From: Eric Biggers <ebiggers@kernel.org>
To: linux-fscrypt@vger.kernel.org
Cc: "Theodore Y . Ts'o" <tytso@mit.edu>,
linux-api@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-fsdevel@vger.kernel.org, Jaegeuk Kim <jaegeuk@kernel.org>,
linux-integrity@vger.kernel.org, linux-ext4@vger.kernel.org,
Victor Hsieh <victorhsieh@google.com>
Subject: [f2fs-dev] [PATCH v3 07/15] fs-verity: add the hook for file ->setattr()
Date: Thu, 23 May 2019 09:18:03 -0700 [thread overview]
Message-ID: <20190523161811.6259-8-ebiggers@kernel.org> (raw)
In-Reply-To: <20190523161811.6259-1-ebiggers@kernel.org>
From: Eric Biggers <ebiggers@google.com>
Add a function fsverity_prepare_setattr() which filesystems that support
fs-verity must call to deny truncates of verity files.
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
fs/verity/open.c | 21 +++++++++++++++++++++
include/linux/fsverity.h | 7 +++++++
2 files changed, 28 insertions(+)
diff --git a/fs/verity/open.c b/fs/verity/open.c
index e6d73d73b000d..f779a150b4ede 100644
--- a/fs/verity/open.c
+++ b/fs/verity/open.c
@@ -292,6 +292,27 @@ int fsverity_file_open(struct inode *inode, struct file *filp)
}
EXPORT_SYMBOL_GPL(fsverity_file_open);
+/**
+ * fsverity_prepare_setattr - prepare to change a verity inode's attributes
+ * @dentry: dentry through which the inode is being changed
+ * @attr: attributes to change
+ *
+ * Verity files are immutable, so deny truncates. This isn't covered by the
+ * open-time check because sys_truncate() takes a path, not a file descriptor.
+ *
+ * Return: 0 on success, -errno on failure
+ */
+int fsverity_prepare_setattr(struct dentry *dentry, struct iattr *attr)
+{
+ if (IS_VERITY(d_inode(dentry)) && (attr->ia_valid & ATTR_SIZE)) {
+ pr_debug("Denying truncate of verity file (ino %lu)\n",
+ d_inode(dentry)->i_ino);
+ return -EPERM;
+ }
+ return 0;
+}
+EXPORT_SYMBOL_GPL(fsverity_prepare_setattr);
+
/**
* fsverity_cleanup_inode - free the inode's verity info, if present
*
diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h
index 3b60195e3c51a..29bb4d007ad16 100644
--- a/include/linux/fsverity.h
+++ b/include/linux/fsverity.h
@@ -40,6 +40,7 @@ struct fsverity_operations {
/* open.c */
extern int fsverity_file_open(struct inode *inode, struct file *filp);
+extern int fsverity_prepare_setattr(struct dentry *dentry, struct iattr *attr);
extern void fsverity_cleanup_inode(struct inode *inode);
#else /* !CONFIG_FS_VERITY */
@@ -51,6 +52,12 @@ static inline int fsverity_file_open(struct inode *inode, struct file *filp)
return IS_VERITY(inode) ? -EOPNOTSUPP : 0;
}
+static inline int fsverity_prepare_setattr(struct dentry *dentry,
+ struct iattr *attr)
+{
+ return IS_VERITY(d_inode(dentry)) ? -EOPNOTSUPP : 0;
+}
+
static inline void fsverity_cleanup_inode(struct inode *inode)
{
}
--
2.21.0
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org>
To: linux-fscrypt@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-integrity@vger.kernel.org, linux-api@vger.kernel.org,
"Theodore Y . Ts'o" <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>,
Victor Hsieh <victorhsieh@google.com>
Subject: [PATCH v3 07/15] fs-verity: add the hook for file ->setattr()
Date: Thu, 23 May 2019 09:18:03 -0700 [thread overview]
Message-ID: <20190523161811.6259-8-ebiggers@kernel.org> (raw)
In-Reply-To: <20190523161811.6259-1-ebiggers@kernel.org>
From: Eric Biggers <ebiggers@google.com>
Add a function fsverity_prepare_setattr() which filesystems that support
fs-verity must call to deny truncates of verity files.
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
fs/verity/open.c | 21 +++++++++++++++++++++
include/linux/fsverity.h | 7 +++++++
2 files changed, 28 insertions(+)
diff --git a/fs/verity/open.c b/fs/verity/open.c
index e6d73d73b000d..f779a150b4ede 100644
--- a/fs/verity/open.c
+++ b/fs/verity/open.c
@@ -292,6 +292,27 @@ int fsverity_file_open(struct inode *inode, struct file *filp)
}
EXPORT_SYMBOL_GPL(fsverity_file_open);
+/**
+ * fsverity_prepare_setattr - prepare to change a verity inode's attributes
+ * @dentry: dentry through which the inode is being changed
+ * @attr: attributes to change
+ *
+ * Verity files are immutable, so deny truncates. This isn't covered by the
+ * open-time check because sys_truncate() takes a path, not a file descriptor.
+ *
+ * Return: 0 on success, -errno on failure
+ */
+int fsverity_prepare_setattr(struct dentry *dentry, struct iattr *attr)
+{
+ if (IS_VERITY(d_inode(dentry)) && (attr->ia_valid & ATTR_SIZE)) {
+ pr_debug("Denying truncate of verity file (ino %lu)\n",
+ d_inode(dentry)->i_ino);
+ return -EPERM;
+ }
+ return 0;
+}
+EXPORT_SYMBOL_GPL(fsverity_prepare_setattr);
+
/**
* fsverity_cleanup_inode - free the inode's verity info, if present
*
diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h
index 3b60195e3c51a..29bb4d007ad16 100644
--- a/include/linux/fsverity.h
+++ b/include/linux/fsverity.h
@@ -40,6 +40,7 @@ struct fsverity_operations {
/* open.c */
extern int fsverity_file_open(struct inode *inode, struct file *filp);
+extern int fsverity_prepare_setattr(struct dentry *dentry, struct iattr *attr);
extern void fsverity_cleanup_inode(struct inode *inode);
#else /* !CONFIG_FS_VERITY */
@@ -51,6 +52,12 @@ static inline int fsverity_file_open(struct inode *inode, struct file *filp)
return IS_VERITY(inode) ? -EOPNOTSUPP : 0;
}
+static inline int fsverity_prepare_setattr(struct dentry *dentry,
+ struct iattr *attr)
+{
+ return IS_VERITY(d_inode(dentry)) ? -EOPNOTSUPP : 0;
+}
+
static inline void fsverity_cleanup_inode(struct inode *inode)
{
}
--
2.21.0
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org>
To: linux-fscrypt@vger.kernel.org
Cc: "Theodore Y . Ts'o" <tytso@mit.edu>,
linux-api@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-fsdevel@vger.kernel.org, Jaegeuk Kim <jaegeuk@kernel.org>,
linux-integrity@vger.kernel.org, linux-ext4@vger.kernel.org,
Victor Hsieh <victorhsieh@google.com>
Subject: [PATCH v3 07/15] fs-verity: add the hook for file ->setattr()
Date: Thu, 23 May 2019 09:18:03 -0700 [thread overview]
Message-ID: <20190523161811.6259-8-ebiggers@kernel.org> (raw)
In-Reply-To: <20190523161811.6259-1-ebiggers@kernel.org>
From: Eric Biggers <ebiggers@google.com>
Add a function fsverity_prepare_setattr() which filesystems that support
fs-verity must call to deny truncates of verity files.
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
fs/verity/open.c | 21 +++++++++++++++++++++
include/linux/fsverity.h | 7 +++++++
2 files changed, 28 insertions(+)
diff --git a/fs/verity/open.c b/fs/verity/open.c
index e6d73d73b000d..f779a150b4ede 100644
--- a/fs/verity/open.c
+++ b/fs/verity/open.c
@@ -292,6 +292,27 @@ int fsverity_file_open(struct inode *inode, struct file *filp)
}
EXPORT_SYMBOL_GPL(fsverity_file_open);
+/**
+ * fsverity_prepare_setattr - prepare to change a verity inode's attributes
+ * @dentry: dentry through which the inode is being changed
+ * @attr: attributes to change
+ *
+ * Verity files are immutable, so deny truncates. This isn't covered by the
+ * open-time check because sys_truncate() takes a path, not a file descriptor.
