Re: [f2fs-dev] [PATCH] f2fs-tools: fix do_set_verity ioctl fail issue

[Chao Yu <chao@kernel.org>]

On 2024/6/18 13:35, Xiuhong Wang wrote:
> Chao Yu <chao@kernel.org> 于2024年6月18日周二 11:04写道：
> 
>>
>> On 2024/6/17 15:11, Xiuhong Wang wrote:
>>> When using the f2fs_io tool to set_verity, it will fail as follows:
>>> unisc:/data # ./f2fs_io set_verity file
>>> FS_IOC_ENABLE_VERITY: Inappropriate ioctl for device
>>> this is because commit: 95ae251fe828 ("f2fs: add fs-verity support"),
>>> the passed parameters do not match the latest kernel version.
>>>
>>> After patch:
>>> unisoc:/data # ./f2fs_io set_verity file
>>> Set fsverity bit to file
>>> unisoc:/data # ./f2fs_io getflags file
>>> get a flag on file ret=0, flags=verity
>>>
>>> Fixes: 95ae251fe828 ("f2fs: add fs-verity support")
>>> Signed-off-by: Xiuhong Wang <xiuhong.wang@unisoc.com>
>>> Signed-off-by: Zhiguo Niu <zhiguo.niu@unisoc.com>
>>> ---
>>>    include/android_config.h |  1 +
>>>    tools/f2fs_io/f2fs_io.c  |  9 ++++++---
>>>    tools/f2fs_io/f2fs_io.h  | 20 ++++++++++++++++++--
>>>    3 files changed, 25 insertions(+), 5 deletions(-)
>>>
>>> diff --git a/include/android_config.h b/include/android_config.h
>>> index 05b686e..9c8b163 100644
>>> --- a/include/android_config.h
>>> +++ b/include/android_config.h
>>> @@ -13,6 +13,7 @@
>>>    #define HAVE_LINUX_XATTR_H 1
>>>    #define HAVE_LINUX_FS_H 1
>>>    #define HAVE_LINUX_FIEMAP_H 1
>>> +#define HAVE_LINUX_VERITY_H 1
>>>    #define HAVE_MNTENT_H 1
>>>    #define HAVE_STDLIB_H 1
>>>    #define HAVE_STRING_H 1
>>> diff --git a/tools/f2fs_io/f2fs_io.c b/tools/f2fs_io/f2fs_io.c
>>> index a7b593a..2447490 100644
>>> --- a/tools/f2fs_io/f2fs_io.c
>>> +++ b/tools/f2fs_io/f2fs_io.c
>>> @@ -182,16 +182,19 @@ static void do_fsync(int argc, char **argv, const struct cmd_desc *cmd)
>>>    static void do_set_verity(int argc, char **argv, const struct cmd_desc *cmd)
>>>    {
>>>        int ret, fd;
>>> +     struct fsverity_enable_arg args = {.version = 1};
>>> +
>>> +     args.hash_algorithm = FS_VERITY_HASH_ALG_SHA256;
>>> +     args.block_size = 4096;
>>>
>>>        if (argc != 2) {
>>>                fputs("Excess arguments\n\n", stderr);
>>>                fputs(cmd->cmd_help, stderr);
>>>                exit(1);
>>>        }
>>> +     fd = open(argv[1], O_RDONLY);
>>>
>>> -     fd = open(argv[1], O_RDWR);
>>
>> It needs write permission?
>>
>> Thanks,
>>
> If you open the file with O_RDWR, the following error will be returned:
> unisoc:/data # ./f2fs_io set_verity file
> FS_IOC_ENABLE_VERITY: Text file busy
> 
> /Documentation/filesystems/fsverity.rst has the following description:
> FS_IOC_ENABLE_VERITY checks for write access to the inode. However, it
> must be executed on an O_RDONLY file descriptor and no processes can
> have the file open for writing. Attempts to open the file for writing
> while this ioctl is executing will fail with ETXTBSY. (This is
> necessary to guarantee that no writable file descriptors will exist
> after verity is enabled, and to guarantee that the file's contents are
> stable while the Merkle tree is being built over it.)

Got it, thanks for the explanation. :)

Thanks,

> 
>>> -
>>> -     ret = ioctl(fd, FS_IOC_ENABLE_VERITY);
>>> +     ret = ioctl(fd, FS_IOC_ENABLE_VERITY, &args);
>>>        if (ret < 0) {
>>>                perror("FS_IOC_ENABLE_VERITY");
>>>                exit(1);
>>> diff --git a/tools/f2fs_io/f2fs_io.h b/tools/f2fs_io/f2fs_io.h
>>> index b5c82f5..e55db5f 100644
>>> --- a/tools/f2fs_io/f2fs_io.h
>>> +++ b/tools/f2fs_io/f2fs_io.h
>>> @@ -16,6 +16,9 @@
>>>    #ifdef HAVE_LINUX_FS_H
>>>    #include <linux/fs.h>
>>>    #endif
>>> +#ifdef HAVE_LINUX_VERITY_H
>>> +#include <linux/fsverity.h>
>>> +#endif
>>>
>>>    #include <sys/types.h>
>>>
>>> @@ -136,8 +139,21 @@ struct fscrypt_get_policy_ex_arg {
>>>    #define F2FS_IOC_GET_ENCRYPTION_POLICY      FS_IOC_GET_ENCRYPTION_POLICY
>>>    #define F2FS_IOC_GET_ENCRYPTION_PWSALT      FS_IOC_GET_ENCRYPTION_PWSALT
>>>
>>> -#define FS_IOC_ENABLE_VERITY         _IO('f', 133)
>>> -
>>> +#ifndef FS_IOC_ENABLE_VERITY
>>> +#define FS_IOC_ENABLE_VERITY    _IOW('f', 133, struct fsverity_enable_arg)
>>> +#define FS_VERITY_HASH_ALG_SHA256       1
>>> +struct fsverity_enable_arg {
>>> +     __u32 version;
>>> +     __u32 hash_algorithm;
>>> +     __u32 block_size;
>>> +     __u32 salt_size;
>>> +     __u64 salt_ptr;
>>> +     __u32 sig_size;
>>> +     __u32 __reserved1;
>>> +     __u64 sig_ptr;
>>> +     __u64 __reserved2[11];
>>> +};
>>> +#endif
>>>    /*
>>>     * Inode flags
>>>     */


_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel