From: Andrey Albershteyn <aalbersh@redhat.com>
To: linux-xfs@vger.kernel.org
Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de,
Andrey Albershteyn <aalbersh@redhat.com>
Subject: [PATCH 08/24] iomap: integrate fs-verity verification into iomap's read path
Date: Sun, 29 Dec 2024 14:39:11 +0100 [thread overview]
Message-ID: <20241229133927.1194609-9-aalbersh@kernel.org> (raw)
In-Reply-To: <20241229133927.1194609-1-aalbersh@kernel.org>
From: Andrey Albershteyn <aalbersh@redhat.com>
This patch adds fs-verity verification into iomap's read path. After
BIO's io operation is complete the data are verified against
fs-verity's Merkle tree. Verification work is done in a separate
workqueue.
The read path ioend iomap_read_ioend are stored side by side with
BIOs if FS_VERITY is enabled.
Signed-off-by: Andrey Albershteyn <aalbersh@redhat.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
[djwong: fix doc warning]
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
---
fs/iomap/buffered-io.c | 30 ++++++++++++++++++++++++++++--
include/linux/iomap.h | 5 +++++
2 files changed, 33 insertions(+), 2 deletions(-)
diff --git a/fs/iomap/buffered-io.c b/fs/iomap/buffered-io.c
index d6231f4f78d9..59c0ff6fb6b7 100644
--- a/fs/iomap/buffered-io.c
+++ b/fs/iomap/buffered-io.c
@@ -6,6 +6,7 @@
#include <linux/module.h>
#include <linux/compiler.h>
#include <linux/fs.h>
+#include <linux/fsverity.h>
#include <linux/iomap.h>
#include <linux/pagemap.h>
#include <linux/uio.h>
@@ -23,6 +24,8 @@
#define IOEND_BATCH_SIZE 4096
+#define IOMAP_POOL_SIZE (4 * (PAGE_SIZE / SECTOR_SIZE))
+
/*
* Structure allocated for each folio to track per-block uptodate, dirty state
* and I/O completions.
@@ -362,6 +365,19 @@ static inline bool iomap_block_needs_zeroing(const struct iomap_iter *iter,
!(srcmap->flags & IOMAP_F_BEYOND_EOF));
}
+#ifdef CONFIG_FS_VERITY
+void
+iomap_read_fsverity_end_io_work(struct work_struct *work)
+{
+ struct iomap_read_ioend *fbio =
+ container_of(work, struct iomap_read_ioend, io_work);
+
+ fsverity_verify_bio(&fbio->io_bio);
+ iomap_read_end_io(&fbio->io_bio);
+}
+
+#endif /* CONFIG_FS_VERITY */
+
static loff_t iomap_readpage_iter(const struct iomap_iter *iter,
struct iomap_readpage_ctx *ctx, loff_t offset)
{
@@ -376,6 +392,10 @@ static loff_t iomap_readpage_iter(const struct iomap_iter *iter,
struct iomap_read_ioend *ioend;
const struct iomap *srcmap = iomap_iter_srcmap(iter);
+ /* Fail reads from broken fsverity files immediately. */
+ if (IS_VERITY(iter->inode) && !fsverity_active(iter->inode))
+ return -EIO;
+
if (iomap->type == IOMAP_INLINE)
return iomap_read_inline_data(iter, folio);
@@ -387,6 +407,12 @@ static loff_t iomap_readpage_iter(const struct iomap_iter *iter,
if (iomap_block_needs_zeroing(iter, pos)) {
folio_zero_range(folio, poff, plen);
+ if (!(srcmap->flags & IOMAP_F_BEYOND_EOF) &&
+ fsverity_active(iter->inode) &&
+ !fsverity_verify_blocks(folio, plen, poff)) {
+ return -EIO;
+ }
+
iomap_set_range_uptodate(folio, poff, plen);
goto done;
}
@@ -2176,13 +2202,13 @@ static int __init iomap_buffered_init(void)
int error = 0;
error = bioset_init(&iomap_read_ioend_bioset,
- 4 * (PAGE_SIZE / SECTOR_SIZE),
+ IOMAP_POOL_SIZE,
offsetof(struct iomap_read_ioend, io_bio),
BIOSET_NEED_BVECS);
if (error)
return error;
- return bioset_init(&iomap_ioend_bioset, 4 * (PAGE_SIZE / SECTOR_SIZE),
+ return bioset_init(&iomap_ioend_bioset, IOMAP_POOL_SIZE,
offsetof(struct iomap_ioend, io_bio),
BIOSET_NEED_BVECS);
}
diff --git a/include/linux/iomap.h b/include/linux/iomap.h
index 261772431fae..e4704b337ac1 100644
--- a/include/linux/iomap.h
+++ b/include/linux/iomap.h
@@ -326,6 +326,11 @@ struct iomap_readpage_ctx {
};
void iomap_read_end_io(struct bio *bio);
+#ifdef CONFIG_FS_VERITY
+void iomap_read_fsverity_end_io_work(struct work_struct *work);
+#else
+#define iomap_read_fsverity_end_io_work (0)
+#endif /* CONFIG_FS_VERITY */
ssize_t iomap_file_buffered_write(struct kiocb *iocb, struct iov_iter *from,
const struct iomap_ops *ops, void *private);
int iomap_read_folio_ctx(struct iomap_readpage_ctx *ctx,
--
2.47.0
next prev parent reply other threads:[~2024-12-29 13:40 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-29 13:33 [RFC] Directly mapped xattr data & fs-verity Andrey Albershteyn
2024-12-29 13:35 ` [PATCH] xfs: direct mapped xattrs design documentation Andrey Albershteyn
2025-01-07 1:41 ` Darrick J. Wong
2025-01-07 10:24 ` Andrey Albershteyn
2024-12-29 13:36 ` [PATCH 0/2] Introduce iomap interface to work with regions beyond EOF Andrey Albershteyn
2024-12-29 13:36 ` [PATCH 1/2] iomap: add iomap_writepages_unbound() to write " Andrey Albershteyn
2024-12-29 17:54 ` kernel test robot
2024-12-29 21:36 ` kernel test robot
2024-12-29 13:36 ` [PATCH 2/2] iomap: introduce iomap_read/write_region interface Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 00/14] Direct mapped extended attribute data Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 01/14] iomap: add wrapper to pass readpage_ctx to read path Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 02/14] iomap: add read path ioends for filesystem read verification Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 03/14] iomap: introduce IOMAP_F_NO_MERGE for non-mergable ioends Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 04/14] xfs: add incompat directly mapped xattr flag Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 05/14] libxfs: add xfs_calc_chsum() Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 06/14] libxfs: pass xfs_sb to xfs_attr3_leaf_name_remote() Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 07/14] xfs: introduce XFS_DA_OP_EMPTY Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 08/14] xfs: introduce workqueue for post read processing Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 09/14] xfs: add interface to set CRC on leaf attributes Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 10/14] xfs: introduce XFS_ATTRUPDATE_FLAGS operation Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 11/14] xfs: add interface for page cache mapped remote xattrs Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 12/14] xfs: parse both remote attr name on-disk formats Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 13/14] xfs: do not use xfs_attr3_rmt_hdr for remote value blocks for dxattr Andrey Albershteyn
2024-12-29 13:38 ` [PATCH 14/14] xfs: enalbe XFS_SB_FEAT_INCOMPAT_DXATTR Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 00/24] fsverity integration for XFS based on direct mapped xattrs Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 01/24] fs: add FS_XFLAG_VERITY for verity files Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 02/24] fsverity: pass tree_blocksize to end_enable_verity() Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 03/24] fsverity: add tracepoints Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 04/24] fsverity: pass the new tree size and block size to ->begin_enable_verity Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 05/24] fsverity: expose merkle tree geometry to callers Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 06/24] fsverity: report validation errors back to the filesystem Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 07/24] fsverity: flush pagecache before enabling verity Andrey Albershteyn
2024-12-29 13:39 ` Andrey Albershteyn [this message]
2024-12-29 13:39 ` [PATCH 09/24] xfs: use an empty transaction to protect xfs_attr_get from deadlocks Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 10/24] xfs: don't let xfs_bmap_first_unused overflow a xfs_dablk_t Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 11/24] xfs: add attribute type for fs-verity Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 12/24] xfs: add fs-verity ro-compat flag Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 13/24] xfs: add inode on-disk VERITY flag Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 14/24] xfs: initialize fs-verity on file open and cleanup on inode destruction Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 15/24] xfs: don't allow to enable DAX on fs-verity sealed inode Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 16/24] xfs: disable direct read path for fs-verity files Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 17/24] xfs: add fs-verity support Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 18/24] xfs: add writeback page mapping for fs-verity Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 19/24] xfs: use merkle tree offset as attr hash Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 20/24] xfs: add fs-verity ioctls Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 21/24] xfs: advertise fs-verity being available on filesystem Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 22/24] xfs: check and repair the verity inode flag state Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 23/24] xfs: report verity failures through the health system Andrey Albershteyn
2024-12-29 13:39 ` [PATCH 24/24] xfs: enable ro-compat fs-verity flag Andrey Albershteyn
2025-01-06 15:42 ` [RFC] Directly mapped xattr data & fs-verity Christoph Hellwig
2025-01-06 19:50 ` Darrick J. Wong
2025-01-06 20:56 ` Andrey Albershteyn
2025-01-07 16:50 ` Christoph Hellwig
2025-01-08 9:20 ` Andrey Albershteyn
2025-01-09 6:12 ` Christoph Hellwig
2025-01-09 7:39 ` Darrick J. Wong
2025-01-09 7:44 ` Christoph Hellwig
2025-01-09 17:03 ` Darrick J. Wong
2025-01-13 9:16 ` Andrey Albershteyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241229133927.1194609-9-aalbersh@kernel.org \
--to=aalbersh@redhat.com \
--cc=david@fromorbit.com \
--cc=djwong@kernel.org \
--cc=hch@lst.de \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox