From: Eric Biggers <ebiggers@kernel.org>
To: Boris Burkov <boris@bur.io>
Cc: linux-btrfs@vger.kernel.org, kernel-team@fb.com,
linux-fscrypt@vger.kernel.org
Subject: Re: [PATCH v2 2/5] btrfs: initial fsverity support
Date: Tue, 16 Mar 2021 11:44:34 -0700 [thread overview]
Message-ID: <YFD8kq1j5ZqN6Wgl@gmail.com> (raw)
In-Reply-To: <71249018efc661fdd3c43bda5d7cea271904ae1a.1614971203.git.boris@bur.io>
On Fri, Mar 05, 2021 at 11:26:30AM -0800, Boris Burkov wrote:
> +/*
> + * fsverity op that ends enabling verity.
> + * fsverity calls this when it's done with all of the pages in the file
> + * and all of the merkle items have been inserted. We write the
> + * descriptor and update the inode in the btree to reflect its new life
> + * as a verity file.
> + */
> +static int btrfs_end_enable_verity(struct file *filp, const void *desc,
> + size_t desc_size, u64 merkle_tree_size)
> +{
> + struct btrfs_trans_handle *trans;
> + struct inode *inode = file_inode(filp);
> + struct btrfs_root *root = BTRFS_I(inode)->root;
> + struct btrfs_verity_descriptor_item item;
> + int ret;
> +
> + if (desc != NULL) {
> + /* write out the descriptor item */
> + memset(&item, 0, sizeof(item));
> + btrfs_set_stack_verity_descriptor_size(&item, desc_size);
> + ret = write_key_bytes(BTRFS_I(inode),
> + BTRFS_VERITY_DESC_ITEM_KEY, 0,
> + (const char *)&item, sizeof(item));
> + if (ret)
> + goto out;
> + /* write out the descriptor itself */
> + ret = write_key_bytes(BTRFS_I(inode),
> + BTRFS_VERITY_DESC_ITEM_KEY, 1,
> + desc, desc_size);
> + if (ret)
> + goto out;
> +
> + /* update our inode flags to include fs verity */
> + trans = btrfs_start_transaction(root, 1);
> + if (IS_ERR(trans)) {
> + ret = PTR_ERR(trans);
> + goto out;
> + }
> + BTRFS_I(inode)->compat_flags |= BTRFS_INODE_VERITY;
> + btrfs_sync_inode_flags_to_i_flags(inode);
> + ret = btrfs_update_inode(trans, root, BTRFS_I(inode));
> + btrfs_end_transaction(trans);
> + }
> +
> +out:
> + if (desc == NULL || ret) {
> + /* If we failed, drop all the verity items */
> + drop_verity_items(BTRFS_I(inode), BTRFS_VERITY_DESC_ITEM_KEY);
> + drop_verity_items(BTRFS_I(inode), BTRFS_VERITY_MERKLE_ITEM_KEY);
> + } else
> + btrfs_set_fs_compat_ro(root->fs_info, VERITY);
> + clear_bit(BTRFS_INODE_VERITY_IN_PROGRESS, &BTRFS_I(inode)->runtime_flags);
> + return ret;
> +}
If enabling verity failed, I think you also need to call
truncate_inode_pages(inode->i_mapping, inode->i_size)
to remove the cached Merkle tree pages from the page cache. Otherwise they can
be exposed to userspace if the file is later extended. I recently fixed this
same problem for ext4 and f2fs:
https://lkml.kernel.org/linux-f2fs-devel/20210302200420.137977-1-ebiggers@kernel.org/T/#u
- Eric
next prev parent reply other threads:[~2021-03-16 18:45 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-05 19:26 [PATCH v2 0/5] btrfs: support fsverity Boris Burkov
2021-03-05 19:26 ` [PATCH v2 1/5] btrfs: add compat_flags to btrfs_inode_item Boris Burkov
2021-03-15 23:07 ` Eric Biggers
2021-03-15 23:29 ` Boris Burkov
2021-03-05 19:26 ` [PATCH v2 2/5] btrfs: initial fsverity support Boris Burkov
2021-03-07 7:13 ` kernel test robot
2021-03-15 23:17 ` Eric Biggers
2021-03-16 0:42 ` Boris Burkov
2021-03-16 0:57 ` Eric Biggers
2021-03-16 18:44 ` Eric Biggers [this message]
2021-03-05 19:26 ` [PATCH v2 3/5] btrfs: check verity for reads of inline extents and holes Boris Burkov
2021-03-05 19:26 ` [PATCH v2 4/5] btrfs: fallback to buffered io for verity files Boris Burkov
2021-03-05 19:26 ` [PATCH v2 5/5] btrfs: verity metadata orphan items Boris Burkov
2021-03-15 23:09 ` [PATCH v2 0/5] btrfs: support fsverity Eric Biggers
2021-03-15 23:47 ` Boris Burkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YFD8kq1j5ZqN6Wgl@gmail.com \
--to=ebiggers@kernel.org \
--cc=boris@bur.io \
--cc=kernel-team@fb.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).