fsverity.lists.linux.dev archive mirror
 help / color / mirror / Atom feed

From: Miklos Szeredi <miklos@szeredi.hu>
To: Richard Fung <richardfung@google.com>
Cc: linux-fsdevel@vger.kernel.org, fsverity@lists.linux.dev,
	 Eric Biggers <ebiggers@kernel.org>
Subject: Re: [PATCH 1/1] fuse: Add initial support for fs-verity
Date: Tue, 9 Apr 2024 16:50:10 +0200	[thread overview]
Message-ID: <CAJfpegvtUywhs8vse1rZ6E=hnxUS6uo_eii-oHDmWd0hb35jjA@mail.gmail.com> (raw)
In-Reply-To: <20240328205822.1007338-2-richardfung@google.com>

On Thu, 28 Mar 2024 at 21:58, Richard Fung <richardfung@google.com> wrote:
>
> This adds support for the FS_IOC_ENABLE_VERITY and FS_IOC_MEASURE_VERITY
> ioctls. The FS_IOC_READ_VERITY_METADATA is missing but from the
> documentation, "This is a fairly specialized use case, and most fs-verity
> users won’t need this ioctl."
>
> Signed-off-by: Richard Fung <richardfung@google.com>
> ---
>  fs/fuse/ioctl.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 52 insertions(+)
>
> diff --git a/fs/fuse/ioctl.c b/fs/fuse/ioctl.c
> index 726640fa439e..a0e86c3de48f 100644
> --- a/fs/fuse/ioctl.c
> +++ b/fs/fuse/ioctl.c
> @@ -8,6 +8,7 @@
>  #include <linux/uio.h>
>  #include <linux/compat.h>
>  #include <linux/fileattr.h>
> +#include <linux/fsverity.h>
>
>  static ssize_t fuse_send_ioctl(struct fuse_mount *fm, struct fuse_args *args,
>                                struct fuse_ioctl_out *outarg)
> @@ -227,6 +228,57 @@ long fuse_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg,
>                         out_iov = iov;
>                         out_iovs = 1;
>                 }
> +
> +               /* For fs-verity, determine iov lengths from input */
> +               switch (cmd) {
> +               case FS_IOC_MEASURE_VERITY: {
> +                       __u16 digest_size;
> +                       struct fsverity_digest __user *uarg =
> +               (struct fsverity_digest __user *)arg;
> +
> +                       if (copy_from_user(&digest_size, &uarg->digest_size,
> +                                                sizeof(digest_size)))
> +                               return -EFAULT;
> +
> +                       if (digest_size > SIZE_MAX - sizeof(struct fsverity_digest))
> +                               return -EINVAL;
> +
> +                       iov->iov_len = sizeof(struct fsverity_digest) + digest_size;
> +                       break;
> +               }
> +               case FS_IOC_ENABLE_VERITY: {
> +                       struct fsverity_enable_arg enable;
> +                       struct fsverity_enable_arg __user *uarg =
> +               (struct fsverity_enable_arg __user *)arg;
> +                       const __u32 max_buffer_len = FUSE_MAX_MAX_PAGES * PAGE_SIZE;
> +
> +                       if (copy_from_user(&enable, uarg, sizeof(enable)))
> +                               return -EFAULT;
> +
> +                       if (enable.salt_size > max_buffer_len ||
> +               enable.sig_size > max_buffer_len)
> +                               return -ENOMEM;
> +
> +                       if (enable.salt_size > 0) {
> +                               iov++;
> +                               in_iovs++;
> +
> +                               iov->iov_base = u64_to_user_ptr(enable.salt_ptr);
> +                               iov->iov_len = enable.salt_size;
> +                       }
> +
> +                       if (enable.sig_size > 0) {
> +                               iov++;
> +                               in_iovs++;
> +
> +                               iov->iov_base = u64_to_user_ptr(enable.sig_ptr);
> +                               iov->iov_len = enable.sig_size;
> +                       }
> +                       break;
> +               }
> +               default:
> +                       break;
> +               }
>         }
>
>   retry:

I'm not thrilled by having ioctl specific handling added to the
generic fuse ioctl code.

But more important is what  the fsverity folks think (CC's added).

Thanks,
Miklos

next      parent reply	other threads:[~2024-04-09 14:50 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20240328205822.1007338-1-richardfung@google.com>
     [not found] ` <20240328205822.1007338-2-richardfung@google.com>
2024-04-09 14:50   ` Miklos Szeredi [this message]
2024-04-09 23:50     ` [PATCH 1/1] fuse: Add initial support for fs-verity Eric Biggers
2024-04-11  6:06       ` Miklos Szeredi
2024-04-11 19:15         ` Richard Fung
2024-04-12  8:25           ` Miklos Szeredi
2024-04-16  0:16 ` [PATCH v2] " Richard Fung
2024-04-19 17:05   ` Eric Biggers
2024-04-22 16:31     ` Richard Fung
2024-04-23  9:31       ` Miklos Szeredi
2024-04-23 18:41         ` Richard Fung

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAJfpegvtUywhs8vse1rZ6E=hnxUS6uo_eii-oHDmWd0hb35jjA@mail.gmail.com' \
    --to=miklos@szeredi.hu \
    --cc=ebiggers@kernel.org \
    --cc=fsverity@lists.linux.dev \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=richardfung@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).