From: Eric Biggers <ebiggers@kernel.org>
To: Alexander Larsson <alexl@redhat.com>
Cc: miklos@szeredi.hu, linux-unionfs@vger.kernel.org,
amir73il@gmail.com, tytso@mit.edu, fsverity@lists.linux.dev
Subject: Re: [PATCH v2 0/6] ovl: Add support for fs-verity checking of lowerdata
Date: Sun, 14 May 2023 12:09:03 -0700 [thread overview]
Message-ID: <20230514190903.GC9528@sol.localdomain> (raw)
In-Reply-To: <cover.1683102959.git.alexl@redhat.com>
Hi Alexander,
On Wed, May 03, 2023 at 10:51:33AM +0200, Alexander Larsson wrote:
> This patchset adds support for using fs-verity to validate lowerdata
> files by specifying an overlay.verity xattr on the metacopy
> files.
>
> This is primarily motivated by the Composefs usecase, where there will
> be a read-only EROFS layer that contains redirect into a base data
> layer which has fs-verity enabled on all files. However, it is also
> useful in general if you want to ensure that the lowerdata files
> matches the expected content over time.
>
> This patch series is based on the lazy lowerdata patch series by Amir[1].
>
> I have also added some tests for this feature to xfstests[2].
>
> I'm also CC:ing the fsverity list and maintainers because there is one
> (tiny) fsverity change, and there may be interest in this usecase.
>
> Changes since v1:
> * Rebased on v2 lazy lowerdata series
> * Dropped the "validate" mount option variant. We now only support
> "off", "on" and "require", where "off" is the default.
> * We now store the digest algorithm used in the overlay.verity xattr.
> * Dropped ability to configure default verity options, as this could
> cause problems moving layers between machines.
> * We now properly resolve dependent mount options by automatically
> enabling metacopy and redirect_dir if verity is on, or failing
> if the specified options conflict.
> * Streamlined and fixed the handling of creds in ovl_ensure_verity_loaded().
> * Renamed new helpers from ovl_entry_path_ to ovl_e_path_
>
> [1] https://lore.kernel.org/linux-unionfs/20230427130539.2798797-1-amir73il@gmail.com/T/#m3968bf64a31946e77bdba8e3d07688a34cf79982
> [2] https://github.com/alexlarsson/xfstests/commits/verity-tests
>
> Alexander Larsson (6):
> fsverity: Export fsverity_get_digest
> ovl: Break out ovl_e_path_real() from ovl_i_path_real()
> ovl: Break out ovl_e_path_lowerdata() from ovl_path_lowerdata()
> ovl: Add framework for verity support
> ovl: Validate verity xattr when resolving lowerdata
> ovl: Handle verity during copy-up
>
> Documentation/filesystems/overlayfs.rst | 27 ++++
> fs/overlayfs/copy_up.c | 31 +++++
> fs/overlayfs/namei.c | 42 +++++-
> fs/overlayfs/overlayfs.h | 12 ++
> fs/overlayfs/ovl_entry.h | 3 +
> fs/overlayfs/super.c | 74 ++++++++++-
> fs/overlayfs/util.c | 165 ++++++++++++++++++++++--
> fs/verity/measure.c | 1 +
> 8 files changed, 343 insertions(+), 12 deletions(-)
Thanks for presenting this topic at LSFMM!
I'm not an expert in overlayfs, but I've been working through this patchset.
One thing that seems to be missing, and has been tripping me up while reviewing
this patchset, is that the overlayfs documentation
(Documentation/filesystems/overlayfs.rst) is not properly up to date with the
use case that is intended here.
For example, the overlayfs documentation says "An overlay filesystem combines
two filesystems - an 'upper' filesystem and a 'lower' filesystem.".
Apparently, that is out of date. I think a correct statement would be: An
overlay filesystem combines an optional upper directory with one or more lower
directories.
And as I understand it, the use case here actually involves two lower
directories and no upper directory.
There is also the "metacopy" feature, which the documentation describes in the
section "Metadata only copy up". The documentation makes it sound like an
overlayfs internal optimization.
However, when this patchset introduces the fsverity support, it talks about
"metacopy files". As I understand it, the user is expected to create a
read-only filesystem that contains these "metacopy files". It doesn't seem to
be documented what these are, exactly, and how to create them. I assume that
these are part of the implementation of "Metadata only copy up", but there seems
to be a gap where the documentation goes from describing the behavior of
"metadata only copy up", to expecting users of overlayfs to know what a
"metacopy file" is and how to create them.
I think that it would be easier to understand and review this feature if the
documentation was gotten up to date.
- Eric
next prev parent reply other threads:[~2023-05-14 19:09 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-03 8:51 [PATCH v2 0/6] ovl: Add support for fs-verity checking of lowerdata Alexander Larsson
2023-05-03 8:51 ` [PATCH v2 1/6] fsverity: Export fsverity_get_digest Alexander Larsson
2023-05-03 8:51 ` [PATCH v2 2/6] ovl: Break out ovl_e_path_real() from ovl_i_path_real() Alexander Larsson
2023-05-03 8:51 ` [PATCH v2 3/6] ovl: Break out ovl_e_path_lowerdata() from ovl_path_lowerdata() Alexander Larsson
2023-05-03 8:51 ` [PATCH v2 4/6] ovl: Add framework for verity support Alexander Larsson
2023-05-03 11:51 ` Amir Goldstein
2023-05-14 19:22 ` Eric Biggers
2023-05-15 5:44 ` Alexander Larsson
2023-05-15 6:00 ` Eric Biggers
2023-05-15 6:46 ` Alexander Larsson
2023-05-03 8:51 ` [PATCH v2 5/6] ovl: Validate verity xattr when resolving lowerdata Alexander Larsson
2023-05-03 15:35 ` Amir Goldstein
2023-05-14 19:16 ` Eric Biggers
2023-05-14 21:00 ` Amir Goldstein
2023-05-15 6:14 ` Alexander Larsson
2023-06-09 13:03 ` Amir Goldstein
2023-06-10 15:02 ` Alexander Larsson
2023-06-11 11:20 ` Amir Goldstein
2023-06-12 10:32 ` Alexander Larsson
2023-06-16 5:07 ` Amir Goldstein
2023-06-16 5:24 ` Eric Biggers
2023-06-16 5:55 ` Amir Goldstein
2023-06-16 7:50 ` Alexander Larsson
2023-06-16 8:12 ` Amir Goldstein
2023-06-16 8:39 ` Alexander Larsson
2023-06-16 9:27 ` Amir Goldstein
2023-06-16 11:33 ` Alexander Larsson
2023-06-16 12:24 ` Amir Goldstein
2023-06-16 12:28 ` Miklos Szeredi
2023-06-16 13:14 ` Gao Xiang
2023-05-15 6:12 ` Alexander Larsson
2023-05-03 8:51 ` [PATCH v2 6/6] ovl: Handle verity during copy-up Alexander Larsson
2023-05-03 15:33 ` Amir Goldstein
2023-05-14 19:09 ` Eric Biggers [this message]
2023-05-14 21:25 ` [PATCH v2 0/6] ovl: Add support for fs-verity checking of lowerdata Amir Goldstein
2023-05-14 22:19 ` Gao Xiang
2023-05-15 5:55 ` Alexander Larsson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230514190903.GC9528@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=alexl@redhat.com \
--cc=amir73il@gmail.com \
--cc=fsverity@lists.linux.dev \
--cc=linux-unionfs@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox