From: Eric Biggers <ebiggers@kernel.org>
To: linux-fscrypt@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-api@vger.kernel.org, Theodore Ts'o <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>,
Victor Hsieh <victorhsieh@google.com>
Subject: [PATCH 5/6] fs-verity: support reading descriptor with ioctl
Date: Fri, 15 Jan 2021 10:18:18 -0800 [thread overview]
Message-ID: <20210115181819.34732-6-ebiggers@kernel.org> (raw)
In-Reply-To: <20210115181819.34732-1-ebiggers@kernel.org>
From: Eric Biggers <ebiggers@google.com>
Add support for FS_VERITY_METADATA_TYPE_DESCRIPTOR to
FS_IOC_READ_VERITY_METADATA. This allows a userspace server program to
retrieve the fs-verity descriptor of a file for serving to a client
which implements fs-verity compatible verification. See the patch which
introduced FS_IOC_READ_VERITY_METADATA for more details.
"fs-verity descriptor" here means only the part that userspace cares
about because it is hashed to produce the file digest. It doesn't
include the signature which ext4 and f2fs append to the
fsverity_descriptor struct when storing it on-disk, since that way of
storing the signature is an implementation detail. The next patch adds
a separate metadata_type value for retrieving the signature separately.
This has been tested using a new xfstest which calls this ioctl via a
new subcommand for the 'fsverity' program from fsverity-utils.
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
Documentation/filesystems/fsverity.rst | 4 +++
fs/verity/read_metadata.c | 40 ++++++++++++++++++++++++++
include/uapi/linux/fsverity.h | 1 +
3 files changed, 45 insertions(+)
diff --git a/Documentation/filesystems/fsverity.rst b/Documentation/filesystems/fsverity.rst
index 50b47a6d9ea11..6dc5772037ef9 100644
--- a/Documentation/filesystems/fsverity.rst
+++ b/Documentation/filesystems/fsverity.rst
@@ -235,6 +235,7 @@ need this ioctl.
This ioctl takes in a pointer to the following structure::
#define FS_VERITY_METADATA_TYPE_MERKLE_TREE 1
+ #define FS_VERITY_METADATA_TYPE_DESCRIPTOR 2
struct fsverity_read_metadata_arg {
__u64 metadata_type;
@@ -252,6 +253,9 @@ This ioctl takes in a pointer to the following structure::
the same order that their hashes are themselves hashed.
See `Merkle tree`_ for more information.
+- ``FS_VERITY_METADATA_TYPE_DESCRIPTOR`` reads the fs-verity
+ descriptor. See `fs-verity descriptor`_.
+
The semantics are similar to those of ``pread()``. ``offset``
specifies the offset in bytes into the metadata item to read from, and
``length`` specifies the maximum number of bytes to read from the
diff --git a/fs/verity/read_metadata.c b/fs/verity/read_metadata.c
index 0f8ad2991cf90..2dea6dd3bb05a 100644
--- a/fs/verity/read_metadata.c
+++ b/fs/verity/read_metadata.c
@@ -76,6 +76,44 @@ static int fsverity_read_merkle_tree(struct inode *inode,
}
return retval ? retval : err;
}
+
+/* Copy the requested portion of the buffer to userspace. */
+static int fsverity_read_buffer(void __user *dst, u64 offset, int length,
+ const void *src, size_t src_length)
+{
+ if (offset >= src_length)
+ return 0;
+ src += offset;
+ src_length -= offset;
+
+ length = min_t(size_t, length, src_length);
+
+ if (copy_to_user(dst, src, length))
+ return -EFAULT;
+
+ return length;
+}
+
+static int fsverity_read_descriptor(struct inode *inode,
+ void __user *buf, u64 offset, int length)
+{
+ struct fsverity_descriptor *desc;
+ size_t desc_size;
+ int res;
+
+ res = fsverity_get_descriptor(inode, &desc, &desc_size);
+ if (res)
+ return res;
+
+ /* don't include the signature */
+ desc_size = offsetof(struct fsverity_descriptor, signature);
+ desc->sig_size = 0;
+
+ res = fsverity_read_buffer(buf, offset, length, desc, desc_size);
+
+ kfree(desc);
+ return res;
+}
/**
* fsverity_ioctl_read_metadata() - read verity metadata from a file
* @filp: file to read the metadata from
@@ -118,6 +156,8 @@ int fsverity_ioctl_read_metadata(struct file *filp, const void __user *uarg)
case FS_VERITY_METADATA_TYPE_MERKLE_TREE:
return fsverity_read_merkle_tree(inode, vi, buf, arg.offset,
length);
+ case FS_VERITY_METADATA_TYPE_DESCRIPTOR:
+ return fsverity_read_descriptor(inode, buf, arg.offset, length);
default:
return -EINVAL;
}
diff --git a/include/uapi/linux/fsverity.h b/include/uapi/linux/fsverity.h
index 94003b153cb3d..41abc283dbccb 100644
--- a/include/uapi/linux/fsverity.h
+++ b/include/uapi/linux/fsverity.h
@@ -84,6 +84,7 @@ struct fsverity_formatted_digest {
};
#define FS_VERITY_METADATA_TYPE_MERKLE_TREE 1
+#define FS_VERITY_METADATA_TYPE_DESCRIPTOR 2
struct fsverity_read_metadata_arg {
__u64 metadata_type;
--
2.30.0
next prev parent reply other threads:[~2021-01-15 18:21 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-15 18:18 [PATCH 0/6] fs-verity: add an ioctl to read verity metadata Eric Biggers
2021-01-15 18:18 ` [PATCH 1/6] fs-verity: factor out fsverity_get_descriptor() Eric Biggers
2021-01-28 1:04 ` Jaegeuk Kim
2021-01-15 18:18 ` [PATCH 2/6] fs-verity: don't pass whole descriptor to fsverity_verify_signature() Eric Biggers
2021-01-28 1:04 ` Jaegeuk Kim
2021-01-28 3:24 ` Amy Parker
2021-01-15 18:18 ` [PATCH 3/6] fs-verity: add FS_IOC_READ_VERITY_METADATA ioctl Eric Biggers
2021-01-28 1:03 ` Jaegeuk Kim
2021-02-07 7:46 ` [f2fs-dev] " Chao Yu
2021-02-07 8:01 ` Eric Biggers
2021-02-07 8:32 ` Chao Yu
2021-01-15 18:18 ` [PATCH 4/6] fs-verity: support reading Merkle tree with ioctl Eric Biggers
2021-01-28 1:10 ` Jaegeuk Kim
2021-01-28 2:17 ` Eric Biggers
2021-01-15 18:18 ` Eric Biggers [this message]
2021-01-28 1:11 ` [PATCH 5/6] fs-verity: support reading descriptor " Jaegeuk Kim
2021-01-15 18:18 ` [PATCH 6/6] fs-verity: support reading signature " Eric Biggers
2021-01-28 1:11 ` Jaegeuk Kim
2021-01-22 23:26 ` [PATCH 0/6] fs-verity: add an ioctl to read verity metadata Victor Hsieh
2021-01-25 18:41 ` Eric Biggers
2021-02-01 17:41 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210115181819.34732-6-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=tytso@mit.edu \
--cc=victorhsieh@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).