+ *
+ * Return: 0 on success, -errno on failure
+ */
+int fsverity_prepare_setattr(struct dentry *dentry, struct iattr *attr)
+{
+ if (IS_VERITY(d_inode(dentry)) && (attr->ia_valid & ATTR_SIZE)) {
+ pr_debug("Denying truncate of verity file (ino %lu)\n",
+ d_inode(dentry)->i_ino);
+ return -EPERM;
+ }
+ return 0;
+}
+EXPORT_SYMBOL_GPL(fsverity_prepare_setattr);
+
/**
* fsverity_cleanup_inode - free the inode's verity info, if present
*
diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h
index 3b60195e3c51a..29bb4d007ad16 100644
--- a/include/linux/fsverity.h
+++ b/include/linux/fsverity.h
@@ -40,6 +40,7 @@ struct fsverity_operations {
/* open.c */
extern int fsverity_file_open(struct inode *inode, struct file *filp);
+extern int fsverity_prepare_setattr(struct dentry *dentry, struct iattr *attr);
extern void fsverity_cleanup_inode(struct inode *inode);
#else /* !CONFIG_FS_VERITY */
@@ -51,6 +52,12 @@ static inline int fsverity_file_open(struct inode *inode, struct file *filp)
return IS_VERITY(inode) ? -EOPNOTSUPP : 0;
}
+static inline int fsverity_prepare_setattr(struct dentry *dentry,
+ struct iattr *attr)
+{
+ return IS_VERITY(d_inode(dentry)) ? -EOPNOTSUPP : 0;
+}
+
static inline void fsverity_cleanup_inode(struct inode *inode)
{
}
--
2.21.0
next prev parent reply other threads:[~2019-05-23 16:18 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-23 16:17 [f2fs-dev] [PATCH v3 00/15] fs-verity: read-only file-based authenticity protection Eric Biggers
2019-05-23 16:17 ` Eric Biggers
2019-05-23 16:17 ` Eric Biggers
2019-05-23 16:17 ` [PATCH v3 01/15] fs-verity: add a documentation file Eric Biggers
2019-05-23 16:17 ` Eric Biggers
2019-05-23 16:17 ` [PATCH v3 02/15] fs-verity: add MAINTAINERS file entry Eric Biggers
2019-05-23 16:17 ` Eric Biggers
2019-05-23 16:17 ` [PATCH v3 03/15] fs-verity: add UAPI header Eric Biggers
2019-05-23 16:17 ` Eric Biggers
2019-05-23 16:18 ` [f2fs-dev] [PATCH v3 04/15] fs-verity: add Kconfig and the helper functions for hashing Eric Biggers
2019-05-23 16:18 ` Eric Biggers
2019-05-23 16:18 ` Eric Biggers
2019-05-23 16:18 ` [PATCH v3 05/15] fs-verity: add inode and superblock fields Eric Biggers
2019-05-23 16:18 ` Eric Biggers
2019-05-23 16:18 ` [PATCH v3 06/15] fs-verity: add the hook for file ->open() Eric Biggers
2019-05-23 16:18 ` Eric Biggers
2019-05-23 16:18 ` Eric Biggers [this message]
2019-05-23 16:18 ` [PATCH v3 07/15] fs-verity: add the hook for file ->setattr() Eric Biggers
2019-05-23 16:18 ` Eric Biggers
2019-05-23 16:18 ` [PATCH v3 08/15] fs-verity: add data verification hooks for ->readpages() Eric Biggers
2019-05-23 16:18 ` Eric Biggers
2019-05-23 16:18 ` [PATCH v3 09/15] fs-verity: implement FS_IOC_ENABLE_VERITY ioctl Eric Biggers
2019-05-23 16:18 ` Eric Biggers
2019-05-23 16:18 ` [PATCH v3 10/15] fs-verity: implement FS_IOC_MEASURE_VERITY ioctl Eric Biggers
2019-05-23 16:18 ` Eric Biggers
2019-05-23 16:18 ` [PATCH v3 11/15] fs-verity: add SHA-512 support Eric Biggers
2019-05-23 16:18 ` Eric Biggers
2019-05-23 16:18 ` [PATCH v3 12/15] fs-verity: support builtin file signatures Eric Biggers
2019-05-23 16:18 ` Eric Biggers
2019-05-23 16:18 ` [PATCH v3 13/15] ext4: add basic fs-verity support Eric Biggers
2019-05-23 16:18 ` Eric Biggers
2019-05-23 16:18 ` [PATCH v3 14/15] ext4: add fs-verity read support Eric Biggers
2019-05-23 16:18 ` Eric Biggers
2019-05-23 16:18 ` [PATCH v3 15/15] f2fs: add fs-verity support Eric Biggers
2019-05-23 16:18 ` Eric Biggers
2019-05-30 18:54 ` [PATCH v3 00/15] fs-verity: read-only file-based authenticity protection Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190523161811.6259-8-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=tytso@mit.edu \
--cc=victorhsieh@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.