From: Eric Biggers <ebiggers@kernel.org>
To: Matthew Wilcox <willy@infradead.org>
Cc: Christoph Hellwig <hch@lst.de>, Al Viro <viro@zeniv.linux.org.uk>,
Christian Brauner <brauner@kernel.org>, Jan Kara <jack@suse.cz>,
David Sterba <dsterba@suse.com>, Theodore Ts'o <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>, Chao Yu <chao@kernel.org>,
Andrey Albershteyn <aalbersh@redhat.com>,
linux-fsdevel@vger.kernel.org, linux-btrfs@vger.kernel.org,
linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net, fsverity@lists.linux.dev
Subject: Re: [PATCH 11/11] fsverity: use a hashtable to find the fsverity_info
Date: Wed, 28 Jan 2026 14:14:43 -0800 [thread overview]
Message-ID: <20260128221443.GA2024@quark> (raw)
In-Reply-To: <aXqB7Wlfx62bAjqF@casper.infradead.org>
On Wed, Jan 28, 2026 at 09:38:53PM +0000, Matthew Wilcox wrote:
> On Mon, Jan 26, 2026 at 12:12:06PM -0800, Eric Biggers wrote:
> > When CONFIG_FS_VERITY=n, there can still be inodes that have fsverity
> > enabled, since they might have already been present on the filesystem.
> > The S_VERITY flag and the corresponding IS_VERITY() macro are being used
> > to identify such inodes and handle them appropriately.
> >
> > Consider fsverity_file_open() for example:
> >
> > static inline int fsverity_file_open(struct inode *inode, struct file *filp)
> > {
> > if (IS_VERITY(inode))
> > return __fsverity_file_open(inode, filp);
> > return 0;
> > }
> >
> > When CONFIG_FS_VERITY=n, __fsverity_file_open() resolves to the stub:
> >
> > static inline int __fsverity_file_open(struct inode *inode, struct file *filp)
> > {
> > return -EOPNOTSUPP;
> > }
> >
> > So the result is that on a kernel that doesn't have fsverity support
> > enabled, trying to open an fsverity file fails with EOPNOTSUPP.
>
> ... why? If the user has built a kernel without VERITY support enabled,
> they're no longer allowed to open files with verity metadata? I can't
> see the harm in allowing them to read these files, they're just not
> protected against these files being corrupted.
Reading could be allowed, in principle. But open and truncate would
still need to deny writes, and the code to do that uses IS_VERITY(). So
it still wouldn't allow S_VERITY to be defined to 0, unless these checks
were updated to use the filesystem-specific flags as I mentioned.
- Eric
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers via Linux-f2fs-devel <linux-f2fs-devel@lists.sourceforge.net>
To: Matthew Wilcox <willy@infradead.org>
Cc: fsverity@lists.linux.dev, Christian Brauner <brauner@kernel.org>,
Theodore Ts'o <tytso@mit.edu>,
Andrey Albershteyn <aalbersh@redhat.com>,
linux-f2fs-devel@lists.sourceforge.net,
linux-fsdevel@vger.kernel.org, Al Viro <viro@zeniv.linux.org.uk>,
Jaegeuk Kim <jaegeuk@kernel.org>, David Sterba <dsterba@suse.com>,
Jan Kara <jack@suse.cz>,
linux-ext4@vger.kernel.org, Christoph Hellwig <hch@lst.de>,
linux-btrfs@vger.kernel.org
Subject: Re: [f2fs-dev] [PATCH 11/11] fsverity: use a hashtable to find the fsverity_info
Date: Wed, 28 Jan 2026 14:14:43 -0800 [thread overview]
Message-ID: <20260128221443.GA2024@quark> (raw)
In-Reply-To: <aXqB7Wlfx62bAjqF@casper.infradead.org>
On Wed, Jan 28, 2026 at 09:38:53PM +0000, Matthew Wilcox wrote:
> On Mon, Jan 26, 2026 at 12:12:06PM -0800, Eric Biggers wrote:
> > When CONFIG_FS_VERITY=n, there can still be inodes that have fsverity
> > enabled, since they might have already been present on the filesystem.
> > The S_VERITY flag and the corresponding IS_VERITY() macro are being used
> > to identify such inodes and handle them appropriately.
> >
> > Consider fsverity_file_open() for example:
> >
> > static inline int fsverity_file_open(struct inode *inode, struct file *filp)
> > {
> > if (IS_VERITY(inode))
> > return __fsverity_file_open(inode, filp);
> > return 0;
> > }
> >
> > When CONFIG_FS_VERITY=n, __fsverity_file_open() resolves to the stub:
> >
> > static inline int __fsverity_file_open(struct inode *inode, struct file *filp)
> > {
> > return -EOPNOTSUPP;
> > }
> >
> > So the result is that on a kernel that doesn't have fsverity support
> > enabled, trying to open an fsverity file fails with EOPNOTSUPP.
>
> ... why? If the user has built a kernel without VERITY support enabled,
> they're no longer allowed to open files with verity metadata? I can't
> see the harm in allowing them to read these files, they're just not
> protected against these files being corrupted.
Reading could be allowed, in principle. But open and truncate would
still need to deny writes, and the code to do that uses IS_VERITY(). So
it still wouldn't allow S_VERITY to be defined to 0, unless these checks
were updated to use the filesystem-specific flags as I mentioned.
- Eric
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next prev parent reply other threads:[~2026-01-28 22:14 UTC|newest]
Thread overview: 105+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-22 8:21 fsverity cleanups, speedup and memory usage optimization v2 Christoph Hellwig
2026-01-22 8:21 ` [f2fs-dev] " Christoph Hellwig
2026-01-22 8:21 ` [PATCH 01/11] fs,fsverity: reject size changes on fsverity files in setattr_prepare Christoph Hellwig
2026-01-22 8:21 ` [f2fs-dev] [PATCH 01/11] fs, fsverity: " Christoph Hellwig
2026-01-22 9:12 ` [PATCH 01/11] fs,fsverity: " Jan Kara
2026-01-22 9:12 ` [f2fs-dev] [PATCH 01/11] fs, fsverity: " Jan Kara
2026-01-22 21:21 ` [PATCH 01/11] fs,fsverity: " Darrick J. Wong
2026-01-22 21:21 ` [f2fs-dev] [PATCH 01/11] fs, fsverity: " Darrick J. Wong via Linux-f2fs-devel
2026-01-22 8:21 ` [PATCH 02/11] fs,fsverity: clear out fsverity_info from common code Christoph Hellwig
2026-01-22 8:21 ` [f2fs-dev] [PATCH 02/11] fs, fsverity: " Christoph Hellwig
2026-01-22 9:15 ` [PATCH 02/11] fs,fsverity: " Jan Kara
2026-01-22 9:15 ` [f2fs-dev] [PATCH 02/11] fs, fsverity: " Jan Kara
2026-01-22 21:22 ` [PATCH 02/11] fs,fsverity: " Darrick J. Wong
2026-01-22 21:22 ` [f2fs-dev] [PATCH 02/11] fs, fsverity: " Darrick J. Wong via Linux-f2fs-devel
2026-01-22 8:21 ` [PATCH 03/11] fsverity: pass struct file to ->write_merkle_tree_block Christoph Hellwig
2026-01-22 8:21 ` [f2fs-dev] " Christoph Hellwig
2026-01-22 10:04 ` Andrey Albershteyn
2026-01-22 10:04 ` [f2fs-dev] " Andrey Albershteyn via Linux-f2fs-devel
2026-01-22 21:23 ` Darrick J. Wong
2026-01-22 21:23 ` [f2fs-dev] " Darrick J. Wong via Linux-f2fs-devel
2026-01-22 8:22 ` [PATCH 04/11] fsverity: start consolidating pagecache code Christoph Hellwig
2026-01-22 8:22 ` [f2fs-dev] " Christoph Hellwig
2026-01-22 9:18 ` Jan Kara
2026-01-22 9:18 ` [f2fs-dev] " Jan Kara
2026-01-22 10:12 ` Andrey Albershteyn
2026-01-22 10:12 ` [f2fs-dev] " Andrey Albershteyn via Linux-f2fs-devel
2026-01-22 21:27 ` Darrick J. Wong
2026-01-22 21:27 ` [f2fs-dev] " Darrick J. Wong via Linux-f2fs-devel
2026-01-23 5:12 ` Christoph Hellwig
2026-01-23 5:12 ` [f2fs-dev] " Christoph Hellwig
2026-01-23 7:21 ` Darrick J. Wong
2026-01-23 7:21 ` [f2fs-dev] " Darrick J. Wong via Linux-f2fs-devel
2026-01-24 19:27 ` Eric Biggers
2026-01-24 19:27 ` [f2fs-dev] " Eric Biggers via Linux-f2fs-devel
2026-01-26 4:27 ` Christoph Hellwig
2026-01-26 4:27 ` [f2fs-dev] " Christoph Hellwig
2026-01-22 8:22 ` [PATCH 05/11] fsverity: kick off hash readahead at data I/O submission time Christoph Hellwig
2026-01-22 8:22 ` [f2fs-dev] " Christoph Hellwig
2026-01-22 21:42 ` Darrick J. Wong
2026-01-22 21:42 ` [f2fs-dev] " Darrick J. Wong via Linux-f2fs-devel
2026-01-23 5:14 ` Christoph Hellwig
2026-01-23 5:14 ` [f2fs-dev] " Christoph Hellwig
2026-01-23 7:22 ` Darrick J. Wong
2026-01-23 7:22 ` [f2fs-dev] " Darrick J. Wong via Linux-f2fs-devel
2026-01-24 20:53 ` Eric Biggers
2026-01-24 20:53 ` [f2fs-dev] " Eric Biggers via Linux-f2fs-devel
2026-01-26 4:30 ` Christoph Hellwig
2026-01-26 4:30 ` [f2fs-dev] " Christoph Hellwig
2026-01-22 8:22 ` [PATCH 06/11] fsverity: push out fsverity_info lookup Christoph Hellwig
2026-01-22 8:22 ` [f2fs-dev] " Christoph Hellwig
2026-01-22 21:45 ` Darrick J. Wong
2026-01-22 21:45 ` [f2fs-dev] " Darrick J. Wong via Linux-f2fs-devel
2026-01-24 21:19 ` Eric Biggers
2026-01-24 21:19 ` [f2fs-dev] " Eric Biggers via Linux-f2fs-devel
2026-01-26 4:33 ` Christoph Hellwig
2026-01-26 4:33 ` [f2fs-dev] " Christoph Hellwig
2026-01-22 8:22 ` [PATCH 07/11] fs: consolidate fsverity_info lookup in buffer.c Christoph Hellwig
2026-01-22 8:22 ` [f2fs-dev] " Christoph Hellwig
2026-01-22 21:49 ` Darrick J. Wong
2026-01-22 21:49 ` [f2fs-dev] " Darrick J. Wong via Linux-f2fs-devel
2026-01-23 5:15 ` Christoph Hellwig
2026-01-23 5:15 ` [f2fs-dev] " Christoph Hellwig
2026-01-23 7:23 ` Darrick J. Wong
2026-01-23 7:23 ` [f2fs-dev] " Darrick J. Wong via Linux-f2fs-devel
2026-01-23 7:24 ` Christoph Hellwig
2026-01-23 7:24 ` [f2fs-dev] " Christoph Hellwig
2026-01-22 8:22 ` [PATCH 08/11] ext4: consolidate fsverity_info lookup Christoph Hellwig
2026-01-22 8:22 ` [f2fs-dev] " Christoph Hellwig
2026-01-22 21:54 ` Darrick J. Wong
2026-01-22 21:54 ` [f2fs-dev] " Darrick J. Wong via Linux-f2fs-devel
2026-01-23 5:18 ` Christoph Hellwig
2026-01-23 5:18 ` [f2fs-dev] " Christoph Hellwig
2026-01-23 7:25 ` Darrick J. Wong
2026-01-23 7:25 ` [f2fs-dev] " Darrick J. Wong via Linux-f2fs-devel
2026-01-22 8:22 ` [PATCH 09/11] f2fs: " Christoph Hellwig
2026-01-22 8:22 ` [f2fs-dev] " Christoph Hellwig
2026-01-22 8:22 ` [PATCH 10/11] btrfs: " Christoph Hellwig
2026-01-22 8:22 ` [f2fs-dev] " Christoph Hellwig
2026-01-22 8:22 ` [PATCH 11/11] fsverity: use a hashtable to find the fsverity_info Christoph Hellwig
2026-01-22 8:22 ` [f2fs-dev] " Christoph Hellwig
2026-01-22 22:04 ` Darrick J. Wong
2026-01-22 22:04 ` [f2fs-dev] " Darrick J. Wong via Linux-f2fs-devel
2026-01-23 5:27 ` Christoph Hellwig
2026-01-23 5:27 ` [f2fs-dev] " Christoph Hellwig
2026-01-23 7:27 ` Darrick J. Wong
2026-01-23 7:27 ` [f2fs-dev] " Darrick J. Wong via Linux-f2fs-devel
2026-01-23 7:30 ` Christoph Hellwig
2026-01-23 7:30 ` [f2fs-dev] " Christoph Hellwig
2026-01-25 1:31 ` Eric Biggers
2026-01-25 1:31 ` [f2fs-dev] " Eric Biggers via Linux-f2fs-devel
2026-01-25 21:48 ` Matthew Wilcox
2026-01-25 21:48 ` [f2fs-dev] " Matthew Wilcox
2026-01-26 4:44 ` Christoph Hellwig
2026-01-26 4:44 ` [f2fs-dev] " Christoph Hellwig
2026-01-26 20:12 ` Eric Biggers
2026-01-26 20:12 ` [f2fs-dev] " Eric Biggers via Linux-f2fs-devel
2026-01-28 21:38 ` Matthew Wilcox
2026-01-28 21:38 ` [f2fs-dev] " Matthew Wilcox
2026-01-28 22:14 ` Eric Biggers [this message]
2026-01-28 22:14 ` Eric Biggers via Linux-f2fs-devel
2026-01-26 4:43 ` Christoph Hellwig
2026-01-26 4:43 ` [f2fs-dev] " Christoph Hellwig
2026-01-22 15:42 ` fsverity cleanups, speedup and memory usage optimization v2 David Sterba
2026-01-22 15:42 ` [f2fs-dev] " David Sterba
-- strict thread matches above, loose matches on Subject: below --
2026-02-02 6:06 fsverity speedup and memory usage optimization v5 Christoph Hellwig
2026-02-02 6:06 ` [PATCH 11/11] fsverity: use a hashtable to find the fsverity_info Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260128221443.GA2024@quark \
--to=ebiggers@kernel.org \
--cc=aalbersh@redhat.com \
--cc=brauner@kernel.org \
--cc=chao@kernel.org \
--cc=dsterba@suse.com \
--cc=fsverity@lists.linux.dev \
--cc=hch@lst.de \
--cc=jack@suse.cz \
--cc=jaegeuk@kernel.org \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.