From: Gao Xiang <hsiangkao@aol.com> To: Eric Biggers <ebiggers@kernel.org> Cc: Chuck Lever <chucklever@gmail.com>, linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-integrity@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-kernel@vger.kernel.org, Mimi Zohar <zohar@linux.vnet.ibm.com>, Dmitry Kasatkin <dmitry.kasatkin@gmail.com>, Michael Halcrow <mhalcrow@google.com>, Victor Hsieh <victorhsieh@google.com> Subject: Re: Re: [RFC PATCH 02/10] fs-verity: add data verification hooks for ->readpages() Date: Mon, 27 Aug 2018 01:44:50 +0800 [thread overview] Message-ID: <a83219f8-44a2-7a40-319a-dc2f9d567cbe@aol.com> (raw) In-Reply-To: <20180826170433.GA728@sol.localdomain> Hi Eric, On 2018/8/27 1:04, Eric Biggers wrote: > Hi Chuck, > > On Sun, Aug 26, 2018 at 11:55:57AM -0400, Chuck Lever wrote: >>> + >>> +/** >>> + * fsverity_verify_page - verify a data page >>> + * >>> + * Verify a page that has just been read from a file against that file's Merkle >>> + * tree. The page is assumed to be a pagecache page. >>> + * >>> + * Return: true if the page is valid, else false. >>> + */ >>> +bool fsverity_verify_page(struct page *data_page) >>> +{ >>> + struct inode *inode = data_page->mapping->host; >>> + const struct fsverity_info *vi = get_fsverity_info(inode); >>> + struct ahash_request *req; >>> + bool valid; >>> + >>> + req = ahash_request_alloc(vi->hash_alg->tfm, GFP_KERNEL); Some minor suggestions occurred to me after I saw this part of code again before sleeping... 1) How about introducing an iterator callback to avoid too many ahash_request_alloc and ahash_request_free... (It seems too many pages and could be some slower than fsverity_verify_bio...) 2) How about adding a gfp_t input argument since I don't know whether GFP_KERNEL is suitable for all use cases... It seems there could be more fsverity_verify_page users as well as fsverity_verify_bio ;) Sorry for interruption... Thanks, Gao Xiang >>> + if (unlikely(!req)) >>> + return false; >>> + >>> + valid = verify_page(inode, vi, req, data_page); >>> + >>> + ahash_request_free(req); >>> + >>> + return valid; >>> +} >>> +EXPORT_SYMBOL_GPL(fsverity_verify_page); >>> + >>> +/** >>> + * fsverity_verify_bio - verify a 'read' bio that has just completed >>> + * >>> + * Verify a set of pages that have just been read from a file against that >>> + * file's Merkle tree. The pages are assumed to be pagecache pages. Pages that >>> + * fail verification are set to the Error state. Verification is skipped for >>> + * pages already in the Error state, e.g. due to fscrypt decryption failure. >>> + */ >>> +void fsverity_verify_bio(struct bio *bio) >> >> Hi Eric- >> >> This kind of API won't work for remote filesystems, which do not use >> "struct bio" to do their I/O. Could a remote filesystem solely use >> fsverity_verify_page instead? >> > > Yes, filesystems don't have to use fsverity_verify_bio(). They can call > fsverity_verify_page() on each page instead. I will clarify this in the next > revision of the patchset. > > - Eric >
WARNING: multiple messages have this Message-ID (diff)
