mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-26 18:43:33 -05:00
103830683c
In this round, we've got a huge number of patches that improve code readability along with minor bug fixes, while we've mainly fixed some critical issues in recently-added per-block age-based extent_cache, atomic write support, and some folio cases. Enhancement: - add sysfs nodes to set last_age_weight and manage discard_io_aware_gran - show ipu policy in debugfs - reduce stack memory cost by using bitfield in struct f2fs_io_info - introduce trace_f2fs_replace_atomic_write_block - enhance iostat support and adds flush commands Bug fix: - revert "f2fs: truncate blocks in batch in __complete_revoke_list()" - fix kernel crash on the atomic write abort flow - call clear_page_private_reference in .{release,invalid}_folio - support .migrate_folio for compressed inode - fix cgroup writeback accounting with fs-layer encryption - retry to update the inode page given data corruption - fix kernel crash due to null io->bio - fix some bugs in per-block age-based extent_cache: a. wrong calculation of block age b. update age extent in f2fs_do_zero_range() c. update age extent correctly during truncation -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE00UqedjCtOrGVvQiQBSofoJIUNIFAmP9M/cACgkQQBSofoJI UNIX1Q//Yp+nDeY91H3IO6aMSHPqRoBBnVTr8ERtLUF0fuQbBkzcQE+t8cMSoYDM 88sxoC+F7UnovNr84VeuKlHN4hYyAXuxj8OZetXI3XX+yiO+auEPtljGA0BaGwqL 93lIg8nIQ2ing/oZ/4+h4dvpYCPrhKOQS6h1sHhIWlql6Wxwxq01uA47i0Ni6y/o D23JPFaDQfumN8qy1bm5xfLRhTQmaE35n5NhcBJpUD/rGK92NPXv7RLKPgZc3tKN tJmL+NXa3NNEx5e5TSP7JX+rhD7KlL5XlB/m8LbpPIx338I0pt0uzAc7nTIOlzM3 DI0q3HXe9U3+JBHi+rKxkIniiRDmvhPx3NzdgcsYg75EnwdrNazsRHulBUEAXB4v ghHbx53OxA2uSnUVbkY4HXNYf7cYjrx5vbX0oqEx48btBCC8KGFIcHtI72tIBee3 xdCxoM3e2AWijkFBOCkThXNuNNbdifQzn2e7xR7W+o0L9hwdR5t7tHhHT+cqG9Ox 6UKWoZZUjYUAV/YQT5Qh6570GsGncM8gHAUMz7DVTIOB9wYkHtb0Q9tUmoQccwf5 46r84c4/jxUQHt8SkXBBl1aiqHmR7EF17YvM5AXIdG3DqqOy70NWkM48hMOyIy2G eY/wTVJwpd6oDveQPtxaHn7Wo3jSPNUlidOfAYQ7Itm34VXY/zc= =yXLl -----END PGP SIGNATURE----- Merge tag 'f2fs-for-6.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs Pull f2fs updates from Jaegeuk Kim: "In this round, we've got a huge number of patches that improve code readability along with minor bug fixes, while we've mainly fixed some critical issues in recently-added per-block age-based extent_cache, atomic write support, and some folio cases. Enhancements: - add sysfs nodes to set last_age_weight and manage discard_io_aware_gran - show ipu policy in debugfs - reduce stack memory cost by using bitfield in struct f2fs_io_info - introduce trace_f2fs_replace_atomic_write_block - enhance iostat support and adds flush commands Bug fixes: - revert "f2fs: truncate blocks in batch in __complete_revoke_list()" - fix kernel crash on the atomic write abort flow - call clear_page_private_reference in .{release,invalid}_folio - support .migrate_folio for compressed inode - fix cgroup writeback accounting with fs-layer encryption - retry to update the inode page given data corruption - fix kernel crash due to NULL io->bio - fix some bugs in per-block age-based extent_cache: - wrong calculation of block age - update age extent in f2fs_do_zero_range() - update age extent correctly during truncation" * tag 'f2fs-for-6.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs: (81 commits) f2fs: drop unnecessary arg for f2fs_ioc_*() f2fs: Revert "f2fs: truncate blocks in batch in __complete_revoke_list()" f2fs: synchronize atomic write aborts f2fs: fix wrong segment count f2fs: replace si->sbi w/ sbi in stat_show() f2fs: export ipu policy in debugfs f2fs: make kobj_type structures constant f2fs: fix to do sanity check on extent cache correctly f2fs: add missing description for ipu_policy node f2fs: fix to set ipu policy f2fs: fix typos in comments f2fs: fix kernel crash due to null io->bio f2fs: use iostat_lat_type directly as a parameter in the iostat_update_and_unbind_ctx() f2fs: add sysfs nodes to set last_age_weight f2fs: fix f2fs_show_options to show nogc_merge mount option f2fs: fix cgroup writeback accounting with fs-layer encryption f2fs: fix wrong calculation of block age f2fs: fix to update age extent in f2fs_do_zero_range() f2fs: fix to update age extent correctly during truncation f2fs: fix to avoid potential memory corruption in __update_iostat_latency() ...
