Linux-ext4 Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH 0/4] statx: expose the fs-verity bit
@ 2019-10-29 20:41 Eric Biggers
  2019-10-29 20:41 ` [PATCH 1/4] statx: define STATX_ATTR_VERITY Eric Biggers
                   ` (5 more replies)
  0 siblings, 6 replies; 18+ messages in thread
From: Eric Biggers @ 2019-10-29 20:41 UTC (permalink / raw)
  To: linux-fscrypt
  Cc: linux-fsdevel, linux-ext4, linux-f2fs-devel, linux-api,
	David Howells, Theodore Ts'o, Jaegeuk Kim, Victor Hsieh

This patchset exposes the verity bit (a.k.a. FS_VERITY_FL) via statx().

This is useful because it allows applications to check whether a file is
a verity file without opening it.  Opening a verity file can be
expensive because the fsverity_info is set up on open, which involves
parsing metadata and optionally verifying a cryptographic signature.

This is analogous to how various other bits are exposed through both
FS_IOC_GETFLAGS and statx(), e.g. the encrypt bit.

This patchset applies to v5.4-rc5.

Eric Biggers (4):
  statx: define STATX_ATTR_VERITY
  ext4: support STATX_ATTR_VERITY
  f2fs: support STATX_ATTR_VERITY
  docs: fs-verity: mention statx() support

 Documentation/filesystems/fsverity.rst | 8 ++++++++
 fs/ext4/inode.c                        | 5 ++++-
 fs/f2fs/file.c                         | 5 ++++-
 include/linux/stat.h                   | 3 ++-
 include/uapi/linux/stat.h              | 2 +-
 5 files changed, 19 insertions(+), 4 deletions(-)

-- 
2.24.0.rc1.363.gb1bccd3e3d-goog


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH 1/4] statx: define STATX_ATTR_VERITY
  2019-10-29 20:41 [PATCH 0/4] statx: expose the fs-verity bit Eric Biggers
@ 2019-10-29 20:41 ` Eric Biggers
  2019-10-30 18:26   ` Andreas Dilger
  2019-11-07  1:44   ` Darrick J. Wong
  2019-10-29 20:41 ` [PATCH 2/4] ext4: support STATX_ATTR_VERITY Eric Biggers
                   ` (4 subsequent siblings)
  5 siblings, 2 replies; 18+ messages in thread
From: Eric Biggers @ 2019-10-29 20:41 UTC (permalink / raw)
  To: linux-fscrypt
  Cc: linux-fsdevel, linux-ext4, linux-f2fs-devel, linux-api,
	David Howells, Theodore Ts'o, Jaegeuk Kim, Victor Hsieh

From: Eric Biggers <ebiggers@google.com>

Add a statx attribute bit STATX_ATTR_VERITY which will be set if the
file has fs-verity enabled.  This is the statx() equivalent of
FS_VERITY_FL which is returned by FS_IOC_GETFLAGS.

This is useful because it allows applications to check whether a file is
a verity file without opening it.  Opening a verity file can be
expensive because the fsverity_info is set up on open, which involves
parsing metadata and optionally verifying a cryptographic signature.

This is analogous to how various other bits are exposed through both
FS_IOC_GETFLAGS and statx(), e.g. the encrypt bit.

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 include/linux/stat.h      | 3 ++-
 include/uapi/linux/stat.h | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/include/linux/stat.h b/include/linux/stat.h
index 765573dc17d659..528c4baad09146 100644
--- a/include/linux/stat.h
+++ b/include/linux/stat.h
@@ -33,7 +33,8 @@ struct kstat {
 	 STATX_ATTR_IMMUTABLE |				\
 	 STATX_ATTR_APPEND |				\
 	 STATX_ATTR_NODUMP |				\
-	 STATX_ATTR_ENCRYPTED				\
+	 STATX_ATTR_ENCRYPTED |				\
+	 STATX_ATTR_VERITY				\
 	 )/* Attrs corresponding to FS_*_FL flags */
 	u64		ino;
 	dev_t		dev;
diff --git a/include/uapi/linux/stat.h b/include/uapi/linux/stat.h
index 7b35e98d3c58b1..ad80a5c885d598 100644
--- a/include/uapi/linux/stat.h
+++ b/include/uapi/linux/stat.h
@@ -167,8 +167,8 @@ struct statx {
 #define STATX_ATTR_APPEND		0x00000020 /* [I] File is append-only */
 #define STATX_ATTR_NODUMP		0x00000040 /* [I] File is not to be dumped */
 #define STATX_ATTR_ENCRYPTED		0x00000800 /* [I] File requires key to decrypt in fs */
-
 #define STATX_ATTR_AUTOMOUNT		0x00001000 /* Dir: Automount trigger */
+#define STATX_ATTR_VERITY		0x00100000 /* [I] Verity protected file */
 
 
 #endif /* _UAPI_LINUX_STAT_H */
-- 
2.24.0.rc1.363.gb1bccd3e3d-goog


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH 2/4] ext4: support STATX_ATTR_VERITY
  2019-10-29 20:41 [PATCH 0/4] statx: expose the fs-verity bit Eric Biggers
  2019-10-29 20:41 ` [PATCH 1/4] statx: define STATX_ATTR_VERITY Eric Biggers
@ 2019-10-29 20:41 ` Eric Biggers
  2019-10-30 18:27   ` Andreas Dilger
  2019-10-29 20:41 ` [PATCH 3/4] f2fs: " Eric Biggers
                   ` (3 subsequent siblings)
  5 siblings, 1 reply; 18+ messages in thread
From: Eric Biggers @ 2019-10-29 20:41 UTC (permalink / raw)
  To: linux-fscrypt
  Cc: linux-fsdevel, linux-ext4, linux-f2fs-devel, linux-api,
	David Howells, Theodore Ts'o, Jaegeuk Kim, Victor Hsieh

From: Eric Biggers <ebiggers@google.com>

Set the STATX_ATTR_VERITY bit when the statx() system call is used on a
verity file on ext4.

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 fs/ext4/inode.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 516faa280ceda8..a7ca6517798008 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -5717,12 +5717,15 @@ int ext4_getattr(const struct path *path, struct kstat *stat,
 		stat->attributes |= STATX_ATTR_IMMUTABLE;
 	if (flags & EXT4_NODUMP_FL)
 		stat->attributes |= STATX_ATTR_NODUMP;
+	if (flags & EXT4_VERITY_FL)
+		stat->attributes |= STATX_ATTR_VERITY;
 
 	stat->attributes_mask |= (STATX_ATTR_APPEND |
 				  STATX_ATTR_COMPRESSED |
 				  STATX_ATTR_ENCRYPTED |
 				  STATX_ATTR_IMMUTABLE |
-				  STATX_ATTR_NODUMP);
+				  STATX_ATTR_NODUMP |
+				  STATX_ATTR_VERITY);
 
 	generic_fillattr(inode, stat);
 	return 0;
-- 
2.24.0.rc1.363.gb1bccd3e3d-goog


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH 3/4] f2fs: support STATX_ATTR_VERITY
  2019-10-29 20:41 [PATCH 0/4] statx: expose the fs-verity bit Eric Biggers
  2019-10-29 20:41 ` [PATCH 1/4] statx: define STATX_ATTR_VERITY Eric Biggers
  2019-10-29 20:41 ` [PATCH 2/4] ext4: support STATX_ATTR_VERITY Eric Biggers
@ 2019-10-29 20:41 ` " Eric Biggers
  2019-10-29 20:41 ` [PATCH 4/4] docs: fs-verity: mention statx() support Eric Biggers
                   ` (2 subsequent siblings)
  5 siblings, 0 replies; 18+ messages in thread
From: Eric Biggers @ 2019-10-29 20:41 UTC (permalink / raw)
  To: linux-fscrypt
  Cc: linux-fsdevel, linux-ext4, linux-f2fs-devel, linux-api,
	David Howells, Theodore Ts'o, Jaegeuk Kim, Victor Hsieh

From: Eric Biggers <ebiggers@google.com>

Set the STATX_ATTR_VERITY bit when the statx() system call is used on a
verity file on f2fs.

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 fs/f2fs/file.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
index 29bc0a542759a2..6a2e5b7d8fc74c 100644
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -726,11 +726,14 @@ int f2fs_getattr(const struct path *path, struct kstat *stat,
 		stat->attributes |= STATX_ATTR_IMMUTABLE;
 	if (flags & F2FS_NODUMP_FL)
 		stat->attributes |= STATX_ATTR_NODUMP;
+	if (IS_VERITY(inode))
+		stat->attributes |= STATX_ATTR_VERITY;
 
 	stat->attributes_mask |= (STATX_ATTR_APPEND |
 				  STATX_ATTR_ENCRYPTED |
 				  STATX_ATTR_IMMUTABLE |
-				  STATX_ATTR_NODUMP);
+				  STATX_ATTR_NODUMP |
+				  STATX_ATTR_VERITY);
 
 	generic_fillattr(inode, stat);
 
-- 
2.24.0.rc1.363.gb1bccd3e3d-goog


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH 4/4] docs: fs-verity: mention statx() support
  2019-10-29 20:41 [PATCH 0/4] statx: expose the fs-verity bit Eric Biggers
                   ` (2 preceding siblings ...)
  2019-10-29 20:41 ` [PATCH 3/4] f2fs: " Eric Biggers
@ 2019-10-29 20:41 ` Eric Biggers
  2019-11-06 21:57 ` [PATCH 0/4] statx: expose the fs-verity bit Eric Biggers
  2019-11-13 20:20 ` Eric Biggers
  5 siblings, 0 replies; 18+ messages in thread
From: Eric Biggers @ 2019-10-29 20:41 UTC (permalink / raw)
  To: linux-fscrypt
  Cc: linux-fsdevel, linux-ext4, linux-f2fs-devel, linux-api,
	David Howells, Theodore Ts'o, Jaegeuk Kim, Victor Hsieh

From: Eric Biggers <ebiggers@google.com>

Document that the statx() system call can now be used to check whether a
file is a verity file.

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 Documentation/filesystems/fsverity.rst | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/Documentation/filesystems/fsverity.rst b/Documentation/filesystems/fsverity.rst
index 42a0b6dd9e0b68..3355377a24398d 100644
--- a/Documentation/filesystems/fsverity.rst
+++ b/Documentation/filesystems/fsverity.rst
@@ -226,6 +226,14 @@ To do so, check for FS_VERITY_FL (0x00100000) in the returned flags.
 The verity flag is not settable via FS_IOC_SETFLAGS.  You must use
 FS_IOC_ENABLE_VERITY instead, since parameters must be provided.
 
+statx
+-----
+
+Since Linux v5.5, the statx() system call sets STATX_ATTR_VERITY if
+the file has fs-verity enabled.  This can perform better than
+FS_IOC_GETFLAGS and FS_IOC_MEASURE_VERITY because it doesn't require
+opening the file, and opening verity files can be expensive.
+
 Accessing verity files
 ======================
 
-- 
2.24.0.rc1.363.gb1bccd3e3d-goog


^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH 1/4] statx: define STATX_ATTR_VERITY
  2019-10-29 20:41 ` [PATCH 1/4] statx: define STATX_ATTR_VERITY Eric Biggers
@ 2019-10-30 18:26   ` Andreas Dilger
  2019-11-07  1:44   ` Darrick J. Wong
  1 sibling, 0 replies; 18+ messages in thread
From: Andreas Dilger @ 2019-10-30 18:26 UTC (permalink / raw)
  To: Eric Biggers
  Cc: linux-fscrypt, Linux FS-devel Mailing List, Ext4 Developers List,
	linux-f2fs-devel, linux-api, David Howells, Theodore Ts'o,
	Jaegeuk Kim, Victor Hsieh

[-- Attachment #1: Type: text/plain, Size: 2186 bytes --]

On Oct 29, 2019, at 2:41 PM, Eric Biggers <ebiggers@kernel.org> wrote:
> 
> From: Eric Biggers <ebiggers@google.com>
> 
> Add a statx attribute bit STATX_ATTR_VERITY which will be set if the
> file has fs-verity enabled.  This is the statx() equivalent of
> FS_VERITY_FL which is returned by FS_IOC_GETFLAGS.
> 
> This is useful because it allows applications to check whether a file is
> a verity file without opening it.  Opening a verity file can be
> expensive because the fsverity_info is set up on open, which involves
> parsing metadata and optionally verifying a cryptographic signature.
> 
> This is analogous to how various other bits are exposed through both
> FS_IOC_GETFLAGS and statx(), e.g. the encrypt bit.
> 
> Signed-off-by: Eric Biggers <ebiggers@google.com>

Reviewed-by: Andreas Dilger <adilger@dilger.ca>

> ---
> include/linux/stat.h      | 3 ++-
> include/uapi/linux/stat.h | 2 +-
> 2 files changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/include/linux/stat.h b/include/linux/stat.h
> index 765573dc17d659..528c4baad09146 100644
> --- a/include/linux/stat.h
> +++ b/include/linux/stat.h
> @@ -33,7 +33,8 @@ struct kstat {
> 	 STATX_ATTR_IMMUTABLE |				\
> 	 STATX_ATTR_APPEND |				\
> 	 STATX_ATTR_NODUMP |				\
> -	 STATX_ATTR_ENCRYPTED				\
> +	 STATX_ATTR_ENCRYPTED |				\
> +	 STATX_ATTR_VERITY				\
> 	 )/* Attrs corresponding to FS_*_FL flags */
> 	u64		ino;
> 	dev_t		dev;
> diff --git a/include/uapi/linux/stat.h b/include/uapi/linux/stat.h
> index 7b35e98d3c58b1..ad80a5c885d598 100644
> --- a/include/uapi/linux/stat.h
> +++ b/include/uapi/linux/stat.h
> @@ -167,8 +167,8 @@ struct statx {
> #define STATX_ATTR_APPEND		0x00000020 /* [I] File is append-only */
> #define STATX_ATTR_NODUMP		0x00000040 /* [I] File is not to be dumped */
> #define STATX_ATTR_ENCRYPTED		0x00000800 /* [I] File requires key to decrypt in fs */
> -
> #define STATX_ATTR_AUTOMOUNT		0x00001000 /* Dir: Automount trigger */
> +#define STATX_ATTR_VERITY		0x00100000 /* [I] Verity protected file */
> 
> 
> #endif /* _UAPI_LINUX_STAT_H */
> --
> 2.24.0.rc1.363.gb1bccd3e3d-goog
> 


Cheers, Andreas






[-- Attachment #2: Message signed with OpenPGP --]
[-- Type: application/pgp-signature, Size: 873 bytes --]

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH 2/4] ext4: support STATX_ATTR_VERITY
  2019-10-29 20:41 ` [PATCH 2/4] ext4: support STATX_ATTR_VERITY Eric Biggers
@ 2019-10-30 18:27   ` Andreas Dilger
  0 siblings, 0 replies; 18+ messages in thread
From: Andreas Dilger @ 2019-10-30 18:27 UTC (permalink / raw)
  To: Eric Biggers
  Cc: linux-fscrypt, Linux FS-devel Mailing List, Ext4 Developers List,
	linux-f2fs-devel, linux-api, David Howells, Theodore Ts'o,
	Jaegeuk Kim, Victor Hsieh

[-- Attachment #1: Type: text/plain, Size: 1236 bytes --]


> On Oct 29, 2019, at 2:41 PM, Eric Biggers <ebiggers@kernel.org> wrote:
> 
> From: Eric Biggers <ebiggers@google.com>
> 
> Set the STATX_ATTR_VERITY bit when the statx() system call is used on a
> verity file on ext4.
> 
> Signed-off-by: Eric Biggers <ebiggers@google.com>

Reviewed-by: Andreas Dilger <adilger@dilger.ca>


> ---
> fs/ext4/inode.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
> index 516faa280ceda8..a7ca6517798008 100644
> --- a/fs/ext4/inode.c
> +++ b/fs/ext4/inode.c
> @@ -5717,12 +5717,15 @@ int ext4_getattr(const struct path *path, struct kstat *stat,
> 		stat->attributes |= STATX_ATTR_IMMUTABLE;
> 	if (flags & EXT4_NODUMP_FL)
> 		stat->attributes |= STATX_ATTR_NODUMP;
> +	if (flags & EXT4_VERITY_FL)
> +		stat->attributes |= STATX_ATTR_VERITY;
> 
> 	stat->attributes_mask |= (STATX_ATTR_APPEND |
> 				  STATX_ATTR_COMPRESSED |
> 				  STATX_ATTR_ENCRYPTED |
> 				  STATX_ATTR_IMMUTABLE |
> -				  STATX_ATTR_NODUMP);
> +				  STATX_ATTR_NODUMP |
> +				  STATX_ATTR_VERITY);
> 
> 	generic_fillattr(inode, stat);
> 	return 0;
> --
> 2.24.0.rc1.363.gb1bccd3e3d-goog
> 


Cheers, Andreas






[-- Attachment #2: Message signed with OpenPGP --]
[-- Type: application/pgp-signature, Size: 873 bytes --]

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH 0/4] statx: expose the fs-verity bit
  2019-10-29 20:41 [PATCH 0/4] statx: expose the fs-verity bit Eric Biggers
                   ` (3 preceding siblings ...)
  2019-10-29 20:41 ` [PATCH 4/4] docs: fs-verity: mention statx() support Eric Biggers
@ 2019-11-06 21:57 ` Eric Biggers
  2019-11-13 20:20 ` Eric Biggers
  5 siblings, 0 replies; 18+ messages in thread
From: Eric Biggers @ 2019-11-06 21:57 UTC (permalink / raw)
  To: linux-fscrypt
  Cc: linux-fsdevel, linux-ext4, linux-f2fs-devel, linux-api,
	David Howells, Theodore Ts'o, Jaegeuk Kim, Victor Hsieh

On Tue, Oct 29, 2019 at 01:41:37PM -0700, Eric Biggers wrote:
> This patchset exposes the verity bit (a.k.a. FS_VERITY_FL) via statx().
> 
> This is useful because it allows applications to check whether a file is
> a verity file without opening it.  Opening a verity file can be
> expensive because the fsverity_info is set up on open, which involves
> parsing metadata and optionally verifying a cryptographic signature.
> 
> This is analogous to how various other bits are exposed through both
> FS_IOC_GETFLAGS and statx(), e.g. the encrypt bit.
> 
> This patchset applies to v5.4-rc5.
> 
> Eric Biggers (4):
>   statx: define STATX_ATTR_VERITY
>   ext4: support STATX_ATTR_VERITY
>   f2fs: support STATX_ATTR_VERITY
>   docs: fs-verity: mention statx() support
> 
>  Documentation/filesystems/fsverity.rst | 8 ++++++++
>  fs/ext4/inode.c                        | 5 ++++-
>  fs/f2fs/file.c                         | 5 ++++-
>  include/linux/stat.h                   | 3 ++-
>  include/uapi/linux/stat.h              | 2 +-
>  5 files changed, 19 insertions(+), 4 deletions(-)
> 

Any more comments on this?

- Eric

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH 1/4] statx: define STATX_ATTR_VERITY
  2019-10-29 20:41 ` [PATCH 1/4] statx: define STATX_ATTR_VERITY Eric Biggers
  2019-10-30 18:26   ` Andreas Dilger
@ 2019-11-07  1:44   ` Darrick J. Wong
  2019-11-07  2:05     ` Andreas Dilger
                       ` (2 more replies)
  1 sibling, 3 replies; 18+ messages in thread
From: Darrick J. Wong @ 2019-11-07  1:44 UTC (permalink / raw)
  To: Eric Biggers
  Cc: linux-fscrypt, linux-fsdevel, linux-ext4, linux-f2fs-devel,
	linux-api, David Howells, Theodore Ts'o, Jaegeuk Kim,
	Victor Hsieh

On Tue, Oct 29, 2019 at 01:41:38PM -0700, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
> 
> Add a statx attribute bit STATX_ATTR_VERITY which will be set if the
> file has fs-verity enabled.  This is the statx() equivalent of
> FS_VERITY_FL which is returned by FS_IOC_GETFLAGS.
> 
> This is useful because it allows applications to check whether a file is
> a verity file without opening it.  Opening a verity file can be
> expensive because the fsverity_info is set up on open, which involves
> parsing metadata and optionally verifying a cryptographic signature.
> 
> This is analogous to how various other bits are exposed through both
> FS_IOC_GETFLAGS and statx(), e.g. the encrypt bit.
> 
> Signed-off-by: Eric Biggers <ebiggers@google.com>
> ---
>  include/linux/stat.h      | 3 ++-
>  include/uapi/linux/stat.h | 2 +-
>  2 files changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/include/linux/stat.h b/include/linux/stat.h
> index 765573dc17d659..528c4baad09146 100644
> --- a/include/linux/stat.h
> +++ b/include/linux/stat.h
> @@ -33,7 +33,8 @@ struct kstat {
>  	 STATX_ATTR_IMMUTABLE |				\
>  	 STATX_ATTR_APPEND |				\
>  	 STATX_ATTR_NODUMP |				\
> -	 STATX_ATTR_ENCRYPTED				\
> +	 STATX_ATTR_ENCRYPTED |				\
> +	 STATX_ATTR_VERITY				\
>  	 )/* Attrs corresponding to FS_*_FL flags */
>  	u64		ino;
>  	dev_t		dev;
> diff --git a/include/uapi/linux/stat.h b/include/uapi/linux/stat.h
> index 7b35e98d3c58b1..ad80a5c885d598 100644
> --- a/include/uapi/linux/stat.h
> +++ b/include/uapi/linux/stat.h
> @@ -167,8 +167,8 @@ struct statx {
>  #define STATX_ATTR_APPEND		0x00000020 /* [I] File is append-only */
>  #define STATX_ATTR_NODUMP		0x00000040 /* [I] File is not to be dumped */
>  #define STATX_ATTR_ENCRYPTED		0x00000800 /* [I] File requires key to decrypt in fs */
> -
>  #define STATX_ATTR_AUTOMOUNT		0x00001000 /* Dir: Automount trigger */
> +#define STATX_ATTR_VERITY		0x00100000 /* [I] Verity protected file */

Any reason why this wasn't 0x2000?

If there's a manpage update that goes with this, then...
Acked-by: Darrick J. Wong <darrick.wong@oracle.com>

--D

>  
>  
>  #endif /* _UAPI_LINUX_STAT_H */
> -- 
> 2.24.0.rc1.363.gb1bccd3e3d-goog
> 

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH 1/4] statx: define STATX_ATTR_VERITY
  2019-11-07  1:44   ` Darrick J. Wong
@ 2019-11-07  2:05     ` Andreas Dilger
  2019-11-07 22:02     ` [man-pages RFC PATCH] statx.2: document STATX_ATTR_VERITY Eric Biggers
  2019-11-07 22:12     ` [PATCH 1/4] statx: define STATX_ATTR_VERITY Eric Biggers
  2 siblings, 0 replies; 18+ messages in thread
From: Andreas Dilger @ 2019-11-07  2:05 UTC (permalink / raw)
  To: Darrick J. Wong
  Cc: Eric Biggers, linux-fscrypt, Linux FS-devel Mailing List,
	linux-ext4, linux-f2fs-devel, Linux API, David Howells,
	Theodore Ts'o, Jaegeuk Kim, Victor Hsieh

[-- Attachment #1: Type: text/plain, Size: 2409 bytes --]

On Nov 6, 2019, at 6:44 PM, Darrick J. Wong <darrick.wong@oracle.com> wrote:
> 
> On Tue, Oct 29, 2019 at 01:41:38PM -0700, Eric Biggers wrote:
>> From: Eric Biggers <ebiggers@google.com>
>> 
>> Add a statx attribute bit STATX_ATTR_VERITY which will be set if the
>> file has fs-verity enabled.  This is the statx() equivalent of
>> FS_VERITY_FL which is returned by FS_IOC_GETFLAGS.
>> 
>> This is useful because it allows applications to check whether a file is
>> a verity file without opening it.  Opening a verity file can be
>> expensive because the fsverity_info is set up on open, which involves
>> parsing metadata and optionally verifying a cryptographic signature.
>> 
>> This is analogous to how various other bits are exposed through both
>> FS_IOC_GETFLAGS and statx(), e.g. the encrypt bit.
>> 
>> Signed-off-by: Eric Biggers <ebiggers@google.com>
>> ---
>> include/linux/stat.h      | 3 ++-
>> include/uapi/linux/stat.h | 2 +-
>> 2 files changed, 3 insertions(+), 2 deletions(-)
>> 
>> diff --git a/include/linux/stat.h b/include/linux/stat.h
>> index 765573dc17d659..528c4baad09146 100644
>> --- a/include/linux/stat.h
>> +++ b/include/linux/stat.h
>> @@ -33,7 +33,8 @@ struct kstat {
>> 	 STATX_ATTR_IMMUTABLE |				\
>> 	 STATX_ATTR_APPEND |				\
>> 	 STATX_ATTR_NODUMP |				\
>> -	 STATX_ATTR_ENCRYPTED				\
>> +	 STATX_ATTR_ENCRYPTED |				\
>> +	 STATX_ATTR_VERITY				\
>> 	 )/* Attrs corresponding to FS_*_FL flags */
>> 	u64		ino;
>> 	dev_t		dev;
>> diff --git a/include/uapi/linux/stat.h b/include/uapi/linux/stat.h
>> index 7b35e98d3c58b1..ad80a5c885d598 100644
>> --- a/include/uapi/linux/stat.h
>> +++ b/include/uapi/linux/stat.h
>> @@ -167,8 +167,8 @@ struct statx {
>> #define STATX_ATTR_APPEND		0x00000020 /* [I] File is append-only */
>> #define STATX_ATTR_NODUMP		0x00000040 /* [I] File is not to be dumped */
>> #define STATX_ATTR_ENCRYPTED		0x00000800 /* [I] File requires key to decrypt in fs */
>> -
>> #define STATX_ATTR_AUTOMOUNT		0x00001000 /* Dir: Automount trigger */
>> +#define STATX_ATTR_VERITY		0x00100000 /* [I] Verity protected file */
> 
> Any reason why this wasn't 0x2000?

