From patchwork Tue Apr 30 03:31:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648087 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 92D1A10A0C; Tue, 30 Apr 2024 03:31:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714447869; cv=none; b=OcHfOafOLqdV0hQbiMTo+/jLNkN0tvsQhLoq7vXRIgri48Lf9AtrJdFFhhgMlhTf4RI8uwHmqxIkjGuoNUi3h9PtZQ5W3FZcWjgbct1QqaLrAYcXI0w0BvdBbk/dhhUd75QWe6XnhRx6REFzs5p+2NS37tcpU2kvxE1bG3IGIP8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714447869; c=relaxed/simple; bh=eoOuwQplEfTtqp6x6BmwFhj00mBNeG6r5IEbVognfrg=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=HEkqN2wrFAdRz6wWg6fCmqRt6ttC3m4I7lyOLxDGOMY7qewB48SqT0xGwRkPHqatLzeD0puOOYgMonXbR8bnCZSrhW8fQtQbpOOFsxv6RMnlgeez35ubfhTeXyiRFGyfn+oPqkWIgpf8diss/7E7rFzmuZLNS+oQwe46kk+ZHU0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=dpH9qhw9; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="dpH9qhw9" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1ECDAC116B1; Tue, 30 Apr 2024 03:31:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714447869; bh=eoOuwQplEfTtqp6x6BmwFhj00mBNeG6r5IEbVognfrg=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=dpH9qhw9Tp5dIaiXPGzoOzXfNRvUzjOZv7xI8KB592USjkWlX9zkewGLB5Nw1cCXb FORxUvIxjcOyfbeXGQT2hxYzmOs3veTzQ98DidhZ6+C90iYE6b4gy3CwUxRSRRvIzm MU/ED0ANlpGggihGER8mjki90ZJ5wgzYlkAHwcEwmCRHIvkgrkWpVKfVczl9O/eA8h gt34pTH/KsJpa/Nv1HTmNyBfXM4Qy5TTwwmSHxbTSr+cwJY1/KL07uSp0bItf9ZPnp GLcz0BgTBImv72ovYilMO76zmxz47vZsNJIh0iNLPAIV/82rVFZR4Og3AX1/46cj21 tDCgBj4XZX/4g== Date: Mon, 29 Apr 2024 20:31:08 -0700 Subject: [PATCH 01/38] fs: add FS_XFLAG_VERITY for verity files From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683126.960383.14706856644618362588.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Andrey Albershteyn Add extended attribute FS_XFLAG_VERITY for inodes with fs-verity enabled. Signed-off-by: Andrey Albershteyn [djwong: fix broken verity flag checks] Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong --- include/linux.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/linux.h b/include/linux.h index 95a0deee2594..d98d387e88b0 100644 --- a/include/linux.h +++ b/include/linux.h @@ -249,6 +249,10 @@ struct fsxattr { #define FS_XFLAG_COWEXTSIZE 0x00010000 /* CoW extent size allocator hint */ #endif +#ifndef FS_XFLAG_VERITY +#define FS_XFLAG_VERITY 0x00020000 /* fs-verity enabled */ +#endif + /* * Reminder: anything added to this file will be compiled into downstream * userspace projects! From patchwork Tue Apr 30 03:31:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648131 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DF79E10A0C; Tue, 30 Apr 2024 03:31:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714447885; cv=none; b=JdSOgZnrxhrYRYxA0poduR5hK5PT6vTWI/spN2+pJxYfww7ej1q8PiueF2uZQlvlQFVglEkhwF8pAXI2mNoK17MPK8yBbidW0L1Z39ZbfNioFM0vSIa2eAotn/YdB2RyIWkyW4kgb5K8UW33rtOUZM6QnmEfH65SjgZ4SyZJHXU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714447885; c=relaxed/simple; bh=Qj19uUa1ftdlYwpbZBOrx6QxLHqvRuyjEYC0CuUPgAY=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=e5X8haEXA8ksf7gbyE6PEuxtUvm4X8ynl3rO9v9iLwAwhICcX2DgurbJmjzl/F39T8mv8X6Yy98oMqvo2WNZ6gUt+v1Wsy3eDNtaO6N9sTRyFyIaxXbpAwhhPFkiR5svZxLudjL8angcAjU8op+piLbKWnZsQFPNmBl3ELsmbaM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=QRuvJSEg; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="QRuvJSEg" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B55ABC116B1; Tue, 30 Apr 2024 03:31:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714447884; bh=Qj19uUa1ftdlYwpbZBOrx6QxLHqvRuyjEYC0CuUPgAY=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=QRuvJSEg2HFwB52lxfU/XAXMvW5N/hS67z5qWB9owC4W80mrJOpOWZM7uuHluEoSc 3Rj/Hygwdw79micQQ8iESmqhf3l0cK0KDMvi6A2ju61vVSYSuQ+sKYgqVBCLOxtRbP 2vN9ubPqT0jFVY7CmKD0M+JnsuBa8ua3Tgv6QXex5TzUwfyMV1XlY58fckSHAPuGcb NY6rWje1b3OgdPk4ygWpFFThi6yfgg+8oUk5EcyXxZyx4jVxohpT23yCcscO+LZejp bYjF6N8/NgdQHbnrNcz/ibOgMPes8Oy6ahu8FczP6M4pJXSwG+nv1Be1Pq9P7sK3Dy GwjfXZK4NnuhQ== Date: Mon, 29 Apr 2024 20:31:24 -0700 Subject: [PATCH 02/38] xfs: use unsigned ints for non-negative quantities in xfs_attr_remote.c From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683141.960383.12488351136918517053.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong In the next few patches we're going to refactor the attr remote code so that we can support headerless remote xattr values for storing merkle tree blocks. For now, let's change the code to use unsigned int to describe quantities of bytes and blocks that cannot be negative. Signed-off-by: Darrick J. Wong Reviewed-by: Andrey Albershteyn --- libxfs/xfs_attr_remote.c | 61 +++++++++++++++++++++++----------------------- libxfs/xfs_attr_remote.h | 2 +- 2 files changed, 31 insertions(+), 32 deletions(-) diff --git a/libxfs/xfs_attr_remote.c b/libxfs/xfs_attr_remote.c index eb15b272b80f..5f1b9810c5c8 100644 --- a/libxfs/xfs_attr_remote.c +++ b/libxfs/xfs_attr_remote.c @@ -46,13 +46,13 @@ * Each contiguous block has a header, so it is not just a simple attribute * length to FSB conversion. */ -int +unsigned int xfs_attr3_rmt_blocks( - struct xfs_mount *mp, - int attrlen) + struct xfs_mount *mp, + unsigned int attrlen) { if (xfs_has_crc(mp)) { - int buflen = XFS_ATTR3_RMT_BUF_SPACE(mp, mp->m_sb.sb_blocksize); + unsigned int buflen = XFS_ATTR3_RMT_BUF_SPACE(mp, mp->m_sb.sb_blocksize); return (attrlen + buflen - 1) / buflen; } return XFS_B_TO_FSB(mp, attrlen); @@ -91,7 +91,6 @@ xfs_attr3_rmt_verify( struct xfs_mount *mp, struct xfs_buf *bp, void *ptr, - int fsbsize, xfs_daddr_t bno) { struct xfs_attr3_rmt_hdr *rmt = ptr; @@ -102,7 +101,7 @@ xfs_attr3_rmt_verify( return __this_address; if (be64_to_cpu(rmt->rm_blkno) != bno) return __this_address; - if (be32_to_cpu(rmt->rm_bytes) > fsbsize - sizeof(*rmt)) + if (be32_to_cpu(rmt->rm_bytes) > mp->m_attr_geo->blksize - sizeof(*rmt)) return __this_address; if (be32_to_cpu(rmt->rm_offset) + be32_to_cpu(rmt->rm_bytes) > XFS_XATTR_SIZE_MAX) @@ -121,9 +120,9 @@ __xfs_attr3_rmt_read_verify( { struct xfs_mount *mp = bp->b_mount; char *ptr; - int len; + unsigned int len; xfs_daddr_t bno; - int blksize = mp->m_attr_geo->blksize; + unsigned int blksize = mp->m_attr_geo->blksize; /* no verification of non-crc buffers */ if (!xfs_has_crc(mp)) @@ -140,7 +139,7 @@ __xfs_attr3_rmt_read_verify( *failaddr = __this_address; return -EFSBADCRC; } - *failaddr = xfs_attr3_rmt_verify(mp, bp, ptr, blksize, bno); + *failaddr = xfs_attr3_rmt_verify(mp, bp, ptr, bno); if (*failaddr) return -EFSCORRUPTED; len -= blksize; @@ -185,7 +184,7 @@ xfs_attr3_rmt_write_verify( { struct xfs_mount *mp = bp->b_mount; xfs_failaddr_t fa; - int blksize = mp->m_attr_geo->blksize; + unsigned int blksize = mp->m_attr_geo->blksize; char *ptr; int len; xfs_daddr_t bno; @@ -202,7 +201,7 @@ xfs_attr3_rmt_write_verify( while (len > 0) { struct xfs_attr3_rmt_hdr *rmt = (struct xfs_attr3_rmt_hdr *)ptr; - fa = xfs_attr3_rmt_verify(mp, bp, ptr, blksize, bno); + fa = xfs_attr3_rmt_verify(mp, bp, ptr, bno); if (fa) { xfs_verifier_error(bp, -EFSCORRUPTED, fa); return; @@ -280,20 +279,20 @@ xfs_attr_rmtval_copyout( struct xfs_buf *bp, struct xfs_inode *dp, xfs_ino_t owner, - int *offset, - int *valuelen, + unsigned int *offset, + unsigned int *valuelen, uint8_t **dst) { char *src = bp->b_addr; xfs_daddr_t bno = xfs_buf_daddr(bp); - int len = BBTOB(bp->b_length); - int blksize = mp->m_attr_geo->blksize; + unsigned int len = BBTOB(bp->b_length); + unsigned int blksize = mp->m_attr_geo->blksize; ASSERT(len >= blksize); while (len > 0 && *valuelen > 0) { - int hdr_size = 0; - int byte_cnt = XFS_ATTR3_RMT_BUF_SPACE(mp, blksize); + unsigned int hdr_size = 0; + unsigned int byte_cnt = XFS_ATTR3_RMT_BUF_SPACE(mp, blksize); byte_cnt = min(*valuelen, byte_cnt); @@ -329,20 +328,20 @@ xfs_attr_rmtval_copyin( struct xfs_mount *mp, struct xfs_buf *bp, xfs_ino_t ino, - int *offset, - int *valuelen, + unsigned int *offset, + unsigned int *valuelen, uint8_t **src) { char *dst = bp->b_addr; xfs_daddr_t bno = xfs_buf_daddr(bp); - int len = BBTOB(bp->b_length); - int blksize = mp->m_attr_geo->blksize; + unsigned int len = BBTOB(bp->b_length); + unsigned int blksize = mp->m_attr_geo->blksize; ASSERT(len >= blksize); while (len > 0 && *valuelen > 0) { - int hdr_size; - int byte_cnt = XFS_ATTR3_RMT_BUF_SPACE(mp, blksize); + unsigned int hdr_size; + unsigned int byte_cnt = XFS_ATTR3_RMT_BUF_SPACE(mp, blksize); byte_cnt = min(*valuelen, byte_cnt); hdr_size = xfs_attr3_rmt_hdr_set(mp, dst, ino, *offset, @@ -388,12 +387,12 @@ xfs_attr_rmtval_get( struct xfs_buf *bp; xfs_dablk_t lblkno = args->rmtblkno; uint8_t *dst = args->value; - int valuelen; + unsigned int valuelen; int nmap; int error; - int blkcnt = args->rmtblkcnt; + unsigned int blkcnt = args->rmtblkcnt; int i; - int offset = 0; + unsigned int offset = 0; trace_xfs_attr_rmtval_get(args); @@ -451,7 +450,7 @@ xfs_attr_rmt_find_hole( struct xfs_inode *dp = args->dp; struct xfs_mount *mp = dp->i_mount; int error; - int blkcnt; + unsigned int blkcnt; xfs_fileoff_t lfileoff = 0; /* @@ -480,11 +479,11 @@ xfs_attr_rmtval_set_value( struct xfs_bmbt_irec map; xfs_dablk_t lblkno; uint8_t *src = args->value; - int blkcnt; - int valuelen; + unsigned int blkcnt; + unsigned int valuelen; int nmap; int error; - int offset = 0; + unsigned int offset = 0; /* * Roll through the "value", copying the attribute value to the @@ -644,7 +643,7 @@ xfs_attr_rmtval_invalidate( struct xfs_da_args *args) { xfs_dablk_t lblkno; - int blkcnt; + unsigned int blkcnt; int error; /* diff --git a/libxfs/xfs_attr_remote.h b/libxfs/xfs_attr_remote.h index d097ec6c4dc3..c64b04f91caf 100644 --- a/libxfs/xfs_attr_remote.h +++ b/libxfs/xfs_attr_remote.h @@ -6,7 +6,7 @@ #ifndef __XFS_ATTR_REMOTE_H__ #define __XFS_ATTR_REMOTE_H__ -int xfs_attr3_rmt_blocks(struct xfs_mount *mp, int attrlen); +unsigned int xfs_attr3_rmt_blocks(struct xfs_mount *mp, unsigned int attrlen); int xfs_attr_rmtval_get(struct xfs_da_args *args); int xfs_attr_rmtval_stale(struct xfs_inode *ip, struct xfs_bmbt_irec *map, From patchwork Tue Apr 30 03:31:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648132 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E7BAD22615; Tue, 30 Apr 2024 03:31:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714447901; cv=none; b=riUryJUIyVycIMfsf8eobqn4T7rWifs1Z229FdZbRznVY9GjnZx5pd3mUL57KWcurnIMb3PqHcDNYbxU4RokTX/NmJ9HZCyFDMGZ/O6wPvbyUFGdVUfsqs+EdNj2rOcBkHslaxR4+7kKiauu4sY2JfqBRxUzr+6voMcKl8OCfwQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714447901; c=relaxed/simple; bh=k2jQIZCVO7yIuLYzRtkgP7kPeU403uYKMrRHlWF/yhc=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=t0tmITqkclmYRvLABVPXEHeemtSzXle8Sg1TFizklH8SZQfVuBrQeRoPJ2aH76+WL1q3gGY3+EvdDk9H9YlMGVEP5/YviSLh/e2QpscSzqcl11/TEZjPa6t41x+mb0vOTNhb3cbwpBaHS+IY4l1fj2F6GGZFKe6clVS6H0d+w2k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=aKcpn6kg; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="aKcpn6kg" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 67E53C4AF14; Tue, 30 Apr 2024 03:31:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714447900; bh=k2jQIZCVO7yIuLYzRtkgP7kPeU403uYKMrRHlWF/yhc=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=aKcpn6kgoHRvlBYmrZpkTrBMjJR849wWKHydEYw1o3VvggqujDi96XpJZ4mKEyqxU 00GjKPLdM1ESh3WkNJj7LJ/ShVluvXUN1O13v7CEep1c8/PSp1GhLyPrstlrdPxEbU i2sEnwIAC8csw3L8b+MkCd9TOOPYS+bt1dBhb9P10wO5qbTbBfV9egypdPkae99sfa ew3jFGAfz7pPXwKIksaYmiCqvvoL5Kzrcs5LXZGg73ZtKRjifrLZeKREDKF/tsi2ka fd8O8LQNS0tWJqik7K9owivX9ZW2Y2wL78p0y7ESHwY5cUEpdjU6oVF8B9qF5nhmPv HlecuKTLlZ+UA== Date: Mon, 29 Apr 2024 20:31:39 -0700 Subject: [PATCH 03/38] xfs: turn XFS_ATTR3_RMT_BUF_SPACE into a function From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683157.960383.17857305480795063902.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Turn this into a properly typechecked function, and actually use the correct blocksize for extended attributes. The function cannot be static inline because xfsprogs userspace uses it. Signed-off-by: Darrick J. Wong Reviewed-by: Andrey Albershteyn --- db/attr.c | 2 +- db/metadump.c | 8 ++++---- libxfs/xfs_attr_remote.c | 19 ++++++++++++++++--- libxfs/xfs_da_format.h | 4 +--- 4 files changed, 22 insertions(+), 11 deletions(-) diff --git a/db/attr.c b/db/attr.c index a83ee14d0791..0b1f498e457c 100644 --- a/db/attr.c +++ b/db/attr.c @@ -221,7 +221,7 @@ attr3_remote_data_count( if (hdr->rm_magic != cpu_to_be32(XFS_ATTR3_RMT_MAGIC)) return 0; - buf_space = XFS_ATTR3_RMT_BUF_SPACE(mp, mp->m_sb.sb_blocksize); + buf_space = xfs_attr3_rmt_buf_space(mp); if (be32_to_cpu(hdr->rm_bytes) > buf_space) return buf_space; return be32_to_cpu(hdr->rm_bytes); diff --git a/db/metadump.c b/db/metadump.c index 90bec1467623..7337c716fc11 100644 --- a/db/metadump.c +++ b/db/metadump.c @@ -1748,7 +1748,7 @@ add_remote_vals( attr_data.remote_vals[attr_data.remote_val_count] = blockidx; attr_data.remote_val_count++; blockidx++; - length -= XFS_ATTR3_RMT_BUF_SPACE(mp, mp->m_sb.sb_blocksize); + length -= xfs_attr3_rmt_buf_space(mp); } if (attr_data.remote_val_count >= MAX_REMOTE_VALS) { @@ -1785,8 +1785,8 @@ process_attr_block( attr_data.remote_vals[i] == offset) /* Macros to handle both attr and attr3 */ memset(block + - (bs - XFS_ATTR3_RMT_BUF_SPACE(mp, bs)), - 'v', XFS_ATTR3_RMT_BUF_SPACE(mp, bs)); + (bs - xfs_attr3_rmt_buf_space(mp)), + 'v', xfs_attr3_rmt_buf_space(mp)); } return; } @@ -1798,7 +1798,7 @@ process_attr_block( if (nentries == 0 || nentries * sizeof(xfs_attr_leaf_entry_t) + xfs_attr3_leaf_hdr_size(leaf) > - XFS_ATTR3_RMT_BUF_SPACE(mp, bs)) { + xfs_attr3_rmt_buf_space(mp)) { if (metadump.show_warnings) print_warning("invalid attr count in inode %llu", (long long)metadump.cur_ino); diff --git a/libxfs/xfs_attr_remote.c b/libxfs/xfs_attr_remote.c index 5f1b9810c5c8..b98805bb5926 100644 --- a/libxfs/xfs_attr_remote.c +++ b/libxfs/xfs_attr_remote.c @@ -42,6 +42,19 @@ * the logging system and therefore never have a log item. */ +/* How many bytes can be stored in a remote value buffer? */ +inline unsigned int +xfs_attr3_rmt_buf_space( + struct xfs_mount *mp) +{ + unsigned int blocksize = mp->m_attr_geo->blksize; + + if (xfs_has_crc(mp)) + return blocksize - sizeof(struct xfs_attr3_rmt_hdr); + + return blocksize; +} + /* * Each contiguous block has a header, so it is not just a simple attribute * length to FSB conversion. @@ -52,7 +65,7 @@ xfs_attr3_rmt_blocks( unsigned int attrlen) { if (xfs_has_crc(mp)) { - unsigned int buflen = XFS_ATTR3_RMT_BUF_SPACE(mp, mp->m_sb.sb_blocksize); + unsigned int buflen = xfs_attr3_rmt_buf_space(mp); return (attrlen + buflen - 1) / buflen; } return XFS_B_TO_FSB(mp, attrlen); @@ -292,7 +305,7 @@ xfs_attr_rmtval_copyout( while (len > 0 && *valuelen > 0) { unsigned int hdr_size = 0; - unsigned int byte_cnt = XFS_ATTR3_RMT_BUF_SPACE(mp, blksize); + unsigned int byte_cnt = xfs_attr3_rmt_buf_space(mp); byte_cnt = min(*valuelen, byte_cnt); @@ -341,7 +354,7 @@ xfs_attr_rmtval_copyin( while (len > 0 && *valuelen > 0) { unsigned int hdr_size; - unsigned int byte_cnt = XFS_ATTR3_RMT_BUF_SPACE(mp, blksize); + unsigned int byte_cnt = xfs_attr3_rmt_buf_space(mp); byte_cnt = min(*valuelen, byte_cnt); hdr_size = xfs_attr3_rmt_hdr_set(mp, dst, ino, *offset, diff --git a/libxfs/xfs_da_format.h b/libxfs/xfs_da_format.h index ebde6eb1da65..86de99e2f757 100644 --- a/libxfs/xfs_da_format.h +++ b/libxfs/xfs_da_format.h @@ -880,9 +880,7 @@ struct xfs_attr3_rmt_hdr { #define XFS_ATTR3_RMT_CRC_OFF offsetof(struct xfs_attr3_rmt_hdr, rm_crc) -#define XFS_ATTR3_RMT_BUF_SPACE(mp, bufsize) \ - ((bufsize) - (xfs_has_crc((mp)) ? \ - sizeof(struct xfs_attr3_rmt_hdr) : 0)) +unsigned int xfs_attr3_rmt_buf_space(struct xfs_mount *mp); /* Number of bytes in a directory block. */ static inline unsigned int xfs_dir2_dirblock_bytes(struct xfs_sb *sbp) From patchwork Tue Apr 30 03:31:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648133 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 529DC25761; Tue, 30 Apr 2024 03:31:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714447916; cv=none; b=iPH80MrNKGFaCCbQevH4Vvl7uasYbFpqxcvn6GeXbyP4gg9fNWQ48O9Q9AkXlr/uCxcp/JXQObthY1LAJGM9+Ecfi+7dr/LYjuEdV91S1dyyYTi44oDtVIUzkag2YDc8EvtxAP5TWUeLNCvA111grVPdbFOj7+vcH9l3WCiG94I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714447916; c=relaxed/simple; bh=R+BH8nTsJIAEYRlZRA4F44cuNyWlV+WB0m2MU7h+QYQ=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=m78p/5n5B8cNJVVne37+g3Y7M1VRq7ZIp7dEjMnhREkTivvan/nKENczobkR3IKzZ73K2gpYXfDYSIi2YeC7ZN5bmxpjCUNKKBM/c+M51lelvGZ7G738Cc+sebc1+UO3+CbQs9MQ4X1cuWfz4KQrok9Sgv9zRCpxqvP+jTdkNgw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ri2kOjqU; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ri2kOjqU" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 25881C116B1; Tue, 30 Apr 2024 03:31:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714447916; bh=R+BH8nTsJIAEYRlZRA4F44cuNyWlV+WB0m2MU7h+QYQ=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=ri2kOjqUtOGmkv4jn1FfmZsizBj1/II65dqww+x+b9pamdjboYu5YdtZ801Hwl6iw Zic6vItRM6lEniCSIISHHcvr72XmzD7JAAdZ1dvz7QSgIokE1mfafocS+1nwFbBWvv ru6W+9Yn17zl7cncVdeZq0mlqO5ZRwOvWzVyMU75oiIxqcEud9FaD6nMmY4IDPXkQ1 H+RmbR81KP4lj7uzJdaFS1Qlzy1DAd1gTS6UJtManv37Etqf5eEyIv1b1IHZ395+Cv 0fFTnky2Z35Fw5FY9nV14IjLpLDMb8H9u6CBbhhlNkEdJihI04nZxWJ4gNswfZrR3l ahf8v8FY5o5tA== Date: Mon, 29 Apr 2024 20:31:55 -0700 Subject: [PATCH 04/38] xfs: create a helper to compute the blockcount of a max sized remote value From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683172.960383.15459655209472642137.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Create a helper function to compute the number of fsblocks needed to store a maximally-sized extended attribute value. Signed-off-by: Darrick J. Wong Reviewed-by: Andrey Albershteyn --- libxfs/xfs_attr.c | 2 +- libxfs/xfs_attr_remote.h | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/libxfs/xfs_attr.c b/libxfs/xfs_attr.c index 04cb39f31bdc..3058e609c514 100644 --- a/libxfs/xfs_attr.c +++ b/libxfs/xfs_attr.c @@ -1038,7 +1038,7 @@ xfs_attr_set( break; case XFS_ATTRUPDATE_REMOVE: XFS_STATS_INC(mp, xs_attr_remove); - rmt_blks = xfs_attr3_rmt_blocks(mp, XFS_XATTR_SIZE_MAX); + rmt_blks = xfs_attr3_max_rmt_blocks(mp); break; } diff --git a/libxfs/xfs_attr_remote.h b/libxfs/xfs_attr_remote.h index c64b04f91caf..e3c6c7d774bf 100644 --- a/libxfs/xfs_attr_remote.h +++ b/libxfs/xfs_attr_remote.h @@ -8,6 +8,12 @@ unsigned int xfs_attr3_rmt_blocks(struct xfs_mount *mp, unsigned int attrlen); +/* Number of rmt blocks needed to store the maximally sized attr value */ +static inline unsigned int xfs_attr3_max_rmt_blocks(struct xfs_mount *mp) +{ + return xfs_attr3_rmt_blocks(mp, XFS_XATTR_SIZE_MAX); +} + int xfs_attr_rmtval_get(struct xfs_da_args *args); int xfs_attr_rmtval_stale(struct xfs_inode *ip, struct xfs_bmbt_irec *map, xfs_buf_flags_t incore_flags); From patchwork Tue Apr 30 03:32:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648134 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 07B6A10A1F; Tue, 30 Apr 2024 03:32:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714447932; cv=none; b=CrJBfHnaHOOntXkxwk4wI7ENFvsYTm/rxm15MAfXKt6UFtCEdBnM91zVXc7C8rNWX10+DMypHCjfTn6g0Tcjbxsw0pt7qmubQs/zXZXj8oXbnZVn3PmKtimxcwxnwB4R/dgC6e5JHoC59LNlpEv5ESqrrfbZ6Oc3C7guop4eMts= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714447932; c=relaxed/simple; bh=zzOIEgE+CHVA+ZNtgRAVQMTsqe8hg2dE5Clj17eW2sE=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=px83ywE5Wqo+UES8FE/spBmakjH1xDp6TFaB4msy0GXPF438PuFIAhTjTlTAoIgb7+M9xTfJ4auKdItI13L3JSJ/93AjoVSbKynLFt9iAyTy+XpeRIRDabyLwvh1Nwprtf1YSSZf81zJQ7fO1j6EMQj24hrS1A/iRqyd06Iwpbg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=fBwplYul; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="fBwplYul" Received: by smtp.kernel.org (Postfix) with ESMTPSA id C8A26C116B1; Tue, 30 Apr 2024 03:32:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714447931; bh=zzOIEgE+CHVA+ZNtgRAVQMTsqe8hg2dE5Clj17eW2sE=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=fBwplYulUtARIbRlOx1gUCSccdonty/2IsE2JpYj3XmhytWctvO+MgZhDdhp8aWCD 7t5N4L2ncoYdalkMIF87TrI31CkJYVqDVXD6yFfmk747gU9GCfj+QPUDtKXKRgBKmm sH8N1CIF78kf5U+i4Rq4oXT2bBuwWElAGTm1hSnMQyTESPxCoGonvyCqyivb4k47h+ tEM6oO5/5UKZvRW9ZtYLYl9IR9sZ0SIYhSW3XwRFgDhqLAwYv2l9o0npy7IUQbwQ9e RZkQi8iPxqtrteTxQnynJako2JgzUaRLU6JwoiAPE8f47U853YKU6K8LxfwSuAMsHW VzUFDVtKnK1VQ== Date: Mon, 29 Apr 2024 20:32:11 -0700 Subject: [PATCH 05/38] xfs: minor cleanups of xfs_attr3_rmt_blocks From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683188.960383.715192327245703651.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Clean up the type signature of this function since we don't have negative attr lengths or block counts. Signed-off-by: Darrick J. Wong Reviewed-by: Andrey Albershteyn --- libxfs/xfs_attr_remote.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/libxfs/xfs_attr_remote.c b/libxfs/xfs_attr_remote.c index b98805bb5926..f9c0da51a8fa 100644 --- a/libxfs/xfs_attr_remote.c +++ b/libxfs/xfs_attr_remote.c @@ -55,19 +55,19 @@ xfs_attr3_rmt_buf_space( return blocksize; } -/* - * Each contiguous block has a header, so it is not just a simple attribute - * length to FSB conversion. - */ +/* Compute number of fsblocks needed to store a remote attr value */ unsigned int xfs_attr3_rmt_blocks( struct xfs_mount *mp, unsigned int attrlen) { - if (xfs_has_crc(mp)) { - unsigned int buflen = xfs_attr3_rmt_buf_space(mp); - return (attrlen + buflen - 1) / buflen; - } + /* + * Each contiguous block has a header, so it is not just a simple + * attribute length to FSB conversion. + */ + if (xfs_has_crc(mp)) + return howmany(attrlen, xfs_attr3_rmt_buf_space(mp)); + return XFS_B_TO_FSB(mp, attrlen); } From patchwork Tue Apr 30 03:32:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648135 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 092C710A0D; Tue, 30 Apr 2024 03:32:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714447948; cv=none; b=AV7K1+PYbPxa5nFzch6qa3i/olFqxaXUX7GkCv/N/jbY8WCMU0/SBiJszbh+vKG33BarIkfNFbiKRdcKjB+wQ2JdQeJYeyXUSp40ITKF3azg+M3St2YvSG5GhFpe904kr95vpvoIGDV0n4BFKRCJtg7RMpPMr94kltrfFjSWaf0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714447948; c=relaxed/simple; bh=bFFVF59FtuOzAhQ+x2mWVF5N2VzrjOmGE5wEfGjihi0=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=slphmKhBCXU8jtYU7viOtZN/910C+4G6GlcHFv3smrojQCEsr0IHIi1cQweD5+oeRpzXrXXcsBeYfWNClTyLWDrbIuaz5a70PBBK5gddI/ioNKRYtGJckKmllODCVNAzQQspkI1F1bPUHJlkyxWgsR2HTD/Y6BQ9dpKI9cAz9wA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=V/dwnMo0; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="V/dwnMo0" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 799A0C116B1; Tue, 30 Apr 2024 03:32:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714447947; bh=bFFVF59FtuOzAhQ+x2mWVF5N2VzrjOmGE5wEfGjihi0=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=V/dwnMo0KpHLxmA5kO3RtTojkVRxTUiyj51UrErteJ0ZD45qSJxa8poB+2mZqdezc /q/8FZvjgAFNvY128kclHtqbFK+mOtjaaOvzYm8eBIdeJ+XIaPfDAlqbRiYrrO9iRn cULszSk4+4v1zMBZ28r/40S6QGFh+GAPKpcrB/tmKJkn7urtqo0yAVhc1ac9mo0W1e YHX+tU0P4f9jNmv996SoxTbJJjItsHc8FIy7M4ur37mgNevGvXdnSrW+bIgfVan78p YqTFkijoFAdnw708gsC/DpQz0wmdqx4Yt7BBL+aa3b3Tdz1FutQcl+llksR9guouvO IimnNbeuPvTdw== Date: Mon, 29 Apr 2024 20:32:27 -0700 Subject: [PATCH 06/38] xfs: use an empty transaction to protect xfs_attr_get from deadlocks From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683203.960383.14371751684414769283.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Wrap the xfs_attr_get_ilocked call in xfs_attr_get with an empty transaction so that we cannot livelock the kernel if someone injects a loop into the attr structure or the attr fork bmbt. Signed-off-by: Darrick J. Wong --- libxfs/xfs_attr.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/libxfs/xfs_attr.c b/libxfs/xfs_attr.c index 3058e609c514..0a9fb396885e 100644 --- a/libxfs/xfs_attr.c +++ b/libxfs/xfs_attr.c @@ -273,6 +273,8 @@ xfs_attr_get( XFS_STATS_INC(args->dp->i_mount, xs_attr_get); + ASSERT(!args->trans); + if (xfs_is_shutdown(args->dp->i_mount)) return -EIO; @@ -285,8 +287,27 @@ xfs_attr_get( /* Entirely possible to look up a name which doesn't exist */ args->op_flags = XFS_DA_OP_OKNOENT; + error = xfs_trans_alloc_empty(args->dp->i_mount, &args->trans); + if (error) + return error; + lock_mode = xfs_ilock_attr_map_shared(args->dp); + + /* + * Make sure the attr fork iext tree is loaded. Use the empty + * transaction to load the bmbt so that we avoid livelocking on loops. + */ + if (xfs_inode_hasattr(args->dp)) { + error = xfs_iread_extents(args->trans, args->dp, XFS_ATTR_FORK); + if (error) + goto out_cancel; + } + error = xfs_attr_get_ilocked(args); + +out_cancel: + xfs_trans_cancel(args->trans); + args->trans = NULL; xfs_iunlock(args->dp, lock_mode); return error; From patchwork Tue Apr 30 03:32:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648136 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9E84510A1D; Tue, 30 Apr 2024 03:32:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714447963; cv=none; b=TcU7ox2CvbQ2cxFRoOPCdYPwqKx7/IJfxYAXDa6e+VTwqNnzy0xES63y7HjyY92xbMNjiJfg/a8zfdS20H2m1WePVZ4Ss6KqXXEd5ABWf/ZVktWxoYEFz/wTqjH+8iomC8FNf2Yf/wTJt51AatefesrOctdRTvpAmVg3DRR7Oos= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714447963; c=relaxed/simple; bh=1b5WwY/oi77xgfYu3z0SG3NWJvJwI4o71e1l5ztX8+s=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=TkJ3/ae/5zZEgdyGR31Z4pSnbPBaszxW12oYzZsgTStVcbF2kHW/zW6fTTgXu51zQgCcA8WzxI0rBFX/CygmdxEOpuTFpYoegPVrUSUtmyR8bwI0r5P4yHUrsXQ/Rrlo/4ot/f532lVveAJUT97IAUSZ/1JLPuggQJwrlJVmnEI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=a2YVxkRq; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="a2YVxkRq" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 243C4C116B1; Tue, 30 Apr 2024 03:32:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714447963; bh=1b5WwY/oi77xgfYu3z0SG3NWJvJwI4o71e1l5ztX8+s=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=a2YVxkRqeoXr3/j2ORpRQyFQdwy7CyqCYpMtj+LfPrK7ZKiVAnlsM/zxdvkF1UMvi FqmFmEN8fijctKvg2uej9AcmoJkWTg9MEa0K9kpNM9bPLSJhFeZ2xzoEG76a8MxZ/J zGaSnSncXS22cYb+b+m7/VaLWcS3zZunyim+vEmpDpF4PiH5VJajaT5N9AS5qLWgj6 3batnJaAAT7jvT4yZKlUEMeBm7xg/UNmqebdnJwyzLUcvvWOL+bgJmjpr0KL1kzt9X bisOiwKQvU3U8w3Tk7wLW43CHrpijnrx+91ReS8wveDDfMGZYjatbM4Cxt4A9ZxPZM zsMJyrU/lHK6Q== Date: Mon, 29 Apr 2024 20:32:42 -0700 Subject: [PATCH 07/38] xfs: add attribute type for fs-verity From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683219.960383.1750750720014491843.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Andrey Albershteyn The Merkle tree blocks and descriptor are stored in the extended attributes of the inode. Add new attribute type for fs-verity metadata. Add XFS_ATTR_INTERNAL_MASK to skip parent pointer and fs-verity attributes as those are only for internal use. While we're at it add a few comments in relevant places that internally visible attributes are not suppose to be handled via interface defined in xfs_xattr.c. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong --- libxfs/xfs_da_format.h | 11 ++++++++--- libxfs/xfs_log_format.h | 1 + 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/libxfs/xfs_da_format.h b/libxfs/xfs_da_format.h index 86de99e2f757..27b9ad9f8b2e 100644 --- a/libxfs/xfs_da_format.h +++ b/libxfs/xfs_da_format.h @@ -715,19 +715,23 @@ struct xfs_attr3_leafblock { #define XFS_ATTR_ROOT_BIT 1 /* limit access to trusted attrs */ #define XFS_ATTR_SECURE_BIT 2 /* limit access to secure attrs */ #define XFS_ATTR_PARENT_BIT 3 /* parent pointer attrs */ +#define XFS_ATTR_VERITY_BIT 4 /* verity merkle tree and descriptor */ #define XFS_ATTR_INCOMPLETE_BIT 7 /* attr in middle of create/delete */ #define XFS_ATTR_LOCAL (1u << XFS_ATTR_LOCAL_BIT) #define XFS_ATTR_ROOT (1u << XFS_ATTR_ROOT_BIT) #define XFS_ATTR_SECURE (1u << XFS_ATTR_SECURE_BIT) #define XFS_ATTR_PARENT (1u << XFS_ATTR_PARENT_BIT) +#define XFS_ATTR_VERITY (1u << XFS_ATTR_VERITY_BIT) #define XFS_ATTR_INCOMPLETE (1u << XFS_ATTR_INCOMPLETE_BIT) #define XFS_ATTR_NSP_ONDISK_MASK (XFS_ATTR_ROOT | \ XFS_ATTR_SECURE | \ - XFS_ATTR_PARENT) + XFS_ATTR_PARENT | \ + XFS_ATTR_VERITY) /* Private attr namespaces not exposed to userspace */ -#define XFS_ATTR_PRIVATE_NSP_MASK (XFS_ATTR_PARENT) +#define XFS_ATTR_PRIVATE_NSP_MASK (XFS_ATTR_PARENT | \ + XFS_ATTR_VERITY) #define XFS_ATTR_ONDISK_MASK (XFS_ATTR_NSP_ONDISK_MASK | \ XFS_ATTR_LOCAL | \ @@ -737,7 +741,8 @@ struct xfs_attr3_leafblock { { XFS_ATTR_LOCAL, "local" }, \ { XFS_ATTR_ROOT, "root" }, \ { XFS_ATTR_SECURE, "secure" }, \ - { XFS_ATTR_PARENT, "parent" } + { XFS_ATTR_PARENT, "parent" }, \ + { XFS_ATTR_VERITY, "verity" } /* * Alignment for namelist and valuelist entries (since they are mixed diff --git a/libxfs/xfs_log_format.h b/libxfs/xfs_log_format.h index 0f194ae71b42..4d11d6b7b1ad 100644 --- a/libxfs/xfs_log_format.h +++ b/libxfs/xfs_log_format.h @@ -1052,6 +1052,7 @@ struct xfs_icreate_log { #define XFS_ATTRI_FILTER_MASK (XFS_ATTR_ROOT | \ XFS_ATTR_SECURE | \ XFS_ATTR_PARENT | \ + XFS_ATTR_VERITY | \ XFS_ATTR_INCOMPLETE) /* From patchwork Tue Apr 30 03:32:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648137 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3596810A01; Tue, 30 Apr 2024 03:32:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714447979; cv=none; b=OBRigLcFX0jOob0JSmBOdABwEK1VN5W1DEfh6NbZgaV0JItHxyzdqd3f0vsalKx20JeB++FUVIjyDqCjCDRDceZeksYCFaNhTsqk8RyK1YpefLVcZO+6OSOl3NZVyA96t4VceZCHVrrh3P8fhlAZzn+rk0M1THrZpXnRKrajQmg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714447979; c=relaxed/simple; bh=j8PStW8TI5qtFE6cRFelKUdqofC5Ko8TXpbj1jKPbMY=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ZFRm/7rol2CmVNdY8qJZROymvkKCs22PcubgCQtZykz/qE6gIOMgQIxCS7Y/PuGnca9HlXVpT/vYuZGaYSlXref8kkFQIBa5DyaNQYX7cmJqLq6byI2tWE2ncD4WZjPn7zbzoxpfBxN/zV5u4W9V9g+O/DZFTN6VGN/rIEhz58k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=c4WBdd9m; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="c4WBdd9m" Received: by smtp.kernel.org (Postfix) with ESMTPSA id BFF8BC116B1; Tue, 30 Apr 2024 03:32:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714447978; bh=j8PStW8TI5qtFE6cRFelKUdqofC5Ko8TXpbj1jKPbMY=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=c4WBdd9mJP8TLmkH5mlRhnSfB/0ngd+jjsIEUoPnQ9wPgzyhPX47eeHRq4KkxJLPw hrxXnS1FBPicabEEqOI1mTJx1CzTXkmH3En+Uwhp0/NVP1AtnR8WKLwQrGZOeKpPYj NrHHzdpv8B7rKcY+aCv3MIr9opLbUJ9sKX5aDYfstvJE8WcfIiy/OTjnERLyyvKtPT L3z88abbcaps025OlRTamjiBMBtk/kIv/oZ2V4oN67tKqVjveLiuA+KB3mUGBzN+K6 0BqGFM+gOc5YKFsSitvzkajM0DDlrFMz9h6eeZqSzC8Q+Ysf7fxf2Wkpylu6kf+ZVd GxefnvU5yq/HA== Date: Mon, 29 Apr 2024 20:32:58 -0700 Subject: [PATCH 08/38] xfs: do not use xfs_attr3_rmt_hdr for remote verity value blocks From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683235.960383.12956402365593793781.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong I enabled fsverity for a ~250MB file and noticed the following xattr keys that got created for the merkle tree. These two merkle tree blocks are written out in ascending order: nvlist[52].merkle_off = 0x111000 nvlist[53].valueblk = 0x222 nvlist[53].valuelen = 4096 nvlist[53].merkle_off = 0x112000 nvlist[54].valueblk = 0x224 nvlist[54].valuelen = 4096 Notice that while the valuelen is 4k, the block offset increases by two. Curious, I then loaded up ablock 0x223: hdr.magic = 0x5841524d hdr.offset = 4040 hdr.bytes = 56 hdr.crc = 0xad1b8bd8 (correct) hdr.uuid = 07d3f25c-e550-4118-8ff5-a45c017ba5ef hdr.owner = 133 hdr.bno = 442144 hdr.lsn = 0xffffffffffffffff data = <56 bytes of charns data> Ugh! Each 4k merkle tree block takes up two fsblocks due to the remote value header that XFS puts at the start of each remote value block. That header is 56 bytes long, which is exactly the length of the spillover here. This isn't good. The first thing that I tried was enabling fsverity on a bunch of files, extracting the merkle tree blocks one by one, and testing their compressability with gzip, zstd, and xz. Merkle tree blocks are nearly indistinguishable from random data, with the result that 99% of the blocks I sampled got larger under compression. So that's out. Next I decided to try eliminating the xfs_attr3_rmt_hdr header, which would make verity remote values align perfectly with filesystem blocks. Because remote value blocks are written out with xfs_bwrite, the lsn field isn't useful. The merkle tree is itself a bunch of hashes of data blocks or other merkle tree blocks, which means that a bitflip will result in a verity failure somewhere in the file. Hence we don't need to store an explicit crc, and we could just XOR the ondisk merkle tree contents with selected attributes. In the end I decided to create a smaller header structure containing only a magic, the fsuuid, the inode owner, and the ondisk block number. These values get XORd into the beginning of the merkle tree block to detect lost writes when we're writing remote XFS_ATTR_VERITY values to disk, and XORd out when reading them back in. With this format change applied, the fsverity overhead halves. Signed-off-by: Darrick J. Wong --- db/attr.c | 2 - db/metadump.c | 8 +-- include/platform_defs.h | 9 +++ libxfs/libxfs_api_defs.h | 1 libxfs/xfs_attr.c | 6 +- libxfs/xfs_attr_leaf.c | 5 +- libxfs/xfs_attr_remote.c | 125 ++++++++++++++++++++++++++++++++++++++++------ libxfs/xfs_attr_remote.h | 8 ++- libxfs/xfs_da_format.h | 22 ++++++++ libxfs/xfs_ondisk.h | 2 + libxfs/xfs_shared.h | 1 11 files changed, 162 insertions(+), 27 deletions(-) diff --git a/db/attr.c b/db/attr.c index 0b1f498e457c..8e2bce7b7e02 100644 --- a/db/attr.c +++ b/db/attr.c @@ -221,7 +221,7 @@ attr3_remote_data_count( if (hdr->rm_magic != cpu_to_be32(XFS_ATTR3_RMT_MAGIC)) return 0; - buf_space = xfs_attr3_rmt_buf_space(mp); + buf_space = xfs_attr3_rmt_buf_space(mp, 0); if (be32_to_cpu(hdr->rm_bytes) > buf_space) return buf_space; return be32_to_cpu(hdr->rm_bytes); diff --git a/db/metadump.c b/db/metadump.c index 7337c716fc11..23defaee929f 100644 --- a/db/metadump.c +++ b/db/metadump.c @@ -1748,7 +1748,7 @@ add_remote_vals( attr_data.remote_vals[attr_data.remote_val_count] = blockidx; attr_data.remote_val_count++; blockidx++; - length -= xfs_attr3_rmt_buf_space(mp); + length -= xfs_attr3_rmt_buf_space(mp, 0); } if (attr_data.remote_val_count >= MAX_REMOTE_VALS) { @@ -1785,8 +1785,8 @@ process_attr_block( attr_data.remote_vals[i] == offset) /* Macros to handle both attr and attr3 */ memset(block + - (bs - xfs_attr3_rmt_buf_space(mp)), - 'v', xfs_attr3_rmt_buf_space(mp)); + (bs - xfs_attr3_rmt_buf_space(mp, 0)), + 'v', xfs_attr3_rmt_buf_space(mp, 0)); } return; } @@ -1798,7 +1798,7 @@ process_attr_block( if (nentries == 0 || nentries * sizeof(xfs_attr_leaf_entry_t) + xfs_attr3_leaf_hdr_size(leaf) > - xfs_attr3_rmt_buf_space(mp)) { + xfs_attr3_rmt_buf_space(mp, 0)) { if (metadump.show_warnings) print_warning("invalid attr count in inode %llu", (long long)metadump.cur_ino); diff --git a/include/platform_defs.h b/include/platform_defs.h index c01d4c426746..9c28e2744a8d 100644 --- a/include/platform_defs.h +++ b/include/platform_defs.h @@ -121,6 +121,15 @@ static inline size_t __ab_c_size(size_t a, size_t b, size_t c) #define struct_size_t(type, member, count) \ struct_size((type *)NULL, member, count) +/** + * offsetofend() - Report the offset of a struct field within the struct + * + * @TYPE: The type of the structure + * @MEMBER: The member within the structure to get the end offset of + */ +#define offsetofend(TYPE, MEMBER) \ + (offsetof(TYPE, MEMBER) + sizeof_field(TYPE, MEMBER)) + /* * Add the pseudo keyword 'fallthrough' so case statement blocks * must end with any of these keywords: diff --git a/libxfs/libxfs_api_defs.h b/libxfs/libxfs_api_defs.h index 19b7ecf5798d..1b6efac9290d 100644 --- a/libxfs/libxfs_api_defs.h +++ b/libxfs/libxfs_api_defs.h @@ -43,6 +43,7 @@ #define xfs_attr3_leaf_hdr_from_disk libxfs_attr3_leaf_hdr_from_disk #define xfs_attr3_leaf_read libxfs_attr3_leaf_read +#define xfs_attr3_remote_buf_ops libxfs_attr3_remote_buf_ops #define xfs_attr_check_namespace libxfs_attr_check_namespace #define xfs_attr_get libxfs_attr_get #define xfs_attr_hashname libxfs_attr_hashname diff --git a/libxfs/xfs_attr.c b/libxfs/xfs_attr.c index 0a9fb396885e..c2c411268904 100644 --- a/libxfs/xfs_attr.c +++ b/libxfs/xfs_attr.c @@ -341,7 +341,8 @@ xfs_attr_calc_size( * Out of line attribute, cannot double split, but * make room for the attribute value itself. */ - uint dblocks = xfs_attr3_rmt_blocks(mp, args->valuelen); + uint dblocks = xfs_attr3_rmt_blocks(mp, args->attr_filter, + args->valuelen); nblks += dblocks; nblks += XFS_NEXTENTADD_SPACE_RES(mp, dblocks, XFS_ATTR_FORK); } @@ -1055,7 +1056,8 @@ xfs_attr_set( } if (!local) - rmt_blks = xfs_attr3_rmt_blocks(mp, args->valuelen); + rmt_blks = xfs_attr3_rmt_blocks(mp, args->valuelen, + args->valuelen); break; case XFS_ATTRUPDATE_REMOVE: XFS_STATS_INC(mp, xs_attr_remove); diff --git a/libxfs/xfs_attr_leaf.c b/libxfs/xfs_attr_leaf.c index 97b71b6500bd..56db9f992fc7 100644 --- a/libxfs/xfs_attr_leaf.c +++ b/libxfs/xfs_attr_leaf.c @@ -1563,7 +1563,8 @@ xfs_attr3_leaf_add_work( name_rmt->valuelen = 0; name_rmt->valueblk = 0; args->rmtblkno = 1; - args->rmtblkcnt = xfs_attr3_rmt_blocks(mp, args->valuelen); + args->rmtblkcnt = xfs_attr3_rmt_blocks(mp, args->attr_filter, + args->valuelen); args->rmtvaluelen = args->valuelen; } xfs_trans_log_buf(args->trans, bp, @@ -2498,6 +2499,7 @@ xfs_attr3_leaf_lookup_int( args->rmtblkno = be32_to_cpu(name_rmt->valueblk); args->rmtblkcnt = xfs_attr3_rmt_blocks( args->dp->i_mount, + args->attr_filter, args->rmtvaluelen); return -EEXIST; } @@ -2546,6 +2548,7 @@ xfs_attr3_leaf_getvalue( args->rmtvaluelen = be32_to_cpu(name_rmt->valuelen); args->rmtblkno = be32_to_cpu(name_rmt->valueblk); args->rmtblkcnt = xfs_attr3_rmt_blocks(args->dp->i_mount, + args->attr_filter, args->rmtvaluelen); return xfs_attr_copy_value(args, NULL, args->rmtvaluelen); } diff --git a/libxfs/xfs_attr_remote.c b/libxfs/xfs_attr_remote.c index f9c0da51a8fa..d9c3346f1f5c 100644 --- a/libxfs/xfs_attr_remote.c +++ b/libxfs/xfs_attr_remote.c @@ -42,14 +42,23 @@ * the logging system and therefore never have a log item. */ +static inline bool +xfs_attr3_rmt_has_header( + struct xfs_mount *mp, + unsigned int attrns) +{ + return xfs_has_crc(mp) && !(attrns & XFS_ATTR_VERITY); +} + /* How many bytes can be stored in a remote value buffer? */ inline unsigned int xfs_attr3_rmt_buf_space( - struct xfs_mount *mp) + struct xfs_mount *mp, + unsigned int attrns) { unsigned int blocksize = mp->m_attr_geo->blksize; - if (xfs_has_crc(mp)) + if (xfs_attr3_rmt_has_header(mp, attrns)) return blocksize - sizeof(struct xfs_attr3_rmt_hdr); return blocksize; @@ -59,14 +68,15 @@ xfs_attr3_rmt_buf_space( unsigned int xfs_attr3_rmt_blocks( struct xfs_mount *mp, + unsigned int attrns, unsigned int attrlen) { /* * Each contiguous block has a header, so it is not just a simple * attribute length to FSB conversion. */ - if (xfs_has_crc(mp)) - return howmany(attrlen, xfs_attr3_rmt_buf_space(mp)); + if (xfs_attr3_rmt_has_header(mp, attrns)) + return howmany(attrlen, xfs_attr3_rmt_buf_space(mp, attrns)); return XFS_B_TO_FSB(mp, attrlen); } @@ -247,6 +257,42 @@ const struct xfs_buf_ops xfs_attr3_rmt_buf_ops = { .verify_struct = xfs_attr3_rmt_verify_struct, }; +static void +xfs_attr3_rmtverity_read_verify( + struct xfs_buf *bp) +{ +} + +static xfs_failaddr_t +xfs_attr3_rmtverity_verify_struct( + struct xfs_buf *bp) +{ + return NULL; +} + +static void +xfs_attr3_rmtverity_write_verify( + struct xfs_buf *bp) +{ +} + +const struct xfs_buf_ops xfs_attr3_rmtverity_buf_ops = { + .name = "xfs_attr3_remote_verity", + .magic = { 0, 0 }, + .verify_read = xfs_attr3_rmtverity_read_verify, + .verify_write = xfs_attr3_rmtverity_write_verify, + .verify_struct = xfs_attr3_rmtverity_verify_struct, +}; + +inline const struct xfs_buf_ops * +xfs_attr3_remote_buf_ops( + unsigned int attrns) +{ + if (attrns & XFS_ATTR_VERITY) + return &xfs_attr3_rmtverity_buf_ops; + return &xfs_attr3_rmt_buf_ops; +} + STATIC int xfs_attr3_rmt_hdr_set( struct xfs_mount *mp, @@ -283,6 +329,40 @@ xfs_attr3_rmt_hdr_set( return sizeof(struct xfs_attr3_rmt_hdr); } +static void +xfs_attr_rmtverity_transform( + struct xfs_buf *bp, + xfs_ino_t ino, + void *buf, + unsigned int byte_cnt) +{ + struct xfs_mount *mp = bp->b_mount; + struct xfs_attr3_rmtverity_hdr *hdr = buf; + char *dst; + const char *src; + unsigned int i; + + if (byte_cnt >= offsetofend(struct xfs_attr3_rmtverity_hdr, rmv_owner)) + hdr->rmv_owner ^= cpu_to_be64(ino); + + if (byte_cnt >= offsetofend(struct xfs_attr3_rmtverity_hdr, rmv_blkno)) + hdr->rmv_blkno ^= cpu_to_be64(xfs_buf_daddr(bp)); + + if (byte_cnt >= offsetofend(struct xfs_attr3_rmtverity_hdr, rmv_magic)) + hdr->rmv_magic ^= cpu_to_be32(XFS_ATTR3_RMTVERITY_MAGIC); + + if (byte_cnt <= offsetof(struct xfs_attr3_rmtverity_hdr, rmv_uuid)) + return; + + byte_cnt -= offsetof(struct xfs_attr3_rmtverity_hdr, rmv_uuid); + byte_cnt = min(byte_cnt, sizeof(uuid_t)); + + dst = (void *)&hdr->rmv_uuid; + src = (void *)&mp->m_sb.sb_meta_uuid; + for (i = 0; i < byte_cnt; i++) + dst[i] ^= src[i]; +} + /* * Helper functions to copy attribute data in and out of the one disk extents */ @@ -292,6 +372,7 @@ xfs_attr_rmtval_copyout( struct xfs_buf *bp, struct xfs_inode *dp, xfs_ino_t owner, + unsigned int attrns, unsigned int *offset, unsigned int *valuelen, uint8_t **dst) @@ -305,11 +386,11 @@ xfs_attr_rmtval_copyout( while (len > 0 && *valuelen > 0) { unsigned int hdr_size = 0; - unsigned int byte_cnt = xfs_attr3_rmt_buf_space(mp); + unsigned int byte_cnt = xfs_attr3_rmt_buf_space(mp, attrns); byte_cnt = min(*valuelen, byte_cnt); - if (xfs_has_crc(mp)) { + if (xfs_attr3_rmt_has_header(mp, attrns)) { if (xfs_attr3_rmt_hdr_ok(src, owner, *offset, byte_cnt, bno)) { xfs_alert(mp, @@ -323,6 +404,10 @@ xfs_attr_rmtval_copyout( memcpy(*dst, src + hdr_size, byte_cnt); + if (attrns & XFS_ATTR_VERITY) + xfs_attr_rmtverity_transform(bp, dp->i_ino, *dst, + byte_cnt); + /* roll buffer forwards */ len -= blksize; src += blksize; @@ -341,6 +426,7 @@ xfs_attr_rmtval_copyin( struct xfs_mount *mp, struct xfs_buf *bp, xfs_ino_t ino, + unsigned int attrns, unsigned int *offset, unsigned int *valuelen, uint8_t **src) @@ -353,15 +439,20 @@ xfs_attr_rmtval_copyin( ASSERT(len >= blksize); while (len > 0 && *valuelen > 0) { - unsigned int hdr_size; - unsigned int byte_cnt = xfs_attr3_rmt_buf_space(mp); + unsigned int hdr_size = 0; + unsigned int byte_cnt = xfs_attr3_rmt_buf_space(mp, attrns); byte_cnt = min(*valuelen, byte_cnt); - hdr_size = xfs_attr3_rmt_hdr_set(mp, dst, ino, *offset, - byte_cnt, bno); + if (xfs_attr3_rmt_has_header(mp, attrns)) + hdr_size = xfs_attr3_rmt_hdr_set(mp, dst, ino, *offset, + byte_cnt, bno); memcpy(dst + hdr_size, *src, byte_cnt); + if (attrns & XFS_ATTR_VERITY) + xfs_attr_rmtverity_transform(bp, ino, dst + hdr_size, + byte_cnt); + /* * If this is the last block, zero the remainder of it. * Check that we are actually the last block, too. @@ -406,6 +497,7 @@ xfs_attr_rmtval_get( unsigned int blkcnt = args->rmtblkcnt; int i; unsigned int offset = 0; + const struct xfs_buf_ops *ops = xfs_attr3_remote_buf_ops(args->attr_filter); trace_xfs_attr_rmtval_get(args); @@ -431,14 +523,15 @@ xfs_attr_rmtval_get( dblkno = XFS_FSB_TO_DADDR(mp, map[i].br_startblock); dblkcnt = XFS_FSB_TO_BB(mp, map[i].br_blockcount); error = xfs_buf_read(mp->m_ddev_targp, dblkno, dblkcnt, - 0, &bp, &xfs_attr3_rmt_buf_ops); + 0, &bp, ops); if (xfs_metadata_is_sick(error)) xfs_dirattr_mark_sick(args->dp, XFS_ATTR_FORK); if (error) return error; error = xfs_attr_rmtval_copyout(mp, bp, args->dp, - args->owner, &offset, &valuelen, &dst); + args->owner, args->attr_filter, + &offset, &valuelen, &dst); xfs_buf_relse(bp); if (error) return error; @@ -471,7 +564,7 @@ xfs_attr_rmt_find_hole( * straight byte to FSB conversion and have to take the header space * into account. */ - blkcnt = xfs_attr3_rmt_blocks(mp, args->rmtvaluelen); + blkcnt = xfs_attr3_rmt_blocks(mp, args->attr_filter, args->rmtvaluelen); error = xfs_bmap_first_unused(args->trans, args->dp, blkcnt, &lfileoff, XFS_ATTR_FORK); if (error) @@ -530,10 +623,10 @@ xfs_attr_rmtval_set_value( error = xfs_buf_get(mp->m_ddev_targp, dblkno, dblkcnt, &bp); if (error) return error; - bp->b_ops = &xfs_attr3_rmt_buf_ops; + bp->b_ops = xfs_attr3_remote_buf_ops(args->attr_filter); - xfs_attr_rmtval_copyin(mp, bp, args->owner, &offset, &valuelen, - &src); + xfs_attr_rmtval_copyin(mp, bp, args->owner, args->attr_filter, + &offset, &valuelen, &src); error = xfs_bwrite(bp); /* GROT: NOTE: synchronous write */ xfs_buf_relse(bp); diff --git a/libxfs/xfs_attr_remote.h b/libxfs/xfs_attr_remote.h index e3c6c7d774bf..344fea1b9b50 100644 --- a/libxfs/xfs_attr_remote.h +++ b/libxfs/xfs_attr_remote.h @@ -6,12 +6,13 @@ #ifndef __XFS_ATTR_REMOTE_H__ #define __XFS_ATTR_REMOTE_H__ -unsigned int xfs_attr3_rmt_blocks(struct xfs_mount *mp, unsigned int attrlen); +unsigned int xfs_attr3_rmt_blocks(struct xfs_mount *mp, unsigned int attrns, + unsigned int attrlen); /* Number of rmt blocks needed to store the maximally sized attr value */ static inline unsigned int xfs_attr3_max_rmt_blocks(struct xfs_mount *mp) { - return xfs_attr3_rmt_blocks(mp, XFS_XATTR_SIZE_MAX); + return xfs_attr3_rmt_blocks(mp, 0, XFS_XATTR_SIZE_MAX); } int xfs_attr_rmtval_get(struct xfs_da_args *args); @@ -23,4 +24,7 @@ int xfs_attr_rmt_find_hole(struct xfs_da_args *args); int xfs_attr_rmtval_set_value(struct xfs_da_args *args); int xfs_attr_rmtval_set_blk(struct xfs_attr_intent *attr); int xfs_attr_rmtval_find_space(struct xfs_attr_intent *attr); + +const struct xfs_buf_ops *xfs_attr3_remote_buf_ops(unsigned int attrns); + #endif /* __XFS_ATTR_REMOTE_H__ */ diff --git a/libxfs/xfs_da_format.h b/libxfs/xfs_da_format.h index 27b9ad9f8b2e..c84b94da3f32 100644 --- a/libxfs/xfs_da_format.h +++ b/libxfs/xfs_da_format.h @@ -885,7 +885,27 @@ struct xfs_attr3_rmt_hdr { #define XFS_ATTR3_RMT_CRC_OFF offsetof(struct xfs_attr3_rmt_hdr, rm_crc) -unsigned int xfs_attr3_rmt_buf_space(struct xfs_mount *mp); +unsigned int xfs_attr3_rmt_buf_space(struct xfs_mount *mp, unsigned int attrns); + +/* + * XFS_ATTR_VERITY remote attribute block format definition + * + * fsverity stores blocks of a merkle tree in the extended attributes. The + * size of these blocks are a power of two, so we'd like to reduce overhead by + * not storing a remote header at the start of each ondisk block. Because + * merkle tree blocks are themselves hashes of other merkle tree or data + * blocks, we can detect bitflips without needing our own checksum. Settle for + * XORing the owner, blkno, magic, and metauuid into the start of each ondisk + * merkle tree block. + */ +#define XFS_ATTR3_RMTVERITY_MAGIC 0x5955434B /* YUCK */ + +struct xfs_attr3_rmtverity_hdr { + __be64 rmv_owner; + __be64 rmv_blkno; + __be32 rmv_magic; + uuid_t rmv_uuid; +} __packed; /* Number of bytes in a directory block. */ static inline unsigned int xfs_dir2_dirblock_bytes(struct xfs_sb *sbp) diff --git a/libxfs/xfs_ondisk.h b/libxfs/xfs_ondisk.h index 653ea6d64348..7a312aed2337 100644 --- a/libxfs/xfs_ondisk.h +++ b/libxfs/xfs_ondisk.h @@ -59,6 +59,7 @@ xfs_check_ondisk_structs(void) XFS_CHECK_STRUCT_SIZE(struct xfs_attr3_leaf_hdr, 80); XFS_CHECK_STRUCT_SIZE(struct xfs_attr3_leafblock, 80); XFS_CHECK_STRUCT_SIZE(struct xfs_attr3_rmt_hdr, 56); + XFS_CHECK_STRUCT_SIZE(struct xfs_attr3_rmtverity_hdr, 36); XFS_CHECK_STRUCT_SIZE(struct xfs_da3_blkinfo, 56); XFS_CHECK_STRUCT_SIZE(struct xfs_da3_intnode, 64); XFS_CHECK_STRUCT_SIZE(struct xfs_da3_node_hdr, 64); @@ -207,6 +208,7 @@ xfs_check_ondisk_structs(void) XFS_CHECK_VALUE(XFS_DQ_BIGTIME_EXPIRY_MIN << XFS_DQ_BIGTIME_SHIFT, 4); XFS_CHECK_VALUE(XFS_DQ_BIGTIME_EXPIRY_MAX << XFS_DQ_BIGTIME_SHIFT, 16299260424LL); + } #endif /* __XFS_ONDISK_H */ diff --git a/libxfs/xfs_shared.h b/libxfs/xfs_shared.h index 40a482660307..eb3a674fe161 100644 --- a/libxfs/xfs_shared.h +++ b/libxfs/xfs_shared.h @@ -26,6 +26,7 @@ extern const struct xfs_buf_ops xfs_agfl_buf_ops; extern const struct xfs_buf_ops xfs_agi_buf_ops; extern const struct xfs_buf_ops xfs_attr3_leaf_buf_ops; extern const struct xfs_buf_ops xfs_attr3_rmt_buf_ops; +extern const struct xfs_buf_ops xfs_attr3_rmtverity_buf_ops; extern const struct xfs_buf_ops xfs_bmbt_buf_ops; extern const struct xfs_buf_ops xfs_bnobt_buf_ops; extern const struct xfs_buf_ops xfs_cntbt_buf_ops; From patchwork Tue Apr 30 03:33:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648138 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E680711185; Tue, 30 Apr 2024 03:33:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714447995; cv=none; b=j5+p0DchQoF36tK18QiKUwTrsUb9PDq+3C6ILiYEutWs9AToS6QV9A14a4HojWckP8ErXLD2b7agM3xn0mLPrq07982EjSLHWHIVwEU5OFmMnuH+oifoVLrUMk1+0a2EvUYZ/Ue+aVCF83usz58PmSIP7tMjB4sWBxinMpDfZBk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714447995; c=relaxed/simple; bh=mk+zLUVmXEi8haoSJ7rnhSB6+ldL0fqflhlXH2lN9aw=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=r6Vs6q+lpeove8CAkikjw6oc5XO7z/z+nig9KIrxrvA8DE55QkDIIqGXwws7woZRnKdAatg23aacSw/Uc1Xl41kcTZyxhUpGNTMn+aURbTh4eDpW9gY8HqIYyQq7vhdsqO1mUG5CCQsc2XdloEQMHGjSrduRQW5kJpRjgKYfkRA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=RjDRS6iI; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="RjDRS6iI" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 77A80C116B1; Tue, 30 Apr 2024 03:33:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714447994; bh=mk+zLUVmXEi8haoSJ7rnhSB6+ldL0fqflhlXH2lN9aw=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=RjDRS6iIZZldYtIFiJPkagxvkx+0FfKzl8K/q/kddnvqFk6jLQFGmEpHsA5gfBmae WEieK47OiAgOFQoLpD2yLCH3IQM0XhIVPcNlj4+Im4AvzToaYahNga8/z/G9p2V5mJ MIwsegIfuOyP3xpr3zaX1ZhIceSrnmaLWiItdi+uNkkFzdpHz4VAUBh9qDMuIC5S9w iFVuY6x1YcJD2AnHccH/JzPgeWBlPk1Y1p4cqgbbVqoHIdfT0lIrJyMp2HSHA8v6Zj SxvpsEd+VDCmqYMooVooStMrNr7bq7XYjeVSFWZUbdThO5ruVr0SfQqZyvutUG7pQT /94n16t8mTioQ== Date: Mon, 29 Apr 2024 20:33:13 -0700 Subject: [PATCH 09/38] xfs: add fs-verity ro-compat flag From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683250.960383.8312595761762505501.