[Cluster-devel] [PATCH v2 21/23] xfs: handle merkle tree block size != fs blocksize != PAGE_SIZE

cluster-devel.redhat.com archive mirror
 help / color / mirror / Atom feed

From: Darrick J. Wong <djwong@kernel.org>
To: cluster-devel.redhat.com
Subject: [Cluster-devel] [PATCH v2 21/23] xfs: handle merkle tree block size != fs blocksize != PAGE_SIZE
Date: Tue, 4 Apr 2023 09:36:02 -0700	[thread overview]
Message-ID: <20230404163602.GC109974@frogsfrogsfrogs> (raw)
In-Reply-To: <20230404145319.2057051-22-aalbersh@redhat.com>

On Tue, Apr 04, 2023 at 04:53:17PM +0200, Andrey Albershteyn wrote:
> In case of different Merkle tree block size fs-verity expects
> ->read_merkle_tree_page() to return Merkle tree page filled with
> Merkle tree blocks. The XFS stores each merkle tree block under
> extended attribute. Those attributes are addressed by block offset
> into Merkle tree.
> 
> This patch make ->read_merkle_tree_page() to fetch multiple merkle
> tree blocks based on size ratio. Also the reference to each xfs_buf
> is passed with page->private to ->drop_page().
> 
> Signed-off-by: Andrey Albershteyn <aalbersh@redhat.com>
> ---
>  fs/xfs/xfs_verity.c | 74 +++++++++++++++++++++++++++++++++++----------
>  fs/xfs/xfs_verity.h |  8 +++++
>  2 files changed, 66 insertions(+), 16 deletions(-)
> 
> diff --git a/fs/xfs/xfs_verity.c b/fs/xfs/xfs_verity.c
> index a9874ff4efcd..ef0aff216f06 100644
> --- a/fs/xfs/xfs_verity.c
> +++ b/fs/xfs/xfs_verity.c
> @@ -134,6 +134,10 @@ xfs_read_merkle_tree_page(
>  	struct page		*page = NULL;
>  	__be64			name = cpu_to_be64(index << PAGE_SHIFT);
>  	uint32_t		bs = 1 << log_blocksize;
> +	int			blocks_per_page =
> +		(1 << (PAGE_SHIFT - log_blocksize));
> +	int			n = 0;
> +	int			offset = 0;
>  	struct xfs_da_args	args = {
>  		.dp		= ip,
>  		.attr_filter	= XFS_ATTR_VERITY,
> @@ -143,26 +147,59 @@ xfs_read_merkle_tree_page(
>  		.valuelen	= bs,
>  	};
>  	int			error = 0;
> +	bool			is_checked = true;
> +	struct xfs_verity_buf_list	*buf_list;
>  
>  	page = alloc_page(GFP_KERNEL);
>  	if (!page)
>  		return ERR_PTR(-ENOMEM);
>  
> -	error = xfs_attr_get(&args);
> -	if (error) {
> -		kmem_free(args.value);
> -		xfs_buf_rele(args.bp);
> +	buf_list = kzalloc(sizeof(struct xfs_verity_buf_list), GFP_KERNEL);
> +	if (!buf_list) {
>  		put_page(page);
> -		return ERR_PTR(-EFAULT);
> +		return ERR_PTR(-ENOMEM);
>  	}
>  
> -	if (args.bp->b_flags & XBF_VERITY_CHECKED)
> +	/*
> +	 * Fill the page with Merkle tree blocks. The blcoks_per_page is higher
> +	 * than 1 when fs block size != PAGE_SIZE or Merkle tree block size !=
> +	 * PAGE SIZE
> +	 */
> +	for (n = 0; n < blocks_per_page; n++) {

Ahah, ok, that's why we can't pass the xfs_buf pages up to fsverity.

> +		offset = bs * n;
> +		name = cpu_to_be64(((index << PAGE_SHIFT) + offset));

Really this ought to be a typechecked helper...

struct xfs_fsverity_merkle_key {
	__be64	merkleoff;
};

static inline void
xfs_fsverity_merkle_key_to_disk(struct xfs_fsverity_merkle_key *k, loff_t pos)
{
	k->merkeloff = cpu_to_be64(pos);
}



> +		args.name = (const uint8_t *)&name;
> +
> +		error = xfs_attr_get(&args);
> +		if (error) {
> +			kmem_free(args.value);
> +			/*
> +			 * No more Merkle tree blocks (e.g. this was the last
> +			 * block of the tree)
> +			 */
> +			if (error == -ENOATTR)
> +				break;
> +			xfs_buf_rele(args.bp);
> +			put_page(page);
> +			kmem_free(buf_list);
> +			return ERR_PTR(-EFAULT);
> +		}
> +
> +		buf_list->bufs[buf_list->buf_count++] = args.bp;
> +
> +		/* One of the buffers was dropped */
> +		if (!(args.bp->b_flags & XBF_VERITY_CHECKED))
> +			is_checked = false;

If there's enough memory pressure to cause the merkle tree pages to get
evicted, what are the chances that the xfs_bufs survive the eviction?

> +		memcpy(page_address(page) + offset, args.value, args.valuelen);
> +		kmem_free(args.value);
> +		args.value = NULL;
> +	}
> +
> +	if (is_checked)
>  		SetPageChecked(page);
> +	page->private = (unsigned long)buf_list;
>  
> -	page->private = (unsigned long)args.bp;
> -	memcpy(page_address(page), args.value, args.valuelen);
> -
> -	kmem_free(args.value);
>  	return page;
>  }
>  
> @@ -191,16 +228,21 @@ xfs_write_merkle_tree_block(
>  
>  static void
>  xfs_drop_page(
> -	struct page	*page)
> +	struct page			*page)
>  {
> -	struct xfs_buf *buf = (struct xfs_buf *)page->private;
> +	int				i = 0;
> +	struct xfs_verity_buf_list	*buf_list =
> +		(struct xfs_verity_buf_list *)page->private;
>  
> -	ASSERT(buf != NULL);
> +	ASSERT(buf_list != NULL);
>  
> -	if (PageChecked(page))
> -		buf->b_flags |= XBF_VERITY_CHECKED;
> +	for (i = 0; i < buf_list->buf_count; i++) {
> +		if (PageChecked(page))
> +			buf_list->bufs[i]->b_flags |= XBF_VERITY_CHECKED;
> +		xfs_buf_rele(buf_list->bufs[i]);
> +	}
>  
> -	xfs_buf_rele(buf);
> +	kmem_free(buf_list);
>  	put_page(page);
>  }
>  
> diff --git a/fs/xfs/xfs_verity.h b/fs/xfs/xfs_verity.h
> index ae5d87ca32a8..433b2f4ae3bc 100644
> --- a/fs/xfs/xfs_verity.h
> +++ b/fs/xfs/xfs_verity.h
> @@ -16,4 +16,12 @@ extern const struct fsverity_operations xfs_verity_ops;
>  #define xfs_verity_ops NULL
>  #endif	/* CONFIG_FS_VERITY */
>  
> +/* Minimal Merkle tree block size is 1024 */
> +#define XFS_VERITY_MAX_MBLOCKS_PER_PAGE (1 << (PAGE_SHIFT - 10))
> +
> +struct xfs_verity_buf_list {
> +	unsigned int	buf_count;
> +	struct xfs_buf	*bufs[XFS_VERITY_MAX_MBLOCKS_PER_PAGE];

So... this is going to be a 520-byte allocation on arm64 with 64k pages?
Even if the merkle tree block size is the same as the page size?  Ouch.

--D

> +};
> +
>  #endif	/* __XFS_VERITY_H__ */
> -- 
> 2.38.4
>

next prev parent reply	other threads:[~2023-04-04 16:36 UTC|newest]

