o/5Ew8lzA=; b=flsw12VsqJtax042UQngljrxI3VPh2w4X9aBZjDpMeqEP6ylmX1rMLd24sSj9AGgHb bqFQJEEWX4+XryLRyZZu6iGlOaDV8WQSAvoFQ7Y3YI4iw7fxQLreBjHFYKArIOwXQtl4 QaLz2a+Z0xmw6gDoQTd2EDSngN383rIsy/AnZ7T/o4AGLVclSCkGeQFJQ7mdFo+TXIue FolcyV0lhBVKO5NFrHItC4RlVSzknjkXf3X/u5MT8PPwtt2vHhKaIGAoeCsFjPitJCvq Ocl1OmZXWqPJg9qnjxyaDmmo3ctZSf6LDKo9q5rpS1nwzTUTVxucTeYETq5DG7B1jKkH 6hKw== X-Gm-Message-State: AOJu0YyJF0SV2o/zQeJ8n/lotBIE0uuOIdTAl9DVMPDuQ10wnd/0+flX J68WLPGYZ/uN4ezcq13uZOCIr4jTTB1aPdlr0KVqXdfyhJlWcOvuoPPKe1WEZux/GyJwUOkmIkV UvkpoZGKglCdpIxmaF9Rf6c1Ph/5wIoRNRrnPPoWA6K15T6ax81i0hj41G2FIWl4u+C9q7ZbrKh VOKman24b0SZbPobvV41MPL+fLZqks2ttYyeEI7H8= X-Received: by 2002:a05:6402:194b:b0:55f:d6b9:245f with SMTP id f11-20020a056402194b00b0055fd6b9245fmr81620edz.6.1707757218658; Mon, 12 Feb 2024 09:00:18 -0800 (PST) X-Google-Smtp-Source: AGHT+IEu9oz4kqazMkidIDc3OUaR2AIuDA+GdBkSrnXsXdYN1B/OVQMbeN2XlXF0/dFPIuNCyt2esg== X-Received: by 2002:a05:6402:194b:b0:55f:d6b9:245f with SMTP id f11-20020a056402194b00b0055fd6b9245fmr81598edz.6.1707757218421; Mon, 12 Feb 2024 09:00:18 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCX8qHo9KFTFqx7ffS+BaQUSAi3Ftf56a5RyK3q9a4EYYj9+86aRggYimde3QhhRm33PiYHGgj7kNkzhhEsugmBNpWsi1icmAgylRr/h8p1RapPYuLxTDAlrSRUjc60PQto5qCyrEP3V2pzQKbUURXsWdrlcSV9NVR3+GoKHqeQKhrkIlIb0ivzRDOeqUhRshgvoZj3vznkzGwz47of+OthOjOLnc7ISms8s Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id 14-20020a0564021f4e00b0056176e95a88sm2620261edz.32.2024.02.12.09.00.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Feb 2024 09:00:17 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v4 20/25] xfs: don't allow to enable DAX on fs-verity sealsed inode Date: Mon, 12 Feb 2024 17:58:17 +0100 Message-Id: <20240212165821.1901300-21-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240212165821.1901300-1-aalbersh@redhat.com> References: <20240212165821.1901300-1-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com fs-verity doesn't support DAX. Forbid filesystem to enable DAX on inodes which already have fs-verity enabled. The opposite is checked when fs-verity is enabled, it won't be enabled if DAX is. Signed-off-by: Andrey Albershteyn --- fs/xfs/xfs_iops.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c index 8972274b8bc0..4cf6b317d018 100644 --- a/fs/xfs/xfs_iops.c +++ b/fs/xfs/xfs_iops.c @@ -1214,6 +1214,8 @@ xfs_inode_should_enable_dax( return false; if (!xfs_inode_supports_dax(ip)) return false; + if (ip->i_diflags2 & XFS_DIFLAG2_VERITY) + return false; if (xfs_has_dax_always(ip->i_mount)) return true; if (ip->i_diflags2 & XFS_DIFLAG2_DAX) From patchwork Mon Feb 12 16:58:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13553731 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 489D23FB35 for ; Mon, 12 Feb 2024 17:00:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757225; cv=none; b=m8FUVIlWM+d4mLvWGFTVhD4LMzChgkreOaNGtNXNUkaHi74KaNuSx1kwXMfirj2AMybEyFAXrTKaiOS7XFXtoga9+zbPnThEg5QehDmNsY91jtsmoXMHmdJQ42Bu/YO/SFnvFuJxckX/lrdHhBhW3OGE8ejKVUAKSvxuXAURvZE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757225; c=relaxed/simple; bh=L31YpI5cHGwgxPGXiju5BCSchrSCFM+W/kdnKuUSicg=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=uAJhehZnbTQR92OOb9LzZ1bDtALZ1yFXUPhR3xMwQhsqFqFYk77H5siCAupqRLZcYxa9vi4rtwlVHdzSXFHYf0XMYxOd+kyrb873YFcIrEyOfS5ccMjFDrkCUM3sg67qTBdWNPaHUZELqOEavjPm4VFo8jWlIG/RWkv/ywa/Da0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=C8rKr6pU; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="C8rKr6pU" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707757223; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=v8DMtYJWCVCHSCEWBZfbGi3INfqAeJCCNzs6AgTs1hw=; b=C8rKr6pUq2EyBmE7eLPWRkcudXT7BUc3kZWOdMXsH9AvNI9S5C9XJq7tVysMwEpTnTZahK OIrtLD2h344WSKGQTMNh9LPl5/n09UtuK9CnhjGNosdXaKhGLqGgGWseHC5RtBsLwfPJl+ 8BUzE4fsEdfrUjGHGKZiGUS66ohoOLI= Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-693-iofULLagPymuJ8Nl445yOw-1; Mon, 12 Feb 2024 12:00:21 -0500 X-MC-Unique: iofULLagPymuJ8Nl445yOw-1 Received: by mail-ed1-f70.google.com with SMTP id 4fb4d7f45d1cf-5600ba5a037so28303a12.0 for ; Mon, 12 Feb 2024 09:00:21 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707757220; x=1708362020; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=v8DMtYJWCVCHSCEWBZfbGi3INfqAeJCCNzs6AgTs1hw=; b=pz2A4/dUwEVMtycJocXpml5As7380JgSXl4HH7Pcm22SMge41YYgKKqO0ev2941qyt ZX8ys7nXcYiaAjAvQc4FmvZrAYd0/9CndWkZ6Db7Y0jvu3rGMGMYkg/Z3Bsb3rXsURXp FVwUnP2L5wmtrnud0Xye65/taW43kCVvVxrQJD30ToMzBbJRDtOtOREOwzuiHaoaq8Cs b/txxFpE4R9lMZbE75cx6H0W+gruN0er+RhJQGoaemx8c+uw6GP04R1JCCRkAniKOcnl UhLdm19r97Ufdql+JopA4plJ8PDsJvFZjqZnJ+BvWwj8T10e3xqSUCYWjO4FFwkJL5WN X9Wg== X-Gm-Message-State: AOJu0YyOpkjP2n5SvhxoZEEZMA9p0+4LvNtLKzRkbpPUNxfnwRlAJ8+j 0TavQiSy/ux9XD+uWrL53GUFqjjrwqr7H7i5GCGcL6GpZkKZvbnJK5QN9b+KTUpsl2jNJJwyQum uLpvYYLg9KEQ/+OVnhUlIpuNcgCJ9GBu+H18eEa+mjlBFOgbVhEbyFsdQd4sdOFdhpWGJBqsTnN 4rOBZIj3JKKhXNe4bvzPsf/zZ6ZrYdWMIUw9zTVQE= X-Received: by 2002:aa7:c71a:0:b0:560:4e6:c442 with SMTP id i26-20020aa7c71a000000b0056004e6c442mr4968913edq.1.1707757219988; Mon, 12 Feb 2024 09:00:19 -0800 (PST) X-Google-Smtp-Source: AGHT+IHdqLzEkltOhv90/mdAnBYzqC7IUdmnma0K+szge3JGNVz0tYyEgI2sp8chHtI9P5lmUmCjVA== X-Received: by 2002:aa7:c71a:0:b0:560:4e6:c442 with SMTP id i26-20020aa7c71a000000b0056004e6c442mr4968893edq.1.1707757219573; Mon, 12 Feb 2024 09:00:19 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCV3N3pdtpy2jDzzn9qjG81jBQ/X5sQeRIfOLG26RPUaUSSngS8BpTycQ3WIoFOMcO1xf9fGHYsQ94U8TsvWWVkCU0bbz6k8resLyTmPIDI5OyfbJpA2iDbStA3VZbVuuwCWj0Pl2k/t2JENFurvj357mNiz0AQE7dVAMsSi0pfW6BEUDkievBaQHTIkytdug4eYIOID5DxYHpZ/cNdPZgzsTnz9sQ8Gv1PX Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id 14-20020a0564021f4e00b0056176e95a88sm2620261edz.32.2024.02.12.09.00.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Feb 2024 09:00:18 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v4 21/25] xfs: disable direct read path for fs-verity files Date: Mon, 12 Feb 2024 17:58:18 +0100 Message-Id: <20240212165821.1901300-22-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240212165821.1901300-1-aalbersh@redhat.com> References: <20240212165821.1901300-1-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com The direct path is not supported on verity files. Attempts to use direct I/O path on such files should fall back to buffered I/O path. Signed-off-by: Andrey Albershteyn --- fs/xfs/xfs_file.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c index ed36cd088926..011c311efe22 100644 --- a/fs/xfs/xfs_file.c +++ b/fs/xfs/xfs_file.c @@ -281,7 +281,8 @@ xfs_file_dax_read( struct kiocb *iocb, struct iov_iter *to) { - struct xfs_inode *ip = XFS_I(iocb->ki_filp->f_mapping->host); + struct inode *inode = iocb->ki_filp->f_mapping->host; + struct xfs_inode *ip = XFS_I(inode); ssize_t ret = 0; trace_xfs_file_dax_read(iocb, to); @@ -334,10 +335,18 @@ xfs_file_read_iter( if (IS_DAX(inode)) ret = xfs_file_dax_read(iocb, to); - else if (iocb->ki_flags & IOCB_DIRECT) + else if (iocb->ki_flags & IOCB_DIRECT && !fsverity_active(inode)) ret = xfs_file_dio_read(iocb, to); - else + else { + /* + * In case fs-verity is enabled, we also fallback to the + * buffered read from the direct read path. Therefore, + * IOCB_DIRECT is set and need to be cleared (see + * generic_file_read_iter()) + */ + iocb->ki_flags &= ~IOCB_DIRECT; ret = xfs_file_buffered_read(iocb, to); + } if (ret > 0) XFS_STATS_ADD(mp, xs_read_bytes, ret); From patchwork Mon Feb 12 16:58:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13553732 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8E72A4122D for ; Mon, 12 Feb 2024 17:00:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757228; cv=none; b=jrgp5xSABTu86e3Q8A8i5U2hX1A/i16Wo/gRHsuTajKMpVZ49lGkuXhwuVsMXB0Vrw++GV0AUqDGdDz/7ByXoDQnoGaEQ48+eiu9wQctg4SOYES8nXQwG7/KQgc4XErkcvVjzf91EkC+386D2m0143T1RaGenMUNHu88FKPZJDk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757228; c=relaxed/simple; bh=VnjsHo4Y6j3Os0lRrKhmxm+4dLplQwwZ36sDmgJhpgs=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=Cl6smcqptryFUkX9mIXnB+VdBXJu+h0Qsg6ejB1Vulr+dmIle+ZbLfrsH06aaf94Z8YFxXI5XuZIbIOhr3ZXri0prtGSXRSp3ycZ5/3/A700u4Hqei1eGh9SZ/ytLt5zFqu53vC9PwloL/dyO8JX50mH1N1DsoXRYARfxWetg/8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=Bs+O5bb9; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="Bs+O5bb9" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707757225; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=GzchNGKoFobK7llDJm/tZqiDm2BbLLigfLyOHeOEr7s=; b=Bs+O5bb9rdnzeM8lRR4NkRdKivMD/DAFoG3Z7aJqfZGgDoyMen/2HW95ksKk52tN+pGPHv VnLOUJkGjjwVakMl3WbNSlpU31U8fzW32qOMeKAmg0egOU8Rs+wSy8HOyu3VNDEbxnAjqU ZyCRkPprBOFDHfD0cpNgFC0huAlSbvM= Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-183-MRO3dnZ3PGmIX2f9r2nBAQ-1; Mon, 12 Feb 2024 12:00:24 -0500 X-MC-Unique: MRO3dnZ3PGmIX2f9r2nBAQ-1 Received: by mail-ed1-f69.google.com with SMTP id 4fb4d7f45d1cf-55d71ec6ef3so2348989a12.0 for ; Mon, 12 Feb 2024 09:00:23 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707757221; x=1708362021; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GzchNGKoFobK7llDJm/tZqiDm2BbLLigfLyOHeOEr7s=; b=R9GHvGTtcIiuZB0n95rFZ1JAAyISIozqkUQk6gEkMYb27zqC6eJnf4I1IuFTzCWCyv gT+klYWIsIYzzmb89M8/Q/fzQAC4nrxvCqrOuhVjtvz6ntdbCvMXcHHBeQIkH/e5Y8aM Iv6FEOQqTz9yqmEVFeanT7qg5p9/KbTFazA+qhIN7r2kNYzq6HfAaP3dU/rExnxUnOqI +qLechZFc2w7mn3gjmgYFrkpGhdtcSvuALSf6hbiCaNg/q2UwuZxvFSl3eZbHLF50zcg BxYCJBkEuYekRIv48kD3AInFB1TuHqcspzV+cr6jp43gARoMDumNC5oEHgDss32GPEIJ ZlbQ== X-Gm-Message-State: AOJu0Yw1P9p6xPcBgDxAMzjfzB9Xe/8gNE1yegsd2IipaEvbcZf1EHDK GOuFIl1f7gfQxv3eQyQNUjsPLEcDTQuA0QyJmZj1viQ0qg7PFY2bWN53pvRY7gx2AoNeKG3fhDT vN2U0SKTiXLi3YAdlqGFJR0z4GH2bIUtJ10WwHs9ZOxwmmiIxM8ID/GYd+AZYBjN/m7oGrg5xa6 yU0Zh4N8ektBCWEOQoJrdCHqSoWkxq+Hk76G53jQ8= X-Received: by 2002:a05:6402:1a45:b0:560:c6a8:e7c8 with SMTP id bf5-20020a0564021a4500b00560c6a8e7c8mr5875753edb.10.1707757221430; Mon, 12 Feb 2024 09:00:21 -0800 (PST) X-Google-Smtp-Source: AGHT+IGX39I2I1YFhEWZVMudXvWVUL3MsOgUAoMzpGndxKPXsNLi1R0cCMXNiUVm5TDavI0BmxGdVw== X-Received: by 2002:a05:6402:1a45:b0:560:c6a8:e7c8 with SMTP id bf5-20020a0564021a4500b00560c6a8e7c8mr5875726edb.10.1707757220988; Mon, 12 Feb 2024 09:00:20 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCU0i0lMxRc0jlvJ5/NDg6bCy36fon95WEaDVUEmbuIQA0hXVfSENkhbpbMg2EWtbigkrL1UCdhkgQSUvdY1X686C+jT5WdWrpL9jskq4H8tzsE1mAm1vTS3KyCBvkNcAZbq5yOFmGU/9CTzmhqIcpKBSg+NZRdIERkPinEJ0PzSVuSe+89jHRFJhndpcKEew/iaX6aTSXBSxzpqs9ef0htWlr9NHqS497g9 Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id 14-20020a0564021f4e00b0056176e95a88sm2620261edz.32.2024.02.12.09.00.