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Andrey Albershteyn To mark inodes with fs-verity enabled the new XFS_DIFLAG2_VERITY flag will be added in further patch. This requires ro-compat flag to let older kernels know that fs with fs-verity can not be modified. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong --- include/xfs_mount.h | 2 ++ libxfs/xfs_format.h | 1 + libxfs/xfs_sb.c | 2 ++ 3 files changed, 5 insertions(+) diff --git a/include/xfs_mount.h b/include/xfs_mount.h index c78266e602b2..d63fee5718f1 100644 --- a/include/xfs_mount.h +++ b/include/xfs_mount.h @@ -187,6 +187,7 @@ typedef struct xfs_mount { #define XFS_FEAT_EXCHANGE_RANGE (1ULL << 27) /* exchange range */ #define XFS_FEAT_METADIR (1ULL << 28) /* metadata directory tree */ #define XFS_FEAT_RTGROUPS (1ULL << 29) /* realtime groups */ +#define XFS_FEAT_VERITY (1ULL << 30) /* fs-verity */ #define __XFS_HAS_FEAT(name, NAME) \ static inline bool xfs_has_ ## name (struct xfs_mount *mp) \ @@ -234,6 +235,7 @@ __XFS_HAS_FEAT(large_extent_counts, NREXT64) __XFS_HAS_FEAT(exchange_range, EXCHANGE_RANGE) __XFS_HAS_FEAT(metadir, METADIR) __XFS_HAS_FEAT(rtgroups, RTGROUPS) +__XFS_HAS_FEAT(verity, VERITY) static inline bool xfs_has_rtrmapbt(struct xfs_mount *mp) { diff --git a/libxfs/xfs_format.h b/libxfs/xfs_format.h index e9585ba12ded..563f359f2f07 100644 --- a/libxfs/xfs_format.h +++ b/libxfs/xfs_format.h @@ -387,6 +387,7 @@ xfs_sb_has_compat_feature( #define XFS_SB_FEAT_RO_COMPAT_RMAPBT (1 << 1) /* reverse map btree */ #define XFS_SB_FEAT_RO_COMPAT_REFLINK (1 << 2) /* reflinked files */ #define XFS_SB_FEAT_RO_COMPAT_INOBTCNT (1 << 3) /* inobt block counts */ +#define XFS_SB_FEAT_RO_COMPAT_VERITY (1 << 4) /* fs-verity */ #define XFS_SB_FEAT_RO_COMPAT_ALL \ (XFS_SB_FEAT_RO_COMPAT_FINOBT | \ XFS_SB_FEAT_RO_COMPAT_RMAPBT | \ diff --git a/libxfs/xfs_sb.c b/libxfs/xfs_sb.c index 2e5161c63b6b..f8902c4778da 100644 --- a/libxfs/xfs_sb.c +++ b/libxfs/xfs_sb.c @@ -164,6 +164,8 @@ xfs_sb_version_to_features( features |= XFS_FEAT_REFLINK; if (sbp->sb_features_ro_compat & XFS_SB_FEAT_RO_COMPAT_INOBTCNT) features |= XFS_FEAT_INOBTCNT; + if (sbp->sb_features_ro_compat & XFS_SB_FEAT_RO_COMPAT_VERITY) + features |= XFS_FEAT_VERITY; if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_FTYPE) features |= XFS_FEAT_FTYPE; if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_SPINODES) From patchwork Tue Apr 30 03:33:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648139 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 59E9210A1E; Tue, 30 Apr 2024 03:33:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448010; cv=none; b=oicBYgIZt6yoUN1bLRKuel93/d/NhCKXWzS+KIEQyOR1eRHkBj53NA8AzHH/v8X/U37mp74LPHT4ex73ME04Ojc4IHD3JnqfY4yXqheV0Rct/w18lqWiFB7jG9WhT3cVJwhCJlaI4BBp5gWljNPVaxiEvX3uRT7ggMvlrk65cS0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448010; c=relaxed/simple; bh=712srmX5SRwExP1nY9jvD8/eSTUeti2MOTjvH9dMDu4=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Wu/zsmgDJAOd5/3qyqoeZW2t3qOGYfwpKLM4kIzmCwcAC/WlHW699iM+kaYIb8AhvwgOcZkTTW4n7w8tUfSRf2wGiKoj6ZD7sOu6eFUT46pIekYlCTMVxHlAe/zknZxNbeHkGUMs4CwcXAaHF+czazIie0vInKwOk1cfcXh1zvw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=TPQK+RDh; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="TPQK+RDh" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2D9C1C116B1; Tue, 30 Apr 2024 03:33:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448010; bh=712srmX5SRwExP1nY9jvD8/eSTUeti2MOTjvH9dMDu4=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=TPQK+RDhs4YjU81B9BYytEtvkmTt0s0KoTDHQMTVTWXHyK6PhXIZ3h8rY0I75XKtU CTEqYg0OLv1oAAKvOHBTOl0hJlFhOC6Y1xAbu5EyddvQAUiBzonWSE7tDJDaCnbd5E k/WInjEaMDoHumIuUrPeHq000n202gxMqQYkz0zfrcZOvXdKvsmoNH9dJbk3drX8id kXt+P3UMybnd/vC52dU6lCCgVrv50FzfzeMEvlyw1IdcazZqWIpgzL6fsc/vcdjpnj 88MND4NmGKuG5lv9XvtatkJZJkRbFTJ0EWI0XsWQhiy6k7hdSx9F5AFZJ3q7xKqXa/ qg9yB3kPR1ynA== Date: Mon, 29 Apr 2024 20:33:29 -0700 Subject: [PATCH 10/38] xfs: add inode on-disk VERITY flag From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683266.960383.2640876395161867782.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Andrey Albershteyn Add flag to mark inodes which have fs-verity enabled on them (i.e. descriptor exist and tree is built). Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong --- libxfs/xfs_format.h | 5 ++++- libxfs/xfs_inode_buf.c | 8 ++++++++ libxfs/xfs_inode_util.c | 2 ++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/libxfs/xfs_format.h b/libxfs/xfs_format.h index 563f359f2f07..810f2556762b 100644 --- a/libxfs/xfs_format.h +++ b/libxfs/xfs_format.h @@ -1190,6 +1190,7 @@ static inline void xfs_dinode_put_rdev(struct xfs_dinode *dip, xfs_dev_t rdev) #define XFS_DIFLAG2_COWEXTSIZE_BIT 2 /* copy on write extent size hint */ #define XFS_DIFLAG2_BIGTIME_BIT 3 /* big timestamps */ #define XFS_DIFLAG2_NREXT64_BIT 4 /* large extent counters */ +#define XFS_DIFLAG2_VERITY_BIT 5 /* inode sealed by fsverity */ #define XFS_DIFLAG2_METADIR_BIT 63 /* filesystem metadata */ #define XFS_DIFLAG2_DAX (1ULL << XFS_DIFLAG2_DAX_BIT) @@ -1197,6 +1198,7 @@ static inline void xfs_dinode_put_rdev(struct xfs_dinode *dip, xfs_dev_t rdev) #define XFS_DIFLAG2_COWEXTSIZE (1ULL << XFS_DIFLAG2_COWEXTSIZE_BIT) #define XFS_DIFLAG2_BIGTIME (1ULL << XFS_DIFLAG2_BIGTIME_BIT) #define XFS_DIFLAG2_NREXT64 (1ULL << XFS_DIFLAG2_NREXT64_BIT) +#define XFS_DIFLAG2_VERITY (1ULL << XFS_DIFLAG2_VERITY_BIT) /* * The inode contains filesystem metadata and can be found through the metadata @@ -1225,7 +1227,8 @@ static inline void xfs_dinode_put_rdev(struct xfs_dinode *dip, xfs_dev_t rdev) #define XFS_DIFLAG2_ANY \ (XFS_DIFLAG2_DAX | XFS_DIFLAG2_REFLINK | XFS_DIFLAG2_COWEXTSIZE | \ - XFS_DIFLAG2_BIGTIME | XFS_DIFLAG2_NREXT64 | XFS_DIFLAG2_METADIR) + XFS_DIFLAG2_BIGTIME | XFS_DIFLAG2_NREXT64 | XFS_DIFLAG2_METADIR | \ + XFS_DIFLAG2_VERITY) static inline bool xfs_dinode_has_bigtime(const struct xfs_dinode *dip) { diff --git a/libxfs/xfs_inode_buf.c b/libxfs/xfs_inode_buf.c index 085c128c5422..12872acc70c0 100644 --- a/libxfs/xfs_inode_buf.c +++ b/libxfs/xfs_inode_buf.c @@ -692,6 +692,14 @@ xfs_dinode_verify( !xfs_has_rtreflink(mp)) return __this_address; + /* only regular files can have fsverity */ + if (flags2 & XFS_DIFLAG2_VERITY) { + if (!xfs_has_verity(mp)) + return __this_address; + if ((mode & S_IFMT) != S_IFREG) + return __this_address; + } + /* COW extent size hint validation */ fa = xfs_inode_validate_cowextsize(mp, be32_to_cpu(dip->di_cowextsize), mode, flags, flags2); diff --git a/libxfs/xfs_inode_util.c b/libxfs/xfs_inode_util.c index 432186283866..aba80a9769c3 100644 --- a/libxfs/xfs_inode_util.c +++ b/libxfs/xfs_inode_util.c @@ -124,6 +124,8 @@ xfs_ip2xflags( flags |= FS_XFLAG_DAX; if (ip->i_diflags2 & XFS_DIFLAG2_COWEXTSIZE) flags |= FS_XFLAG_COWEXTSIZE; + if (ip->i_diflags2 & XFS_DIFLAG2_VERITY) + flags |= FS_XFLAG_VERITY; } if (xfs_inode_has_attr_fork(ip)) From patchwork Tue Apr 30 03:33:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648140 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 472BE101DE; Tue, 30 Apr 2024 03:33:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448026; cv=none; b=uJh4QXKVmzg3SQYNJUOwN7JDw+ubp6oW9rJgPEPy4RwDd4Ex9Hm+AXLZyZD0mUCa3WWVhSGUmExFCW7UxoPKVWNSDZekzdm7TOG0/II798JcycXHI4wmqf+P79mevRTryd4sayKGCbqCpZp1Fznq8khUlxIFCSjovk3aWotzxLk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448026; c=relaxed/simple; bh=k/fasQwWEVvmT69L5YC5B1M2Ix2sTLcKSvaSWlRVAw0=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=dOkG2n4TPoo8LpBMB1yDL+jJWcFaEAsL2UMK4Y5xR1kZcQ9E73+8G1WEoM5HVHjRByuRQTuO7t8l4mkb7zygDizWV6xr8dAkk819AOenwmNZ3uZ6kCHho0ArVHMF9XXSVAO1z/cpVLGUkf1dLWZvcsepXx0n/JUx1JJ60El9U5Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=E0vCLEkN; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="E0vCLEkN" Received: by smtp.kernel.org (Postfix) with ESMTPSA id BFB6FC116B1; Tue, 30 Apr 2024 03:33:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448025; bh=k/fasQwWEVvmT69L5YC5B1M2Ix2sTLcKSvaSWlRVAw0=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=E0vCLEkNYGLb75mkCroQVjIO9WSs4KGENHdk3QXxrRPQOaiCdoxAglikx0UBpVwEO XAzmkpv2JwVdLS+LkWja/dD224dWKAYtjAF54uIsV7+3XOC9O4pOsP2nzG8Y4ziAtV NmboNW/n8ypzEpr1sZ8elv7q1YfmcveeBeayvp+GbBbWZFwhEuUgqop7Ls8ZA0mwJO uAMOdlpNJgaHRmvCAtzvOg24hQMs1ydUIcncRFE6EOY2mXjnfQ8nCw4MZ5ZkWF6hT7 fxlqsmZpkpKrIufbakYZ0JVSYIduwoZigQlEp0lcMLurnDQ+3vKY/KuogClqEnQJaE t6+C9Oo924h2g== Date: Mon, 29 Apr 2024 20:33:45 -0700 Subject: [PATCH 11/38] xfs: add fs-verity support From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683281.960383.4385904319578267037.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Andrey Albershteyn Add integration with fs-verity. The XFS store fs-verity metadata in the extended file attributes. The metadata consist of verity descriptor and Merkle tree blocks. The descriptor is stored under "vdesc" extended attribute. The Merkle tree blocks are stored under binary indexes which are offsets into the Merkle tree. When fs-verity is enabled on an inode, the XFS_IVERITY_CONSTRUCTION flag is set meaning that the Merkle tree is being build. The initialization ends with storing of verity descriptor and setting inode on-disk flag (XFS_DIFLAG2_VERITY). The verification on read is done in read path of iomap. Merkle tree blocks are indexed by a per-AG rhashtable to reduce the time it takes to load a block from disk in a manner that doesn't bloat struct xfs_inode. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong [djwong: replace caching implementation with an xarray, other cleanups] Signed-off-by: Darrick J. Wong --- libxfs/Makefile | 6 +++-- libxfs/xfs_ag.h | 8 +++++++ libxfs/xfs_attr.c | 4 +++ libxfs/xfs_da_format.h | 14 ++++++++++++ libxfs/xfs_ondisk.h | 3 ++ libxfs/xfs_verity.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++ libxfs/xfs_verity.h | 13 +++++++++++ 7 files changed, 104 insertions(+), 2 deletions(-) create mode 100644 libxfs/xfs_verity.c create mode 100644 libxfs/xfs_verity.h diff --git a/libxfs/Makefile b/libxfs/Makefile index ac3484efe914..c67e9449835e 100644 --- a/libxfs/Makefile +++ b/libxfs/Makefile @@ -69,7 +69,8 @@ HFILES = \ xfs_shared.h \ xfs_trans_resv.h \ xfs_trans_space.h \ - xfs_dir2_priv.h + xfs_dir2_priv.h \ + xfs_verity.h CFILES = buf_mem.c \ cache.c \ @@ -131,7 +132,8 @@ CFILES = buf_mem.c \ xfs_trans_inode.c \ xfs_trans_resv.c \ xfs_trans_space.c \ - xfs_types.c + xfs_types.c \ + xfs_verity.c # # Tracing flags: diff --git a/libxfs/xfs_ag.h b/libxfs/xfs_ag.h index 80bf8771ea2a..792ce162312e 100644 --- a/libxfs/xfs_ag.h +++ b/libxfs/xfs_ag.h @@ -123,6 +123,12 @@ struct xfs_perag { /* Hook to feed rmapbt updates to an active online repair. */ struct xfs_hooks pag_rmap_update_hooks; + +# ifdef CONFIG_FS_VERITY + /* per-inode merkle tree caches */ + spinlock_t pagi_merkle_lock; + struct rhashtable pagi_merkle_blobs; +# endif /* CONFIG_FS_VERITY */ #endif /* __KERNEL__ */ }; @@ -135,6 +141,7 @@ struct xfs_perag { #define XFS_AGSTATE_ALLOWS_INODES 3 #define XFS_AGSTATE_AGFL_NEEDS_RESET 4 #define XFS_AGSTATE_NOALLOC 5 +#define XFS_AGSTATE_MERKLE 6 #define __XFS_AG_OPSTATE(name, NAME) \ static inline bool xfs_perag_ ## name (struct xfs_perag *pag) \ @@ -148,6 +155,7 @@ __XFS_AG_OPSTATE(prefers_metadata, PREFERS_METADATA) __XFS_AG_OPSTATE(allows_inodes, ALLOWS_INODES) __XFS_AG_OPSTATE(agfl_needs_reset, AGFL_NEEDS_RESET) __XFS_AG_OPSTATE(prohibits_alloc, NOALLOC) +__XFS_AG_OPSTATE(caches_merkle, MERKLE) void xfs_free_unused_perag_range(struct xfs_mount *mp, xfs_agnumber_t agstart, xfs_agnumber_t agend); diff --git a/libxfs/xfs_attr.c b/libxfs/xfs_attr.c index c2c411268904..94c425b984d2 100644 --- a/libxfs/xfs_attr.c +++ b/libxfs/xfs_attr.c @@ -26,6 +26,7 @@ #include "xfs_trace.h" #include "defer_item.h" #include "xfs_parent.h" +#include "xfs_verity.h" struct kmem_cache *xfs_attr_intent_cache; @@ -1618,6 +1619,9 @@ xfs_attr_namecheck( if (!xfs_attr_check_namespace(attr_flags)) return false; + if (attr_flags & XFS_ATTR_VERITY) + return xfs_verity_namecheck(attr_flags, name, length); + /* * MAXNAMELEN includes the trailing null, but (name/length) leave it * out, so use >= for the length check. diff --git a/libxfs/xfs_da_format.h b/libxfs/xfs_da_format.h index c84b94da3f32..43e9d1f00a4a 100644 --- a/libxfs/xfs_da_format.h +++ b/libxfs/xfs_da_format.h @@ -929,4 +929,18 @@ struct xfs_parent_rec { __be32 p_gen; } __packed; +/* + * fs-verity attribute name format + * + * Merkle tree blocks are stored under extended attributes of the inode. The + * name of the attributes are byte positions into the merkle data. + */ +struct xfs_merkle_key { + __be64 mk_pos; +}; + +/* ondisk xattr name used for the fsverity descriptor */ +#define XFS_VERITY_DESCRIPTOR_NAME "vdesc" +#define XFS_VERITY_DESCRIPTOR_NAME_LEN (sizeof(XFS_VERITY_DESCRIPTOR_NAME) - 1) + #endif /* __XFS_DA_FORMAT_H__ */ diff --git a/libxfs/xfs_ondisk.h b/libxfs/xfs_ondisk.h index 7a312aed2337..03aaf508e4a4 100644 --- a/libxfs/xfs_ondisk.h +++ b/libxfs/xfs_ondisk.h @@ -209,6 +209,9 @@ xfs_check_ondisk_structs(void) XFS_CHECK_VALUE(XFS_DQ_BIGTIME_EXPIRY_MAX << XFS_DQ_BIGTIME_SHIFT, 16299260424LL); + /* fs-verity xattrs */ + XFS_CHECK_STRUCT_SIZE(struct xfs_merkle_key, 8); + XFS_CHECK_VALUE(sizeof(XFS_VERITY_DESCRIPTOR_NAME), 6); } #endif /* __XFS_ONDISK_H */ diff --git a/libxfs/xfs_verity.c b/libxfs/xfs_verity.c new file mode 100644 index 000000000000..8d1a759f995b --- /dev/null +++ b/libxfs/xfs_verity.c @@ -0,0 +1,58 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright (C) 2023 Red Hat, Inc. + */ +#include "libxfs_priv.h" +#include "xfs_shared.h" +#include "xfs_format.h" +#include "xfs_da_format.h" +#include "xfs_da_btree.h" +#include "xfs_trans_resv.h" +#include "xfs_mount.h" +#include "xfs_inode.h" +#include "xfs_log_format.h" +#include "xfs_attr.h" +#include "xfs_verity.h" + +/* Set a merkle tree pos in preparation for setting merkle tree attrs. */ +void +xfs_merkle_key_to_disk( + struct xfs_merkle_key *key, + uint64_t pos) +{ + key->mk_pos = cpu_to_be64(pos); +} + +/* Retrieve the merkle tree pos from the attr data. */ +uint64_t +xfs_merkle_key_from_disk( + const void *attr_name, + int namelen) +{ + const struct xfs_merkle_key *key = attr_name; + + ASSERT(namelen == sizeof(struct xfs_merkle_key)); + + return be64_to_cpu(key->mk_pos); +} + +/* Return true if verity attr name is valid. */ +bool +xfs_verity_namecheck( + unsigned int attr_flags, + const void *name, + int namelen) +{ + if (!(attr_flags & XFS_ATTR_VERITY)) + return false; + + /* + * Merkle tree pages are stored under u64 indexes; verity descriptor + * blocks are held in a named attribute. + */ + if (namelen != sizeof(struct xfs_merkle_key) && + namelen != XFS_VERITY_DESCRIPTOR_NAME_LEN) + return false; + + return true; +} diff --git a/libxfs/xfs_verity.h b/libxfs/xfs_verity.h new file mode 100644 index 000000000000..5813665c5a01 --- /dev/null +++ b/libxfs/xfs_verity.h @@ -0,0 +1,13 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright (C) 2022 Red Hat, Inc. + */ +#ifndef __XFS_VERITY_H__ +#define __XFS_VERITY_H__ + +void xfs_merkle_key_to_disk(struct xfs_merkle_key *key, uint64_t pos); +uint64_t xfs_merkle_key_from_disk(const void *attr_name, int namelen); +bool xfs_verity_namecheck(unsigned int attr_flags, const void *name, + int namelen); + +#endif /* __XFS_VERITY_H__ */ From patchwork Tue Apr 30 03:34:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648141 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 87C7D10965; Tue, 30 Apr 2024 03:34:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448041; cv=none; b=MTcf2u5NYwouL1xgghgQHaclv2oEqo8S3v3V1/Y/ITwEIP+RUFLeGLCODVjqDJEzQFGWuorauRoFkuLMRCiZ7Qumd59o+konIm3jBrfJAoTm6AFYd1T2vBch1H1+o66YzNblbykDkxr5ZwkPmLXrb5XiJPhNSbN2qI5HgMZONmQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448041; c=relaxed/simple; bh=IZ4YNl1csxEMoeZmYreAL+t+Fa73lhrVQJb3k6UoF4E=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=QkBZmyOL1dFtoauSb29zR65V1GeMqD/CtpyuH/6ba7ZWOqZmz8/xbbT9HHfkrynAQmitX/5MBL/Y7km+q7QKAJlMvm1YO6XPHD9x3K4O+Nf1x4+bJAcGDoI4tNr/FKz4lAew2CvGy46A5APKItyRqUcKrxuKKK0zX/2I5TDjmck= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=rF1buqtq; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="rF1buqtq" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 61535C116B1; Tue, 30 Apr 2024 03:34:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448041; bh=IZ4YNl1csxEMoeZmYreAL+t+Fa73lhrVQJb3k6UoF4E=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=rF1buqtqhK2+6Qgd+pyAPyeaC8I+swl1eOl4bnj3A28WDBMGkkmA6rDCOKyEs7ZqV 7tKNl+kEmsC/i3bFeWvdbyz7cVv3C6wNodEAR0p2XITnFPSWVv5l8GWaZDEPuyJdAf Lj6NrMR5GBBZ4suyiE0cVH1zcdYHHqwfqZa+vSho8/UaWYSC/Wq7v43WV3tNynE9SY uWF3+bdvC3krHXwKIqulQy3cyYolcqoRcTfW7MVm9xGePebCqej8jJgvcNGSO0+T44 2J7Loj+qnyh314KJnmYCCKinoBaw1m7dv9R4Npt74Tx4UQtzeHMPT/yLsTSZCuZ9RB l+sojFpzE5w+w== Date: Mon, 29 Apr 2024 20:34:00 -0700 Subject: [PATCH 12/38] xfs: use merkle tree offset as attr hash From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683296.960383.5604207199115455905.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong I was exploring the fsverity metadata with xfs_db after creating a 220MB verity file, and I noticed the following in the debugger output: entries[0-75] = [hashval,nameidx,incomplete,root,secure,local,parent,verity] 0:[0,4076,0,0,0,0,0,1] 1:[0,1472,0,0,0,1,0,1] 2:[0x800,4056,0,0,0,0,0,1] 3:[0x800,4036,0,0,0,0,0,1] ... 72:[0x12000,2716,0,0,0,0,0,1] 73:[0x12000,2696,0,0,0,0,0,1] 74:[0x12800,2676,0,0,0,0,0,1] 75:[0x12800,2656,0,0,0,0,0,1] ... nvlist[0].merkle_off = 0x18000 nvlist[1].merkle_off = 0 nvlist[2].merkle_off = 0x19000 nvlist[3].merkle_off = 0x1000 ... nvlist[71].merkle_off = 0x5b000 nvlist[72].merkle_off = 0x44000 nvlist[73].merkle_off = 0x5c000 nvlist[74].merkle_off = 0x45000 nvlist[75].merkle_off = 0x5d000 Within just this attr leaf block, there are 76 attr entries, but only 38 distinct hash values. There are 415 merkle tree blocks for this file, but we already have hash collisions. This isn't good performance from the standard da hash function because we're mostly shifting and rolling zeroes around. However, we don't even have to do that much work -- the merkle tree block keys are themslves u64 values. Truncate that value to 32 bits (the size of xfs_dahash_t) and use that for the hash. We won't have any collisions between merkle tree blocks until that tree grows to 2^32nd blocks. On a 4k block filesystem, we won't hit that unless the file contains more than 2^49 bytes, assuming sha256. As a side effect, the keys for merkle tree blocks get written out in roughly sequential order, though I didn't observe any change in performance. Signed-off-by: Darrick J. Wong Reviewed-by: Andrey Albershteyn --- libxfs/xfs_attr.c | 2 ++ libxfs/xfs_da_format.h | 6 ++++++ libxfs/xfs_verity.c | 16 ++++++++++++++++ libxfs/xfs_verity.h | 1 + 4 files changed, 25 insertions(+) diff --git a/libxfs/xfs_attr.c b/libxfs/xfs_attr.c index 94c425b984d2..2f491d072294 100644 --- a/libxfs/xfs_attr.c +++ b/libxfs/xfs_attr.c @@ -461,6 +461,8 @@ xfs_attr_hashval( if (attr_flags & XFS_ATTR_PARENT) return xfs_parent_hashattr(mp, name, namelen, value, valuelen); + if (attr_flags & XFS_ATTR_VERITY) + return xfs_verity_hashname(name, namelen); return xfs_attr_hashname(name, namelen); } diff --git a/libxfs/xfs_da_format.h b/libxfs/xfs_da_format.h index 43e9d1f00a4a..c95e8ca22daa 100644 --- a/libxfs/xfs_da_format.h +++ b/libxfs/xfs_da_format.h @@ -943,4 +943,10 @@ struct xfs_merkle_key { #define XFS_VERITY_DESCRIPTOR_NAME "vdesc" #define XFS_VERITY_DESCRIPTOR_NAME_LEN (sizeof(XFS_VERITY_DESCRIPTOR_NAME) - 1) +/* + * Merkle tree blocks cannot be smaller than 1k in size, so the hash function + * can right-shift the merkle offset by this amount without losing anything. + */ +#define XFS_VERITY_HASH_SHIFT (10) + #endif /* __XFS_DA_FORMAT_H__ */ diff --git a/libxfs/xfs_verity.c b/libxfs/xfs_verity.c index 8d1a759f995b..907a0e0fcf41 100644 --- a/libxfs/xfs_verity.c +++ b/libxfs/xfs_verity.c @@ -56,3 +56,19 @@ xfs_verity_namecheck( return true; } + +/* + * Compute name hash for a verity attribute. For merkle tree blocks, we want + * to use the merkle tree block offset as the hash value to avoid collisions + * between blocks unless the merkle tree becomes larger than 2^32 blocks. + */ +xfs_dahash_t +xfs_verity_hashname( + const uint8_t *name, + unsigned int namelen) +{ + if (namelen != sizeof(struct xfs_merkle_key)) + return xfs_attr_hashname(name, namelen); + + return xfs_merkle_key_from_disk(name, namelen) >> XFS_VERITY_HASH_SHIFT; +} diff --git a/libxfs/xfs_verity.h b/libxfs/xfs_verity.h index 5813665c5a01..3d7485c511d5 100644 --- a/libxfs/xfs_verity.h +++ b/libxfs/xfs_verity.h @@ -9,5 +9,6 @@ void xfs_merkle_key_to_disk(struct xfs_merkle_key *key, uint64_t pos); uint64_t xfs_merkle_key_from_disk(const void *attr_name, int namelen); bool xfs_verity_namecheck(unsigned int attr_flags, const void *name, int namelen); +xfs_dahash_t xfs_verity_hashname(const uint8_t *name, unsigned int namelen); #endif /* __XFS_VERITY_H__ */ From patchwork Tue Apr 30 03:34:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648142 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7A62411185; Tue, 30 Apr 2024 03:34:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448057; cv=none; b=k+DxbnyGGUgTp8mtjpNWJyAD+YFw/Mq0HuKR65PfObRNs4uFBTG4Oj1kwBF9uci98jnhiPbinjQMHlxVYBInre0PHbt5wY8mjXh7rWGtH5BWCENNWzljm7ZV26zcN97jNRFGK+J2no7IAYt5UejfhoJzUNnbiBbFj7jZYZzYGQg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448057; c=relaxed/simple; bh=CB4njwGCAc16wwPoRbM7Nf4jAH9eFhcoH+qT539GnFU=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=BaFL9RCXQoitj5NsGPTdITlbaF6ViGvABLlG+r0R1iL7KXnBeVDrvjkolEW+09ZkRprxFb6pYngVx4bpmprBF8ERbCMd/3slNIqXBNIjoB0ldHBQUx4/qwKp8M2bQ/iYuNI3bW5qLsM+Rs4c7HcJz1T0oGdXT95Kun24o8C6//U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=fpfYn0K+; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="fpfYn0K+" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1202AC116B1; Tue, 30 Apr 2024 03:34:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448057; bh=CB4njwGCAc16wwPoRbM7Nf4jAH9eFhcoH+qT539GnFU=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=fpfYn0K+4MxXLsDWqBqvawkIZtyAOeAyhQyiBLqMLDtxiFbCLhz7I1xilnDpI7xFc XkZekuyssA+CBkVqdOD7oMsFnOU1FW+8Nq59XP3gAQUezi5DtbCdVY58UGTfjreqSg q0p3DegxrNh2pIGCfBy9YL2il0ies3JTyEEpMvd/kNcQW67k3iC/0OBF4ep50MiM8Y WUpyV8WFTU4MFV800fgJvSkeGz4LHTx/2IRL3PopReoApLTXdrW2llF5TW5GKJUpqr vljD8bGPxNwCuHVB5iJH77qCPwxfxyylAxifn0/5nqNYMcxc29yvgnD2FMT6Jq6S6R 5LnephsFs/n7w== Date: Mon, 29 Apr 2024 20:34:16 -0700 Subject: [PATCH 13/38] xfs: advertise fs-verity being available on filesystem From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683311.960383.13826848854466408647.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Advertise that this filesystem supports fsverity. Signed-off-by: Darrick J. Wong Reviewed-by: Andrey Albershteyn --- libxfs/xfs_fs.h | 1 + libxfs/xfs_sb.c | 2 ++ 2 files changed, 3 insertions(+) diff --git a/libxfs/xfs_fs.h b/libxfs/xfs_fs.h index f9a6a678f1b4..edc019d89702 100644 --- a/libxfs/xfs_fs.h +++ b/libxfs/xfs_fs.h @@ -246,6 +246,7 @@ typedef struct xfs_fsop_resblks { #define XFS_FSOP_GEOM_FLAGS_EXCHANGE_RANGE (1 << 24) /* exchange range */ #define XFS_FSOP_GEOM_FLAGS_PARENT (1 << 25) /* linux parent pointers */ +#define XFS_FSOP_GEOM_FLAGS_VERITY (1U << 29) /* fs-verity */ #define XFS_FSOP_GEOM_FLAGS_METADIR (1U << 30) /* metadata directories */ /* diff --git a/libxfs/xfs_sb.c b/libxfs/xfs_sb.c index f8902c4778da..936071abb207 100644 --- a/libxfs/xfs_sb.c +++ b/libxfs/xfs_sb.c @@ -1434,6 +1434,8 @@ xfs_fs_geometry( geo->flags |= XFS_FSOP_GEOM_FLAGS_EXCHANGE_RANGE; if (xfs_has_metadir(mp)) geo->flags |= XFS_FSOP_GEOM_FLAGS_METADIR; + if (xfs_has_verity(mp)) + geo->flags |= XFS_FSOP_GEOM_FLAGS_VERITY; geo->rtsectsize = sbp->sb_blocksize; geo->dirblocksize = xfs_dir2_dirblock_bytes(sbp); From patchwork Tue Apr 30 03:34:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648143 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E2E52DDA6; Tue, 30 Apr 2024 03:34:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448073; cv=none; b=WVnAAdMteNwN20hZ143JqBjCqFqIx+FQEXHwcTEm1p6DmtGHh3s8SoG3p5/C6bKmrsTBO+W/v7umhg9cGrRGRiU0WCP5qU13k3tWpjuzScWfd6J2lMF6zk+TZgbgW7yJvgjcOsk5OuaQ0Ao37T1DN4oaAc3KFBSzfm7hiKdjN9o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448073; c=relaxed/simple; bh=vNfZHfkPMIkgTvVvpDUyL0ktX6qq4b8te/IixIy3oUk=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=iU8g/Ma+wEhr9Uyz1UzeJn5SEt2TZEbjxRH3BEbO+Uk/2hScN0200uxqad10QnrIQ+L71Onb4KZFsdmOGTlpcydsKUA6MCBt3Ais8wnSg6SYrPVzmSRmGZDy38vy2J0T1WlWr3/qdFRSSmkB2hKBb9ROPVOMNDXIqkCyr3Y3Pkk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=UUQO1v4f; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="UUQO1v4f" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B8EACC116B1; Tue, 30 Apr 2024 03:34:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448072; bh=vNfZHfkPMIkgTvVvpDUyL0ktX6qq4b8te/IixIy3oUk=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=UUQO1v4fC1rXw05lkwaJldS7SCmRY2D+MVOuAu2vIjxWWw0GYQuClVhtVKtNG3KCn l7oQFGhEnlPDG4drbQyFyVkWFU7zH0+VnkSrw8KbHq9IRa0Q/pDlG71ZQhpeaOkXw3 n68a1dO5XLWVWMzlKhjOOqwKa+ifk7H6TGvEWZHyRk+CQB0/lOJMgZgAyGBgYPV5QE 0k/4UJbZzXX1CTzNxyNvUU9lMEyHw5laN6cC5ikFxGGEo7lUWKV5vXSYOXon6mGHrI K/qNjbr6+DUjOl52Ejm466C9ynLUA8Uf8ohRoX65RJyzAyoYelMn0OhiTCxL5mgLeC 8LbfP98tFQo8g== Date: Mon, 29 Apr 2024 20:34:32 -0700 Subject: [PATCH 14/38] xfs: report verity failures through the health system From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683327.960383.5120437850763488436.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Record verity failures and report them through the health system. Signed-off-by: Darrick J. Wong Reviewed-by: Andrey Albershteyn --- libxfs/xfs_fs.h | 1 + libxfs/xfs_health.h | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/libxfs/xfs_fs.h b/libxfs/xfs_fs.h index edc019d89702..bc529d862af7 100644 --- a/libxfs/xfs_fs.h +++ b/libxfs/xfs_fs.h @@ -424,6 +424,7 @@ struct xfs_bulkstat { #define XFS_BS_SICK_SYMLINK (1 << 6) /* symbolic link remote target */ #define XFS_BS_SICK_PARENT (1 << 7) /* parent pointers */ #define XFS_BS_SICK_DIRTREE (1 << 8) /* directory tree structure */ +#define XFS_BS_SICK_DATA (1 << 9) /* file data */ /* * Project quota id helpers (previously projid was 16bit only diff --git a/libxfs/xfs_health.h b/libxfs/xfs_health.h index 89b80e957917..0f8533335e25 100644 --- a/libxfs/xfs_health.h +++ b/libxfs/xfs_health.h @@ -105,6 +105,7 @@ struct xfs_rtgroup; /* Don't propagate sick status to ag health summary during inactivation */ #define XFS_SICK_INO_FORGET (1 << 12) #define XFS_SICK_INO_DIRTREE (1 << 13) /* directory tree structure */ +#define XFS_SICK_INO_DATA (1 << 14) /* file data */ /* Primary evidence of health problems in a given group. */ #define XFS_SICK_FS_PRIMARY (XFS_SICK_FS_COUNTERS | \ @@ -143,7 +144,8 @@ struct xfs_rtgroup; XFS_SICK_INO_XATTR | \ XFS_SICK_INO_SYMLINK | \ XFS_SICK_INO_PARENT | \ - XFS_SICK_INO_DIRTREE) + XFS_SICK_INO_DIRTREE | \ + XFS_SICK_INO_DATA) #define XFS_SICK_INO_ZAPPED (XFS_SICK_INO_BMBTD_ZAPPED | \ XFS_SICK_INO_BMBTA_ZAPPED | \ From patchwork Tue Apr 30 03:34:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648144 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CD82E10A0C; Tue, 30 Apr 2024 03:34:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448088; cv=none; b=opb2vhfr4ZyUZxkJw2CFdXsfR2p4oJ8KdumL1tICHYrbAQ/uiwKYJE1AZnKC8m8y6prfb1JBz5UVAF+pW27tC468e2AS6FcuM0HctwOXtFBxhdD5/Vb7RzDrO30Z6vCJK23cJJKF0UvURj2vByFeRs4TnKY3cxBi4wx6cT5/IoA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448088; c=relaxed/simple; bh=hmJOMOwk41JRVTWfJoBKJMwWmQsbOLdZ56PzB9yGz5k=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=locCnVhztHm3oYnmMhD+HXjIVenxk1Gy2vw8OcyGwFPieGzCtO0+ELZqLyQnanSw+cKghcbRZux/E6dtQ8X5ouFZXJdOJxkaBFT+TW8GKiL1LH+oe+B2QszHzTUWtG3qClUpOLriP+1oDgHmSwOmqyr9jpwOD21qHVfnyz2jbT0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=QT6flQ6F; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="QT6flQ6F" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 63F9EC116B1; Tue, 30 Apr 2024 03:34:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448088; bh=hmJOMOwk41JRVTWfJoBKJMwWmQsbOLdZ56PzB9yGz5k=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=QT6flQ6FWk+EgfQpVKr6YcHRXLDXlKsIttv9414hYFax/CMu3vD6W7JgU9iCR1SGk GGQtzikJAS2UHGrUieqBFnfm3CKQBEDHVNJFM4xqz0cgRekcmLjsMYRjDsIIy6pmSK +sgp+YcsVxhimDQiBGbXPYJJL7iL+/stfRCNAPhU7hB1CsYTbseC6Plszy1fnjEkEp pE+l8OlIDEkWm8jpGQb0ApPJHHhSHMzAAhiInPcX61IDUvfNhT60Z5t4elxZXgvPgE 5gp+puUiosJCtSb41aiEwIOjg0aCG3IbsxaGmpildVjx8uS4j3TO4A2EfefMbW1Fk8 jNNFcVqqqc9dA== Date: Mon, 29 Apr 2024 20:34:47 -0700 Subject: [PATCH 15/38] xfs: enable ro-compat fs-verity flag From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683343.960383.9838479985541357618.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Andrey Albershteyn Finalize fs-verity integration in XFS by making kernel fs-verity aware with ro-compat flag. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong [djwong: add spaces] Signed-off-by: Darrick J. Wong --- libxfs/xfs_format.h | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/libxfs/xfs_format.h b/libxfs/xfs_format.h index 810f2556762b..78a12705a88d 100644 --- a/libxfs/xfs_format.h +++ b/libxfs/xfs_format.h @@ -389,10 +389,11 @@ xfs_sb_has_compat_feature( #define XFS_SB_FEAT_RO_COMPAT_INOBTCNT (1 << 3) /* inobt block counts */ #define XFS_SB_FEAT_RO_COMPAT_VERITY (1 << 4) /* fs-verity */ #define XFS_SB_FEAT_RO_COMPAT_ALL \ - (XFS_SB_FEAT_RO_COMPAT_FINOBT | \ - XFS_SB_FEAT_RO_COMPAT_RMAPBT | \ - XFS_SB_FEAT_RO_COMPAT_REFLINK| \ - XFS_SB_FEAT_RO_COMPAT_INOBTCNT) + (XFS_SB_FEAT_RO_COMPAT_FINOBT | \ + XFS_SB_FEAT_RO_COMPAT_RMAPBT | \ + XFS_SB_FEAT_RO_COMPAT_REFLINK | \ + XFS_SB_FEAT_RO_COMPAT_INOBTCNT | \ + XFS_SB_FEAT_RO_COMPAT_VERITY) #define XFS_SB_FEAT_RO_COMPAT_UNKNOWN ~XFS_SB_FEAT_RO_COMPAT_ALL static inline bool xfs_sb_has_ro_compat_feature( From patchwork Tue Apr 30 03:35:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648145 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9C8AC10A01; Tue, 30 Apr 2024 03:35:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448104; cv=none; b=P8OH5tjUK19ya40zv1pvA2HMBzRN0daX6XwA/YsdEo+v93H1zf+MGxfAygb081q3irUHz13740+3Cn3RblOIpBuceSedmTpqUa95vh68KGU3o5/9etX7JxsjTUO/cycEOgHPe0rxW7SyCTivTz00abwwfTusYW92NZHurqsz75U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448104; c=relaxed/simple; bh=HOS6WdiKFJC173Z2Oe52jYwWeMqhC/Qvwq5X6huJW+o=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=KLiUHWXS2GwTmYBd3cXbfzSDyo0VrDpBrlaafvvUsaVMc0K9w0gEz1BpcgDOJnINEQZ7aWhAlXtnGEqCAzp/SHoBq63NAeQ/ng+euHljSsV/0yuQBVRCVf2ZmEKTGPJ2r8uYkB52JL4YyRWz5ohHJUOaZtrdZ71tG+E+Gxkp2HU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=drUQvWDE; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="drUQvWDE" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 160D7C116B1; Tue, 30 Apr 2024 03:35:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448104; bh=HOS6WdiKFJC173Z2Oe52jYwWeMqhC/Qvwq5X6huJW+o=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=drUQvWDE5jUmInd2XuBsrleoB83xKYUTh0+V1+gFRAMOGsAQ1chmItquDhC9Wkqip iNJajO+qJMKuzYo16fdoNQatVq1fxr+Zujw4rQSQtiF53jjMh6PEgkp5jDqRlAIWHZ qd5eqkw/vrsW6D+zhkf88Rksrx2An4TB8gHlkBMVNQEN35wu0nTOW7jNqAyCNUv002 35QoUY03QyIPdUaPBdp+kNPKrWaKGbhTGKpMVoJjtb+IyapIwGWdeLSiDsUKOfiYOm MiQ9PfOldnAfV3Z5WejeXAGL1Yn4hXKTysKI0rxkZMcudgdhz35NlaRAAnYte+coI0 6nB1dpfE//A8A== Date: Mon, 29 Apr 2024 20:35:03 -0700 Subject: [PATCH 16/38] libfrog: add fsverity to xfs_report_geom output From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683358.960383.16789390120394175042.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Announce the presence of fsverity on a filesystem. Signed-off-by: Darrick J. Wong --- libfrog/fsgeom.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libfrog/fsgeom.c b/libfrog/fsgeom.c index 41958f00ce34..99d6d98e4679 100644 --- a/libfrog/fsgeom.c +++ b/libfrog/fsgeom.c @@ -34,6 +34,7 @@ xfs_report_geom( int exchangerange; int parent; int metadir; + int verity; isint = geo->logstart > 0; lazycount = geo->flags & XFS_FSOP_GEOM_FLAGS_LAZYSB ? 1 : 0; @@ -55,13 +56,14 @@ xfs_report_geom( exchangerange = geo->flags & XFS_FSOP_GEOM_FLAGS_EXCHANGE_RANGE ? 1 : 0; parent = geo->flags & XFS_FSOP_GEOM_FLAGS_PARENT ? 1 : 0; metadir = geo->flags & XFS_FSOP_GEOM_FLAGS_METADIR ? 1 : 0; + verity = geo->flags & XFS_FSOP_GEOM_FLAGS_VERITY ? 1 : 0; printf(_( "meta-data=%-22s isize=%-6d agcount=%u, agsize=%u blks\n" " =%-22s sectsz=%-5u attr=%u, projid32bit=%u\n" " =%-22s crc=%-8u finobt=%u, sparse=%u, rmapbt=%u\n" " =%-22s reflink=%-4u bigtime=%u inobtcount=%u nrext64=%u\n" -" =%-22s exchange=%-3u metadir=%u\n" +" =%-22s exchange=%-3u metadir=%u verity=%u\n" "data =%-22s bsize=%-6u blocks=%llu, imaxpct=%u\n" " =%-22s sunit=%-6u swidth=%u blks\n" "naming =version %-14u bsize=%-6u ascii-ci=%d, ftype=%d, parent=%d\n" @@ -73,7 +75,7 @@ xfs_report_geom( "", geo->sectsize, attrversion, projid32bit, "", crcs_enabled, finobt_enabled, spinodes, rmapbt_enabled, "", reflink_enabled, bigtime_enabled, inobtcount, nrext64, - "", exchangerange, metadir, + "", exchangerange, metadir, verity, "", geo->blocksize, (unsigned long long)geo->datablocks, geo->imaxpct, "", geo->sunit, geo->swidth, From patchwork Tue Apr 30 03:35:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648146 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EFC01101DE; Tue, 30 Apr 2024 03:35:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448120; cv=none; b=pIYMnsFurYtit6qQi0OSitfbW2A+VVVzYSAFMNsCItZnUeIEGisJWk3y+lvY4cYTm/JabrCNd14dPiFcsQmS6+QBpfzjceqfceRmdQcltrGv5jKIMfLSEUdVPDBrR6Y8QzDQkPX1kocwPaQL7W3OwbtFZ0hY8Aqd7T9w3TjG5go= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448120; c=relaxed/simple; bh=UDTXxASukJqtIJMoF9GGK68//rlPODHFbAib+pyUfPI=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=eUvRcC1KjOKeFv03urIzrqOKBYpZ00BU4Zi3eMbilw9L7H66T/BKtcl3kzh53eFUcps+CGdVf8x7D7qfDU+c93+4SqmEuXx2JHxlbcMjw1yi315C1+Omndliqxl8qN6+1gjJTCJKPOlCaLIpw27MkCrckcb9T8Wh8SFAOwjssq4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=B/dLHgDR; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="B/dLHgDR" Received: by smtp.kernel.org (Postfix) with ESMTPSA id C2DACC116B1; Tue, 30 Apr 2024 03:35:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448119; bh=UDTXxASukJqtIJMoF9GGK68//rlPODHFbAib+pyUfPI=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=B/dLHgDR9LIUAmDqUbdn3Rj5A1uaSh7E+2Z2AF8ACZdDxdyei9nH3wwWN7g14L19i ZnVmYFNh/QFObp8rVMbVh/3q40fHjueIQL6B8wm3LhuXWYvVbMkgO2CjSk1RpdEm1W hTpoYTh2nzaT4224osCYy5Q223QOEO5dYFk1yYyy8RoiQuNuf6haQUz8JYZFVYQjVs SWipizj77fPbEykVcFEoV6Qf4MiUHbjwUxzMD789kd0kMdpRRBQjc9P3wRuALkCqiu 5VMCjj1ffBvaB4eXHOxI4x43092IMmKSKeVD8P18l2LjFYkysC2GM2NiPP1Ec5qGAU SIPtO3V2iWkTw== Date: Mon, 29 Apr 2024 20:35:19 -0700 Subject: [PATCH 17/38] xfs_db: introduce attr_modify command From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683373.960383.6934170328629765953.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Andrey Albershteyn This command allows for writing value over already existing value of inode's extended attribute. The difference from 'write' command is that extended attribute can be addressed by name and new value is written over old value. The command also allows addressing via binary names (introduced by parent pointers). This can be done by specified name length (-m) and value in #hex format. Example: # Modify attribute with name #00000042 by overwriting 8 # bytes at offset 3 with value #0000000000FF00FF attr_modify -o 3 -m 4 -v 8 #42 #FF00FF Signed-off-by: Andrey Albershteyn --- db/attrset.c | 210 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++- db/write.c | 2 - db/write.h | 1 3 files changed, 210 insertions(+), 3 deletions(-) diff --git a/db/attrset.c b/db/attrset.c index 81d530055193..cfd6d9c1c954 100644 --- a/db/attrset.c +++ b/db/attrset.c @@ -16,10 +16,12 @@ #include "field.h" #include "inode.h" #include "malloc.h" +#include "write.h" #include static int attr_set_f(int argc, char **argv); static int attr_remove_f(int argc, char **argv); +static int attr_modify_f(int argc, char **argv); static void attrset_help(void); static const cmdinfo_t attr_set_cmd = @@ -30,6 +32,11 @@ static const cmdinfo_t attr_remove_cmd = { "attr_remove", "aremove", attr_remove_f, 1, -1, 0, N_("[-r|-s|-u|-p] [-n] name"), N_("remove the named attribute from the current inode"), attrset_help }; +static const cmdinfo_t attr_modify_cmd = + { "attr_modify", "amodify", attr_modify_f, 1, -1, 0, + N_("[-r|-s|-u] [-o n] [-v n] [-m n] name value"), + N_("modify value of the named attribute of the current inode"), + attrset_help }; static void attrset_help(void) @@ -38,8 +45,9 @@ attrset_help(void) "\n" " The 'attr_set' and 'attr_remove' commands provide interfaces for debugging\n" " the extended attribute allocation and removal code.\n" -" Both commands require an attribute name to be specified, and the attr_set\n" -" command allows an optional value length (-v) to be provided as well.\n" +" Both commands together with 'attr_modify' require an attribute name to be\n" +" specified. The attr_set and attr_modify commands allow an optional value\n" +" length (-v) to be provided as well.\n" " There are 4 namespace flags:\n" " -r -- 'root'\n" " -u -- 'user' (default)\n" @@ -49,6 +57,9 @@ attrset_help(void) " For attr_set, these options further define the type of set operation:\n" " -C -- 'create' - create attribute, fail if it already exists\n" " -R -- 'replace' - replace attribute, fail if it does not exist\n" +" attr_modify command provides more of the following options:\n" +" -m -- 'name length' - specify length of the name (handy with binary names)\n" +" -o -- 'value offset' - offset new value within old attr's value\n" " The backward compatibility mode 'noattr2' can be emulated (-n) also.\n" "\n")); } @@ -61,6 +72,7 @@ attrset_init(void) add_command(&attr_set_cmd); add_command(&attr_remove_cmd); + add_command(&attr_modify_cmd); } static unsigned char * @@ -402,3 +414,197 @@ attr_remove_f( free((void *)args.name); return 0; } + +static int +attr_modify_f( + int argc, + char **argv) +{ + struct xfs_da_args args = { + .geo = mp->m_attr_geo, + .whichfork = XFS_ATTR_FORK, + .op_flags = XFS_DA_OP_OKNOENT, + }; + int c; + int offset = 0; + char *sp; + char *converted; + uint8_t *name; + int namelen = 0; + uint8_t *value; + int valuelen = 0; + int error; + + if (cur_typ == NULL) { + dbprintf(_("no current type\n")); + return 0; + } + + if (cur_typ->typnm != TYP_INODE) { + dbprintf(_("current type is not inode\n")); + return 0; + } + + while ((c = getopt(argc, argv, "rusnv:o:m:")) != EOF) { + switch (c) { + /* namespaces */ + case 'r': + args.attr_filter |= LIBXFS_ATTR_ROOT; + args.attr_filter &= ~LIBXFS_ATTR_SECURE; + break; + case 'u': + args.attr_filter &= ~(LIBXFS_ATTR_ROOT | + LIBXFS_ATTR_SECURE); + break; + case 's': + args.attr_filter |= LIBXFS_ATTR_SECURE; + args.attr_filter &= ~LIBXFS_ATTR_ROOT; + break; + + case 'n': + /* + * We never touch attr2 these days; leave this here to + * avoid breaking scripts. + */ + break; + + case 'o': + offset = strtol(optarg, &sp, 0); + if (*sp != '\0' || offset < 0 || offset > XFS_XATTR_SIZE_MAX) { + dbprintf(_("bad attr_modify offset %s\n"), + optarg); + return 0; + } + break; + + case 'v': + valuelen = strtol(optarg, &sp, 0); + if (*sp != '\0' || offset < 0 || valuelen > XFS_XATTR_SIZE_MAX) { + dbprintf(_("bad attr_modify value len %s\n"), + optarg); + return 0; + } + break; + + case 'm': + namelen = strtol(optarg, &sp, 0); + if (*sp != '\0' || offset < 0 || namelen > MAXNAMELEN) { + dbprintf(_("bad attr_modify name len %s\n"), + optarg); + return 0; + } + break; + + default: + dbprintf(_("bad option for attr_modify command\n")); + return 0; + } + } + + if (optind != argc - 2) { + dbprintf(_("too few options for attr_modify\n")); + return 0; + } + + if (namelen >= MAXNAMELEN) { + dbprintf(_("name too long\n")); + return 0; + } + + if (!namelen) { + if (argv[optind][0] == '#') + namelen = strlen(argv[optind])/2; + if (argv[optind][0] == '"') + namelen = strlen(argv[optind]) - 2; + } + + name = xcalloc(namelen, sizeof(uint8_t)); + converted = convert_arg(argv[optind], (int)(namelen*8)); + if (!converted) { + dbprintf(_("invalid name\n")); + goto out_free_name; + } + + memcpy(name, converted, namelen); + args.name = (const uint8_t *)name; + args.namelen = namelen; + + optind++; + + if (valuelen > XFS_XATTR_SIZE_MAX) { + dbprintf(_("value too long\n")); + goto out_free_name; + } + + if (!valuelen) { + if (argv[optind][0] == '#') + valuelen = strlen(argv[optind])/2; + if (argv[optind][0] == '"') + valuelen = strlen(argv[optind]) - 2; + } + + if ((valuelen + offset) > XFS_XATTR_SIZE_MAX) { + dbprintf(_("offsetted value too long\n")); + goto out_free_name; + } + + value = xcalloc(valuelen, sizeof(uint8_t)); + converted = convert_arg(argv[optind], (int)(valuelen*8)); + if (!converted) { + dbprintf(_("invalid value\n")); + goto out_free_value; + } + memcpy(value, converted, valuelen); + + if (libxfs_iget(mp, NULL, iocur_top->ino, 0, &args.dp)) { + dbprintf(_("failed to iget inode %llu\n"), + (unsigned long long)iocur_top->ino); + goto out; + } + + args.owner = iocur_top->ino; + libxfs_attr_sethash(&args); + + /* + * Look up attr value with a maximally long length and a null buffer + * to return the value and the correct length. + */ + args.valuelen = XATTR_SIZE_MAX; + error = -libxfs_attr_get(&args); + if (error) { + dbprintf(_("failed to get attr '%s' from inode %llu: %s\n"), + args.name, (unsigned long long)iocur_top->ino, + strerror(error)); + goto out; + } + + if (valuelen + offset > args.valuelen) { + dbprintf(_("new value too long\n")); + goto out; + } + + /* modify value */ + memcpy((uint8_t *)args.value + offset, value, valuelen); + + error = -libxfs_attr_set(&args, XFS_ATTRUPDATE_REPLACE, false); + if (error) { + dbprintf(_("failed to set attr '%s' from inode %llu: %s\n"), + (unsigned char *)args.name, + (unsigned long long)iocur_top->ino, + strerror(error)); + goto out; + } + + /* refresh with updated inode contents */ + set_cur_inode(iocur_top->ino); + +out: + if (args.dp) + libxfs_irele(args.dp); + xfree(args.value); +out_free_value: + xfree(value); +out_free_name: + xfree(name); + return 0; +} diff --git a/db/write.c b/db/write.c index 96dea70519ba..9295dbc92a40 100644 --- a/db/write.c +++ b/db/write.c @@ -511,7 +511,7 @@ convert_oct( * are adjusted in the buffer so that the first input bit is to be be written to * the first bit in the output. */ -static char * +char * convert_arg( char *arg, int bit_length) diff --git a/db/write.h b/db/write.h index e24e07d4c464..4ba04d0300fb 100644 --- a/db/write.h +++ b/db/write.h @@ -6,6 +6,7 @@ struct field; +extern char *convert_arg(char *arg, int bit_length); extern void write_init(void); extern void write_block(const field_t *fields, int argc, char **argv); extern void write_struct(const field_t *fields, int argc, char **argv); From patchwork Tue Apr 30 03:35:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648147 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8AA3ADDA6; Tue, 30 Apr 2024 03:35:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448135; cv=none; b=IKzpz2ylDIEtN4Wg11efGkYxbtXPwQceie2vxTevmj41SsIthhMzZ40BIsrvnXgYIjYYsPYzdoPGbFo1OhkpgYqRQUAO2yoFmDMBUgkIYMe+qUG0VmhYaudDxqVzWr8n+crndNw0W2IOLQfngR4H2pYRN7GLufNLPye2sFfpFds= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448135; c=relaxed/simple; bh=gF/luiv8AIQ2sZ7JFnjtvfvXqCqlLavZ1Ynx0PcuKxQ=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Eloc3bl+feJ7eipxeyuEpPJgnpbF/IQygDmfXB4KOn7eMHpqWm7nL9JSZgeNrCOUPMts5ZmZn89OMkuTDcAqTsf+SpCenhRw9BGZTG2wt0apeDeTpnDk2cBeyP3WWYuPPwOMXXhraEaWyKxvx2CSeYmFxNkuIEiWPHczmjKiZeg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=rG5SGk1e; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="rG5SGk1e" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 63199C116B1; Tue, 30 Apr 2024 03:35:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448135; bh=gF/luiv8AIQ2sZ7JFnjtvfvXqCqlLavZ1Ynx0PcuKxQ=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=rG5SGk1erHiqwiOObiUaOgs0Mk34u8unIfCRte7TMyWKAm+cK91Iub6R6BmaXetVS 8oaHMQc0lg+ykAt+kTkxaVUhTT+XQfTaJKGUCuDj+rjJxUPq5pjqR5g+Ik9NVS4XKv h0tqTX35k4Xd5jBS4h6iE/uHzac21dLkw0owaFbGVsnV+L1RQOT7vnG4vsY1iFmTds W//KMjBzDXOhc+GwcPQXwNBSCNCvdsm3hiW5CExPHdfTbGM604AkY8Nff5F9Fe2ZwT 1iCO+17Vxuj3qn2+vUzCt1IHwWTldSCW54Hn9mInMuJlCBZ1Oim2sDvY5WUmN6pmZd NYmiHgvzO0PPw== Date: Mon, 29 Apr 2024 20:35:34 -0700 Subject: [PATCH 18/38] xfs_db: add ATTR_PARENT support to attr_modify command From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683388.960383.1844285181071756130.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Add the parent namespace to the attr_modify command. Signed-off-by: Darrick J. Wong --- db/attrset.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/db/attrset.c b/db/attrset.c index cfd6d9c1c954..915c20f8beb8 100644 --- a/db/attrset.c +++ b/db/attrset.c @@ -445,20 +445,23 @@ attr_modify_f( return 0; } - while ((c = getopt(argc, argv, "rusnv:o:m:")) != EOF) { + while ((c = getopt(argc, argv, "ruspnv:o:m:")) != EOF) { switch (c) { /* namespaces */ case 'r': + args.attr_filter &= ~LIBXFS_ATTR_NS; args.attr_filter |= LIBXFS_ATTR_ROOT; - args.attr_filter &= ~LIBXFS_ATTR_SECURE; break; case 'u': - args.attr_filter &= ~(LIBXFS_ATTR_ROOT | - LIBXFS_ATTR_SECURE); + args.attr_filter &= ~LIBXFS_ATTR_NS; break; case 's': + args.attr_filter &= ~LIBXFS_ATTR_NS; args.attr_filter |= LIBXFS_ATTR_SECURE; - args.attr_filter &= ~LIBXFS_ATTR_ROOT; + break; + case 'p': + args.attr_filter &= ~LIBXFS_ATTR_NS; + args.attr_filter |= XFS_ATTR_PARENT; break; case 'n': From patchwork Tue Apr 30 03:35:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648148 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 88A3810A1F; Tue, 30 Apr 2024 03:35:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448151; cv=none; b=TZPvj2UYIDbyGXn/HQCj1NjMyHWgDGXQDwppVfOenPDN/0dfvR+CITiCeg+YsoUzypd4eu0enJeyZomr/Sqp4zEFaGLLVkgkohj3Ul/xb3XoAgKhoXK5qBg6+NOabJGrhBubUtEepcRe9ry6g1ZauvQXkUybp0gpgtiZ4+iHFPI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448151; c=relaxed/simple; bh=KjAnYmfQQCRO0FHnz123YxO2xEYbrbD9UzXzSpOxFjU=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=YxfD7Ko3XCEx3qVlTz0eJzGM78v/cSkqtnXzQVwl7eDqgQUB6Qu3SNGU/lWQiq7eX3mGWHg/OieKDoUCivogdfMigTw9fj1j5ltXQRvXfaYHuJzz2rZ9b6P2IRIv3EHMKIkvtRdvzMbF5ZwTwMmZlnYZE/k6ppDnMUjvuuM+i08= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=GDMhU8MA; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="GDMhU8MA" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0B082C116B1; Tue, 30 Apr 2024 03:35:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448151; bh=KjAnYmfQQCRO0FHnz123YxO2xEYbrbD9UzXzSpOxFjU=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=GDMhU8MAQP5cQ3QQrjz+yDD13h3+scZHhCBRI4V7z0xaHg0/k2xkAKFz+PpnB9/f0 GlCJC05PevgU3bEYOaEnk5W9bQjxJAxJHOcVntXAtsXyZgiMhl+7eUj+MYP+bPHBSW e91vowbCeF42evk7A3h3OV8yxhfDSCQZf2EijK6IVejlzgL+0gVkzfhKzMJB9r+fIe A7rKoKX0xYmdMEHZZD4bctzqLFKhkxFQORrNsVxVAZQGUb7mTf0n8kPYTEeHFyvBlP D+5WeWFPQbcCFYIE1RKVQBEUC7I2kAX0C6pVxIMqhKDxX8wC7hnb65xaD7wQzfxlff 1QCn+1ry0b61Q== Date: Mon, 29 Apr 2024 20:35:50 -0700 Subject: [PATCH 19/38] xfs_db: make attr_set/remove/modify be able to handle fs-verity attrs From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683404.960383.1311017460455777404.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Andrey Albershteyn Signed-off-by: Andrey Albershteyn --- db/attrset.c | 28 +++++++++++++++++++++------- libxfs/libxfs_api_defs.h | 1 + 2 files changed, 22 insertions(+), 7 deletions(-) diff --git a/db/attrset.c b/db/attrset.c index 915c20f8beb8..477ea7cb29c1 100644 --- a/db/attrset.c +++ b/db/attrset.c @@ -26,15 +26,15 @@ static void attrset_help(void); static const cmdinfo_t attr_set_cmd = { "attr_set", "aset", attr_set_f, 1, -1, 0, - N_("[-r|-s|-u|-p] [-n] [-R|-C] [-v n] name"), + N_("[-r|-s|-u|-p|-f] [-n] [-R|-C] [-v n] name"), N_("set the named attribute on the current inode"), attrset_help }; static const cmdinfo_t attr_remove_cmd = { "attr_remove", "aremove", attr_remove_f, 1, -1, 0, - N_("[-r|-s|-u|-p] [-n] name"), + N_("[-r|-s|-u|-p|-f] [-n] name"), N_("remove the named attribute from the current inode"), attrset_help }; static const cmdinfo_t attr_modify_cmd = { "attr_modify", "amodify", attr_modify_f, 1, -1, 0, - N_("[-r|-s|-u] [-o n] [-v n] [-m n] name value"), + N_("[-r|-s|-u|-f] [-o n] [-v n] [-m n] name value"), N_("modify value of the named attribute of the current inode"), attrset_help }; @@ -53,6 +53,7 @@ attrset_help(void) " -u -- 'user' (default)\n" " -s -- 'secure'\n" " -p -- 'parent'\n" +" -f -- 'fs-verity'\n" "\n" " For attr_set, these options further define the type of set operation:\n" " -C -- 'create' - create attribute, fail if it already exists\n" @@ -116,7 +117,8 @@ get_buf_from_file( #define LIBXFS_ATTR_NS (LIBXFS_ATTR_SECURE | \ LIBXFS_ATTR_ROOT | \ - LIBXFS_ATTR_PARENT) + LIBXFS_ATTR_PARENT | \ + LIBXFS_ATTR_VERITY) static int attr_set_f( @@ -144,7 +146,7 @@ attr_set_f( return 0; } - while ((c = getopt(argc, argv, "ruspCRnN:v:V:")) != EOF) { + while ((c = getopt(argc, argv, "fruspCRnN:v:V:")) != EOF) { switch (c) { /* namespaces */ case 'r': @@ -162,6 +164,10 @@ attr_set_f( args.attr_filter &= ~LIBXFS_ATTR_NS; args.attr_filter |= XFS_ATTR_PARENT; break; + case 'f': + args.attr_filter &= ~LIBXFS_ATTR_NS; + args.attr_filter |= LIBXFS_ATTR_VERITY; + break; /* modifiers */ case 'C': @@ -317,7 +323,7 @@ attr_remove_f( return 0; } - while ((c = getopt(argc, argv, "ruspnN:")) != EOF) { + while ((c = getopt(argc, argv, "fruspnN:")) != EOF) { switch (c) { /* namespaces */ case 'r': @@ -335,6 +341,10 @@ attr_remove_f( args.attr_filter &= ~LIBXFS_ATTR_NS; args.attr_filter |= XFS_ATTR_PARENT; break; + case 'f': + args.attr_filter &= ~LIBXFS_ATTR_NS; + args.attr_filter |= LIBXFS_ATTR_VERITY; + break; case 'N': name_from_file = optarg; @@ -445,7 +455,7 @@ attr_modify_f( return 0; } - while ((c = getopt(argc, argv, "ruspnv:o:m:")) != EOF) { + while ((c = getopt(argc, argv, "fruspnv:o:m:")) != EOF) { switch (c) { /* namespaces */ case 'r': @@ -463,6 +473,10 @@ attr_modify_f( args.attr_filter &= ~LIBXFS_ATTR_NS; args.attr_filter |= XFS_ATTR_PARENT; break; + case 'f': + args.attr_filter &= ~LIBXFS_ATTR_NS; + args.attr_filter |= LIBXFS_ATTR_VERITY; + break; case 'n': /* diff --git a/libxfs/libxfs_api_defs.h b/libxfs/libxfs_api_defs.h index 1b6efac9290d..6ad728af2e0a 100644 --- a/libxfs/libxfs_api_defs.h +++ b/libxfs/libxfs_api_defs.h @@ -16,6 +16,7 @@ #define LIBXFS_ATTR_ROOT XFS_ATTR_ROOT #define LIBXFS_ATTR_SECURE XFS_ATTR_SECURE #define LIBXFS_ATTR_PARENT XFS_ATTR_PARENT +#define LIBXFS_ATTR_VERITY XFS_ATTR_VERITY #define xfs_agfl_size libxfs_agfl_size #define xfs_agfl_walk libxfs_agfl_walk From patchwork Tue Apr 30 03:36:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648149 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DCC1612E63; Tue, 30 Apr 2024 03:36:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448167; cv=none; b=RBj0ZChn3vlGYXlhX6kAE1AipjSgHYcF/wdlW2iWaY3JxD8xzb+KFS8uzv1otf5pDGRGUY5BqW6PM3TAHUtMzV/QnkdbMlrwoJIyAPaWnJenzmGVW3WEr9Dw/Ls9Pe1UiQwLUBrwB1jJo5PKoMNApCSTsaPYlYU2b2HAHyMM+uA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448167; c=relaxed/simple; bh=WCpGGgLuO7lgQiaQWkkFpFeslLBF5xm7QClhWyeYNlc=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=B2teCdbBUZFAhFRyBbJqzNKlZIjuTFRkyAVS9KD4QdZUSWOgStCv3tJr2xEU6dE+kTugUStFPH8MoaUX2yrGsv4bhAx0YE12DIwV+JsDIorj8N7lUiBcTE6Qvs4/w7mJaDZdNMP/Bb2rU5mOjzWP9JrNY9k80UVpr8mQ4bZc83o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=a8aaF3B6; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="a8aaF3B6" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B03E1C116B1; Tue, 30 Apr 2024 03:36:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448166; bh=WCpGGgLuO7lgQiaQWkkFpFeslLBF5xm7QClhWyeYNlc=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=a8aaF3B647NxYGr+v+dftcGGvMp2dTM37r5tA2L/pAla8lZOFxet24xa+EP3y9NvA uYZO8ZX9TxPFPwnM1/JvMRevlnXevPKZy8B7byxU+SRUGXvquLRzKgAvZGN/LBa6Te T2bjqgL3e6Q2u/HIitKJhHceLs+sTeYmFkudW/aC2+wnGLt6/MAqwczKu2dn7PcwEn QcVKHHBVfVLWaehycY91LzWivsUZ+pnpI+81fR+nrE57PbqSyyw/jTHRJvVC9fUCFM UAL6BJzWk465Y5PZ2+q7m0wEkSZPrvLFIViUtXTT7TfhNeNAdMnG4JPEDy+i0zxzFK o91MgingZ+Z2Q== Date: Mon, 29 Apr 2024 20:36:06 -0700 Subject: [PATCH 20/38] man: document attr_modify command From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: "Darrick J. Wong" , linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683418.960383.17800229768202275222.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Add some documentation for the new attr_modify command. I'm not sure all what this this supposed to do, but there needs to be /something/ to satisfy the documentation tests. Signed-off-by: Darrick J. Wong --- man/man8/xfs_db.8 | 42 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 40 insertions(+), 2 deletions(-) diff --git a/man/man8/xfs_db.8 b/man/man8/xfs_db.8 index 701035cb986d..2c5aed2cf38c 100644 --- a/man/man8/xfs_db.8 +++ b/man/man8/xfs_db.8 @@ -206,7 +206,45 @@ Displays the length, free block count, per-AG reservation size, and per-AG reservation usage for a given AG. If no argument is given, display information for all AGs. .TP -.BI "attr_remove [\-p|\-r|\-u|\-s] [\-n] [\-N " namefile "|" name "] " +.BI "attr_modify [\-p|\-r|\-u|\-s|\-f] [\-o n] [\-v n] [\-m n] name value +Modifies an extended attribute on the current file with the given name. + +If the +.B name +is a string that can be converted into an integer value, it will be. +.RS 1.0i +.TP 0.4i +.B \-p +Sets the attribute in the parent namespace. +Only one namespace option can be specified. +.TP +.B \-r +Sets the attribute in the root namespace. +Only one namespace option can be specified. +.TP +.B \-u +Sets the attribute in the user namespace. +Only one namespace option can be specified. +.TP +.B \-s +Sets the attribute in the secure namespace. +Only one namespace option can be specified. +.TP +.B \-f +Sets the attribute in the verity namespace. +Only one namespace option can be specified. +.TP +.B \-m +Length of the attr name. +.TP +.B \-o +Offset into the attr value to place the new contents. +.TP +.B \-v +Length of the attr value. +.RE +.TP +.BI "attr_remove [\-p|\-r|\-u|\-s|\-f] [\-n] [\-N " namefile "|" name "] " Remove the specified extended attribute from the current file. .RS 1.0i .TP 0.4i @@ -233,7 +271,7 @@ Read the name from this file. Do not enable 'noattr2' mode on V4 filesystems. .RE .TP -.BI "attr_set [\-p\-r|\-u|\-s] [\-n] [\-R|\-C] [\-v " valuelen "|\-V " valuefile "] [\-N " namefile "|" name "] " +.BI "attr_set [\-p\-r|\-u|\-s|\-f] [\-n] [\-R|\-C] [\-v " valuelen "|\-V " valuefile "] [\-N " namefile "|" name "] " Sets an extended attribute on the current file with the given name. .RS 1.0i .TP 0.4i From patchwork Tue Apr 30 03:36:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648188 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B82A21118C; Tue, 30 Apr 2024 03:36:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448182; cv=none; b=p08jnk9Z2DY1QF/9BSlNFZ+MioS6jc+jrGFJoVvKMm7nnOiJveCYrnATdTY5POEfTsgn7qTghYeweU233TxlmW0jjoV4Vq2s36Qh9C7Sj699Cd04Ygby1hul9r9ZCT77QgJ/d4oT5DXizfdBa77cjKsh3GeqWDLGczRy9fgf6Qo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448182; c=relaxed/simple; bh=q3YUnm0bGb7HE0uRQljjJv8p6Srj4K4xP+f1CATFCHY=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=nrXFw3TZn2T/zGduJDyq+U/UZSLX6Ew3/ujT3r/K6/55s9dIYLTZu0/cpot8tLC/kjTEv5jdnLCjkkbABHQ2Crrze0e14V4n15zZ074k7OaWk8EaQOjdAyFnX5UVuy8WEyGvpmZR8NL5YJKAeS74QhvGh8uD7rLKw3mNBNDCNlo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=g4eLg1TV; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="g4eLg1TV" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 52C2FC116B1; Tue, 30 Apr 2024 03:36:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448182; bh=q3YUnm0bGb7HE0uRQljjJv8p6Srj4K4xP+f1CATFCHY=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=g4eLg1TVEIOYIrQQ8e0jLfdqiUHt9eOB023FsAyhEB4pzDKMloWQG2rcFjmDRPmp9 v2Y3bNy1umHf3BRzTIT07/v+xETusBQVtVE7PbwHCzowEw5fnFwSzU3/Ytj7zKzK5l YV7FvXzXj3yQ9Z2P6nC1D/y09YAo35BEGZw8Fzz1MQ1qO1MBJF4QtxiXM9TpC9ptP+ jqPHSk2Et6rb3qWAEjLB38BwXb4wHAimDFoHg0n9q31pCNObVE3kIp8Pf9jlECptFy Tb281An7Qd2eyuO3ogfcYjOFWo4QbHBzFp3sFDASREiySNpbsMmH+rIv87yxdmsI1Q Yx7+aX9q78Bdg== Date: Mon, 29 Apr 2024 20:36:21 -0700 Subject: [PATCH 21/38] xfs_db: create hex string as a field type From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683434.960383.8666398059683404403.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Define a field type for hex strings so that we can print things such as: file_digest = deadbeef31337023aaaa Signed-off-by: Darrick J. Wong --- db/field.c | 2 ++ db/field.h | 1 + db/fprint.c | 24 ++++++++++++++++++++++++ db/fprint.h | 2 ++ 4 files changed, 29 insertions(+) diff --git a/db/field.c b/db/field.c index d5879f4ada7d..066239ae6073 100644 --- a/db/field.c +++ b/db/field.c @@ -158,6 +158,8 @@ const ftattr_t ftattrtab[] = { { FLDT_CHARNS, "charns", fp_charns, NULL, SI(bitsz(char)), 0, NULL, NULL }, { FLDT_CHARS, "chars", fp_num, "%c", SI(bitsz(char)), 0, NULL, NULL }, + { FLDT_HEXSTRING, "hexstring", fp_hexstr, NULL, SI(bitsz(char)), 0, NULL, + NULL }, { FLDT_REXTLEN, "rextlen", fp_num, "%u", SI(RMAPBT_BLOCKCOUNT_BITLEN), 0, NULL, NULL }, { FLDT_RFILEOFFD, "rfileoffd", fp_num, "%llu", SI(RMAPBT_OFFSET_BITLEN), diff --git a/db/field.h b/db/field.h index f1b4f4e217de..89752d07b84c 100644 --- a/db/field.h +++ b/db/field.h @@ -67,6 +67,7 @@ typedef enum fldt { FLDT_CFSBLOCK, FLDT_CHARNS, FLDT_CHARS, + FLDT_HEXSTRING, FLDT_REXTLEN, FLDT_RFILEOFFD, FLDT_REXTFLG, diff --git a/db/fprint.c b/db/fprint.c index ac916d511e87..182e5b7cb27c 100644 --- a/db/fprint.c +++ b/db/fprint.c @@ -54,6 +54,30 @@ fp_charns( return 1; } +int +fp_hexstr( + void *obj, + int bit, + int count, + char *fmtstr, + int size, + int arg, + int base, + int array) +{ + int i; + char *p; + + ASSERT(bitoffs(bit) == 0); + ASSERT(size == bitsz(char)); + for (i = 0, p = (char *)obj + byteize(bit); + i < count && !seenint(); + i++, p++) { + dbprintf("%02x", *p & 0xff); + } + return 1; +} + int fp_num( void *obj, diff --git a/db/fprint.h b/db/fprint.h index a1ea935ca531..348e04215588 100644 --- a/db/fprint.h +++ b/db/fprint.h @@ -9,6 +9,8 @@ typedef int (*prfnc_t)(void *obj, int bit, int count, char *fmtstr, int size, extern int fp_charns(void *obj, int bit, int count, char *fmtstr, int size, int arg, int base, int array); +extern int fp_hexstr(void *obj, int bit, int count, char *fmtstr, int size, + int arg, int base, int array); extern int fp_num(void *obj, int bit, int count, char *fmtstr, int size, int arg, int base, int array); extern int fp_sarray(void *obj, int bit, int count, char *fmtstr, int size, From patchwork Tue Apr 30 03:36:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648189 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3038D10A0C; Tue, 30 Apr 2024 03:36:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448198; cv=none; b=ZmEiL4TG63h9TDge9S2wvbyil8OyCIRhe0X28rYdYmBh1SaZMjWX3RLOfD+iq3Qk5gfM4k7iv3nA/lmSbsv3cPC2fBFbYxFMZq/44G1mNb6rsCgXng9Fpyfg0ovOR+gLKa8dLBGNO8/heI2wT81mSvqGO+eDHSwcZOe+ybtYLV0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448198; c=relaxed/simple; bh=t26IICXALiXcmvK7j1Laox7Qylprz8fe4CVcci+Nzjw=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=h03nDsm4+Qfp+qMBsSyoEfblB9fRwvk7ND3C6bRSlhNld5qow2uSeWUZWDiuz0FE6pypHxRhf0QHoNoR++98uXMnZKrwLYErercEB8uHtRwfjv6dxNhkuUA0Uz6QW59Mh8BSNc1oKsWQI505SdVTAM/PfapfEcoVa1U/Unb77mw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=euaWjvs4; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="euaWjvs4" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 038F6C116B1; Tue, 30 Apr 2024 03:36:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448198; bh=t26IICXALiXcmvK7j1Laox7Qylprz8fe4CVcci+Nzjw=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=euaWjvs4+2whTEW4+wGqGe1Lrn1KVoP/lEPyQ96tm97GYa4B+0Q9ii0PKIaNgfFwy ekW0dnJnLCcLIIq8U9AsflE6Eq+UlrsphdiGsfJ/3bZcCjJElZ66o1iZN83lwx9T6t sGLPhMWLxSkRKIYXSutfUOCq0xmVRV9Pgt56N5TeePg/N9c2MxkgT3DC0hGUQh8AbG Z7CWddAGdMcuDdXGqLISctVvuDBaeGh9WoENBiPY1zB6j+C8cO65ikNSORDzoCWd1Z IBXahNxW6T3U+iP2XAXgi6YGes/axfclirXRDYHbjyfs6xwrR/FGCCWJbxmguZ2cS6 lPw8MC4AqUOMA== Date: Mon, 29 Apr 2024 20:36:37 -0700 Subject: [PATCH 22/38] xfs_db: dump verity features and metadata From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683449.960383.8331991050586758696.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Teach the debugger how to decode the merkle tree block number in the attr name, and to display the fact that this is a verity filesystem. Signed-off-by: Darrick J. Wong --- db/sb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/db/sb.c b/db/sb.c index cf5251cd728f..e4ca8f72ae97 100644 --- a/db/sb.c +++ b/db/sb.c @@ -857,6 +857,8 @@ version_string( strcat(s, ",METADIR"); if (xfs_has_rtgroups(mp)) strcat(s, ",RTGROUPS"); + if (xfs_has_verity(mp)) + strcat(s, ",VERITY"); return s; } From patchwork Tue Apr 30 03:36:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648190 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 263BD111A2; Tue, 30 Apr 2024 03:36:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448214; cv=none; b=CLo5bJxOZFdIxvrgZ10W63ZHInRC/wAabgh1MtVELe2dlkcQ1RMXS3dDQyi79F+mzSoUq8a+LwIjGuDcKnJj3csmVordhTVFKdv/FJLdQAd4DavKdn9RqaQ9QplCHhSvxnDBjXsnT2DQW6GYhzPfKAvTSgvkT2Z0xctlQyKoDN0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448214; c=relaxed/simple; bh=l3cbf3vxDJ5u8rmBnahydFw9HCWhzoO6CZF966w06SU=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=BSC2slI/oak7GZQoANxCliiqMhzPfVWcJYtdC2MY1Id8ESMeCPRRQyzqMdoZl6l19eomxB0v5l06bGnSmZX5myFSi9CU2Oz/CFPmLsyhJbjQzwx8mNrEUInXuFdRz6RF715w9/r6F7PhcEM5gQqYQBUdjS3OySbhhpVCx/dR1As= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Wpt+VP86; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Wpt+VP86" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9DA95C4AF18; Tue, 30 Apr 2024 03:36:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448213; bh=l3cbf3vxDJ5u8rmBnahydFw9HCWhzoO6CZF966w06SU=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=Wpt+VP86288uossigifZfnSiSmaqi8BoWqs6GZG0CgWIQ2l+Zb6szYf1EImaxwLM8 ZBrjvz8DkwL7l9tYmnFxMXgQyrEjfJtP4Le8rungqfaVzCOXKqhDBaf1snBiyJmjiw O297sdIUgnL8OtvNIvPvw8e4583eqHsOvZXsDGk0pBZzsuprHUu6NhJ9wvOSYRn3aZ YsLVTaqezHI+xg7HNh5YwvCymXtv5lslhilcYz3BjIR+CMQ2RefU6RQTap47fCXBkS /wRrpAAZ02hkiU8rn4kZvilM5QXCURPfMZuUvom2u0842+jrLPE4GQWESusb9wgxJO +MhcTgJEhQF5Q== Date: Mon, 29 Apr 2024 20:36:53 -0700 Subject: [PATCH 23/38] xfs_db: dump merkle tree data From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683465.960383.2818025551403654518.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Teach the debugger to dump the specific fields in the fsverity xattr blocks. Signed-off-by: Darrick J. Wong --- db/attr.c | 189 +++++++++++++++++++++++++++++++++++++++++++++++++++++++- db/attrshort.c | 50 +++++++++++++++ 2 files changed, 237 insertions(+), 2 deletions(-) diff --git a/db/attr.c b/db/attr.c index 8e2bce7b7e02..7d8bdeb53032 100644 --- a/db/attr.c +++ b/db/attr.c @@ -35,6 +35,12 @@ static int attr3_remote_data_count(void *obj, int startoff); static int attr_leaf_value_pptr_count(void *obj, int startoff); +static bool is_verity_file(void); +static int attr3_remote_merkledata_count(void *obj, int startoff); +static int attr_leaf_name_local_merkledata_count(void *obj, int startoff); +static int attr_leaf_name_local_merkleoff_count(void *obj, int startoff); +static int attr_leaf_name_remote_merkleoff_count(void *obj, int startoff); + const field_t attr_hfld[] = { { "", FLDT_ATTR, OI(0), C1, 0, TYP_NONE }, { NULL } @@ -87,6 +93,9 @@ const field_t attr_leaf_entry_flds[] = { { "parent", FLDT_UINT1, OI(LEOFF(flags) + bitsz(uint8_t) - XFS_ATTR_PARENT_BIT - 1), C1, 0, TYP_NONE }, + { "verity", FLDT_UINT1, + OI(LEOFF(flags) + bitsz(uint8_t) - XFS_ATTR_VERITY_BIT - 1), C1, 0, + TYP_NONE }, { "pad2", FLDT_UINT8X, OI(LEOFF(pad2)), C1, FLD_SKIPALL, TYP_NONE }, { NULL } }; @@ -113,6 +122,10 @@ const field_t attr_leaf_map_flds[] = { #define LNOFF(f) bitize(offsetof(xfs_attr_leaf_name_local_t, f)) #define LVOFF(f) bitize(offsetof(xfs_attr_leaf_name_remote_t, f)) +#define MKLOFF(f) bitize(offsetof(xfs_attr_leaf_name_local_t, nameval) + \ + offsetof(struct xfs_merkle_key, f)) +#define MKROFF(f) bitize(offsetof(xfs_attr_leaf_name_remote_t, name) + \ + offsetof(struct xfs_merkle_key, f)) const field_t attr_leaf_name_flds[] = { { "valuelen", FLDT_UINT16D, OI(LNOFF(valuelen)), attr_leaf_name_local_count, FLD_COUNT, TYP_NONE }, @@ -122,8 +135,12 @@ const field_t attr_leaf_name_flds[] = { attr_leaf_name_local_name_count, FLD_COUNT, TYP_NONE }, { "parent_dir", FLDT_PARENT_REC, attr_leaf_name_local_value_offset, attr_leaf_value_pptr_count, FLD_COUNT | FLD_OFFSET, TYP_NONE }, + { "merkle_pos", FLDT_UINT64X, OI(MKLOFF(mk_pos)), + attr_leaf_name_local_merkleoff_count, FLD_COUNT, TYP_NONE }, { "value", FLDT_CHARNS, attr_leaf_name_local_value_offset, attr_leaf_name_local_value_count, FLD_COUNT|FLD_OFFSET, TYP_NONE }, + { "merkle_data", FLDT_HEXSTRING, attr_leaf_name_local_value_offset, + attr_leaf_name_local_merkledata_count, FLD_COUNT|FLD_OFFSET, TYP_NONE }, { "valueblk", FLDT_UINT32X, OI(LVOFF(valueblk)), attr_leaf_name_remote_count, FLD_COUNT, TYP_NONE }, { "valuelen", FLDT_UINT32D, OI(LVOFF(valuelen)), @@ -132,6 +149,8 @@ const field_t attr_leaf_name_flds[] = { attr_leaf_name_remote_count, FLD_COUNT, TYP_NONE }, { "name", FLDT_CHARNS, OI(LVOFF(name)), attr_leaf_name_remote_name_count, FLD_COUNT, TYP_NONE }, + { "merkle_pos", FLDT_UINT64X, OI(MKROFF(mk_pos)), + attr_leaf_name_remote_merkleoff_count, FLD_COUNT, TYP_NONE }, { NULL } }; @@ -265,7 +284,19 @@ __attr_leaf_name_local_count( struct xfs_attr_leaf_entry *e, int i) { - return (e->flags & XFS_ATTR_LOCAL) != 0; + struct xfs_attr_leaf_name_local *l; + + if (!(e->flags & XFS_ATTR_LOCAL)) + return 0; + + if ((e->flags & XFS_ATTR_NSP_ONDISK_MASK) == XFS_ATTR_VERITY) { + l = xfs_attr3_leaf_name_local(leaf, i); + + if (l->namelen == sizeof(struct xfs_merkle_key)) + return 0; + } + + return 1; } static int @@ -289,6 +320,10 @@ __attr_leaf_name_local_name_count( return 0; l = xfs_attr3_leaf_name_local(leaf, i); + if ((e->flags & XFS_ATTR_NSP_ONDISK_MASK) == XFS_ATTR_VERITY && + l->namelen == sizeof(struct xfs_merkle_key)) + return 0; + return l->namelen; } @@ -311,7 +346,8 @@ __attr_leaf_name_local_value_count( if (!(e->flags & XFS_ATTR_LOCAL)) return 0; - if ((e->flags & XFS_ATTR_NSP_ONDISK_MASK) == XFS_ATTR_PARENT) + if ((e->flags & XFS_ATTR_NSP_ONDISK_MASK) == XFS_ATTR_PARENT || + (e->flags & XFS_ATTR_NSP_ONDISK_MASK) == XFS_ATTR_VERITY) return 0; l = xfs_attr3_leaf_name_local(leaf, i); @@ -382,6 +418,10 @@ __attr_leaf_name_remote_name_count( return 0; r = xfs_attr3_leaf_name_remote(leaf, i); + if ((e->flags & XFS_ATTR_NSP_ONDISK_MASK) == XFS_ATTR_VERITY && + r->namelen == sizeof(struct xfs_merkle_key)) + return 0; + return r->namelen; } @@ -542,6 +582,141 @@ attr_leaf_value_pptr_count( return attr_leaf_entry_walk(obj, startoff, __leaf_pptr_count); } +/* + * Is the current file a verity file? This is a kludge for handling merkle + * tree blocks stored in a XFS_ATTR_VERITY attr's remote value block because we + * can't access the leaf entry to find out if the attr is actually a verity + * attr. + */ +static bool +is_verity_file(void) +{ + struct xfs_inode *ip; + bool ret = false; + + if (iocur_top->ino == 0 || iocur_top->ino == NULLFSINO) + return false; + + if (!xfs_has_verity(mp)) + return false; + + ret = -libxfs_iget(mp, NULL, iocur_top->ino, 0, &ip); + if (ret) + return false; + + if (ip->i_diflags2 & XFS_DIFLAG2_VERITY) + ret = true; + + libxfs_irele(ip); + return ret; +} + +static int +attr3_remote_merkledata_count( + void *obj, + int startoff) +{ + struct xfs_attr3_leaf_hdr *lhdr = obj; + struct xfs_attr3_rmt_hdr *rhdr = obj; + + if (rhdr->rm_magic == cpu_to_be32(XFS_ATTR3_RMT_MAGIC) || + lhdr->info.hdr.magic == cpu_to_be16(XFS_DA_NODE_MAGIC) || + lhdr->info.hdr.magic == cpu_to_be16(XFS_DA3_NODE_MAGIC) || + lhdr->info.hdr.magic == cpu_to_be16(XFS_ATTR_LEAF_MAGIC) || + lhdr->info.hdr.magic == cpu_to_be16(XFS_ATTR3_LEAF_MAGIC)) + return 0; + + if (startoff != 0 || !is_verity_file()) + return 0; + + return mp->m_sb.sb_blocksize; +} + +static int +__leaf_local_merkledata_count( + struct xfs_attr_leafblock *leaf, + struct xfs_attr_leaf_entry *e, + int i) +{ + struct xfs_attr_leaf_name_local *l; + + if (!(e->flags & XFS_ATTR_LOCAL)) + return 0; + if ((e->flags & XFS_ATTR_NSP_ONDISK_MASK) == XFS_ATTR_PARENT) + return 0; + + l = xfs_attr3_leaf_name_local(leaf, i); + if ((e->flags & XFS_ATTR_NSP_ONDISK_MASK) == XFS_ATTR_VERITY && + l->namelen == sizeof(struct xfs_merkle_key)) + return be16_to_cpu(l->valuelen); + + return 0; +} + +static int +attr_leaf_name_local_merkledata_count( + void *obj, + int startoff) +{ + return attr_leaf_entry_walk(obj, startoff, __leaf_local_merkledata_count); +} + +static int +__leaf_local_merkleoff_count( + struct xfs_attr_leafblock *leaf, + struct xfs_attr_leaf_entry *e, + int i) +{ + struct xfs_attr_leaf_name_local *l; + + if ((e->flags & XFS_ATTR_NSP_ONDISK_MASK) != XFS_ATTR_VERITY) + return 0; + if (!(e->flags & XFS_ATTR_LOCAL)) + return 0; + + l = xfs_attr3_leaf_name_local(leaf, i); + if (l->namelen != sizeof(struct xfs_merkle_key)) + return 0; + + return 1; +} + +static int +attr_leaf_name_local_merkleoff_count( + void *obj, + int startoff) +{ + return attr_leaf_entry_walk(obj, startoff, __leaf_local_merkleoff_count); +} + +static int +__leaf_remote_merkleoff_count( + struct xfs_attr_leafblock *leaf, + struct xfs_attr_leaf_entry *e, + int i) +{ + struct xfs_attr_leaf_name_remote *r; + + if ((e->flags & XFS_ATTR_NSP_ONDISK_MASK) != XFS_ATTR_VERITY) + return 0; + if (e->flags & XFS_ATTR_LOCAL) + return 0; + + r = xfs_attr3_leaf_name_remote(leaf, i); + if (r->namelen != sizeof(struct xfs_merkle_key)) + return 0; + + return 1; +} + +static int +attr_leaf_name_remote_merkleoff_count( + void *obj, + int startoff) +{ + return attr_leaf_entry_walk(obj, startoff, __leaf_remote_merkleoff_count); +} + int attr_size( void *obj, @@ -570,6 +745,8 @@ const field_t attr3_flds[] = { FLD_COUNT, TYP_NONE }, { "data", FLDT_CHARNS, OI(bitize(sizeof(struct xfs_attr3_rmt_hdr))), attr3_remote_data_count, FLD_COUNT, TYP_NONE }, + { "merkle_data", FLDT_HEXSTRING, OI(0), + attr3_remote_merkledata_count, FLD_COUNT, TYP_NONE }, { "entries", FLDT_ATTR_LEAF_ENTRY, OI(L3OFF(entries)), attr3_leaf_entries_count, FLD_ARRAY|FLD_COUNT, TYP_NONE }, { "btree", FLDT_ATTR_NODE_ENTRY, OI(N3OFF(__btree)), @@ -652,6 +829,9 @@ xfs_attr3_set_crc( xfs_buf_update_cksum(bp, XFS_ATTR3_RMT_CRC_OFF); return; default: + if (is_verity_file()) + return; + dbprintf(_("Unknown attribute buffer type!\n")); break; } @@ -687,6 +867,11 @@ xfs_attr3_db_read_verify( bp->b_ops = &xfs_attr3_rmt_buf_ops; break; default: + if (is_verity_file()) { + bp->b_ops = &xfs_attr3_rmtverity_buf_ops; + goto verify; + } + dbprintf(_("Unknown attribute buffer type!\n")); xfs_buf_ioerror(bp, -EFSCORRUPTED); return; diff --git a/db/attrshort.c b/db/attrshort.c index 7e5c94ca533d..1d26a358335f 100644 --- a/db/attrshort.c +++ b/db/attrshort.c @@ -20,6 +20,9 @@ static int attr_shortform_list_offset(void *obj, int startoff, int idx); static int attr_sf_entry_pptr_count(void *obj, int startoff); +static int attr_sf_entry_merkleoff_count(void *obj, int startoff); +static int attr_sf_entry_merkledata_count(void *obj, int startoff); + const field_t attr_shortform_flds[] = { { "hdr", FLDT_ATTR_SF_HDR, OI(0), C1, 0, TYP_NONE }, { "list", FLDT_ATTR_SF_ENTRY, attr_shortform_list_offset, @@ -35,6 +38,8 @@ const field_t attr_sf_hdr_flds[] = { }; #define EOFF(f) bitize(offsetof(struct xfs_attr_sf_entry, f)) +#define MKOFF(f) bitize(offsetof(struct xfs_attr_sf_entry, nameval) + \ + offsetof(struct xfs_merkle_key, f)) const field_t attr_sf_entry_flds[] = { { "namelen", FLDT_UINT8D, OI(EOFF(namelen)), C1, 0, TYP_NONE }, { "valuelen", FLDT_UINT8D, OI(EOFF(valuelen)), C1, 0, TYP_NONE }, @@ -48,10 +53,17 @@ const field_t attr_sf_entry_flds[] = { { "parent", FLDT_UINT1, OI(EOFF(flags) + bitsz(uint8_t) - XFS_ATTR_PARENT_BIT - 1), C1, 0, TYP_NONE }, + { "verity", FLDT_UINT1, + OI(EOFF(flags) + bitsz(uint8_t) - XFS_ATTR_VERITY_BIT - 1), C1, 0, + TYP_NONE }, { "name", FLDT_CHARNS, OI(EOFF(nameval)), attr_sf_entry_name_count, FLD_COUNT, TYP_NONE }, { "parent_dir", FLDT_PARENT_REC, attr_sf_entry_value_offset, attr_sf_entry_pptr_count, FLD_COUNT | FLD_OFFSET, TYP_NONE }, + { "merkle_pos", FLDT_UINT32X, OI(MKOFF(mk_pos)), + attr_sf_entry_merkleoff_count, FLD_COUNT, TYP_NONE }, + { "merkle_data", FLDT_HEXSTRING, attr_sf_entry_value_offset, + attr_sf_entry_merkledata_count, FLD_COUNT | FLD_OFFSET, TYP_NONE }, { "value", FLDT_CHARNS, attr_sf_entry_value_offset, attr_sf_entry_value_count, FLD_COUNT|FLD_OFFSET, TYP_NONE }, { NULL } @@ -100,6 +112,10 @@ attr_sf_entry_value_count( if ((e->flags & XFS_ATTR_NSP_ONDISK_MASK) == XFS_ATTR_PARENT) return 0; + if ((e->flags & XFS_ATTR_NSP_ONDISK_MASK) == XFS_ATTR_VERITY && + e->namelen == sizeof(struct xfs_merkle_key)) + return 0; + return e->valuelen; } @@ -183,3 +199,37 @@ attr_sf_entry_pptr_count( return 1; } + +static int +attr_sf_entry_merkleoff_count( + void *obj, + int startoff) +{ + struct xfs_attr_sf_entry *e; + + ASSERT(bitoffs(startoff) == 0); + e = (struct xfs_attr_sf_entry *)((char *)obj + byteize(startoff)); + if ((e->flags & XFS_ATTR_NSP_ONDISK_MASK) != XFS_ATTR_VERITY) + return 0; + + if (e->namelen != sizeof(struct xfs_merkle_key)) + return 0; + + return 1; +} + +static int +attr_sf_entry_merkledata_count( + void *obj, + int startoff) +{ + struct xfs_attr_sf_entry *e; + + ASSERT(bitoffs(startoff) == 0); + e = (struct xfs_attr_sf_entry *)((char *)obj + byteize(startoff)); + if ((e->flags & XFS_ATTR_NSP_ONDISK_MASK) == XFS_ATTR_VERITY && + e->namelen == sizeof(struct xfs_merkle_key)) + return e->valuelen; + + return 0; +} From patchwork Tue Apr 30 03:37:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648191 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AC8BA10A01; Tue, 30 Apr 2024 03:37:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448229; cv=none; b=qIzrWdf1hQ63Uuhc95+lMvIqofC9lgm8lhG2mPe/0/0ZA5xpqYVbjany9FG50YHwdzVW+j5nJfd5iS59DQHdqxipLGmJGk06s4jl+wFIiWmKSo1nI17UOIj9Km+Jj5ysJqtKwaaNue8Fo4sxNcddefbgFuIE6GrD66ZtB8YyQ64= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448229; c=relaxed/simple; bh=YJDOmx6DmnmLiAvVB0dzx1CvDDvtPWmL4uzXT+oXD3w=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=gw5GGO9lBjpGJ8QzX5gEpND4RVh/ce36/sx0p3hpP3F/qQLpwV6S5roF3UEniFjVhDmGT6F9DfFy2QJEuzhG8yOQLm9e+Bb9uRTXGMTa9k16k84OZuwpmsQXuOAzAPfEQtd5sk1c/1UE6ZmLN97/RABbL6OIL7231tf6L2QGNE8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=f9GoBIw9; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="f9GoBIw9" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 40349C116B1; Tue, 30 Apr 2024 03:37:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448229; bh=YJDOmx6DmnmLiAvVB0dzx1CvDDvtPWmL4uzXT+oXD3w=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=f9GoBIw9hvF2ZcxUeR3C+craG43eW56kO+NlVUNPgCIlprhDpo/vKZRhr4I4zmTsq 1L/Zr2xkOMrJyMexF1xWmFrgbMfycH+UnXvratvTmFU3O5IcUXTz8ais69A7Umd+mW vcH/XYUB/R5ZsXND6dTbeUwKDOTxFusJZJbFHhUDlr6EnznkYicUHwLsHughfBoIhn ArvcFCtlEH7Hb4OKzCizYyzbjTiC7+3OayoJSkpU84a1Qnw6IYM0exVcbNVrsUcFAZ OfKfyMnqUP81KuO/zFqsSl6fpQiTZl9lJSOCJokl5QA/agCeXU6O2H0CJcUHpxtqXi k9mE/PRRy3FUg== Date: Mon, 29 Apr 2024 20:37:08 -0700 Subject: [PATCH 24/38] xfs_db: dump the verity descriptor From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683480.960383.15143756405243298510.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Dump the fsverity descriptor if fsverity.h is present. Signed-off-by: Darrick J. Wong --- configure.ac | 1 + db/Makefile | 4 ++++ db/attr.c | 31 +++++++++++++++++++++++++++++++ db/attrshort.c | 22 ++++++++++++++++++++-- db/field.c | 29 +++++++++++++++++++++++++++++ db/field.h | 3 +++ include/builddefs.in | 1 + include/platform_defs.h | 4 ++++ m4/package_libcdev.m4 | 18 ++++++++++++++++++ 9 files changed, 111 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 1cb7d59c5582..ade0aca58418 100644 --- a/configure.ac +++ b/configure.ac @@ -223,6 +223,7 @@ fi AC_MANUAL_FORMAT AC_HAVE_LIBURCU_ATOMIC64 AC_USE_RADIX_TREE_FOR_INUMS +AC_HAVE_FSVERITY_DESCRIPTOR AC_CONFIG_FILES([include/builddefs]) AC_OUTPUT diff --git a/db/Makefile b/db/Makefile index 02eeead25b49..9fe6fed727e1 100644 --- a/db/Makefile +++ b/db/Makefile @@ -78,6 +78,10 @@ LLDLIBS += $(LIBEDITLINE) $(LIBTERMCAP) CFLAGS += -DENABLE_EDITLINE endif +ifeq ($(HAVE_FSVERITY_DESCR),yes) +CFLAGS += -DHAVE_FSVERITY_DESCR +endif + default: depend $(LTCOMMAND) include $(BUILDRULES) diff --git a/db/attr.c b/db/attr.c index 7d8bdeb53032..e05243ff16fa 100644 --- a/db/attr.c +++ b/db/attr.c @@ -40,6 +40,7 @@ static int attr3_remote_merkledata_count(void *obj, int startoff); static int attr_leaf_name_local_merkledata_count(void *obj, int startoff); static int attr_leaf_name_local_merkleoff_count(void *obj, int startoff); static int attr_leaf_name_remote_merkleoff_count(void *obj, int startoff); +static int attr_leaf_vdesc_count(void *obj, int startoff); const field_t attr_hfld[] = { { "", FLDT_ATTR, OI(0), C1, 0, TYP_NONE }, @@ -151,6 +152,8 @@ const field_t attr_leaf_name_flds[] = { attr_leaf_name_remote_name_count, FLD_COUNT, TYP_NONE }, { "merkle_pos", FLDT_UINT64X, OI(MKROFF(mk_pos)), attr_leaf_name_remote_merkleoff_count, FLD_COUNT, TYP_NONE }, + { "vdesc", FLDT_FSVERITY_DESCR, attr_leaf_name_local_value_offset, + attr_leaf_vdesc_count, FLD_COUNT|FLD_OFFSET, TYP_NONE }, { NULL } }; @@ -717,6 +720,34 @@ attr_leaf_name_remote_merkleoff_count( return attr_leaf_entry_walk(obj, startoff, __leaf_remote_merkleoff_count); } +static int +__leaf_vdesc_count( + struct xfs_attr_leafblock *leaf, + struct xfs_attr_leaf_entry *e, + int i) +{ + struct xfs_attr_leaf_name_local *l; + + if (!(e->flags & XFS_ATTR_LOCAL)) + return 0; + if ((e->flags & XFS_ATTR_NSP_ONDISK_MASK) != XFS_ATTR_VERITY) + return 0; + + l = xfs_attr3_leaf_name_local(leaf, i); + if (l->namelen != XFS_VERITY_DESCRIPTOR_NAME_LEN) + return 0; + + return 1; +} + +static int +attr_leaf_vdesc_count( + void *obj, + int startoff) +{ + return attr_leaf_entry_walk(obj, startoff, __leaf_vdesc_count); +} + int attr_size( void *obj, diff --git a/db/attrshort.c b/db/attrshort.c index 1d26a358335f..4ff19d1284c8 100644 --- a/db/attrshort.c +++ b/db/attrshort.c @@ -22,6 +22,7 @@ static int attr_sf_entry_pptr_count(void *obj, int startoff); static int attr_sf_entry_merkleoff_count(void *obj, int startoff); static int attr_sf_entry_merkledata_count(void *obj, int startoff); +static int attr_sf_entry_vdesc_count(void *obj, int startoff); const field_t attr_shortform_flds[] = { { "hdr", FLDT_ATTR_SF_HDR, OI(0), C1, 0, TYP_NONE }, @@ -66,6 +67,8 @@ const field_t attr_sf_entry_flds[] = { attr_sf_entry_merkledata_count, FLD_COUNT | FLD_OFFSET, TYP_NONE }, { "value", FLDT_CHARNS, attr_sf_entry_value_offset, attr_sf_entry_value_count, FLD_COUNT|FLD_OFFSET, TYP_NONE }, + { "vdesc", FLDT_FSVERITY_DESCR, attr_sf_entry_value_offset, + attr_sf_entry_vdesc_count, FLD_COUNT | FLD_OFFSET, TYP_NONE }, { NULL } }; @@ -112,8 +115,7 @@ attr_sf_entry_value_count( if ((e->flags & XFS_ATTR_NSP_ONDISK_MASK) == XFS_ATTR_PARENT) return 0; - if ((e->flags & XFS_ATTR_NSP_ONDISK_MASK) == XFS_ATTR_VERITY && - e->namelen == sizeof(struct xfs_merkle_key)) + if ((e->flags & XFS_ATTR_NSP_ONDISK_MASK) == XFS_ATTR_VERITY) return 0; return e->valuelen; @@ -233,3 +235,19 @@ attr_sf_entry_merkledata_count( return 0; } + +static int +attr_sf_entry_vdesc_count( + void *obj, + int startoff) +{ + struct xfs_attr_sf_entry *e; + + ASSERT(bitoffs(startoff) == 0); + e = (struct xfs_attr_sf_entry *)((char *)obj + byteize(startoff)); + if ((e->flags & XFS_ATTR_NSP_ONDISK_MASK) == XFS_ATTR_VERITY && + e->namelen == XFS_VERITY_DESCRIPTOR_NAME_LEN) + return 1; + + return 0; +} diff --git a/db/field.c b/db/field.c index 066239ae6073..4f9dafbee182 100644 --- a/db/field.c +++ b/db/field.c @@ -33,6 +33,25 @@ const field_t parent_flds[] = { }; #undef PPOFF +#ifdef HAVE_FSVERITY_DESCR +# define OFF(f) bitize(offsetof(struct fsverity_descriptor, f)) +const field_t vdesc_flds[] = { + { "version", FLDT_UINT8D, OI(OFF(version)), C1, 0, TYP_NONE }, + { "hash_algorithm", FLDT_UINT8D, OI(OFF(hash_algorithm)), C1, 0, TYP_NONE }, + { "log_blocksize", FLDT_UINT8D, OI(OFF(log_blocksize)), C1, 0, TYP_NONE }, + { "salt_size", FLDT_UINT8D, OI(OFF(salt_size)), C1, 0, TYP_NONE }, + { "data_size", FLDT_UINT64D_LE, OI(OFF(data_size)), C1, 0, TYP_NONE }, + { "root_hash", FLDT_HEXSTRING, OI(OFF(root_hash)), CI(64), 0, TYP_NONE }, + { "salt", FLDT_HEXSTRING, OI(OFF(salt)), CI(32), 0, TYP_NONE }, + { NULL } +}; +# undef OFF +#else +const field_t vdesc_flds[] = { + { NULL } +}; +#endif + const ftattr_t ftattrtab[] = { { FLDT_AGBLOCK, "agblock", fp_num, "%u", SI(bitsz(xfs_agblock_t)), FTARG_DONULL, fa_agblock, NULL }, @@ -440,6 +459,16 @@ const ftattr_t ftattrtab[] = { { FLDT_RGSUMMARY, "rgsummary", NULL, (char *)rgsummary_flds, btblock_size, FTARG_SIZE, NULL, rgsummary_flds }, + { FLDT_UINT64D_LE, "uint64d_le", fp_num, "%llu", SI(bitsz(uint64_t)), + FTARG_LE, NULL, NULL }, + +#ifdef HAVE_FSVERITY_DESCR + { FLDT_FSVERITY_DESCR, "verity", NULL, (char *)vdesc_flds, + SI(bitsz(struct fsverity_descriptor)), 0, NULL, vdesc_flds }, +#else + { FLDT_FSVERITY_DESCR, "verity", NULL, NULL, 0, 0, NULL, NULL }, +#endif + { FLDT_ZZZ, NULL } }; diff --git a/db/field.h b/db/field.h index 89752d07b84c..bc5426f47293 100644 --- a/db/field.h +++ b/db/field.h @@ -211,6 +211,9 @@ typedef enum fldt { FLDT_SUMINFO, FLDT_RGSUMMARY, + FLDT_UINT64D_LE, + FLDT_FSVERITY_DESCR, + FLDT_ZZZ /* mark last entry */ } fldt_t; diff --git a/include/builddefs.in b/include/builddefs.in index 5a4008318c84..0e2974044a55 100644 --- a/include/builddefs.in +++ b/include/builddefs.in @@ -114,6 +114,7 @@ HAVE_UDEV = @have_udev@ UDEV_RULE_DIR = @udev_rule_dir@ HAVE_LIBURCU_ATOMIC64 = @have_liburcu_atomic64@ USE_RADIX_TREE_FOR_INUMS = @use_radix_tree_for_inums@ +HAVE_FSVERITY_DESCR = @have_fsverity_descr@ GCCFLAGS = -funsigned-char -fno-strict-aliasing -Wall # -Wbitwise -Wno-transparent-union -Wno-old-initializer -Wno-decl diff --git a/include/platform_defs.h b/include/platform_defs.h index 9c28e2744a8d..95f9df0d3d86 100644 --- a/include/platform_defs.h +++ b/include/platform_defs.h @@ -174,4 +174,8 @@ static inline size_t __ab_c_size(size_t a, size_t b, size_t c) # define barrier() __memory_barrier() #endif +#ifdef HAVE_FSVERITY_DESCR +# include +#endif + #endif /* __XFS_PLATFORM_DEFS_H__ */ diff --git a/m4/package_libcdev.m4 b/m4/package_libcdev.m4 index 711ff81f3332..1edf1fc12d6b 100644 --- a/m4/package_libcdev.m4 +++ b/m4/package_libcdev.m4 @@ -237,3 +237,21 @@ AC_DEFUN([AC_USE_RADIX_TREE_FOR_INUMS], AC_MSG_RESULT(yes)],[AC_MSG_RESULT(no)]) AC_SUBST(use_radix_tree_for_inums) ]) + +# +# Check if linux/fsverity.h defines the verity descriptor +# +AC_DEFUN([AC_HAVE_FSVERITY_DESCRIPTOR], + [ AC_MSG_CHECKING([for fsverity_descriptor in linux/fsverity.h ]) + AC_COMPILE_IFELSE( + [ AC_LANG_PROGRAM([[ +#include +#include + ]], [[ +struct fsverity_descriptor m = { }; + ]]) + ], have_fsverity_descr=yes + AC_MSG_RESULT(yes), + AC_MSG_RESULT(no)) + AC_SUBST(have_fsverity_descr) + ]) From patchwork Tue Apr 30 03:37:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648192 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 61CD310A01; Tue, 30 Apr 2024 03:37:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448245; cv=none; b=l+aQM/loShKesnNpQHbIzbYxsC+B5xbAKdqJfIptLHcj63H1VANPAYZKBKdeAW3tZUvsfJT45nNGX/U8EPYtu1ap/EhKogOzgkxHQBPmpf7VhkSiQ7cu3p/p6VWuBQqG+KBesmugGYyEy9JZAlIqE2RLpaPNpO/bdkvrOGbh0qQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448245; c=relaxed/simple; bh=nKFUd5MnqdN7gs5sweoBkBE86SpI2ISuPXSjE49K9GA=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=q2YqljvFXRFF0HIBNpjxqPPZg/n6FSmMWdcEzMN2Zt94gTshNJ/jZJn70ttqgw9K2iSvA9WaFdcDAc32Kz0eH/J2uUu2+lxOcqRfhEKR+K3bArIlkDaEvQCypzygSzaz3iGncWnU9XX7B9dr7rdvY1FVlR/ytMb0wCHdtoCVgCo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=FRWnkdBQ; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="FRWnkdBQ" Received: by smtp.kernel.org (Postfix) with ESMTPSA id DEE74C4AF18; Tue, 30 Apr 2024 03:37:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448244; bh=nKFUd5MnqdN7gs5sweoBkBE86SpI2ISuPXSjE49K9GA=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=FRWnkdBQ66jcJrcEKqn5zbcxMyR5ZOHQqFX4o76eyp5SgZ2Kynd8V1ioz+rSvNjUW OLQ2KAVWAYY8TIPNPqR+C/jRPQzcQPEBpjxU+cAm+DOsIidAr/M0Zb3SFFfb0/LWRp Cf5m2X5CVCFUVHKeWrT90vpsAMUoWpVCYVIr0lM2cdElrLRsVxqyWrrcc4hqsNwO9f DktsFs9f47RWvZsBGupot3mpqBmBC5j/Y7UCidjlEigcvVBLsps2crl5JOVUJVVTlj extRINj++rokr4SOu07NY/5c7vQI95rwAT0BBfKt/9523eSICMIVgHGd359S4n7BHs w8hdk/obCyWlA== Date: Mon, 29 Apr 2024 20:37:24 -0700 Subject: [PATCH 25/38] xfs_db: don't obfuscate verity xattrs From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683495.960383.3327817770931540712.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Don't obfuscate fsverity metadata when performing a metadump. Signed-off-by: Darrick J. Wong --- db/metadump.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/db/metadump.c b/db/metadump.c index 23defaee929f..112d762a8c31 100644 --- a/db/metadump.c +++ b/db/metadump.c @@ -1448,6 +1448,8 @@ process_sf_attr( if (asfep->flags & XFS_ATTR_PARENT) { maybe_obfuscate_pptr(asfep->flags, name, namelen, value, asfep->valuelen, is_meta); + } else if (asfep->flags & XFS_ATTR_VERITY) { + ; /* never obfuscate verity metadata */ } else if (want_obfuscate_attr(asfep->flags, name, namelen, value, asfep->valuelen, is_meta)) { generate_obfuscated_name(0, asfep->namelen, name); @@ -1843,6 +1845,8 @@ process_attr_block( maybe_obfuscate_pptr(entry->flags, name, local->namelen, value, valuelen, is_meta); + } else if (entry->flags & XFS_ATTR_VERITY) { + ; /* never obfuscate verity metadata */ } else if (want_obfuscate_attr(entry->flags, name, local->namelen, value, valuelen, is_meta)) { @@ -1871,6 +1875,10 @@ process_attr_block( /* do not obfuscate obviously busted pptr */ add_remote_vals(be32_to_cpu(remote->valueblk), be32_to_cpu(remote->valuelen)); + } else if (entry->flags & XFS_ATTR_VERITY) { + /* never obfuscate verity metadata */ + add_remote_vals(be32_to_cpu(remote->valueblk), + be32_to_cpu(remote->valuelen)); } else if (want_obfuscate_dirents(is_meta)) { generate_obfuscated_name(0, remote->namelen, &remote->name[0]); From patchwork Tue Apr 30 03:37:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648193 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 072C5DDA6; Tue, 30 Apr 2024 03:37:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448261; cv=none; b=eDciIoiqxCtt7REbDEY3nZNPjEF8QuKZD93MyCI/a54LmjuSB5/Iy6Vbw9U4D1NSI38qtTkuF+1YWZvntJbRVqpR08wJDjxIZea4C5YigBdqKPvy65mdlKguzHNSx/WczqraJkC7ap4Hudjwl7xJGNdz3yh5vjOOKogbgosAdYE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448261; c=relaxed/simple; bh=Hq9bAAzXVOfUtqOv92GE9o97z+9N6P/Hzhx43UZJysI=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=FwzaTv2Uuy8AymZjcSebruhtHOYseXI+JI2ma1FTaJUqaQrHXzrhI9/gz+NvJ7Jvy52GD792sBsJePLgoTc+QBMSlRggeDsfE4Uqm+RcxSqCGTkiMs2Oc2tbnW+5P11K21ZIA6LrWCgvpy7//tNzLp/GSNkezeQmJMwKr6yUJCA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=PfdWtAcM; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="PfdWtAcM" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 874CEC116B1; Tue, 30 Apr 2024 03:37:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448260; bh=Hq9bAAzXVOfUtqOv92GE9o97z+9N6P/Hzhx43UZJysI=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=PfdWtAcMTMm+YLbcTV/Qf5OHqS9gMxHNsAVnpU/P3HESloZsw8bMnQtpmKjBpFp+H lAT/uPLzXGELGdg4JOEgaVGt3lHNz1CtEv1wP8dsT1Igy13OhurcYxcE9oqfzPeUi+ 4kQGkeG6VO1fqkoKUjmFC5ySJk8AqB24YexM0cB7oHU/cvi9/cvPQnu3VE4DQHtdiI LLSpH3xTwCTSolYP+CC+XA7vQtQSPIh2vKemnIbQqNyRxILqqaZeRljcHbYskaUdSw DJBR18NK+YObHbFv73dJYA8zR4UtaBa2lLW4NifDYB8G3X6yRM9fhZzEGi+c30Rg55 hl1XMn1ASPlVw== Date: Mon, 29 Apr 2024 20:37:40 -0700 Subject: [PATCH 26/38] xfs_db: dump the inode verity flag From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683510.960383.11746420992762795794.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Display the verity iflag. Signed-off-by: Darrick J. Wong --- db/inode.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/db/inode.c b/db/inode.c index d7ce7eb77365..6a6bb43dc15a 100644 --- a/db/inode.c +++ b/db/inode.c @@ -213,6 +213,9 @@ const field_t inode_v3_flds[] = { { "metadir", FLDT_UINT1, OI(COFF(flags2) + bitsz(uint64_t) - XFS_DIFLAG2_METADIR_BIT-1), C1, 0, TYP_NONE }, + { "verity", FLDT_UINT1, + OI(COFF(flags2) + bitsz(uint64_t) - XFS_DIFLAG2_VERITY_BIT-1), C1, + 0, TYP_NONE }, { NULL } }; From patchwork Tue Apr 30 03:37:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648194 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A596511187; Tue, 30 Apr 2024 03:37:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448276; cv=none; b=abXyMDyV5NzoafB1fZOF0tPHJ2pMgRGr1YG0njbsf7oc4cMA4lPL5JH322kwyj8yPlo/t+xjA1kGB4sZo0d7wxbae3/FrLsQcIGlmRkan+KE2dEddpV/dzVPLsRNYOkqjVe86iu41GsypVyqVI/AVnJN323bbyCYDR2b6lmDiZU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448276; c=relaxed/simple; bh=GHgtj/1UbymAOfvPd+HjIlt0SEHUsLn/bLHqYWdt7AE=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Uc6y4n7c7wtIlrkAv6WgvAFc46V4QgQBBupJEsQjBEvvVoXW5W42H4Oaa8XnRRRa0FC6v/s8COJscw5mJKzOeJia2+Iy3yPdTig7jqfdJZLD09l9VV+XEyVnIkXId3Phlk0sxeL8R+TcI9SFSs5m9fjKQX7iclPgxrX8NNLnNOw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ePupY1Y5; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ePupY1Y5" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 372E2C116B1; Tue, 30 Apr 2024 03:37:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448276; bh=GHgtj/1UbymAOfvPd+HjIlt0SEHUsLn/bLHqYWdt7AE=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=ePupY1Y5CtKAhTqFLRhI6IqYgzkhyPYTWCHrXd1nRzVvvhiMFHy+bdDvOGaK10Uod ZgJoNk/8CPVF04sZpRZUfx/9kIKzqPaJe1vbcY5sFR2ygXI9R94QM01mgkoUm/l3LJ Bx98lESCkUoUYaGsfybiDY35ic27bXkYPPTZbJ99cobKvOQB12x+HjhywPOpKQIkiS Ro6aNejMEs9gE1b7yXcDKEjq+kMDGQ8LAzRMPDGm4pEeP/4Tzhh62EzHeloWuFPLL6 wgfzPb1xj1SZQDmdKqzf/NtmZk1XcH3+4/TaQxiKhSF5M9G+1zBpdy4cxCurJSHQqZ FZkjowCx1s0eg== Date: Mon, 29 Apr 2024 20:37:55 -0700 Subject: [PATCH 27/38] xfs_db: compute hashes of merkle tree blocks From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683526.960383.14370813739332837103.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Compute the hash of verity merkle tree blocks. Signed-off-by: Darrick J. Wong --- db/hash.c | 21 +++++++++++++++++++-- include/libxfs.h | 1 + libxfs/libxfs_api_defs.h | 1 + man/man8/xfs_db.8 | 5 +++++ 4 files changed, 26 insertions(+), 2 deletions(-) diff --git a/db/hash.c b/db/hash.c index ab9c435b545f..e88d7d326bb5 100644 --- a/db/hash.c +++ b/db/hash.c @@ -36,7 +36,7 @@ hash_help(void) " 'hash' prints out the calculated hash value for a string using the\n" "directory/attribute code hash function.\n" "\n" -" Usage: \"hash [-d|-p parent_ino] \"\n" +" Usage: \"hash [-d|-p parent_ino|-m merkle_blkno] \"\n" "\n" )); @@ -46,6 +46,7 @@ enum hash_what { ATTR, DIRECTORY, PPTR, + MERKLE, }; /* ARGSUSED */ @@ -54,16 +55,28 @@ hash_f( int argc, char **argv) { + struct xfs_merkle_key mk = { }; xfs_ino_t p_ino = 0; xfs_dahash_t hashval; + unsigned long long mk_pos; enum hash_what what = ATTR; int c; - while ((c = getopt(argc, argv, "dp:")) != EOF) { + while ((c = getopt(argc, argv, "dm:p:")) != EOF) { switch (c) { case 'd': what = DIRECTORY; break; + case 'm': + errno = 0; + mk_pos = strtoull(optarg, NULL, 0); + if (errno) { + perror(optarg); + return 1; + } + mk.mk_pos = cpu_to_be64(mk_pos << XFS_VERITY_HASH_SHIFT); + what = MERKLE; + break; case 'p': errno = 0; p_ino = strtoull(optarg, NULL, 0); @@ -97,6 +110,10 @@ hash_f( case ATTR: hashval = libxfs_attr_hashname(xname.name, xname.len); break; + case MERKLE: + hashval = libxfs_verity_hashname((void *)&mk, sizeof(mk)); + break; + } dbprintf("0x%x\n", hashval); } diff --git a/include/libxfs.h b/include/libxfs.h index b4c6a2882aa3..0c3f0be85565 100644 --- a/include/libxfs.h +++ b/include/libxfs.h @@ -100,6 +100,7 @@ struct iomap; #include "xfs_rtgroup.h" #include "xfs_rtrmap_btree.h" #include "xfs_ag_resv.h" +#include "xfs_verity.h" #ifndef ARRAY_SIZE #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) diff --git a/libxfs/libxfs_api_defs.h b/libxfs/libxfs_api_defs.h index 6ad728af2e0a..d125e2679348 100644 --- a/libxfs/libxfs_api_defs.h +++ b/libxfs/libxfs_api_defs.h @@ -394,6 +394,7 @@ #define xfs_verify_fsbno libxfs_verify_fsbno #define xfs_verify_ino libxfs_verify_ino #define xfs_verify_rtbno libxfs_verify_rtbno +#define xfs_verity_hashname libxfs_verity_hashname #define xfs_zero_extent libxfs_zero_extent /* Please keep this list alphabetized. */ diff --git a/man/man8/xfs_db.8 b/man/man8/xfs_db.8 index 2c5aed2cf38c..deba4a6354aa 100644 --- a/man/man8/xfs_db.8 +++ b/man/man8/xfs_db.8 @@ -902,6 +902,11 @@ option is specified, the directory-specific hash function is used. This only makes a difference on filesystems with ascii case-insensitive lookups enabled. +If the +.B \-m +option is specified, the merkle tree-specific hash function is used. +The merkle tree block offset must be specified as an argument. + If the .B \-p option is specified, the parent pointer-specific hash function is used. From patchwork Tue Apr 30 03:38:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648195 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1722B101CE; Tue, 30 Apr 2024 03:38:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448292; cv=none; b=SsZ6dNQF4NiI9RcVkWAVDY1r4t2wOD/3nmnyM+C8k7NrzpS1Hv+rTwGNc526+LkfjGvHjWdhVgO7KTJFHXPGlbOUSqnP56B9srTTFWOt4GAv2BqajnRhBJLxuRbZHqHQyROhwYjwLa/F7AxWGJcg8dMfWW/1GXbZvu56aMQ3O8A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448292; c=relaxed/simple; bh=Fx+iBR1INLeZPQ429XVKohGIqa4/fizPIT+AcDKitok=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Bhs6JqVF6hBCfvTEpDtkrdier7rkYJb+8cgwluGZKjOXahm2CKrtyhCCdwQ6u5mQE3Tnt3EanQtVnSZ34InNP7hsMRwqfxL63QeLovWFhkVt0WRoykSJ4J0SG3kVzh1EN8qEbUwU5TpJCOHZtr5U1w2Z0+NLIzK3XCER4CHuuwo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Nyf5WJjc; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Nyf5WJjc" Received: by smtp.kernel.org (Postfix) with ESMTPSA id D9424C116B1; Tue, 30 Apr 2024 03:38:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448291; bh=Fx+iBR1INLeZPQ429XVKohGIqa4/fizPIT+AcDKitok=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=Nyf5WJjcPe7aqrEvJCWoPf9pA3BK8ikVkdwhwKudfZsqVWXuXKMgF4ceq+gbI+ZNv 3lD2k8V3rT8SlXZJ423hnJN0ZiSBIpvmcSa7ba1C71CndAsrK87VUZOgsshCgMh94i 6d7JCdXfdgxOaB0aTK/kJm1a2iOz1NA6ALs7ZClqzL7P/UTxqMmFDFsroIanx1qlDf Y42CHDVJ+cAGmSWx/eWo9Z/r/4flqoP4IHbM5gXEwJl5Ea8frNi3E+dtT0KCWbvVcA 0E9NMTQwUw58zQ0l5BS89LTl0x43WJ94iFjUDB+ofASXj4plThW4/lDNFcXLqorlLY x7TA/vhlwBrTw== Date: Mon, 29 Apr 2024 20:38:11 -0700 Subject: [PATCH 28/38] xfs_repair: junk fsverity xattrs when unnecessary From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683541.960383.2565362271938349523.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Remove any fs-verity extended attributes when the filesystem doesn't support fs-verity. Signed-off-by: Darrick J. Wong --- repair/attr_repair.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/repair/attr_repair.c b/repair/attr_repair.c index 227e5dbcd016..898eb3edfd12 100644 --- a/repair/attr_repair.c +++ b/repair/attr_repair.c @@ -334,6 +334,13 @@ process_shortform_attr( junkit |= 1; } + if ((currententry->flags & XFS_ATTR_VERITY) && + !xfs_has_verity(mp)) { + do_warn( + _("verity metadata found on filesystem that doesn't support verity\n")); + junkit |= 1; + } + remainingspace = remainingspace - xfs_attr_sf_entsize(currententry); @@ -543,6 +550,14 @@ process_leaf_attr_local( return -1; } + if ((entry->flags & XFS_ATTR_VERITY) && !xfs_has_verity(mp)) { + do_warn( + _("verity metadata found in attribute entry %d in attr block %u, inode %" + PRIu64 " on filesystem that doesn't support verity\n"), + i, da_bno, ino); + return -1; + } + return xfs_attr_leaf_entsize_local(local->namelen, be16_to_cpu(local->valuelen)); } @@ -592,6 +607,14 @@ process_leaf_attr_remote( return -1; } + if ((entry->flags & XFS_ATTR_VERITY) && !xfs_has_verity(mp)) { + do_warn( + _("verity metadata found in attribute entry %d in attr block %u, inode %" + PRIu64 " on filesystem that doesn't support verity\n"), + i, da_bno, ino); + return -1; + } + value = malloc(be32_to_cpu(remotep->valuelen)); if (value == NULL) { do_warn( From patchwork Tue Apr 30 03:38:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648196 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0C44816426; Tue, 30 Apr 2024 03:38:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448308; cv=none; b=lmzzAfBAygi1NIGmhiIKpaeJ+vf48zmsG5dbte5qOrfZGqlclzL4yeGjTdESBKzymM0n0xaTAicmXee5aU7zfP8BPypOZJBgHjvUJ32cMxsVp1fEGsZIx7+WD/Vt+ACTbFwewOxxKG6VT3R05+cEx05TJmPGBm349jnMGEoK3F0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448308; c=relaxed/simple; bh=jY9iwZqrWyPrh2KA9qwCcm9YXe3C9G43Ql2TL+PHD8M=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ZB6xhMnRzwOcSQ6CE37BHRdSDyfiyK1DVejUtYu+JLu0k51n/71ByIpVbSlSFywSO4waI/ZCbOlxONRXXSJ5XoPakl1Reu7cnwD9t8ycYh2cPwVWcZcxjqN63Pay7OgRGp5laxBrW4hwDT3EUCas8E67cEDszE/BXO6zdaSHwkg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=HDSFRUOq; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="HDSFRUOq" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7BD2EC4AF14; Tue, 30 Apr 2024 03:38:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448307; bh=jY9iwZqrWyPrh2KA9qwCcm9YXe3C9G43Ql2TL+PHD8M=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=HDSFRUOqNJsje4ZClDoQSGSycyQHpdIkZiDUPPMj4us18jrEkdcEBCJXzgJiwNisE /QF6jTv8E+0QbYnSe6RfE+Th+cTGBNY/tFv3Xb5zYzAZJRG/gQB/UR5PCO2650fB29 nQM2wYW/Rbar9j4eZPUSNKneTPWZRGQnD8pkUBNpz2aJU4OJGwP9SvnBPewn8s2zGZ wDf4RyHlPHSLuYc9+yAIkaTbB0Z4ycmIKpx/pZ8fz845s/tTIg509kdA4geYv87VjS vniUr+W8Eni5puhEdwJh0flP7Ax7gwgNLAO2gnxElvKdmgo48axrTB/MVy/dp1lC7B eNxv2cLgzWUcw== Date: Mon, 29 Apr 2024 20:38:27 -0700 Subject: [PATCH 29/38] xfs_repair: clear verity iflag when verity isn't supported From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683556.960383.9295825042846564069.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Clear the fsverity inode flag if the filesystem doesn't support it or if the file is not a regular file. Signed-off-by: Darrick J. Wong --- repair/dinode.