From: "Darrick J. Wong" <djwong@kernel.org>
To: Andrey Albershteyn <aalbersh@redhat.com>
Cc: zlang@redhat.com, ebiggers@kernel.org, fsverity@lists.linux.dev,
linux-fsdevel@vger.kernel.org, guan@eryu.me,
linux-xfs@vger.kernel.org, fstests@vger.kernel.org
Subject: Re: [PATCH 6/6] common/populate: add verity files to populate xfs images
Date: Tue, 30 Apr 2024 08:49:43 -0700 [thread overview]
Message-ID: <20240430154943.GN360919@frogsfrogsfrogs> (raw)
In-Reply-To: <jalepm6lu3nwy4bext62pj2fii6s2iknkgbsh5p3ltz65yeqcs@5z4s72utnopv>
On Tue, Apr 30, 2024 at 03:22:50PM +0200, Andrey Albershteyn wrote:
> On 2024-04-29 20:42:21, Darrick J. Wong wrote:
> > From: Darrick J. Wong <djwong@kernel.org>
> >
> > If verity is enabled on a filesystem, we should create some sample
> > verity files.
> >
> > Signed-off-by: Darrick J. Wong <djwong@kernel.org>
> > ---
> > common/populate | 24 ++++++++++++++++++++++++
> > 1 file changed, 24 insertions(+)
> >
> >
> > diff --git a/common/populate b/common/populate
> > index 35071f4210..ab9495e739 100644
> > --- a/common/populate
> > +++ b/common/populate
> > @@ -520,6 +520,30 @@ _scratch_xfs_populate() {
> > done
> > fi
> >
> > + # verity merkle trees
> > + is_verity="$(_xfs_has_feature "$SCRATCH_MNT" verity -v)"
> > + if [ $is_verity -gt 0 ]; then
> > + echo "+ fsverity"
> > +
> > + # Create a biggish file with all zeroes, because metadump
> > + # won't preserve data blocks and we don't want the hashes to
> > + # stop working for our sample fs.
>
> Hashes of the data blocks in the merkle tree? All zeros to use
> .zero_digest in fs-verity? Not sure if got this comment right
Oooh, yeah, I need to go check that. The block elision code might be
neutralizing this.
--D
> > + for ((pos = 0, i = 88; pos < 23456789; pos += 234567, i++)); do
> > + $XFS_IO_PROG -f -c "pwrite -S 0 $pos 234567" "$SCRATCH_MNT/verity"
> > + done
> > +
> > + fsverity enable "$SCRATCH_MNT/verity"
> > +
> > + # Create a sparse file
> > + $XFS_IO_PROG -f -c "pwrite -S 0 0 3" -c "pwrite -S 0 23456789 3" "$SCRATCH_MNT/sparse_verity"
> > + fsverity enable "$SCRATCH_MNT/sparse_verity"
> > +
> > + # Create a salted sparse file
> > + $XFS_IO_PROG -f -c "pwrite -S 0 0 3" -c "pwrite -S 0 23456789 3" "$SCRATCH_MNT/salted_verity"
> > + local salt="5846532066696e616c6c7920686173206461746120636865636b73756d732121" # XFS finally has data checksums!!
> > + fsverity enable --salt="$salt" "$SCRATCH_MNT/salted_verity"
> > + fi
> > +
> > # Copy some real files (xfs tests, I guess...)
> > echo "+ real files"
> > test $fill -ne 0 && __populate_fill_fs "${SCRATCH_MNT}" 5
> >
>
> --
> - Andrey
>
>
next prev parent reply other threads:[~2024-04-30 15:49 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20240430031134.GH360919@frogsfrogsfrogs>
2024-04-30 3:19 ` [PATCHSET v5.6] fstests: fs-verity support for XFS Darrick J. Wong
2024-04-30 3:41 ` [PATCH 1/6] common/verity: enable fsverity " Darrick J. Wong
2024-04-30 12:39 ` Andrey Albershteyn
2024-04-30 15:35 ` Darrick J. Wong
2024-04-30 3:41 ` [PATCH 2/6] xfs/{021,122}: adapt to fsverity xattrs Darrick J. Wong
2024-04-30 12:46 ` Andrey Albershteyn
2024-04-30 15:36 ` Darrick J. Wong
2024-04-30 3:41 ` [PATCH 3/6] xfs/122: adapt to fsverity Darrick J. Wong
2024-04-30 12:45 ` Andrey Albershteyn
2024-04-30 15:37 ` Darrick J. Wong
2024-04-30 3:41 ` [PATCH 4/6] xfs: test xfs_scrub detection and correction of corrupt fsverity metadata Darrick J. Wong
2024-04-30 12:29 ` Andrey Albershteyn
2024-04-30 15:43 ` Darrick J. Wong
2024-04-30 3:42 ` [PATCH 5/6] xfs: test disabling fsverity Darrick J. Wong
2024-04-30 12:56 ` Andrey Albershteyn
2024-04-30 13:11 ` Andrey Albershteyn
2024-04-30 15:48 ` Darrick J. Wong
2024-04-30 18:06 ` Andrey Albershteyn
2024-04-30 3:42 ` [PATCH 6/6] common/populate: add verity files to populate xfs images Darrick J. Wong
2024-04-30 13:22 ` Andrey Albershteyn
2024-04-30 15:49 ` Darrick J. Wong [this message]
2024-05-11 5:01 ` [PATCHSET v5.6] fstests: fs-verity support for XFS Zorro Lang
2024-05-17 15:56 ` Darrick J. Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240430154943.GN360919@frogsfrogsfrogs \
--to=djwong@kernel.org \
--cc=aalbersh@redhat.com \
--cc=ebiggers@kernel.org \
--cc=fstests@vger.kernel.org \
--cc=fsverity@lists.linux.dev \
--cc=guan@eryu.me \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=zlang@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox