Re: [PATCH v6 2/3] btrfs: initial fsverity support

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Eric Biggers <ebiggers@kernel.org>
To: Boris Burkov <boris@bur.io>
Cc: linux-btrfs@vger.kernel.org, linux-fscrypt@vger.kernel.org,
	kernel-team@fb.com
Subject: Re: [PATCH v6 2/3] btrfs: initial fsverity support
Date: Tue, 14 Sep 2021 10:32:59 -0700	[thread overview]
Message-ID: <YUDcy73zXVPneImG@sol.localdomain> (raw)
In-Reply-To: <797d6524e4e6386fc343cd5d0bcdd53878a6593e.1625083099.git.boris@bur.io>

Hi Boris,

On Wed, Jun 30, 2021 at 01:01:49PM -0700, Boris Burkov wrote:
> Add support for fsverity in btrfs. To support the generic interface in
> fs/verity, we add two new item types in the fs tree for inodes with
> verity enabled. One stores the per-file verity descriptor and btrfs
> verity item and the other stores the Merkle tree data itself.
> 
> Verity checking is done in end_page_read just before a page is marked
> uptodate. This naturally handles a variety of edge cases like holes,
> preallocated extents, and inline extents. Some care needs to be taken to
> not try to verity pages past the end of the file, which are accessed by
> the generic buffered file reading code under some circumstances like
> reading to the end of the last page and trying to read again. Direct IO
> on a verity file falls back to buffered reads.
> 
> Verity relies on PageChecked for the Merkle tree data itself to avoid
> re-walking up shared paths in the tree. For this reason, we need to
> cache the Merkle tree data. Since the file is immutable after verity is
> turned on, we can cache it at an index past EOF.
> 
> Use the new inode ro_flags to store verity on the inode item, so that we
> can enable verity on a file, then rollback to an older kernel and still
> mount the file system and read the file. Since we can't safely write the
> file anymore without ruining the invariants of the Merkle tree, we mark
> a ro_compat flag on the file system when a file has verity enabled.

I want to mention the btrfs verity support in
Documentation/filesystems/fsverity.rst, and I have a couple questions:

1. Is the ro_compat filesystem flag still a thing?  The commit message claims it
   is, and BTRFS_FEATURE_COMPAT_RO_VERITY is defined in the code, but it doesn't
   seem to actually be used.  It's not needed since you found a way to make the
   inode flags ro_compat instead, right?

2. Is there a minimum version of btrfs-progs that is required to use btrfs
   verity?  With ext4 and f2fs, the fsck tools had to be updated, so there were
   minimum versions of the userspace tools required.

Thanks,

- Eric

next prev parent reply	other threads:[~2021-09-14 17:33 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-30 20:01 [PATCH v6 0/3] btrfs: support fsverity Boris Burkov
2021-06-30 20:01 ` [PATCH v6 1/3] btrfs: add ro compat flags to inodes Boris Burkov
2021-06-30 20:01 ` [PATCH v6 2/3] btrfs: initial fsverity support Boris Burkov
2021-07-11 14:52   ` Eric Biggers
2021-07-28 14:29     ` David Sterba
2021-09-14 18:25     ` Boris Burkov
2021-07-28 15:05   ` David Sterba
2021-09-14 17:32   ` Eric Biggers [this message]
2021-09-14 17:49     ` Boris Burkov
2021-09-14 17:56       ` Eric Biggers
2021-09-14 18:34         ` Boris Burkov
2021-09-15 20:45           ` Eric Biggers
2021-09-15 21:01             ` Boris Burkov
2021-09-15 21:12               ` Eric Biggers
2021-09-15 23:14                 ` Boris Burkov
2021-09-14 18:03       ` David Sterba
2021-06-30 20:01 ` [PATCH v6 3/3] btrfs: verity metadata orphan items Boris Burkov
2021-07-28 15:24 ` [PATCH v6 0/3] btrfs: support fsverity David Sterba

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YUDcy73zXVPneImG@sol.localdomain \
    --to=ebiggers@kernel.org \
    --cc=boris@bur.io \
    --cc=kernel-team@fb.com \
    --cc=linux-btrfs@vger.kernel.org \
    --cc=linux-fscrypt@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.