Re: [f2fs-dev] [RFC PATCH 10/10] f2fs: fs-verity support

[RFC PATCH 00/10] fs-verity: filesystem-level integrity protection · Eric Biggers <ebiggers@kernel.org> · 2018-08-24
[RFC PATCH 05/10] fs-verity: add SHA-512 support · Eric Biggers <ebiggers@kernel.org> · 2018-08-24
[RFC PATCH 06/10] fs-verity: add CRC-32C support · Eric Biggers <ebiggers@kernel.org> · 2018-08-24
[RFC PATCH 01/10] fs-verity: add setup code, UAPI, and Kconfig · Eric Biggers <ebiggers@kernel.org> · 2018-08-24
Re: [RFC PATCH 01/10] fs-verity: add setup code, UAPI, and Kconfig · Randy Dunlap <hidden> · 2018-08-24
Re: [RFC PATCH 01/10] fs-verity: add setup code, UAPI, and Kconfig · Colin Walters <hidden> · 2018-08-24
Re: [RFC PATCH 01/10] fs-verity: add setup code, UAPI, and Kconfig · "Theodore Y. Ts'o" <tytso@mit.edu> · 2018-08-25
Re: [RFC PATCH 01/10] fs-verity: add setup code, UAPI, and Kconfig · Eric Biggers <ebiggers@kernel.org> · 2018-08-25
Re: [RFC PATCH 01/10] fs-verity: add setup code, UAPI, and Kconfig · Colin Walters <hidden> · 2018-09-14
Re: [RFC PATCH 01/10] fs-verity: add setup code, UAPI, and Kconfig · Eric Biggers <ebiggers@kernel.org> · 2018-09-14
Re: [RFC PATCH 01/10] fs-verity: add setup code, UAPI, and Kconfig · "Theodore Y. Ts'o" <tytso@mit.edu> · 2018-09-15
Re: [RFC PATCH 01/10] fs-verity: add setup code, UAPI, and Kconfig · Chuck Lever <hidden> · 2018-08-26
Re: [RFC PATCH 01/10] fs-verity: add setup code, UAPI, and Kconfig · Eric Biggers <ebiggers@kernel.org> · 2018-08-26
[RFC PATCH 02/10] fs-verity: add data verification hooks for ->readpages() · Eric Biggers <ebiggers@kernel.org> · 2018-08-24
Re: [f2fs-dev] [RFC PATCH 02/10] fs-verity: add data verification hooks for ->readpages() · Gao Xiang <hidden> · 2018-08-25
Re: [f2fs-dev] [RFC PATCH 02/10] fs-verity: add data verification hooks for ->readpages() · "Theodore Y. Ts'o" <tytso@mit.edu> · 2018-08-25
Re: [f2fs-dev] [RFC PATCH 02/10] fs-verity: add data verification hooks for ->readpages() · Gao Xiang <hidden> · 2018-08-25
Re: [f2fs-dev] [RFC PATCH 02/10] fs-verity: add data verification hooks for ->readpages() · "Theodore Y. Ts'o" <tytso@mit.edu> · 2018-08-25
Re: [f2fs-dev] [RFC PATCH 02/10] fs-verity: add data verification hooks for ->readpages() · Gao Xiang <hidden> · 2018-08-25
Re: [f2fs-dev] [RFC PATCH 02/10] fs-verity: add data verification hooks for ->readpages() · Gao Xiang <hidden> · 2018-08-25
Re: [RFC PATCH 02/10] fs-verity: add data verification hooks for ->readpages() · Eric Biggers <ebiggers@kernel.org> · 2018-08-25
Re: [RFC PATCH 02/10] fs-verity: add data verification hooks for ->readpages() · Gao Xiang <hidden> · 2018-08-25
Re: [RFC PATCH 02/10] fs-verity: add data verification hooks for ->readpages() · Eric Biggers <ebiggers@kernel.org> · 2018-08-25
Re: [RFC PATCH 02/10] fs-verity: add data verification hooks for ->readpages() · Gao Xiang <hidden> · 2018-08-25
Re: [RFC PATCH 02/10] fs-verity: add data verification hooks for ->readpages() · "Theodore Y. Ts'o" <tytso@mit.edu> · 2018-08-25
Re: Re: [RFC PATCH 02/10] fs-verity: add data verification hooks for ->readpages() · Gao Xiang <hidden> · 2018-08-26
Re: [RFC PATCH 02/10] fs-verity: add data verification hooks for ->readpages() · Olof Johansson <hidden> · 2018-09-02
Re: [RFC PATCH 02/10] fs-verity: add data verification hooks for ->readpages() · Chuck Lever <hidden> · 2018-08-26
Re: [RFC PATCH 02/10] fs-verity: add data verification hooks for ->readpages() · Eric Biggers <ebiggers@kernel.org> · 2018-08-26
Re: Re: [RFC PATCH 02/10] fs-verity: add data verification hooks for ->readpages() · Gao Xiang <hidden> · 2018-08-26
[RFC PATCH 03/10] fs-verity: implement FS_IOC_ENABLE_VERITY ioctl · Eric Biggers <ebiggers@kernel.org> · 2018-08-24
[RFC PATCH 04/10] fs-verity: implement FS_IOC_MEASURE_VERITY ioctl · Eric Biggers <ebiggers@kernel.org> · 2018-08-24
[RFC PATCH 09/10] ext4: add fs-verity read support · Eric Biggers <ebiggers@kernel.org> · 2018-08-24
[RFC PATCH 08/10] ext4: add basic fs-verity support · Eric Biggers <ebiggers@kernel.org> · 2018-08-24
[RFC PATCH 10/10] f2fs: fs-verity support · Eric Biggers <ebiggers@kernel.org> · 2018-08-24
Re: [f2fs-dev] [RFC PATCH 10/10] f2fs: fs-verity support · Chao Yu <hidden> · 2018-08-25
Re: [f2fs-dev] [RFC PATCH 10/10] f2fs: fs-verity support · Eric Biggers <ebiggers@kernel.org> · 2018-08-26
Re: [f2fs-dev] [RFC PATCH 10/10] f2fs: fs-verity support · Chao Yu <chao@kernel.org> · 2018-08-27
Re: [f2fs-dev] [RFC PATCH 10/10] f2fs: fs-verity support · Jaegeuk Kim <jaegeuk@kernel.org> · 2018-08-28
Re: [f2fs-dev] [RFC PATCH 10/10] f2fs: fs-verity support · Chao Yu <hidden> · 2018-08-28
Re: [f2fs-dev] [RFC PATCH 10/10] f2fs: fs-verity support · Jaegeuk Kim <jaegeuk@kernel.org> · 2018-08-28
Re: [f2fs-dev] [RFC PATCH 10/10] f2fs: fs-verity support · Chao Yu <hidden> · 2018-08-29
Re: [f2fs-dev] [RFC PATCH 10/10] f2fs: fs-verity support · Jaegeuk Kim <jaegeuk@kernel.org> · 2018-08-29
[RFC PATCH 07/10] fs-verity: support builtin file signatures · Eric Biggers <ebiggers@kernel.org> · 2018-08-24
Re: [RFC PATCH 00/10] fs-verity: filesystem-level integrity protection · Jan Lübbe <jlu@pengutronix.de> · 2018-09-01
Re: [RFC PATCH 00/10] fs-verity: filesystem-level integrity protection · Eric Biggers <ebiggers@kernel.org> · 2018-09-01

From: Eric Biggers <ebiggers@kernel.org>
Date: 2018-08-26 17:35:08
Also in: linux-f2fs-devel, linux-fscrypt, linux-fsdevel, linux-integrity, lkml

Hi Chao,

On Sat, Aug 25, 2018 at 01:54:08PM +0800, Chao Yu wrote:

On 2018/8/25 0:16, Eric Biggers wrote:

quoted

From: Eric Biggers <redacted>
 #ifdef CONFIG_F2FS_CHECK_FS
 #define f2fs_bug_on(sbi, condition)	BUG_ON(condition)
 #else

@@ -146,7 +149,7 @@ struct f2fs_mount_info {
 #define F2FS_FEATURE_QUOTA_INO		0x0080
 #define F2FS_FEATURE_INODE_CRTIME	0x0100
 #define F2FS_FEATURE_LOST_FOUND		0x0200
-#define F2FS_FEATURE_VERITY		0x0400	/* reserved */
+#define F2FS_FEATURE_VERITY		0x0400
 
 #define F2FS_HAS_FEATURE(sb, mask)					\
 	((F2FS_SB(sb)->raw_super->feature & cpu_to_le32(mask)) != 0)
@@ -598,7 +601,7 @@ enum {
 #define FADVISE_ENC_NAME_BIT	0x08
 #define FADVISE_KEEP_SIZE_BIT	0x10
 #define FADVISE_HOT_BIT		0x20
-#define FADVISE_VERITY_BIT	0x40	/* reserved */
+#define FADVISE_VERITY_BIT	0x40

As I suggested before, how about moving f2fs' verity_bit from i_fadvise to more
generic i_flags field like ext4, so we can a) remaining more bits for those
demands which really need file advise fields. b) using i_flags bits keeping line
with ext4. Not sure, if user want to know whether the file is verity one, it
will be easy for f2fs to export the status through FS_IOC_SETFLAGS.

#define EXT4_VERITY_FL			0x00100000 /* Verity protected inode */

#define F2FS_VERITY_FL			0x00100000 /* Verity protected inode */

I don't like using i_advise much either, but I actually don't see either
location being much better than the other at the moment.  The real problem is an
artificial one: the i_flags in f2fs's on-disk format are being assumed to use
the same numbering scheme as ext4's on-disk format, which makes it seem that
they have to be in sync, and that all new ext4 flags (say, EA_INODE) also
reserve bits in f2fs and vice versa, when they in fact do not.  Instead, f2fs
should use its own numbering for its i_flags, and it should map them to/from
whatever is needed for common APIs like FS_IOC_{GET,SET}FLAGS and
FS_IOC_FS{GET,SET}XATTR.

So putting the verity flag in *either* location (i_advise or i_flags) is just
kicking the can down the road.  If I get around to it I will send a patch that
cleans up the f2fs flags properly...

Thanks,

- Eric

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help