From: Gao Xiang via Linux-f2fs-devel <linux-f2fs-devel@lists.sourceforge.net> To: Eric Biggers <ebiggers@kernel.org> Cc: Chuck Lever <chucklever@gmail.com>, Dmitry Kasatkin <dmitry.kasatkin@gmail.com>, Michael Halcrow <mhalcrow@google.com>, linux-kernel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-ext4@vger.kernel.org, Mimi Zohar <zohar@linux.vnet.ibm.com>, Victor Hsieh <victorhsieh@google.com> Subject: Re: [RFC PATCH 02/10] fs-verity: add data verification hooks for ->readpages() Date: Mon, 27 Aug 2018 01:44:50 +0800 [thread overview] Message-ID: <a83219f8-44a2-7a40-319a-dc2f9d567cbe@aol.com> (raw) In-Reply-To: <20180826170433.GA728@sol.localdomain> Hi Eric, On 2018/8/27 1:04, Eric Biggers wrote: > Hi Chuck, > > On Sun, Aug 26, 2018 at 11:55:57AM -0400, Chuck Lever wrote: >>> + >>> +/** >>> + * fsverity_verify_page - verify a data page >>> + * >>> + * Verify a page that has just been read from a file against that file's Merkle >>> + * tree. The page is assumed to be a pagecache page. >>> + * >>> + * Return: true if the page is valid, else false. >>> + */ >>> +bool fsverity_verify_page(struct page *data_page) >>> +{ >>> + struct inode *inode = data_page->mapping->host; >>> + const struct fsverity_info *vi = get_fsverity_info(inode); >>> + struct ahash_request *req; >>> + bool valid; >>> + >>> + req = ahash_request_alloc(vi->hash_alg->tfm, GFP_KERNEL); Some minor suggestions occurred to me after I saw this part of code again before sleeping... 1) How about introducing an iterator callback to avoid too many ahash_request_alloc and ahash_request_free... (It seems too many pages and could be some slower than fsverity_verify_bio...) 2) How about adding a gfp_t input argument since I don't know whether GFP_KERNEL is suitable for all use cases... It seems there could be more fsverity_verify_page users as well as fsverity_verify_bio ;) Sorry for interruption... Thanks, Gao Xiang >>> + if (unlikely(!req)) >>> + return false; >>> + >>> + valid = verify_page(inode, vi, req, data_page); >>> + >>> + ahash_request_free(req); >>> + >>> + return valid; >>> +} >>> +EXPORT_SYMBOL_GPL(fsverity_verify_page); >>> + >>> +/** >>> + * fsverity_verify_bio - verify a 'read' bio that has just completed >>> + * >>> + * Verify a set of pages that have just been read from a file against that >>> + * file's Merkle tree. The pages are assumed to be pagecache pages. Pages that >>> + * fail verification are set to the Error state. Verification is skipped for >>> + * pages already in the Error state, e.g. due to fscrypt decryption failure. >>> + */ >>> +void fsverity_verify_bio(struct bio *bio) >> >> Hi Eric- >> >> This kind of API won't work for remote filesystems, which do not use >> "struct bio" to do their I/O. Could a remote filesystem solely use >> fsverity_verify_page instead? >> > > Yes, filesystems don't have to use fsverity_verify_bio(). They can call > fsverity_verify_page() on each page instead. I will clarify this in the next > revision of the patchset. > > - Eric > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
next prev parent reply other threads:[~2018-08-26 17:44 UTC|newest] Thread overview: 81+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-08-24 16:16 [RFC PATCH 00/10] fs-verity: filesystem-level integrity protection Eric Biggers 2018-08-24 16:16 ` [f2fs-dev] [RFC PATCH 01/10] fs-verity: add setup code, UAPI, and Kconfig Eric Biggers 2018-08-24 16:16 ` Eric Biggers 2018-08-24 17:28 ` Randy Dunlap 2018-08-24 17:28 ` Randy Dunlap 2018-08-24 17:42 ` Colin Walters 2018-08-24 22:45 ` Theodore Y. Ts'o 2018-08-25 4:48 ` Eric Biggers 2018-09-14 13:15 ` Colin Walters 2018-09-14 16:21 ` Eric Biggers 2018-09-15 15:27 ` Theodore Y. Ts'o 2018-08-26 