From: Eric Biggers <ebiggers@kernel.org>
To: Christoph Hellwig <hch@infradead.org>
Cc: fsverity@lists.linux.dev, cluster-devel@redhat.com,
linux-ext4@vger.kernel.org, agruenba@redhat.com,
djwong@kernel.org, Andrey Albershteyn <aalbersh@redhat.com>,
linux-f2fs-devel@lists.sourceforge.net,
linux-xfs@vger.kernel.org, dchinner@redhat.com,
rpeterso@redhat.com, xiang@kernel.org, jth@kernel.org,
linux-erofs@lists.ozlabs.org, damien.lemoal@opensource.wdc.com,
linux-btrfs@vger.kernel.org
Subject: Re: [f2fs-dev] [PATCH v2 00/23] fs-verity support for XFS
Date: Tue, 11 Apr 2023 19:33:19 -0700 [thread overview]
Message-ID: <20230412023319.GA5105@sol.localdomain> (raw)
In-Reply-To: <ZDTt8jSdG72/UnXi@infradead.org>
On Mon, Apr 10, 2023 at 10:19:46PM -0700, Christoph Hellwig wrote:
> Dave is going to hate me for this, but..
>
> I've been looking over some of the interfaces here, and I'm starting
> to very seriously questioning the design decisions of storing the
> fsverity hashes in xattrs.
>
> Yes, storing them beyond i_size in the file is a bit of a hack, but
> it allows to reuse a lot of the existing infrastructure, and much
> of fsverity is based around it. So storing them in an xattrs causes
> a lot of churn in the interface. And the XFS side with special
> casing xattr indices also seems not exactly nice.
It seems it's really just the Merkle tree caching interface that is causing
problems, as it's currently too closely tied to the page cache? That is just an
implementation detail that could be reworked along the lines of what is being
discussed.
But anyway, it is up to the XFS folks. Keep in mind there is also the option of
doing what btrfs is doing, where it stores the Merkle tree separately from the
file data stream, but caches it past i_size in the page cache at runtime.
I guess there is also the issue of encryption, which hasn't come up yet since
we're talking about fsverity support only. The Merkle tree (including the
fsverity_descriptor) is supposed to be encrypted, just like the file contents
are. Having it be stored after the file contents accomplishes that easily...
Of course, it doesn't have to be that way; a separate key could be derived, or
the Merkle tree blocks could be encrypted with the file contents key using
indices past i_size, without them physically being stored in the data stream.
- Eric
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next prev parent reply other threads:[~2023-04-12 2:33 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-04 14:52 [f2fs-dev] [PATCH v2 00/23] fs-verity support for XFS Andrey Albershteyn
2023-04-04 14:52 ` [f2fs-dev] [PATCH v2 01/23] xfs: Add new name to attri/d Andrey Albershteyn
2023-04-04 14:52 ` [f2fs-dev] [PATCH v2 02/23] xfs: add parent pointer support to attribute code Andrey Albershteyn
2023-04-04 14:52 ` [f2fs-dev] [PATCH v2 03/23] xfs: define parent pointer xattr format Andrey Albershteyn
2023-04-04 14:53 ` [f2fs-dev] [PATCH v2 04/23] xfs: Add xfs_verify_pptr Andrey Albershteyn
2023-04-04 14:53 ` [f2fs-dev] [PATCH v2 05/23] fsverity: make fsverity_verify_folio() accept folio's offset and size Andrey Albershteyn
2023-04-04 15:30 ` Christoph Hellwig
2023-04-05 10:36 ` Andrey Albershteyn
2023-04-05 15:46 ` Christoph Hellwig
2023-04-05 17:50 ` Eric Biggers
2023-04-04 14:53 ` [f2fs-dev] [PATCH v2 06/23] fsverity: add drop_page() callout Andrey Albershteyn
2023-04-04 23:40 ` Dave Chinner via Linux-f2fs-devel
2023-04-05 10:39 ` Andrey Albershteyn
2023-04-04 14:53 ` [f2fs-dev] [PATCH v2 07/23] fsverity: pass Merkle tree block size to ->read_merkle_tree_page() Andrey Albershteyn
2023-04-04 14:53 ` [f2fs-dev] [PATCH v2 08/23] iomap: hoist iomap_readpage_ctx from the iomap_readahead/_folio Andrey Albershteyn
2023-04-04 15:32 ` Christoph Hellwig
2023-04-04 14:53 ` [f2fs-dev] [PATCH v2 09/23] iomap: allow filesystem to implement read path verification Andrey Albershteyn
2023-04-04 15:37 ` Christoph Hellwig
2023-04-05 11:01 ` Andrey Albershteyn
2023-04-05 15:06 ` Darrick J. Wong
2023-04-05 15:48 ` Christoph Hellwig
2023-04-04 14:53 ` [f2fs-dev] [PATCH v2 10/23] xfs: add XBF_VERITY_CHECKED xfs_buf flag Andrey Albershteyn
2023-04-04 14:53 ` [f2fs-dev] [PATCH v2 11/23] xfs: add XFS_DA_OP_BUFFER to make xfs_attr_get() return buffer Andrey Albershteyn
2023-04-04 14:53 ` [f2fs-dev] [PATCH v2 12/23] xfs: introduce workqueue for post read IO work Andrey Albershteyn
2023-04-04 14:53 ` [f2fs-dev] [PATCH v2 13/23] xfs: add iomap's readpage operations Andrey Albershteyn
2023-04-04 14:53 ` [f2fs-dev] [PATCH v2 14/23] xfs: add attribute type for fs-verity Andrey Albershteyn
2023-04-04 14:53 ` [f2fs-dev] [PATCH v2 15/23] xfs: add fs-verity ro-compat flag Andrey Albershteyn
2023-04-04 14:53 ` [f2fs-dev] [PATCH v2 16/23] xfs: add inode on-disk VERITY flag Andrey Albershteyn
2023-04-04 22:41 ` Eric Biggers
2023-04-04 23:56 ` Dave Chinner via Linux-f2fs-devel
2023-04-05 11:07 ` Andrey Albershteyn
2023-04-04 14:53 ` [f2fs-dev] [PATCH v2 17/23] xfs: initialize fs-verity on file open and cleanup on inode destruction Andrey Albershteyn
2023-04-04 14:53 ` [f2fs-dev] [PATCH v2 18/23] xfs: don't allow to enable DAX on fs-verity sealsed inode Andrey Albershteyn
2023-04-04 14:53 ` [f2fs-dev] [PATCH v2 19/23] xfs: disable direct read path for fs-verity sealed files Andrey Albershteyn
2023-04-04 16:10 ` Darrick J. Wong
2023-04-05 15:01 ` Andrey Albershteyn
2023-04-05 15:09 ` Darrick J. Wong
2023-04-05 15:50 ` Christoph Hellwig
2023-04-05 18:02 ` Eric Biggers
2023-04-05 22:14 ` Dave Chinner via Linux-f2fs-devel
2023-04-05 22:10 ` Dave Chinner via Linux-f2fs-devel
2023-04-04 14:53 ` [f2fs-dev] [PATCH v2 20/23] xfs: add fs-verity support Andrey Albershteyn
2023-04-04 16:27 ` Darrick J. Wong
2023-04-05 15:18 ` Eric Sandeen
2023-04-04 18:01 ` kernel test robot
2023-04-04 20:03 ` kernel test robot
2023-04-04 14:53 ` [f2fs-dev] [PATCH v2 21/23] xfs: handle merkle tree block size != fs blocksize != PAGE_SIZE Andrey Albershteyn
2023-04-04 16:36 ` Darrick J. Wong
2023-04-05 16:02 ` Andrey Albershteyn
2023-04-05 16:38 ` Darrick J. Wong
2023-04-05 18:16 ` Eric Biggers
2023-04-05 22:26 ` Dave Chinner via Linux-f2fs-devel
2023-04-05 22:54 ` Eric Biggers
2023-04-05 23:37 ` Dave Chinner via Linux-f2fs-devel
2023-04-06 0:44 ` Eric Biggers
2023-04-07 19:56 ` Eric Biggers
2023-04-04 23:32 ` Eric Biggers
2023-04-05 15:12 ` Andrey Albershteyn
2023-04-05 22:51 ` Dave Chinner via Linux-f2fs-devel
2023-04-04 14:53 ` [f2fs-dev] [PATCH v2 22/23] xfs: add fs-verity ioctls Andrey Albershteyn
2023-04-04 14:53 ` [f2fs-dev] [PATCH v2 23/23] xfs: enable ro-compat fs-verity flag Andrey Albershteyn
2023-04-04 16:39 ` [f2fs-dev] [PATCH v2 00/23] fs-verity support for XFS Darrick J. Wong
2023-04-05 16:27 ` Andrey Albershteyn
2023-04-04 23:37 ` Eric Biggers
2023-04-05 16:04 ` Andrey Albershteyn
2023-04-11 5:19 ` Christoph Hellwig
2023-04-12 2:33 ` Eric Biggers [this message]
2023-04-12 3:18 ` Dave Chinner via Linux-f2fs-devel
2023-04-12 12:42 ` Christoph Hellwig
2023-04-12 12:40 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230412023319.GA5105@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=aalbersh@redhat.com \
--cc=agruenba@redhat.com \
--cc=cluster-devel@redhat.com \
--cc=damien.lemoal@opensource.wdc.com \
--cc=dchinner@redhat.com \
--cc=djwong@kernel.org \
--cc=fsverity@lists.linux.dev \
--cc=hch@infradead.org \
--cc=jth@kernel.org \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-erofs@lists.ozlabs.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-xfs@vger.kernel.org \
--cc=rpeterso@redhat.com \
--cc=xiang@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).