292 lines
8.1 KiB
C
292 lines
8.1 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
/*
|
|
* fs/f2fs/verity.c: fs-verity support for f2fs
|
|
*
|
|
* Copyright 2019 Google LLC
|
|
*/
|
|
|
|
/*
|
|
* Implementation of fsverity_operations for f2fs.
|
|
*
|
|
* Like ext4, f2fs stores the verity metadata (Merkle tree and
|
|
* fsverity_descriptor) past the end of the file, starting at the first 64K
|
|
* boundary beyond i_size. This approach works because (a) verity files are
|
|
* readonly, and (b) pages fully beyond i_size aren't visible to userspace but
|
|
* can be read/written internally by f2fs with only some relatively small
|
|
* changes to f2fs. Extended attributes cannot be used because (a) f2fs limits
|
|
* the total size of an inode's xattr entries to 4096 bytes, which wouldn't be
|
|
* enough for even a single Merkle tree block, and (b) f2fs encryption doesn't
|
|
* encrypt xattrs, yet the verity metadata *must* be encrypted when the file is
|
|
* because it contains hashes of the plaintext data.
|
|
*
|
|
* Using a 64K boundary rather than a 4K one keeps things ready for
|
|
* architectures with 64K pages, and it doesn't necessarily waste space on-disk
|
|
* since there can be a hole between i_size and the start of the Merkle tree.
|
|
*/
|
|
|
|
#include <linux/f2fs_fs.h>
|
|
|
|
#include "f2fs.h"
|
|
#include "xattr.h"
|
|
|
|
#define F2FS_VERIFY_VER (1)
|
|
|
|
static inline loff_t f2fs_verity_metadata_pos(const struct inode *inode)
|
|
{
|
|
return round_up(inode->i_size, 65536);
|
|
}
|
|
|
|
/*
|
|
* Read some verity metadata from the inode. __vfs_read() can't be used because
|
|
* we need to read beyond i_size.
|
|
*/
|
|
static int pagecache_read(struct inode *inode, void *buf, size_t count,
|
|
loff_t pos)
|
|
{
|
|
while (count) {
|
|
size_t n = min_t(size_t, count,
|
|
PAGE_SIZE - offset_in_page(pos));
|
|
struct page *page;
|
|
|
|
page = read_mapping_page(inode->i_mapping, pos >> PAGE_SHIFT,
|
|
NULL);
|
|
if (IS_ERR(page))
|
|
return PTR_ERR(page);
|
|
|
|
memcpy_from_page(buf, page, offset_in_page(pos), n);
|
|
|
|
put_page(page);
|
|
|
|
buf += n;
|
|
pos += n;
|
|
count -= n;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Write some verity metadata to the inode for FS_IOC_ENABLE_VERITY.
|
|
* kernel_write() can't be used because the file descriptor is readonly.
|
|
*/
|
|
static int pagecache_write(struct inode *inode, const void *buf, size_t count,
|
|
loff_t pos)
|
|
{
|
|
struct address_space *mapping = inode->i_mapping;
|
|
const struct address_space_operations *aops = mapping->a_ops;
|
|
|
|
if (pos + count > inode->i_sb->s_maxbytes)
|
|
return -EFBIG;
|
|
|
|
while (count) {
|
|
size_t n = min_t(size_t, count,
|
|
PAGE_SIZE - offset_in_page(pos));
|
|
struct page *page;
|
|
void *fsdata = NULL;
|
|
int res;
|
|
|
|
res = aops->write_begin(NULL, mapping, pos, n, &page, &fsdata);
|
|
if (res)
|
|
return res;
|
|
|
|
memcpy_to_page(page, offset_in_page(pos), buf, n);
|
|
|
|
res = aops->write_end(NULL, mapping, pos, n, n, page, fsdata);
|
|
if (res < 0)
|
|
return res;
|
|
if (res != n)
|
|
return -EIO;
|
|
|
|
buf += n;
|
|
pos += n;
|
|
count -= n;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Format of f2fs verity xattr. This points to the location of the verity
|
|
* descriptor within the file data rather than containing it directly because
|
|
* the verity descriptor *must* be encrypted when f2fs encryption is used. But,
|
|
* f2fs encryption does not encrypt xattrs.
|
|
*/
|
|
struct fsverity_descriptor_location {
|
|
__le32 version;
|
|
__le32 size;
|
|
__le64 pos;
|
|
};
|
|
|
|
static int f2fs_begin_enable_verity(struct file *filp)
|
|
{
|
|
struct inode *inode = file_inode(filp);
|
|
int err;
|
|
|
|
if (f2fs_verity_in_progress(inode))
|
|
return -EBUSY;
|
|
|
|
if (f2fs_is_atomic_file(inode))
|
|
return -EOPNOTSUPP;
|
|
|
|
/*
|
|
* Since the file was opened readonly, we have to initialize the quotas
|
|
* here and not rely on ->open() doing it. This must be done before
|
|
* evicting the inline data.
|
|
*/
|
|
err = f2fs_dquot_initialize(inode);
|
|
if (err)
|
|
return err;
|
|
|
|
err = f2fs_convert_inline_inode(inode);
|
|
if (err)
|
|
return err;
|
|
|
|
set_inode_flag(inode, FI_VERITY_IN_PROGRESS);
|
|
return 0;
|
|
}
|
|
|
|
static int f2fs_end_enable_verity(struct file *filp, const void *desc,
|
|
size_t desc_size, u64 merkle_tree_size)
|
|
{
|
|
struct inode *inode = file_inode(filp);
|
|
struct f2fs_sb_info *sbi = F2FS_I_SB(inode);
|
|
u64 desc_pos = f2fs_verity_metadata_pos(inode) + merkle_tree_size;
|
|
struct fsverity_descriptor_location dloc = {
|
|
.version = cpu_to_le32(F2FS_VERIFY_VER),
|
|
.size = cpu_to_le32(desc_size),
|
|
.pos = cpu_to_le64(desc_pos),
|
|
};
|
|
int err = 0, err2 = 0;
|
|
|
|
/*
|
|
* If an error already occurred (which fs/verity/ signals by passing
|
|
* desc == NULL), then only clean-up is needed.
|
|
*/
|
|
if (desc == NULL)
|
|
goto cleanup;
|
|
|
|
/* Append the verity descriptor. */
|
|
err = pagecache_write(inode, desc, desc_size, desc_pos);
|
|
if (err)
|
|
goto cleanup;
|
|
|
|
/*
|
|
* Write all pages (both data and verity metadata). Note that this must
|
|
* happen before clearing FI_VERITY_IN_PROGRESS; otherwise pages beyond
|
|
* i_size won't be written properly. For crash consistency, this also
|
|
* must happen before the verity inode flag gets persisted.
|
|
*/
|
|
err = filemap_write_and_wait(inode->i_mapping);
|
|
if (err)
|
|
goto cleanup;
|
|
|
|
/* Set the verity xattr. */
|
|
err = f2fs_setxattr(inode, F2FS_XATTR_INDEX_VERITY,
|
|
F2FS_XATTR_NAME_VERITY, &dloc, sizeof(dloc),
|
|
NULL, XATTR_CREATE);
|
|
if (err)
|
|
goto cleanup;
|
|
|
|
/* Finally, set the verity inode flag. */
|
|
file_set_verity(inode);
|
|
f2fs_set_inode_flags(inode);
|
|
f2fs_mark_inode_dirty_sync(inode, true);
|
|
|
|
clear_inode_flag(inode, FI_VERITY_IN_PROGRESS);
|
|
return 0;
|
|
|
|
cleanup:
|
|
/*
|
|
* Verity failed to be enabled, so clean up by truncating any verity
|
|
* metadata that was written beyond i_size (both from cache and from
|
|
* disk) and clearing FI_VERITY_IN_PROGRESS.
|
|
*
|
|
* Taking i_gc_rwsem[WRITE] is needed to stop f2fs garbage collection
|
|
* from re-instantiating cached pages we are truncating (since unlike
|
|
* normal file accesses, garbage collection isn't limited by i_size).
|
|
*/
|
|
f2fs_down_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]);
|
|
truncate_inode_pages(inode->i_mapping, inode->i_size);
|
|
err2 = f2fs_truncate(inode);
|
|
if (err2) {
|
|
f2fs_err(sbi, "Truncating verity metadata failed (errno=%d)",
|
|
err2);
|
|
set_sbi_flag(sbi, SBI_NEED_FSCK);
|
|
}
|
|
f2fs_up_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]);
|
|
clear_inode_flag(inode, FI_VERITY_IN_PROGRESS);
|
|
return err ?: err2;
|
|
}
|
|
|
|
static int f2fs_get_verity_descriptor(struct inode *inode, void *buf,
|
|
size_t buf_size)
|
|
{
|
|
struct fsverity_descriptor_location dloc;
|
|
int res;
|
|
u32 size;
|
|
u64 pos;
|
|
|
|
/* Get the descriptor location */
|
|
res = f2fs_getxattr(inode, F2FS_XATTR_INDEX_VERITY,
|
|
F2FS_XATTR_NAME_VERITY, &dloc, sizeof(dloc), NULL);
|
|
if (res < 0 && res != -ERANGE)
|
|
return res;
|
|
if (res != sizeof(dloc) || dloc.version != cpu_to_le32(F2FS_VERIFY_VER)) {
|
|
f2fs_warn(F2FS_I_SB(inode), "unknown verity xattr format");
|
|
return -EINVAL;
|
|
}
|
|
size = le32_to_cpu(dloc.size);
|
|
pos = le64_to_cpu(dloc.pos);
|
|
|
|
/* Get the descriptor */
|
|
if (pos + size < pos || pos + size > inode->i_sb->s_maxbytes ||
|
|
pos < f2fs_verity_metadata_pos(inode) || size > INT_MAX) {
|
|
f2fs_warn(F2FS_I_SB(inode), "invalid verity xattr");
|
|
f2fs_handle_error(F2FS_I_SB(inode),
|
|
ERROR_CORRUPTED_VERITY_XATTR);
|
|
return -EFSCORRUPTED;
|
|
}
|
|
if (buf_size) {
|
|
if (size > buf_size)
|
|
return -ERANGE;
|
|
res = pagecache_read(inode, buf, size, pos);
|
|
if (res)
|
|
return res;
|
|
}
|
|
return size;
|
|
}
|
|
|
|
static struct page *f2fs_read_merkle_tree_page(struct inode *inode,
|
|
pgoff_t index,
|
|
unsigned long num_ra_pages)
|
|
{
|
|
struct page *page;
|
|
|
|
index += f2fs_verity_metadata_pos(inode) >> PAGE_SHIFT;
|
|
|
|
page = find_get_page_flags(inode->i_mapping, index, FGP_ACCESSED);
|
|
if (!page || !PageUptodate(page)) {
|
|
DEFINE_READAHEAD(ractl, NULL, NULL, inode->i_mapping, index);
|
|
|
|
if (page)
|
|
put_page(page);
|
|
else if (num_ra_pages > 1)
|
|
page_cache_ra_unbounded(&ractl, num_ra_pages, 0);
|
|
page = read_mapping_page(inode->i_mapping, index, NULL);
|
|
}
|
|
return page;
|
|
}
|
|
|
|
static int f2fs_write_merkle_tree_block(struct inode *inode, const void *buf,
|
|
u64 pos, unsigned int size)
|
|
{
|
|
pos += f2fs_verity_metadata_pos(inode);
|
|
|
|
return pagecache_write(inode, buf, size, pos);
|
|
}
|
|
|
|
const struct fsverity_operations f2fs_verityops = {
|
|
.begin_enable_verity = f2fs_begin_enable_verity,
|
|
.end_enable_verity = f2fs_end_enable_verity,
|
|
.get_verity_descriptor = f2fs_get_verity_descriptor,
|
|
.read_merkle_tree_page = f2fs_read_merkle_tree_page,
|
|
.write_merkle_tree_block = f2fs_write_merkle_tree_block,
|
|
};
|