From: Eric Biggers <ebiggers@kernel.org>
To: Chandan Rajendra <chandan@linux.vnet.ibm.com>
Cc: linux-fscrypt@vger.kernel.org, linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net, tytso@mit.edu
Subject: Re: [PATCH 7/7] fsverity: Remove filesystem specific build config option
Date: Mon, 26 Nov 2018 16:45:30 -0800 [thread overview]
Message-ID: <20181127004530.GF11663@gmail.com> (raw)
In-Reply-To: <20181119052324.31456-8-chandan@linux.vnet.ibm.com>
Hi Chandan,
On Mon, Nov 19, 2018 at 10:53:24AM +0530, Chandan Rajendra wrote:
> In order to have a common code base for fsverity "post read" processing
> for all filesystems which support per-file verity, this commit removes
> filesystem specific build config option (e.g. CONFIG_EXT4_FS_VERITY) and
> replaces it with a build option (i.e. CONFIG_FS_VERITY) whose value
> affects all the filesystems making use of fsverity.
>
> Signed-off-by: Chandan Rajendra <chandan@linux.vnet.ibm.com>
Like the corresponding fscrypt patch, this is missing changing
#if IS_ENABLED(CONFIG_FS_VERITY)
in include/linux/fs.h to
#ifdef CONFIG_FS_VERITY
There are also references to the filesystem-specific config options in
Documentation/filesystems/fsverity.rst that need to be updated.
I also suggest updating the Kconfig help text for CONFIG_FS_VERITY and
CONFIG_FS_ENCRYPTION to mention the supported filesystems, similar to how
CONFIG_QUOTA lists the filesystems it supports.
Thanks!
- Eric
> ---
> fs/ext4/Kconfig | 20 --------------------
> fs/ext4/ext4.h | 2 --
> fs/ext4/readpage.c | 4 ++--
> fs/ext4/super.c | 6 +++---
> fs/ext4/sysfs.c | 4 ++--
> fs/f2fs/Kconfig | 20 --------------------
> fs/f2fs/data.c | 2 +-
> fs/f2fs/f2fs.h | 2 --
> fs/f2fs/super.c | 6 +++---
> fs/f2fs/sysfs.c | 4 ++--
> fs/verity/Kconfig | 2 +-
> include/linux/fsverity.h | 3 +--
> 12 files changed, 15 insertions(+), 60 deletions(-)
>
> diff --git a/fs/ext4/Kconfig b/fs/ext4/Kconfig
> index e1002bbf35bf..031e5a82d556 100644
> --- a/fs/ext4/Kconfig
> +++ b/fs/ext4/Kconfig
> @@ -96,26 +96,6 @@ config EXT4_FS_SECURITY
> If you are not using a security module that requires using
> extended attributes for file security labels, say N.
>
> -config EXT4_FS_VERITY
> - bool "Ext4 Verity"
> - depends on EXT4_FS
> - select FS_VERITY
> - help
> - This option enables fs-verity for ext4. fs-verity is the
> - dm-verity mechanism implemented at the file level. Userspace
> - can append a Merkle tree (hash tree) to a file, then enable
> - fs-verity on the file. ext4 will then transparently verify
> - any data read from the file against the Merkle tree. The file
> - is also made read-only.
> -
> - This serves as an integrity check, but the availability of the
> - Merkle tree root hash also allows efficiently supporting
> - various use cases where normally the whole file would need to
> - be hashed at once, such as auditing and authenticity
> - verification (appraisal).
> -
> - If unsure, say N.
> -
> config EXT4_DEBUG
> bool "EXT4 debugging support"
> depends on EXT4_FS
> diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
> index 64bf9fb7ef18..bff8d639dd0c 100644
> --- a/fs/ext4/ext4.h
> +++ b/fs/ext4/ext4.h
> @@ -41,8 +41,6 @@
> #endif
>
> #include <linux/fscrypt.h>
> -
> -#define __FS_HAS_VERITY IS_ENABLED(CONFIG_EXT4_FS_VERITY)
> #include <linux/fsverity.h>
>
> #include <linux/compiler.h>
> diff --git a/fs/ext4/readpage.c b/fs/ext4/readpage.c
> index 2c037df629dd..8717ac0a5bb2 100644
> --- a/fs/ext4/readpage.c
> +++ b/fs/ext4/readpage.c
> @@ -158,7 +158,7 @@ static struct bio_post_read_ctx *get_bio_post_read_ctx(struct inode *inode,
>
> if (IS_ENCRYPTED(inode) && S_ISREG(inode->i_mode))
> post_read_steps |= 1 << STEP_DECRYPT;
> -#ifdef CONFIG_EXT4_FS_VERITY
> +#ifdef CONFIG_FS_VERITY
> if (inode->i_verity_info != NULL &&
> (index < ((i_size_read(inode) + PAGE_SIZE - 1) >> PAGE_SHIFT)))
> post_read_steps |= 1 << STEP_VERITY;
> @@ -205,7 +205,7 @@ static void mpage_end_io(struct bio *bio)
>
> static inline loff_t ext4_readpage_limit(struct inode *inode)
> {
> -#ifdef CONFIG_EXT4_FS_VERITY
> +#ifdef CONFIG_FS_VERITY
> if (IS_VERITY(inode)) {
> if (inode->i_verity_info)
> /* limit to end of metadata region */
> diff --git a/fs/ext4/super.c b/fs/ext4/super.c
> index 16fb483a6f4a..472338c7cd03 100644
> --- a/fs/ext4/super.c
> +++ b/fs/ext4/super.c
> @@ -1316,7 +1316,7 @@ static const struct fscrypt_operations ext4_cryptops = {
> };
> #endif
>
> -#ifdef CONFIG_EXT4_FS_VERITY
> +#ifdef CONFIG_FS_VERITY
> static int ext4_set_verity(struct inode *inode, loff_t data_i_size)
> {
> int err;
> @@ -1401,7 +1401,7 @@ static const struct fsverity_operations ext4_verityops = {
> .set_verity = ext4_set_verity,
> .get_metadata_end = ext4_get_metadata_end,
> };
> -#endif /* CONFIG_EXT4_FS_VERITY */
> +#endif /* CONFIG_FS_VERITY */
>
> #ifdef CONFIG_QUOTA
> static const char * const quotatypes[] = INITQFNAMES;
> @@ -4234,7 +4234,7 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
> #ifdef CONFIG_FS_ENCRYPTION
> sb->s_cop = &ext4_cryptops;
> #endif
> -#ifdef CONFIG_EXT4_FS_VERITY
> +#ifdef CONFIG_FS_VERITY
> sb->s_vop = &ext4_verityops;
> #endif
> #ifdef CONFIG_QUOTA
> diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c
> index 8bc915452a38..6fa0f47c3180 100644
> --- a/fs/ext4/sysfs.c
> +++ b/fs/ext4/sysfs.c
> @@ -227,7 +227,7 @@ EXT4_ATTR_FEATURE(meta_bg_resize);
> #ifdef CONFIG_FS_ENCRYPTION
> EXT4_ATTR_FEATURE(encryption);
> #endif
> -#ifdef CONFIG_EXT4_FS_VERITY
> +#ifdef CONFIG_FS_VERITY
> EXT4_ATTR_FEATURE(verity);
> #endif
> EXT4_ATTR_FEATURE(metadata_csum_seed);
> @@ -239,7 +239,7 @@ static struct attribute *ext4_feat_attrs[] = {
> #ifdef CONFIG_FS_ENCRYPTION
> ATTR_LIST(encryption),
> #endif
> -#ifdef CONFIG_EXT4_FS_VERITY
> +#ifdef CONFIG_FS_VERITY
> ATTR_LIST(verity),
> #endif
> ATTR_LIST(metadata_csum_seed),
> diff --git a/fs/f2fs/Kconfig b/fs/f2fs/Kconfig
> index ce60e480fec1..708e23816575 100644
> --- a/fs/f2fs/Kconfig
> +++ b/fs/f2fs/Kconfig
> @@ -70,26 +70,6 @@ config F2FS_CHECK_FS
>
> If you want to improve the performance, say N.
>
> -config F2FS_FS_VERITY
> - bool "F2FS Verity"
> - depends on F2FS_FS
> - select FS_VERITY
> - help
> - This option enables fs-verity for f2fs. fs-verity is the
> - dm-verity mechanism implemented at the file level. Userspace
> - can append a Merkle tree (hash tree) to a file, then enable
> - fs-verity on the file. f2fs will then transparently verify
> - any data read from the file against the Merkle tree. The file
> - is also made read-only.
> -
> - This serves as an integrity check, but the availability of the
> - Merkle tree root hash also allows efficiently supporting
> - various use cases where normally the whole file would need to
> - be hashed at once, such as auditing and authenticity
> - verification (appraisal).
> -
> - If unsure, say N.
> -
> config F2FS_IO_TRACE
> bool "F2FS IO tracer"
> depends on F2FS_FS
> diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c
> index 844ec573263e..83b59b985894 100644
> --- a/fs/f2fs/data.c
> +++ b/fs/f2fs/data.c
> @@ -610,7 +610,7 @@ static struct bio *f2fs_grab_read_bio(struct inode *inode, block_t blkaddr,
>
> if (f2fs_encrypted_file(inode))
> post_read_steps |= 1 << STEP_DECRYPT;
> -#ifdef CONFIG_F2FS_FS_VERITY
> +#ifdef CONFIG_FS_VERITY
> if (inode->i_verity_info != NULL &&
> (first_idx < ((i_size_read(inode) + PAGE_SIZE - 1) >> PAGE_SHIFT)))
> post_read_steps |= 1 << STEP_VERITY;
> diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
> index ea8a5ffc4f1f..dc999af932f2 100644
> --- a/fs/f2fs/f2fs.h
> +++ b/fs/f2fs/f2fs.h
> @@ -25,8 +25,6 @@
> #include <crypto/hash.h>
>
> #include <linux/fscrypt.h>
> -
> -#define __FS_HAS_VERITY IS_ENABLED(CONFIG_F2FS_FS_VERITY)
> #include <linux/fsverity.h>
>
> #ifdef CONFIG_F2FS_CHECK_FS
> diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
> index 4287cf348d3c..60d5338280fb 100644
> --- a/fs/f2fs/super.c
> +++ b/fs/f2fs/super.c
> @@ -2197,7 +2197,7 @@ static const struct fscrypt_operations f2fs_cryptops = {
> };
> #endif
>
> -#ifdef CONFIG_F2FS_FS_VERITY
> +#ifdef CONFIG_FS_VERITY
> static int f2fs_set_verity(struct inode *inode, loff_t data_i_size)
> {
> int err;
> @@ -2222,7 +2222,7 @@ static const struct fsverity_operations f2fs_verityops = {
> .set_verity = f2fs_set_verity,
> .get_metadata_end = f2fs_get_metadata_end,
> };
> -#endif /* CONFIG_F2FS_FS_VERITY */
> +#endif /* CONFIG_FS_VERITY */
>
> static struct inode *f2fs_nfs_get_inode(struct super_block *sb,
> u64 ino, u32 generation)
> @@ -3146,7 +3146,7 @@ static int f2fs_fill_super(struct super_block *sb, void *data, int silent)
> #ifdef CONFIG_FS_ENCRYPTION
> sb->s_cop = &f2fs_cryptops;
> #endif
> -#ifdef CONFIG_F2FS_FS_VERITY
> +#ifdef CONFIG_FS_VERITY
> sb->s_vop = &f2fs_verityops;
> #endif
> sb->s_xattr = f2fs_xattr_handlers;
> diff --git a/fs/f2fs/sysfs.c b/fs/f2fs/sysfs.c
> index 737677655bc0..949e6d87f4e3 100644
> --- a/fs/f2fs/sysfs.c
> +++ b/fs/f2fs/sysfs.c
> @@ -444,7 +444,7 @@ F2FS_FEATURE_RO_ATTR(flexible_inline_xattr, FEAT_FLEXIBLE_INLINE_XATTR);
> F2FS_FEATURE_RO_ATTR(quota_ino, FEAT_QUOTA_INO);
> F2FS_FEATURE_RO_ATTR(inode_crtime, FEAT_INODE_CRTIME);
> F2FS_FEATURE_RO_ATTR(lost_found, FEAT_LOST_FOUND);
> -#ifdef CONFIG_F2FS_FS_VERITY
> +#ifdef CONFIG_FS_VERITY
> F2FS_FEATURE_RO_ATTR(verity, FEAT_VERITY);
> #endif
> F2FS_FEATURE_RO_ATTR(sb_checksum, FEAT_SB_CHECKSUM);
> @@ -507,7 +507,7 @@ static struct attribute *f2fs_feat_attrs[] = {
> ATTR_LIST(quota_ino),
> ATTR_LIST(inode_crtime),
> ATTR_LIST(lost_found),
> -#ifdef CONFIG_F2FS_FS_VERITY
> +#ifdef CONFIG_FS_VERITY
> ATTR_LIST(verity),
> #endif
> ATTR_LIST(sb_checksum),
> diff --git a/fs/verity/Kconfig b/fs/verity/Kconfig
> index a7470a2e4892..b5a48a9ef0ca 100644
> --- a/fs/verity/Kconfig
> +++ b/fs/verity/Kconfig
> @@ -1,5 +1,5 @@
> config FS_VERITY
> - tristate "FS Verity (read-only file-based authenticity protection)"
> + bool "FS Verity (read-only file-based authenticity protection)"
> select CRYPTO
> # SHA-256 is selected as it's intended to be the default hash algorithm.
> # To avoid bloat, other wanted algorithms must be selected explicitly.
> diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h
> index c30c4f6ed411..f37132c640ee 100644
> --- a/include/linux/fsverity.h
> +++ b/include/linux/fsverity.h
> @@ -19,8 +19,7 @@ struct fsverity_operations {
> int (*get_metadata_end)(struct inode *inode, loff_t *metadata_end_ret);
> };
>
> -#if __FS_HAS_VERITY
> -
> +#ifdef CONFIG_FS_VERITY
> /* ioctl.c */
> extern int fsverity_ioctl_enable(struct file *filp, const void __user *arg);
> extern int fsverity_ioctl_measure(struct file *filp, void __user *arg);
> --
> 2.19.1
>
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org>
To: Chandan Rajendra <chandan@linux.vnet.ibm.com>
Cc: linux-fscrypt@vger.kernel.org, linux-ext4@vger.kernel.org,
tytso@mit.edu, linux-f2fs-devel@lists.sourceforge.net
Subject: Re: [PATCH 7/7] fsverity: Remove filesystem specific build config option
Date: Mon, 26 Nov 2018 16:45:30 -0800 [thread overview]
Message-ID: <20181127004530.GF11663@gmail.com> (raw)
In-Reply-To: <20181119052324.31456-8-chandan@linux.vnet.ibm.com>
Hi Chandan,
On Mon, Nov 19, 2018 at 10:53:24AM +0530, Chandan Rajendra wrote:
> In order to have a common code base for fsverity "post read" processing
> for all filesystems which support per-file verity, this commit removes
> filesystem specific build config option (e.g. CONFIG_EXT4_FS_VERITY) and
> replaces it with a build option (i.e. CONFIG_FS_VERITY) whose value
> affects all the filesystems making use of fsverity.
>
> Signed-off-by: Chandan Rajendra <chandan@linux.vnet.ibm.com>
Like the corresponding fscrypt patch, this is missing changing
#if IS_ENABLED(CONFIG_FS_VERITY)
in include/linux/fs.h to
#ifdef CONFIG_FS_VERITY
There are also references to the filesystem-specific config options in
Documentation/filesystems/fsverity.rst that need to be updated.
I also suggest updating the Kconfig help text for CONFIG_FS_VERITY and
CONFIG_FS_ENCRYPTION to mention the supported filesystems, similar to how
CONFIG_QUOTA lists the filesystems it supports.
Thanks!
- Eric
> ---
> fs/ext4/Kconfig | 20 --------------------
> fs/ext4/ext4.h | 2 --
> fs/ext4/readpage.c | 4 ++--
> fs/ext4/super.c | 6 +++---
> fs/ext4/sysfs.c | 4 ++--
> fs/f2fs/Kconfig | 20 --------------------
> fs/f2fs/data.c | 2 +-
> fs/f2fs/f2fs.h | 2 --
> fs/f2fs/super.c | 6 +++---
> fs/f2fs/sysfs.c | 4 ++--
> fs/verity/Kconfig | 2 +-
> include/linux/fsverity.h | 3 +--
> 12 files changed, 15 insertions(+), 60 deletions(-)
>
> diff --git a/fs/ext4/Kconfig b/fs/ext4/Kconfig
> index e1002bbf35bf..031e5a82d556 100644
> --- a/fs/ext4/Kconfig
> +++ b/fs/ext4/Kconfig
> @@ -96,26 +96,6 @@ config EXT4_FS_SECURITY
> If you are not using a security module that requires using
> extended attributes for file security labels, say N.
>
> -config EXT4_FS_VERITY
> - bool "Ext4 Verity"
> - depends on EXT4_FS
> - select FS_VERITY
> - help
> - This option enables fs-verity for ext4. fs-verity is the
> - dm-verity mechanism implemented at the file level. Userspace
> - can append a Merkle tree (hash tree) to a file, then enable
> - fs-verity on the file. ext4 will then transparently verify
> - any data read from the file against the Merkle tree. The file
> - is also made read-only.
> -
> - This serves as an integrity check, but the availability of the
> - Merkle tree root hash also allows efficiently supporting
> - various use cases where normally the whole file would need to
> - be hashed at once, such as auditing and authenticity
> - verification (appraisal).
> -
> - If unsure, say N.
> -
> config EXT4_DEBUG
> bool "EXT4 debugging support"
> depends on EXT4_FS
> diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
> index 64bf9fb7ef18..bff8d639dd0c 100644
> --- a/fs/ext4/ext4.h
> +++ b/fs/ext4/ext4.h
> @@ -41,8 +41,6 @@
> #endif
>
> #include <linux/fscrypt.h>
> -
> -#define __FS_HAS_VERITY IS_ENABLED(CONFIG_EXT4_FS_VERITY)
> #include <linux/fsverity.h>
>
> #include <linux/compiler.h>
> diff --git a/fs/ext4/readpage.c b/fs/ext4/readpage.c
> index 2c037df629dd..8717ac0a5bb2 100644
> --- a/fs/ext4/readpage.c
> +++ b/fs/ext4/readpage.c
> @@ -158,7 +158,7 @@ static struct bio_post_read_ctx *get_bio_post_read_ctx(struct inode *inode,
>
> if (IS_ENCRYPTED(inode) && S_ISREG(inode->i_mode))
> post_read_steps |= 1 << STEP_DECRYPT;
> -#ifdef CONFIG_EXT4_FS_VERITY
> +#ifdef CONFIG_FS_VERITY
> if (inode->i_verity_info != NULL &&
> (index < ((i_size_read(inode) + PAGE_SIZE - 1) >> PAGE_SHIFT)))
> post_read_steps |= 1 << STEP_VERITY;
> @@ -205,7 +205,7 @@ static void mpage_end_io(struct bio *bio)
>
> static inline loff_t ext4_readpage_limit(struct inode *inode)
> {
> -#ifdef CONFIG_EXT4_FS_VERITY
> +#ifdef CONFIG_FS_VERITY
> if (IS_VERITY(inode)) {
> if (inode->i_verity_info)
> /* limit to end of metadata region */
> diff --git a/fs/ext4/super.c b/fs/ext4/super.c
> index 16fb483a6f4a..472338c7cd03 100644
> --- a/fs/ext4/super.c
> +++ b/fs/ext4/super.c
> @@ -1316,7 +1316,7 @@ static const struct fscrypt_operations ext4_cryptops = {
> };
> #endif
>
> -#ifdef CONFIG_EXT4_FS_VERITY
> +#ifdef CONFIG_FS_VERITY
> static int ext4_set_verity(struct inode *inode, loff_t data_i_size)
> {
> int err;
> @@ -1401,7 +1401,7 @@ static const struct fsverity_operations ext4_verityops = {
> .set_verity = ext4_set_verity,
> .get_metadata_end = ext4_get_metadata_end,
> };
> -#endif /* CONFIG_EXT4_FS_VERITY */
> +#endif /* CONFIG_FS_VERITY */
>
> #ifdef CONFIG_QUOTA