A few lines earlier in this file it states:

 * Note that the flags marked [I] correspond to generic FS_IOC_FLAGS
 * semantically.  Where possible, the numerical value is picked to
 * correspond also.

Cheers, Andreas






[-- Attachment #2: Message signed with OpenPGP --]
[-- Type: application/pgp-signature, Size: 873 bytes --]

^ permalink raw reply	[flat|nested] 18+ messages in thread

* [man-pages RFC PATCH] statx.2: document STATX_ATTR_VERITY
  2019-11-07  1:44   ` Darrick J. Wong
  2019-11-07  2:05     ` Andreas Dilger
@ 2019-11-07 22:02     ` Eric Biggers
  2019-11-08  0:47       ` Darrick J. Wong
  2019-11-08  8:23       ` walter harms
  2019-11-07 22:12     ` [PATCH 1/4] statx: define STATX_ATTR_VERITY Eric Biggers
  2 siblings, 2 replies; 18+ messages in thread
From: Eric Biggers @ 2019-11-07 22:02 UTC (permalink / raw)
  To: linux-man
  Cc: darrick.wong, dhowells, jaegeuk, linux-api, linux-ext4,
	linux-f2fs-devel, linux-fscrypt, linux-fsdevel, tytso,
	victorhsieh

From: Eric Biggers <ebiggers@google.com>

Document the verity attribute for statx().

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 man2/statx.2 | 4 ++++
 1 file changed, 4 insertions(+)

RFC since the kernel patches are currently under review.
The kernel patches can be found here:
https://lkml.kernel.org/linux-fscrypt/20191029204141.145309-1-ebiggers@kernel.org/T/#u

diff --git a/man2/statx.2 b/man2/statx.2
index d2f1b07b8..713bd1260 100644
--- a/man2/statx.2
+++ b/man2/statx.2
@@ -461,6 +461,10 @@ See
 .TP
 .B STATX_ATTR_ENCRYPTED
 A key is required for the file to be encrypted by the filesystem.
+.TP
+.B STATX_ATTR_VERITY
+The file has fs-verity enabled.  It cannot be written to, and all reads from it
+will be verified against a Merkle tree.
 .SH RETURN VALUE
 On success, zero is returned.
 On error, \-1 is returned, and
-- 
2.24.0.rc1.363.gb1bccd3e3d-goog


^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH 1/4] statx: define STATX_ATTR_VERITY
  2019-11-07  1:44   ` Darrick J. Wong
  2019-11-07  2:05     ` Andreas Dilger
  2019-11-07 22:02     ` [man-pages RFC PATCH] statx.2: document STATX_ATTR_VERITY Eric Biggers
@ 2019-11-07 22:12     ` Eric Biggers
  2 siblings, 0 replies; 18+ messages in thread
From: Eric Biggers @ 2019-11-07 22:12 UTC (permalink / raw)
  To: Darrick J. Wong
  Cc: linux-fscrypt, linux-fsdevel, linux-ext4, linux-f2fs-devel,
	linux-api, David Howells, Theodore Ts'o, Jaegeuk Kim,
	Victor Hsieh

On Wed, Nov 06, 2019 at 05:44:20PM -0800, Darrick J. Wong wrote:
> On Tue, Oct 29, 2019 at 01:41:38PM -0700, Eric Biggers wrote:
> > From: Eric Biggers <ebiggers@google.com>
> > 
> > Add a statx attribute bit STATX_ATTR_VERITY which will be set if the
> > file has fs-verity enabled.  This is the statx() equivalent of
> > FS_VERITY_FL which is returned by FS_IOC_GETFLAGS.
> > 
> > This is useful because it allows applications to check whether a file is
> > a verity file without opening it.  Opening a verity file can be
> > expensive because the fsverity_info is set up on open, which involves
> > parsing metadata and optionally verifying a cryptographic signature.
> > 
> > This is analogous to how various other bits are exposed through both
> > FS_IOC_GETFLAGS and statx(), e.g. the encrypt bit.
> > 
> > Signed-off-by: Eric Biggers <ebiggers@google.com>
> > ---
> >  include/linux/stat.h      | 3 ++-
> >  include/uapi/linux/stat.h | 2 +-
> >  2 files changed, 3 insertions(+), 2 deletions(-)
> > 
> > diff --git a/include/linux/stat.h b/include/linux/stat.h
> > index 765573dc17d659..528c4baad09146 100644
> > --- a/include/linux/stat.h
> > +++ b/include/linux/stat.h
> > @@ -33,7 +33,8 @@ struct kstat {
> >  	 STATX_ATTR_IMMUTABLE |				\
> >  	 STATX_ATTR_APPEND |				\
> >  	 STATX_ATTR_NODUMP |				\
> > -	 STATX_ATTR_ENCRYPTED				\
> > +	 STATX_ATTR_ENCRYPTED |				\
> > +	 STATX_ATTR_VERITY				\
> >  	 )/* Attrs corresponding to FS_*_FL flags */
> >  	u64		ino;
> >  	dev_t		dev;
> > diff --git a/include/uapi/linux/stat.h b/include/uapi/linux/stat.h
> > index 7b35e98d3c58b1..ad80a5c885d598 100644
> > --- a/include/uapi/linux/stat.h
> > +++ b/include/uapi/linux/stat.h
> > @@ -167,8 +167,8 @@ struct statx {
> >  #define STATX_ATTR_APPEND		0x00000020 /* [I] File is append-only */
> >  #define STATX_ATTR_NODUMP		0x00000040 /* [I] File is not to be dumped */
> >  #define STATX_ATTR_ENCRYPTED		0x00000800 /* [I] File requires key to decrypt in fs */
> > -
> >  #define STATX_ATTR_AUTOMOUNT		0x00001000 /* Dir: Automount trigger */
> > +#define STATX_ATTR_VERITY		0x00100000 /* [I] Verity protected file */
> 
> Any reason why this wasn't 0x2000?

Yes, as Andreas pointed out, the value is chosen to match the corresponding
FS_IOC_GETFLAGS bit, like the other bits above marked [I].

> 
> If there's a manpage update that goes with this, then...
> Acked-by: Darrick J. Wong <darrick.wong@oracle.com>
> 

It's pretty trivial to add it to the statx(2) man page.
I've sent out a patch for comment:
https://lkml.kernel.org/linux-fscrypt/20191107220248.32025-1-ebiggers@kernel.org/

- Eric

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [man-pages RFC PATCH] statx.2: document STATX_ATTR_VERITY
  2019-11-07 22:02     ` [man-pages RFC PATCH] statx.2: document STATX_ATTR_VERITY Eric Biggers
@ 2019-11-08  0:47       ` Darrick J. Wong
  2019-11-08  8:23       ` walter harms
  1 sibling, 0 replies; 18+ messages in thread
From: Darrick J. Wong @ 2019-11-08  0:47 UTC (permalink / raw)
  To: Eric Biggers
  Cc: linux-man, dhowells, jaegeuk, linux-api, linux-ext4,
	linux-f2fs-devel, linux-fscrypt, linux-fsdevel, tytso,
	victorhsieh

On Thu, Nov 07, 2019 at 02:02:48PM -0800, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
> 
> Document the verity attribute for statx().
> 
> Signed-off-by: Eric Biggers <ebiggers@google.com>
> ---
>  man2/statx.2 | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> RFC since the kernel patches are currently under review.
> The kernel patches can be found here:
> https://lkml.kernel.org/linux-fscrypt/20191029204141.145309-1-ebiggers@kernel.org/T/#u
> 
> diff --git a/man2/statx.2 b/man2/statx.2
> index d2f1b07b8..713bd1260 100644
> --- a/man2/statx.2
> +++ b/man2/statx.2
> @@ -461,6 +461,10 @@ See
>  .TP
>  .B STATX_ATTR_ENCRYPTED
>  A key is required for the file to be encrypted by the filesystem.
> +.TP
> +.B STATX_ATTR_VERITY
> +The file has fs-verity enabled.  It cannot be written to, and all reads from it
> +will be verified against a Merkle tree.

mkerrisk might ask you to start the new sentence on a separate line, but
otherwise looks good to me. :)

--D

>  .SH RETURN VALUE
>  On success, zero is returned.
>  On error, \-1 is returned, and
> -- 
> 2.24.0.rc1.363.gb1bccd3e3d-goog
> 

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [man-pages RFC PATCH] statx.2: document STATX_ATTR_VERITY
  2019-11-07 22:02     ` [man-pages RFC PATCH] statx.2: document STATX_ATTR_VERITY Eric Biggers
  2019-11-08  0:47       ` Darrick J. Wong
@ 2019-11-08  8:23       ` walter harms
  2019-11-08 19:35         ` Eric Biggers
  1 sibling, 1 reply; 18+ messages in thread
From: walter harms @ 2019-11-08  8:23 UTC (permalink / raw)
  To: Eric Biggers
  Cc: linux-man, darrick.wong, dhowells, jaegeuk, linux-api,
	linux-ext4, linux-f2fs-devel, linux-fscrypt, linux-fsdevel,
	tytso, victorhsieh



Am 07.11.2019 23:02, schrieb Eric Biggers:
> From: Eric Biggers <ebiggers@google.com>
> 
> Document the verity attribute for statx().
> 
> Signed-off-by: Eric Biggers <ebiggers@google.com>
> ---
>  man2/statx.2 | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> RFC since the kernel patches are currently under review.
> The kernel patches can be found here:
> https://lkml.kernel.org/linux-fscrypt/20191029204141.145309-1-ebiggers@kernel.org/T/#u
> 
> diff --git a/man2/statx.2 b/man2/statx.2
> index d2f1b07b8..713bd1260 100644
> --- a/man2/statx.2
> +++ b/man2/statx.2
> @@ -461,6 +461,10 @@ See
>  .TP
>  .B STATX_ATTR_ENCRYPTED
>  A key is required for the file to be encrypted by the filesystem.
> +.TP
> +.B STATX_ATTR_VERITY
> +The file has fs-verity enabled.  It cannot be written to, and all reads from it
> +will be verified against a Merkle tree.

Using "Merkle tree" opens a can of worm and what will happen when the methode will change ?
Does it matter at all ? i would suggest "filesystem" here.

re,
 wh

>  .SH RETURN VALUE
>  On success, zero is returned.
>  On error, \-1 is returned, and

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [man-pages RFC PATCH] statx.2: document STATX_ATTR_VERITY
  2019-11-08  8:23       ` walter harms
@ 2019-11-08 19:35         ` Eric Biggers
  2019-11-09 19:34           ` walter harms
  0 siblings, 1 reply; 18+ messages in thread
From: Eric Biggers @ 2019-11-08 19:35 UTC (permalink / raw)
  To: walter harms
  Cc: linux-man, darrick.wong, dhowells, jaegeuk, linux-api,
	linux-ext4, linux-f2fs-devel, linux-fscrypt, linux-fsdevel,
	tytso, victorhsieh

On Fri, Nov 08, 2019 at 09:23:04AM +0100, walter harms wrote:
> 
> 
> Am 07.11.2019 23:02, schrieb Eric Biggers:
> > From: Eric Biggers <ebiggers@google.com>
> > 
> > Document the verity attribute for statx().
> > 
> > Signed-off-by: Eric Biggers <ebiggers@google.com>
> > ---
> >  man2/statx.2 | 4 ++++
> >  1 file changed, 4 insertions(+)
> > 
> > RFC since the kernel patches are currently under review.
> > The kernel patches can be found here:
> > https://lkml.kernel.org/linux-fscrypt/20191029204141.145309-1-ebiggers@kernel.org/T/#u
> > 
> > diff --git a/man2/statx.2 b/man2/statx.2
> > index d2f1b07b8..713bd1260 100644
> > --- a/man2/statx.2
> > +++ b/man2/statx.2
> > @@ -461,6 +461,10 @@ See
> >  .TP
> >  .B STATX_ATTR_ENCRYPTED
> >  A key is required for the file to be encrypted by the filesystem.
> > +.TP
> > +.B STATX_ATTR_VERITY
> > +The file has fs-verity enabled.  It cannot be written to, and all reads from it
> > +will be verified against a Merkle tree.
> 
> Using "Merkle tree" opens a can of worm and what will happen when the methode will change ?
> Does it matter at all ? i would suggest "filesystem" here.
> 

Fundamentally, fs-verity guarantees that all data read is verified against a
cryptographic hash that covers the entire file.  I think it will be helpful to
convey that here, e.g. to avoid confusion with non-cryptographic, individual
block checksums supported by filesystems like btrfs and zfs.

Now, the only sane way to implement this model is with a Merkle tree, and this
is part of the fs-verity UAPI (via the file hash), so that's where I'm coming
from here.  Perhaps the phrase "Merkle tree" could be interpreted too strictly,
though, so it would be better to emphasize the more abstract model.  How about
the following?:

	The file has fs-verity enabled.  It cannot be written to, and all reads
	from it will be verified against a cryptographic hash that covers the
	entire file, e.g. via a Merkle tree.

- Eric

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [man-pages RFC PATCH] statx.2: document STATX_ATTR_VERITY
  2019-11-08 19:35         ` Eric Biggers
@ 2019-11-09 19:34           ` walter harms
  2019-11-13 20:31             ` Eric Biggers
  0 siblings, 1 reply; 18+ messages in thread
From: walter harms @ 2019-11-09 19:34 UTC (permalink / raw)
  To: linux-man, darrick.wong, dhowells, jaegeuk, linux-api,
	linux-ext4, linux-f2fs-devel, linux-fscrypt, linux-fsdevel,
	tytso, victorhsieh



Am 08.11.2019 20:35, schrieb Eric Biggers:
> On Fri, Nov 08, 2019 at 09:23:04AM +0100, walter harms wrote:
>>
>>
>> Am 07.11.2019 23:02, schrieb Eric Biggers:
>>> From: Eric Biggers <ebiggers@google.com>
>>>
>>> Document the verity attribute for statx().
>>>
>>> Signed-off-by: Eric Biggers <ebiggers@google.com>
>>> ---
>>>  man2/statx.2 | 4 ++++
>>>  1 file changed, 4 insertions(+)
>>>
>>> RFC since the kernel patches are currently under review.
>>> The kernel patches can be found here:
>>> https://lkml.kernel.org/linux-fscrypt/20191029204141.145309-1-ebiggers@kernel.org/T/#u
>>>
>>> diff --git a/man2/statx.2 b/man2/statx.2
>>> index d2f1b07b8..713bd1260 100644
>>> --- a/man2/statx.2
>>> +++ b/man2/statx.2
>>> @@ -461,6 +461,10 @@ See
>>>  .TP
>>>  .B STATX_ATTR_ENCRYPTED
>>>  A key is required for the file to be encrypted by the filesystem.
>>> +.TP
>>> +.B STATX_ATTR_VERITY
>>> +The file has fs-verity enabled.  It cannot be written to, and all reads from it
>>> +will be verified against a Merkle tree.
>>
>> Using "Merkle tree" opens a can of worm and what will happen when the methode will change ?
>> Does it matter at all ? i would suggest "filesystem" here.
>>
> 
> Fundamentally, fs-verity guarantees that all data read is verified against a
> cryptographic hash that covers the entire file.  I think it will be helpful to
> convey that here, e.g. to avoid confusion with non-cryptographic, individual
> block checksums supported by filesystems like btrfs and zfs.
> 
> Now, the only sane way to implement this model is with a Merkle tree, and this
> is part of the fs-verity UAPI (via the file hash), so that's where I'm coming
> from here.  Perhaps the phrase "Merkle tree" could be interpreted too strictly,
> though, so it would be better to emphasize the more abstract model.  How about
> the following?:
> 
> 	The file has fs-verity enabled.  It cannot be written to, and all reads
> 	from it will be verified against a cryptographic hash that covers the
> 	entire file, e.g. via a Merkle tree.
> 

"feels" better,. but from a programmers perspective it is important at what level
this is actually done. To see my point look at the line before.
"encrypted by the filesystem" mean i have to read the documentation of the fs first
so if encryption is supported at all. Or do i think to complicated ?

jm2c,
re
 wh


^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH 0/4] statx: expose the fs-verity bit
  2019-10-29 20:41 [PATCH 0/4] statx: expose the fs-verity bit Eric Biggers
                   ` (4 preceding siblings ...)
  2019-11-06 21:57 ` [PATCH 0/4] statx: expose the fs-verity bit Eric Biggers
@ 2019-11-13 20:20 ` Eric Biggers
  5 siblings, 0 replies; 18+ messages in thread
From: Eric Biggers @ 2019-11-13 20:20 UTC (permalink / raw)
  To: linux-fscrypt
  Cc: linux-fsdevel, linux-ext4, linux-f2fs-devel, linux-api,
	David Howells, Theodore Ts'o, Jaegeuk Kim, Victor Hsieh

On Tue, Oct 29, 2019 at 01:41:37PM -0700, Eric Biggers wrote:
> This patchset exposes the verity bit (a.k.a. FS_VERITY_FL) via statx().
> 
> This is useful because it allows applications to check whether a file is
> a verity file without opening it.  Opening a verity file can be
> expensive because the fsverity_info is set up on open, which involves
> parsing metadata and optionally verifying a cryptographic signature.
> 
> This is analogous to how various other bits are exposed through both
> FS_IOC_GETFLAGS and statx(), e.g. the encrypt bit.
> 
> This patchset applies to v5.4-rc5.
> 
> Eric Biggers (4):
>   statx: define STATX_ATTR_VERITY
>   ext4: support STATX_ATTR_VERITY
>   f2fs: support STATX_ATTR_VERITY
>   docs: fs-verity: mention statx() support
> 
>  Documentation/filesystems/fsverity.rst | 8 ++++++++
>  fs/ext4/inode.c                        | 5 ++++-
>  fs/f2fs/file.c                         | 5 ++++-
>  include/linux/stat.h                   | 3 ++-
>  include/uapi/linux/stat.h              | 2 +-
>  5 files changed, 19 insertions(+), 4 deletions(-)

Applied to fscrypt.git#fsverity for 5.5.

- Eric

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [man-pages RFC PATCH] statx.2: document STATX_ATTR_VERITY
  2019-11-09 19:34           ` walter harms
@ 2019-11-13 20:31             ` Eric Biggers
  0 siblings, 0 replies; 18+ messages in thread
From: Eric Biggers @ 2019-11-13 20:31 UTC (permalink / raw)
  To: walter harms
  Cc: linux-man, darrick.wong, dhowells, jaegeuk, linux-api,
	linux-ext4, linux-f2fs-devel, linux-fscrypt, linux-fsdevel,
	tytso, victorhsieh

On Sat, Nov 09, 2019 at 08:34:51PM +0100, walter harms wrote:
> Am 08.11.2019 20:35, schrieb Eric Biggers:
> > On Fri, Nov 08, 2019 at 09:23:04AM +0100, walter harms wrote:
> >>
> >>
> >> Am 07.11.2019 23:02, schrieb Eric Biggers:
> >>> From: Eric Biggers <ebiggers@google.com>
> >>>
> >>> Document the verity attribute for statx().
> >>>
> >>> Signed-off-by: Eric Biggers <ebiggers@google.com>
> >>> ---
> >>>  man2/statx.2 | 4 ++++
> >>>  1 file changed, 4 insertions(+)
> >>>
> >>> RFC since the kernel patches are currently under review.
> >>> The kernel patches can be found here:
> >>> https://lkml.kernel.org/linux-fscrypt/20191029204141.145309-1-ebiggers@kernel.org/T/#u
> >>>
> >>> diff --git a/man2/statx.2 b/man2/statx.2
> >>> index d2f1b07b8..713bd1260 100644
> >>> --- a/man2/statx.2
> >>> +++ b/man2/statx.2
> >>> @@ -461,6 +461,10 @@ See
> >>>  .TP
> >>>  .B STATX_ATTR_ENCRYPTED
> >>>  A key is required for the file to be encrypted by the filesystem.
> >>> +.TP
> >>> +.B STATX_ATTR_VERITY
> >>> +The file has fs-verity enabled.  It cannot be written to, and all reads from it
> >>> +will be verified against a Merkle tree.
> >>
> >> Using "Merkle tree" opens a can of worm and what will happen when the methode will change ?
> >> Does it matter at all ? i would suggest "filesystem" here.
> >>
> > 
> > Fundamentally, fs-verity guarantees that all data read is verified against a
> > cryptographic hash that covers the entire file.  I think it will be helpful to
> > convey that here, e.g. to avoid confusion with non-cryptographic, individual
> > block checksums supported by filesystems like btrfs and zfs.
> > 
> > Now, the only sane way to implement this model is with a Merkle tree, and this
> > is part of the fs-verity UAPI (via the file hash), so that's where I'm coming
> > from here.  Perhaps the phrase "Merkle tree" could be interpreted too strictly,
> > though, so it would be better to emphasize the more abstract model.  How about
> > the following?:
> > 
> > 	The file has fs-verity enabled.  It cannot be written to, and all reads
> > 	from it will be verified against a cryptographic hash that covers the
> > 	entire file, e.g. via a Merkle tree.
> > 
> 
> "feels" better,. but from a programmers perspective it is important at what level
> this is actually done. To see my point look at the line before.
> "encrypted by the filesystem" mean i have to read the documentation of the fs first
> so if encryption is supported at all. Or do i think to complicated ?
> 

It's filesystem-specific whether encryption and verity are supported.  I'm not
sure what your concern is, as statx() won't return the bits if the filesystem
doesn't support them.

Also note, if someone really wants the details about fscrypt and fsverity, they
really should read the documentation we maintain in the kernel tree [1][2].

[1] https://www.kernel.org/doc/html/latest/filesystems/fscrypt.html
[2] https://www.kernel.org/doc/html/latest/filesystems/fsverity.html

- Eric

^ permalink raw reply	[flat|nested] 18+ messages in thread

end of thread, back to index

Thread overview: 18+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-29 20:41 [PATCH 0/4] statx: expose the fs-verity bit Eric Biggers
2019-10-29 20:41 ` [PATCH 1/4] statx: define STATX_ATTR_VERITY Eric Biggers
2019-10-30 18:26   ` Andreas Dilger
2019-11-07  1:44   ` Darrick J. Wong
2019-11-07  2:05     ` Andreas Dilger
2019-11-07 22:02     ` [man-pages RFC PATCH] statx.2: document STATX_ATTR_VERITY Eric Biggers
2019-11-08  0:47       ` Darrick J. Wong
2019-11-08  8:23       ` walter harms
2019-11-08 19:35         ` Eric Biggers
2019-11-09 19:34           ` walter harms
2019-11-13 20:31             ` Eric Biggers
2019-11-07 22:12     ` [PATCH 1/4] statx: define STATX_ATTR_VERITY Eric Biggers
2019-10-29 20:41 ` [PATCH 2/4] ext4: support STATX_ATTR_VERITY Eric Biggers
2019-10-30 18:27   ` Andreas Dilger
2019-10-29 20:41 ` [PATCH 3/4] f2fs: " Eric Biggers
2019-10-29 20:41 ` [PATCH 4/4] docs: fs-verity: mention statx() support Eric Biggers
2019-11-06 21:57 ` [PATCH 0/4] statx: expose the fs-verity bit Eric Biggers
2019-11-13 20:20 ` Eric Biggers

Linux-ext4 Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-ext4/0 linux-ext4/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-ext4 linux-ext4/ https://lore.kernel.org/linux-ext4 \
		linux-ext4@vger.kernel.org
	public-inbox-index linux-ext4

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-ext4


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git