From: "Darrick J. Wong" <djwong@kernel.org>
To: Eric Biggers <ebiggers@kernel.org>
Cc: aalbersh@redhat.com, Mark Tinguely <tinguely@sgi.com>,
Allison Henderson <allison.henderson@oracle.com>,
Christoph Hellwig <hch@lst.de>,
Dave Chinner <dchinner@redhat.com>,
linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev,
linux-xfs@vger.kernel.org
Subject: Re: [PATCHSET v5.3] fs-verity support for XFS
Date: Tue, 19 Mar 2024 15:07:43 -0700 [thread overview]
Message-ID: <20240319220743.GF6226@frogsfrogsfrogs> (raw)
In-Reply-To: <20240318163512.GB1185@sol.localdomain>
On Mon, Mar 18, 2024 at 09:35:12AM -0700, Eric Biggers wrote:
> On Sun, Mar 17, 2024 at 09:22:52AM -0700, Darrick J. Wong wrote:
> > Hi all,
> >
> > From Darrick J. Wong:
> >
> > This v5.3 patchset builds upon v5.2 of Andrey's patchset to implement
> > fsverity for XFS.
>
> Is this ready for me to review, or is my feedback on v5 still being
> worked on?
It's still being worked on. I figured it was time to push my work tree
back to Andrey so everyone could see the results of me attempting to
understand the fsverity patchset by working around in the codebase.
From your perspective, I suspect the most interesting patches will be 5,
6, 7+10+14, 11-13, and 15-17. For everyone on the XFS side, patches
27-39 are the most interesting since they change the caching strategy
and slim down the ondisk format.
> From a quick glance, not everything from my feedback has been
> addressed.
That's correct. I cleaned up the mechanics of passing merkle trees
around, but I didn't address the comments about per-sb workqueues,
fsverity tracepoints, or whether or not iomap should allocate biosets.
Roughly, here's what I did in the generic code:
I fixed the FS_XFLAG_VERITY handling so that you can't clear it via
FS_IOC_FSSETXATTR.
I also rewrote and augmented the "drop dead merkle tree" functions in
xfs_verity to clean out incomplete trees when ->end_enable tells us we
failed; and to clean out extra blocks in the ->begin_enable just in case
the file shrank since a failed attempt to enable fsverity.
As for online repair, the "fsverity: expose merkle tree geometry to
callers" enables the kernel to do some basic online checking that there
aren't excessive merkle tree blocks and that fsverity can read the
descriptor. In my djwong-wtf tree, xfs_scrub gains the ability to read
the entire file into the pagecache (and hence validate the verity info)
via MADV_POPULATE READ, and now it has a patch to read the entire merkle
tree/descriptor/signature just to make sure those can actually be read.
Most of the things you gave feedback about in "fsverity: support
block-based Merkle tree caching" I think I cleaned up in "fsverity: fix
"support block-based Merkle tree caching"" and "fsverity: rely on cached
block callers to retain verified state". I kept those separate so that
Andrey could see what I did, though they really ought to be merged into
the main support patch.
Note that I greatly expanded the usage of struct fsverity_blockbuf and
changed the verified flag handling so that the invalidation function was
no longer necessary.
--D
> - Eric
next prev parent reply other threads:[~2024-03-19 22:07 UTC|newest]
Thread overview: 92+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-17 16:19 [PATCHBOMB v5.3] fs-verity support for XFS Darrick J. Wong
2024-03-17 16:22 ` [PATCHSET " Darrick J. Wong
2024-03-17 16:23 ` [PATCH 01/40] fsverity: remove hash page spin lock Darrick J. Wong
2024-03-17 16:23 ` [PATCH 02/40] xfs: add parent pointer support to attribute code Darrick J. Wong
2024-03-17 16:24 ` [PATCH 03/40] xfs: define parent pointer ondisk extended attribute format Darrick J. Wong
2024-03-17 16:24 ` [PATCH 04/40] xfs: add parent pointer validator functions Darrick J. Wong
2024-03-17 16:24 ` [PATCH 05/40] fs: add FS_XFLAG_VERITY for verity files Darrick J. Wong
2024-03-17 16:24 ` [PATCH 06/40] fsverity: pass tree_blocksize to end_enable_verity() Darrick J. Wong
2024-03-17 16:25 ` [PATCH 07/40] fsverity: support block-based Merkle tree caching Darrick J. Wong
2024-03-17 16:25 ` [PATCH 08/40] fsverity: add per-sb workqueue for post read processing Darrick J. Wong
2024-03-17 16:25 ` [PATCH 09/40] fsverity: add tracepoints Darrick J. Wong
2024-03-17 16:26 ` [PATCH 10/40] fsverity: fix "support block-based Merkle tree caching" Darrick J. Wong
2024-03-17 16:26 ` [PATCH 11/40] fsverity: send the level of the merkle tree block to ->read_merkle_tree_block Darrick J. Wong
2024-03-17 16:26 ` [PATCH 12/40] fsverity: pass the new tree size and block size to ->begin_enable_verity Darrick J. Wong
2024-03-17 16:26 ` [PATCH 13/40] fsverity: expose merkle tree geometry to callers Darrick J. Wong
2024-03-17 16:27 ` [PATCH 14/40] fsverity: rely on cached block callers to retain verified state Darrick J. Wong
2024-03-17 16:27 ` [PATCH 15/40] fsverity: box up the write_merkle_tree_block parameters too Darrick J. Wong
2024-03-17 16:27 ` [PATCH 16/40] fsverity: pass the zero-hash value to the implementation Darrick J. Wong
2024-03-18 16:38 ` Eric Biggers
2024-03-18 21:04 ` Darrick J. Wong
2024-03-17 16:27 ` [PATCH 17/40] fsverity: report validation errors back to the filesystem Darrick J. Wong
2024-03-17 16:28 ` [PATCH 18/40] iomap: integrate fs-verity verification into iomap's read path Darrick J. Wong
2024-03-17 16:28 ` [PATCH 19/40] xfs: add attribute type for fs-verity Darrick J. Wong
2024-03-17 16:28 ` [PATCH 20/40] xfs: add fs-verity ro-compat flag Darrick J. Wong
2024-03-17 16:28 ` [PATCH 21/40] xfs: add inode on-disk VERITY flag Darrick J. Wong
2024-03-17 16:29 ` [PATCH 22/40] xfs: initialize fs-verity on file open and cleanup on inode destruction Darrick J. Wong
2024-03-17 16:29 ` [PATCH 23/40] xfs: don't allow to enable DAX on fs-verity sealed inode Darrick J. Wong
2024-03-17 16:29 ` [PATCH 24/40] xfs: disable direct read path for fs-verity files Darrick J. Wong
2024-03-18 19:48 ` Andrey Albershteyn
2024-03-19 21:17 ` Darrick J. Wong
2024-03-17 16:29 ` [PATCH 25/40] xfs: widen flags argument to the xfs_iflags_* helpers Darrick J. Wong
2024-03-17 16:30 ` [PATCH 26/40] xfs: add fs-verity support Darrick J. Wong
2024-03-18 1:43 ` Christoph Hellwig
2024-03-18 4:34 ` Darrick J. Wong
2024-03-18 4:39 ` Christoph Hellwig
2024-03-18 4:56 ` Darrick J. Wong
2024-03-17 16:30 ` [PATCH 27/40] xfs: create a per-mount shrinker for verity inodes merkle tree blocks Darrick J. Wong
2024-03-17 16:30 ` [PATCH 28/40] xfs: create an icache tag for files with cached " Darrick J. Wong
2024-03-17 16:30 ` [PATCH 29/40] xfs: shrink verity blob cache Darrick J. Wong
2024-03-17 16:31 ` [PATCH 30/40] xfs: clean up stale fsverity metadata before starting Darrick J. Wong
2024-03-18 17:50 ` Andrey Albershteyn
2024-03-17 16:31 ` [PATCH 31/40] xfs: better reporting and error handling in xfs_drop_merkle_tree Darrick J. Wong
2024-03-18 17:51 ` Andrey Albershteyn
2024-03-17 16:31 ` [PATCH 32/40] xfs: make scrub aware of verity dinode flag Darrick J. Wong
2024-03-17 16:32 ` [PATCH 33/40] xfs: add fs-verity ioctls Darrick J. Wong
2024-03-17 16:32 ` [PATCH 34/40] xfs: advertise fs-verity being available on filesystem Darrick J. Wong
2024-03-17 16:32 ` [PATCH 35/40] xfs: teach online repair to evaluate fsverity xattrs Darrick J. Wong
2024-03-18 17:34 ` Andrey Albershteyn
2024-03-19 21:27 ` Darrick J. Wong
2024-03-17 16:32 ` [PATCH 36/40] xfs: don't store trailing zeroes of merkle tree blocks Darrick J. Wong
2024-03-18 17:52 ` Andrey Albershteyn
2024-03-17 16:33 ` [PATCH 37/40] xfs: create separate name hash function for xattrs Darrick J. Wong
2024-03-18 17:53 ` Andrey Albershteyn
2024-03-17 16:33 ` [PATCH 38/40] xfs: use merkle tree offset as attr hash Darrick J. Wong
2024-03-18 17:55 ` Andrey Albershteyn
2024-03-17 16:33 ` [PATCH 39/40] xfs: don't bother storing merkle tree blocks for zeroed data blocks Darrick J. Wong
2024-03-18 17:56 ` Andrey Albershteyn
2024-03-17 16:33 ` [PATCH 40/40] xfs: enable ro-compat fs-verity flag Darrick J. Wong
2024-03-18 16:35 ` [PATCHSET v5.3] fs-verity support for XFS Eric Biggers
2024-03-19 22:07 ` Darrick J. Wong [this message]
2024-03-19 23:21 ` Darrick J. Wong
2024-03-20 10:16 ` Andrey Albershteyn
2024-03-20 15:11 ` Darrick J. Wong
2024-03-17 16:23 ` Darrick J. Wong
2024-03-17 16:34 ` [PATCH 01/20] xfsprogs: add parent pointer support to attribute code Darrick J. Wong
2024-03-17 16:34 ` [PATCH 02/20] xfsprogs: define parent pointer xattr format Darrick J. Wong
2024-03-17 16:34 ` [PATCH 03/20] xfsprogs: Add xfs_verify_pptr Darrick J. Wong
2024-03-17 16:34 ` [PATCH 04/20] fs: add FS_XFLAG_VERITY for verity files Darrick J. Wong
2024-03-17 16:35 ` [PATCH 05/20] xfs: add attribute type for fs-verity Darrick J. Wong
2024-03-17 16:35 ` [PATCH 06/20] xfs: add fs-verity ro-compat flag Darrick J. Wong
2024-03-17 16:35 ` [PATCH 07/20] xfs: add inode on-disk VERITY flag Darrick J. Wong
2024-03-17 16:35 ` [PATCH 08/20] xfs: add fs-verity support Darrick J. Wong
2024-03-17 16:36 ` [PATCH 09/20] xfs: advertise fs-verity being available on filesystem Darrick J. Wong
2024-03-17 16:36 ` [PATCH 10/20] xfs: create separate name hash function for xattrs Darrick J. Wong
2024-03-17 16:36 ` [PATCH 11/20] xfs: use merkle tree offset as attr hash Darrick J. Wong
2024-03-17 16:36 ` [PATCH 12/20] xfs: enable ro-compat fs-verity flag Darrick J. Wong
2024-03-17 16:37 ` [PATCH 13/20] libfrog: add fsverity to xfs_report_geom output Darrick J. Wong
2024-03-17 16:37 ` [PATCH 14/20] xfs_db: introduce attr_modify command Darrick J. Wong
2024-03-17 16:37 ` [PATCH 15/20] xfs_db: make attr_set/remove/modify be able to handle fs-verity attrs Darrick J. Wong
2024-03-17 16:37 ` [PATCH 16/20] man: document attr_modify command Darrick J. Wong
2024-03-17 16:38 ` [PATCH 17/20] xfs_db: dump verity features and metadata Darrick J. Wong
2024-03-17 16:38 ` [PATCH 18/20] xfs_db: dump merkle tree data Darrick J. Wong
2024-03-17 16:38 ` [PATCH 19/20] xfs_repair: junk fsverity xattrs when unnecessary Darrick J. Wong
2024-03-17 16:39 ` [PATCH 20/20] mkfs.xfs: add verity parameter Darrick J. Wong
2024-03-17 16:23 ` [PATCHSET v5.3] fstests: fs-verity support for XFS Darrick J. Wong
2024-03-17 16:39 ` [PATCH 1/3] common/verity: enable fsverity " Darrick J. Wong
2024-03-17 16:39 ` [PATCH 2/3] xfs/{021,122}: adapt to fsverity xattrs Darrick J. Wong
2024-03-19 14:59 ` Andrey Albershteyn
2024-03-19 19:25 ` Darrick J. Wong
2024-03-17 16:39 ` [PATCH 3/3] common/populate: add verity files to populate xfs images Darrick J. Wong
2024-03-18 1:39 ` [PATCHBOMB v5.3] fs-verity support for XFS Christoph Hellwig
2024-03-18 4:30 ` Darrick J. Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240319220743.GF6226@frogsfrogsfrogs \
--to=djwong@kernel.org \
--cc=aalbersh@redhat.com \
--cc=allison.henderson@oracle.com \
--cc=dchinner@redhat.com \
--cc=ebiggers@kernel.org \
--cc=fsverity@lists.linux.dev \
--cc=hch@lst.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=tinguely@sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).