f2fs: fs-verity support
Add fs-verity support to f2fs. fs-verity provides transparent
authentication of read-only files in a manner similar to dm-verity, by
using a Merkle tree (hash tree) hidden at the end of the file. The
Merkle tree and other metadata is written by a userspace program, which
then uses an ioctl to set the verity bit. The expected root hash can
then be provided via another ioctl. Signature verification is also
planned but shouldn't require filesystem-specific changes.
In f2fs, the main change is to the I/O path: ->readpage() and
->readpages() now verify data as it is read from verity files. Pages
that fail verification are set to PG_error && !PG_uptodate, causing
applications to see an I/O error. An internal flag also allows the
->read_metadata_page() verity operation to skip verification, to avoid
recursion into the fs-verity workqueue.
Hooks are also added to several f2fs filesystem operations:
* ->open(), to deny opening verity files for writing and to set up
the fsverity_info to prepare for I/O
* ->getattr() to set up the fsverity_info to make stat() show the
original data size of verity files
* ->setattr() to deny truncating verity files
* update_inode() to write out the full file size rather than the
original data size, since for verity files the in-memory ->i_size is
overridden with the original data size.
Finally, the fs-verity ioctls are wired up. On f2fs, enabling fs-verity
on a file requires that the filesystem has the 'verity' feature, i.e.
it was created with 'mkfs.f2fs -O verity'.
Signed-off-by: Eric Biggers <ebiggers@google.com>
9 files changed