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/repair/dinode.c b/repair/dinode.c index 4e39e5e76e90..bbb2db5c8e23 100644 --- a/repair/dinode.c +++ b/repair/dinode.c @@ -3324,6 +3324,34 @@ _("bad (negative) size %" PRId64 " on inode %" PRIu64 "\n"), *dirty = 1; } + if ((flags2 & XFS_DIFLAG2_VERITY) && + !xfs_has_verity(mp)) { + if (!uncertain) { + do_warn( + _("inode %" PRIu64 " is marked verity but file system does not support fs-verity\n"), + lino); + } + + flags2 &= ~XFS_DIFLAG2_VERITY; + if (!no_modify) + *dirty = 1; + } + + if (flags2 & XFS_DIFLAG2_VERITY) { + /* must be a file */ + if (di_mode && !S_ISREG(di_mode)) { + if (!uncertain) { + do_warn( + _("verity flag set on non-file inode %" PRIu64 "\n"), + lino); + } + + flags2 &= ~XFS_DIFLAG2_VERITY; + if (!no_modify) + *dirty = 1; + } + } + if (xfs_dinode_has_large_extent_counts(dino)) { if (dino->di_nrext64_pad) { if (!no_modify) { From patchwork Tue Apr 30 03:38:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648197 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5B66410799; Tue, 30 Apr 2024 03:38:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448323; cv=none; b=jfdd0T/D+P80OcyrgEJWGiU5mp1w5DnicVsfWBKiWN6bb9W/j/LgUjuABwcXPhID6G7scIo/92f++JW6BMhXPQ1ND/fmIDKwdi368rsJG9iypgxoYK+bHoYEU99GWfGN/InwMb1NTvujvPQ/ocu7+j8JG8256OtryPRcBxq/Ab8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448323; c=relaxed/simple; bh=dR/W6WzKRI+ml7jGuTYXn0rHKLmrO3zSmalDGWazBaI=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=JxOLkM066J2aZZyD/lVB+nhmZaH3T2W7DIzJZzm0YWS6/m/uI/aD3/kIyCvmWZzL/OM+THv1TIPbukNU+H2Hn8w+3JKQjHXPixEa/xYZlZZ/geQQomYa/+wsZe5SSKtDTvUnAWVJsX0aI2SKMsF74B33l8fFrmffCh9WuESwbMI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=qc46nFgG; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="qc46nFgG" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2D603C116B1; Tue, 30 Apr 2024 03:38:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448323; bh=dR/W6WzKRI+ml7jGuTYXn0rHKLmrO3zSmalDGWazBaI=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=qc46nFgGWzCMExtT/Xk2cF8/lD1vtCdzPwkEN2cgL3ZSCpBWlqJ6xXQTcpa2tHMAG vZaDa2FAcpw7LcxH3b5i7ZouPuNNwE3GsIy040RD3flrbbXS1bNDzTep2h6VVRVYWV eyLmJO+ysnOPc+vslZY4+QksPsD+ZPX/SPmODz4EIixtfZ9xW/kunumITN6iU+QaAA imbJdYxKkjY5U2gJNiBNadXU2fSRwwJr+TsxeqG+KjCnmJRVPYe7dXXUiS0NWhLK8D TJZB5FOCLuTthpE/Bj3YYQ1tFwcA+ZBJ5Et2wIgNeyJY/cdspx8+t7b5QPrVfwPkth CycmBPNUQ3yvQ== Date: Mon, 29 Apr 2024 20:38:42 -0700 Subject: [PATCH 30/38] xfs_repair: handle verity remote attrs From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683571.960383.7291165413166367611.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Teach xfs_repair to handle remote verity xattr values. Signed-off-by: Darrick J. Wong --- repair/attr_repair.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/repair/attr_repair.c b/repair/attr_repair.c index 898eb3edfd12..2d0df492f71a 100644 --- a/repair/attr_repair.c +++ b/repair/attr_repair.c @@ -428,8 +428,14 @@ process_shortform_attr( * many blocks per remote value, so one by one is sufficient. */ static int -rmtval_get(xfs_mount_t *mp, xfs_ino_t ino, blkmap_t *blkmap, - xfs_dablk_t blocknum, int valuelen, char* value) +rmtval_get( + struct xfs_mount *mp, + xfs_ino_t ino, + unsigned int attrns, + blkmap_t *blkmap, + xfs_dablk_t blocknum, + int valuelen, + char* value) { xfs_fsblock_t bno; struct xfs_buf *bp; @@ -437,12 +443,14 @@ rmtval_get(xfs_mount_t *mp, xfs_ino_t ino, blkmap_t *blkmap, int hdrsize = 0; int error; - if (xfs_has_crc(mp)) + if (xfs_has_crc(mp) && !(attrns & XFS_ATTR_VERITY)) hdrsize = sizeof(struct xfs_attr3_rmt_hdr); /* ASSUMPTION: valuelen is a valid number, so use it for looping */ /* Note that valuelen is not a multiple of blocksize */ while (amountdone < valuelen) { + const struct xfs_buf_ops *ops; + bno = blkmap_get(blkmap, blocknum + i); if (bno == NULLFSBLOCK) { do_warn( @@ -450,9 +458,11 @@ rmtval_get(xfs_mount_t *mp, xfs_ino_t ino, blkmap_t *blkmap, clearit = 1; break; } + + ops = libxfs_attr3_remote_buf_ops(attrns); error = -libxfs_buf_read(mp->m_dev, XFS_FSB_TO_DADDR(mp, bno), XFS_FSB_TO_BB(mp, 1), LIBXFS_READBUF_SALVAGE, - &bp, &xfs_attr3_rmt_buf_ops); + &bp, ops); if (error) { do_warn( _("can't read remote block for attributes of inode %" PRIu64 "\n"), ino); @@ -623,7 +633,8 @@ process_leaf_attr_remote( do_warn(_("SKIPPING this remote attribute\n")); goto out; } - if (rmtval_get(mp, ino, blkmap, be32_to_cpu(remotep->valueblk), + if (rmtval_get(mp, ino, entry->flags, blkmap, + be32_to_cpu(remotep->valueblk), be32_to_cpu(remotep->valuelen), value)) { do_warn( _("remote attribute get failed for entry %d, inode %" PRIu64 "\n"), From patchwork Tue Apr 30 03:38:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648198 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 47EC111187; Tue, 30 Apr 2024 03:38:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448339; cv=none; b=nuCTvf+Z6zvn+5G+8ruJHN1gcj5Mvw++2y5g0TUsni8fiWup5Wnl8enJULB/+rap/O1swm31bKMJ/GVpV/QaPkN2eOwktLtgKTCRbW8L6RwzGokrgOSmxMba7yjxIK1CZfjYbNtwbBmT85had02FYETPM4r6z7X1mNbwmVNuqig= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448339; c=relaxed/simple; bh=v92rfR54wuzZpBFS9rrFKms+Qe2OPaKb2Wh/i6ldAww=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=D/QqIuTs75p+UFSdnUEotVfHzI5s3mM7zsLX3Rl7B0Q5NmqVeGADB4AZFWwp1KUrH1w0NHFPrx5cwb5eQK/GWHvV0fInp+vNCqMTo3fJaPCoQ/54K+7+fBxE0ppHv2HlUGq1RqOk+qmx3nzEVly/7+Tj+mBBs6mnt28IJUEHUfw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=cEtC4pPg; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="cEtC4pPg" Received: by smtp.kernel.org (Postfix) with ESMTPSA id C7CF8C116B1; Tue, 30 Apr 2024 03:38:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448338; bh=v92rfR54wuzZpBFS9rrFKms+Qe2OPaKb2Wh/i6ldAww=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=cEtC4pPge+WmzeAWCobfLUrLC7zYvcH1TLgOjJtYUMxlpRatN1lmw01YrOBaWkbMV +ZKswEAacbbuvWIfmPnvoBWJtiYKsKWUE5XUA10BSN2lHhhpBJNdRQMZmzCaVCtjRH +hUQJpCvJkWnQjEmslbv+/8YCdFbftElSfQVXjy4LDT3oqlXfrN7rCjVJN8B7M5x1A Ho0QexhtEwBSt7nfISTzZoP6K8kT0JiNPGdu4uSqUsQoFcmtv7RnpG74skdpHTpdQ4 BNSd3xTPxIS+E98hfKp/kLqH9mz4qEMQXWI+d9F26EoQculeYhfM5Ru0oeydlKMKsG YRUnRHZ7BByYw== Date: Mon, 29 Apr 2024 20:38:58 -0700 Subject: [PATCH 31/38] xfs_repair: allow upgrading filesystems with verity From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683584.960383.11515585204799823025.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Allow upgrading of filesystems to support verity. Signed-off-by: Darrick J. Wong --- man/man8/xfs_admin.8 | 6 ++++++ repair/globals.c | 1 + repair/globals.h | 1 + repair/phase2.c | 24 ++++++++++++++++++++++++ repair/xfs_repair.c | 11 +++++++++++ 5 files changed, 43 insertions(+) diff --git a/man/man8/xfs_admin.8 b/man/man8/xfs_admin.8 index 83f8fe88ff18..cd18c18fd1b5 100644 --- a/man/man8/xfs_admin.8 +++ b/man/man8/xfs_admin.8 @@ -209,6 +209,12 @@ The filesystem cannot be downgraded after this feature is enabled. This upgrade is not possible if a realtime volume has already been added to the filesystem. This feature is not upstream yet. +.TP 0.4i +.B verity +Enable fs-verity on the filesystem, which allows for sealing of regular file +data with signed hashes. +The filesystem cannot be downgraded after this feature is enabled. +This feature is not upstream yet. .RE .TP .BI \-U " uuid" diff --git a/repair/globals.c b/repair/globals.c index a50e4959cbc1..410c3cd39d05 100644 --- a/repair/globals.c +++ b/repair/globals.c @@ -59,6 +59,7 @@ bool add_rmapbt; /* add reverse mapping btrees */ bool add_parent; /* add parent pointers */ bool add_metadir; /* add metadata directory tree */ bool add_rtgroups; /* add realtime allocation groups */ +bool add_verity; /* add fs-verity support */ /* misc status variables */ diff --git a/repair/globals.h b/repair/globals.h index 4f9683bda949..994ea2b4e946 100644 --- a/repair/globals.h +++ b/repair/globals.h @@ -100,6 +100,7 @@ extern bool add_rmapbt; /* add reverse mapping btrees */ extern bool add_parent; /* add parent pointers */ extern bool add_metadir; /* add metadata directory tree */ extern bool add_rtgroups; /* add realtime allocation groups */ +extern bool add_verity; /* add fs-verity support */ /* misc status variables */ diff --git a/repair/phase2.c b/repair/phase2.c index d1b2824caace..f8b0fefe3bc0 100644 --- a/repair/phase2.c +++ b/repair/phase2.c @@ -429,6 +429,28 @@ set_rtgroups( return true; } +static bool +set_verity( + struct xfs_mount *mp, + struct xfs_sb *new_sb) +{ + if (xfs_has_verity(mp)) { + printf(_("Filesystem already supports verity.\n")); + exit(0); + } + + if (!xfs_has_crc(mp)) { + printf( + _("Verity feature only supported on V5 filesystems.\n")); + exit(0); + } + + printf(_("Adding verity to filesystem.\n")); + new_sb->sb_features_ro_compat |= XFS_SB_FEAT_RO_COMPAT_VERITY; + new_sb->sb_features_incompat |= XFS_SB_FEAT_INCOMPAT_NEEDSREPAIR; + return true; +} + struct check_state { struct xfs_sb sb; uint64_t features; @@ -868,6 +890,8 @@ upgrade_filesystem( dirty |= set_metadir(mp, &new_sb); if (add_rtgroups) dirty |= set_rtgroups(mp, &new_sb); + if (add_verity) + dirty |= set_verity(mp, &new_sb); if (!dirty) return; diff --git a/repair/xfs_repair.c b/repair/xfs_repair.c index faaea4d45224..ab6f97157f1b 100644 --- a/repair/xfs_repair.c +++ b/repair/xfs_repair.c @@ -77,6 +77,7 @@ enum c_opt_nums { CONVERT_PARENT, CONVERT_METADIR, CONVERT_RTGROUPS, + CONVERT_VERITY, C_MAX_OPTS, }; @@ -92,6 +93,7 @@ static char *c_opts[] = { [CONVERT_PARENT] = "parent", [CONVERT_METADIR] = "metadir", [CONVERT_RTGROUPS] = "rtgroups", + [CONVERT_VERITY] = "verity", [C_MAX_OPTS] = NULL, }; @@ -438,6 +440,15 @@ process_args(int argc, char **argv) _("-c rtgroups only supports upgrades\n")); add_rtgroups = true; break; + case CONVERT_VERITY: + if (!val) + do_abort( + _("-c verity requires a parameter\n")); + if (strtol(val, NULL, 0) != 1) + do_abort( + _("-c verity only supports upgrades\n")); + add_verity = true; + break; default: unknown('c', val); break; From patchwork Tue Apr 30 03:39:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648199 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D6A9810799; Tue, 30 Apr 2024 03:39:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448354; cv=none; b=dWakv7IDZ0kuxE4e9JL1vl7UryFRTO8ItNALtd++D0AR1/h+K8RAgZ13iMDA+OUKOIBSoGRFHgr3uGjsX3I3v5i1A2NHvBrtahYh2OW1Bn3z76HVOzAdlqXWDlc14tglnIcJl/DhjzOL28wpAZzzVYlGz6+w9DrGd/+besv0qHY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448354; c=relaxed/simple; bh=eleAA7Z+iIcJqnWHhYYHB3OOITqoJobCSFCgmxHiyxM=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=AdrtAka2rwtbjSMbwpBYblgSFJ83lsALj5o4hD6P/Ux2aLwnB3cS8WNd5A7xtjZz3RnySUSFuevjWb605526i7H88W9EjXs9VMLFVpIrGsGZua442lR43toqbqhFNj9sesklaXbfrKOO8X3wSAz6LKlVyuvo6lhVTtVaub62o4s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=r3HKIiF/; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="r3HKIiF/" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 73DCDC116B1; Tue, 30 Apr 2024 03:39:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448354; bh=eleAA7Z+iIcJqnWHhYYHB3OOITqoJobCSFCgmxHiyxM=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=r3HKIiF/jttEjvcSfK6iKmOktzKTZopG0xotPsNj164B8x7cGDQ9KTnq1dPyUnGQp 9l3V8ybQ1kmqWdlIYqUYQGkLP7NB+XPlhoWocIp5J/xhqHL2L2nPLyApjN/IO/Qg5g 1gQze6G3jFtUFTik+MZjl5gUZ791qoYtho1tr1+28QnuW8J3Ne74uibFDyKKES4ZaF aJlOdYBPleEb8wVE78zPJy64HAIX+OxBYokX7CYuS8aUJl+l48MdT6elzf4W5Bx+yT JM5ofgQ/29q6eDnkyryObBYOWwDsmGOarHjYm2cfen/w6Y/F3E/fRBtewkZgktsfGe ZhqL5iCoomoGg== Date: Mon, 29 Apr 2024 20:39:14 -0700 Subject: [PATCH 32/38] xfs_scrub: check verity file metadata From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683599.960383.17074672145055040251.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong If phase 5 encounters a fsverity file, read its metadata to see if we encounter any errors. The consistency of the file data vs. the hashes in the merkle tree are checked during the media scan. Signed-off-by: Darrick J. Wong --- scrub/Makefile | 4 + scrub/inodes.h | 22 +++++++ scrub/phase5.c | 182 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 208 insertions(+) diff --git a/scrub/Makefile b/scrub/Makefile index 885b43e9948d..ad010a05249f 100644 --- a/scrub/Makefile +++ b/scrub/Makefile @@ -109,6 +109,10 @@ CFILES += unicrash.c LCFLAGS += -DHAVE_LIBICU $(LIBICU_CFLAGS) endif +ifeq ($(HAVE_FSVERITY_DESCR),yes) +LCFLAGS += -DHAVE_FSVERITY_DESCR +endif + # Automatically trigger a media scan once per month XFS_SCRUB_ALL_AUTO_MEDIA_SCAN_INTERVAL=1mo diff --git a/scrub/inodes.h b/scrub/inodes.h index 7a0b275e575e..aab2d721fe02 100644 --- a/scrub/inodes.h +++ b/scrub/inodes.h @@ -25,4 +25,26 @@ int scrub_scan_all_inodes(struct scrub_ctx *ctx, scrub_inode_iter_fn fn, int scrub_open_handle(struct xfs_handle *handle); +/* + * Might this be a file that's missing its fsverity metadata? When this is the + * case, an open() call will return ENODATA. + */ +static inline bool fsverity_meta_is_missing(int error) +{ + switch (error) { + case ENODATA: + case EMSGSIZE: + case EINVAL: + case EFSCORRUPTED: + case EFBIG: + /* + * The nonzero errno codes above are the error codes that can + * be returned from fsverity on metadata validation errors. + */ + return true; + } + + return false; +} + #endif /* XFS_SCRUB_INODES_H_ */ diff --git a/scrub/phase5.c b/scrub/phase5.c index 6fd3c6982704..6f157fa3570c 100644 --- a/scrub/phase5.c +++ b/scrub/phase5.c @@ -28,6 +28,7 @@ #include "descr.h" #include "unicrash.h" #include "repair.h" +#include "atomic.h" /* Phase 5: Full inode scans and check directory connectivity. */ @@ -359,6 +360,183 @@ check_dir_connection( return EADDRNOTAVAIL; } +#ifdef HAVE_FSVERITY_DESCR +struct fsverity_object { + const char *name; + int type; +}; + +struct fsverity_object fsverity_objects[] = { + { + .name = "descriptor", + .type = FS_VERITY_METADATA_TYPE_DESCRIPTOR, + }, + { + .name = "merkle tree", + .type = FS_VERITY_METADATA_TYPE_MERKLE_TREE, + }, + { + .name = "signature", + .type = FS_VERITY_METADATA_TYPE_SIGNATURE, + }, +}; + +static void *fsverity_buf; +#define FSVERITY_BUFSIZE (32768) + +static inline void * +get_fsverity_buf(void) +{ + static pthread_mutex_t buf_lock = PTHREAD_MUTEX_INITIALIZER; + void *new_buf; + + if (!fsverity_buf) { + new_buf = malloc(FSVERITY_BUFSIZE); + if (!new_buf) + return NULL; + + pthread_mutex_lock(&buf_lock); + if (!fsverity_buf) { + fsverity_buf = new_buf; + new_buf = NULL; + } + pthread_mutex_unlock(&buf_lock); + if (new_buf) + free(new_buf); + } + + return fsverity_buf; +} + +static int +read_fsverity_object( + struct scrub_ctx *ctx, + struct descr *dsc, + int fd, + const struct fsverity_object *verity_obj) +{ + struct fsverity_read_metadata_arg arg = { + .buf_ptr = (uintptr_t)get_fsverity_buf(), + .metadata_type = verity_obj->type, + .length = FSVERITY_BUFSIZE, + }; + int ret; + + if (!arg.buf_ptr) { + str_liberror(ctx, ENOMEM, descr_render(dsc)); + return ENOMEM; + } + + do { + ret = ioctl(fd, FS_IOC_READ_VERITY_METADATA, &arg); + if (ret < 0) { + ret = errno; + switch (ret) { + case ENODATA: + /* No fsverity metadata found. We're done. */ + return 0; + case ENOTTY: + case EOPNOTSUPP: + /* not a verity file or object doesn't exist */ + str_error(ctx, descr_render(dsc), + _("fsverity %s not supported at data offset %llu length %llu?"), + verity_obj->name, + arg.offset, arg.length); + return ret; + default: + /* some other error */ + str_error(ctx, descr_render(dsc), + _("fsverity %s read error at data offset %llu length %llu."), + verity_obj->name, + arg.offset, arg.length); + return ret; + } + } + arg.offset += ret; + } while (ret > 0); + + return 0; +} + +/* Read all the fsverity metadata. */ +static int +check_fsverity_metadata( + struct scrub_ctx *ctx, + struct descr *dsc, + int fd) +{ + unsigned int i; + int error; + + for (i = 0; i < ARRAY_SIZE(fsverity_objects); i++) { + error = read_fsverity_object(ctx, dsc, fd, + &fsverity_objects[i]); + if (error) + return error; + } + + return 0; +} + +/* Open this verity file and check its merkle tree and verity descriptor. */ +static int +check_verity_file( + struct scrub_ctx *ctx, + struct xfs_handle *handle, + struct xfs_bulkstat *bstat, + struct descr *dsc, + int *fdp) +{ + int error; + + /* Only regular files can have fsverity set. */ + if (!S_ISREG(bstat->bs_mode)) { + str_error(ctx, descr_render(dsc), + _("fsverity cannot be set on a regular file.")); + return 0; + } + + *fdp = scrub_open_handle(handle); + if (*fdp >= 0) + return check_fsverity_metadata(ctx, dsc, *fdp); + + /* Handle is stale, try again. */ + if (errno == ESTALE) + return ESTALE; + + /* + * If the fsverity metadata is missing, inform the user and move on to + * the next file. + */ + if (fsverity_meta_is_missing(errno)) { + str_error(ctx, descr_render(dsc), + _("fsverity metadata missing.")); + return 0; + } + + /* Some other runtime error. */ + error = errno; + str_errno(ctx, descr_render(dsc)); + return error; +} +#else +static int +check_verity_file( + struct scrub_ctx *ctx, + struct xfs_handle *handle, + struct xfs_bulkstat *bstat, + struct descr *dsc, + int *fdp) +{ + static atomic_t warned; + + if (!atomic_inc_return(&warned)) + str_warn(ctx, descr_render(dsc), + _("fsverity metadata checking not supported\n")); + return 0; +} +#endif /* HAVE_FSVERITY_DESCR */ + /* * Verify the connectivity of the directory tree. * We know that the kernel's open-by-handle function will try to reconnect @@ -422,6 +600,10 @@ check_inode_names( error = check_dirent_names(ctx, &dsc, &fd, bstat); if (error) goto err_fd; + } else if (bstat->bs_xflags & FS_XFLAG_VERITY) { + error = check_verity_file(ctx, handle, bstat, &dsc, &fd); + if (error) + goto err_fd; } progress_add(1); From patchwork Tue Apr 30 03:39:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648200 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7D7A4DDA6; Tue, 30 Apr 2024 03:39:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448371; cv=none; b=Or7D70qJHmqVXogChBl3Fcw/8UIyqLS7maHPstiXhjb/JQXsHJkZCGZYneAVhsgWMpvXtcLQKLKDVoReReg1g4r9aiRq/rXrVXw71fdmv85cdncIQE2mIYKiyV/NG3mrCTkeaSBCBWLa42yVPd6K8ra0InQdGvbNlEaqE1DntOM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448371; c=relaxed/simple; bh=cTbykhDLnR4c1cnrmCzZrdQTHUSD8m9a0dezxLky73o=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=qrXePuntuHC02JwOMxoiJN2AnIszHVQA6UpAvMdFtwYl8YfeeuQAZi53BWm4IKcmxK+A1wGYtpR5V0Fsfe19WTmQGG+3VBFycFUOLkY8Xkm31phn7QxAcnu3jDWwtfMZlMudZluIhYLzCi30srX91QZhWdAuNeoDxCtL6QhAob4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=deC0I+1C; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="deC0I+1C" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 17029C116B1; Tue, 30 Apr 2024 03:39:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448370; bh=cTbykhDLnR4c1cnrmCzZrdQTHUSD8m9a0dezxLky73o=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=deC0I+1C9BF1S5a2J8HP2DIarjQLGRyEt3Wa7bfEugKglUD5OllXUQ/luy5bbE2jE fZybGfVbALkXcqEZqqBB6ygoiTGsUiBEv+Oxtu5bVGuMdMcgcqUKakWne1TdJXeQUB qllGEpLRnSw8vb+etCNOZxs1vLGCamlYwuNn+KSCZe8OTPYuUMVjbIdPDDZdWGh++k AMHuP/8sbMzq2oK88E17EcVIJ6ipZCWzUtZJvt2xP1u5lteyGOb/64gPxCC4cumuYO 6VeV8XiJl5AV9ag+JafsA5YItYvjhv2Tb9xN/mWnmzrGgyG+d4hcsuOj5Jl6QwQjGm Bbzq3fgimKLow== Date: Mon, 29 Apr 2024 20:39:29 -0700 Subject: [PATCH 33/38] xfs_scrub: validate verity file contents when doing a media scan From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683613.960383.9616089814402935985.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Augment the media scan when verity files are detected by reading those files' pagecache to force verity to compare the hash and (optional) signatures. Signed-off-by: Darrick J. Wong --- scrub/phase6.c | 305 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 305 insertions(+) diff --git a/scrub/phase6.c b/scrub/phase6.c index de7fcb548fe6..983470b7bece 100644 --- a/scrub/phase6.c +++ b/scrub/phase6.c @@ -23,6 +23,8 @@ #include "vfs.h" #include "common.h" #include "libfrog/bulkstat.h" +#include "descr.h" +#include "progress.h" /* * Phase 6: Verify data file integrity. @@ -34,6 +36,9 @@ * to tell us if metadata are now corrupt. Otherwise, we'll scan the * whole directory tree looking for files that overlap the bad regions * and report the paths of the now corrupt files. + * + * If the filesystem supports verity, read the contents of each verity file to + * force it to validate the file contents. */ /* Verify disk blocks with GETFSMAP */ @@ -674,6 +679,285 @@ remember_ioerr( str_liberror(ctx, ret, _("setting bad block bitmap")); } +struct verity_ctx { + struct scrub_ctx *ctx; + struct workqueue wq_ddev; + struct workqueue wq_rtdev; + bool aborted; +}; + +struct verity_file_ctx { + struct xfs_handle handle; + struct verity_ctx *vc; +}; + +static int +render_ino_from_handle( + struct scrub_ctx *ctx, + char *buf, + size_t buflen, + void *data) +{ + struct xfs_handle *han = data; + + return scrub_render_ino_descr(ctx, buf, buflen, han->ha_fid.fid_ino, + han->ha_fid.fid_gen, NULL); +} + +static inline void +report_verity_error( + struct scrub_ctx *ctx, + struct descr *dsc, + off_t fail_pos, + off_t fail_len) +{ + if (fail_pos < 0) + return; + + str_unfixable_error(ctx, descr_render(dsc), + _("verity error at offsets %llu-%llu"), + (unsigned long long)fail_pos, + (unsigned long long)(fail_pos + fail_len - 1)); +} + +/* Record a verity validation error and maybe log an old error. */ +static inline void +record_verity_error( + struct scrub_ctx *ctx, + struct descr *dsc, + off_t pos, + size_t len, + off_t *fail_pos, + off_t *fail_len) +{ + if (*fail_pos < 0) + goto record; + + if (pos == *fail_pos + *fail_len) { + *fail_len += len; + return; + } + + report_verity_error(ctx, dsc, *fail_pos, *fail_len); +record: + *fail_pos = pos; + *fail_len = len; +} + +/* Record a verity validation success and maybe log an old error. */ +static inline void +record_verity_success( + struct scrub_ctx *ctx, + struct descr *dsc, + off_t *fail_pos, + off_t *fail_len) +{ + if (*fail_pos >= 0) + report_verity_error(ctx, dsc, *fail_pos, *fail_len); + + *fail_pos = -1; + *fail_len = 0; +} + +/* Scan a verity file's data looking for validation errors. */ +static void +scan_verity_file( + struct workqueue *wq, + uint32_t index, + void *arg) +{ + struct stat sb; + struct verity_file_ctx *vf = arg; + struct scrub_ctx *ctx = vf->vc->ctx; + off_t pos; + off_t fail_pos = -1, fail_len = 0; + int fd; + int ret; + DEFINE_DESCR(dsc, ctx, render_ino_from_handle); + + descr_set(&dsc, &vf->handle); + + if (vf->vc->aborted) { + ret = ECANCELED; + goto out_vf; + } + + fd = scrub_open_handle(&vf->handle); + if (fd < 0) { + /* + * Stale file handle means that the verity file is gone. + * + * Even if there's a replacement file, its contents have been + * freshly written and checked. Either way, we can skip + * scanning this file. + */ + if (errno == ESTALE) { + ret = 0; + goto out_vf; + } + + /* + * If the fsverity metadata is missing, inform the user and + * move on to the next file. + */ + if (fsverity_meta_is_missing(errno)) { + str_error(ctx, descr_render(&dsc), + _("fsverity metadata missing.")); + ret = 0; + goto out_vf; + } + + ret = -errno; + str_errno(ctx, descr_render(&dsc)); + goto out_vf; + } + + ret = fstat(fd, &sb); + if (ret) { + str_errno(ctx, descr_render(&dsc)); + goto out_fd; + } + + /* Read a single byte from each block in the file to validate. */ + for (pos = 0; pos < sb.st_size; pos += sb.st_blksize) { + char c; + ssize_t bytes_read; + + bytes_read = pread(fd, &c, 1, pos); + if (!bytes_read) + break; + if (bytes_read > 0) { + record_verity_success(ctx, &dsc, &fail_pos, &fail_len); + progress_add(sb.st_blksize); + continue; + } + + if (errno == EIO) { + size_t length = min(sb.st_size - pos, sb.st_blksize); + + record_verity_error(ctx, &dsc, pos, length, &fail_pos, + &fail_len); + continue; + } + + str_errno(ctx, descr_render(&dsc)); + break; + } + report_verity_error(ctx, &dsc, fail_pos, fail_len); + + ret = close(fd); + if (ret) { + str_errno(ctx, descr_render(&dsc)); + goto out_vf; + } + fd = -1; + +out_fd: + if (fd >= 0) + close(fd); +out_vf: + if (ret) + vf->vc->aborted = true; + free(vf); + return; +} + +/* If this is a verity file, queue it for scanning. */ +static int +schedule_verity_file( + struct scrub_ctx *ctx, + struct xfs_handle *handle, + struct xfs_bulkstat *bs, + void *arg) +{ + struct verity_ctx *vc = arg; + struct verity_file_ctx *vf; + int ret; + + if (vc->aborted) + return ECANCELED; + + if (!