From: Eric Biggers <ebiggers@kernel.org>
To: Jaegeuk Kim <jaegeuk@kernel.org>
Cc: linux-fscrypt@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net
Subject: Re: [f2fs-dev] [PATCH] f2fs: don't keep META_MAPPING pages used for moving verity file blocks
Date: Mon, 9 Dec 2019 14:40:52 -0800 [thread overview]
Message-ID: <20191209224051.GF149190@gmail.com> (raw)
In-Reply-To: <20191209222828.GA798@jaegeuk-macbookpro.roam.corp.google.com>
On Mon, Dec 09, 2019 at 02:28:28PM -0800, Jaegeuk Kim wrote:
> On 12/09, Eric Biggers wrote:
> > From: Eric Biggers <ebiggers@google.com>
> >
> > META_MAPPING is used to move blocks for both encrypted and verity files.
> > So the META_MAPPING invalidation condition in do_checkpoint() should
> > consider verity too, not just encrypt.
> >
> > Signed-off-by: Eric Biggers <ebiggers@google.com>
> > ---
> > fs/f2fs/checkpoint.c | 6 +++---
> > 1 file changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c
> > index ffdaba0c55d29..44e84ac5c9411 100644
> > --- a/fs/f2fs/checkpoint.c
> > +++ b/fs/f2fs/checkpoint.c
> > @@ -1509,10 +1509,10 @@ static int do_checkpoint(struct f2fs_sb_info *sbi, struct cp_control *cpc)
> > f2fs_wait_on_all_pages_writeback(sbi);
> >
> > /*
> > - * invalidate intermediate page cache borrowed from meta inode
> > - * which are used for migration of encrypted inode's blocks.
> > + * invalidate intermediate page cache borrowed from meta inode which are
> > + * used for migration of encrypted or verity inode's blocks.
> > */
> > - if (f2fs_sb_has_encrypt(sbi))
> > + if (f2fs_sb_has_encrypt(sbi) || f2fs_sb_has_verity(sbi))
>
> Do we need f2fs_post_read_required() aligned to the condition of
> move_data_block()?
>
I think you're asking why verity files have to be moved via META_MAPPING? The
reason is that we have to be super careful not to read pages of a verity file
into its own address_space without doing the fs-verity data verification, as
then unverified data would be available to userspace.
In theory, F2FS's garbage collector could do the data verification. But it's
tricky because ->i_verity_info may not have been set up yet. So it might be
easiest to continue to treat verity files like encrypted files.
- Eric
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org>
To: Jaegeuk Kim <jaegeuk@kernel.org>
Cc: linux-f2fs-devel@lists.sourceforge.net, linux-fscrypt@vger.kernel.org
Subject: Re: [PATCH] f2fs: don't keep META_MAPPING pages used for moving verity file blocks
Date: Mon, 9 Dec 2019 14:40:52 -0800 [thread overview]
Message-ID: <20191209224051.GF149190@gmail.com> (raw)
In-Reply-To: <20191209222828.GA798@jaegeuk-macbookpro.roam.corp.google.com>
On Mon, Dec 09, 2019 at 02:28:28PM -0800, Jaegeuk Kim wrote:
> On 12/09, Eric Biggers wrote:
> > From: Eric Biggers <ebiggers@google.com>
> >
> > META_MAPPING is used to move blocks for both encrypted and verity files.
> > So the META_MAPPING invalidation condition in do_checkpoint() should
> > consider verity too, not just encrypt.
> >
> > Signed-off-by: Eric Biggers <ebiggers@google.com>
> > ---
> > fs/f2fs/checkpoint.c | 6 +++---
> > 1 file changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c
> > index ffdaba0c55d29..44e84ac5c9411 100644
> > --- a/fs/f2fs/checkpoint.c
> > +++ b/fs/f2fs/checkpoint.c
> > @@ -1509,10 +1509,10 @@ static int do_checkpoint(struct f2fs_sb_info *sbi, struct cp_control *cpc)
> > f2fs_wait_on_all_pages_writeback(sbi);
> >
> > /*
> > - * invalidate intermediate page cache borrowed from meta inode
> > - * which are used for migration of encrypted inode's blocks.
> > + * invalidate intermediate page cache borrowed from meta inode which are
> > + * used for migration of encrypted or verity inode's blocks.
> > */
> > - if (f2fs_sb_has_encrypt(sbi))
> > + if (f2fs_sb_has_encrypt(sbi) || f2fs_sb_has_verity(sbi))
>
> Do we need f2fs_post_read_required() aligned to the condition of
> move_data_block()?
>
I think you're asking why verity files have to be moved via META_MAPPING? The
reason is that we have to be super careful not to read pages of a verity file
into its own address_space without doing the fs-verity data verification, as
then unverified data would be available to userspace.
In theory, F2FS's garbage collector could do the data verification. But it's
tricky because ->i_verity_info may not have been set up yet. So it might be
easiest to continue to treat verity files like encrypted files.
- Eric
next prev parent reply other threads:[~2019-12-09 22:41 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-09 20:00 [f2fs-dev] [PATCH] f2fs: don't keep META_MAPPING pages used for moving verity file blocks Eric Biggers
2019-12-09 20:00 ` Eric Biggers
2019-12-09 22:28 ` [f2fs-dev] " Jaegeuk Kim
2019-12-09 22:28 ` Jaegeuk Kim
2019-12-09 22:40 ` Eric Biggers [this message]
2019-12-09 22:40 ` Eric Biggers
2019-12-09 22:48 ` [f2fs-dev] " Jaegeuk Kim
2019-12-09 22:48 ` Jaegeuk Kim
2019-12-09 22:53 ` [f2fs-dev] " Eric Biggers
2019-12-09 22:53 ` Eric Biggers
2019-12-09 22:58 ` [f2fs-dev] " Jaegeuk Kim
2019-12-09 22:58 ` Jaegeuk Kim
2019-12-10 2:08 ` [f2fs-dev] " Chao Yu
2019-12-10 2:08 ` Chao Yu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191209224051.GF149190@gmail.com \
--to=ebiggers@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.