[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 7 Jul 2019 14:51:17 -0400
From: "Theodore Ts'o" <tytso@....edu>
To: Eric Biggers <ebiggers@...nel.org>
Cc: linux-fscrypt@...r.kernel.org, linux-ext4@...r.kernel.org,
linux-f2fs-devel@...ts.sourceforge.net,
linux-fsdevel@...r.kernel.org, linux-api@...r.kernel.org,
linux-integrity@...r.kernel.org, Jaegeuk Kim <jaegeuk@...nel.org>,
Victor Hsieh <victorhsieh@...gle.com>,
Chandan Rajendra <chandan@...ux.vnet.ibm.com>,
Dave Chinner <david@...morbit.com>,
Christoph Hellwig <hch@....de>,
"Darrick J . Wong" <darrick.wong@...cle.com>,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH v6 14/17] ext4: add basic fs-verity support
On Mon, Jul 01, 2019 at 08:32:34AM -0700, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@...gle.com>
>
> Add most of fs-verity support to ext4. fs-verity is a filesystem
> feature that enables transparent integrity protection and authentication
> of read-only files. It uses a dm-verity like mechanism at the file
> level: a Merkle tree is used to verify any block in the file in
> log(filesize) time. It is implemented mainly by helper functions in
> fs/verity/. See Documentation/filesystems/fsverity.rst for the full
> documentation.
>
> This commit adds all of ext4 fs-verity support except for the actual
> data verification, including:
>
> - Adding a filesystem feature flag and an inode flag for fs-verity.
>
> - Implementing the fsverity_operations to support enabling verity on an
> inode and reading/writing the verity metadata.
>
> - Updating ->write_begin(), ->write_end(), and ->writepages() to support
> writing verity metadata pages.
>
> - Calling the fs-verity hooks for ->open(), ->setattr(), and ->ioctl().
>
> ext4 stores the verity metadata (Merkle tree and fsverity_descriptor)
> past the end of the file, starting at the first 64K boundary beyond
> i_size. This approach works because (a) verity files are readonly, and
> (b) pages fully beyond i_size aren't visible to userspace but can be
> read/written internally by ext4 with only some relatively small changes
> to ext4. This approach avoids having to depend on the EA_INODE feature
> and on rearchitecturing ext4's xattr support to support paging
> multi-gigabyte xattrs into memory, and to support encrypting xattrs.
> Note that the verity metadata *must* be encrypted when the file is,
> since it contains hashes of the plaintext data.
>
> This patch incorporates work by Theodore Ts'o and Chandan Rajendra.
>
> Signed-off-by: Eric Biggers <ebiggers@...gle.com>
Looks good. You can add:
Reviewed-by: Theodore Ts'o <tytso@....edu>
Thanks,
- Ted
Powered by blists - more mailing lists