On Wed, Dec 02, 2020 at 01:33:54PM -0500, Chris Mason wrote: > > > On 2 Dec 2020, at 13:12, Eric Biggers wrote: > > > +linux-fscrypt > > > > On Wed, Dec 02, 2020 at 09:01:52AM -0500, Chris Mason wrote: > > > Hi Eric, > > > > > > I’m working on fsverity support in btrfs and wanted to check on the > > > max size > > > of the descriptor. I can go up to any size, just wanted to make > > > sure I had > > > things correct in the disk format. > > > > > > -chris > > > > The implementations of fs-verity in ext4 and f2fs store the built-in > > signature > > (if there is one) appended to the 'struct fsverity_descriptor', and > > limit the > > total size of those two things combined to 16384 bytes. See > > FS_VERITY_MAX_DESCRIPTOR_SIZE in fs/verity/fsverity_private.h. > > > > Note that there's nothing special about this particular number; it's > > just an > > implementation limit to prevent userspace doing weird things with > > megabytes > > "signatures". > > > > If btrfs will be storing built-in signatures in the same way, it > > probably should > > use the same limit. Preferably it would be done in a way such that it's > > possible to increase the limit later if it's ever needed. > > > > +Boris > > Thanks Eric, the current btrfs code is just putting it in the btree, but > I’ve got it setup so we won’t run into trouble if it spans multiple btree > blocks. > > Looks like the fs/verity/*.c are in charge of validating against the max > size? I’m not finding specific checks in ext4. Yes, that's the case currently. - Eric
|