mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-15 23:25:07 +00:00
Code Issues Releases Wiki Activity
linux-stable/fs/ext4
History
Eric Biggers c93d8f8858 ext4: add basic fs-verity support 
Add most of fs-verity support to ext4.  fs-verity is a filesystem
feature that enables transparent integrity protection and authentication
of read-only files.  It uses a dm-verity like mechanism at the file
level: a Merkle tree is used to verify any block in the file in
log(filesize) time.  It is implemented mainly by helper functions in
fs/verity/.  See Documentation/filesystems/fsverity.rst for the full
documentation.

This commit adds all of ext4 fs-verity support except for the actual
data verification, including:

- Adding a filesystem feature flag and an inode flag for fs-verity.

- Implementing the fsverity_operations to support enabling verity on an
  inode and reading/writing the verity metadata.

- Updating ->write_begin(), ->write_end(), and ->writepages() to support
  writing verity metadata pages.

- Calling the fs-verity hooks for ->open(), ->setattr(), and ->ioctl().

ext4 stores the verity metadata (Merkle tree and fsverity_descriptor)
past the end of the file, starting at the first 64K boundary beyond
i_size.  This approach works because (a) verity files are readonly, and
(b) pages fully beyond i_size aren't visible to userspace but can be
read/written internally by ext4 with only some relatively small changes
to ext4.  This approach avoids having to depend on the EA_INODE feature
and on rearchitecturing ext4's xattr support to support paging
multi-gigabyte xattrs into memory, and to support encrypting xattrs.
Note that the verity metadata *must* be encrypted when the file is,
since it contains hashes of the plaintext data.

This patch incorporates work by Theodore Ts'o and Chandan Rajendra.

Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Eric Biggers <ebiggers@google.com>
2019-08-12 19:33:50 -07:00
..
acl.c ext4: compare old and new mode before setting update_mode flag 2018-12-10 00:22:38 -05:00
acl.h ext4: fix up remaining files with SPDX cleanups 2017-12-17 22:00:59 -05:00
balloc.c ext4: clean up kerneldoc warnigns when building with W=1 2019-06-19 16:30:03 -04:00
bitmap.c
block_validity.c ext4: fix block validity checks for journal inodes using indirect blocks 2019-05-15 00:51:19 -04:00
dir.c ext4: rename "dirent_csum" functions to use "dirblock" 2019-06-21 15:49:26 -04:00
ext4.h ext4: add basic fs-verity support 2019-08-12 19:33:50 -07:00
ext4_extents.h ext4: adjust reserved cluster count when removing extents 2018-10-01 14:25:08 -04:00
ext4_jbd2.c ext4: shutdown should not prevent get_write_access 2018-02-18 22:07:36 -05:00
ext4_jbd2.h ext4: use jbd2_inode dirty range scoping 2019-06-20 17:26:26 -04:00
extents.c ext4: clean up kerneldoc warnigns when building with W=1 2019-06-19 16:30:03 -04:00
extents_status.c ext4: remove redundant assignment to node 2019-06-20 00:10:10 -04:00
extents_status.h ext4: reduce reserved cluster count by number of allocated clusters 2018-10-01 14:24:08 -04:00
file.c ext4: add basic fs-verity support 2019-08-12 19:33:50 -07:00
fsmap.c ext4: fix miscellaneous sparse warnings 2019-05-12 04:49:47 -04:00
fsmap.h ext4: fix up remaining files with SPDX cleanups 2017-12-17 22:00:59 -05:00
fsync.c Revert "ext4: use ext4_write_inode() when fsyncing w/o a journal" 2019-01-31 23:41:11 -05:00
hash.c ext4: Support case-insensitive file name lookups 2019-04-25 14:12:08 -04:00
ialloc.c ext4: Support case-insensitive file name lookups 2019-04-25 14:12:08 -04:00
indirect.c ext4: clean up kerneldoc warnigns when building with W=1 2019-06-19 16:30:03 -04:00
inline.c ext4: rename htree_inline_dir_to_tree() to ext4_inlinedir_to_tree() 2019-06-21 21:57:00 -04:00
inode.c ext4: add basic fs-verity support 2019-08-12 19:33:50 -07:00
ioctl.c ext4: add basic fs-verity support 2019-08-12 19:33:50 -07:00
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
Makefile ext4: add basic fs-verity support 2019-08-12 19:33:50 -07:00
mballoc.c ext4: clean up kerneldoc warnigns when building with W=1 2019-06-19 16:30:03 -04:00
mballoc.h ext4: fix up remaining files with SPDX cleanups 2017-12-17 22:00:59 -05:00
migrate.c ext4: clean up indentation issues, remove extraneous tabs 2018-12-04 00:16:44 -05:00
mmp.c ext4: don't mark mmp buffer head dirty 2018-09-15 17:11:25 -04:00
move_extent.c ext4: use jbd2_inode dirty range scoping 2019-06-20 17:26:26 -04:00
namei.c ext4: fix coverity warning on error path of filename setup 2019-07-02 17:56:12 -04:00
page-io.c for-linus-20190715 2019-07-15 21:20:52 -07:00
readpage.c Clean up fscrypt's dcache revalidation support, and other 2019-05-07 21:28:04 -07:00
resize.c Add as a feature case-insensitive directories (the casefold feature) 2019-05-07 21:12:44 -07:00
super.c ext4: add basic fs-verity support 2019-08-12 19:33:50 -07:00
symlink.c ext4: switch to fscrypt_get_symlink() 2018-01-11 22:10:40 -05:00
sysfs.c ext4: add basic fs-verity support 2019-08-12 19:33:50 -07:00
truncate.h ext4: handle layout changes to pinned DAX mappings 2018-07-29 17:00:22 -04:00
verity.c ext4: add basic fs-verity support 2019-08-12 19:33:50 -07:00
xattr.c ext4: ignore e_value_offs for xattrs with value-in-ea-inode 2019-04-10 00:37:36 -04:00
xattr.h ext4: add extra checks to ext4_xattr_block_get() 2018-03-30 20:04:11 -04:00
xattr_security.c ext4: use XATTR_CREATE in ext4_initxattrs() 2018-05-10 11:52:14 -04:00
xattr_trusted.c
xattr_user.c