From: Gao Xiang <hsiangkao@aol.com>
To: Eric Biggers <ebiggers@kernel.org>
Cc: Chuck Lever <chucklever@gmail.com>,
linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-integrity@vger.kernel.org, linux-fscrypt@vger.kernel.org,
linux-kernel@vger.kernel.org,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
Michael Halcrow <mhalcrow@google.com>,
Victor Hsieh <victorhsieh@google.com>
Subject: Re: Re: [RFC PATCH 02/10] fs-verity: add data verification hooks for ->readpages()
Date: Mon, 27 Aug 2018 01:44:50 +0800 [thread overview]
Message-ID: <a83219f8-44a2-7a40-319a-dc2f9d567cbe@aol.com> (raw)
In-Reply-To: <20180826170433.GA728@sol.localdomain>
Hi Eric,
On 2018/8/27 1:04, Eric Biggers wrote:
> Hi Chuck,
>
> On Sun, Aug 26, 2018 at 11:55:57AM -0400, Chuck Lever wrote:
>>> +
>>> +/**
>>> + * fsverity_verify_page - verify a data page
>>> + *
>>> + * Verify a page that has just been read from a file against that file's Merkle
>>> + * tree. The page is assumed to be a pagecache page.
>>> + *
>>> + * Return: true if the page is valid, else false.
>>> + */
>>> +bool fsverity_verify_page(struct page *data_page)
>>> +{
>>> + struct inode *inode = data_page->mapping->host;
>>> + const struct fsverity_info *vi = get_fsverity_info(inode);
>>> + struct ahash_request *req;
>>> + bool valid;
>>> +
>>> + req = ahash_request_alloc(vi->hash_alg->tfm, GFP_KERNEL);
Some minor suggestions occurred to me after I saw this part of code
again before sleeping...
1) How about introducing an iterator callback to avoid too many
ahash_request_alloc and ahash_request_free... (It seems too many pages
and could be some slower than fsverity_verify_bio...)
2) How about adding a gfp_t input argument since I don't know whether
GFP_KERNEL is suitable for all use cases...
It seems there could be more fsverity_verify_page users as well as
fsverity_verify_bio ;)
Sorry for interruption...
Thanks,
Gao Xiang
>>> + if (unlikely(!req))
>>> + return false;
>>> +
>>> + valid = verify_page(inode, vi, req, data_page);
>>> +
>>> + ahash_request_free(req);
>>> +
>>> + return valid;
>>> +}
>>> +EXPORT_SYMBOL_GPL(fsverity_verify_page);
>>> +
>>> +/**
>>> + * fsverity_verify_bio - verify a 'read' bio that has just completed
>>> + *
>>> + * Verify a set of pages that have just been read from a file against that
>>> + * file's Merkle tree. The pages are assumed to be pagecache pages. Pages that
>>> + * fail verification are set to the Error state. Verification is skipped for
>>> + * pages already in the Error state, e.g. due to fscrypt decryption failure.
>>> + */
>>> +void fsverity_verify_bio(struct bio *bio)
>>
>> Hi Eric-
>>
>> This kind of API won't work for remote filesystems, which do not use
>> "struct bio" to do their I/O. Could a remote filesystem solely use
>> fsverity_verify_page instead?
>>
>
> Yes, filesystems don't have to use fsverity_verify_bio(). They can call
> fsverity_verify_page() on each page instead. I will clarify this in the next
> revision of the patchset.
>
> - Eric
>
WARNING: multiple messages have this Message-ID (diff)
From: Gao Xiang via Linux-f2fs-devel <linux-f2fs-devel@lists.sourceforge.net>
To: Eric Biggers <ebiggers@kernel.org>
Cc: Chuck Lever <chucklever@gmail.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
Michael Halcrow <mhalcrow@google.com>,
linux-kernel@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-integrity@vger.kernel.org, linux-ext4@vger.kernel.org,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
Victor Hsieh <victorhsieh@google.com>
Subject: Re: [RFC PATCH 02/10] fs-verity: add data verification hooks for ->readpages()
Date: Mon, 27 Aug 2018 01:44:50 +0800 [thread overview]
Message-ID: <a83219f8-44a2-7a40-319a-dc2f9d567cbe@aol.com> (raw)
In-Reply-To: <20180826170433.GA728@sol.localdomain>
Hi Eric,
On 2018/8/27 1:04, Eric Biggers wrote:
> Hi Chuck,
>
> On Sun, Aug 26, 2018 at 11:55:57AM -0400, Chuck Lever wrote:
>>> +
>>> +/**
>>> + * fsverity_verify_page - verify a data page
>>> + *
>>> + * Verify a page that has just been read from a file against that file's Merkle
>>> + * tree. The page is assumed to be a pagecache page.
