* aosp/upstream-f2fs-stable-linux-6.1.y:
fscrypt: support decrypting data from large folios
fsverity: support verifying data from large folios
fsverity.rst: update git repo URL for fsverity-utils
ext4: allow verity with fs block size < PAGE_SIZE
fs/buffer.c: support fsverity in block_read_full_folio()
f2fs: simplify f2fs_readpage_limit()
ext4: simplify ext4_readpage_limit()
fsverity: support enabling with tree block size < PAGE_SIZE
fsverity: support verification with tree block size < PAGE_SIZE
fsverity: replace fsverity_hash_page() with fsverity_hash_block()
fsverity: use EFBIG for file too large to enable verity
fsverity: store log2(digest_size) precomputed
fsverity: simplify Merkle tree readahead size calculation
fsverity: use unsigned long for level_start
fsverity: remove debug messages and CONFIG_FS_VERITY_DEBUG
fsverity: pass pos and size to ->write_merkle_tree_block
fsverity: optimize fsverity_cleanup_inode() on non-verity files
fsverity: optimize fsverity_prepare_setattr() on non-verity files
fsverity: optimize fsverity_file_open() on non-verity files
fscrypt: clean up fscrypt_add_test_dummy_key()
fs/super.c: stop calling fscrypt_destroy_keyring() from __put_super()
f2fs: stop calling fscrypt_add_test_dummy_key()
ext4: stop calling fscrypt_add_test_dummy_key()
fscrypt: add the test dummy encryption key on-demand
f2fs: drop unnecessary arg for f2fs_ioc_*()
f2fs: Revert "f2fs: truncate blocks in batch in __complete_revoke_list()"
f2fs: synchronize atomic write aborts
f2fs: fix wrong segment count
f2fs: replace si->sbi w/ sbi in stat_show()
f2fs: export ipu policy in debugfs
f2fs: make kobj_type structures constant
f2fs: fix to do sanity check on extent cache correctly
f2fs: add missing description for ipu_policy node
f2fs: fix to set ipu policy
f2fs: fix typos in comments
f2fs: fix kernel crash due to null io->bio
f2fs: use iostat_lat_type directly as a parameter in the iostat_update_and_unbind_ctx()
f2fs: add sysfs nodes to set last_age_weight
f2fs: fix f2fs_show_options to show nogc_merge mount option
f2fs: fix cgroup writeback accounting with fs-layer encryption
f2fs: fix wrong calculation of block age
f2fs: fix to update age extent in f2fs_do_zero_range()
f2fs: fix to update age extent correctly during truncation
f2fs: fix to avoid potential memory corruption in __update_iostat_latency()
f2fs: retry to update the inode page given data corruption
f2fs: fix to handle F2FS_IOC_START_ATOMIC_REPLACE in f2fs_compat_ioctl()
f2fs: clean up i_compress_flag and i_compress_level usage
f2fs: reduce stack memory cost by using bitfield in struct f2fs_io_info
f2fs: factor the read/write tracing logic into a helper
f2fs: remove __has_curseg_space
f2fs: refactor next blk selection
f2fs: remove __allocate_new_section
f2fs: refactor __allocate_new_segment
f2fs: add a f2fs_curseg_valid_blocks helper
f2fs: simplify do_checkpoint
f2fs: remove __add_sum_entry
f2fs: fix to abort atomic write only during do_exist()
f2fs: allow set compression option of files without blocks
f2fs: fix information leak in f2fs_move_inline_dirents()
fs: f2fs: initialize fsdata in pagecache_write()
f2fs: fix to check warm_data_age_threshold
f2fs: return true if all cmd were issued or no cmd need to be issued for f2fs_issue_discard_timeout()
f2fs: clarify compress level bit offset
f2fs: fix to show discard_unit mount opt
f2fs: fix to do sanity check on extent cache correctly
f2fs: remove unneeded f2fs_cp_error() in f2fs_create_whiteout()
f2fs: clear atomic_write_task in f2fs_abort_atomic_write()
f2fs: introduce trace_f2fs_replace_atomic_write_block
f2fs: introduce discard_io_aware_gran sysfs node
f2fs: drop useless initializer and unneeded local variable
f2fs: add iostat support for flush
f2fs: support accounting iostat count and avg_bytes
f2fs: convert discard_wake and gc_wake to bool type
f2fs: convert to use MIN_DISCARD_GRANULARITY macro
f2fs: merge f2fs_show_injection_info() into time_to_inject()
f2fs: add a f2fs_ prefix to punch_hole() and expand_inode_data()
f2fs: remove unnecessary blank lines
f2fs: mark f2fs_init_compress_mempool w/ __init
f2fs: judge whether discard_unit is section only when have CONFIG_BLK_DEV_ZONED
f2fs: start freeing cluster pages from the unused number
MAINTAINERS: Add f2fs's patchwork
f2fs: deliver the accumulated 'issued' to __issue_discard_cmd_orderly()
f2fs: avoid to check PG_error flag
f2fs: add missing doc for fault injection sysfs
f2fs: fix to avoid potential deadlock
f2fs: introduce IS_F2FS_IPU_* macro
f2fs: refactor the hole reporting and allocation logic in f2fs_map_blocks
f2fs: factor out a f2fs_map_no_dnode
f2fs: factor a f2fs_map_blocks_cached helper
f2fs: remove the create argument to f2fs_map_blocks
f2fs: remove f2fs_get_block
docs: f2fs: fix html doc error
f2fs: simplify __allocate_data_block
f2fs: reflow prepare_write_begin
f2fs: f2fs_do_map_lock
f2fs: add a f2fs_get_block_locked helper
f2fs: add a f2fs_lookup_extent_cache_block helper
f2fs: split __submit_bio
f2fs: rename F2FS_MAP_UNWRITTEN to F2FS_MAP_DELALLOC
f2fs: decouple F2FS_MAP_ from buffer head flags
f2fs: don't rely on F2FS_MAP_* in f2fs_iomap_begin
f2fs: fix to call clear_page_private_reference in .{release,invalid}_folio
f2fs: remove unused PAGE_PRIVATE_ATOMIC_WRITE
f2fs: fix to support .migrate_folio for compressed inode
f2fs: file: drop useless initializer in expand_inode_data()
Bug: 264705711
Bug: 269384820
Bug: 269593531
Change-Id: Ib84dc3389b6a06068a10d427c03f6dbc034831a6
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
I've gotten very little use out of these debug messages, and I'm not
aware of anyone else having used them.
Indeed, sprinkling pr_debug around is not really a best practice these
days, especially for filesystem code. Tracepoints are used instead.
Let's just remove these and start from a clean slate.
This change does not affect info, warning, and error messages.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Link: https://lore.kernel.org/r/20221215060420.60692-1-ebiggers@kernel.org
Steps on the way to 5.12-rc1.
Resolves merge issues with:
fs/verity/signature.c
include/linux/fsverity.h
Cc: Eric Biggers <ebiggers@google.com>
Cc: Paul Lawrence <paullawrence@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I38ec011e7931f81341afed6cf24de550234b893b
Allows a file system to provide its own fs-verity implementation
but still to hook into the signature check and control file from
fs-verity
Bug: 160634504
Bug: 170978993
Test: incfs_test running on this + subsequent changes
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Change-Id: I02020af460d62fa5eb459a083419208e175005e8
Now that fsverity_get_descriptor() validates the sig_size field,
fsverity_verify_signature() doesn't need to do it.
Just change the prototype of fsverity_verify_signature() to take the
signature directly rather than take a fsverity_descriptor.
Link: https://lore.kernel.org/r/20210115181819.34732-3-ebiggers@kernel.org
Reviewed-by: Victor Hsieh <victorhsieh@google.com>
Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org>
Reviewed-by: Amy Parker <enbyamy@gmail.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
I originally chose the name "file measurement" to refer to the fs-verity
file digest to avoid confusion with traditional full-file digests or
with the bare root hash of the Merkle tree.
But the name "file measurement" hasn't caught on, and usually people are
calling it something else, usually the "file digest". E.g. see
"struct fsverity_digest" and "struct fsverity_formatted_digest", the
libfsverity_compute_digest() and libfsverity_sign_digest() functions in
libfsverity, and the "fsverity digest" command.
Having multiple names for the same thing is always confusing.
So to hopefully avoid confusion in the future, rename
"fs-verity file measurement" to "fs-verity file digest".
This leaves FS_IOC_MEASURE_VERITY as the only reference to "measure" in
the kernel, which makes some amount of sense since the ioctl is actively
"measuring" the file.
I'll be renaming this in fsverity-utils too (though similarly the
'fsverity measure' command, which is a wrapper for
FS_IOC_MEASURE_VERITY, will stay).
Acked-by: Luca Boccassi <luca.boccassi@microsoft.com>
Link: https://lore.kernel.org/r/20201113211918.71883-4-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
The name "struct fsverity_signed_digest" is causing confusion because it
isn't actually a signed digest, but rather it's the way that the digest
is formatted in order to be signed. Rename it to
"struct fsverity_formatted_digest" to prevent this confusion.
Also update the struct's comment to clarify that it's specific to the
built-in signature verification support and isn't a requirement for all
fs-verity users.
I'll be renaming this struct in fsverity-utils too.
Acked-by: Luca Boccassi <luca.boccassi@microsoft.com>
Link: https://lore.kernel.org/r/20201113211918.71883-3-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Embedding the file path inside kernel source code files isn't
particularly useful as often files are moved around and the paths become
incorrect. checkpatch.pl warns about this since v5.10-rc1.
Acked-by: Luca Boccassi <luca.boccassi@microsoft.com>
Link: https://lore.kernel.org/r/20201113211918.71883-2-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Fix all kerneldoc warnings in fs/verity/ and include/linux/fsverity.h.
Most of these were due to missing documentation for function parameters.
Detected with:
scripts/kernel-doc -v -none fs/verity/*.{c,h} include/linux/fsverity.h
This cleanup makes it possible to check new patches for kerneldoc
warnings without having to filter out all the existing ones.
Link: https://lore.kernel.org/r/20200511192118.71427-2-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
To meet some users' needs, add optional support for having fs-verity
handle a portion of the authentication policy in the kernel. An
".fs-verity" keyring is created to which X.509 certificates can be
added; then a sysctl 'fs.verity.require_signatures' can be set to cause
the kernel to enforce that all fs-verity files contain a signature of
their file measurement by a key in this keyring.
See the "Built-in signature verification" section of
Documentation/filesystems/fsverity.rst for the full documentation.
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Eric Biggers <ebiggers@google.com>