> static const char * const quotatypes[] = INITQFNAMES;
> @@ -4234,7 +4234,7 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
> #ifdef CONFIG_FS_ENCRYPTION
> sb->s_cop = &ext4_cryptops;
> #endif
> -#ifdef CONFIG_EXT4_FS_VERITY
> +#ifdef CONFIG_FS_VERITY
> sb->s_vop = &ext4_verityops;
> #endif
> #ifdef CONFIG_QUOTA
> diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c
> index 8bc915452a38..6fa0f47c3180 100644
> --- a/fs/ext4/sysfs.c
> +++ b/fs/ext4/sysfs.c
> @@ -227,7 +227,7 @@ EXT4_ATTR_FEATURE(meta_bg_resize);
> #ifdef CONFIG_FS_ENCRYPTION
> EXT4_ATTR_FEATURE(encryption);
> #endif
> -#ifdef CONFIG_EXT4_FS_VERITY
> +#ifdef CONFIG_FS_VERITY
> EXT4_ATTR_FEATURE(verity);
> #endif
> EXT4_ATTR_FEATURE(metadata_csum_seed);
> @@ -239,7 +239,7 @@ static struct attribute *ext4_feat_attrs[] = {
> #ifdef CONFIG_FS_ENCRYPTION
> ATTR_LIST(encryption),
> #endif
> -#ifdef CONFIG_EXT4_FS_VERITY
> +#ifdef CONFIG_FS_VERITY
> ATTR_LIST(verity),
> #endif
> ATTR_LIST(metadata_csum_seed),
> diff --git a/fs/f2fs/Kconfig b/fs/f2fs/Kconfig
> index ce60e480fec1..708e23816575 100644
> --- a/fs/f2fs/Kconfig
> +++ b/fs/f2fs/Kconfig
> @@ -70,26 +70,6 @@ config F2FS_CHECK_FS
>
> If you want to improve the performance, say N.
>
> -config F2FS_FS_VERITY
> - bool "F2FS Verity"
> - depends on F2FS_FS
> - select FS_VERITY
> - help
> - This option enables fs-verity for f2fs. fs-verity is the
> - dm-verity mechanism implemented at the file level. Userspace
> - can append a Merkle tree (hash tree) to a file, then enable
> - fs-verity on the file. f2fs will then transparently verify
> - any data read from the file against the Merkle tree. The file
> - is also made read-only.
> -
> - This serves as an integrity check, but the availability of the
> - Merkle tree root hash also allows efficiently supporting
> - various use cases where normally the whole file would need to
> - be hashed at once, such as auditing and authenticity
> - verification (appraisal).
> -
> - If unsure, say N.
> -
> config F2FS_IO_TRACE
> bool "F2FS IO tracer"
> depends on F2FS_FS
> diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c
> index 844ec573263e..83b59b985894 100644
> --- a/fs/f2fs/data.c
> +++ b/fs/f2fs/data.c
> @@ -610,7 +610,7 @@ static struct bio *f2fs_grab_read_bio(struct inode *inode, block_t blkaddr,
>
> if (f2fs_encrypted_file(inode))
> post_read_steps |= 1 << STEP_DECRYPT;
> -#ifdef CONFIG_F2FS_FS_VERITY
> +#ifdef CONFIG_FS_VERITY
> if (inode->i_verity_info != NULL &&
> (first_idx < ((i_size_read(inode) + PAGE_SIZE - 1) >> PAGE_SHIFT)))
> post_read_steps |= 1 << STEP_VERITY;
> diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
