linux-fscrypt.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Eric Biggers <ebiggers@kernel.org>
To: Boris Burkov <boris@bur.io>
Cc: linux-btrfs@vger.kernel.org, kernel-team@fb.com,
	linux-fscrypt@vger.kernel.org
Subject: Re: [PATCH v2 2/5] btrfs: initial fsverity support
Date: Tue, 16 Mar 2021 11:44:34 -0700	[thread overview]
Message-ID: <YFD8kq1j5ZqN6Wgl@gmail.com> (raw)
In-Reply-To: <71249018efc661fdd3c43bda5d7cea271904ae1a.1614971203.git.boris@bur.io>

On Fri, Mar 05, 2021 at 11:26:30AM -0800, Boris Burkov wrote:
> +/*
> + * fsverity op that ends enabling verity.
> + * fsverity calls this when it's done with all of the pages in the file
> + * and all of the merkle items have been inserted.  We write the
> + * descriptor and update the inode in the btree to reflect its new life
> + * as a verity file.
> + */
> +static int btrfs_end_enable_verity(struct file *filp, const void *desc,
> +				  size_t desc_size, u64 merkle_tree_size)
> +{
> +	struct btrfs_trans_handle *trans;
> +	struct inode *inode = file_inode(filp);
> +	struct btrfs_root *root = BTRFS_I(inode)->root;
> +	struct btrfs_verity_descriptor_item item;
> +	int ret;
> +
> +	if (desc != NULL) {
> +		/* write out the descriptor item */
> +		memset(&item, 0, sizeof(item));
> +		btrfs_set_stack_verity_descriptor_size(&item, desc_size);
> +		ret = write_key_bytes(BTRFS_I(inode),
> +				      BTRFS_VERITY_DESC_ITEM_KEY, 0,
> +				      (const char *)&item, sizeof(item));
> +		if (ret)
> +			goto out;
> +		/* write out the descriptor itself */
> +		ret = write_key_bytes(BTRFS_I(inode),
> +				      BTRFS_VERITY_DESC_ITEM_KEY, 1,
> +				      desc, desc_size);
> +		if (ret)
> +			goto out;
> +
> +		/* update our inode flags to include fs verity */
> +		trans = btrfs_start_transaction(root, 1);
> +		if (IS_ERR(trans)) {
> +			ret = PTR_ERR(trans);
> +			goto out;
> +		}
> +		BTRFS_I(inode)->compat_flags |= BTRFS_INODE_VERITY;
> +		btrfs_sync_inode_flags_to_i_flags(inode);
> +		ret = btrfs_update_inode(trans, root, BTRFS_I(inode));
> +		btrfs_end_transaction(trans);
> +	}
> +
> +out:
> +	if (desc == NULL || ret) {
> +		/* If we failed, drop all the verity items */
> +		drop_verity_items(BTRFS_I(inode), BTRFS_VERITY_DESC_ITEM_KEY);
> +		drop_verity_items(BTRFS_I(inode), BTRFS_VERITY_MERKLE_ITEM_KEY);
> +	} else
> +		btrfs_set_fs_compat_ro(root->fs_info, VERITY);
> +	clear_bit(BTRFS_INODE_VERITY_IN_PROGRESS, &BTRFS_I(inode)->runtime_flags);
> +	return ret;
> +}

If enabling verity failed, I think you also need to call
truncate_inode_pages(inode->i_mapping, inode->i_size)
to remove the cached Merkle tree pages from the page cache.  Otherwise they can
be exposed to userspace if the file is later extended.  I recently fixed this
same problem for ext4 and f2fs:
https://lkml.kernel.org/linux-f2fs-devel/20210302200420.137977-1-ebiggers@kernel.org/T/#u

- Eric

  parent reply	other threads:[~2021-03-16 18:45 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-05 19:26 [PATCH v2 0/5] btrfs: support fsverity Boris Burkov
2021-03-05 19:26 ` [PATCH v2 1/5] btrfs: add compat_flags to btrfs_inode_item Boris Burkov
2021-03-15 23:07   ` Eric Biggers
2021-03-15 23:29     ` Boris Burkov
2021-03-05 19:26 ` [PATCH v2 2/5] btrfs: initial fsverity support Boris Burkov
2021-03-07  7:13   ` kernel test robot
2021-03-15 23:17   ` Eric Biggers
2021-03-16  0:42     ` Boris Burkov
2021-03-16  0:57       ` Eric Biggers
2021-03-16 18:44   ` Eric Biggers [this message]
2021-03-05 19:26 ` [PATCH v2 3/5] btrfs: check verity for reads of inline extents and holes Boris Burkov
2021-03-05 19:26 ` [PATCH v2 4/5] btrfs: fallback to buffered io for verity files Boris Burkov
2021-03-05 19:26 ` [PATCH v2 5/5] btrfs: verity metadata orphan items Boris Burkov
2021-03-15 23:09 ` [PATCH v2 0/5] btrfs: support fsverity Eric Biggers
2021-03-15 23:47   ` Boris Burkov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YFD8kq1j5ZqN6Wgl@gmail.com \
    --to=ebiggers@kernel.org \
    --cc=boris@bur.io \
    --cc=kernel-team@fb.com \
    --cc=linux-btrfs@vger.kernel.org \
    --cc=linux-fscrypt@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).