From: Theodore Ts'o <tytso@mit.edu>
To: Dave Chinner <david@fromorbit.com>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
Andreas Dilger <adilger@dilger.ca>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
lsf-pc@lists.linux-foundation.org
Subject: Re: [Lsf-pc] [LSF/MM TOPIC] fs-verity: file system-level integrity protection
Date: Thu, 1 Feb 2018 21:40:03 -0500 [thread overview]
Message-ID: <20180202024003.GA21242@thunk.org> (raw)
In-Reply-To: <20180201230415.7cyxhwq234vd3in4@destitution>
On Fri, Feb 02, 2018 at 10:04:15AM +1100, Dave Chinner wrote:
> I think putting valid data beyond EOF is going to be problematic for
> many filesystems. Getting things like truncate right are hard enough
> without having to special case a bunch of new functionality that
> specifically allows IO access beyond EOF. Indeed, how does "truncate
> isize but leave special data behind" work and what's the userspace
> API to drive it? And how does it interact with all the page cache
> code that checks for page->index beyond EOF to detect a truncated
> page that should not be accessed?
This isn't an issue because once fs-verity protection is enabled, the
file becomes immutable. That is, you can delete the file, but you
can't modify it afterwards --- so you don't have to truncate it.
We don't actually want userspace to be able to access pages beyond
i_size via read(2) or mmap(2), so I don't believe this to be a
problem. It's only kernel code that needs to access the pages via
find_get_page.
Regards,
- Ted
next prev parent reply other threads:[~2018-02-02 2:40 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-25 19:11 [LSF/MM TOPIC] fs-verity: file system-level integrity protection Theodore Ts'o
2018-01-25 21:49 ` Chuck Lever
2018-01-25 23:39 ` Theodore Ts'o
2018-01-26 0:47 ` James Bottomley
2018-01-26 2:30 ` Theodore Ts'o
2018-01-26 4:50 ` James Bottomley
2018-01-26 14:58 ` Theodore Ts'o
2018-01-26 16:44 ` [Lsf-pc] " James Bottomley
2018-01-26 21:55 ` Theodore Ts'o
2018-01-27 7:58 ` Andreas Dilger
2018-01-27 16:19 ` James Bottomley
2018-01-27 17:08 ` James Bottomley
2018-01-27 17:08 ` James Bottomley
2018-01-28 2:46 ` Theodore Ts'o
2018-01-28 17:19 ` James Bottomley
2018-01-28 18:03 ` James Bottomley
2018-01-28 18:19 ` Chuck Lever
2018-01-29 6:39 ` James Bottomley
2018-01-29 15:22 ` Chuck Lever
2018-01-30 6:47 ` James Bottomley
2018-01-28 21:49 ` Theodore Ts'o
2018-01-28 22:49 ` Theodore Ts'o
2018-01-28 23:04 ` Mimi Zohar
2018-01-29 0:38 ` Theodore Ts'o
2018-01-29 1:53 ` Mimi Zohar
2018-01-29 2:38 ` Theodore Ts'o
2018-01-29 3:39 ` Mimi Zohar
2018-01-29 4:40 ` Theodore Ts'o
2018-01-29 4:50 ` Theodore Ts'o
2018-01-29 12:09 ` Mimi Zohar
2018-01-29 13:58 ` Mimi Zohar
2018-01-29 23:02 ` Theodore Ts'o
2018-01-30 23:25 ` Mimi Zohar
2018-01-31 16:05 ` Theodore Ts'o
2018-01-31 17:12 ` James Bottomley
2018-01-31 18:46 ` Theodore Ts'o
2018-01-31 20:41 ` James Bottomley
2018-02-01 0:03 ` Theodore Ts'o
2018-02-01 23:04 ` Dave Chinner
2018-02-01 23:43 ` Andreas Dilger
2018-02-02 0:13 ` Dave Chinner
2018-02-02 5:34 ` James Bottomley
2018-02-02 2:40 ` Theodore Ts'o [this message]
2018-02-02 9:05 ` Dave Chinner
2018-01-31 20:40 ` Mimi Zohar
2018-01-31 22:00 ` Theodore Ts'o
2018-02-01 15:17 ` Mimi Zohar
2018-01-29 0:21 ` James Bottomley
2018-01-29 1:03 ` Theodore Ts'o
2018-01-29 21:21 ` Andreas Dilger
2018-01-26 18:13 ` Mimi Zohar
2018-01-26 18:13 ` Mimi Zohar
2018-01-29 18:54 ` Michael Halcrow
2018-01-26 7:58 ` Colin Walters
2018-01-26 15:29 ` Theodore Ts'o
2018-01-26 16:40 ` Colin Walters
2018-01-26 16:49 ` [Lsf-pc] " James Bottomley
2018-01-26 17:05 ` Colin Walters
2018-01-26 17:54 ` Mimi Zohar
2018-01-26 17:54 ` Mimi Zohar
2018-02-02 0:02 ` Steve French
2018-02-07 13:04 ` David Gstir
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180202024003.GA21242@thunk.org \
--to=tytso@mit.edu \
--cc=James.Bottomley@HansenPartnership.com \
--cc=adilger@dilger.ca \
--cc=david@fromorbit.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=lsf-pc@lists.linux-foundation.org \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.