> index ea8a5ffc4f1f..dc999af932f2 100644
> --- a/fs/f2fs/f2fs.h
> +++ b/fs/f2fs/f2fs.h
> @@ -25,8 +25,6 @@
> #include <crypto/hash.h>
>
> #include <linux/fscrypt.h>
> -
> -#define __FS_HAS_VERITY IS_ENABLED(CONFIG_F2FS_FS_VERITY)
> #include <linux/fsverity.h>
>
> #ifdef CONFIG_F2FS_CHECK_FS
> diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
> index 4287cf348d3c..60d5338280fb 100644
> --- a/fs/f2fs/super.c
> +++ b/fs/f2fs/super.c
> @@ -2197,7 +2197,7 @@ static const struct fscrypt_operations f2fs_cryptops = {
> };
> #endif
>
> -#ifdef CONFIG_F2FS_FS_VERITY
> +#ifdef CONFIG_FS_VERITY
> static int f2fs_set_verity(struct inode *inode, loff_t data_i_size)
> {
> int err;
> @@ -2222,7 +2222,7 @@ static const struct fsverity_operations f2fs_verityops = {
> .set_verity = f2fs_set_verity,
> .get_metadata_end = f2fs_get_metadata_end,
> };
> -#endif /* CONFIG_F2FS_FS_VERITY */
> +#endif /* CONFIG_FS_VERITY */
>
> static struct inode *f2fs_nfs_get_inode(struct super_block *sb,
> u64 ino, u32 generation)
> @@ -3146,7 +3146,7 @@ static int f2fs_fill_super(struct super_block *sb, void *data, int silent)
> #ifdef CONFIG_FS_ENCRYPTION
> sb->s_cop = &f2fs_cryptops;
> #endif
> -#ifdef CONFIG_F2FS_FS_VERITY
> +#ifdef CONFIG_FS_VERITY
> sb->s_vop = &f2fs_verityops;
> #endif
> sb->s_xattr = f2fs_xattr_handlers;
> diff --git a/fs/f2fs/sysfs.c b/fs/f2fs/sysfs.c
> index 737677655bc0..949e6d87f4e3 100644
> --- a/fs/f2fs/sysfs.c
> +++ b/fs/f2fs/sysfs.c
> @@ -444,7 +444,7 @@ F2FS_FEATURE_RO_ATTR(flexible_inline_xattr, FEAT_FLEXIBLE_INLINE_XATTR);
> F2FS_FEATURE_RO_ATTR(quota_ino, FEAT_QUOTA_INO);
> F2FS_FEATURE_RO_ATTR(inode_crtime, FEAT_INODE_CRTIME);
> F2FS_FEATURE_RO_ATTR(lost_found, FEAT_LOST_FOUND);
> -#ifdef CONFIG_F2FS_FS_VERITY
> +#ifdef CONFIG_FS_VERITY
> F2FS_FEATURE_RO_ATTR(verity, FEAT_VERITY);
> #endif
> F2FS_FEATURE_RO_ATTR(sb_checksum, FEAT_SB_CHECKSUM);
> @@ -507,7 +507,7 @@ static struct attribute *f2fs_feat_attrs[] = {
> ATTR_LIST(quota_ino),
> ATTR_LIST(inode_crtime),
> ATTR_LIST(lost_found),
> -#ifdef CONFIG_F2FS_FS_VERITY
> +#ifdef CONFIG_FS_VERITY
> ATTR_LIST(verity),
> #endif
> ATTR_LIST(sb_checksum),
> diff --git a/fs/verity/Kconfig b/fs/verity/Kconfig
> index a7470a2e4892..b5a48a9ef0ca 100644
> --- a/fs/verity/Kconfig
> +++ b/fs/verity/Kconfig
> @@ -1,5 +1,5 @@
> config FS_VERITY
> - tristate "FS Verity (read-only file-based authenticity protection)"
> + bool "FS Verity (read-only file-based authenticity protection)"
> select CRYPTO
> # SHA-256 is selected as it's intended to be the default hash algorithm.
> # To avoid bloat, other wanted algorithms must be selected explicitly.
> diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h
> index c30c4f6ed411..f37132c640ee 100644
> --- a/include/linux/fsverity.h
> +++ b/include/linux/fsverity.h
> @@ -19,8 +19,7 @@ struct fsverity_operations {
> int (*get_metadata_end)(struct inode *inode, loff_t *metadata_end_ret);
> };
>
> -#if __FS_HAS_VERITY
> -
> +#ifdef CONFIG_FS_VERITY
> /* ioctl.c */
> extern int fsverity_ioctl_enable(struct file *filp, const void __user *arg);
> extern int fsverity_ioctl_measure(struct file *filp, void __user *arg);
> --
> 2.19.1
>
next prev parent reply other threads:[~2018-11-27 0:45 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-19 5:23 [PATCH 0/7] Remove fs specific fscrypt and fsverity build config options Chandan Rajendra
2018-11-19 5:23 ` Chandan Rajendra
2018-11-19 5:23 ` [PATCH 1/7] ext4: use IS_ENCRYPTED() to check encryption status Chandan Rajendra
2018-11-19 5:23 ` Chandan Rajendra
2018-11-27 0:35 ` Eric Biggers
2018-11-27 0:35 ` Eric Biggers
2018-11-19 5:23 ` [PATCH 2/7] f2fs: " Chandan Rajendra
2018-11-19 5:23 ` Chandan Rajendra
2018-11-19 6:24 ` Chao Yu
2018-11-19 6:24 ` Chao Yu
2018-11-19 21:23 ` [f2fs-dev] " Jaegeuk Kim
2018-11-19 21:23 ` Jaegeuk Kim
2018-11-26 3:41 ` [f2fs-dev] " Theodore Y. Ts'o
2018-11-26 3:41 ` Theodore Y. Ts'o
2018-11-26 4:00 ` [f2fs-dev] " Theodore Y. Ts'o
2018-11-26 4:00 ` Theodore Y. Ts'o
2018-11-26 17:34 ` [f2fs-dev] " Theodore Y. Ts'o
2018-11-26 17:34 ` Theodore Y. Ts'o
2018-11-26 23:52 ` [f2fs-dev] " Jaegeuk Kim
2018-11-26 23:52 ` Jaegeuk Kim
2018-11-29 10:38 ` [f2fs-dev] " Chandan Rajendra
2018-11-29 10:38 ` Chandan Rajendra
2018-11-29 19:05 ` [f2fs-dev] " Eric Biggers
2018-11-29 19:05 ` Eric Biggers
2018-11-30 5:27 ` [f2fs-dev] " Chandan Rajendra
2018-11-30 5:27 ` Chandan Rajendra
2018-11-30 17:44 ` [f2fs-dev] " Eric Biggers
2018-11-30 17:44 ` Eric Biggers
2018-11-19 5:23 ` [PATCH 3/7] fscrypt: Remove filesystem specific build config option Chandan Rajendra
2018-11-19 5:23 ` Chandan Rajendra
2018-11-27 0:14 ` Eric Biggers
2018-11-27 0:14 ` Eric Biggers
2018-11-27 13:29 ` Chandan Rajendra
2018-11-27 13:29 ` Chandan Rajendra
2018-11-19 5:23 ` [PATCH 4/7] Add S_VERITY and IS_VERITY() Chandan Rajendra
2018-11-19 5:23 ` Chandan Rajendra
2018-11-27 0:08 ` Eric Biggers
2018-11-27 0:08 ` Eric Biggers
2018-11-27 13:30 ` Chandan Rajendra
2018-11-27 13:30 ` Chandan Rajendra
2018-11-19 5:23 ` [PATCH 5/7] ext4: use IS_VERITY() to check inode's fsverity status Chandan Rajendra
2018-11-19 5:23 ` Chandan Rajendra
2018-11-26 17:36 ` Theodore Y. Ts'o
2018-11-26 17:36 ` Theodore Y. Ts'o
2018-11-27 0:29 ` Eric Biggers
2018-11-27 0:29 ` Eric Biggers
2018-11-27 3:03 ` Chandan Rajendra
2018-11-27 3:03 ` Chandan Rajendra
2018-11-28 13:49 ` Chandan Rajendra
2018-11-28 13:49 ` Chandan Rajendra
2018-11-19 5:23 ` [PATCH 6/7] f2fs: " Chandan Rajendra
2018-11-19 5:23 ` Chandan Rajendra
2018-11-19 6:25 ` [f2fs-dev] " Chao Yu
2018-11-19 6:25 ` Chao Yu
2018-11-19 6:25 ` [f2fs-dev] " Chao Yu
2018-11-27 0:41 ` Eric Biggers
2018-11-27 0:41 ` Eric Biggers
2018-11-19 5:23 ` [PATCH 7/7] fsverity: Remove filesystem specific build config option Chandan Rajendra
2018-11-19 5:23 ` Chandan Rajendra
2018-11-27 0:45 ` Eric Biggers [this message]
2018-11-27 0:45 ` Eric Biggers
2018-11-27 13:31 ` Chandan Rajendra
2018-11-27 13:31 ` Chandan Rajendra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181127004530.GF11663@gmail.com \
--to=ebiggers@kernel.org \
--cc=chandan@linux.vnet.ibm.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.