From: Eric Biggers <ebiggers@kernel.org>
To: Theodore Ts'o <tytso@mit.edu>
Cc: "Darrick J . Wong" <darrick.wong@oracle.com>,
linux-api@vger.kernel.org, Dave Chinner <david@fromorbit.com>,
linux-f2fs-devel@lists.sourceforge.net,
linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org,
Jaegeuk Kim <jaegeuk@kernel.org>,
linux-integrity@vger.kernel.org, linux-ext4@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
Christoph Hellwig <hch@lst.de>,
Victor Hsieh <victorhsieh@google.com>
Subject: Re: [PATCH v4 05/16] fs-verity: add Kconfig and the helper functions for hashing
Date: Tue, 18 Jun 2019 09:32:56 -0700 [thread overview]
Message-ID: <20190618163255.GB184520@gmail.com> (raw)
In-Reply-To: <20190615125731.GF6142@mit.edu>
On Sat, Jun 15, 2019 at 08:57:31AM -0400, Theodore Ts'o wrote:
> On Thu, Jun 06, 2019 at 08:51:54AM -0700, Eric Biggers wrote:
> > From: Eric Biggers <ebiggers@google.com>
> >
> > Add the beginnings of the fs/verity/ support layer, including the
> > Kconfig option and various helper functions for hashing. To start, only
> > SHA-256 is supported, but other hash algorithms can easily be added.
> >
> > Signed-off-by: Eric Biggers <ebiggers@google.com>
>
> Looks good; you can add:
>
> Reviewed-off-by: Theodore Ts'o <tytso@mit.edu>
>
> One thought for consideration below...
>
>
> > +
> > +/*
> > + * Maximum depth of the Merkle tree. Up to 64 levels are theoretically possible
> > + * with a very small block size, but we'd like to limit stack usage during
> > + * verification, and in practice this is plenty. E.g., with SHA-256 and 4K
> > + * blocks, a file with size UINT64_MAX bytes needs just 8 levels.
> > + */
> > +#define FS_VERITY_MAX_LEVELS 16
>
> Maybe we should make FS_VERITY_MAX_LEVELS 8 for now? This is an
> implementation-level restriction, and currently we don't support any
> architectures that have a page size < 4k. We can always bump this
> number up in the future if it ever becomes necessary, and limiting max
> levels to 8 saves almost 100 bytes of stack space in verify_page().
>
> - Ted
Yes, I agree. I'll reduce MAX_LEVELS to 8 for now and tweak the comment.
- Eric
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org>
To: Theodore Ts'o <tytso@mit.edu>
Cc: linux-fscrypt@vger.kernel.org, linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-fsdevel@vger.kernel.org, linux-api@vger.kernel.org,
linux-integrity@vger.kernel.org, Jaegeuk Kim <jaegeuk@kernel.org>,
Victor Hsieh <victorhsieh@google.com>,
Dave Chinner <david@fromorbit.com>,
Christoph Hellwig <hch@lst.de>,
"Darrick J . Wong" <darrick.wong@oracle.com>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH v4 05/16] fs-verity: add Kconfig and the helper functions for hashing
Date: Tue, 18 Jun 2019 09:32:56 -0700 [thread overview]
Message-ID: <20190618163255.GB184520@gmail.com> (raw)
In-Reply-To: <20190615125731.GF6142@mit.edu>
On Sat, Jun 15, 2019 at 08:57:31AM -0400, Theodore Ts'o wrote:
> On Thu, Jun 06, 2019 at 08:51:54AM -0700, Eric Biggers wrote:
> > From: Eric Biggers <ebiggers@google.com>
> >
> > Add the beginnings of the fs/verity/ support layer, including the
> > Kconfig option and various helper functions for hashing. To start, only
> > SHA-256 is supported, but other hash algorithms can easily be added.
> >
> > Signed-off-by: Eric Biggers <ebiggers@google.com>
>
> Looks good; you can add:
>
> Reviewed-off-by: Theodore Ts'o <tytso@mit.edu>
>
> One thought for consideration below...
>
>
> > +
> > +/*
> > + * Maximum depth of the Merkle tree. Up to 64 levels are theoretically possible
> > + * with a very small block size, but we'd like to limit stack usage during
> > + * verification, and in practice this is plenty. E.g., with SHA-256 and 4K
> > + * blocks, a file with size UINT64_MAX bytes needs just 8 levels.
> > + */
> > +#define FS_VERITY_MAX_LEVELS 16
>
> Maybe we should make FS_VERITY_MAX_LEVELS 8 for now? This is an
> implementation-level restriction, and currently we don't support any
> architectures that have a page size < 4k. We can always bump this
> number up in the future if it ever becomes necessary, and limiting max
> levels to 8 saves almost 100 bytes of stack space in verify_page().
>
> - Ted
Yes, I agree. I'll reduce MAX_LEVELS to 8 for now and tweak the comment.
- Eric
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org>
To: Theodore Ts'o <tytso@mit.edu>
Cc: "Darrick J . Wong" <darrick.wong@oracle.com>,
linux-api@vger.kernel.org, Dave Chinner <david@fromorbit.com>,
linux-f2fs-devel@lists.sourceforge.net,
linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org,
Jaegeuk Kim <jaegeuk@kernel.org>,
linux-integrity@vger.kernel.org, linux-ext4@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
Christoph Hellwig <hch@lst.de>,
Victor Hsieh <victorhsieh@google.com>
Subject: Re: [f2fs-dev] [PATCH v4 05/16] fs-verity: add Kconfig and the helper functions for hashing
Date: Tue, 18 Jun 2019 09:32:56 -0700 [thread overview]
Message-ID: <20190618163255.GB184520@gmail.com> (raw)
In-Reply-To: <20190615125731.GF6142@mit.edu>
On Sat, Jun 15, 2019 at 08:57:31AM -0400, Theodore Ts'o wrote:
> On Thu, Jun 06, 2019 at 08:51:54AM -0700, Eric Biggers wrote:
> > From: Eric Biggers <ebiggers@google.com>
> >
> > Add the beginnings of the fs/verity/ support layer, including the
> > Kconfig option and various helper functions for hashing. To start, only
> > SHA-256 is supported, but other hash algorithms can easily be added.
> >
> > Signed-off-by: Eric Biggers <ebiggers@google.com>
>
> Looks good; you can add:
>
> Reviewed-off-by: Theodore Ts'o <tytso@mit.edu>
>
> One thought for consideration below...
>
>
> > +
> > +/*
> > + * Maximum depth of the Merkle tree. Up to 64 levels are theoretically possible
> > + * with a very small block size, but we'd like to limit stack usage during
> > + * verification, and in practice this is plenty. E.g., with SHA-256 and 4K
> > + * blocks, a file with size UINT64_MAX bytes needs just 8 levels.
> > + */
> > +#define FS_VERITY_MAX_LEVELS 16
>
> Maybe we should make FS_VERITY_MAX_LEVELS 8 for now? This is an
> implementation-level restriction, and currently we don't support any
> architectures that have a page size < 4k. We can always bump this
> number up in the future if it ever becomes necessary, and limiting max
> levels to 8 saves almost 100 bytes of stack space in verify_page().
>
> - Ted
Yes, I agree. I'll reduce MAX_LEVELS to 8 for now and tweak the comment.
- Eric
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next prev parent reply other threads:[~2019-06-18 16:32 UTC|newest]
Thread overview: 126+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-06 15:51 [PATCH v4 00/16] fs-verity: read-only file-based authenticity protection Eric Biggers
2019-06-06 15:51 ` [f2fs-dev] " Eric Biggers
2019-06-06 15:51 ` Eric Biggers
2019-06-06 15:51 ` [PATCH v4 01/16] fs-verity: add a documentation file Eric Biggers
2019-06-06 15:51 ` [f2fs-dev] " Eric Biggers
2019-06-06 15:51 ` Eric Biggers
2019-06-15 12:39 ` Theodore Ts'o
2019-06-15 12:39 ` [f2fs-dev] " Theodore Ts'o
2019-06-15 12:39 ` Theodore Ts'o
2019-06-18 16:31 ` Eric Biggers
2019-06-18 16:31 ` [f2fs-dev] " Eric Biggers
2019-06-18 16:31 ` Eric Biggers
2019-06-06 15:51 ` [PATCH v4 02/16] fs-verity: add MAINTAINERS file entry Eric Biggers
2019-06-06 15:51 ` [f2fs-dev] " Eric Biggers
2019-06-06 15:51 ` Eric Biggers
2019-06-15 12:39 ` Theodore Ts'o
2019-06-15 12:39 ` [f2fs-dev] " Theodore Ts'o
2019-06-15 12:39 ` Theodore Ts'o
2019-06-06 15:51 ` [PATCH v4 03/16] fs-verity: add UAPI header Eric Biggers
2019-06-06 15:51 ` [f2fs-dev] " Eric Biggers
2019-06-06 15:51 ` Eric Biggers
2019-06-06 15:51 ` [PATCH v4 04/16] fs: uapi: define verity bit for FS_IOC_GETFLAGS Eric Biggers
2019-06-06 15:51 ` [f2fs-dev] " Eric Biggers
2019-06-06 15:51 ` Eric Biggers
2019-06-15 12:40 ` Theodore Ts'o
2019-06-15 12:40 ` [f2fs-dev] " Theodore Ts'o
2019-06-15 12:40 ` Theodore Ts'o
2019-06-06 15:51 ` [PATCH v4 05/16] fs-verity: add Kconfig and the helper functions for hashing Eric Biggers
2019-06-06 15:51 ` [f2fs-dev] " Eric Biggers
2019-06-06 15:51 ` Eric Biggers
2019-06-15 12:57 ` Theodore Ts'o
2019-06-15 12:57 ` [f2fs-dev] " Theodore Ts'o
2019-06-15 12:57 ` Theodore Ts'o
2019-06-18 16:32 ` Eric Biggers [this message]
2019-06-18 16:32 ` [f2fs-dev] " Eric Biggers
2019-06-18 16:32 ` Eric Biggers
2019-06-06 15:51 ` [PATCH v4 06/16] fs-verity: add inode and superblock fields Eric Biggers
2019-06-06 15:51 ` [f2fs-dev] " Eric Biggers
2019-06-06 15:51 ` Eric Biggers
2019-06-15 12:57 ` Theodore Ts'o
2019-06-15 12:57 ` [f2fs-dev] " Theodore Ts'o
2019-06-15 12:57 ` Theodore Ts'o
2019-06-06 15:51 ` [PATCH v4 07/16] fs-verity: add the hook for file ->open() Eric Biggers
2019-06-06 15:51 ` [f2fs-dev] " Eric Biggers
2019-06-06 15:51 ` Eric Biggers
2019-06-15 14:42 ` Theodore Ts'o
2019-06-15 14:42 ` [f2fs-dev] " Theodore Ts'o
2019-06-15 14:42 ` Theodore Ts'o
2019-06-18 16:35 ` Eric Biggers
2019-06-18 16:35 ` [f2fs-dev] " Eric Biggers
2019-06-18 16:35 ` Eric Biggers
2019-06-06 15:51 ` [PATCH v4 08/16] fs-verity: add the hook for file ->setattr() Eric Biggers
2019-06-06 15:51 ` [f2fs-dev] " Eric Biggers
2019-06-06 15:51 ` Eric Biggers
2019-06-15 14:43 ` Theodore Ts'o
2019-06-15 14:43 ` [f2fs-dev] " Theodore Ts'o
2019-06-15 14:43 ` Theodore Ts'o
2019-06-06 15:51 ` [PATCH v4 09/16] fs-verity: add data verification hooks for ->readpages() Eric Biggers
2019-06-06 15:51 ` [f2fs-dev] " Eric Biggers
2019-06-06 15:51 ` Eric Biggers
2019-06-15 14:48 ` Theodore Ts'o
2019-06-15 14:48 ` [f2fs-dev] " Theodore Ts'o
2019-06-15 14:48 ` Theodore Ts'o
2019-06-06 15:51 ` [PATCH v4 10/16] fs-verity: implement FS_IOC_ENABLE_VERITY ioctl Eric Biggers
2019-06-06 15:51 ` [f2fs-dev] " Eric Biggers
2019-06-06 15:51 ` Eric Biggers
2019-06-15 15:08 ` Theodore Ts'o
2019-06-15 15:08 ` [f2fs-dev] " Theodore Ts'o
2019-06-15 15:08 ` Theodore Ts'o
2019-06-18 16:50 ` Eric Biggers
2019-06-18 16:50 ` [f2fs-dev] " Eric Biggers
2019-06-18 16:50 ` Eric Biggers
2019-06-06 15:52 ` [PATCH v4 11/16] fs-verity: implement FS_IOC_MEASURE_VERITY ioctl Eric Biggers
2019-06-06 15:52 ` [f2fs-dev] " Eric Biggers
2019-06-06 15:52 ` Eric Biggers
2019-06-15 15:10 ` Theodore Ts'o
2019-06-15 15:10 ` [f2fs-dev] " Theodore Ts'o
2019-06-15 15:10 ` Theodore Ts'o
2019-06-06 15:52 ` [PATCH v4 12/16] fs-verity: add SHA-512 support Eric Biggers
2019-06-06 15:52 ` [f2fs-dev] " Eric Biggers
2019-06-06 15:52 ` Eric Biggers
2019-06-15 15:11 ` Theodore Ts'o
2019-06-15 15:11 ` [f2fs-dev] " Theodore Ts'o
2019-06-15 15:11 ` Theodore Ts'o
2019-06-06 15:52 ` [PATCH v4 13/16] fs-verity: support builtin file signatures Eric Biggers
2019-06-06 15:52 ` [f2fs-dev] " Eric Biggers
2019-06-06 15:52 ` Eric Biggers
2019-06-15 15:21 ` Theodore Ts'o
2019-06-15 15:21 ` [f2fs-dev] " Theodore Ts'o
2019-06-15 15:21 ` Theodore Ts'o
2019-06-18 16:58 ` Eric Biggers
2019-06-18 16:58 ` [f2fs-dev] " Eric Biggers
2019-06-18 16:58 ` Eric Biggers
2019-06-06 15:52 ` [PATCH v4 14/16] ext4: add basic fs-verity support Eric Biggers
2019-06-06 15:52 ` [f2fs-dev] " Eric Biggers
2019-06-06 15:52 ` Eric Biggers
2019-06-15 15:31 ` Theodore Ts'o
2019-06-15 15:31 ` [f2fs-dev] " Theodore Ts'o
2019-06-15 15:31 ` Theodore Ts'o
2019-06-18 17:51 ` Eric Biggers
2019-06-18 17:51 ` [f2fs-dev] " Eric Biggers
2019-06-18 17:51 ` Eric Biggers
2019-06-18 22:46 ` Theodore Ts'o
2019-06-18 22:46 ` [f2fs-dev] " Theodore Ts'o
2019-06-18 22:46 ` Theodore Ts'o
2019-06-18 23:41 ` Eric Biggers
2019-06-18 23:41 ` [f2fs-dev] " Eric Biggers
2019-06-18 23:41 ` Eric Biggers
2019-06-19 3:05 ` Theodore Ts'o
2019-06-19 3:05 ` [f2fs-dev] " Theodore Ts'o
2019-06-19 3:05 ` Theodore Ts'o
2019-06-19 19:13 ` Eric Biggers
2019-06-19 19:13 ` [f2fs-dev] " Eric Biggers
2019-06-19 19:13 ` Eric Biggers
2019-06-06 15:52 ` [PATCH v4 15/16] ext4: add fs-verity read support Eric Biggers
2019-06-06 15:52 ` [f2fs-dev] " Eric Biggers
2019-06-06 15:52 ` Eric Biggers
2019-06-06 15:52 ` [PATCH v4 16/16] f2fs: add fs-verity support Eric Biggers
2019-06-06 15:52 ` [f2fs-dev] " Eric Biggers
2019-06-06 15:52 ` Eric Biggers
2019-06-06 17:21 ` [PATCH v4 00/16] fs-verity: read-only file-based authenticity protection Linus Torvalds
2019-06-06 17:21 ` [f2fs-dev] " Linus Torvalds
2019-06-06 17:21 ` Linus Torvalds
2019-06-06 19:43 ` Eric Biggers
2019-06-06 19:43 ` [f2fs-dev] " Eric Biggers
2019-06-06 19:43 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190618163255.GB184520@gmail.com \
--to=ebiggers@kernel.org \
--cc=darrick.wong@oracle.com \
--cc=david@fromorbit.com \
--cc=hch@lst.de \
--cc=jaegeuk@kernel.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=victorhsieh@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.