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Feb 2024 09:00:19 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v4 22/25] xfs: add fs-verity support Date: Mon, 12 Feb 2024 17:58:19 +0100 Message-Id: <20240212165821.1901300-23-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240212165821.1901300-1-aalbersh@redhat.com> References: <20240212165821.1901300-1-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Add integration with fs-verity. The XFS store fs-verity metadata in the extended file attributes. The metadata consist of verity descriptor and Merkle tree blocks. The descriptor is stored under "vdesc" extended attribute. The Merkle tree blocks are stored under binary indexes which are offsets into the Merkle tree. When fs-verity is enabled on an inode, the XFS_IVERITY_CONSTRUCTION flag is set meaning that the Merkle tree is being build. The initialization ends with storing of verity descriptor and setting inode on-disk flag (XFS_DIFLAG2_VERITY). The verification on read is done in read path of iomap. Signed-off-by: Andrey Albershteyn --- fs/xfs/Makefile | 1 + fs/xfs/libxfs/xfs_attr.c | 13 ++ fs/xfs/libxfs/xfs_attr_leaf.c | 17 +- fs/xfs/libxfs/xfs_attr_remote.c | 8 +- fs/xfs/libxfs/xfs_da_format.h | 27 +++ fs/xfs/libxfs/xfs_ondisk.h | 4 + fs/xfs/xfs_inode.h | 3 +- fs/xfs/xfs_super.c | 8 + fs/xfs/xfs_verity.c | 348 ++++++++++++++++++++++++++++++++ fs/xfs/xfs_verity.h | 33 +++ 10 files changed, 455 insertions(+), 7 deletions(-) create mode 100644 fs/xfs/xfs_verity.c create mode 100644 fs/xfs/xfs_verity.h diff --git a/fs/xfs/Makefile b/fs/xfs/Makefile index 8be90c685b0b..207a64f47a71 100644 --- a/fs/xfs/Makefile +++ b/fs/xfs/Makefile @@ -131,6 +131,7 @@ xfs-$(CONFIG_XFS_POSIX_ACL) += xfs_acl.o xfs-$(CONFIG_SYSCTL) += xfs_sysctl.o xfs-$(CONFIG_COMPAT) += xfs_ioctl32.o xfs-$(CONFIG_EXPORTFS_BLOCK_OPS) += xfs_pnfs.o +xfs-$(CONFIG_FS_VERITY) += xfs_verity.o # notify failure ifeq ($(CONFIG_MEMORY_FAILURE),y) diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c index 8e3138af4a5f..21ad25bddd5d 100644 --- a/fs/xfs/libxfs/xfs_attr.c +++ b/fs/xfs/libxfs/xfs_attr.c @@ -27,6 +27,7 @@ #include "xfs_attr_item.h" #include "xfs_xattr.h" #include "xfs_parent.h" +#include "xfs_verity.h" struct kmem_cache *xfs_attr_intent_cache; @@ -1526,6 +1527,18 @@ xfs_attr_namecheck( if (flags & XFS_ATTR_PARENT) return xfs_parent_namecheck(mp, name, length, flags); + if (flags & XFS_ATTR_VERITY) { + /* Merkle tree pages are stored under u64 indexes */ + if (length == sizeof(struct xfs_fsverity_merkle_key)) + return true; + + /* Verity descriptor blocks are held in a named attribute. */ + if (length == XFS_VERITY_DESCRIPTOR_NAME_LEN) + return true; + + return false; + } + /* * MAXNAMELEN includes the trailing null, but (name/length) leave it * out, so use >= for the length check. diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c index 51aa5d5df76c..28274d57ba9b 100644 --- a/fs/xfs/libxfs/xfs_attr_leaf.c +++ b/fs/xfs/libxfs/xfs_attr_leaf.c @@ -29,6 +29,7 @@ #include "xfs_log.h" #include "xfs_ag.h" #include "xfs_errortag.h" +#include "xfs_verity.h" /* @@ -518,7 +519,12 @@ xfs_attr_copy_value( return -ERANGE; } - if (!args->value) { + /* + * We don't want to allocate memory for fs-verity Merkle tree blocks + * (fs-verity descriptor is fine though). They will be stored in + * underlying xfs_buf + */ + if (!args->value && !xfs_verity_merkle_block(args)) { args->value = kvmalloc(valuelen, GFP_KERNEL | __GFP_NOLOCKDEP); if (!args->value) return -ENOMEM; @@ -537,7 +543,14 @@ xfs_attr_copy_value( */ if (!value) return -EINVAL; - memcpy(args->value, value, valuelen); + /* + * We won't copy Merkle tree block to the args->value as we want it be + * in the xfs_buf. And we didn't allocate any memory in args->value. + */ + if (xfs_verity_merkle_block(args)) + args->value = value; + else + memcpy(args->value, value, valuelen); return 0; } diff --git a/fs/xfs/libxfs/xfs_attr_remote.c b/fs/xfs/libxfs/xfs_attr_remote.c index 1d32041412cc..dafb27fb3527 100644 --- a/fs/xfs/libxfs/xfs_attr_remote.c +++ b/fs/xfs/libxfs/xfs_attr_remote.c @@ -22,6 +22,7 @@ #include "xfs_attr_remote.h" #include "xfs_trace.h" #include "xfs_error.h" +#include "xfs_verity.h" #define ATTR_RMTVALUE_MAPSIZE 1 /* # of map entries at once */ @@ -401,11 +402,10 @@ xfs_attr_rmtval_get( ASSERT(args->rmtvaluelen == args->valuelen); /* - * We also check for _OP_BUFFER as we want to trigger on - * verity blocks only, not on verity_descriptor + * For fs-verity we want additional space in the xfs_buf. This space is + * used to copy xattr value without leaf headers (crc header). */ - if (args->attr_filter & XFS_ATTR_VERITY && - args->op_flags & XFS_DA_OP_BUFFER) + if (xfs_verity_merkle_block(args)) flags = XBF_DOUBLE_ALLOC; valuelen = args->rmtvaluelen; diff --git a/fs/xfs/libxfs/xfs_da_format.h b/fs/xfs/libxfs/xfs_da_format.h index 05b82e5b64fa..4d28a64f8cd7 100644 --- a/fs/xfs/libxfs/xfs_da_format.h +++ b/fs/xfs/libxfs/xfs_da_format.h @@ -903,4 +903,31 @@ struct xfs_parent_name_rec { */ #define XFS_PARENT_DIRENT_NAME_MAX_SIZE (MAXNAMELEN - 1) +/* + * fs-verity attribute name format + * + * Merkle tree blocks are stored under extended attributes of the inode. The + * name of the attributes are offsets into merkle tree. + */ +struct xfs_fsverity_merkle_key { + __be64 merkleoff; +}; + +static inline void +xfs_fsverity_merkle_key_to_disk(struct xfs_fsverity_merkle_key *key, loff_t pos) +{ + key->merkleoff = cpu_to_be64(pos); +} + +static inline loff_t +xfs_fsverity_name_to_block_offset(unsigned char *name) +{ + struct xfs_fsverity_merkle_key key = { + .merkleoff = *(__be64 *)name + }; + loff_t offset = be64_to_cpu(key.merkleoff); + + return offset; +} + #endif /* __XFS_DA_FORMAT_H__ */ diff --git a/fs/xfs/libxfs/xfs_ondisk.h b/fs/xfs/libxfs/xfs_ondisk.h index 81885a6a028e..39209943c474 100644 --- a/fs/xfs/libxfs/xfs_ondisk.h +++ b/fs/xfs/libxfs/xfs_ondisk.h @@ -194,6 +194,10 @@ xfs_check_ondisk_structs(void) XFS_CHECK_VALUE(XFS_DQ_BIGTIME_EXPIRY_MIN << XFS_DQ_BIGTIME_SHIFT, 4); XFS_CHECK_VALUE(XFS_DQ_BIGTIME_EXPIRY_MAX << XFS_DQ_BIGTIME_SHIFT, 16299260424LL); + + /* fs-verity descriptor xattr name */ + XFS_CHECK_VALUE(strlen(XFS_VERITY_DESCRIPTOR_NAME), + XFS_VERITY_DESCRIPTOR_NAME_LEN); } #endif /* __XFS_ONDISK_H */ diff --git a/fs/xfs/xfs_inode.h b/fs/xfs/xfs_inode.h index 97f63bacd4c2..97fa5155fcba 100644 --- a/fs/xfs/xfs_inode.h +++ b/fs/xfs/xfs_inode.h @@ -342,7 +342,8 @@ static inline bool xfs_inode_has_large_extent_counts(struct xfs_inode *ip) * inactivation completes, both flags will be cleared and the inode is a * plain old IRECLAIMABLE inode. */ -#define XFS_INACTIVATING (1 << 13) +#define XFS_INACTIVATING (1 << 13) +#define XFS_IVERITY_CONSTRUCTION (1 << 14) /* merkle tree construction */ /* Quotacheck is running but inode has not been added to quota counts. */ #define XFS_IQUOTAUNCHECKED (1 << 14) diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c index 4737101edab9..3bb4dba3f1ca 100644 --- a/fs/xfs/xfs_super.c +++ b/fs/xfs/xfs_super.c @@ -30,6 +30,7 @@ #include "xfs_filestream.h" #include "xfs_quota.h" #include "xfs_sysfs.h" +#include "xfs_verity.h" #include "xfs_ondisk.h" #include "xfs_rmap_item.h" #include "xfs_refcount_item.h" @@ -1531,6 +1532,9 @@ xfs_fs_fill_super( sb->s_quota_types = QTYPE_MASK_USR | QTYPE_MASK_GRP | QTYPE_MASK_PRJ; #endif sb->s_op = &xfs_super_operations; +#ifdef CONFIG_FS_VERITY + sb->s_vop = &xfs_verity_ops; +#endif /* * Delay mount work if the debug hook is set. This is debug @@ -1740,6 +1744,10 @@ xfs_fs_fill_super( goto out_filestream_unmount; } + if (xfs_has_verity(mp)) + xfs_alert(mp, + "EXPERIMENTAL fs-verity feature in use. Use at your own risk!"); + error = xfs_mountfs(mp); if (error) goto out_filestream_unmount; diff --git a/fs/xfs/xfs_verity.c b/fs/xfs/xfs_verity.c new file mode 100644 index 000000000000..dfa05cf6518c --- /dev/null +++ b/fs/xfs/xfs_verity.c @@ -0,0 +1,348 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 Red Hat, Inc. + */ +#include "xfs.h" +#include "xfs_shared.h" +#include "xfs_format.h" +#include "xfs_da_format.h" +#include "xfs_da_btree.h" +#include "xfs_trans_resv.h" +#include "xfs_mount.h" +#include "xfs_inode.h" +#include "xfs_log_format.h" +#include "xfs_attr.h" +#include "xfs_verity.h" +#include "xfs_bmap_util.h" +#include "xfs_log_format.h" +#include "xfs_trans.h" +#include "xfs_attr_leaf.h" + +/* + * Make fs-verity invalidate verified status of Merkle tree block + */ +static void +xfs_verity_put_listent( + struct xfs_attr_list_context *context, + int flags, + unsigned char *name, + int namelen, + int valuelen) +{ + /* + * Verity descriptor is smaller than 1024; verity block min size is + * 1024. Exclude verity descriptor + */ + if (valuelen < 1024) + return; + + fsverity_invalidate_range(VFS_I(context->dp), + xfs_fsverity_name_to_block_offset(name), + valuelen); +} + +/* + * Iterate over extended attributes in the bp to invalidate Merkle tree blocks + */ +static int +xfs_invalidate_blocks( + struct xfs_inode *ip, + struct xfs_buf *bp) +{ + struct xfs_attr_list_context context; + + memset(&context, 0, sizeof(context)); + context.dp = ip; + context.resynch = 0; + context.buffer = NULL; + context.bufsize = 0; + context.firstu = 0; + context.attr_filter = XFS_ATTR_VERITY; + context.put_listent = xfs_verity_put_listent; + + return xfs_attr3_leaf_list_int(bp, &context); +} + +static int +xfs_get_verity_descriptor( + struct inode *inode, + void *buf, + size_t buf_size) +{ + struct xfs_inode *ip = XFS_I(inode); + int error = 0; + struct xfs_da_args args = { + .dp = ip, + .attr_filter = XFS_ATTR_VERITY, + .name = (const uint8_t *)XFS_VERITY_DESCRIPTOR_NAME, + .namelen = XFS_VERITY_DESCRIPTOR_NAME_LEN, + .value = buf, + .valuelen = buf_size, + }; + + /* + * The fact that (returned attribute size) == (provided buf_size) is + * checked by xfs_attr_copy_value() (returns -ERANGE) + */ + error = xfs_attr_get(&args); + if (error) + return error; + + return args.valuelen; +} + +static int +xfs_begin_enable_verity( + struct file *filp) +{ + struct inode *inode = file_inode(filp); + struct xfs_inode *ip = XFS_I(inode); + int error = 0; + + ASSERT(xfs_isilocked(ip, XFS_IOLOCK_EXCL)); + + if (IS_DAX(inode)) + return -EINVAL; + + if (xfs_iflags_test_and_set(ip, XFS_IVERITY_CONSTRUCTION)) + return -EBUSY; + + return error; +} + +static int +xfs_drop_merkle_tree( + struct xfs_inode *ip, + u64 merkle_tree_size, + unsigned int tree_blocksize) +{ + struct xfs_fsverity_merkle_key name; + int error = 0; + u64 offset = 0; + struct xfs_da_args args = { + .dp = ip, + .whichfork = XFS_ATTR_FORK, + .attr_filter = XFS_ATTR_VERITY, + .op_flags = XFS_DA_OP_REMOVE, + .namelen = sizeof(struct xfs_fsverity_merkle_key), + /* NULL value make xfs_attr_set remove the attr */ + .value = NULL, + }; + + if (!merkle_tree_size) + return 0; + + args.name = (const uint8_t *)&name.merkleoff; + for (offset = 0; offset < merkle_tree_size; offset += tree_blocksize) { + xfs_fsverity_merkle_key_to_disk(&name, offset); + error = xfs_attr_set(&args); + if (error) + return error; + } + + args.name = (const uint8_t *)XFS_VERITY_DESCRIPTOR_NAME; + args.namelen = XFS_VERITY_DESCRIPTOR_NAME_LEN; + error = xfs_attr_set(&args); + + return error; +} + +static int +xfs_end_enable_verity( + struct file *filp, + const void *desc, + size_t desc_size, + u64 merkle_tree_size, + unsigned int tree_blocksize) +{ + struct inode *inode = file_inode(filp); + struct xfs_inode *ip = XFS_I(inode); + struct xfs_mount *mp = ip->i_mount; + struct xfs_trans *tp; + struct xfs_da_args args = { + .dp = ip, + .whichfork = XFS_ATTR_FORK, + .attr_filter = XFS_ATTR_VERITY, + .attr_flags = XATTR_CREATE, + .name = (const uint8_t *)XFS_VERITY_DESCRIPTOR_NAME, + .namelen = XFS_VERITY_DESCRIPTOR_NAME_LEN, + .value = (void *)desc, + .valuelen = desc_size, + }; + int error = 0; + + ASSERT(xfs_isilocked(ip, XFS_IOLOCK_EXCL)); + + /* fs-verity failed, just cleanup */ + if (desc == NULL) + goto out; + + error = xfs_attr_set(&args); + if (error) + goto out; + + /* Set fsverity inode flag */ + error = xfs_trans_alloc_inode(ip, &M_RES(mp)->tr_ichange, + 0, 0, false, &tp); + if (error) + goto out; + + /* + * Ensure that we've persisted the verity information before we enable + * it on the inode and tell the caller we have sealed the inode. + */ + ip->i_diflags2 |= XFS_DIFLAG2_VERITY; + + xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); + xfs_trans_set_sync(tp); + + error = xfs_trans_commit(tp); + xfs_iunlock(ip, XFS_ILOCK_EXCL); + + if (!error) + inode->i_flags |= S_VERITY; + +out: + if (error) + WARN_ON_ONCE(xfs_drop_merkle_tree(ip, merkle_tree_size, + tree_blocksize)); + + xfs_iflags_clear(ip, XFS_IVERITY_CONSTRUCTION); + return error; +} + +static int +xfs_read_merkle_tree_block( + struct inode *inode, + u64 pos, + struct fsverity_blockbuf *block, + unsigned int log_blocksize, + u64 ra_bytes) +{ + struct xfs_inode *ip = XFS_I(inode); + struct xfs_fsverity_merkle_key name; + int error = 0; + struct xfs_da_args args = { + .dp = ip, + .attr_filter = XFS_ATTR_VERITY, + .op_flags = XFS_DA_OP_BUFFER, + .namelen = sizeof(struct xfs_fsverity_merkle_key), + .valuelen = (1 << log_blocksize), + }; + xfs_fsverity_merkle_key_to_disk(&name, pos); + args.name = (const uint8_t *)&name.merkleoff; + + error = xfs_attr_get(&args); + if (error) + goto out; + + if (!args.valuelen) + return -ENODATA; + + /* + * The more detailed reasoning for the memory barriers below is the same + * as described in fsverity_invalidate_page(). Memory barriers are used + * to force operation ordering on clearing bitmap in + * fsverity_invalidate_range() and settings XBF_VERITY_SEEN flag. But as + * XFS doesn't use neither PAGEs to store the blocks nor PG_checked that + * function can not be used directly. + */ + if (!(args.bp->b_flags & XBF_VERITY_SEEN)) { + /* + * A read memory barrier is needed here to give ACQUIRE + * semantics to the above check. + */ + smp_rmb(); + /* + * fs-verity is not aware if buffer was evicted from the memory. + * Make fs-verity invalidate verfied status of all blocks in the + * buffer. + * + * Single extended attribute can contain multiple Merkle tree + * blocks: + * - leaf with inline data -> invalidate all blocks in the leaf + * - remote value -> invalidate single block + * + * For example, leaf on 64k system with 4k/1k filesystem will + * contain multiple Merkle tree blocks. + * + * Only remote value buffers would have XBF_DOUBLE_ALLOC flag + */ + if (args.bp->b_flags & XBF_DOUBLE_ALLOC) + fsverity_invalidate_range(inode, pos, args.valuelen); + else { + error = xfs_invalidate_blocks(ip, args.bp); + if (error) + goto out; + } + } + + /* + * A write memory barrier is needed here to give RELEASE + * semantics to the below flag. + */ + smp_wmb(); + args.bp->b_flags |= XBF_VERITY_SEEN; + + block->kaddr = args.value; + block->size = args.valuelen; + block->context = args.bp; + + return error; + +out: + kmem_free(args.value); + if (args.bp) + xfs_buf_rele(args.bp); + return error; +} + +static int +xfs_write_merkle_tree_block( + struct inode *inode, + const void *buf, + u64 pos, + unsigned int size) +{ + struct xfs_inode *ip = XFS_I(inode); + struct xfs_fsverity_merkle_key name; + struct xfs_da_args args = { + .dp = ip, + .whichfork = XFS_ATTR_FORK, + .attr_filter = XFS_ATTR_VERITY, + .attr_flags = XATTR_CREATE, + .namelen = sizeof(struct xfs_fsverity_merkle_key), + .value = (void *)buf, + .valuelen = size, + }; + + xfs_fsverity_merkle_key_to_disk(&name, pos); + args.name = (const uint8_t *)&name.merkleoff; + + return xfs_attr_set(&args); +} + +static void +xfs_drop_block( + struct fsverity_blockbuf *block) +{ + struct xfs_buf *bp; + + ASSERT(block != NULL); + bp = (struct xfs_buf *)block->context; + + ASSERT(bp->b_flags & XBF_VERITY_SEEN); + + xfs_buf_rele(bp); + + kunmap_local(block->kaddr); +} + +const struct fsverity_operations xfs_verity_ops = { + .begin_enable_verity = &xfs_begin_enable_verity, + .end_enable_verity = &xfs_end_enable_verity, + .get_verity_descriptor = &xfs_get_verity_descriptor, + .read_merkle_tree_block = &xfs_read_merkle_tree_block, + .write_merkle_tree_block = &xfs_write_merkle_tree_block, + .drop_block = &xfs_drop_block, +}; diff --git a/fs/xfs/xfs_verity.h b/fs/xfs/xfs_verity.h new file mode 100644 index 000000000000..0de6c66fdb1a --- /dev/null +++ b/fs/xfs/xfs_verity.h @@ -0,0 +1,33 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2022 Red Hat, Inc. + */ +#ifndef __XFS_VERITY_H__ +#define __XFS_VERITY_H__ + +#include "xfs.h" +#include "xfs_da_format.h" +#include "xfs_da_btree.h" +#include + +#define XFS_VERITY_DESCRIPTOR_NAME "vdesc" +#define XFS_VERITY_DESCRIPTOR_NAME_LEN 5 + +static inline bool +xfs_verity_merkle_block( + struct xfs_da_args *args) +{ + if (!(args->attr_filter & XFS_ATTR_VERITY)) + return false; + + if (!(args->op_flags & XFS_DA_OP_BUFFER)) + return false; + + return true; +} + +#ifdef CONFIG_FS_VERITY +extern const struct fsverity_operations xfs_verity_ops; +#endif /* CONFIG_FS_VERITY */ + +#endif /* __XFS_VERITY_H__ */ From patchwork Mon Feb 12 16:58:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13553733 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 13C1B45013 for ; Mon, 12 Feb 2024 17:00:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757229; cv=none; b=J6eAwYyVYFqLdtueACvPipaP9pMyMaj3zSiyTp+6v7MgdupXUq+82cHdQIkVndtIS8ytGwbRpVu81eXh0Ic75Ry08/XtINZURV/bio9XZ6Y2Ob2bbVuElBRnHL8JMDjcaa1B546sHcrYVxMnkZJ6PxOvtrhxVx06fkPsaRkD+Uo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757229; c=relaxed/simple; bh=QdzJQ1kBU4GhtNmWFv/v5q2u9OPK6bqQ8YoEEN+UHm4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=Yll1mSirsmEAMPtFYkDfAhM6ZmPqll5oG+qYoN2v4uTpwyckAlfXiKt4XwgqAhQDy/pszfPGrCYdV4+PdQ3tWvKHoP1SZmdTuOIXzzGhmQZM3gKvHpDzyiTwwQ1HDZQfBZEtdpL8/H7/kVqN6dqM7TjKobhtJlcRt+bW4UsARpQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=XbJaHOXN; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="XbJaHOXN" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707757227; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CCVu6C3sA7ElU4nB0aYXUKm+yvCdjGTpJNzXHRX3ZOA=; b=XbJaHOXNUq3o7GMO2lNM7RZ2Yl6zki9XWShtu2ISxvBOGXb92NbOJ9PqRIWEP7MaINn1XI tS3g79+CCTuyiHJ10WzboXgM59E3I/J736/y5ZYtqBw1XuYPRk0KzQNmwS1D8TI8lNjsjU ChNrjTRI+BL7nUhZgtKVXgGi92xaIF0= Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-632-vMn35QFpP4KX1o1X0HYFPA-1; Mon, 12 Feb 2024 12:00:25 -0500 X-MC-Unique: vMn35QFpP4KX1o1X0HYFPA-1 Received: by mail-ed1-f70.google.com with SMTP id 4fb4d7f45d1cf-56001d4c9c8so2107869a12.0 for ; Mon, 12 Feb 2024 09:00:25 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707757223; x=1708362023; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CCVu6C3sA7ElU4nB0aYXUKm+yvCdjGTpJNzXHRX3ZOA=; b=N/rVf/gic+1RVrqABCbrprnnm+dlBMAxfpPIQRYXZU65OZwFRMaTGeM5I20/pMQnI4 W5tuL7I22V3oBCH4R56jwV4MJBBULBbq8DHLGn5gIn8gEgHHzgi580ELbV5PnSawqn+i 0jDyFAunqDRp5AEoYOKTPs0TW+kYTTbGJditlfnzwjgo1zNoWeoyxpOxMtpdN6bheHAQ E0PLSVqDiwDaPB7Eh+zGnYwnt3CzfdHpOhu/6t7AL3Rm8HnMB+fM64OUuxaNuzR/xCOq yvbufU8YLn/R2LQPbZ7RC4lHlsHK3GgGEf8Vth3/PNDq0YM1tqhPe98vELpOmQpoZyy1 hjsA== X-Gm-Message-State: AOJu0Yyz64VJHTbfb+xl/GMsw/dGiPNNEqAeF+G3yLSDNzL762K93jXO JLezT6MpW82cFPUBQFuq7nbcNxJnwWWuIFirjMbjT01a7OhsnHonIr68iWiRzLOuOGdAbWigiqR ByDANLQyE4ueUt5dTbrtOz+/Tbsm2HyrbUDIV1aas0YoMCf01oAn+Bs6rm9Z+c8Vhvg9y/74Eqn X77lip4EDzEVsDxxHkILyd7JJmBHWtFKNkXxKUfac= X-Received: by 2002:a50:fa86:0:b0:55f:fd61:b08f with SMTP id w6-20020a50fa86000000b0055ffd61b08fmr5444435edr.4.1707757223252; Mon, 12 Feb 2024 09:00:23 -0800 (PST) X-Google-Smtp-Source: AGHT+IGX4QsV2jwPgEK3ppOb+fAmuTGxzi5pj46ICsgxsM5V1RWud/SUlTZ9QaiHLZpC1sd63X9YYw== X-Received: by 2002:a50:fa86:0:b0:55f:fd61:b08f with SMTP id w6-20020a50fa86000000b0055ffd61b08fmr5444416edr.4.1707757223016; Mon, 12 Feb 2024 09:00:23 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCVbixGwNn2/iQes+rCvgVp/F3RjBSehosjFCAIvdLXWSMONtUscMUhdVZvz2ojDIXeQtTNHdhZ8OVZwgnN/hd7k6GmI5Ryp54qW3fmznAn2ASgRznKnI1XzfIgGrVB3dwYWfYVzmpZ0hy2OW2vDHkBCu2jmZU1UIQXfV1xRLXQkWg38QoXASDkPImLM3obGk9jg3wyKszAXbZUxea+dMcCgzt2VQyuH8wp/ Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id 14-20020a0564021f4e00b0056176e95a88sm2620261edz.32.2024.02.12.09.00.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Feb 2024 09:00:22 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v4 23/25] xfs: make scrub aware of verity dinode flag Date: Mon, 12 Feb 2024 17:58:20 +0100 Message-Id: <20240212165821.1901300-24-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240212165821.1901300-1-aalbersh@redhat.com> References: <20240212165821.1901300-1-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com fs-verity adds new inode flag which causes scrub to fail as it is not yet known. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong --- fs/xfs/scrub/attr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/xfs/scrub/attr.c b/fs/xfs/scrub/attr.c index 9a1f59f7b5a4..ae4227cb55ec 100644 --- a/fs/xfs/scrub/attr.c +++ b/fs/xfs/scrub/attr.c @@ -494,7 +494,7 @@ xchk_xattr_rec( /* Retrieve the entry and check it. */ hash = be32_to_cpu(ent->hashval); badflags = ~(XFS_ATTR_LOCAL | XFS_ATTR_ROOT | XFS_ATTR_SECURE | - XFS_ATTR_INCOMPLETE | XFS_ATTR_PARENT); + XFS_ATTR_INCOMPLETE | XFS_ATTR_PARENT | XFS_ATTR_VERITY); if ((ent->flags & badflags) != 0) xchk_da_set_corrupt(ds, level); if (ent->flags & XFS_ATTR_LOCAL) { From patchwork Mon Feb 12 16:58:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13553734 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 040F13E498 for ; Mon, 12 Feb 2024 17:00:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757230; cv=none; b=ZctG0Nx6UoSG0b25g0kh9uoUlYq4U4PfxEIMIwa8xP3Q3A4eUJ7aPKASd7k1x3+x7bzgjU/7LYHZ2Z1ae87hku13t5BfWcXvv39w6zeNeGkZeBPvcNhP12fl3VwwSKMuQx81qgNq8QEueHb1AtOFtvg6fbEAjzYxG6w/mD/quwc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757230; c=relaxed/simple; bh=3huMSuptuBha2CwG1y0/SfdkyV9jIivWktDsQLKbc70=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=TFne0q/x7nY7T2jwuEdQ9BFiStzxDRXFS/MGYAwb9/b/eoy0nNL6ecnoXMbVR6xs0Oh1l7GhvtZW4rFKy6sc+6YMCdvZYgkJvcSgJ8s8Lk1L8O7D3gGfy1U/DPhS7c6a2xY9r6R3+//qIMBGOIRs49zIpEMQ0Aw/WUtAJy6wlRY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=UKI/ZdQm; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="UKI/ZdQm" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707757227; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=O/7GvRpwmqndoF+ccNvwmWywMN3/sSl/624LXUp5jis=; b=UKI/ZdQmDpqBfHoLx3kEan5RjR1cmftdk25hFTKub/EOF1/gzvH/CP9EQhk/raFpqTFBhB nfZ/jk/gRqImpjDAxc8XjDLQczuBsvT+h2aXoWQQP90dTptDvdxifdjpw3XE72w1IuXRYU z4XSoPHWQNbk+glEQjQZZ012nWoaMEQ= Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-582-fFXsVtOAPjay9O7vuh1j3g-1; Mon, 12 Feb 2024 12:00:25 -0500 X-MC-Unique: fFXsVtOAPjay9O7vuh1j3g-1 Received: by mail-ed1-f70.google.com with SMTP id 4fb4d7f45d1cf-55ffcfed2ffso4899624a12.0 for ; Mon, 12 Feb 2024 09:00:25 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707757224; x=1708362024; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=O/7GvRpwmqndoF+ccNvwmWywMN3/sSl/624LXUp5jis=; b=R+Ilv7hOhXYkjRjyLOoLOI46+uwdelT6iCDlGaGENeefzVKHUfphmpVYE7aGtw3rRR C6vYbqLbu9s6kocbtATyJF6c805DrUZEW+Sp5bZ6mfBuribvol3Dpj/Rxn2x8n1m3qAT FQbjppkW7kH4A0sNLxA/68JLhGWgidfNHnn6zvYPCZshkpbYtOCLTSyzMCm2Ri8T5iCu 72twDCQaQxGREpoJ+akNn6HVcdMrPJOV197gvffJFxMyQQnCKGZro+EwTS4HfFDBS0qY VMSUeo3g/CYqaq2QmOmlusViAWIB/kkCPXn1T7UsjgZzDzWq1e5TxlHnaOr4IpkGkImG 8vhw== X-Gm-Message-State: AOJu0YyJBLsoxm57UDtxOm5l4XJU55gZzpGbkZWg9PJ9kt2UV8HkZ0ID 6Lac1dHCBSgC0Vo3ItZBXz/X1qPFXiCWbqDO01tCMS06BUgEvNjntn5B5OED/tB+YhfvPKzyONw HA2csOLiAkOhiC8vzoARNHKWYEI9x9yxcNxGAPxibViTuq+KvqWsrQJO0ZbZZtVLbM9/1yXEFyQ PJDq+igFUm9p/oemRf8IgAQdtlVQfzGnHL0DL22s4= X-Received: by 2002:a05:6402:2405:b0:55f:cc6d:29b5 with SMTP id t5-20020a056402240500b0055fcc6d29b5mr52474eda.21.1707757224368; Mon, 12 Feb 2024 09:00:24 -0800 (PST) X-Google-Smtp-Source: AGHT+IH42HIFL/dxKgR7EyOrBhc7xXCpi26qG+Fua//JDh3CFnZGhulP1ThwFDEDHGR3MncapDV1sg== X-Received: by 2002:a05:6402:2405:b0:55f:cc6d:29b5 with SMTP id t5-20020a056402240500b0055fcc6d29b5mr52460eda.21.1707757224085; Mon, 12 Feb 2024 09:00:24 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCUY6g9lFbfToZ6KmsvUog3OF70TqTeRgGoC22qmpr2jCPKLvbuFVjIq05EHMUe49MvRMFzVuy29Mh6GJIT6KrIM8cjQ7qF2q5tZa1yNTy1oj9j/AInK7bE+csVY6aVl+btLiGQ+1+sPxkGqT/bsGmYuD94elGcJQZvp0Mbu/COh91A4Guz98UtLS/1F6UUbm+YLFurg6FjBkxzzLYFk5j8Y18gMWHLOeKMK Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id 14-20020a0564021f4e00b0056176e95a88sm2620261edz.32.2024.02.12.09.00.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Feb 2024 09:00:23 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v4 24/25] xfs: add fs-verity ioctls Date: Mon, 12 Feb 2024 17:58:21 +0100 Message-Id: <20240212165821.1901300-25-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240212165821.1901300-1-aalbersh@redhat.com> References: <20240212165821.1901300-1-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Add fs-verity ioctls to enable, dump metadata (descriptor and Merkle tree pages) and obtain file's digest. Signed-off-by: Andrey Albershteyn --- fs/xfs/xfs_ioctl.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c index 048d83acda0a..5d64e11bf056 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c @@ -43,6 +43,7 @@ #include #include #include +#include /* * xfs_find_handle maps from userspace xfs_fsop_handlereq structure to @@ -2174,6 +2175,22 @@ xfs_file_ioctl( return error; } + case FS_IOC_ENABLE_VERITY: + if (!xfs_has_verity(mp)) + return -EOPNOTSUPP; + return fsverity_ioctl_enable(filp, (const void __user *)arg); + + case FS_IOC_MEASURE_VERITY: + if (!xfs_has_verity(mp)) + return -EOPNOTSUPP; + return fsverity_ioctl_measure(filp, (void __user *)arg); + + case FS_IOC_READ_VERITY_METADATA: + if (!xfs_has_verity(mp)) + return -EOPNOTSUPP; + return fsverity_ioctl_read_metadata(filp, + (const void __user *)arg); + default: return -ENOTTY; } From patchwork Mon Feb 12 16:58:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Albershteyn X-Patchwork-Id: 13553735 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 051D745013 for ; Mon, 12 Feb 2024 17:00:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757231; cv=none; b=K9wkxbSTDU6SmDQ1Ujvuiq3sL9qq8gIH60aGUc4J2mKnPiOAsqOXZLIpuzw/L9ONJpk3KEBJrBiMpkmWvpJ1I8FLuo2ZbNQrawN3/PAwjuxoUbblaBrtAzIax/KL8cpQbtgk9WOnTtrZOU5NUZ2RbwGbIOpthEtAC53hGf/5YPM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707757231; c=relaxed/simple; bh=YOeOw6KtPMpEfhCDXm/Z9NhM8n2QAyzwIfav1+RaVLc=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=IKlan81whUEHZY6ez38VgoCdkfhv5bj1IxddQWspV3uSz3NQl8SZkb3xxfQJT7u0YHe8wGVRNL2qllXi/x3zapzj4XCb3yAaih6WIBfqnmawdLDSND52nhWdjbLGCIoiurikAN1R585A0D/AGTsHTEOHOJE10qO3s97yPgFebDI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=D8SJIVfV; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="D8SJIVfV" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707757228; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9e7oB1ZKkqE1/ExZ0FRyhaGlyLumWOw/BjQhwlJ8uVw=; b=D8SJIVfVyRBGIqAupBgBX8OPYClhiuWiQBVKKB8VR0AjLRH46qNMYDLQQVdJw545M4xu7o e4OW7mvf+5s0kk5guX6Pk+xT6IuxiNGnSZWiOG4TWd+JzmTQriG5Cu8z53c7COM9PEM2Uf JehmSz8GlQF7T0j9P1ZhFaOo/iXO/74= Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-621-t-VyfkarNEiSMOREYKaUbg-1; Mon, 12 Feb 2024 12:00:26 -0500 X-MC-Unique: t-VyfkarNEiSMOREYKaUbg-1 Received: by mail-ed1-f70.google.com with SMTP id 4fb4d7f45d1cf-5613caa5f21so1760428a12.3 for ; Mon, 12 Feb 2024 09:00:26 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707757225; x=1708362025; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9e7oB1ZKkqE1/ExZ0FRyhaGlyLumWOw/BjQhwlJ8uVw=; b=kyreZLlTcyBIXqUHIr36jbVc/qzPqaacnMXByMRdOjT1z7+bi0N/nDko6JCyaOBwSq T83P3prlnG63gKeNAv/J7izDySo3erXcLI93jkbjknM3VZS4/2VqIHC94pqPOT0oZV5l 8ovicMMISIgJuw0WhrzBXz7hzuPTJN/dx4zj1vzv5mxphXVWSwG3oKVJXUdWwxvLEgII dubsD6AwGxE15XaY2+BMY1ykMZk85x9ncK9AMsTILTmZqPn+54K37L1kfMa7RQBVIQHc 8xoowQilmy45OJEgj17o7PEbXTuN9I1EKmBCOkSNobLHuTb+p4q9Yx9bsu9LKMYW7be3 t4GA== X-Gm-Message-State: AOJu0Yy/o2IWpwd4iO5Wq+LSrUmTmWaWCnupa563zs0bIL3KheTwSCPr sbuUTZi9nxLaW/yag/5lZDqAubXWrEwNLJkzLV3YBWhNX5DX2xm9j8aHR82lN7mYDmo4m+0wmap nbRmO+X4ce1oxPtsQ0iR3aqhbX4N2G0j4SX+RXOD9A9deZmu4Z/MjGRoxDyL2rEPFXKsmS+USUy 9g3QXCkAY24ba3lDWSw4bMJxnOEbEcycxDZISMF10= X-Received: by 2002:a05:6402:b86:b0:561:8bc4:b05f with SMTP id cf6-20020a0564020b8600b005618bc4b05fmr3774687edb.0.1707757225384; Mon, 12 Feb 2024 09:00:25 -0800 (PST) X-Google-Smtp-Source: AGHT+IFvE/KNVEA8sjxOeGFkeZw+80fBpxWhXZhf/YA0PJnuhaTIDH6fJT1TzvZ1+/5L6O1QV86bRA== X-Received: by 2002:a05:6402:b86:b0:561:8bc4:b05f with SMTP id cf6-20020a0564020b8600b005618bc4b05fmr3774674edb.0.1707757225103; Mon, 12 Feb 2024 09:00:25 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCUxhzEnZsbrIW5ntwlAso9rR1RXR6wMwsKLEZAURItKAlHxOTZpXXk//KErSQyBEO5t4xpAXZ0vDqA8X2RcFIRn9WnYwXDIqu0P7/Uu3jI+3Xltem4uDRgS1XTxukmgySaw5GZN7IDa1Vy6tlSgmkVRkyb2IOkF9bpHxYkammVkHBpqRcckWFuXKg8cP+kXzYsWYvz3HRagDyByWyBO6s3AHde6Xr/froZ0 Received: from thinky.redhat.com ([109.183.6.197]) by smtp.gmail.com with ESMTPSA id 14-20020a0564021f4e00b0056176e95a88sm2620261edz.32.2024.02.12.09.00.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Feb 2024 09:00:24 -0800 (PST) From: Andrey Albershteyn To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, chandan.babu@oracle.com, djwong@kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn Subject: [PATCH v4 25/25] xfs: enable ro-compat fs-verity flag Date: Mon, 12 Feb 2024 17:58:22 +0100 Message-Id: <20240212165821.1901300-26-aalbersh@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240212165821.1901300-1-aalbersh@redhat.com> References: <20240212165821.1901300-1-aalbersh@redhat.com> Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Finalize fs-verity integration in XFS by making kernel fs-verity aware with ro-compat flag. Signed-off-by: Andrey Albershteyn --- fs/xfs/libxfs/xfs_format.h | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/fs/xfs/libxfs/xfs_format.h b/fs/xfs/libxfs/xfs_format.h index ea78b595aa97..0cb5bf9142b7 100644 --- a/fs/xfs/libxfs/xfs_format.h +++ b/fs/xfs/libxfs/xfs_format.h @@ -355,10 +355,11 @@ xfs_sb_has_compat_feature( #define XFS_SB_FEAT_RO_COMPAT_INOBTCNT (1 << 3) /* inobt block counts */ #define XFS_SB_FEAT_RO_COMPAT_VERITY (1 << 4) /* fs-verity */ #define XFS_SB_FEAT_RO_COMPAT_ALL \ - (XFS_SB_FEAT_RO_COMPAT_FINOBT | \ - XFS_SB_FEAT_RO_COMPAT_RMAPBT | \ - XFS_SB_FEAT_RO_COMPAT_REFLINK| \ - XFS_SB_FEAT_RO_COMPAT_INOBTCNT) + (XFS_SB_FEAT_RO_COMPAT_FINOBT | \ + XFS_SB_FEAT_RO_COMPAT_RMAPBT | \ + XFS_SB_FEAT_RO_COMPAT_REFLINK | \ + XFS_SB_FEAT_RO_COMPAT_INOBTCNT| \ + XFS_SB_FEAT_RO_COMPAT_VERITY) #define XFS_SB_FEAT_RO_COMPAT_UNKNOWN ~XFS_SB_FEAT_RO_COMPAT_ALL static inline bool xfs_sb_has_ro_compat_feature(