Re: [PATCHSET v5.3] fs-verity support for XFS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Mon, Mar 18, 2024 at 09:35:12AM -0700, Eric Biggers wrote:
> On Sun, Mar 17, 2024 at 09:22:52AM -0700, Darrick J. Wong wrote:
> > Hi all,
> > 
> > From Darrick J. Wong:
> > 
> > This v5.3 patchset builds upon v5.2 of Andrey's patchset to implement
> > fsverity for XFS.
> Is this ready for me to review, or is my feedback on v5 still being
> worked on?

It's still being worked on.  I figured it was time to push my work tree
back to Andrey so everyone could see the results of me attempting to
understand the fsverity patchset by working around in the codebase.

>From your perspective, I suspect the most interesting patches will be 5,
6, 7+10+14, 11-13, and 15-17.  For everyone on the XFS side, patches
27-39 are the most interesting since they change the caching strategy
and slim down the ondisk format.

> From a quick glance, not everything from my feedback has been
> addressed.

That's correct.  I cleaned up the mechanics of passing merkle trees
around, but I didn't address the comments about per-sb workqueues,
fsverity tracepoints, or whether or not iomap should allocate biosets.
Roughly, here's what I did in the generic code:

I fixed the FS_XFLAG_VERITY handling so that you can't clear it via

I also rewrote and augmented the "drop dead merkle tree" functions in
xfs_verity to clean out incomplete trees when ->end_enable tells us we
failed; and to clean out extra blocks in the ->begin_enable just in case
the file shrank since a failed attempt to enable fsverity.

As for online repair, the "fsverity: expose merkle tree geometry to
callers" enables the kernel to do some basic online checking that there
aren't excessive merkle tree blocks and that fsverity can read the
descriptor.  In my djwong-wtf tree, xfs_scrub gains the ability to read
the entire file into the pagecache (and hence validate the verity info)
via MADV_POPULATE READ, and now it has a patch to read the entire merkle
tree/descriptor/signature just to make sure those can actually be read.

Most of the things you gave feedback about in "fsverity: support
block-based Merkle tree caching" I think I cleaned up in "fsverity: fix
"support block-based Merkle tree caching"" and "fsverity: rely on cached
block callers to retain verified state".  I kept those separate so that
Andrey could see what I did, though they really ought to be merged into
the main support patch.

Note that I greatly expanded the usage of struct fsverity_blockbuf and
changed the verified flag handling so that the invalidation function was
no longer necessary.


> - Eric

[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux