lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 28 May 2020 07:59:56 -0700
        Andreas Dilger <>,
        "Theodore Y. Ts'o" <>, Jan Kara <>,
        Eric Biggers <>
Cc:     Ira Weiny <>, Al Viro <>,
        Dan Williams <>,
        Dave Chinner <>,
        Christoph Hellwig <>, Jeff Moyer <>,
        "Darrick J. Wong" <>,,
Subject: [PATCH V5 2/9] fs/ext4: Disallow verity if inode is DAX

From: Ira Weiny <>

Verity and DAX are incompatible.  Changing the DAX mode due to a verity
flag change is wrong without a corresponding address_space_operations

Make the 2 options mutually exclusive by returning an error if DAX was
set first.

(Setting DAX is already disabled if Verity is set first.)

Reviewed-by: Jan Kara <>
Signed-off-by: Ira Weiny <>

Changes from V2:
	Remove Section title 'Verity and DAX'

	remove WARN_ON_ONCE
	Add documentation for DAX/Verity exclusivity
 Documentation/filesystems/ext4/verity.rst | 3 +++
 fs/ext4/verity.c                          | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/Documentation/filesystems/ext4/verity.rst b/Documentation/filesystems/ext4/verity.rst
index 3e4c0ee0e068..e99ff3fd09f7 100644
--- a/Documentation/filesystems/ext4/verity.rst
+++ b/Documentation/filesystems/ext4/verity.rst
@@ -39,3 +39,6 @@ is encrypted as well as the data itself.
 Verity files cannot have blocks allocated past the end of the verity
+Verity and DAX are not compatible and attempts to set both of these flags
+on a file will fail.
diff --git a/fs/ext4/verity.c b/fs/ext4/verity.c
index dc5ec724d889..f05a09fb2ae4 100644
--- a/fs/ext4/verity.c
+++ b/fs/ext4/verity.c
@@ -113,6 +113,9 @@ static int ext4_begin_enable_verity(struct file *filp)
 	handle_t *handle;
 	int err;
+	if (IS_DAX(inode))
+		return -EINVAL;
 	if (ext4_verity_in_progress(inode))
 		return -EBUSY;

Powered by blists - more mailing lists