| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 4 Apr 2023 16:53:02 +0200
From: Andrey Albershteyn <aalbersh@...hat.com>
To: djwong@...nel.org, dchinner@...hat.com, ebiggers@...nel.org,
hch@...radead.org, linux-xfs@...r.kernel.org,
fsverity@...ts.linux.dev
Cc: rpeterso@...hat.com, agruenba@...hat.com, xiang@...nel.org,
chao@...nel.org, damien.lemoal@...nsource.wdc.com, jth@...nel.org,
linux-erofs@...ts.ozlabs.org, linux-btrfs@...r.kernel.org,
linux-ext4@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net,
cluster-devel@...hat.com, Andrey Albershteyn <aalbersh@...hat.com>
Subject: [PATCH v2 06/23] fsverity: add drop_page() callout
Allow filesystem to make additional processing on verified pages
instead of just dropping a reference. This will be used by XFS for
internal buffer cache manipulation in further patches. The btrfs,
ext4, and f2fs just drop the reference.
Signed-off-by: Andrey Albershteyn <aalbersh@...hat.com>
---
fs/btrfs/verity.c | 12 ++++++++++++
fs/ext4/verity.c | 6 ++++++
fs/f2fs/verity.c | 6 ++++++
fs/verity/read_metadata.c | 4 ++--
fs/verity/verify.c | 6 +++---
include/linux/fsverity.h | 10 ++++++++++
6 files changed, 39 insertions(+), 5 deletions(-)
diff --git a/fs/btrfs/verity.c b/fs/btrfs/verity.c
index c5ff16f9e9fa..4c2c09204bb4 100644
--- a/fs/btrfs/verity.c
+++ b/fs/btrfs/verity.c
@@ -804,10 +804,22 @@ static int btrfs_write_merkle_tree_block(struct inode *inode, const void *buf,
pos, buf, size);
}
+/*
+ * fsverity op that releases the reference obtained by ->read_merkle_tree_page()
+ *
+ * @page: reference to the page which can be released
+ *
+ */
+static void btrfs_drop_page(struct page *page)
+{
+ put_page(page);
+}
+
const struct fsverity_operations btrfs_verityops = {
.begin_enable_verity = btrfs_begin_enable_verity,
.end_enable_verity = btrfs_end_enable_verity,
.get_verity_descriptor = btrfs_get_verity_descriptor,
.read_merkle_tree_page = btrfs_read_merkle_tree_page,
.write_merkle_tree_block = btrfs_write_merkle_tree_block,
+ .drop_page = &btrfs_drop_page,
};
diff --git a/fs/ext4/verity.c b/fs/ext4/verity.c
index e4da1704438e..35a2feb6fd68 100644
--- a/fs/ext4/verity.c
+++ b/fs/ext4/verity.c
@@ -388,10 +388,16 @@ static int ext4_write_merkle_tree_block(struct inode *inode, const void *buf,
return pagecache_write(inode, buf, size, pos);
}
+static void ext4_drop_page(struct page *page)
+{
+ put_page(page);
+}
+
const struct fsverity_operations ext4_verityops = {
.begin_enable_verity = ext4_begin_enable_verity,
.end_enable_verity = ext4_end_enable_verity,
.get_verity_descriptor = ext4_get_verity_descriptor,
.read_merkle_tree_page = ext4_read_merkle_tree_page,
.write_merkle_tree_block = ext4_write_merkle_tree_block,
+ .drop_page = &ext4_drop_page,
};
diff --git a/fs/f2fs/verity.c b/fs/f2fs/verity.c
index 4fc95f353a7a..019c7a6c6bcf 100644
--- a/fs/f2fs/verity.c
+++ b/fs/f2fs/verity.c
@@ -283,10 +283,16 @@ static int f2fs_write_merkle_tree_block(struct inode *inode, const void *buf,
return pagecache_write(inode, buf, size, pos);
}
+static void f2fs_drop_page(struct page *page)
+{
+ put_page(page);
+}
+
const struct fsverity_operations f2fs_verityops = {
.begin_enable_verity = f2fs_begin_enable_verity,
.end_enable_verity = f2fs_end_enable_verity,
.get_verity_descriptor = f2fs_get_verity_descriptor,
.read_merkle_tree_page = f2fs_read_merkle_tree_page,
.write_merkle_tree_block = f2fs_write_merkle_tree_block,
+ .drop_page = &f2fs_drop_page,
};
diff --git a/fs/verity/read_metadata.c b/fs/verity/read_metadata.c
index 2aefc5565152..cab1612bf4a3 100644
--- a/fs/verity/read_metadata.c
+++ b/fs/verity/read_metadata.c
@@ -56,12 +56,12 @@ static int fsverity_read_merkle_tree(struct inode *inode,
virt = kmap_local_page(page);
if (copy_to_user(buf, virt + offs_in_page, bytes_to_copy)) {
kunmap_local(virt);
- put_page(page);
+ inode->i_sb->s_vop->drop_page(page);
err = -EFAULT;
break;
}
kunmap_local(virt);
- put_page(page);
+ inode->i_sb->s_vop->drop_page(page);
retval += bytes_to_copy;
buf += bytes_to_copy;
diff --git a/fs/verity/verify.c b/fs/verity/verify.c
index f50e3b5b52c9..c2fc4c86af34 100644
--- a/fs/verity/verify.c
+++ b/fs/verity/verify.c
@@ -210,7 +210,7 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi,
if (is_hash_block_verified(vi, hpage, hblock_idx)) {
memcpy_from_page(_want_hash, hpage, hoffset, hsize);
want_hash = _want_hash;
- put_page(hpage);
+ inode->i_sb->s_vop->drop_page(hpage);
goto descend;
}
hblocks[level].page = hpage;
@@ -248,7 +248,7 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi,
SetPageChecked(hpage);
memcpy_from_page(_want_hash, hpage, hoffset, hsize);
want_hash = _want_hash;
- put_page(hpage);
+ inode->i_sb->s_vop->drop_page(hpage);
}
/* Finally, verify the data block. */
@@ -259,7 +259,7 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi,
err = cmp_hashes(vi, want_hash, real_hash, data_pos, -1);
out:
for (; level > 0; level--)
- put_page(hblocks[level - 1].page);
+ inode->i_sb->s_vop->drop_page(hblocks[level - 1].page);
return err == 0;
}
diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h
index 6d7a4b3ea626..3e923a8e0d6f 100644
--- a/include/linux/fsverity.h
+++ b/include/linux/fsverity.h
@@ -120,6 +120,16 @@ struct fsverity_operations {
*/
int (*write_merkle_tree_block)(struct inode *inode, const void *buf,
u64 pos, unsigned int size);
+
+ /**
+ * Release the reference to a Merkle tree page
+ *
+ * @page: the page to release
+ *
+ * This is called when fs-verity is done with a page obtained with
+ * ->read_merkle_tree_page().
+ */
+ void (*drop_page)(struct page *page);
};
#ifdef CONFIG_FS_VERITY
--
2.38.4
Powered by blists - more mailing lists