Thread overview: 70+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-04-04 14:52 [Cluster-devel] [PATCH v2 00/23] fs-verity support for XFS Andrey Albershteyn
2023-04-04 14:52 ` [Cluster-devel] [PATCH v2 01/23] xfs: Add new name to attri/d Andrey Albershteyn
2023-04-04 14:52 ` [Cluster-devel] [PATCH v2 02/23] xfs: add parent pointer support to attribute code Andrey Albershteyn
2023-04-04 14:52 ` [Cluster-devel] [PATCH v2 03/23] xfs: define parent pointer xattr format Andrey Albershteyn
2023-04-04 14:53 ` [Cluster-devel] [PATCH v2 04/23] xfs: Add xfs_verify_pptr Andrey Albershteyn
2023-04-04 14:53 ` [Cluster-devel] [PATCH v2 05/23] fsverity: make fsverity_verify_folio() accept folio's offset and size Andrey Albershteyn
2023-04-04 15:30   ` Christoph Hellwig
2023-04-05 10:36     ` Andrey Albershteyn
2023-04-05 15:46       ` Christoph Hellwig
2023-04-05 17:50         ` Eric Biggers
2023-04-04 14:53 ` [Cluster-devel] [PATCH v2 06/23] fsverity: add drop_page() callout Andrey Albershteyn
2023-04-04 23:40   ` Dave Chinner
2023-04-05 10:39     ` Andrey Albershteyn
2023-04-04 14:53 ` [Cluster-devel] [PATCH v2 07/23] fsverity: pass Merkle tree block size to ->read_merkle_tree_page() Andrey Albershteyn
2023-04-04 14:53 ` [Cluster-devel] [PATCH v2 08/23] iomap: hoist iomap_readpage_ctx from the iomap_readahead/_folio Andrey Albershteyn
2023-04-04 15:32   ` Christoph Hellwig
2023-04-04 14:53 ` [Cluster-devel] [PATCH v2 09/23] iomap: allow filesystem to implement read path verification Andrey Albershteyn
2023-04-04 15:37   ` Christoph Hellwig
2023-04-05 11:01     ` Andrey Albershteyn
2023-04-05 15:06       ` Darrick J. Wong
2023-04-05 15:48         ` Christoph Hellwig
2023-04-04 14:53 ` [Cluster-devel] [PATCH v2 10/23] xfs: add XBF_VERITY_CHECKED xfs_buf flag Andrey Albershteyn
2023-04-04 14:53 ` [Cluster-devel] [PATCH v2 11/23] xfs: add XFS_DA_OP_BUFFER to make xfs_attr_get() return buffer Andrey Albershteyn
2023-04-04 14:53 ` [Cluster-devel] [PATCH v2 12/23] xfs: introduce workqueue for post read IO work Andrey Albershteyn
2023-04-04 14:53 ` [Cluster-devel] [PATCH v2 13/23] xfs: add iomap's readpage operations Andrey Albershteyn
2023-04-04 14:53 ` [Cluster-devel] [PATCH v2 14/23] xfs: add attribute type for fs-verity Andrey Albershteyn
2023-04-04 14:53 ` [Cluster-devel] [PATCH v2 15/23] xfs: add fs-verity ro-compat flag Andrey Albershteyn
2023-04-04 14:53 ` [Cluster-devel] [PATCH v2 16/23] xfs: add inode on-disk VERITY flag Andrey Albershteyn
2023-04-04 22:41   ` Eric Biggers
2023-04-04 23:56     ` Dave Chinner
2023-04-05 11:07       ` Andrey Albershteyn
2023-04-04 14:53 ` [Cluster-devel] [PATCH v2 17/23] xfs: initialize fs-verity on file open and cleanup on inode destruction Andrey Albershteyn
2023-04-04 14:53 ` [Cluster-devel] [PATCH v2 18/23] xfs: don't allow to enable DAX on fs-verity sealsed inode Andrey Albershteyn
2023-04-04 14:53 ` [Cluster-devel] [PATCH v2 19/23] xfs: disable direct read path for fs-verity sealed files Andrey Albershteyn
2023-04-04 16:10   ` Darrick J. Wong
2023-04-05 15:01     ` Andrey Albershteyn
2023-04-05 15:09       ` Darrick J. Wong
2023-04-05 15:50         ` Christoph Hellwig
2023-04-05 18:02           ` Eric Biggers
2023-04-05 22:14             ` Dave Chinner
2023-04-05 22:10         ` Dave Chinner
2023-04-04 14:53 ` [Cluster-devel] [PATCH v2 20/23] xfs: add fs-verity support Andrey Albershteyn
2023-04-04 16:27   ` Darrick J. Wong
2023-04-05 15:18     ` Eric Sandeen
2023-04-04 18:01   ` kernel test robot
2023-04-04 20:03   ` kernel test robot
2023-04-04 14:53 ` [Cluster-devel] [PATCH v2 21/23] xfs: handle merkle tree block size != fs blocksize != PAGE_SIZE Andrey Albershteyn
2023-04-04 16:36   ` Darrick J. Wong [this message]
2023-04-05 16:02     ` Andrey Albershteyn
2023-04-05 16:38       ` Darrick J. Wong
2023-04-05 18:16         ` Eric Biggers
2023-04-05 22:26           ` Dave Chinner
2023-04-05 22:54             ` Eric Biggers
2023-04-05 23:37               ` Dave Chinner
2023-04-06  0:44                 ` Eric Biggers
2023-04-07 19:56                   ` Eric Biggers
2023-04-04 23:32   ` Eric Biggers
2023-04-05 15:12     ` Andrey Albershteyn
2023-04-05 22:51       ` Dave Chinner
2023-04-04 14:53 ` [Cluster-devel] [PATCH v2 22/23] xfs: add fs-verity ioctls Andrey Albershteyn
2023-04-04 14:53 ` [Cluster-devel] [PATCH v2 23/23] xfs: enable ro-compat fs-verity flag Andrey Albershteyn
2023-04-04 16:39 ` [Cluster-devel] [PATCH v2 00/23] fs-verity support for XFS Darrick J. Wong
2023-04-05 16:27   ` Andrey Albershteyn
2023-04-04 23:37 ` Eric Biggers
2023-04-05 16:04   ` Andrey Albershteyn
2023-04-11  5:19 ` Christoph Hellwig
2023-04-12  2:33   ` Eric Biggers
2023-04-12  3:18     ` Dave Chinner
2023-04-12 12:42       ` Christoph Hellwig
2023-04-12 12:40     ` Christoph Hellwig

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230404163602.GC109974@frogsfrogsfrogs \
    --to=djwong@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).