From: "Theodore Ts'o" <tytso@mit.edu>
To: Eric Biggers <ebiggers@kernel.org>
Cc: linux-fscrypt@vger.kernel.org, linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-fsdevel@vger.kernel.org, linux-api@vger.kernel.org,
linux-integrity@vger.kernel.org, Jaegeuk Kim <jaegeuk@kernel.org>,
Victor Hsieh <victorhsieh@google.com>,
Dave Chinner <david@fromorbit.com>,
Christoph Hellwig <hch@lst.de>,
"Darrick J . Wong" <darrick.wong@oracle.com>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH v4 10/16] fs-verity: implement FS_IOC_ENABLE_VERITY ioctl
Date: Sat, 15 Jun 2019 11:08:21 -0400 [thread overview]
Message-ID: <20190615150821.GK6142@mit.edu> (raw)
In-Reply-To: <20190606155205.2872-11-ebiggers@kernel.org>
On Thu, Jun 06, 2019 at 08:51:59AM -0700, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
>
> Add a function for filesystems to call to implement the
> FS_IOC_ENABLE_VERITY ioctl. This ioctl enables fs-verity on a file.
>
> See the "FS_IOC_ENABLE_VERITY" section of
> Documentation/filesystems/fsverity.rst for the documentation.
>
> Signed-off-by: Eric Biggers <ebiggers@google.com>
> diff --git a/fs/verity/enable.c b/fs/verity/enable.c
> new file mode 100644
> index 000000000000..7e7ef9d3c376
> --- /dev/null
> +++ b/fs/verity/enable.c
> + /* Tell the filesystem to finish enabling verity on the file */
> + err = vops->end_enable_verity(filp, desc, desc_size, params.tree_size);
> + if (err) {
> + fsverity_err(inode, "%ps() failed with err %d",
> + vops->end_enable_verity, err);
> + fsverity_free_info(vi);
> + } else {
> + /* Successfully enabled verity */
> +
> + WARN_ON(!IS_VERITY(inode));
> +
> + /*
> + * Readers can start using ->i_verity_info immediately, so it
> + * can't be rolled back once set. So don't set it until just
> + * after the filesystem has successfully enabled verity.
> + */
> + fsverity_set_info(inode, vi);
> + }
If end_enable_Verity() retuns success, and IS_VERITY is not set, I
would think that we should report the error via fsverity_err() and
return an error to userspace, and *not* call fsverity_set_info(). I
don't think the stack trace printed by WARN_ON is going to very
interesting, since the call path which gets us to enable_verity() is
not going to be surprising.
> +
> + if (inode->i_size <= 0) {
> + err = -EINVAL;
> + goto out_unlock;
> + }
How hard would it be to support fsverity for zero-length files? There
would be no Merkle tree, but there still would be an fsverity header
file on which we can calculate a checksum for the digital signature.
- Ted
next prev parent reply other threads:[~2019-06-15 15:08 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-06 15:51 [PATCH v4 00/16] fs-verity: read-only file-based authenticity protection Eric Biggers
2019-06-06 15:51 ` [PATCH v4 01/16] fs-verity: add a documentation file Eric Biggers
2019-06-15 12:39 ` Theodore Ts'o
2019-06-18 16:31 ` Eric Biggers
2019-06-06 15:51 ` [PATCH v4 02/16] fs-verity: add MAINTAINERS file entry Eric Biggers
2019-06-15 12:39 ` Theodore Ts'o
2019-06-06 15:51 ` [PATCH v4 03/16] fs-verity: add UAPI header Eric Biggers
2019-06-06 15:51 ` [PATCH v4 04/16] fs: uapi: define verity bit for FS_IOC_GETFLAGS Eric Biggers
2019-06-15 12:40 ` Theodore Ts'o
2019-06-06 15:51 ` [PATCH v4 05/16] fs-verity: add Kconfig and the helper functions for hashing Eric Biggers
2019-06-15 12:57 ` Theodore Ts'o
2019-06-18 16:32 ` Eric Biggers
2019-06-06 15:51 ` [PATCH v4 06/16] fs-verity: add inode and superblock fields Eric Biggers
2019-06-15 12:57 ` Theodore Ts'o
2019-06-06 15:51 ` [PATCH v4 07/16] fs-verity: add the hook for file ->open() Eric Biggers
2019-06-15 14:42 ` Theodore Ts'o
2019-06-18 16:35 ` Eric Biggers
2019-06-06 15:51 ` [PATCH v4 08/16] fs-verity: add the hook for file ->setattr() Eric Biggers
2019-06-15 14:43 ` Theodore Ts'o
2019-06-06 15:51 ` [PATCH v4 09/16] fs-verity: add data verification hooks for ->readpages() Eric Biggers
2019-06-15 14:48 ` Theodore Ts'o
2019-06-06 15:51 ` [PATCH v4 10/16] fs-verity: implement FS_IOC_ENABLE_VERITY ioctl Eric Biggers
2019-06-15 15:08 ` Theodore Ts'o [this message]
2019-06-18 16:50 ` Eric Biggers
2019-06-06 15:52 ` [PATCH v4 11/16] fs-verity: implement FS_IOC_MEASURE_VERITY ioctl Eric Biggers
2019-06-15 15:10 ` Theodore Ts'o
2019-06-06 15:52 ` [PATCH v4 12/16] fs-verity: add SHA-512 support Eric Biggers
2019-06-15 15:11 ` Theodore Ts'o
2019-06-06 15:52 ` [PATCH v4 13/16] fs-verity: support builtin file signatures Eric Biggers
2019-06-15 15:21 ` Theodore Ts'o
2019-06-18 16:58 ` Eric Biggers
2019-06-06 15:52 ` [PATCH v4 14/16] ext4: add basic fs-verity support Eric Biggers
2019-06-15 15:31 ` Theodore Ts'o
2019-06-18 17:51 ` Eric Biggers
2019-06-18 22:46 ` Theodore Ts'o
2019-06-18 23:41 ` Eric Biggers
2019-06-19 3:05 ` Theodore Ts'o
2019-06-19 19:13 ` Eric Biggers
2019-06-06 15:52 ` [PATCH v4 15/16] ext4: add fs-verity read support Eric Biggers
2019-06-06 15:52 ` [PATCH v4 16/16] f2fs: add fs-verity support Eric Biggers
2019-06-06 17:21 ` [PATCH v4 00/16] fs-verity: read-only file-based authenticity protection Linus Torvalds
2019-06-06 19:43 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190615150821.GK6142@mit.edu \
--to=tytso@mit.edu \
--cc=darrick.wong@oracle.com \
--cc=david@fromorbit.com \
--cc=ebiggers@kernel.org \
--cc=hch@lst.de \
--cc=jaegeuk@kernel.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=victorhsieh@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).