Re: max fsverity descriptor size?

Re: max fsverity descriptor size?

[Eric Biggers]

+linux-fscrypt

On Wed, Dec 02, 2020 at 09:01:52AM -0500, Chris Mason wrote:
> Hi Eric,
> 
> I’m working on fsverity support in btrfs and wanted to check on the max size
> of the descriptor.  I can go up to any size, just wanted to make sure I had
> things correct in the disk format.
> 
> -chris

The implementations of fs-verity in ext4 and f2fs store the built-in signature
(if there is one) appended to the 'struct fsverity_descriptor', and limit the
total size of those two things combined to 16384 bytes.  See
FS_VERITY_MAX_DESCRIPTOR_SIZE in fs/verity/fsverity_private.h.

Note that there's nothing special about this particular number; it's just an
implementation limit to prevent userspace doing weird things with megabytes
"signatures".

If btrfs will be storing built-in signatures in the same way, it probably should
use the same limit.  Preferably it would be done in a way such that it's
possible to increase the limit later if it's ever needed.

- Eric

Re: max fsverity descriptor size?

[Chris Mason]

On 2 Dec 2020, at 13:12, Eric Biggers wrote:

> +linux-fscrypt
>
> On Wed, Dec 02, 2020 at 09:01:52AM -0500, Chris Mason wrote:
>> Hi Eric,
>>
>> I’m working on fsverity support in btrfs and wanted to check on the 
>> max size
>> of the descriptor.  I can go up to any size, just wanted to make sure 
>> I had
>> things correct in the disk format.
>>
>> -chris
>
> The implementations of fs-verity in ext4 and f2fs store the built-in 
> signature
> (if there is one) appended to the 'struct fsverity_descriptor', and 
> limit the
> total size of those two things combined to 16384 bytes.  See
> FS_VERITY_MAX_DESCRIPTOR_SIZE in fs/verity/fsverity_private.h.
>
> Note that there's nothing special about this particular number; it's 
> just an
> implementation limit to prevent userspace doing weird things with 
> megabytes
> "signatures".
>
> If btrfs will be storing built-in signatures in the same way, it 
> probably should
> use the same limit.  Preferably it would be done in a way such that 
> it's
> possible to increase the limit later if it's ever needed.
>

+Boris

Thanks Eric, the current btrfs code is just putting it in the btree, but 
I’ve got it setup so we won’t run into trouble if it spans multiple 
btree blocks.

Looks like the fs/verity/*.c are in charge of validating against the max 
size?  I’m not finding specific checks in ext4.

-chris

Re: max fsverity descriptor size?

[Eric Biggers]

On Wed, Dec 02, 2020 at 01:33:54PM -0500, Chris Mason wrote:
> 
> 
> On 2 Dec 2020, at 13:12, Eric Biggers wrote:
> 
> > +linux-fscrypt
> > 
> > On Wed, Dec 02, 2020 at 09:01:52AM -0500, Chris Mason wrote:
> > > Hi Eric,
> > > 
> > > I’m working on fsverity support in btrfs and wanted to check on the
> > > max size
> > > of the descriptor.  I can go up to any size, just wanted to make
> > > sure I had
> > > things correct in the disk format.
> > > 
> > > -chris
> > 
> > The implementations of fs-verity in ext4 and f2fs store the built-in
> > signature
> > (if there is one) appended to the 'struct fsverity_descriptor', and
> > limit the
> > total size of those two things combined to 16384 bytes.  See
> > FS_VERITY_MAX_DESCRIPTOR_SIZE in fs/verity/fsverity_private.h.
> > 
> > Note that there's nothing special about this particular number; it's
> > just an
> > implementation limit to prevent userspace doing weird things with
> > megabytes
> > "signatures".
> > 
> > If btrfs will be storing built-in signatures in the same way, it
> > probably should
> > use the same limit.  Preferably it would be done in a way such that it's
> > possible to increase the limit later if it's ever needed.
> > 
> 
> +Boris
> 
> Thanks Eric, the current btrfs code is just putting it in the btree, but
> I’ve got it setup so we won’t run into trouble if it spans multiple btree
> blocks.
> 
> Looks like the fs/verity/*.c are in charge of validating against the max
> size?  I’m not finding specific checks in ext4.

Yes, that's the case currently.

- Eric