From: "Darrick J. Wong" <djwong@kernel.org>
To: aalbersh@redhat.com, ebiggers@kernel.org, djwong@kernel.org
Cc: linux-xfs@vger.kernel.org, alexl@redhat.com, walters@verbum.org,
fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org
Subject: [PATCH 03/18] fsverity: convert verification to use byte instead of page offsets
Date: Mon, 29 Apr 2024 20:20:11 -0700 [thread overview]
Message-ID: <171444679642.955480.14668034329027994356.stgit@frogsfrogsfrogs> (raw)
In-Reply-To: <171444679542.955480.18087310571597618350.stgit@frogsfrogsfrogs>
From: Darrick J. Wong <djwong@kernel.org>
Convert all the hash verification code to use byte offsets instead of
page offsets so that fsverity can support implementations that supply
merkle tree information in units of merkle tree blocks instead of pages.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
---
fs/verity/fsverity_private.h | 8 ++
fs/verity/read_metadata.c | 65 ++++++++-----------
fs/verity/verify.c | 145 ++++++++++++++++++++++++++++--------------
include/linux/fsverity.h | 19 ++++++
4 files changed, 152 insertions(+), 85 deletions(-)
diff --git a/fs/verity/fsverity_private.h b/fs/verity/fsverity_private.h
index b3506f56e180b..8a41e27413284 100644
--- a/fs/verity/fsverity_private.h
+++ b/fs/verity/fsverity_private.h
@@ -154,4 +154,12 @@ static inline void fsverity_init_signature(void)
void __init fsverity_init_workqueue(void);
+int fsverity_read_merkle_tree_block(struct inode *inode,
+ const struct merkle_tree_params *params,
+ u64 pos, unsigned long ra_bytes,
+ struct fsverity_blockbuf *block);
+
+void fsverity_drop_merkle_tree_block(struct inode *inode,
+ struct fsverity_blockbuf *block);
+
#endif /* _FSVERITY_PRIVATE_H */
diff --git a/fs/verity/read_metadata.c b/fs/verity/read_metadata.c
index f58432772d9ea..4011a02f5d32d 100644
--- a/fs/verity/read_metadata.c
+++ b/fs/verity/read_metadata.c
@@ -14,65 +14,54 @@
static int fsverity_read_merkle_tree(struct inode *inode,
const struct fsverity_info *vi,
- void __user *buf, u64 offset, int length)
+ void __user *buf, u64 pos, int length)
{
- const struct fsverity_operations *vops = inode->i_sb->s_vop;
- u64 end_offset;
- unsigned int offs_in_page;
- pgoff_t index, last_index;
+ const u64 end_pos = min(pos + length, vi->tree_params.tree_size);
+ struct backing_dev_info *bdi = inode->i_sb->s_bdi;
+ const u64 max_ra_bytes = min((u64)bdi->io_pages << PAGE_SHIFT,
+ ULONG_MAX);
+ const struct merkle_tree_params *params = &vi->tree_params;
+ unsigned int offs_in_block = pos & (params->block_size - 1);
int retval = 0;
int err = 0;
- end_offset = min(offset + length, vi->tree_params.tree_size);
- if (offset >= end_offset)
- return 0;
- offs_in_page = offset_in_page(offset);
- last_index = (end_offset - 1) >> PAGE_SHIFT;
-
/*
- * Iterate through each Merkle tree page in the requested range and copy
- * the requested portion to userspace. Note that the Merkle tree block
- * size isn't important here, as we are returning a byte stream; i.e.,
- * we can just work with pages even if the tree block size != PAGE_SIZE.
+ * Iterate through each Merkle tree block in the requested range and
+ * copy the requested portion to userspace. Note that we are returning
+ * a byte stream.
*/
- for (index = offset >> PAGE_SHIFT; index <= last_index; index++) {
- unsigned long num_ra_pages =
- min_t(unsigned long, last_index - index + 1,
- inode->i_sb->s_bdi->io_pages);
- unsigned int bytes_to_copy = min_t(u64, end_offset - offset,
- PAGE_SIZE - offs_in_page);
- struct page *page;
- const void *virt;
+ while (pos < end_pos) {
+ unsigned long ra_bytes;
+ unsigned int bytes_to_copy;
+ struct fsverity_blockbuf block = { };
- page = vops->read_merkle_tree_page(inode, index, num_ra_pages);
- if (IS_ERR(page)) {
- err = PTR_ERR(page);
- fsverity_err(inode,
- "Error %d reading Merkle tree page %lu",
- err, index);
+ ra_bytes = min_t(unsigned long, end_pos - pos, max_ra_bytes);
+ bytes_to_copy = min_t(u64, end_pos - pos,
+ params->block_size - offs_in_block);
+
+ err = fsverity_read_merkle_tree_block(inode, &vi->tree_params,
+ pos - offs_in_block,
+ ra_bytes, &block);
+ if (err)
break;
- }
- virt = kmap_local_page(page);
- if (copy_to_user(buf, virt + offs_in_page, bytes_to_copy)) {
- kunmap_local(virt);
- put_page(page);
+ if (copy_to_user(buf, block.kaddr + offs_in_block, bytes_to_copy)) {
+ fsverity_drop_merkle_tree_block(inode, &block);
err = -EFAULT;
break;
}
- kunmap_local(virt);
- put_page(page);
+ fsverity_drop_merkle_tree_block(inode, &block);
retval += bytes_to_copy;
buf += bytes_to_copy;
- offset += bytes_to_copy;
+ pos += bytes_to_copy;
if (fatal_signal_pending(current)) {
err = -EINTR;
break;
}
cond_resched();
- offs_in_page = 0;
+ offs_in_block = 0;
}
return retval ? retval : err;
}
diff --git a/fs/verity/verify.c b/fs/verity/verify.c
index 4fcad0825a120..1c4a7c63c0a1c 100644
--- a/fs/verity/verify.c
+++ b/fs/verity/verify.c
@@ -13,12 +13,15 @@
static struct workqueue_struct *fsverity_read_workqueue;
/*
- * Returns true if the hash block with index @hblock_idx in the tree, located in
- * @hpage, has already been verified.
+ * Returns true if the hash @block with index @hblock_idx in the merkle tree
+ * for @inode has already been verified.
*/
-static bool is_hash_block_verified(struct fsverity_info *vi, struct page *hpage,
+static bool is_hash_block_verified(struct inode *inode,
+ struct fsverity_blockbuf *block,
unsigned long hblock_idx)
{
+ struct fsverity_info *vi = inode->i_verity_info;
+ struct page *hpage = (struct page *)block->context;
unsigned int blocks_per_page;
unsigned int i;
@@ -90,20 +93,19 @@ static bool is_hash_block_verified(struct fsverity_info *vi, struct page *hpage,
*/
static bool
verify_data_block(struct inode *inode, struct fsverity_info *vi,
- const void *data, u64 data_pos, unsigned long max_ra_pages)
+ const void *data, u64 data_pos, unsigned long max_ra_bytes)
{
const struct merkle_tree_params *params = &vi->tree_params;
const unsigned int hsize = params->digest_size;
int level;
+ unsigned long ra_bytes;
u8 _want_hash[FS_VERITY_MAX_DIGEST_SIZE];
const u8 *want_hash;
u8 real_hash[FS_VERITY_MAX_DIGEST_SIZE];
/* The hash blocks that are traversed, indexed by level */
struct {
- /* Page containing the hash block */
- struct page *page;
- /* Mapped address of the hash block (will be within @page) */
- const void *addr;
+ /* Buffer containing the hash block */
+ struct fsverity_blockbuf block;
/* Index of the hash block in the tree overall */
unsigned long index;
/* Byte offset of the wanted hash relative to @addr */
@@ -143,11 +145,9 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi,
for (level = 0; level < params->num_levels; level++) {
unsigned long next_hidx;
unsigned long hblock_idx;
- pgoff_t hpage_idx;
- unsigned int hblock_offset_in_page;
+ u64 hblock_pos;
unsigned int hoffset;
- struct page *hpage;
- const void *haddr;
+ struct fsverity_blockbuf *block = &hblocks[level].block;
/*
* The index of the block in the current level; also the index
@@ -158,36 +158,29 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi,
/* Index of the hash block in the tree overall */
hblock_idx = params->level_start[level] + next_hidx;
- /* Index of the hash page in the tree overall */
- hpage_idx = hblock_idx >> params->log_blocks_per_page;
-
- /* Byte offset of the hash block within the page */
- hblock_offset_in_page =
- (hblock_idx << params->log_blocksize) & ~PAGE_MASK;
+ /* Byte offset of the hash block in the tree overall */
+ hblock_pos = (u64)hblock_idx << params->log_blocksize;
/* Byte offset of the hash within the block */
hoffset = (hidx << params->log_digestsize) &
(params->block_size - 1);
- hpage = inode->i_sb->s_vop->read_merkle_tree_page(inode,
- hpage_idx, level == 0 ? min(max_ra_pages,
- params->tree_pages - hpage_idx) : 0);
- if (IS_ERR(hpage)) {
- fsverity_err(inode,
- "Error %ld reading Merkle tree page %lu",
- PTR_ERR(hpage), hpage_idx);
+ if (level == 0)
+ ra_bytes = min_t(u64, max_ra_bytes,
+ params->tree_size - hblock_pos);
+ else
+ ra_bytes = 0;
+
+ if (fsverity_read_merkle_tree_block(inode, params, hblock_pos,
+ ra_bytes, block) != 0)
goto error;
- }
- haddr = kmap_local_page(hpage) + hblock_offset_in_page;
- if (is_hash_block_verified(vi, hpage, hblock_idx)) {
- memcpy(_want_hash, haddr + hoffset, hsize);
+
+ if (is_hash_block_verified(inode, block, hblock_idx)) {
+ memcpy(_want_hash, block->kaddr + hoffset, hsize);
want_hash = _want_hash;
- kunmap_local(haddr);
- put_page(hpage);
+ fsverity_drop_merkle_tree_block(inode, block);
goto descend;
}
- hblocks[level].page = hpage;
- hblocks[level].addr = haddr;
hblocks[level].index = hblock_idx;
hblocks[level].hoffset = hoffset;
hidx = next_hidx;
@@ -197,8 +190,8 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi,
descend:
/* Descend the tree verifying hash blocks. */
for (; level > 0; level--) {
- struct page *hpage = hblocks[level - 1].page;
- const void *haddr = hblocks[level - 1].addr;
+ struct fsverity_blockbuf *block = &hblocks[level - 1].block;
+ const void *haddr = block->kaddr;
unsigned long hblock_idx = hblocks[level - 1].index;
unsigned int hoffset = hblocks[level - 1].hoffset;
@@ -214,11 +207,10 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi,
if (vi->hash_block_verified)
set_bit(hblock_idx, vi->hash_block_verified);
else
- SetPageChecked(hpage);
+ SetPageChecked((struct page *)block->context);
memcpy(_want_hash, haddr + hoffset, hsize);
want_hash = _want_hash;
- kunmap_local(haddr);
- put_page(hpage);
+ fsverity_drop_merkle_tree_block(inode, block);
}
/* Finally, verify the data block. */
@@ -235,16 +227,14 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi,
params->hash_alg->name, hsize, want_hash,
params->hash_alg->name, hsize, real_hash);
error:
- for (; level > 0; level--) {
- kunmap_local(hblocks[level - 1].addr);
- put_page(hblocks[level - 1].page);
- }
+ for (; level > 0; level--)
+ fsverity_drop_merkle_tree_block(inode, &hblocks[level - 1].block);
return false;
}
static bool
verify_data_blocks(struct folio *data_folio, size_t len, size_t offset,
- unsigned long max_ra_pages)
+ unsigned long max_ra_bytes)
{
struct inode *inode = data_folio->mapping->host;
struct fsverity_info *vi = inode->i_verity_info;
@@ -262,7 +252,7 @@ verify_data_blocks(struct folio *data_folio, size_t len, size_t offset,
data = kmap_local_folio(data_folio, offset);
valid = verify_data_block(inode, vi, data, pos + offset,
- max_ra_pages);
+ max_ra_bytes);
kunmap_local(data);
if (!valid)
return false;
@@ -308,7 +298,7 @@ EXPORT_SYMBOL_GPL(fsverity_verify_blocks);
void fsverity_verify_bio(struct bio *bio)
{
struct folio_iter fi;
- unsigned long max_ra_pages = 0;
+ unsigned long max_ra_bytes = 0;
if (bio->bi_opf & REQ_RAHEAD) {
/*
@@ -320,12 +310,12 @@ void fsverity_verify_bio(struct bio *bio)
* This improves sequential read performance, as it greatly
* reduces the number of I/O requests made to the Merkle tree.
*/
- max_ra_pages = bio->bi_iter.bi_size >> (PAGE_SHIFT + 2);
+ max_ra_bytes = bio->bi_iter.bi_size >> 2;
}
bio_for_each_folio_all(fi, bio) {
if (!verify_data_blocks(fi.folio, fi.length, fi.offset,
- max_ra_pages)) {
+ max_ra_bytes)) {
bio->bi_status = BLK_STS_IOERR;
break;
}
@@ -362,3 +352,64 @@ void __init fsverity_init_workqueue(void)
if (!fsverity_read_workqueue)
panic("failed to allocate fsverity_read_queue");
}
+
+/**
+ * fsverity_read_merkle_tree_block() - read Merkle tree block
+ * @inode: inode to which this Merkle tree block belongs
+ * @params: merkle tree parameters
+ * @pos: byte position within merkle tree
+ * @ra_bytes: try to read ahead this many bytes
+ * @block: block to be loaded
+ *
+ * This function loads data from a merkle tree.
+ */
+int fsverity_read_merkle_tree_block(struct inode *inode,
+ const struct merkle_tree_params *params,
+ u64 pos, unsigned long ra_bytes,
+ struct fsverity_blockbuf *block)
+{
+ const struct fsverity_operations *vops = inode->i_sb->s_vop;
+ unsigned long page_idx;
+ struct page *page;
+ unsigned long index;
+ unsigned int offset_in_page;
+ int err;
+
+ block->pos = pos;
+ block->size = params->block_size;
+
+ index = pos >> params->log_blocksize;
+ page_idx = round_down(index, params->blocks_per_page);
+ offset_in_page = pos & ~PAGE_MASK;
+
+ page = vops->read_merkle_tree_page(inode, page_idx,
+ ra_bytes >> PAGE_SHIFT);
+ if (IS_ERR(page)) {
+ err = PTR_ERR(page);
+ goto bad;
+ }
+
+ block->kaddr = kmap_local_page(page) + offset_in_page;
+ block->context = page;
+ return 0;
+bad:
+ fsverity_err(inode, "Error %d reading Merkle tree block %llu", err,
+ pos);
+ return err;
+}
+
+/**
+ * fsverity_drop_merkle_tree_block() - release resources acquired by
+ * fsverity_read_merkle_tree_block
+ *
+ * @inode: inode to which this Merkle tree block belongs
+ * @block: block to be released
+ */
+void fsverity_drop_merkle_tree_block(struct inode *inode,
+ struct fsverity_blockbuf *block)
+{
+ kunmap_local(block->kaddr);
+ put_page((struct page *)block->context);
+ block->kaddr = NULL;
+ block->context = NULL;
+}
diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h
index ac58b19f23d32..05f8e89e0f470 100644
--- a/include/linux/fsverity.h
+++ b/include/linux/fsverity.h
@@ -26,6 +26,25 @@
/* Arbitrary limit to bound the kmalloc() size. Can be changed. */
#define FS_VERITY_MAX_DESCRIPTOR_SIZE 16384
+/**
+ * struct fsverity_blockbuf - Merkle Tree block buffer
+ * @context: filesystem private context
+ * @kaddr: virtual address of the block's data
+ * @pos: the position of the block in the Merkle tree (in bytes)
+ * @size: the Merkle tree block size
+ *
+ * Buffer containing a single Merkle Tree block. When fs-verity wants to read
+ * merkle data from disk, it passes the filesystem a buffer with the @pos,
+ * @index, and @size fields filled out. The filesystem sets @kaddr and
+ * @context.
+ */
+struct fsverity_blockbuf {
+ void *context;
+ void *kaddr;
+ loff_t pos;
+ unsigned int size;
+};
+
/* Verity operations for filesystems */
struct fsverity_operations {
next prev parent reply other threads:[~2024-04-30 3:20 UTC|newest]
Thread overview: 165+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-30 3:11 [PATCHBOMB v5.6] fs-verity support for XFS Darrick J. Wong
2024-04-30 3:18 ` [PATCHSET v5.6 1/2] fs-verity: support merkle tree access by blocks Darrick J. Wong
2024-04-30 3:19 ` [PATCH 01/18] fs: add FS_XFLAG_VERITY for verity files Darrick J. Wong
2024-04-30 3:19 ` [PATCH 02/18] fsverity: pass tree_blocksize to end_enable_verity() Darrick J. Wong
2024-04-30 3:20 ` Darrick J. Wong [this message]
2024-05-01 7:33 ` [PATCH 03/18] fsverity: convert verification to use byte instead of page offsets Christoph Hellwig
2024-05-01 22:33 ` Darrick J. Wong
2024-05-02 0:42 ` Eric Biggers
2024-05-08 20:14 ` Darrick J. Wong
2024-04-30 3:20 ` [PATCH 04/18] fsverity: support block-based Merkle tree caching Darrick J. Wong
2024-05-01 7:36 ` Christoph Hellwig
2024-05-01 22:35 ` Darrick J. Wong
2024-05-02 4:42 ` Christoph Hellwig
2024-05-15 2:16 ` Eric Biggers
2024-04-30 3:20 ` [PATCH 05/18] fsverity: pass the merkle tree block level to fsverity_read_merkle_tree_block Darrick J. Wong
2024-04-30 3:20 ` [PATCH 06/18] fsverity: add per-sb workqueue for post read processing Darrick J. Wong
2024-04-30 3:21 ` [PATCH 07/18] fsverity: add tracepoints Darrick J. Wong
2024-04-30 3:21 ` [PATCH 08/18] fsverity: pass the new tree size and block size to ->begin_enable_verity Darrick J. Wong
2024-04-30 3:21 ` [PATCH 09/18] fsverity: expose merkle tree geometry to callers Darrick J. Wong
2024-04-30 3:22 ` [PATCH 10/18] fsverity: box up the write_merkle_tree_block parameters too Darrick J. Wong
2024-04-30 3:22 ` [PATCH 11/18] fsverity: pass the zero-hash value to the implementation Darrick J. Wong
2024-04-30 3:22 ` [PATCH 12/18] fsverity: report validation errors back to the filesystem Darrick J. Wong
2024-04-30 3:22 ` [PATCH 13/18] fsverity: pass super_block to fsverity_enqueue_verify_work Darrick J. Wong
2024-04-30 3:23 ` [PATCH 14/18] ext4: use a per-superblock fsverity workqueue Darrick J. Wong
2024-04-30 3:23 ` [PATCH 15/18] f2fs: " Darrick J. Wong
2024-04-30 3:23 ` [PATCH 16/18] btrfs: " Darrick J. Wong
2024-04-30 3:23 ` [PATCH 17/18] fsverity: remove system-wide workqueue Darrick J. Wong
2024-04-30 3:24 ` [PATCH 18/18] iomap: integrate fs-verity verification into iomap's read path Darrick J. Wong
2024-05-01 7:10 ` Christoph Hellwig
2024-05-01 22:37 ` Darrick J. Wong
2024-04-30 3:18 ` [PATCHSET v5.6 2/2] xfs: fs-verity support Darrick J. Wong
2024-04-30 3:24 ` [PATCH 01/26] xfs: use unsigned ints for non-negative quantities in xfs_attr_remote.c Darrick J. Wong
2024-05-01 6:55 ` Christoph Hellwig
2024-05-01 22:39 ` Darrick J. Wong
2024-05-02 4:56 ` Christoph Hellwig
2024-05-02 5:56 ` Chandan Babu R
2024-05-02 6:34 ` Christoph Hellwig
2024-04-30 3:24 ` [PATCH 02/26] xfs: turn XFS_ATTR3_RMT_BUF_SPACE into a function Darrick J. Wong
2024-05-01 6:55 ` Christoph Hellwig
2024-04-30 3:24 ` [PATCH 03/26] xfs: create a helper to compute the blockcount of a max sized remote value Darrick J. Wong
2024-05-01 6:56 ` Christoph Hellwig
2024-04-30 3:25 ` [PATCH 04/26] xfs: minor cleanups of xfs_attr3_rmt_blocks Darrick J. Wong
2024-05-01 6:56 ` Christoph Hellwig
2024-04-30 3:25 ` [PATCH 05/26] xfs: use an empty transaction to protect xfs_attr_get from deadlocks Darrick J. Wong
2024-05-01 6:57 ` Christoph Hellwig
2024-05-01 22:42 ` Darrick J. Wong
2024-04-30 3:25 ` [PATCH 06/26] xfs: add attribute type for fs-verity Darrick J. Wong
2024-04-30 3:25 ` [PATCH 07/26] xfs: do not use xfs_attr3_rmt_hdr for remote verity value blocks Darrick J. Wong
2024-04-30 3:26 ` [PATCH 08/26] xfs: add fs-verity ro-compat flag Darrick J. Wong
2024-04-30 3:26 ` [PATCH 09/26] xfs: add inode on-disk VERITY flag Darrick J. Wong
2024-04-30 3:26 ` [PATCH 10/26] xfs: initialize fs-verity on file open and cleanup on inode destruction Darrick J. Wong
2024-04-30 3:26 ` [PATCH 11/26] xfs: don't allow to enable DAX on fs-verity sealed inode Darrick J. Wong
2024-04-30 3:27 ` [PATCH 12/26] xfs: disable direct read path for fs-verity files Darrick J. Wong
2024-04-30 3:27 ` [PATCH 13/26] xfs: widen flags argument to the xfs_iflags_* helpers Darrick J. Wong
2024-05-01 6:54 ` Christoph Hellwig
2024-05-01 22:44 ` Darrick J. Wong
2024-04-30 3:27 ` [PATCH 14/26] xfs: add fs-verity support Darrick J. Wong
2024-04-30 3:28 ` [PATCH 15/26] xfs: create a per-mount shrinker for verity inodes merkle tree blocks Darrick J. Wong
2024-04-30 3:28 ` [PATCH 16/26] xfs: shrink verity blob cache Darrick J. Wong
2024-04-30 3:28 ` [PATCH 17/26] xfs: don't store trailing zeroes of merkle tree blocks Darrick J. Wong
2024-04-30 3:28 ` [PATCH 18/26] xfs: use merkle tree offset as attr hash Darrick J. Wong
2024-05-01 6:53 ` Christoph Hellwig
2024-05-01 7:23 ` Christoph Hellwig
2024-05-07 21:24 ` Darrick J. Wong
2024-05-08 11:47 ` Christoph Hellwig
2024-05-08 20:26 ` Darrick J. Wong
2024-05-09 5:02 ` Christoph Hellwig
2024-05-09 20:02 ` Darrick J. Wong
2024-05-10 5:08 ` Christoph Hellwig
2024-05-10 6:20 ` Christoph Hellwig
2024-05-17 17:17 ` Darrick J. Wong
2024-05-20 12:39 ` Christoph Hellwig
2024-05-20 16:02 ` Darrick J. Wong
2024-05-22 14:37 ` Christoph Hellwig
2024-05-22 18:29 ` Eric Biggers
2024-05-31 21:28 ` Darrick J. Wong
2024-05-31 21:45 ` Eric Biggers
2024-05-09 17:46 ` Eric Biggers
2024-05-09 18:04 ` Darrick J. Wong
2024-05-09 18:36 ` Eric Biggers
2024-04-30 3:29 ` [PATCH 19/26] xfs: don't bother storing merkle tree blocks for zeroed data blocks Darrick J. Wong
2024-05-01 6:47 ` Christoph Hellwig
2024-05-01 22:47 ` Darrick J. Wong
2024-05-02 0:01 ` Eric Biggers
2024-05-08 20:26 ` Darrick J. Wong
2024-04-30 3:29 ` [PATCH 20/26] xfs: add fs-verity ioctls Darrick J. Wong
2024-04-30 3:29 ` [PATCH 21/26] xfs: advertise fs-verity being available on filesystem Darrick J. Wong
2024-04-30 3:29 ` [PATCH 22/26] xfs: check and repair the verity inode flag state Darrick J. Wong
2024-04-30 3:30 ` [PATCH 23/26] xfs: teach online repair to evaluate fsverity xattrs Darrick J. Wong
2024-04-30 3:30 ` [PATCH 24/26] xfs: report verity failures through the health system Darrick J. Wong
2024-04-30 3:30 ` [PATCH 25/26] xfs: make it possible to disable fsverity Darrick J. Wong
2024-05-01 6:48 ` Christoph Hellwig
2024-05-01 22:50 ` Darrick J. Wong
2024-05-02 0:15 ` Eric Biggers
2024-05-08 20:31 ` Darrick J. Wong
2024-05-09 5:04 ` Christoph Hellwig
2024-05-09 14:45 ` Darrick J. Wong
2024-05-09 15:06 ` Christoph Hellwig
2024-05-09 15:09 ` Darrick J. Wong
2024-05-09 15:13 ` Christoph Hellwig
2024-05-09 15:43 ` Darrick J. Wong
2024-05-17 19:36 ` Theodore Ts'o
2024-04-30 3:30 ` [PATCH 26/26] xfs: enable ro-compat fs-verity flag Darrick J. Wong
2024-04-30 3:19 ` [PATCHSET v5.6] xfsprogs: fs-verity support for XFS Darrick J. Wong
2024-04-30 3:31 ` [PATCH 01/38] fs: add FS_XFLAG_VERITY for verity files Darrick J. Wong
2024-04-30 3:31 ` [PATCH 02/38] xfs: use unsigned ints for non-negative quantities in xfs_attr_remote.c Darrick J. Wong
2024-04-30 3:31 ` [PATCH 03/38] xfs: turn XFS_ATTR3_RMT_BUF_SPACE into a function Darrick J. Wong
2024-04-30 3:31 ` [PATCH 04/38] xfs: create a helper to compute the blockcount of a max sized remote value Darrick J. Wong
2024-04-30 3:32 ` [PATCH 05/38] xfs: minor cleanups of xfs_attr3_rmt_blocks Darrick J. Wong
2024-04-30 3:32 ` [PATCH 06/38] xfs: use an empty transaction to protect xfs_attr_get from deadlocks Darrick J. Wong
2024-04-30 3:32 ` [PATCH 07/38] xfs: add attribute type for fs-verity Darrick J. Wong
2024-04-30 3:32 ` [PATCH 08/38] xfs: do not use xfs_attr3_rmt_hdr for remote verity value blocks Darrick J. Wong
2024-04-30 3:33 ` [PATCH 09/38] xfs: add fs-verity ro-compat flag Darrick J. Wong
2024-04-30 3:33 ` [PATCH 10/38] xfs: add inode on-disk VERITY flag Darrick J. Wong
2024-04-30 3:33 ` [PATCH 11/38] xfs: add fs-verity support Darrick J. Wong
2024-04-30 3:34 ` [PATCH 12/38] xfs: use merkle tree offset as attr hash Darrick J. Wong
2024-04-30 3:34 ` [PATCH 13/38] xfs: advertise fs-verity being available on filesystem Darrick J. Wong
2024-04-30 3:34 ` [PATCH 14/38] xfs: report verity failures through the health system Darrick J. Wong
2024-04-30 3:34 ` [PATCH 15/38] xfs: enable ro-compat fs-verity flag Darrick J. Wong
2024-04-30 3:35 ` [PATCH 16/38] libfrog: add fsverity to xfs_report_geom output Darrick J. Wong
2024-04-30 3:35 ` [PATCH 17/38] xfs_db: introduce attr_modify command Darrick J. Wong
2024-04-30 3:35 ` [PATCH 18/38] xfs_db: add ATTR_PARENT support to " Darrick J. Wong
2024-04-30 3:35 ` [PATCH 19/38] xfs_db: make attr_set/remove/modify be able to handle fs-verity attrs Darrick J. Wong
2024-04-30 3:36 ` [PATCH 20/38] man: document attr_modify command Darrick J. Wong
2024-04-30 3:36 ` [PATCH 21/38] xfs_db: create hex string as a field type Darrick J. Wong
2024-04-30 3:36 ` [PATCH 22/38] xfs_db: dump verity features and metadata Darrick J. Wong
2024-04-30 3:36 ` [PATCH 23/38] xfs_db: dump merkle tree data Darrick J. Wong
2024-04-30 3:37 ` [PATCH 24/38] xfs_db: dump the verity descriptor Darrick J. Wong
2024-04-30 3:37 ` [PATCH 25/38] xfs_db: don't obfuscate verity xattrs Darrick J. Wong
2024-04-30 3:37 ` [PATCH 26/38] xfs_db: dump the inode verity flag Darrick J. Wong
2024-04-30 3:37 ` [PATCH 27/38] xfs_db: compute hashes of merkle tree blocks Darrick J. Wong
2024-04-30 3:38 ` [PATCH 28/38] xfs_repair: junk fsverity xattrs when unnecessary Darrick J. Wong
2024-04-30 3:38 ` [PATCH 29/38] xfs_repair: clear verity iflag when verity isn't supported Darrick J. Wong
2024-04-30 3:38 ` [PATCH 30/38] xfs_repair: handle verity remote attrs Darrick J. Wong
2024-04-30 3:38 ` [PATCH 31/38] xfs_repair: allow upgrading filesystems with verity Darrick J. Wong
2024-04-30 3:39 ` [PATCH 32/38] xfs_scrub: check verity file metadata Darrick J. Wong
2024-04-30 3:39 ` [PATCH 33/38] xfs_scrub: validate verity file contents when doing a media scan Darrick J. Wong
2024-04-30 3:39 ` [PATCH 34/38] xfs_scrub: use MADV_POPULATE_READ to check verity files Darrick J. Wong
2024-04-30 3:40 ` [PATCH 35/38] xfs_spaceman: report data corruption Darrick J. Wong
2024-04-30 3:40 ` [PATCH 36/38] xfs_io: report fsverity status via statx Darrick J. Wong
2024-04-30 3:40 ` [PATCH 37/38] xfs_io: create magic command to disable verity Darrick J. Wong
2024-04-30 3:40 ` [PATCH 38/38] mkfs.xfs: add verity parameter Darrick J. Wong
2024-04-30 3:19 ` [PATCHSET v5.6] fstests: fs-verity support for XFS Darrick J. Wong
2024-04-30 3:41 ` [PATCH 1/6] common/verity: enable fsverity " Darrick J. Wong
2024-04-30 12:39 ` Andrey Albershteyn
2024-04-30 15:35 ` Darrick J. Wong
2024-04-30 3:41 ` [PATCH 2/6] xfs/{021,122}: adapt to fsverity xattrs Darrick J. Wong
2024-04-30 12:46 ` Andrey Albershteyn
2024-04-30 15:36 ` Darrick J. Wong
2024-04-30 3:41 ` [PATCH 3/6] xfs/122: adapt to fsverity Darrick J. Wong
2024-04-30 12:45 ` Andrey Albershteyn
2024-04-30 15:37 ` Darrick J. Wong
2024-04-30 3:41 ` [PATCH 4/6] xfs: test xfs_scrub detection and correction of corrupt fsverity metadata Darrick J. Wong
2024-04-30 12:29 ` Andrey Albershteyn
2024-04-30 15:43 ` Darrick J. Wong
2024-04-30 3:42 ` [PATCH 5/6] xfs: test disabling fsverity Darrick J. Wong
2024-04-30 12:56 ` Andrey Albershteyn
2024-04-30 13:11 ` Andrey Albershteyn
2024-04-30 15:48 ` Darrick J. Wong
2024-04-30 18:06 ` Andrey Albershteyn
2024-04-30 3:42 ` [PATCH 6/6] common/populate: add verity files to populate xfs images Darrick J. Wong
2024-04-30 13:22 ` Andrey Albershteyn
2024-04-30 15:49 ` Darrick J. Wong
2024-05-11 5:01 ` [PATCHSET v5.6] fstests: fs-verity support for XFS Zorro Lang
2024-05-17 15:56 ` Darrick J. Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=171444679642.955480.14668034329027994356.stgit@frogsfrogsfrogs \
--to=djwong@kernel.org \
--cc=aalbersh@redhat.com \
--cc=alexl@redhat.com \
--cc=ebiggers@kernel.org \
--cc=fsverity@lists.linux.dev \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=walters@verbum.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).