16:22 ` Chuck Lever 2018-08-26 16:22 ` Chuck Lever 2018-08-26 17:17 ` Eric Biggers 2018-08-24 16:16 ` [f2fs-dev] [RFC PATCH 02/10] fs-verity: add data verification hooks for ->readpages() Eric Biggers 2018-08-24 16:16 ` Eric Biggers 2018-08-24 16:16 ` Eric Biggers 2018-08-25 2:29 ` [f2fs-dev] " Gao Xiang 2018-08-25 2:29 ` Gao Xiang 2018-08-25 2:29 ` Gao Xiang 2018-08-25 3:45 ` Theodore Y. Ts'o 2018-08-25 3:45 ` Theodore Y. Ts'o 2018-08-25 4:00 ` [f2fs-dev] " Gao Xiang 2018-08-25 4:00 ` Gao Xiang 2018-08-25 5:06 ` Theodore Y. Ts'o 2018-08-25 7:33 ` Gao Xiang 2018-08-25 7:33 ` Gao Xiang 2018-08-25 7:33 ` Gao Xiang 2018-08-25 7:33 ` [f2fs-dev] " Gao Xiang 2018-08-25 7:55 ` Gao Xiang 2018-08-25 7:55 ` Gao Xiang 2018-08-25 4:16 ` Eric Biggers 2018-08-25 4:16 ` Eric Biggers 2018-08-25 6:31 ` Gao Xiang 2018-08-25 6:31 ` Gao Xiang 2018-08-25 6:31 ` Gao Xiang 2018-08-25 7:18 ` Eric Biggers 2018-08-25 7:43 ` Gao Xiang 2018-08-25 7:43 ` Gao Xiang 2018-08-25 17:06 ` Theodore Y. Ts'o 2018-08-25 17:06 ` Theodore Y. Ts'o 2018-08-26 13:44 ` Gao Xiang 2018-09-02 2:35 ` Olof Johansson 2018-08-26 15:55 ` Chuck Lever 2018-08-26 17:04 ` Eric Biggers 2018-08-26 17:44 ` Gao Xiang [this message] 2018-08-26 17:44 ` Gao Xiang via Linux-f2fs-devel 2018-08-24 16:16 ` [RFC PATCH 03/10] fs-verity: implement FS_IOC_ENABLE_VERITY ioctl Eric Biggers 2018-08-24 16:16 ` Eric Biggers 2018-08-24 16:16 ` [RFC PATCH 04/10] fs-verity: implement FS_IOC_MEASURE_VERITY ioctl Eric Biggers 2018-08-24 16:16 ` [RFC PATCH 05/10] fs-verity: add SHA-512 support Eric Biggers 2018-08-24 16:16 ` [f2fs-dev] [RFC PATCH 06/10] fs-verity: add CRC-32C support Eric Biggers 2018-08-24 16:16 ` Eric Biggers 2018-08-24 16:16 ` Eric Biggers 2018-08-24 16:16 ` [f2fs-dev] [RFC PATCH 07/10] fs-verity: support builtin file signatures Eric Biggers 2018-08-24 16:16 ` Eric Biggers 2018-08-24 16:16 ` Eric Biggers 2018-08-24 16:16 ` [RFC PATCH 08/10] ext4: add basic fs-verity support Eric Biggers 2018-08-24 16:16 ` [f2fs-dev] [RFC PATCH 09/10] ext4: add fs-verity read support Eric Biggers 2018-08-24 16:16 ` Eric Biggers 2018-08-24 16:16 ` Eric Biggers 2018-08-24 16:16 ` [RFC PATCH 10/10] f2fs: fs-verity support Eric Biggers 2018-08-24 16:16 ` Eric Biggers 2018-08-25 5:54 ` [f2fs-dev] " Chao Yu 2018-08-25 5:54 ` Chao Yu 2018-08-25 5:54 ` Chao Yu 2018-08-26 17:35 ` Eric Biggers 2018-08-27 15:54 ` Chao Yu 2018-08-28 7:27 ` Jaegeuk Kim 2018-08-28 9:20 ` Chao Yu 2018-08-28 9:20 ` Chao Yu 2018-08-28 17:01 ` Jaegeuk Kim 2018-08-29 1:22 ` Chao Yu 2018-08-29 1:22 ` Chao Yu 2018-08-29 1:22 ` Chao Yu 2018-08-29 1:43 ` Jaegeuk Kim 2018-08-31 20:05 ` [RFC PATCH 00/10] fs-verity: filesystem-level integrity protection Jan Lübbe 2018-08-31 20:05 ` Jan Lübbe 2018-08-31 21:39 ` Eric Biggers 2018-08-31 21:39 ` Eric Biggers 2018-08-31 21:39 ` Eric Biggers
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=a83219f8-44a2-7a40-319a-dc2f9d567cbe@aol.com \ --to=hsiangkao@aol.com \ --cc=chucklever@gmail.com \ --cc=dmitry.kasatkin@gmail.com \ --cc=ebiggers@kernel.org \ --cc=linux-ext4@vger.kernel.org \ --cc=linux-f2fs-devel@lists.sourceforge.net \ --cc=linux-fscrypt@vger.kernel.org \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-integrity@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=mhalcrow@google.com \ --cc=victorhsieh@google.com \ --cc=zohar@linux.vnet.ibm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.