Re: max fsverity descriptor size?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2 Dec 2020, at 13:12, Eric Biggers wrote:


+linux-fscrypt

On Wed, Dec 02, 2020 at 09:01:52AM -0500, Chris Mason wrote:

Hi Eric,
I’m working on fsverity support in btrfs and wanted to check on the max size of the descriptor. I can go up to any size, just wanted to make sure I had 
things correct in the disk format.

-chris
The implementations of fs-verity in ext4 and f2fs store the built-in signature (if there is one) appended to the 'struct fsverity_descriptor', and limit the 
total size of those two things combined to 16384 bytes.  See
FS_VERITY_MAX_DESCRIPTOR_SIZE in fs/verity/fsverity_private.h.
Note that there's nothing special about this particular number; it's just an implementation limit to prevent userspace doing weird things with megabytes 
"signatures".
If btrfs will be storing built-in signatures in the same way, it probably should use the same limit. Preferably it would be done in a way such that it's 
possible to increase the limit later if it's ever needed.



+Boris
Thanks Eric, the current btrfs code is just putting it in the btree, but I’ve got it setup so we won’t run into trouble if it spans multiple btree blocks.
Looks like the fs/verity/*.c are in charge of validating against the max size? I’m not finding specific checks in ext4. 

-chris
[Index of Archives]     [linux Cryptography]     [Asterisk App Development]     [PJ SIP]     [Gnu Gatekeeper]     [IETF Sipping]     [Info Cyrus]     [ALSA User]     [Fedora Linux Users]     [Linux SCTP]     [DCCP]     [Gimp]     [Yosemite News]     [Deep Creek Hot Springs]     [Yosemite Campsites]     [ISDN Cause Codes]

  Powered by Linux