lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20260128221443.GA2024@quark>
Date: Wed, 28 Jan 2026 14:14:43 -0800
From: Eric Biggers <ebiggers@...nel.org>
To: Matthew Wilcox <willy@...radead.org>
Cc: Christoph Hellwig <hch@....de>, Al Viro <viro@...iv.linux.org.uk>,
	Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>,
	David Sterba <dsterba@...e.com>, Theodore Ts'o <tytso@....edu>,
	Jaegeuk Kim <jaegeuk@...nel.org>, Chao Yu <chao@...nel.org>,
	Andrey Albershteyn <aalbersh@...hat.com>,
	linux-fsdevel@...r.kernel.org, linux-btrfs@...r.kernel.org,
	linux-ext4@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net,
	fsverity@...ts.linux.dev
Subject: Re: [PATCH 11/11] fsverity: use a hashtable to find the fsverity_info

On Wed, Jan 28, 2026 at 09:38:53PM +0000, Matthew Wilcox wrote:
> On Mon, Jan 26, 2026 at 12:12:06PM -0800, Eric Biggers wrote:
> > When CONFIG_FS_VERITY=n, there can still be inodes that have fsverity
> > enabled, since they might have already been present on the filesystem.
> > The S_VERITY flag and the corresponding IS_VERITY() macro are being used
> > to identify such inodes and handle them appropriately.  
> > 
> > Consider fsverity_file_open() for example:
> > 
> > static inline int fsverity_file_open(struct inode *inode, struct file *filp)
> > {
> > 	if (IS_VERITY(inode))
> > 		return __fsverity_file_open(inode, filp);
> > 	return 0;
> > }
> > 
> > When CONFIG_FS_VERITY=n, __fsverity_file_open() resolves to the stub:
> > 
> > static inline int __fsverity_file_open(struct inode *inode, struct file *filp)
> > {
> > 	return -EOPNOTSUPP;
> > }
> > 
> > So the result is that on a kernel that doesn't have fsverity support
> > enabled, trying to open an fsverity file fails with EOPNOTSUPP.
> 
> ... why?  If the user has built a kernel without VERITY support enabled,
> they're no longer allowed to open files with verity metadata?  I can't
> see the harm in allowing them to read these files, they're just not
> protected against these files being corrupted.

Reading could be allowed, in principle.  But open and truncate would
still need to deny writes, and the code to do that uses IS_VERITY().  So
it still wouldn't allow S_VERITY to be defined to 0, unless these checks
were updated to use the filesystem-specific flags as I mentioned.

- Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