>>> + *
>>> + * Return: true if the page is valid, else false.
>>> + */
>>> +bool fsverity_verify_page(struct page *data_page)
>>> +{
>>> + struct inode *inode = data_page->mapping->host;
>>> + const struct fsverity_info *vi = get_fsverity_info(inode);
>>> + struct ahash_request *req;
>>> + bool valid;
>>> +
>>> + req = ahash_request_alloc(vi->hash_alg->tfm, GFP_KERNEL);
Some minor suggestions occurred to me after I saw this part of code
again before sleeping...
1) How about introducing an iterator callback to avoid too many
ahash_request_alloc and ahash_request_free... (It seems too many pages
and could be some slower than fsverity_verify_bio...)
2) How about adding a gfp_t input argument since I don't know whether
GFP_KERNEL is suitable for all use cases...
It seems there could be more fsverity_verify_page users as well as
fsverity_verify_bio ;)
Sorry for interruption...
Thanks,
Gao Xiang
>>> + if (unlikely(!req))
>>> + return false;
>>> +
>>> + valid = verify_page(inode, vi, req, data_page);
>>> +
>>> + ahash_request_free(req);
>>> +
>>> + return valid;
>>> +}
>>> +EXPORT_SYMBOL_GPL(fsverity_verify_page);
>>> +
>>> +/**
>>> + * fsverity_verify_bio - verify a 'read' bio that has just completed
>>> + *
>>> + * Verify a set of pages that have just been read from a file against that
>>> + * file's Merkle tree. The pages are assumed to be pagecache pages. Pages that
>>> + * fail verification are set to the Error state. Verification is skipped for
>>> + * pages already in the Error state, e.g. due to fscrypt decryption failure.
>>> + */
>>> +void fsverity_verify_bio(struct bio *bio)
>>
>> Hi Eric-
>>
>> This kind of API won't work for remote filesystems, which do not use
>> "struct bio" to do their I/O. Could a remote filesystem solely use
>> fsverity_verify_page instead?
>>
>
> Yes, filesystems don't have to use fsverity_verify_bio(). They can call
> fsverity_verify_page() on each page instead. I will clarify this in the next
> revision of the patchset.
>
> - Eric
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
next prev parent reply other threads:[~2018-08-26 17:44 UTC|newest]
Thread overview: 81+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-24 16:16 [RFC PATCH 00/10] fs-verity: filesystem-level integrity protection Eric Biggers
2018-08-24 16:16 ` [f2fs-dev] [RFC PATCH 01/10] fs-verity: add setup code, UAPI, and Kconfig Eric Biggers
2018-08-24 16:16 ` Eric Biggers
2018-08-24 17:28 ` Randy Dunlap
2018-08-24 17:28 ` Randy Dunlap
2018-08-24 17:42 ` Colin Walters
2018-08-24 22:45 ` Theodore Y. Ts'o
2018-08-25 4:48 ` Eric Biggers
2018-09-14 13:15 ` Colin Walters
2018-09-14 16:21 ` Eric Biggers
2018-09-15 15:27 ` Theodore Y. Ts'o
2018-08-26 16:22 ` Chuck Lever
2018-08-26 16:22 ` Chuck Lever
2018-08-26 17:17 ` Eric Biggers
2018-08-24 16:16 ` [f2fs-dev] [RFC PATCH 02/10] fs-verity: add data verification hooks for ->readpages() Eric Biggers
2018-08-24 16:16 ` Eric Biggers
2018-08-24 16:16 ` Eric Biggers
2018-08-25 2:29 ` [f2fs-dev] " Gao Xiang
2018-08-25 2:29 ` Gao Xiang
2018-08-25 2:29 ` Gao Xiang
2018-08-25 3:45 ` Theodore Y. Ts'o
2018-08-25 3:45 ` Theodore Y. Ts'o
2018-08-25 4:00 ` [f2fs-dev] " Gao Xiang
2018-08-25 4:00 ` Gao Xiang
2018-08-25 5:06 ` Theodore Y. Ts'o
2018-08-25 7:33 ` Gao Xiang
2018-08-25 7:33 ` Gao Xiang
2018-08-25 7:33 ` Gao Xiang
2018-08-25 7:33 ` [f2fs-dev] " Gao Xiang
2018-08-25 7:55 ` Gao Xiang
2018-08-25 7:55 ` Gao Xiang
2018-08-25 4:16 ` Eric Biggers
2018-08-25 4:16 ` Eric Biggers
2018-08-25 6:31 ` Gao Xiang
2018-08-25 6:31 ` Gao Xiang
2018-08-25 6:31 ` Gao Xiang
2018-08-25 7:18 ` Eric Biggers
2018-08-25 7:43 ` Gao Xiang
2018-08-25 7:43 ` Gao Xiang
2018-08-25 17:06 ` Theodore Y. Ts'o
2018-08-25 17:06 ` Theodore Y. Ts'o
2018-08-26 13:44 ` Gao Xiang
2018-09-02 2:35 ` Olof Johansson
2018-08-26 15:55 ` Chuck Lever
2018-08-26 17:04 ` Eric Biggers
2018-08-26 17:44 ` Gao Xiang [this message]
2018-08-26 17:44 ` Gao Xiang via Linux-f2fs-devel
2018-08-24 16:16 ` [RFC PATCH 03/10] fs-verity: implement FS_IOC_ENABLE_VERITY ioctl Eric Biggers
2018-08-24 16:16 ` Eric Biggers
2018-08-24 16:16 ` [RFC PATCH 04/10] fs-verity: implement FS_IOC_MEASURE_VERITY ioctl Eric Biggers
2018-08-24 16:16 ` [RFC PATCH 05/10] fs-verity: add SHA-512 support Eric Biggers
2018-08-24 16:16 ` [f2fs-dev] [RFC PATCH 06/10] fs-verity: add CRC-32C support Eric Biggers
2018-08-24 16:16 ` Eric Biggers
2018-08-24 16:16 ` Eric Biggers
2018-08-24 16:16 ` [f2fs-dev] [RFC PATCH 07/10] fs-verity: support builtin file signatures Eric Biggers
2018-08-24 16:16 ` Eric Biggers
2018-08-24 16:16 ` Eric Biggers
2018-08-24 16:16 ` [RFC PATCH 08/10] ext4: add basic fs-verity support Eric Biggers
2018-08-24 16:16 ` [f2fs-dev] [RFC PATCH 09/10] ext4: add fs-verity read support Eric Biggers
2018-08-24 16:16 ` Eric Biggers
2018-08-24 16:16 ` Eric Biggers
2018-08-24 16:16 ` [RFC PATCH 10/10] f2fs: fs-verity support Eric Biggers
2018-08-24 16:16 ` Eric Biggers
2018-08-25 5:54 ` [f2fs-dev] " Chao Yu
2018-08-25 5:54 ` Chao Yu
2018-08-25 5:54 ` Chao Yu
2018-08-26 17:35 ` Eric Biggers
2018-08-27 15:54 ` Chao Yu
2018-08-28 7:27 ` Jaegeuk Kim
2018-08-28 9:20 ` Chao Yu
2018-08-28 9:20 ` Chao Yu
2018-08-28 17:01 ` Jaegeuk Kim
2018-08-29 1:22 ` Chao Yu
2018-08-29 1:22 ` Chao Yu
2018-08-29 1:22 ` Chao Yu
2018-08-29 1:43 ` Jaegeuk Kim
2018-08-31 20:05 ` [RFC PATCH 00/10] fs-verity: filesystem-level integrity protection Jan Lübbe
2018-08-31 20:05 ` Jan Lübbe
2018-08-31 21:39 ` Eric Biggers
2018-08-31 21:39 ` Eric Biggers
2018-08-31 21:39 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a83219f8-44a2-7a40-319a-dc2f9d567cbe@aol.com \
--to=hsiangkao@aol.com \
--cc=chucklever@gmail.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=ebiggers@kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mhalcrow@google.com \
--cc=victorhsieh@google.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.