(bs->bs_xflags & FS_XFLAG_VERITY)) { + progress_add(bs->bs_size); + return 0; + } + + vf = malloc(sizeof(struct verity_file_ctx)); + if (!vf) { + str_errno(ctx, _("could not allocate fsverity scan context")); + vc->aborted = true; + return ENOMEM; + } + + /* Queue the validation work. */ + vf->handle = *handle; /* struct copy */ + vf->vc = vc; + + if (bs->bs_xflags & FS_XFLAG_REALTIME) + ret = -workqueue_add(&vc->wq_rtdev, scan_verity_file, 0, vf); + else + ret = -workqueue_add(&vc->wq_ddev, scan_verity_file, 0, vf); + if (ret) { + str_liberror(ctx, ret, _("could not schedule fsverity scan")); + vc->aborted = true; + return ECANCELED; + } + + return 0; +} + +static int +scan_verity_files( + struct scrub_ctx *ctx) +{ + struct verity_ctx vc = { + .ctx = ctx, + }; + unsigned int verifier_threads; + int ret; + + /* Create thread pool for data dev fsverity processing. */ + verifier_threads = disk_heads(ctx->datadev); + if (verifier_threads == 1) + verifier_threads = 0; + ret = -workqueue_create_bound(&vc.wq_ddev, ctx, verifier_threads, 500); + if (ret) { + str_liberror(ctx, ret, _("creating data dev fsverity workqueue")); + return ret; + } + + /* Create thread pool for rtdev fsverity processing. */ + if (ctx->rtdev) { + verifier_threads = disk_heads(ctx->rtdev); + if (verifier_threads == 1) + verifier_threads = 0; + ret = -workqueue_create_bound(&vc.wq_rtdev, ctx, + verifier_threads, 500); + if (ret) { + str_liberror(ctx, ret, + _("creating rt dev fsverity workqueue")); + goto out_ddev; + } + } + + /* Find all the verity inodes. */ + ret = scrub_scan_all_inodes(ctx, schedule_verity_file, 0, &vc); + if (ret) + goto out_rtdev; + if (vc.aborted) { + ret = ECANCELED; + goto out_rtdev; + } + +out_rtdev: + workqueue_terminate(&vc.wq_rtdev); + workqueue_destroy(&vc.wq_rtdev); +out_ddev: + workqueue_terminate(&vc.wq_ddev); + workqueue_destroy(&vc.wq_ddev); + return ret; +} + /* * Read verify all the file data blocks in a filesystem. Since XFS doesn't * do data checksums, we trust that the underlying storage will pass back @@ -689,6 +973,12 @@ phase6_func( struct media_verify_state vs = { NULL }; int ret, ret2, ret3; + if (ctx->mnt.fsgeom.flags & XFS_FSOP_GEOM_FLAGS_VERITY) { + ret = scan_verity_files(ctx); + if (ret) + return ret; + } + ret = -bitmap_alloc(&vs.d_bad); if (ret) { str_liberror(ctx, ret, _("creating datadev badblock bitmap")); @@ -816,5 +1106,20 @@ phase6_estimate( if (ctx->logdev) *nr_threads += disk_heads(ctx->logdev); *rshift = 20; + + /* + * If fsverity is active, double the amount of progress items because + * we will want to validate individual files' data with fsverity. + * Bump the thread counts for the separate verity thread pools and the + * inode scanner. + */ + if (ctx->mnt.fsgeom.flags & XFS_FSOP_GEOM_FLAGS_VERITY) { + *items *= 2; + *nr_threads += disk_heads(ctx->datadev); + *nr_threads += scrub_nproc_workqueue(ctx); + if (ctx->rtdev) + *nr_threads += disk_heads(ctx->rtdev); + } + return 0; } From patchwork Tue Apr 30 03:39:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648201 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E0BB310799; Tue, 30 Apr 2024 03:39:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448386; cv=none; b=n67EziUvCA0t2pr6wfCcrHYAqH755oqWsuntF/ATAl1kuy2dBb8w+DqyGG4k2IJ6Qb/Js43y2nJGqw2sgrdIUWeKoNHmHDwWbEKKuYRAcJ+4E8BHoiLgIaDcFMo7X3+gHAvQNXEMgv1I1mNAu8Y1mRow5rV2e7cqU9AgV0B2SzY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448386; c=relaxed/simple; bh=KcSzKWAujvfauQW3Rt1k36M4l5A14EnE/YGTTmeqX58=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=N+Qt2KMkrhW1a+EGxsURP9KUQqsWS8Tms1a70IKjnaz63Hj1EbzPAajp7+BOvhWYB3crJLIYn/IbgrMXwoEZKTxvSK2DNzLRfr100WDGnSAgbTCp1nOGdslZSx2Zd6HYzCdISSPal9qdY5ZronX13PfKsMbrDXcwBob0+u8epnM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Sa0lR+B4; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Sa0lR+B4" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B44D2C116B1; Tue, 30 Apr 2024 03:39:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448385; bh=KcSzKWAujvfauQW3Rt1k36M4l5A14EnE/YGTTmeqX58=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=Sa0lR+B4A766PvRxEU48iW4e6k2Fw7aFevaewBcHeJKBO0HXS47BmSMvsHnLflEYu azIoSACQobW5P6TICLuPbKqLwfCLQdvaX5wFJC5oDKSeYa0YuQpw0qfjAfUmV6GS93 hQXcPfGx1T64Z8+rccdlZFfiACtBxFR596soUBiqjMadmbdoET/k9MCQIzCjj9Dh0O h0/rmwX5kzCkTDOIATl6RFv2lo7h5FPAAVpVJ3PbvpVCe0zVGUuEEoBiYz/nzUcTp9 kMwoG0LJ4dqn2ta8c9GY5EpIpLa6MBfY8xSX0vQtRKluhQml874z8bdJVncNyqlX9P 76PoAuhyibiZA== Date: Mon, 29 Apr 2024 20:39:45 -0700 Subject: [PATCH 34/38] xfs_scrub: use MADV_POPULATE_READ to check verity files From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683629.960383.17431859183948881831.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Use madvise to pull a large number of pages into the pagecache with a single system call. For the common case that everything is consistent, this amortizes syscall overhead over a large amount of data. Signed-off-by: Darrick J. Wong --- scrub/phase6.c | 133 ++++++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 115 insertions(+), 18 deletions(-) diff --git a/scrub/phase6.c b/scrub/phase6.c index 983470b7bece..7bb11510d332 100644 --- a/scrub/phase6.c +++ b/scrub/phase6.c @@ -25,6 +25,7 @@ #include "libfrog/bulkstat.h" #include "descr.h" #include "progress.h" +#include /* * Phase 6: Verify data file integrity. @@ -759,6 +760,97 @@ record_verity_success( *fail_len = 0; } +/* Map at most this many bytes at a time. */ +#define MMAP_LENGTH (4194304) + +/* + * Use MADV_POPULATE_READ to validate verity file contents. Returns @length if + * the entire region validated ok; 0 to signal to the caller that they should + * fall back to regular reads; or a negative errno if some other error + * happened. + */ +static ssize_t +validate_mmap( + int fd, + off_t pos, + size_t length) +{ + void *addr; + int ret; + + /* + * Try to map this file into the address space. If that fails, we can + * fall back to reading the file contents with read(), so collapse all + * error codes to EFAULT. + */ + addr = mmap(NULL, length, PROT_READ, MAP_SHARED, fd, pos); + if (addr == MAP_FAILED) + return 0; + + /* Returns EFAULT for read IO errors. */ + ret = madvise(addr, length, MADV_POPULATE_READ); + if (ret) { + munmap(addr, length); + if (errno == EFAULT) + return 0; + return -errno; + } + + ret = munmap(addr, length); + if (ret) + return -errno; + + return length; +} + +/* + * Use pread to validate verity file contents. Returns the number of bytes + * validated; 0 to signal to the caller that EOF was encountered; or a negative + * errno if some other error happened. + */ +static ssize_t +validate_pread( + struct scrub_ctx *ctx, + struct descr *dsc, + int fd, + const struct stat *statbuf, + off_t pos, + size_t length, + off_t *fail_pos, + off_t *fail_len) +{ + ssize_t validated; + + for (validated = 0; + validated < length; + validated += statbuf->st_blksize, pos += statbuf->st_blksize) { + char c; + ssize_t bytes_read; + + bytes_read = pread(fd, &c, 1, pos); + if (!bytes_read) + break; + if (bytes_read > 0) { + record_verity_success(ctx, dsc, fail_pos, fail_len); + continue; + } + + if (errno == EIO) { + size_t length = min(statbuf->st_size - pos, + statbuf->st_blksize); + + record_verity_error(ctx, dsc, pos, length, fail_pos, + fail_len); + continue; + } + + str_errno(ctx, descr_render(dsc)); + return -errno; + } + + return validated; +} + /* Scan a verity file's data looking for validation errors. */ static void scan_verity_file( @@ -770,10 +862,15 @@ scan_verity_file( struct verity_file_ctx *vf = arg; struct scrub_ctx *ctx = vf->vc->ctx; off_t pos; + off_t max_map_pos; off_t fail_pos = -1, fail_len = 0; int fd; int ret; DEFINE_DESCR(dsc, ctx, render_ino_from_handle); + static long pagesize; + + if (!pagesize) + pagesize = sysconf(_SC_PAGESIZE); descr_set(&dsc, &vf->handle); @@ -818,30 +915,30 @@ scan_verity_file( goto out_fd; } - /* Read a single byte from each block in the file to validate. */ - for (pos = 0; pos < sb.st_size; pos += sb.st_blksize) { - char c; - ssize_t bytes_read; + /* Validate the file contents with MADV_POPULATE_READ and pread */ + max_map_pos = roundup(sb.st_size, pagesize); + for (pos = 0; pos < max_map_pos; pos += MMAP_LENGTH) { + size_t length = min(max_map_pos - pos, MMAP_LENGTH); + ssize_t validated; - bytes_read = pread(fd, &c, 1, pos); - if (!bytes_read) - break; - if (bytes_read > 0) { + validated = validate_mmap(fd, pos, length); + if (validated > 0) { record_verity_success(ctx, &dsc, &fail_pos, &fail_len); - progress_add(sb.st_blksize); + progress_add(validated); continue; } - - if (errno == EIO) { - size_t length = min(sb.st_size - pos, sb.st_blksize); - - record_verity_error(ctx, &dsc, pos, length, &fail_pos, - &fail_len); - continue; + if (validated < 0) { + errno = -validated; + str_errno(ctx, descr_render(&dsc)); + goto out_fd; } - str_errno(ctx, descr_render(&dsc)); - break; + validated = validate_pread(ctx, &dsc, fd, &sb, pos, length, + &fail_pos, &fail_len); + if (validated <= 0) + break; + + progress_add(validated); } report_verity_error(ctx, &dsc, fail_pos, fail_len); From patchwork Tue Apr 30 03:40:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648202 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E4B9BDDA6; Tue, 30 Apr 2024 03:40:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448402; cv=none; b=ennhubCFtC+SNKxaFzEuufomhpDufLJXXnD8Ch4Hl7eM+5GMCs1YmDK5hckRULxwL8rxS5K99wnl/ZThbdEyiKp4SrVIPxowlE/kBEastzqT+Dv4Eiz5aRELpeCD3NWWvEnt5YB2/fPK87AEG6qwCjpsJi++8O8ySWRMGHMtspQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448402; c=relaxed/simple; bh=xH0DWV/35WlzevtdF4gdlLyNIpYJZ1Jc70mrD1ARhAw=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=dhlxS7ppMlSdEJmdrZHi9SQ8CGpEVF7Ks+7MXa+gIpYf2KFqGQtcyiZIHS6VvKuIRDoI4cfTD6LvkE65QDxavScIM65yJkQ1BsWptmgJwlIkpzB6xvRExpoDgUaJDi9jsb/gJN+1H9prBSobBwWWelmGdV0atlFSOxm93ONWpMQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=DqCJVLmh; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="DqCJVLmh" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 64161C116B1; Tue, 30 Apr 2024 03:40:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448401; bh=xH0DWV/35WlzevtdF4gdlLyNIpYJZ1Jc70mrD1ARhAw=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=DqCJVLmhJKTKHQtmc8e6MpyLO57ggcslvmYdpALTDiIEbP8N7QebRWvgctLYx9wOM djs2GqTuAZumBsyYDenJ8QcirQmmbi0S8apxNxh3OoQXEuWcxvtJ2BqnGN4o+gc5UY wBszJlWXNaj521LjUVbh8KmMZt4R1RK4BLv3ldciyPwCURd/ECnkCG6mC5uspxcVj7 xdx2NO6kTqX8LTNEmQJTGfHomUzw4tZ9fEjXTy9dhO4QNkP7iev06FN3fk6LfbWlju aV2ZApxny+63VGlkVcGc6sFzki9IoGVzo/aLwWEfiUZnfRRDAIPyjBi3QscD6q39VR lKccOzzqkrxxw== Date: Mon, 29 Apr 2024 20:40:00 -0700 Subject: [PATCH 35/38] xfs_spaceman: report data corruption From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683644.960383.9038296844797024404.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Report data corruption to userspace. Signed-off-by: Darrick J. Wong --- man/man2/ioctl_xfs_bulkstat.2 | 3 +++ spaceman/health.c | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/man/man2/ioctl_xfs_bulkstat.2 b/man/man2/ioctl_xfs_bulkstat.2 index b6d51aa43811..0afa8177ebb3 100644 --- a/man/man2/ioctl_xfs_bulkstat.2 +++ b/man/man2/ioctl_xfs_bulkstat.2 @@ -329,6 +329,9 @@ Parent pointers. .TP .B XFS_BS_SICK_DIRTREE Directory is the source of corruption in the directory tree. +.TP +.B XFS_BS_SICK_DATA +File data is corrupt. .RE .SH ERRORS Error codes can be one of, but are not limited to, the following: diff --git a/spaceman/health.c b/spaceman/health.c index ee0e108d5b2d..43270209b6a9 100644 --- a/spaceman/health.c +++ b/spaceman/health.c @@ -201,6 +201,10 @@ static const struct flag_map inode_flags[] = { .mask = XFS_BS_SICK_DIRTREE, .descr = "directory tree structure", }, + { + .mask = XFS_BS_SICK_DATA, + .descr = "file data", + }, {0}, }; From patchwork Tue Apr 30 03:40:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648203 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3566013FEE; Tue, 30 Apr 2024 03:40:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448417; cv=none; b=Wix9ZRCkDZTMtB/3K9mraYZpPgxozNTd5Yq0i0lQaHTINMaNdMoW48JlVl1Objhzn9S/8JXi690vlNkZksOqexsYXA0Z9nwFJ2JyYH8sGhiZg0hjqMw0p10wV3Qrk2Nhj3vAj+ZhsXPDJELWWFx8NS0zEif+m/Ysn4awwWvyosg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448417; c=relaxed/simple; bh=BW4AA+hEuHNfXzS8ZpR/m4RoUoXCRJ3Bv/44PzEyqDY=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=jM8swoLo38u/srUJcV9GZMBB3n1JgBxDUc2EfuAgqcjMq0uYHnFjl0EB2zHrnuwYRzfQv54QO2+0o68/S6jSO2PRJ9ssIWXbzbZrWJeMD5LmuoToIhS7Cy5UFNZCufRr5g6RBgIWbx7MauVHA1DnkbmCO5NEWO10aWeU3nQM93E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=nyXxFNSd; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="nyXxFNSd" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0A326C116B1; Tue, 30 Apr 2024 03:40:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448417; bh=BW4AA+hEuHNfXzS8ZpR/m4RoUoXCRJ3Bv/44PzEyqDY=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=nyXxFNSdnxrES7ZkfxT7+GJt4UdLNNv0uxW6RnAgfl9DCRTo9wqwX16g2Sf8/8N/b tI2Z5uaeUdv78cXmMPVV04yLbttDn8WwUkDFxmutJiikVNwtws+4zWh7ZKNL/9ygQk Jrh68MyqYXFNal0viHIxgX4Kg7K9LAx61zI2jchcvTVYCoq04RlQn7CzBn+yUi2iBj RIvwCbEBJQBknego/eF9WMfcXkEk6uje01PHn6HQj+gOG2RB15/SWFcXpY0dwABAdt H0qNWK7xydv68ZcEyMJgHbemx5dmPUhWS0bG4jd46zCjG88G5lh7L9Y8q01LIu+5iQ mm6GTYl2qJ4Sw== Date: Mon, 29 Apr 2024 20:40:16 -0700 Subject: [PATCH 36/38] xfs_io: report fsverity status via statx From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683660.960383.9649245519206526450.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Report if a file has verity enable. Signed-off-by: Darrick J. Wong --- io/attr.c | 2 ++ man/man2/ioctl_xfs_fsgetxattr.2 | 3 +++ man/man8/xfs_io.8 | 4 ++++ 3 files changed, 9 insertions(+) diff --git a/io/attr.c b/io/attr.c index fd82a2e73801..5df4edbbbb41 100644 --- a/io/attr.c +++ b/io/attr.c @@ -37,6 +37,7 @@ static struct xflags { { FS_XFLAG_FILESTREAM, "S", "filestream" }, { FS_XFLAG_DAX, "x", "dax" }, { FS_XFLAG_COWEXTSIZE, "C", "cowextsize" }, + { FS_XFLAG_VERITY, "v", "verity" }, { FS_XFLAG_HASATTR, "X", "has-xattr" }, { 0, NULL, NULL } }; @@ -66,6 +67,7 @@ lsattr_help(void) " S -- enable filestreams allocator for this directory\n" " x -- Use direct access (DAX) for data in this file\n" " C -- for files with shared blocks, observe the inode CoW extent size value\n" +" v -- file has fsverity metadata to validate data contents\n" " X -- file has extended attributes (cannot be changed using chattr)\n" "\n" " Options:\n" diff --git a/man/man2/ioctl_xfs_fsgetxattr.2 b/man/man2/ioctl_xfs_fsgetxattr.2 index 2c626a7e3742..ffcdedc1fb13 100644 --- a/man/man2/ioctl_xfs_fsgetxattr.2 +++ b/man/man2/ioctl_xfs_fsgetxattr.2 @@ -200,6 +200,9 @@ below). If set on a directory, new files and subdirectories created in the directory will have both the flag and the CoW extent size value set. .TP +.B XFS_XFLAG_VERITY +The file has fsverity metadata to verify the file contents. +.TP .B XFS_XFLAG_HASATTR The file has extended attributes associated with it. diff --git a/man/man8/xfs_io.8 b/man/man8/xfs_io.8 index cd6e953d8223..4991ad471bd7 100644 --- a/man/man8/xfs_io.8 +++ b/man/man8/xfs_io.8 @@ -934,6 +934,10 @@ direct access persistent memory (XFS_XFLAG_DAX) .B C copy on write extent hint (XFS_XFLAG_COWEXTSIZE) +.TP +.B v +fsverity enabled (XFS_XFLAG_VERITY) + .TP .B X has extended attributes (XFS_XFLAG_HASATTR) From patchwork Tue Apr 30 03:40:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648204 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D176510A1D; Tue, 30 Apr 2024 03:40:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448432; cv=none; b=t1CyNwDkyowVDJNINt3wtvjIqIpDx5APsPsCZOoVYQEHoeiBbCnzkvR5ooxlZfE+TaanI8V29Y3yZ8m9Bz5yHo0aF+s++V/fd/WvTy+NJKahRnyP4FW708aOx8gW0z71MJNB2kKWI3uRH+AAyPZAp1EQkXfTZnFn1DEyV1QLDFg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448432; c=relaxed/simple; bh=FqpOy3OpxfeJJgGwxXoDU0/j2emkdd9a+CGm9UtME5I=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=bJ5r71FzaOrEpcU50r68F+l+Kha2mpWw2eNSiAGG9k6e2ANg7iUiCMkZeV+/7vsyZgvQsGSsMx2qeLhCidQ8VEDMnVqTUtZUOE1hFIFzR52gE2AnT9qur4I8IThuZ5i2YnViwdOEigsCziramYxYQUZIyOHdRQG6p9BJXkBw7TE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=jLppyDyK; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="jLppyDyK" Received: by smtp.kernel.org (Postfix) with ESMTPSA id A986FC116B1; Tue, 30 Apr 2024 03:40:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448432; bh=FqpOy3OpxfeJJgGwxXoDU0/j2emkdd9a+CGm9UtME5I=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=jLppyDyKbOeXNbVnYuR8H1pMPDhqiM4w9+fzqSEEmG+r9RHzv/wf+EPcd+TrctpzS PvZ3v8vpG6W/9m4hjSl4g2rpwlhHD/se3HnNdxLFfFFlXAa4UApi8/wJBky4cTgZXy PPNbrFmuBqxz73+FwTSTePPY/9zn+Mh0fUU5Gj6LdPp8Z7mb/aanthxCMVap35Cy3L FEawoQ1QBKPXenMH49NiolWAvbmBKWe62cYsti/zl/zZ4hJHmqwXd7OVx45Nvp/CbO rZagono654G7ccZwDZrZqwVvdBSdHUFZCppZOKhM4of08P5dE3H+aoZ879BBE7p4d6 fZRg90M2w2FQQ== Date: Mon, 29 Apr 2024 20:40:32 -0700 Subject: [PATCH 37/38] xfs_io: create magic command to disable verity From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683675.960383.13899048413901232465.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Create a secret command to turn off fsverity if we need to. Signed-off-by: Darrick J. Wong --- io/scrub.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++ man/man8/xfs_io.8 | 3 +++ 2 files changed, 50 insertions(+) diff --git a/io/scrub.c b/io/scrub.c index dc40afdfb36f..8a4a7e2fc3af 100644 --- a/io/scrub.c +++ b/io/scrub.c @@ -19,6 +19,7 @@ static struct cmdinfo scrub_cmd; static struct cmdinfo repair_cmd; static const struct cmdinfo scrubv_cmd; +static const struct cmdinfo noverity_cmd; static void scrub_help(void) @@ -356,6 +357,7 @@ scrub_init(void) add_command(&scrub_cmd); add_command(&scrubv_cmd); + add_command(&noverity_cmd); } static void @@ -730,3 +732,48 @@ static const struct cmdinfo scrubv_cmd = { .oneline = N_("vectored metadata scrub"), .help = scrubv_help, }; + +static void +noverity_help(void) +{ + printf(_( +"\n" +" Disable fsverity on a file.\n")); +} + +#ifndef FS_IOC_DISABLE_VERITY +# define FS_IOC_DISABLE_VERITY _IO('f', 136) +#endif + +static int +noverity_f( + int argc, + char **argv) +{ + int c; + int error; + + while ((c = getopt(argc, argv, "")) != EOF) { + switch (c) { + default: + noverity_help(); + return 0; + } + } + + error = ioctl(file->fd, FS_IOC_DISABLE_VERITY); + if (error) + perror("noverity"); + + return 0; +} + +static const struct cmdinfo noverity_cmd = { + .name = "noverity", + .cfunc = noverity_f, + .argmin = -1, + .argmax = -1, + .flags = CMD_NOMAP_OK, + .oneline = N_("disable fsverity"), + .help = noverity_help, +}; diff --git a/man/man8/xfs_io.8 b/man/man8/xfs_io.8 index 4991ad471bd7..013750faa113 100644 --- a/man/man8/xfs_io.8 +++ b/man/man8/xfs_io.8 @@ -1093,6 +1093,9 @@ Check parameters without changing anything. Do not print timing information at all. .PD .RE +.TP +.B noverity +Disable fs-verity on this file. .SH MEMORY MAPPED I/O COMMANDS .TP From patchwork Tue Apr 30 03:40:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13648205 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 717E010799; Tue, 30 Apr 2024 03:40:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448448; cv=none; b=YxBtOQklXp0hmZfkteh9Nl1XD+C/cvfEBXhjf3lmEktPS6kzxJR0ruISb1MUv7ESN9q5Us+i97C9F1g32S8oBqmV8lLBbYxYhp2V9r/D9T2pVW7fFhvG7hnE+kM6EN8pgLjayZ1wh75Z/hzQe7VjZhfpcm5fOPfIgJyEi5H5G3U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714448448; c=relaxed/simple; bh=9e954+QHvj9tMJLgPijkcXorbpOlmEW65OfO9efU7rQ=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=OaW44+r9zZYAFkTZEjkPg6iZDix74laU4OIjc/crHmCx3veh5fuhzYCvSaVARYQmot8YSG+QP51/RzUBfnYLH54dOEykuNONnzwCcIB9KVUM4v5wZJxorFxqRwkIpIiErl0aCkKBbZuyBjyIOFPzSmWeEfGqHd3nBwy+gnL/ifI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=X+tdP6lP; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="X+tdP6lP" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 45B90C116B1; Tue, 30 Apr 2024 03:40:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1714448448; bh=9e954+QHvj9tMJLgPijkcXorbpOlmEW65OfO9efU7rQ=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=X+tdP6lPRnnmbvTdH1aH4Ux/F4rgULfc1ECK8u9tXVoodVgdCvJDI2quvYUX6+Y/b rWBqgaKMhJ+77rD6pRxA9VRBPCfoEuRFtAb2lZuPx4vAIoqzSkRtM2yta/ax42hfwI cYSHojn1011HUOQ5G3L/mdsdjg6vs5s+X8iRr8fFO/MftGAl3RnTQ0OrGEaijBSGDe xSFpu1gZzQnpwkxbccG0XKQE06I7Y1FxgN5yIv80DQSVj9TMEZE6am30LfiREYXaUC WYqf3b3KReCktFTZnVE5myUoYuHvK7a74U0ZW5ySFAPugc5gGc5LiPgdH/k0wS87B+ ynfQBVsa/Ex9Q== Date: Mon, 29 Apr 2024 20:40:47 -0700 Subject: [PATCH 38/38] mkfs.xfs: add verity parameter From: "Darrick J. Wong" To: aalbersh@redhat.com, ebiggers@kernel.org, cem@kernel.org, djwong@kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev Message-ID: <171444683691.960383.4793005629088454964.stgit@frogsfrogsfrogs> In-Reply-To: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> References: <171444683053.960383.12871831441554683674.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: fsverity@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Andrey Albershteyn fs-verity brings on-disk changes (inode flag). Add parameter to enable (default disabled) fs-verity flag in superblock. This will make newly create filesystem read-only for older kernels. Signed-off-by: Andrey Albershteyn Reviewed-by: Darrick J. Wong [djwong: make this an -i(node) option, edit manpage] Signed-off-by: Darrick J. Wong --- man/man8/mkfs.xfs.8.in | 6 ++++++ mkfs/lts_4.19.conf | 1 + mkfs/lts_5.10.conf | 1 + mkfs/lts_5.15.conf | 1 + mkfs/lts_5.4.conf | 1 + mkfs/lts_6.1.conf | 1 + mkfs/lts_6.6.conf | 1 + mkfs/xfs_mkfs.c | 25 ++++++++++++++++++++++++- 8 files changed, 36 insertions(+), 1 deletion(-) diff --git a/man/man8/mkfs.xfs.8.in b/man/man8/mkfs.xfs.8.in index 1db6765a805a..431cbcb8c7be 100644 --- a/man/man8/mkfs.xfs.8.in +++ b/man/man8/mkfs.xfs.8.in @@ -688,6 +688,12 @@ Online repair uses this functionality to rebuild extended attributes, directories, symbolic links, and realtime metadata files. This feature is disabled by default. This feature is only available for filesystems formatted with -m crc=1. +.TP +.BI verity[= value] +This flag activates verity support, which enables sealing of regular file data +with hashes and cryptographic signatures. +This feature is disabled by default. +This feature is only available for filesystems formatted with -m crc=1. .RE .PP .PD 0 diff --git a/mkfs/lts_4.19.conf b/mkfs/lts_4.19.conf index 700dd2dff977..2cd8999b207c 100644 --- a/mkfs/lts_4.19.conf +++ b/mkfs/lts_4.19.conf @@ -14,6 +14,7 @@ rmapbt=0 sparse=1 nrext64=0 exchange=0 +verity=0 [naming] parent=0 diff --git a/mkfs/lts_5.10.conf b/mkfs/lts_5.10.conf index a03cebfc41b9..765ffde89dca 100644 --- a/mkfs/lts_5.10.conf +++ b/mkfs/lts_5.10.conf @@ -14,6 +14,7 @@ rmapbt=0 sparse=1 nrext64=0 exchange=0 +verity=0 [naming] parent=0 diff --git a/mkfs/lts_5.15.conf b/mkfs/lts_5.15.conf index 0c93950f3119..76afb3cae691 100644 --- a/mkfs/lts_5.15.conf +++ b/mkfs/lts_5.15.conf @@ -14,6 +14,7 @@ rmapbt=0 sparse=1 nrext64=0 exchange=0 +verity=0 [naming] parent=0 diff --git a/mkfs/lts_5.4.conf b/mkfs/lts_5.4.conf index 059af4126223..f0f6526da72c 100644 --- a/mkfs/lts_5.4.conf +++ b/mkfs/lts_5.4.conf @@ -14,6 +14,7 @@ rmapbt=0 sparse=1 nrext64=0 exchange=0 +verity=0 [naming] parent=0 diff --git a/mkfs/lts_6.1.conf b/mkfs/lts_6.1.conf index 4d1409208669..7591699396ca 100644 --- a/mkfs/lts_6.1.conf +++ b/mkfs/lts_6.1.conf @@ -14,6 +14,7 @@ rmapbt=0 sparse=1 nrext64=0 exchange=0 +verity=0 [naming] parent=0 diff --git a/mkfs/lts_6.6.conf b/mkfs/lts_6.6.conf index 0420e8e4760b..e3f99d2aa4ee 100644 --- a/mkfs/lts_6.6.conf +++ b/mkfs/lts_6.6.conf @@ -14,6 +14,7 @@ rmapbt=1 sparse=1 nrext64=1 exchange=0 +verity=0 [naming] parent=0 diff --git a/mkfs/xfs_mkfs.c b/mkfs/xfs_mkfs.c index 7e30404646c2..f41d9749b4ba 100644 --- a/mkfs/xfs_mkfs.c +++ b/mkfs/xfs_mkfs.c @@ -92,6 +92,7 @@ enum { I_SPINODES, I_NREXT64, I_EXCHANGE, + I_VERITY, I_MAX_OPTS, }; @@ -477,6 +478,7 @@ static struct opt_params iopts = { [I_SPINODES] = "sparse", [I_NREXT64] = "nrext64", [I_EXCHANGE] = "exchange", + [I_VERITY] = "verity", [I_MAX_OPTS] = NULL, }, .subopt_params = { @@ -538,6 +540,12 @@ static struct opt_params iopts = { .maxval = 1, .defaultval = 1, }, + { .index = I_VERITY, + .conflicts = { { NULL, LAST_CONFLICT } }, + .minval = 0, + .maxval = 1, + .defaultval = 1, + }, }, }; @@ -946,6 +954,7 @@ struct sb_feat_args { bool nrext64; bool exchrange; /* XFS_SB_FEAT_INCOMPAT_EXCHRANGE */ bool rtgroups; /* XFS_SB_FEAT_INCOMPAT_RTGROUPS */ + bool verity; /* XFS_SB_FEAT_RO_COMPAT_VERITY */ }; struct cli_params { @@ -1087,7 +1096,7 @@ usage( void ) /* force overwrite */ [-f]\n\ /* inode size */ [-i perblock=n|size=num,maxpct=n,attr=0|1|2,\n\ projid32bit=0|1,sparse=0|1,nrext64=0|1,\n\ - exchange=0|1]\n\ + exchange=0|1,verity=0|1]\n\ /* no discard */ [-K]\n\ /* log subvol */ [-l agnum=n,internal,size=num,logdev=xxx,version=n\n\ sunit=value|su=num,sectsize=num,lazy-count=0|1,\n\ @@ -1789,6 +1798,9 @@ inode_opts_parser( case I_EXCHANGE: cli->sb_feat.exchrange = getnum(value, opts, subopt); break; + case I_VERITY: + cli->sb_feat.verity = getnum(value, opts, subopt); + break; default: return -EINVAL; } @@ -2470,6 +2482,14 @@ _("metadata directory not supported without CRC support\n")); usage(); } cli->sb_feat.metadir = false; + + if (cli->sb_feat.verity && + cli_opt_set(&iopts, I_VERITY)) { + fprintf(stderr, +_("verity not supported without CRC support\n")); + usage(); + } + cli->sb_feat.verity = false; } if (!cli->sb_feat.finobt) { @@ -3813,6 +3833,8 @@ sb_set_features( sbp->sb_features_ro_compat |= XFS_SB_FEAT_RO_COMPAT_REFLINK; if (fp->inobtcnt) sbp->sb_features_ro_compat |= XFS_SB_FEAT_RO_COMPAT_INOBTCNT; + if (fp->verity) + sbp->sb_features_ro_compat |= XFS_SB_FEAT_RO_COMPAT_VERITY; if (fp->bigtime) sbp->sb_features_incompat |= XFS_SB_FEAT_INCOMPAT_BIGTIME; if (fp->parent_pointers) { @@ -4766,6 +4788,7 @@ main( .nortalign = false, .bigtime = true, .nrext64 = true, + .verity = false, /* * When we decide to enable a new feature by default, * please remember to update the mkfs conf files.