[PATCH 1/1] fuse: Add initial support for fs-verity

Richard Fung <richardfung@xxxxxxxxxx> · Thu, 28 Mar 2024 20:58:22 +0000

This adds support for the FS_IOC_ENABLE_VERITY and FS_IOC_MEASURE_VERITY
ioctls. The FS_IOC_READ_VERITY_METADATA is missing but from the
documentation, "This is a fairly specialized use case, and most fs-verity
users won’t need this ioctl."

Signed-off-by: Richard Fung <richardfung@xxxxxxxxxx>
---
 fs/fuse/ioctl.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

diff --git a/fs/fuse/ioctl.c b/fs/fuse/ioctl.c
index 726640fa439e..a0e86c3de48f 100644
--- a/fs/fuse/ioctl.c
+++ b/fs/fuse/ioctl.c
@@ -8,6 +8,7 @@
 #include <linux/uio.h>
 #include <linux/compat.h>
 #include <linux/fileattr.h>
+#include <linux/fsverity.h>
 
 static ssize_t fuse_send_ioctl(struct fuse_mount *fm, struct fuse_args *args,
 			       struct fuse_ioctl_out *outarg)
@@ -227,6 +228,57 @@ long fuse_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg,
 			out_iov = iov;
 			out_iovs = 1;
 		}
+
+		/* For fs-verity, determine iov lengths from input */
+		switch (cmd) {
+		case FS_IOC_MEASURE_VERITY: {
+			__u16 digest_size;
+			struct fsverity_digest __user *uarg =
+		(struct fsverity_digest __user *)arg;
+
+			if (copy_from_user(&digest_size, &uarg->digest_size,
+						 sizeof(digest_size)))
+				return -EFAULT;
+
+			if (digest_size > SIZE_MAX - sizeof(struct fsverity_digest))
+				return -EINVAL;
+
+			iov->iov_len = sizeof(struct fsverity_digest) + digest_size;
+			break;
+		}
+		case FS_IOC_ENABLE_VERITY: {
+			struct fsverity_enable_arg enable;
+			struct fsverity_enable_arg __user *uarg =
+		(struct fsverity_enable_arg __user *)arg;
+			const __u32 max_buffer_len = FUSE_MAX_MAX_PAGES * PAGE_SIZE;
+
+			if (copy_from_user(&enable, uarg, sizeof(enable)))
+				return -EFAULT;
+
+			if (enable.salt_size > max_buffer_len ||
+		enable.sig_size > max_buffer_len)
+				return -ENOMEM;
+
+			if (enable.salt_size > 0) {
+				iov++;
+				in_iovs++;
+
+				iov->iov_base = u64_to_user_ptr(enable.salt_ptr);
+				iov->iov_len = enable.salt_size;
+			}
+
+			if (enable.sig_size > 0) {
+				iov++;
+				in_iovs++;
+
+				iov->iov_base = u64_to_user_ptr(enable.sig_ptr);
+				iov->iov_len = enable.sig_size;
+			}
+			break;
+		}
+		default:
+			break;
+		}
 	}
 
  retry:
-- 
2.44.0.478.gd926399ef9-goog









