From nobody Mon Sep 15 06:20:52 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0C890C61DB3 for ; Fri, 13 Jan 2023 15:46:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230250AbjAMPqD (ORCPT ); Fri, 13 Jan 2023 10:46:03 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34806 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230138AbjAMPpW (ORCPT ); Fri, 13 Jan 2023 10:45:22 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 841DE82FA8 for ; Fri, 13 Jan 2023 07:35:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1673624107; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=M+e8LXuZohWsWAKx1dvrBva8MxDrnRmzpeJF6iBcKD4=; b=FWz3ZL4U4EX3jGV8E7NBugkyeIK3pmGE0BSbTeUrhaVXwiRJuPZc5CdhC+zm/PTdlVWbrp QV2k8can/YyzhfVueRJBdpQ7/FR1GUPXCW6bDqQbPSvFhOUxJOkblablTKb12euSd78Du5 7WNihYvaCnWJfaOCLHGDKk5zP80U2WU= Received: from mail-lf1-f70.google.com (mail-lf1-f70.google.com [209.85.167.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-489-g5x9ol7mOQarsWBh8Ibl4g-1; Fri, 13 Jan 2023 10:35:06 -0500 X-MC-Unique: g5x9ol7mOQarsWBh8Ibl4g-1 Received: by mail-lf1-f70.google.com with SMTP id q9-20020a19a409000000b004b6ee156e03so8426481lfc.5 for ; Fri, 13 Jan 2023 07:35:06 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=M+e8LXuZohWsWAKx1dvrBva8MxDrnRmzpeJF6iBcKD4=; b=tofCL16jq3odmG4UKlICa5F19beiMpVlRDp7Mkol8pZ84+oBLyur5a4wTaeMsQnQ0r 9paI5nQOeUvu1vJK5llDPFV9qNuwsnFGvcjj0xAV6bsBHYgU9smLQtBv2xmz5ZDp6hjs 1HCjBdnLPh2VcNNL4xTKstmP68qzK29c8UVQgMcKUN/s14+m9D4zEGjfXZKgvnGAtWt2 2yBWRDIYQipdVSQa6f0F3OMpK210uaYoA/GW9i9a1cgb3KlHI1KKJwoTEd3kMlz6sND9 NdaaIgO2dQDTzv6lwzQkhp9hlT0BY/TynF670kU2tAOQn4CGuNff/vXjmUSUaAxA5BAu 3iig== X-Gm-Message-State: AFqh2krAv21E62kXpMTX26laWMr2sTJe9mRavc2qmnSpznLRIM41gKAC Ecyd1hkbNeDRXnWbnJm3ZlVH82r4fSCFLZIf2EMFayszEherk/YzIiPIQM3HLq4EdCW59KHHGBa F2fpUNoXBZHrWEkkepPpzhD4M X-Received: by 2002:a2e:9ccd:0:b0:27f:d941:82eb with SMTP id g13-20020a2e9ccd000000b0027fd94182ebmr14244561ljj.14.1673624104960; Fri, 13 Jan 2023 07:35:04 -0800 (PST) X-Google-Smtp-Source: AMrXdXurzBcSbNHDnD97N/Jbb5UaRDPyfmiObjWJaHb4mIMzrQ90BcrNYqaObVK8QJ2Zuy+UbqB4VQ== X-Received: by 2002:a2e:9ccd:0:b0:27f:d941:82eb with SMTP id g13-20020a2e9ccd000000b0027fd94182ebmr14244556ljj.14.1673624104810; Fri, 13 Jan 2023 07:35:04 -0800 (PST) Received: from localhost.localdomain (c-e6a5e255.022-110-73746f36.bbcust.telenor.se. [85.226.165.230]) by smtp.googlemail.com with ESMTPSA id p20-20020a2e9a94000000b00289bb528b8dsm725473lji.49.2023.01.13.07.35.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Jan 2023 07:35:04 -0800 (PST) From: Alexander Larsson To: linux-fsdevel@vger.kernel.org Cc: linux-kernel@vger.kernel.org, gscrivan@redhat.com, Alexander Larsson Subject: [PATCH v2 1/6] fsverity: Export fsverity_get_digest Date: Fri, 13 Jan 2023 16:33:54 +0100 Message-Id: <772d16b63f0eba74b8b09167f9e426fbb33ae546.1673623253.git.alexl@redhat.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Composefs needs to call this when built in module form, so we need to export the symbol. This uses EXPORT_SYMBOL_GPL like the other fsverity functions do. Signed-off-by: Alexander Larsson --- fs/verity/measure.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/verity/measure.c b/fs/verity/measure.c index 5c79ea1b2468..875d143e0c7e 100644 --- a/fs/verity/measure.c +++ b/fs/verity/measure.c @@ -85,3 +85,4 @@ int fsverity_get_digest(struct inode *inode, *alg =3D hash_alg->algo_id; return 0; } +EXPORT_SYMBOL_GPL(fsverity_get_digest); --=20 2.39.0 From nobody Mon Sep 15 06:20:52 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 66641C54EBD for ; Fri, 13 Jan 2023 15:46:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229661AbjAMPqL (ORCPT ); Fri, 13 Jan 2023 10:46:11 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34848 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229795AbjAMPpY (ORCPT ); Fri, 13 Jan 2023 10:45:24 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 25AE881C2A for ; Fri, 13 Jan 2023 07:35:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1673624113; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wkj3gh9U52LVu/Pu7gKRVoj8JWMn17zGrdPPiVQNVN4=; b=H99+U1zKjHOo26LYdHQy8w+KBejOR2AX6QPES62O5nzINUhJzu1Hzv6vJG4NnoFCe4hbku 6Nzk7MKtN/1GuumGi3fDJpWUp+53Rb+PwYsPVi5BecKYrFbFOhRTeX1nHDwrThfYk135kD eNnh1FJaXSQ1J8+BGt4uAg0OVg9U1Z0= Received: from mail-lf1-f70.google.com (mail-lf1-f70.google.com [209.85.167.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-655-XpMooGMbMCCDS8MLcuhGCg-1; Fri, 13 Jan 2023 10:35:11 -0500 X-MC-Unique: XpMooGMbMCCDS8MLcuhGCg-1 Received: by mail-lf1-f70.google.com with SMTP id v19-20020ac25933000000b004b55ec28779so8443806lfi.8 for ; Fri, 13 Jan 2023 07:35:10 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wkj3gh9U52LVu/Pu7gKRVoj8JWMn17zGrdPPiVQNVN4=; b=e1r1yzCzkgiKAtVM440vR7/C7dS0t/0IWJaSjwxFP1/tCubY6JqGY4HEfej1lPC3V1 HlcTwzwBRy1HDf/0M12i5LcD67D5xBUiberQ7gd6KLWTkyepYKKeMIfnCPmLUJ+Myjzb 4072j6+8BjeD+kESHleSqOjt9x9q1JKRzWW87UhmjZqRMkAFDR5B89QrkZVgPjK39TnU lp0+g3XwatOhT2Jk90HeUTSCWjWs77G1wZRXkOYG+bvS6UleP60ZWiEQyYRN40zY/YbF RrkmVckNTVNKbG6nGf3SoEAbNuZiHbutCkLgfShAo+oAlUIWNreg4obH2lxtjgczRrY8 4IOw== X-Gm-Message-State: AFqh2kpQUQktQiLubds02VygSlmuMMWeX15ha/ptA0MGZiT4PEYlzxJC sXiAhqv9/bv3eBZRn5cG/mSzV8MHi2L0zyjBJMc0r4xAFVFl3nwsoWVHR9xezEhkA4tCHonlNln hTIholMZu7thNiyOqQ5aTqrZ0 X-Received: by 2002:a05:651c:1604:b0:281:d50:f3f4 with SMTP id f4-20020a05651c160400b002810d50f3f4mr8967788ljq.28.1673624109552; Fri, 13 Jan 2023 07:35:09 -0800 (PST) X-Google-Smtp-Source: AMrXdXvzrLaIp6gLp/ZPfBIFjfkiZ+8VX+feW6BV35DMwpzNK5YUoaa1mc9C5aaUL5+CikG/bK+ldw== X-Received: by 2002:a05:651c:1604:b0:281:d50:f3f4 with SMTP id f4-20020a05651c160400b002810d50f3f4mr8967782ljq.28.1673624109356; Fri, 13 Jan 2023 07:35:09 -0800 (PST) Received: from localhost.localdomain (c-e6a5e255.022-110-73746f36.bbcust.telenor.se. [85.226.165.230]) by smtp.googlemail.com with ESMTPSA id p20-20020a2e9a94000000b00289bb528b8dsm725473lji.49.2023.01.13.07.35.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Jan 2023 07:35:08 -0800 (PST) From: Alexander Larsson To: linux-fsdevel@vger.kernel.org Cc: linux-kernel@vger.kernel.org, gscrivan@redhat.com, Alexander Larsson Subject: [PATCH v2 2/6] composefs: Add on-disk layout Date: Fri, 13 Jan 2023 16:33:55 +0100 Message-Id: <819f49676080b05c1e87bff785849f0cc375d245.1673623253.git.alexl@redhat.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" This commit adds the on-disk layout header file of composefs. Signed-off-by: Alexander Larsson Co-developed-by: Giuseppe Scrivano Signed-off-by: Giuseppe Scrivano --- fs/composefs/cfs.h | 203 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 203 insertions(+) create mode 100644 fs/composefs/cfs.h diff --git a/fs/composefs/cfs.h b/fs/composefs/cfs.h new file mode 100644 index 000000000000..658df728e366 --- /dev/null +++ b/fs/composefs/cfs.h @@ -0,0 +1,203 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * composefs + * + * Copyright (C) 2021 Giuseppe Scrivano + * Copyright (C) 2022 Alexander Larsson + * + * This file is released under the GPL. + */ + +#ifndef _CFS_H +#define _CFS_H + +#include +#include +#include +#include +#include + +#define CFS_VERSION 1 + +#define CFS_MAGIC 0xc078629aU + +#define CFS_MAX_DIR_CHUNK_SIZE 4096 +#define CFS_MAX_XATTRS_SIZE 4096 + +static inline int cfs_digest_from_payload(const char *payload, size_t payl= oad_len, + u8 digest_out[SHA256_DIGEST_SIZE]) +{ + const char *p, *end; + u8 last_digit =3D 0; + int digit =3D 0; + size_t n_nibbles =3D 0; + + /* This handles payloads (i.e. path names) that are "essentially" a + * digest as the digest (if the DIGEST_FROM_PAYLOAD flag is set). The + * "essential" part means that we ignore hierarchical structure as well + * as any extension. So, for example "ef/deadbeef.file" would match the + * (too short) digest "efdeadbeef". + * + * This allows images to avoid storing both the digest and the pathname, + * yet work with pre-existing object store formats of various kinds. + */ + + end =3D payload + payload_len; + for (p =3D payload; p !=3D end; p++) { + /* Skip subdir structure */ + if (*p =3D=3D '/') + continue; + + /* Break at (and ignore) extension */ + if (*p =3D=3D '.') + break; + + if (n_nibbles =3D=3D SHA256_DIGEST_SIZE * 2) + return -EINVAL; /* Too long */ + + digit =3D hex_to_bin(*p); + if (digit =3D=3D -1) + return -EINVAL; /* Not hex digit */ + + n_nibbles++; + if ((n_nibbles % 2) =3D=3D 0) + digest_out[n_nibbles / 2 - 1] =3D (last_digit << 4) | digit; + last_digit =3D digit; + } + + if (n_nibbles !=3D SHA256_DIGEST_SIZE * 2) + return -EINVAL; /* Too short */ + + return 0; +} + +struct cfs_vdata_s { + u64 off; + u32 len; +} __packed; + +struct cfs_header_s { + u8 version; + u8 unused1; + u16 unused2; + + u32 magic; + u64 data_offset; + u64 root_inode; + + u64 unused3[2]; +} __packed; + +enum cfs_inode_flags { + CFS_INODE_FLAGS_NONE =3D 0, + CFS_INODE_FLAGS_PAYLOAD =3D 1 << 0, + CFS_INODE_FLAGS_MODE =3D 1 << 1, + CFS_INODE_FLAGS_NLINK =3D 1 << 2, + CFS_INODE_FLAGS_UIDGID =3D 1 << 3, + CFS_INODE_FLAGS_RDEV =3D 1 << 4, + CFS_INODE_FLAGS_TIMES =3D 1 << 5, + CFS_INODE_FLAGS_TIMES_NSEC =3D 1 << 6, + CFS_INODE_FLAGS_LOW_SIZE =3D 1 << 7, /* Low 32bit of st_size */ + CFS_INODE_FLAGS_HIGH_SIZE =3D 1 << 8, /* High 32bit of st_size */ + CFS_INODE_FLAGS_XATTRS =3D 1 << 9, + CFS_INODE_FLAGS_DIGEST =3D 1 << 10, /* fs-verity sha256 digest */ + CFS_INODE_FLAGS_DIGEST_FROM_PAYLOAD =3D 1 << 11, /* Compute digest from p= ayload */ +}; + +#define CFS_INODE_FLAG_CHECK(_flag, _name) = \ + (((_flag) & (CFS_INODE_FLAGS_##_name)) !=3D 0) +#define CFS_INODE_FLAG_CHECK_SIZE(_flag, _name, _size) = \ + (CFS_INODE_FLAG_CHECK(_flag, _name) ? (_size) : 0) + +#define CFS_INODE_DEFAULT_MODE 0100644 +#define CFS_INODE_DEFAULT_NLINK 1 +#define CFS_INODE_DEFAULT_NLINK_DIR 2 +#define CFS_INODE_DEFAULT_UIDGID 0 +#define CFS_INODE_DEFAULT_RDEV 0 +#define CFS_INODE_DEFAULT_TIMES 0 + +struct cfs_inode_s { + u32 flags; + + /* Optional data: (selected by flags) */ + + /* This is the size of the type specific data that comes directly after + * the inode in the file. Of this type: + * + * directory: cfs_dir_s + * regular file: the backing filename + * symlink: the target link + * + * Canonically payload_length is 0 for empty dir/file/symlink. + */ + u32 payload_length; + + u32 st_mode; /* File type and mode. */ + u32 st_nlink; /* Number of hard links, only for regular files. */ + u32 st_uid; /* User ID of owner. */ + u32 st_gid; /* Group ID of owner. */ + u32 st_rdev; /* Device ID (if special file). */ + u64 st_size; /* Size of file, only used for regular files */ + + struct cfs_vdata_s xattrs; /* ref to variable data */ + + u8 digest[SHA256_DIGEST_SIZE]; /* fs-verity digest */ + + struct timespec64 st_mtim; /* Time of last modification. */ + struct timespec64 st_ctim; /* Time of last status change. */ +}; + +static inline u32 cfs_inode_encoded_size(u32 flags) +{ + return sizeof(u32) /* flags */ + + CFS_INODE_FLAG_CHECK_SIZE(flags, PAYLOAD, sizeof(u32)) + + CFS_INODE_FLAG_CHECK_SIZE(flags, MODE, sizeof(u32)) + + CFS_INODE_FLAG_CHECK_SIZE(flags, NLINK, sizeof(u32)) + + CFS_INODE_FLAG_CHECK_SIZE(flags, UIDGID, sizeof(u32) + sizeof(u32)= ) + + CFS_INODE_FLAG_CHECK_SIZE(flags, RDEV, sizeof(u32)) + + CFS_INODE_FLAG_CHECK_SIZE(flags, TIMES, sizeof(u64) * 2) + + CFS_INODE_FLAG_CHECK_SIZE(flags, TIMES_NSEC, sizeof(u32) * 2) + + CFS_INODE_FLAG_CHECK_SIZE(flags, LOW_SIZE, sizeof(u32)) + + CFS_INODE_FLAG_CHECK_SIZE(flags, HIGH_SIZE, sizeof(u32)) + + CFS_INODE_FLAG_CHECK_SIZE(flags, XATTRS, sizeof(u64) + sizeof(u32)= ) + + CFS_INODE_FLAG_CHECK_SIZE(flags, DIGEST, SHA256_DIGEST_SIZE); +} + +struct cfs_dentry_s { + /* Index of struct cfs_inode_s */ + u64 inode_index; + u8 d_type; + u8 name_len; + u16 name_offset; +} __packed; + +struct cfs_dir_chunk_s { + u16 n_dentries; + u16 chunk_size; + u64 chunk_offset; +} __packed; + +struct cfs_dir_s { + u32 n_chunks; + struct cfs_dir_chunk_s chunks[]; +} __packed; + +#define cfs_dir_size(_n_chunks) = \ + (sizeof(struct cfs_dir_s) + (_n_chunks) * sizeof(struct cfs_dir_chunk_s)) + +/* xattr representation. */ +struct cfs_xattr_element_s { + u16 key_length; + u16 value_length; +} __packed; + +struct cfs_xattr_header_s { + u16 n_attr; + struct cfs_xattr_element_s attr[0]; +} __packed; + +#define cfs_xattr_header_size(_n_element) = \ + (sizeof(struct cfs_xattr_header_s) + \ + (_n_element) * sizeof(struct cfs_xattr_element_s)) + +#endif --=20 2.39.0 From nobody Mon Sep 15 06:20:52 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 29A47C61DB3 for ; Fri, 13 Jan 2023 15:46:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230261AbjAMPql (ORCPT ); Fri, 13 Jan 2023 10:46:41 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33908 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229690AbjAMPpd (ORCPT ); Fri, 13 Jan 2023 10:45:33 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 243DD88A06 for ; Fri, 13 Jan 2023 07:35:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1673624115; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=63yRlw50QwAg2S+oO0WXVS3FMVLfMSO7UiCDHBCNZAc=; b=Y4QrIqhSEkn8uBdQjQbtBforA8/Aaos5Bdj1olCLUHAzKVAJ6wXcvRq8CCT6wvVLEwmTkU Oq6hvYfcofrKJ1n3cwRCzGs2wunCO4A+rfMHKMXoemQaiUQVwYBzs9hWkbxoa7XPTs3+zO EMCV5rJqysrh8vwP2t9teTEww61pf9I= Received: from mail-lf1-f70.google.com (mail-lf1-f70.google.com [209.85.167.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-19-gfs_Nj-lPzSfRP83OM9Xgg-1; Fri, 13 Jan 2023 10:35:13 -0500 X-MC-Unique: gfs_Nj-lPzSfRP83OM9Xgg-1 Received: by mail-lf1-f70.google.com with SMTP id u5-20020a056512040500b004d22bdce2c6so415996lfk.7 for ; Fri, 13 Jan 2023 07:35:13 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=63yRlw50QwAg2S+oO0WXVS3FMVLfMSO7UiCDHBCNZAc=; b=7P+M4KA4flz7pyQgtbWKtyIz9CSR9HPrISSYtp9b0+A3cXoZf23zaRmuBx0Dx4wmnq gZl+B5NPE9FLhfNt+2xbvGXv3HumGMXkvLMV2MsPz3LCsJHneuvvBn6T4yVDLgZVtMI6 TJQ/zw+JQoOfeXfNg5OoYqTbTEL73JcypwLR+t7RqNKdeSXfIo52SEh75mSONEKLHNxQ xM3K9UuQyHnMTy/QKZN3nAvimJ7BfbNV+qtUlVzPmp4YwPkQyW3QSYd2rCUeo+imB4zl yHYzVdCt843VS9Q4jxfhYiDjekC1zOsvwoCFbirBEDQQBWKPUvReGK+V1kIhJwBoQOZT Wxdg== X-Gm-Message-State: AFqh2koUVfQkRexEsu4E4yzL6BOzYqATdS3LdSzA21iLZ/TXuDtLgtB5 lnr04ZtR88wASzRc8POLiMO2p8GTkMgSECNWwnEPN+NgUVpRW+v3uheD1qoKliG2YLiQoKb0F3Y T7tPm9DOJqZ2Tw+Efa53udtkK X-Received: by 2002:a2e:a54d:0:b0:27f:c95e:7619 with SMTP id e13-20020a2ea54d000000b0027fc95e7619mr20724622ljn.13.1673624112145; Fri, 13 Jan 2023 07:35:12 -0800 (PST) X-Google-Smtp-Source: AMrXdXudRDOPCmu+bUNP6oPfCRhyg4b2ii5E1oqUtuNksLKb6lFaGB3utyCHzSPL4moOLJSEZfHZfA== X-Received: by 2002:a2e:a54d:0:b0:27f:c95e:7619 with SMTP id e13-20020a2ea54d000000b0027fc95e7619mr20724611ljn.13.1673624111861; Fri, 13 Jan 2023 07:35:11 -0800 (PST) Received: from localhost.localdomain (c-e6a5e255.022-110-73746f36.bbcust.telenor.se. [85.226.165.230]) by smtp.googlemail.com with ESMTPSA id p20-20020a2e9a94000000b00289bb528b8dsm725473lji.49.2023.01.13.07.35.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Jan 2023 07:35:11 -0800 (PST) From: Alexander Larsson To: linux-fsdevel@vger.kernel.org Cc: linux-kernel@vger.kernel.org, gscrivan@redhat.com, Alexander Larsson Subject: [PATCH v2 3/6] composefs: Add descriptor parsing code Date: Fri, 13 Jan 2023 16:33:56 +0100 Message-Id: X-Mailer: git-send-email 2.39.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" This adds the code to load and decode the filesystem descriptor file format. Signed-off-by: Alexander Larsson Co-developed-by: Giuseppe Scrivano Signed-off-by: Giuseppe Scrivano --- fs/composefs/cfs-internals.h | 63 +++ fs/composefs/cfs-reader.c | 927 +++++++++++++++++++++++++++++++++++ 2 files changed, 990 insertions(+) create mode 100644 fs/composefs/cfs-internals.h create mode 100644 fs/composefs/cfs-reader.c diff --git a/fs/composefs/cfs-internals.h b/fs/composefs/cfs-internals.h new file mode 100644 index 000000000000..007f40a95e51 --- /dev/null +++ b/fs/composefs/cfs-internals.h @@ -0,0 +1,63 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _CFS_INTERNALS_H +#define _CFS_INTERNALS_H + +#include "cfs.h" + +#define EFSCORRUPTED EUCLEAN /* Filesystem is corrupted */ + +#define CFS_N_PRELOAD_DIR_CHUNKS 4 + +struct cfs_inode_data_s { + u32 payload_length; + char *path_payload; /* Real pathname for files, target for symlinks */ + u32 n_dir_chunks; + struct cfs_dir_chunk_s preloaded_dir_chunks[CFS_N_PRELOAD_DIR_CHUNKS]; + + u64 xattrs_offset; + u32 xattrs_len; + + bool has_digest; + u8 digest[SHA256_DIGEST_SIZE]; /* fs-verity digest */ +}; + +struct cfs_context_s { + struct cfs_header_s header; + struct file *descriptor; + + u64 descriptor_len; +}; + +int cfs_init_ctx(const char *descriptor_path, const u8 *required_digest, + struct cfs_context_s *ctx); + +void cfs_ctx_put(struct cfs_context_s *ctx); + +void cfs_inode_data_put(struct cfs_inode_data_s *inode_data); + +struct cfs_inode_s *cfs_get_root_ino(struct cfs_context_s *ctx, + struct cfs_inode_s *ino_buf, u64 *index); + +struct cfs_inode_s *cfs_get_ino_index(struct cfs_context_s *ctx, u64 index, + struct cfs_inode_s *buffer); + +int cfs_init_inode_data(struct cfs_context_s *ctx, struct cfs_inode_s *ino, + u64 index, struct cfs_inode_data_s *data); + +ssize_t cfs_list_xattrs(struct cfs_context_s *ctx, struct cfs_inode_data_s= *inode_data, + char *names, size_t size); +int cfs_get_xattr(struct cfs_context_s *ctx, struct cfs_inode_data_s *inod= e_data, + const char *name, void *value, size_t size); + +typedef bool (*cfs_dir_iter_cb)(void *private, const char *name, int namel= en, + u64 ino, unsigned int dtype); + +int cfs_dir_iterate(struct cfs_context_s *ctx, u64 index, + struct cfs_inode_data_s *inode_data, loff_t first, + cfs_dir_iter_cb cb, void *private); + +int cfs_dir_lookup(struct cfs_context_s *ctx, u64 index, + struct cfs_inode_data_s *inode_data, const char *name, + size_t name_len, u64 *index_out); + +#endif diff --git a/fs/composefs/cfs-reader.c b/fs/composefs/cfs-reader.c new file mode 100644 index 000000000000..e68bfd0fca98 --- /dev/null +++ b/fs/composefs/cfs-reader.c @@ -0,0 +1,927 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * composefs + * + * Copyright (C) 2021 Giuseppe Scrivano + * Copyright (C) 2022 Alexander Larsson + * + * This file is released under the GPL. + */ + +#include "cfs-internals.h" + +#include +#include +#include +#include + +struct cfs_buf { + struct page *page; + void *base; +}; + +static void cfs_buf_put(struct cfs_buf *buf) +{ + if (buf->page) { + if (buf->base) + kunmap_local(buf->base); + put_page(buf->page); + buf->base =3D NULL; + buf->page =3D NULL; + } +} + +static void *cfs_get_buf(struct cfs_context_s *ctx, u64 offset, u32 size, + struct cfs_buf *buf) +{ + struct inode *inode =3D ctx->descriptor->f_inode; + struct address_space *const mapping =3D inode->i_mapping; + u32 page_offset =3D offset & (PAGE_SIZE - 1); + u64 index =3D offset >> PAGE_SHIFT; + struct page *page =3D buf->page; + + if (offset > ctx->descriptor_len) + return ERR_PTR(-EFSCORRUPTED); + + if ((offset + size < offset) || (offset + size > ctx->descriptor_len)) + return ERR_PTR(-EFSCORRUPTED); + + if (size > PAGE_SIZE) + return ERR_PTR(-EINVAL); + + if (PAGE_SIZE - page_offset < size) + return ERR_PTR(-EINVAL); + + if (!page || page->index !=3D index) { + cfs_buf_put(buf); + + page =3D read_cache_page(mapping, index, NULL, NULL); + if (IS_ERR(page)) + return page; + + buf->page =3D page; + buf->base =3D kmap_local_page(page); + } + + return buf->base + page_offset; +} + +static void *cfs_read_data(struct cfs_context_s *ctx, u64 offset, u64 size= , u8 *dest) +{ + loff_t pos =3D offset; + size_t copied; + + if (offset > ctx->descriptor_len) + return ERR_PTR(-EFSCORRUPTED); + + if ((offset + size < offset) || (offset + size > ctx->descriptor_len)) + return ERR_PTR(-EFSCORRUPTED); + + copied =3D 0; + while (copied < size) { + ssize_t bytes; + + bytes =3D kernel_read(ctx->descriptor, dest + copied, + size - copied, &pos); + if (bytes < 0) + return ERR_PTR(bytes); + if (bytes =3D=3D 0) + return ERR_PTR(-EINVAL); + + copied +=3D bytes; + } + + if (copied !=3D size) + return ERR_PTR(-EFSCORRUPTED); + return dest; +} + +int cfs_init_ctx(const char *descriptor_path, const u8 *required_digest, + struct cfs_context_s *ctx_out) +{ + u8 verity_digest[FS_VERITY_MAX_DIGEST_SIZE]; + struct cfs_header_s *header; + enum hash_algo verity_algo; + struct cfs_context_s ctx; + struct file *descriptor; + loff_t i_size; + int res; + + descriptor =3D filp_open(descriptor_path, O_RDONLY, 0); + if (IS_ERR(descriptor)) + return PTR_ERR(descriptor); + + if (required_digest) { + res =3D fsverity_get_digest(d_inode(descriptor->f_path.dentry), + verity_digest, &verity_algo); + if (res < 0) { + pr_err("ERROR: composefs descriptor has no fs-verity digest\n"); + goto fail; + } + if (verity_algo !=3D HASH_ALGO_SHA256 || + memcmp(required_digest, verity_digest, SHA256_DIGEST_SIZE) !=3D 0) { + pr_err("ERROR: composefs descriptor has wrong fs-verity digest\n"); + res =3D -EINVAL; + goto fail; + } + } + + i_size =3D i_size_read(file_inode(descriptor)); + if (i_size <=3D (sizeof(struct cfs_header_s) + sizeof(struct cfs_inode_s)= )) { + res =3D -EINVAL; + goto fail; + } + + /* Need this temporary ctx for cfs_read_data() */ + ctx.descriptor =3D descriptor; + ctx.descriptor_len =3D i_size; + + header =3D cfs_read_data(&ctx, 0, sizeof(struct cfs_header_s), + (u8 *)&ctx.header); + if (IS_ERR(header)) { + res =3D PTR_ERR(header); + goto fail; + } + header->magic =3D le32_to_cpu(header->magic); + header->data_offset =3D le64_to_cpu(header->data_offset); + header->root_inode =3D le64_to_cpu(header->root_inode); + + if (header->magic !=3D CFS_MAGIC || header->data_offset > ctx.descriptor_= len || + sizeof(struct cfs_header_s) + header->root_inode > ctx.descriptor_len= ) { + res =3D -EINVAL; + goto fail; + } + + *ctx_out =3D ctx; + return 0; + +fail: + fput(descriptor); + return res; +} + +void cfs_ctx_put(struct cfs_context_s *ctx) +{ + if (ctx->descriptor) { + fput(ctx->descriptor); + ctx->descriptor =3D NULL; + } +} + +static void *cfs_get_inode_data(struct cfs_context_s *ctx, u64 offset, u64= size, + u8 *dest) +{ + return cfs_read_data(ctx, offset + sizeof(struct cfs_header_s), size, des= t); +} + +static void *cfs_get_inode_data_max(struct cfs_context_s *ctx, u64 offset, + u64 max_size, u64 *read_size, u8 *dest) +{ + u64 remaining =3D ctx->descriptor_len - sizeof(struct cfs_header_s); + u64 size; + + if (offset > remaining) + return ERR_PTR(-EINVAL); + remaining -=3D offset; + + /* Read at most remaining bytes, and no more than max_size */ + size =3D min(remaining, max_size); + *read_size =3D size; + + return cfs_get_inode_data(ctx, offset, size, dest); +} + +static void *cfs_get_inode_payload_w_len(struct cfs_context_s *ctx, + u32 payload_length, u64 index, + u8 *dest, u64 offset, size_t len) +{ + /* Payload is stored before the inode, check it fits */ + if (payload_length > index) + return ERR_PTR(-EINVAL); + + if (offset > payload_length) + return ERR_PTR(-EINVAL); + + if (offset + len > payload_length) + return ERR_PTR(-EINVAL); + + return cfs_get_inode_data(ctx, index - payload_length + offset, len, dest= ); +} + +static void *cfs_get_inode_payload(struct cfs_context_s *ctx, + struct cfs_inode_s *ino, u64 index, u8 *dest) +{ + return cfs_get_inode_payload_w_len(ctx, ino->payload_length, index, + dest, 0, ino->payload_length); +} + +static void *cfs_get_vdata_buf(struct cfs_context_s *ctx, u64 offset, u32 = len, + struct cfs_buf *buf) +{ + if (offset > ctx->descriptor_len - ctx->header.data_offset) + return ERR_PTR(-EINVAL); + + if (len > ctx->descriptor_len - ctx->header.data_offset - offset) + return ERR_PTR(-EINVAL); + + return cfs_get_buf(ctx, ctx->header.data_offset + offset, len, buf); +} + +static u32 cfs_read_u32(u8 **data) +{ + u32 v =3D le32_to_cpu(__get_unaligned_cpu32(*data)); + *data +=3D sizeof(u32); + return v; +} + +static u64 cfs_read_u64(u8 **data) +{ + u64 v =3D le64_to_cpu(__get_unaligned_cpu64(*data)); + *data +=3D sizeof(u64); + return v; +} + +struct cfs_inode_s *cfs_get_ino_index(struct cfs_context_s *ctx, u64 index, + struct cfs_inode_s *ino) +{ + /* Buffer that fits the maximal encoded size: */ + u8 buffer[sizeof(struct cfs_inode_s)]; + u64 offset =3D index; + u64 inode_size; + u64 read_size; + u8 *data; + + data =3D cfs_get_inode_data_max(ctx, offset, sizeof(buffer), &read_size, = buffer); + if (IS_ERR(data)) + return ERR_CAST(data); + + /* Need to fit at least flags to decode */ + if (read_size < sizeof(u32)) + return ERR_PTR(-EFSCORRUPTED); + + memset(ino, 0, sizeof(*ino)); + ino->flags =3D cfs_read_u32(&data); + + inode_size =3D cfs_inode_encoded_size(ino->flags); + /* Shouldn't happen, but let's check */ + if (inode_size > sizeof(buffer)) + return ERR_PTR(-EFSCORRUPTED); + + if (CFS_INODE_FLAG_CHECK(ino->flags, PAYLOAD)) + ino->payload_length =3D cfs_read_u32(&data); + else + ino->payload_length =3D 0; + + if (CFS_INODE_FLAG_CHECK(ino->flags, MODE)) + ino->st_mode =3D cfs_read_u32(&data); + else + ino->st_mode =3D CFS_INODE_DEFAULT_MODE; + + if (CFS_INODE_FLAG_CHECK(ino->flags, NLINK)) { + ino->st_nlink =3D cfs_read_u32(&data); + } else { + if ((ino->st_mode & S_IFMT) =3D=3D S_IFDIR) + ino->st_nlink =3D CFS_INODE_DEFAULT_NLINK_DIR; + else + ino->st_nlink =3D CFS_INODE_DEFAULT_NLINK; + } + + if (CFS_INODE_FLAG_CHECK(ino->flags, UIDGID)) { + ino->st_uid =3D cfs_read_u32(&data); + ino->st_gid =3D cfs_read_u32(&data); + } else { + ino->st_uid =3D CFS_INODE_DEFAULT_UIDGID; + ino->st_gid =3D CFS_INODE_DEFAULT_UIDGID; + } + + if (CFS_INODE_FLAG_CHECK(ino->flags, RDEV)) + ino->st_rdev =3D cfs_read_u32(&data); + else + ino->st_rdev =3D CFS_INODE_DEFAULT_RDEV; + + if (CFS_INODE_FLAG_CHECK(ino->flags, TIMES)) { + ino->st_mtim.tv_sec =3D cfs_read_u64(&data); + ino->st_ctim.tv_sec =3D cfs_read_u64(&data); + } else { + ino->st_mtim.tv_sec =3D CFS_INODE_DEFAULT_TIMES; + ino->st_ctim.tv_sec =3D CFS_INODE_DEFAULT_TIMES; + } + + if (CFS_INODE_FLAG_CHECK(ino->flags, TIMES_NSEC)) { + ino->st_mtim.tv_nsec =3D cfs_read_u32(&data); + ino->st_ctim.tv_nsec =3D cfs_read_u32(&data); + } else { + ino->st_mtim.tv_nsec =3D 0; + ino->st_ctim.tv_nsec =3D 0; + } + + if (CFS_INODE_FLAG_CHECK(ino->flags, LOW_SIZE)) + ino->st_size =3D cfs_read_u32(&data); + else + ino->st_size =3D 0; + + if (CFS_INODE_FLAG_CHECK(ino->flags, HIGH_SIZE)) + ino->st_size +=3D (u64)cfs_read_u32(&data) << 32; + + if (CFS_INODE_FLAG_CHECK(ino->flags, XATTRS)) { + ino->xattrs.off =3D cfs_read_u64(&data); + ino->xattrs.len =3D cfs_read_u32(&data); + } else { + ino->xattrs.off =3D 0; + ino->xattrs.len =3D 0; + } + + if (CFS_INODE_FLAG_CHECK(ino->flags, DIGEST)) { + memcpy(ino->digest, data, SHA256_DIGEST_SIZE); + data +=3D 32; + } + + return ino; +} + +struct cfs_inode_s *cfs_get_root_ino(struct cfs_context_s *ctx, + struct cfs_inode_s *ino_buf, u64 *index) +{ + u64 root_ino =3D ctx->header.root_inode; + + *index =3D root_ino; + return cfs_get_ino_index(ctx, root_ino, ino_buf); +} + +static int cfs_get_digest(struct cfs_context_s *ctx, struct cfs_inode_s *i= no, + const char *payload, u8 digest_out[SHA256_DIGEST_SIZE]) +{ + int r; + + if (CFS_INODE_FLAG_CHECK(ino->flags, DIGEST)) { + memcpy(digest_out, ino->digest, SHA256_DIGEST_SIZE); + return 1; + } + + if (payload && CFS_INODE_FLAG_CHECK(ino->flags, DIGEST_FROM_PAYLOAD)) { + r =3D cfs_digest_from_payload(payload, ino->payload_length, digest_out); + if (r < 0) + return r; + return 1; + } + + return 0; +} + +static bool cfs_validate_filename(const char *name, size_t name_len) +{ + if (name_len =3D=3D 0) + return false; + + if (name_len =3D=3D 1 && name[0] =3D=3D '.') + return false; + + if (name_len =3D=3D 2 && name[0] =3D=3D '.' && name[1] =3D=3D '.') + return false; + + if (memchr(name, '/', name_len)) + return false; + + return true; +} + +static struct cfs_dir_s *cfs_dir_read_chunk_header(struct cfs_context_s *c= tx, + size_t payload_length, + u64 index, u8 *chunk_buf, + size_t chunk_buf_size, + size_t max_n_chunks) +{ + struct cfs_dir_s *dir; + size_t n_chunks; + + /* Payload and buffer should be large enough to fit the n_chunks */ + if (payload_length < sizeof(struct cfs_dir_s) || + chunk_buf_size < sizeof(struct cfs_dir_s)) + return ERR_PTR(-EFSCORRUPTED); + + /* Make sure we fit max_n_chunks in buffer before reading it */ + if (chunk_buf_size < cfs_dir_size(max_n_chunks)) + return ERR_PTR(-EINVAL); + + dir =3D cfs_get_inode_payload_w_len(ctx, payload_length, index, chunk_buf, + 0, min(chunk_buf_size, payload_length)); + if (IS_ERR(dir)) + return ERR_CAST(dir); + + n_chunks =3D le32_to_cpu(dir->n_chunks); + dir->n_chunks =3D n_chunks; + + /* Don't support n_chunks =3D=3D 0, the canonical version of that is payl= oad_length =3D=3D 0 */ + if (n_chunks =3D=3D 0) + return ERR_PTR(-EFSCORRUPTED); + + if (payload_length !=3D cfs_dir_size(n_chunks)) + return ERR_PTR(-EFSCORRUPTED); + + max_n_chunks =3D min(n_chunks, max_n_chunks); + + /* Verify data (up to max_n_chunks) */ + for (size_t i =3D 0; i < max_n_chunks; i++) { + struct cfs_dir_chunk_s *chunk =3D &dir->chunks[i]; + + chunk->n_dentries =3D le16_to_cpu(chunk->n_dentries); + chunk->chunk_size =3D le16_to_cpu(chunk->chunk_size); + chunk->chunk_offset =3D le64_to_cpu(chunk->chunk_offset); + + if (chunk->chunk_size < sizeof(struct cfs_dentry_s) * chunk->n_dentries) + return ERR_PTR(-EFSCORRUPTED); + + if (chunk->chunk_size > CFS_MAX_DIR_CHUNK_SIZE) + return ERR_PTR(-EFSCORRUPTED); + + if (chunk->n_dentries =3D=3D 0) + return ERR_PTR(-EFSCORRUPTED); + + if (chunk->chunk_size =3D=3D 0) + return ERR_PTR(-EFSCORRUPTED); + + if (chunk->chunk_offset > ctx->descriptor_len - ctx->header.data_offset) + return ERR_PTR(-EFSCORRUPTED); + } + + return dir; +} + +static char *cfs_dup_payload_path(struct cfs_context_s *ctx, + struct cfs_inode_s *ino, u64 index) +{ + const char *v; + u8 *path; + + if ((ino->st_mode & S_IFMT) !=3D S_IFREG && (ino->st_mode & S_IFMT) !=3D = S_IFLNK) + return ERR_PTR(-EINVAL); + + if (ino->payload_length =3D=3D 0 || ino->payload_length > PATH_MAX) + return ERR_PTR(-EFSCORRUPTED); + + path =3D kmalloc(ino->payload_length + 1, GFP_KERNEL); + if (!path) + return ERR_PTR(-ENOMEM); + + v =3D cfs_get_inode_payload(ctx, ino, index, path); + if (IS_ERR(v)) { + kfree(path); + return ERR_CAST(v); + } + + /* zero terminate */ + path[ino->payload_length] =3D 0; + + return (char *)path; +} + +int cfs_init_inode_data(struct cfs_context_s *ctx, struct cfs_inode_s *ino, + u64 index, struct cfs_inode_data_s *inode_data) +{ + u8 buf[cfs_dir_size(CFS_N_PRELOAD_DIR_CHUNKS)]; + char *path_payload =3D NULL; + struct cfs_dir_s *dir; + int ret =3D 0; + + inode_data->payload_length =3D ino->payload_length; + + if ((ino->st_mode & S_IFMT) !=3D S_IFDIR || ino->payload_length =3D=3D 0)= { + inode_data->n_dir_chunks =3D 0; + } else { + u32 n_chunks; + + dir =3D cfs_dir_read_chunk_header(ctx, ino->payload_length, index, + buf, sizeof(buf), + CFS_N_PRELOAD_DIR_CHUNKS); + if (IS_ERR(dir)) + return PTR_ERR(dir); + + n_chunks =3D dir->n_chunks; + inode_data->n_dir_chunks =3D n_chunks; + + for (size_t i =3D 0; i < n_chunks && i < CFS_N_PRELOAD_DIR_CHUNKS; i++) + inode_data->preloaded_dir_chunks[i] =3D dir->chunks[i]; + } + + if ((ino->st_mode & S_IFMT) =3D=3D S_IFLNK || + ((ino->st_mode & S_IFMT) =3D=3D S_IFREG && ino->payload_length > 0)) { + path_payload =3D cfs_dup_payload_path(ctx, ino, index); + if (IS_ERR(path_payload)) { + ret =3D PTR_ERR(path_payload); + goto fail; + } + } + inode_data->path_payload =3D path_payload; + + ret =3D cfs_get_digest(ctx, ino, path_payload, inode_data->digest); + if (ret < 0) + goto fail; + + inode_data->has_digest =3D ret !=3D 0; + + inode_data->xattrs_offset =3D ino->xattrs.off; + inode_data->xattrs_len =3D ino->xattrs.len; + + if (inode_data->xattrs_len !=3D 0) { + /* Validate xattr size */ + if (inode_data->xattrs_len < sizeof(struct cfs_xattr_header_s) || + inode_data->xattrs_len > CFS_MAX_XATTRS_SIZE) { + ret =3D -EFSCORRUPTED; + goto fail; + } + } + + return 0; + +fail: + cfs_inode_data_put(inode_data); + return ret; +} + +void cfs_inode_data_put(struct cfs_inode_data_s *inode_data) +{ + inode_data->n_dir_chunks =3D 0; + kfree(inode_data->path_payload); + inode_data->path_payload =3D NULL; +} + +ssize_t cfs_list_xattrs(struct cfs_context_s *ctx, + struct cfs_inode_data_s *inode_data, char *names, size_t size) +{ + const struct cfs_xattr_header_s *xattrs; + struct cfs_buf vdata_buf =3D { NULL }; + size_t n_xattrs =3D 0; + u8 *data, *data_end; + ssize_t copied =3D 0; + + if (inode_data->xattrs_len =3D=3D 0) + return 0; + + /* xattrs_len basic size req was verified in cfs_init_inode_data */ + + xattrs =3D cfs_get_vdata_buf(ctx, inode_data->xattrs_offset, + inode_data->xattrs_len, &vdata_buf); + if (IS_ERR(xattrs)) + return PTR_ERR(xattrs); + + n_xattrs =3D le16_to_cpu(xattrs->n_attr); + + /* Verify that array fits */ + if (inode_data->xattrs_len < cfs_xattr_header_size(n_xattrs)) { + copied =3D -EFSCORRUPTED; + goto exit; + } + + data =3D ((u8 *)xattrs) + cfs_xattr_header_size(n_xattrs); + data_end =3D ((u8 *)xattrs) + inode_data->xattrs_len; + + for (size_t i =3D 0; i < n_xattrs; i++) { + const struct cfs_xattr_element_s *e =3D &xattrs->attr[i]; + u16 this_value_len =3D le16_to_cpu(e->value_length); + u16 this_key_len =3D le16_to_cpu(e->key_length); + const char *this_key; + + if (this_key_len > XATTR_NAME_MAX || + /* key and data needs to fit in data */ + data_end - data < this_key_len + this_value_len) { + copied =3D -EFSCORRUPTED; + goto exit; + } + + this_key =3D data; + data +=3D this_key_len + this_value_len; + + if (size) { + if (size - copied < this_key_len + 1) { + copied =3D -E2BIG; + goto exit; + } + + memcpy(names + copied, this_key, this_key_len); + names[copied + this_key_len] =3D '\0'; + } + + copied +=3D this_key_len + 1; + } + +exit: + cfs_buf_put(&vdata_buf); + + return copied; +} + +int cfs_get_xattr(struct cfs_context_s *ctx, struct cfs_inode_data_s *inod= e_data, + const char *name, void *value, size_t size) +{ + struct cfs_xattr_header_s *xattrs; + struct cfs_buf vdata_buf =3D { NULL }; + size_t name_len =3D strlen(name); + size_t n_xattrs =3D 0; + u8 *data, *data_end; + int res; + + if (inode_data->xattrs_len =3D=3D 0) + return -ENODATA; + + /* xattrs_len basic size req was verified in cfs_init_inode_data */ + + xattrs =3D cfs_get_vdata_buf(ctx, inode_data->xattrs_offset, + inode_data->xattrs_len, &vdata_buf); + if (IS_ERR(xattrs)) + return PTR_ERR(xattrs); + + n_xattrs =3D le16_to_cpu(xattrs->n_attr); + + /* Verify that array fits */ + if (inode_data->xattrs_len < cfs_xattr_header_size(n_xattrs)) { + res =3D -EFSCORRUPTED; + goto exit; + } + + data =3D ((u8 *)xattrs) + cfs_xattr_header_size(n_xattrs); + data_end =3D ((u8 *)xattrs) + inode_data->xattrs_len; + + for (size_t i =3D 0; i < n_xattrs; i++) { + const struct cfs_xattr_element_s *e =3D &xattrs->attr[i]; + u16 this_value_len =3D le16_to_cpu(e->value_length); + u16 this_key_len =3D le16_to_cpu(e->key_length); + const char *this_key, *this_value; + + if (this_key_len > XATTR_NAME_MAX || + /* key and data needs to fit in data */ + data_end - data < this_key_len + this_value_len) { + res =3D -EFSCORRUPTED; + goto exit; + } + + this_key =3D data; + this_value =3D data + this_key_len; + data +=3D this_key_len + this_value_len; + + if (this_key_len !=3D name_len || memcmp(this_key, name, name_len) !=3D = 0) + continue; + + if (size > 0) { + if (size < this_value_len) { + res =3D -E2BIG; + goto exit; + } + memcpy(value, this_value, this_value_len); + } + + res =3D this_value_len; + goto exit; + } + + res =3D -ENODATA; + +exit: + return res; +} + +static struct cfs_dir_s * +cfs_dir_read_chunk_header_alloc(struct cfs_context_s *ctx, u64 index, + struct cfs_inode_data_s *inode_data) +{ + size_t chunk_buf_size =3D cfs_dir_size(inode_data->n_dir_chunks); + struct cfs_dir_s *dir; + u8 *chunk_buf; + + chunk_buf =3D kmalloc(chunk_buf_size, GFP_KERNEL); + if (!chunk_buf) + return ERR_PTR(-ENOMEM); + + dir =3D cfs_dir_read_chunk_header(ctx, inode_data->payload_length, index, + chunk_buf, chunk_buf_size, + inode_data->n_dir_chunks); + if (IS_ERR(dir)) { + kfree(chunk_buf); + return ERR_CAST(dir); + } + + return dir; +} + +static struct cfs_dir_chunk_s * +cfs_dir_get_chunk_info(struct cfs_context_s *ctx, u64 index, + struct cfs_inode_data_s *inode_data, void **chunks_buf) +{ + struct cfs_dir_s *full_dir; + + if (inode_data->n_dir_chunks <=3D CFS_N_PRELOAD_DIR_CHUNKS) { + *chunks_buf =3D NULL; + return inode_data->preloaded_dir_chunks; + } + + full_dir =3D cfs_dir_read_chunk_header_alloc(ctx, index, inode_data); + if (IS_ERR(full_dir)) + return ERR_CAST(full_dir); + + *chunks_buf =3D full_dir; + return full_dir->chunks; +} + +static inline int memcmp2(const void *a, const size_t a_size, const void *= b, + size_t b_size) +{ + size_t common_size =3D min(a_size, b_size); + int res; + + res =3D memcmp(a, b, common_size); + if (res !=3D 0 || a_size =3D=3D b_size) + return res; + + return a_size < b_size ? -1 : 1; +} + +int cfs_dir_iterate(struct cfs_context_s *ctx, u64 index, + struct cfs_inode_data_s *inode_data, loff_t first, + cfs_dir_iter_cb cb, void *private) +{ + struct cfs_buf vdata_buf =3D { NULL }; + struct cfs_dir_chunk_s *chunks; + struct cfs_dentry_s *dentries; + char *namedata, *namedata_end; + void *chunks_buf; + size_t n_chunks; + loff_t pos; + int res; + + n_chunks =3D inode_data->n_dir_chunks; + if (n_chunks =3D=3D 0) + return 0; + + chunks =3D cfs_dir_get_chunk_info(ctx, index, inode_data, &chunks_buf); + if (IS_ERR(chunks)) + return PTR_ERR(chunks); + + pos =3D 0; + for (size_t i =3D 0; i < n_chunks; i++) { + /* Chunks info are verified/converted in cfs_dir_read_chunk_header */ + u64 chunk_offset =3D chunks[i].chunk_offset; + size_t chunk_size =3D chunks[i].chunk_size; + size_t n_dentries =3D chunks[i].n_dentries; + + /* Do we need to look at this chunk */ + if (first >=3D pos + n_dentries) { + pos +=3D n_dentries; + continue; + } + + /* Read chunk dentries from page cache */ + dentries =3D cfs_get_vdata_buf(ctx, chunk_offset, chunk_size, + &vdata_buf); + if (IS_ERR(dentries)) { + res =3D PTR_ERR(dentries); + goto exit; + } + + namedata =3D ((char *)dentries) + + sizeof(struct cfs_dentry_s) * n_dentries; + namedata_end =3D ((char *)dentries) + chunk_size; + + for (size_t j =3D 0; j < n_dentries; j++) { + struct cfs_dentry_s *dentry =3D &dentries[j]; + size_t dentry_name_len =3D dentry->name_len; + char *dentry_name =3D (char *)namedata + dentry->name_offset; + + /* name needs to fit in namedata */ + if (dentry_name >=3D namedata_end || + namedata_end - dentry_name < dentry_name_len) { + res =3D -EFSCORRUPTED; + goto exit; + } + + if (!cfs_validate_filename(dentry_name, dentry_name_len)) { + res =3D -EFSCORRUPTED; + goto exit; + } + + if (pos++ < first) + continue; + + if (!cb(private, dentry_name, dentry_name_len, + le64_to_cpu(dentry->inode_index), dentry->d_type)) { + res =3D 0; + goto exit; + } + } + } + + res =3D 0; +exit: + kfree(chunks_buf); + cfs_buf_put(&vdata_buf); + return res; +} + +#define BEFORE_CHUNK 1 +#define AFTER_CHUNK 2 +// -1 =3D> error, 0 =3D=3D hit, 1 =3D=3D name is before chunk, 2 =3D=3D na= me is after chunk +static int cfs_dir_lookup_in_chunk(const char *name, size_t name_len, + struct cfs_dentry_s *dentries, + size_t n_dentries, char *namedata, + char *namedata_end, u64 *index_out) +{ + int start_dentry, end_dentry; + int cmp; + + // This should not happen in a valid fs, and if it does we don't know if + // the name is before or after the chunk. + if (n_dentries =3D=3D 0) + return -EFSCORRUPTED; + + start_dentry =3D 0; + end_dentry =3D n_dentries - 1; + while (start_dentry <=3D end_dentry) { + int mid_dentry =3D start_dentry + (end_dentry - start_dentry) / 2; + struct cfs_dentry_s *dentry =3D &dentries[mid_dentry]; + char *dentry_name =3D (char *)namedata + dentry->name_offset; + size_t dentry_name_len =3D dentry->name_len; + + /* name needs to fit in namedata */ + if (dentry_name >=3D namedata_end || + namedata_end - dentry_name < dentry_name_len) { + return -EFSCORRUPTED; + } + + cmp =3D memcmp2(name, name_len, dentry_name, dentry_name_len); + if (cmp =3D=3D 0) { + *index_out =3D le64_to_cpu(dentry->inode_index); + return 0; + } + + if (cmp > 0) + start_dentry =3D mid_dentry + 1; + else + end_dentry =3D mid_dentry - 1; + } + + return cmp > 0 ? AFTER_CHUNK : BEFORE_CHUNK; +} + +int cfs_dir_lookup(struct cfs_context_s *ctx, u64 index, + struct cfs_inode_data_s *inode_data, const char *name, + size_t name_len, u64 *index_out) +{ + int n_chunks, start_chunk, end_chunk; + struct cfs_buf vdata_buf =3D { NULL }; + char *namedata, *namedata_end; + struct cfs_dir_chunk_s *chunks; + struct cfs_dentry_s *dentries; + void *chunks_buf; + int res, r; + + n_chunks =3D inode_data->n_dir_chunks; + if (n_chunks =3D=3D 0) + return 0; + + chunks =3D cfs_dir_get_chunk_info(ctx, index, inode_data, &chunks_buf); + if (IS_ERR(chunks)) + return PTR_ERR(chunks); + + start_chunk =3D 0; + end_chunk =3D n_chunks - 1; + + while (start_chunk <=3D end_chunk) { + int mid_chunk =3D start_chunk + (end_chunk - start_chunk) / 2; + + /* Chunks info are verified/converted in cfs_dir_read_chunk_header */ + u64 chunk_offset =3D chunks[mid_chunk].chunk_offset; + size_t chunk_size =3D chunks[mid_chunk].chunk_size; + size_t n_dentries =3D chunks[mid_chunk].n_dentries; + + /* Read chunk dentries from page cache */ + dentries =3D cfs_get_vdata_buf(ctx, chunk_offset, chunk_size, + &vdata_buf); + if (IS_ERR(dentries)) { + res =3D PTR_ERR(dentries); + goto exit; + } + + namedata =3D ((u8 *)dentries) + sizeof(struct cfs_dentry_s) * n_dentries; + namedata_end =3D ((u8 *)dentries) + chunk_size; + + r =3D cfs_dir_lookup_in_chunk(name, name_len, dentries, n_dentries, + namedata, namedata_end, index_out); + if (r < 0) { + res =3D r; /* error */ + goto exit; + } else if (r =3D=3D 0) { + res =3D 1; /* found it */ + goto exit; + } else if (r =3D=3D AFTER_CHUNK) { + start_chunk =3D mid_chunk + 1; + } else { /* before */ + end_chunk =3D mid_chunk - 1; + } + } + + /* not found */ + res =3D 0; + +exit: + kfree(chunks_buf); + cfs_buf_put(&vdata_buf); + return res; +} --=20 2.39.0 From nobody Mon Sep 15 06:20:52 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 14CDDC54EBD for ; Fri, 13 Jan 2023 15:46:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229988AbjAMPqr (ORCPT ); Fri, 13 Jan 2023 10:46:47 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35630 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229894AbjAMPpi (ORCPT ); Fri, 13 Jan 2023 10:45:38 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 17FA7D66 for ; Fri, 13 Jan 2023 07:35:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1673624119; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=z/9uybYBXhUW4wkIRlveDlKdZJQqTPtcnsCUTg2vO2o=; b=bQuE4e0Pvf4XQimFJWbxlsB9JSMKJfLE7uWOQ8gA5bRCJ+mxIm+eN/y7uN/JbLIjZXlxzT CWctCQEwr9EIAiSgKf7NzeH9ZgLwrl5hhbPxSRymBiQxyi5G3I52ES/sBWyiQIFqxP4SQI dPAxB25q5L54IFQLfyVpb/G4wcYMrqs= Received: from mail-lj1-f199.google.com (mail-lj1-f199.google.com [209.85.208.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-606-Hmz27GeVNDSEm2YXfLoonQ-1; Fri, 13 Jan 2023 10:35:16 -0500 X-MC-Unique: Hmz27GeVNDSEm2YXfLoonQ-1 Received: by mail-lj1-f199.google.com with SMTP id s12-20020a2eb8cc000000b0027f6f40eeb3so5634875ljp.2 for ; Fri, 13 Jan 2023 07:35:16 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=z/9uybYBXhUW4wkIRlveDlKdZJQqTPtcnsCUTg2vO2o=; b=QASTeN1Idax6la/i6MMNpx3T66eNx2KWcmukg7AbpTf0kYjnqAcuGjVkGINybg4Rt9 qtJ7WeLRpcYTR0aANFD6bDMdcFPnvujSGVutPyLYUyPUwj5iN49+81Pnk8MdryiRReY7 R6xRB1YW7RsjrhRVkUaeStm9o8P2l4wFTnbCVovNjyQ7tXJrane17pG99IWpEX5/2R8X G3J8y3fQjb0DxJwXDKYN7d1bNz6uyUqwFcu0YwqVJWHgS8AXUi5VFrSeAWbs4IP1szH1 XZ9PF+EDNknrDEwuhZl3Big3IdaqFUEiXhjvVTfbtTvKLtgC/SdstCJ7VwfMTp3RDSkd 2zKw== X-Gm-Message-State: AFqh2koFUnV4+gzhvbswlVi+XXG9sXeDd5eXNMwzSWnBY+ChxUBcsCU8 MAHUHDnDp1+OfqcrSt26NABqlLlSb46zbnNv3BiVzC5F+TjgjtEC4hv+EbLwtT4lDGRpf+JaJg3 YTlr0MkV1Buljnr4HqE76xqVC X-Received: by 2002:a05:651c:200f:b0:27f:bc6c:c4f0 with SMTP id s15-20020a05651c200f00b0027fbc6cc4f0mr15465554ljo.27.1673624114672; Fri, 13 Jan 2023 07:35:14 -0800 (PST) X-Google-Smtp-Source: AMrXdXtYodRfUAStZmVCxOmY2+uknl4/INwWxiaczsDBucjw7JhTayRFAlBAHSfshWHL/RiiUhmiHw== X-Received: by 2002:a05:651c:200f:b0:27f:bc6c:c4f0 with SMTP id s15-20020a05651c200f00b0027fbc6cc4f0mr15465545ljo.27.1673624114436; Fri, 13 Jan 2023 07:35:14 -0800 (PST) Received: from localhost.localdomain (c-e6a5e255.022-110-73746f36.bbcust.telenor.se. [85.226.165.230]) by smtp.googlemail.com with ESMTPSA id p20-20020a2e9a94000000b00289bb528b8dsm725473lji.49.2023.01.13.07.35.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Jan 2023 07:35:13 -0800 (PST) From: Alexander Larsson To: linux-fsdevel@vger.kernel.org Cc: linux-kernel@vger.kernel.org, gscrivan@redhat.com, Alexander Larsson Subject: [PATCH v2 4/6] composefs: Add filesystem implementation Date: Fri, 13 Jan 2023 16:33:57 +0100 Message-Id: X-Mailer: git-send-email 2.39.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" This is the basic inode and filesystem implementation. Signed-off-by: Alexander Larsson Co-developed-by: Giuseppe Scrivano Signed-off-by: Giuseppe Scrivano --- fs/composefs/cfs.c | 903 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 903 insertions(+) create mode 100644 fs/composefs/cfs.c diff --git a/fs/composefs/cfs.c b/fs/composefs/cfs.c new file mode 100644 index 000000000000..b3c0adb69983 --- /dev/null +++ b/fs/composefs/cfs.c @@ -0,0 +1,903 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * composefs + * + * Copyright (C) 2000 Linus Torvalds. + * 2000 Transmeta Corp. + * Copyright (C) 2021 Giuseppe Scrivano + * Copyright (C) 2022 Alexander Larsson + * + * This file is released under the GPL. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cfs-internals.h" + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Giuseppe Scrivano "); + +#define CFS_MAX_STACK 500 + +#define FILEID_CFS 0x91 + +struct cfs_info { + struct cfs_context_s cfs_ctx; + + char *base_path; + + size_t n_bases; + struct vfsmount **bases; + + u32 verity_check; /* 0 =3D=3D none, 1 =3D=3D if specified in image, 2 =3D= =3D require in image */ + bool has_digest; + u8 digest[SHA256_DIGEST_SIZE]; /* fs-verity digest */ +}; + +struct cfs_inode { + /* must be first for clear in cfs_alloc_inode to work */ + struct inode vfs_inode; + + struct cfs_inode_data_s inode_data; +}; + +static inline struct cfs_inode *CFS_I(struct inode *inode) +{ + return container_of(inode, struct cfs_inode, vfs_inode); +} + +static struct file empty_file; + +static const struct file_operations cfs_file_operations; + +static const struct super_operations cfs_ops; +static const struct file_operations cfs_dir_operations; +static const struct inode_operations cfs_dir_inode_operations; +static const struct inode_operations cfs_file_inode_operations; +static const struct inode_operations cfs_link_inode_operations; + +static const struct xattr_handler *cfs_xattr_handlers[]; +static const struct export_operations cfs_export_operations; + +static const struct address_space_operations cfs_aops =3D { + .direct_IO =3D noop_direct_IO, +}; + +static ssize_t cfs_listxattr(struct dentry *dentry, char *names, size_t si= ze); + +/* copied from overlayfs. */ +static unsigned int cfs_split_basedirs(char *str) +{ + unsigned int ctr =3D 1; + char *s, *d; + + for (s =3D d =3D str;; s++, d++) { + if (*s =3D=3D '\\') { + s++; + } else if (*s =3D=3D ':') { + *d =3D '\0'; + ctr++; + continue; + } + *d =3D *s; + if (!*s) + break; + } + return ctr; +} + +static struct inode *cfs_make_inode(struct cfs_context_s *ctx, + struct super_block *sb, ino_t ino_num, + struct cfs_inode_s *ino, const struct inode *dir) +{ + struct cfs_inode_data_s inode_data =3D { 0 }; + struct cfs_xattr_header_s *xattrs =3D NULL; + struct inode *inode =3D NULL; + struct cfs_inode *cino; + int ret, res; + + res =3D cfs_init_inode_data(ctx, ino, ino_num, &inode_data); + if (res < 0) + return ERR_PTR(res); + + inode =3D new_inode(sb); + if (inode) { + inode_init_owner(&init_user_ns, inode, dir, ino->st_mode); + inode->i_mapping->a_ops =3D &cfs_aops; + + cino =3D CFS_I(inode); + cino->inode_data =3D inode_data; + + inode->i_ino =3D ino_num; + set_nlink(inode, ino->st_nlink); + inode->i_rdev =3D ino->st_rdev; + inode->i_uid =3D make_kuid(current_user_ns(), ino->st_uid); + inode->i_gid =3D make_kgid(current_user_ns(), ino->st_gid); + inode->i_mode =3D ino->st_mode; + inode->i_atime =3D ino->st_mtim; + inode->i_mtime =3D ino->st_mtim; + inode->i_ctime =3D ino->st_ctim; + + switch (ino->st_mode & S_IFMT) { + case S_IFREG: + inode->i_op =3D &cfs_file_inode_operations; + inode->i_fop =3D &cfs_file_operations; + inode->i_size =3D ino->st_size; + break; + case S_IFLNK: + inode->i_link =3D cino->inode_data.path_payload; + inode->i_op =3D &cfs_link_inode_operations; + inode->i_fop =3D &cfs_file_operations; + break; + case S_IFDIR: + inode->i_op =3D &cfs_dir_inode_operations; + inode->i_fop =3D &cfs_dir_operations; + inode->i_size =3D 4096; + break; + case S_IFCHR: + case S_IFBLK: + if (current_user_ns() !=3D &init_user_ns) { + ret =3D -EPERM; + goto fail; + } + fallthrough; + default: + inode->i_op =3D &cfs_file_inode_operations; + init_special_inode(inode, ino->st_mode, ino->st_rdev); + break; + } + } + return inode; + +fail: + if (inode) + iput(inode); + kfree(xattrs); + cfs_inode_data_put(&inode_data); + return ERR_PTR(ret); +} + +static struct inode *cfs_get_root_inode(struct super_block *sb) +{ + struct cfs_info *fsi =3D sb->s_fs_info; + struct cfs_inode_s ino_buf; + struct cfs_inode_s *ino; + u64 index; + + ino =3D cfs_get_root_ino(&fsi->cfs_ctx, &ino_buf, &index); + if (IS_ERR(ino)) + return ERR_CAST(ino); + + return cfs_make_inode(&fsi->cfs_ctx, sb, index, ino, NULL); +} + +static bool cfs_iterate_cb(void *private, const char *name, int name_len, + u64 ino, unsigned int dtype) +{ + struct dir_context *ctx =3D private; + + if (!dir_emit(ctx, name, name_len, ino, dtype)) + return 0; + + ctx->pos++; + return 1; +} + +static int cfs_iterate(struct file *file, struct dir_context *ctx) +{ + struct inode *inode =3D file->f_inode; + struct cfs_info *fsi =3D inode->i_sb->s_fs_info; + struct cfs_inode *cino =3D CFS_I(inode); + + if (!dir_emit_dots(file, ctx)) + return 0; + + return cfs_dir_iterate(&fsi->cfs_ctx, inode->i_ino, &cino->inode_data, + ctx->pos - 2, cfs_iterate_cb, ctx); +} + +static struct dentry *cfs_lookup(struct inode *dir, struct dentry *dentry, + unsigned int flags) +{ + struct cfs_info *fsi =3D dir->i_sb->s_fs_info; + struct cfs_inode *cino =3D CFS_I(dir); + struct cfs_inode_s ino_buf; + struct cfs_inode_s *ino_s; + struct inode *inode; + u64 index; + int ret; + + if (dentry->d_name.len > NAME_MAX) + return ERR_PTR(-ENAMETOOLONG); + + ret =3D cfs_dir_lookup(&fsi->cfs_ctx, dir->i_ino, &cino->inode_data, + dentry->d_name.name, dentry->d_name.len, &index); + if (ret < 0) + return ERR_PTR(ret); + if (ret =3D=3D 0) + goto return_negative; + + ino_s =3D cfs_get_ino_index(&fsi->cfs_ctx, index, &ino_buf); + if (IS_ERR(ino_s)) + return ERR_CAST(ino_s); + + inode =3D cfs_make_inode(&fsi->cfs_ctx, dir->i_sb, index, ino_s, dir); + if (IS_ERR(inode)) + return ERR_CAST(inode); + + return d_splice_alias(inode, dentry); + +return_negative: + d_add(dentry, NULL); + return NULL; +} + +static const struct file_operations cfs_dir_operations =3D { + .llseek =3D generic_file_llseek, + .read =3D generic_read_dir, + .iterate_shared =3D cfs_iterate, +}; + +static const struct inode_operations cfs_dir_inode_operations =3D { + .lookup =3D cfs_lookup, + .listxattr =3D cfs_listxattr, +}; + +static const struct inode_operations cfs_link_inode_operations =3D { + .get_link =3D simple_get_link, + .listxattr =3D cfs_listxattr, +}; + +static int digest_from_string(const char *digest_str, u8 *digest) +{ + int res; + + res =3D hex2bin(digest, digest_str, SHA256_DIGEST_SIZE); + if (res < 0) + return res; + + if (digest_str[2 * SHA256_DIGEST_SIZE] !=3D 0) + return -EINVAL; /* Too long string */ + + return 0; +} + +/* + * Display the mount options in /proc/mounts. + */ +static int cfs_show_options(struct seq_file *m, struct dentry *root) +{ + struct cfs_info *fsi =3D root->d_sb->s_fs_info; + + if (fsi->base_path) + seq_show_option(m, "basedir", fsi->base_path); + if (fsi->has_digest) + seq_printf(m, ",digest=3D%*phN", SHA256_DIGEST_SIZE, fsi->digest); + if (fsi->verity_check !=3D 0) + seq_printf(m, ",verity_check=3D%u", fsi->verity_check); + + return 0; +} + +static struct kmem_cache *cfs_inode_cachep; + +static struct inode *cfs_alloc_inode(struct super_block *sb) +{ + struct cfs_inode *cino =3D alloc_inode_sb(sb, cfs_inode_cachep, GFP_KERNE= L); + + if (!cino) + return NULL; + + memset((u8 *)cino + sizeof(struct inode), 0, + sizeof(struct cfs_inode) - sizeof(struct inode)); + + return &cino->vfs_inode; +} + +static void cfs_destroy_inode(struct inode *inode) +{ + struct cfs_inode *cino =3D CFS_I(inode); + + cfs_inode_data_put(&cino->inode_data); +} + +static void cfs_free_inode(struct inode *inode) +{ + struct cfs_inode *cino =3D CFS_I(inode); + + kmem_cache_free(cfs_inode_cachep, cino); +} + +static void cfs_put_super(struct super_block *sb) +{ + struct cfs_info *fsi =3D sb->s_fs_info; + + cfs_ctx_put(&fsi->cfs_ctx); + if (fsi->bases) { + kern_unmount_array(fsi->bases, fsi->n_bases); + kfree(fsi->bases); + } + kfree(fsi->base_path); + + kfree(fsi); +} + +static int cfs_statfs(struct dentry *dentry, struct kstatfs *buf) +{ + struct cfs_info *fsi =3D dentry->d_sb->s_fs_info; + int err =3D 0; + + /* We return the free space, etc from the first base dir. */ + if (fsi->n_bases > 0) { + struct path root =3D { .mnt =3D fsi->bases[0], + .dentry =3D fsi->bases[0]->mnt_root }; + err =3D vfs_statfs(&root, buf); + } + + if (!err) { + buf->f_namelen =3D NAME_MAX; + buf->f_type =3D dentry->d_sb->s_magic; + } + + return err; +} + +static const struct super_operations cfs_ops =3D { + .statfs =3D cfs_statfs, + .drop_inode =3D generic_delete_inode, + .show_options =3D cfs_show_options, + .put_super =3D cfs_put_super, + .destroy_inode =3D cfs_destroy_inode, + .alloc_inode =3D cfs_alloc_inode, + .free_inode =3D cfs_free_inode, +}; + +enum cfs_param { + Opt_base_path, + Opt_digest, + Opt_verity_check, +}; + +const struct fs_parameter_spec cfs_parameters[] =3D { + fsparam_string("basedir", Opt_base_path), + fsparam_string("digest", Opt_digest), + fsparam_u32("verity_check", Opt_verity_check), + {} +}; + +static int cfs_parse_param(struct fs_context *fc, struct fs_parameter *par= am) +{ + struct cfs_info *fsi =3D fc->s_fs_info; + struct fs_parse_result result; + int opt, r; + + opt =3D fs_parse(fc, cfs_parameters, param, &result); + if (opt =3D=3D -ENOPARAM) + return vfs_parse_fs_param_source(fc, param); + if (opt < 0) + return opt; + + switch (opt) { + case Opt_base_path: + kfree(fsi->base_path); + /* Take ownership. */ + fsi->base_path =3D param->string; + param->string =3D NULL; + break; + case Opt_digest: + r =3D digest_from_string(param->string, fsi->digest); + if (r < 0) + return r; + fsi->has_digest =3D true; + fsi->verity_check =3D 2; /* Default to full verity check */ + break; + case Opt_verity_check: + if (result.uint_32 > 2) + return invalfc(fc, "Invalid verity_check mode"); + fsi->verity_check =3D result.uint_32; + break; + } + + return 0; +} + +static struct vfsmount *resolve_basedir(const char *name) +{ + struct path path =3D {}; + struct vfsmount *mnt; + int err =3D -EINVAL; + + if (!*name) { + pr_err("empty basedir\n"); + goto out; + } + err =3D kern_path(name, LOOKUP_FOLLOW, &path); + if (err) { + pr_err("failed to resolve '%s': %i\n", name, err); + goto out; + } + + mnt =3D clone_private_mount(&path); + err =3D PTR_ERR(mnt); + if (IS_ERR(mnt)) { + pr_err("failed to clone basedir\n"); + goto out_put; + } + + path_put(&path); + + /* Don't inherit atime flags */ + mnt->mnt_flags &=3D ~(MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME); + + return mnt; + +out_put: + path_put(&path); +out: + return ERR_PTR(err); +} + +static int cfs_fill_super(struct super_block *sb, struct fs_context *fc) +{ + struct cfs_info *fsi =3D sb->s_fs_info; + struct vfsmount **bases =3D NULL; + size_t numbasedirs =3D 0; + struct inode *inode; + struct vfsmount *mnt; + int ret; + + if (sb->s_root) + return -EINVAL; + + /* Set up the inode allocator early */ + sb->s_op =3D &cfs_ops; + sb->s_flags |=3D SB_RDONLY; + sb->s_magic =3D CFS_MAGIC; + sb->s_xattr =3D cfs_xattr_handlers; + sb->s_export_op =3D &cfs_export_operations; + + if (fsi->base_path) { + char *lower, *splitlower =3D NULL; + + ret =3D -ENOMEM; + splitlower =3D kstrdup(fsi->base_path, GFP_KERNEL); + if (!splitlower) + goto fail; + + ret =3D -EINVAL; + numbasedirs =3D cfs_split_basedirs(splitlower); + if (numbasedirs > CFS_MAX_STACK) { + pr_err("too many lower directories, limit is %d\n", + CFS_MAX_STACK); + kfree(splitlower); + goto fail; + } + + ret =3D -ENOMEM; + bases =3D kcalloc(numbasedirs, sizeof(struct vfsmount *), GFP_KERNEL); + if (!bases) { + kfree(splitlower); + goto fail; + } + + lower =3D splitlower; + for (size_t i =3D 0; i < numbasedirs; i++) { + mnt =3D resolve_basedir(lower); + if (IS_ERR(mnt)) { + ret =3D PTR_ERR(mnt); + kfree(splitlower); + goto fail; + } + bases[i] =3D mnt; + + lower =3D strchr(lower, '\0') + 1; + } + kfree(splitlower); + } + + /* Must be inited before calling cfs_get_inode. */ + ret =3D cfs_init_ctx(fc->source, fsi->has_digest ? fsi->digest : NULL, + &fsi->cfs_ctx); + if (ret < 0) + goto fail; + + inode =3D cfs_get_root_inode(sb); + if (IS_ERR(inode)) { + ret =3D PTR_ERR(inode); + goto fail; + } + sb->s_root =3D d_make_root(inode); + + ret =3D -ENOMEM; + if (!sb->s_root) + goto fail; + + sb->s_maxbytes =3D MAX_LFS_FILESIZE; + sb->s_blocksize =3D PAGE_SIZE; + sb->s_blocksize_bits =3D PAGE_SHIFT; + + sb->s_time_gran =3D 1; + + fsi->bases =3D bases; + fsi->n_bases =3D numbasedirs; + return 0; +fail: + if (bases) { + for (size_t i =3D 0; i < numbasedirs; i++) { + if (bases[i]) + kern_unmount(bases[i]); + } + kfree(bases); + } + cfs_ctx_put(&fsi->cfs_ctx); + return ret; +} + +static int cfs_get_tree(struct fs_context *fc) +{ + return get_tree_nodev(fc, cfs_fill_super); +} + +static const struct fs_context_operations cfs_context_ops =3D { + .parse_param =3D cfs_parse_param, + .get_tree =3D cfs_get_tree, +}; + +static struct file *open_base_file(struct cfs_info *fsi, struct inode *ino= de, + struct file *file) +{ + struct cfs_inode *cino =3D CFS_I(inode); + struct file *real_file; + char *real_path =3D cino->inode_data.path_payload; + + for (size_t i =3D 0; i < fsi->n_bases; i++) { + real_file =3D file_open_root_mnt(fsi->bases[i], real_path, + file->f_flags, 0); + if (!IS_ERR(real_file) || PTR_ERR(real_file) !=3D -ENOENT) + return real_file; + } + + return ERR_PTR(-ENOENT); +} + +static int cfs_open_file(struct inode *inode, struct file *file) +{ + struct cfs_info *fsi =3D inode->i_sb->s_fs_info; + struct cfs_inode *cino =3D CFS_I(inode); + char *real_path =3D cino->inode_data.path_payload; + struct file *faked_file; + struct file *real_file; + + if (WARN_ON(!file)) + return -EIO; + + if (file->f_flags & (O_WRONLY | O_RDWR | O_CREAT | O_EXCL | O_TRUNC)) + return -EROFS; + + if (!real_path) { + file->private_data =3D &empty_file; + return 0; + } + + if (fsi->verity_check >=3D 2 && !cino->inode_data.has_digest) { + pr_warn("WARNING: composefs image file '%pd' specified no fs-verity dige= st\n", + file->f_path.dentry); + return -EIO; + } + + real_file =3D open_base_file(fsi, inode, file); + + if (IS_ERR(real_file)) + return PTR_ERR(real_file); + + /* If metadata records a digest for the file, ensure it is there + * and correct before using the contents. + */ + if (cino->inode_data.has_digest && fsi->verity_check >=3D 1) { + u8 verity_digest[FS_VERITY_MAX_DIGEST_SIZE]; + enum hash_algo verity_algo; + int res; + + res =3D fsverity_get_digest(d_inode(real_file->f_path.dentry), + verity_digest, &verity_algo); + if (res < 0) { + pr_warn("WARNING: composefs backing file '%pd' has no fs-verity digest\= n", + real_file->f_path.dentry); + fput(real_file); + return -EIO; + } + if (verity_algo !=3D HASH_ALGO_SHA256 || + memcmp(cino->inode_data.digest, verity_digest, + SHA256_DIGEST_SIZE) !=3D 0) { + pr_warn("WARNING: composefs backing file '%pd' has the wrong fs-verity = digest\n", + real_file->f_path.dentry); + fput(real_file); + return -EIO; + } + } + + faked_file =3D open_with_fake_path(&file->f_path, file->f_flags, + real_file->f_inode, current_cred()); + fput(real_file); + + if (IS_ERR(faked_file)) + return PTR_ERR(faked_file); + + file->private_data =3D faked_file; + return 0; +} + +#ifdef CONFIG_MMU +static unsigned long cfs_mmu_get_unmapped_area(struct file *file, unsigned= long addr, + unsigned long len, unsigned long pgoff, + unsigned long flags) +{ + struct file *realfile =3D file->private_data; + + if (realfile =3D=3D &empty_file) + return 0; + + return current->mm->get_unmapped_area(file, addr, len, pgoff, flags); +} +#endif + +static int cfs_release_file(struct inode *inode, struct file *file) +{ + struct file *realfile =3D file->private_data; + + if (WARN_ON(!realfile)) + return -EIO; + + if (realfile =3D=3D &empty_file) + return 0; + + fput(file->private_data); + + return 0; +} + +static int cfs_mmap(struct file *file, struct vm_area_struct *vma) +{ + struct file *realfile =3D file->private_data; + int ret; + + if (realfile =3D=3D &empty_file) + return 0; + + if (!realfile->f_op->mmap) + return -ENODEV; + + if (WARN_ON(file !=3D vma->vm_file)) + return -EIO; + + vma_set_file(vma, realfile); + + ret =3D call_mmap(vma->vm_file, vma); + + return ret; +} + +static ssize_t cfs_read_iter(struct kiocb *iocb, struct iov_iter *iter) +{ + struct file *file =3D iocb->ki_filp; + struct file *realfile =3D file->private_data; + int ret; + + if (realfile =3D=3D &empty_file) + return 0; + + if (!realfile->f_op->read_iter) + return -ENODEV; + + iocb->ki_filp =3D realfile; + ret =3D call_read_iter(realfile, iocb, iter); + iocb->ki_filp =3D file; + + return ret; +} + +static int cfs_fadvise(struct file *file, loff_t offset, loff_t len, int a= dvice) +{ + struct file *realfile =3D file->private_data; + + if (realfile =3D=3D &empty_file) + return 0; + + return vfs_fadvise(realfile, offset, len, advice); +} + +static int cfs_encode_fh(struct inode *inode, u32 *fh, int *max_len, + struct inode *parent) +{ + u32 generation; + int len =3D 3; + u64 nodeid; + + if (*max_len < len) { + *max_len =3D len; + return FILEID_INVALID; + } + + nodeid =3D inode->i_ino; + generation =3D inode->i_generation; + + fh[0] =3D (u32)(nodeid >> 32); + fh[1] =3D (u32)(nodeid & 0xffffffff); + fh[2] =3D generation; + + *max_len =3D len; + + return FILEID_CFS; +} + +static struct dentry *cfs_fh_to_dentry(struct super_block *sb, struct fid = *fid, + int fh_len, int fh_type) +{ + struct cfs_info *fsi =3D sb->s_fs_info; + struct inode *ino; + u64 inode_index; + u32 generation; + + if (fh_type !=3D FILEID_CFS || fh_len < 3) + return NULL; + + inode_index =3D (u64)(fid->raw[0]) << 32; + inode_index |=3D fid->raw[1]; + generation =3D fid->raw[2]; + + ino =3D ilookup(sb, inode_index); + if (!ino) { + struct cfs_inode_s inode_buf; + struct cfs_inode_s *inode; + + inode =3D cfs_get_ino_index(&fsi->cfs_ctx, inode_index, &inode_buf); + if (IS_ERR(inode)) + return ERR_CAST(inode); + + ino =3D cfs_make_inode(&fsi->cfs_ctx, sb, inode_index, inode, NULL); + if (IS_ERR(ino)) + return ERR_CAST(ino); + } + if (ino->i_generation !=3D generation) { + iput(ino); + return ERR_PTR(-ESTALE); + } + return d_obtain_alias(ino); +} + +static struct dentry *cfs_fh_to_parent(struct super_block *sb, struct fid = *fid, + int fh_len, int fh_type) +{ + return ERR_PTR(-EACCES); +} + +static int cfs_get_name(struct dentry *parent, char *name, struct dentry *= child) +{ + WARN_ON_ONCE(1); + return -EIO; +} + +static struct dentry *cfs_get_parent(struct dentry *dentry) +{ + WARN_ON_ONCE(1); + return ERR_PTR(-EIO); +} + +static const struct export_operations cfs_export_operations =3D { + .fh_to_dentry =3D cfs_fh_to_dentry, + .fh_to_parent =3D cfs_fh_to_parent, + .encode_fh =3D cfs_encode_fh, + .get_parent =3D cfs_get_parent, + .get_name =3D cfs_get_name, +}; + +static int cfs_getxattr(const struct xattr_handler *handler, + struct dentry *unused2, struct inode *inode, + const char *name, void *value, size_t size) +{ + struct cfs_info *fsi =3D inode->i_sb->s_fs_info; + struct cfs_inode *cino =3D CFS_I(inode); + + return cfs_get_xattr(&fsi->cfs_ctx, &cino->inode_data, name, value, size); +} + +static ssize_t cfs_listxattr(struct dentry *dentry, char *names, size_t si= ze) +{ + struct inode *inode =3D d_inode(dentry); + struct cfs_info *fsi =3D inode->i_sb->s_fs_info; + struct cfs_inode *cino =3D CFS_I(inode); + + return cfs_list_xattrs(&fsi->cfs_ctx, &cino->inode_data, names, size); +} + +static const struct file_operations cfs_file_operations =3D { + .read_iter =3D cfs_read_iter, + .mmap =3D cfs_mmap, + .fadvise =3D cfs_fadvise, + .fsync =3D noop_fsync, + .splice_read =3D generic_file_splice_read, + .llseek =3D generic_file_llseek, +#ifdef CONFIG_MMU + .get_unmapped_area =3D cfs_mmu_get_unmapped_area, +#endif + .release =3D cfs_release_file, + .open =3D cfs_open_file, +}; + +static const struct xattr_handler cfs_xattr_handler =3D { + .prefix =3D "", /* catch all */ + .get =3D cfs_getxattr, +}; + +static const struct xattr_handler *cfs_xattr_handlers[] =3D { + &cfs_xattr_handler, + NULL, +}; + +static const struct inode_operations cfs_file_inode_operations =3D { + .setattr =3D simple_setattr, + .getattr =3D simple_getattr, + + .listxattr =3D cfs_listxattr, +}; + +static int cfs_init_fs_context(struct fs_context *fc) +{ + struct cfs_info *fsi; + + fsi =3D kzalloc(sizeof(*fsi), GFP_KERNEL); + if (!fsi) + return -ENOMEM; + + fc->s_fs_info =3D fsi; + fc->ops =3D &cfs_context_ops; + return 0; +} + +static struct file_system_type cfs_type =3D { + .owner =3D THIS_MODULE, + .name =3D "composefs", + .init_fs_context =3D cfs_init_fs_context, + .parameters =3D cfs_parameters, + .kill_sb =3D kill_anon_super, +}; + +static void cfs_inode_init_once(void *foo) +{ + struct cfs_inode *cino =3D foo; + + inode_init_once(&cino->vfs_inode); +} + +static int __init init_cfs(void) +{ + cfs_inode_cachep =3D kmem_cache_create( + "cfs_inode", sizeof(struct cfs_inode), 0, + (SLAB_RECLAIM_ACCOUNT | SLAB_MEM_SPREAD | SLAB_ACCOUNT), + cfs_inode_init_once); + if (!cfs_inode_cachep) + return -ENOMEM; + + return register_filesystem(&cfs_type); +} + +static void __exit exit_cfs(void) +{ + unregister_filesystem(&cfs_type); + + /* Ensure all RCU free inodes are safe to be destroyed. */ + rcu_barrier(); + + kmem_cache_destroy(cfs_inode_cachep); +} + +module_init(init_cfs); +module_exit(exit_cfs); --=20 2.39.0 From nobody Mon Sep 15 06:20:52 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1B3DFC54EBE for ; Fri, 13 Jan 2023 15:46:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229620AbjAMPqQ (ORCPT ); Fri, 13 Jan 2023 10:46:16 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34830 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230204AbjAMPp3 (ORCPT ); Fri, 13 Jan 2023 10:45:29 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EF8F110058 for ; Fri, 13 Jan 2023 07:35:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1673624121; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HvJzqEosng1OpNEPlrOtQogHviQchssO2KpZoQllqEw=; b=OSBhNhu0WVkLxefEefjdB2d2ZjYaK7WsNVY78Vuru3zYD1RuQ5R2M0VH0kHjssIiI92AXp OMV1xdlv7ci7MIlLVja+WEj4Dv402V1fk8Ybego65qL1q83GLvpgfjKpqKwVLTOPwcGeuq OFGhC9JC3Mnw821ticuNOA6kSCO1uGI= Received: from mail-lj1-f200.google.com (mail-lj1-f200.google.com [209.85.208.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-206-IZUmITy5PRqxCM51zVaqtw-1; Fri, 13 Jan 2023 10:35:19 -0500 X-MC-Unique: IZUmITy5PRqxCM51zVaqtw-1 Received: by mail-lj1-f200.google.com with SMTP id x32-20020a2ea9a0000000b0027b52e5e56cso5692092ljq.10 for ; Fri, 13 Jan 2023 07:35:19 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HvJzqEosng1OpNEPlrOtQogHviQchssO2KpZoQllqEw=; b=HYTw4+UgU16UHZWVw3NkdD9VorT7hX1N5mGwJewLJ9ihIA/BW+DDG7JmcSQbPBHb2g lnjIHsirBiKDRJx77zYCGQ/qFopH7XMi7rvDkX7NY15Rc320VMxnOdt7jmQSBn/gS/y9 OMIVozIzsmb2Tfkkec9RvpnJsyW/DTOP+UoRGBuNChGIPBDFCZjejzOAV7/v2nZVllVQ 0xKct0Kil33zpXVhVgsH5Sm8JJNxojIZTzbYwRv8tHhQV80qS/yRdCuHk5yFvZewglG1 vjaB9eEVEYKkVgjRvEPc/S3L7fNzekkYWAc5SSEN8o2a3bpYJL+ckcoS9kYkMhnICtTH Lj+g== X-Gm-Message-State: AFqh2kpF5R2PVjqFu2nA6AG6jCx5Qs0O4Rn7EbnBv//1v33CYXlhoZ/P qclTFrexRlcCaBGIs1wgG3DWQtSNPCEPIgKj/rPjaz1e/jkT0fBlAgIxS09gWHoT5jPQ9jEOq7G inGoQ0ECJI3PH/L5rwZHiDZ+4 X-Received: by 2002:a2e:9b08:0:b0:287:625a:4d4f with SMTP id u8-20020a2e9b08000000b00287625a4d4fmr3770286lji.1.1673624117370; Fri, 13 Jan 2023 07:35:17 -0800 (PST) X-Google-Smtp-Source: AMrXdXv+ze9h67KJIs16Cr55BBtE2xAUuhHj16YyQ+bpHXDt6402ykHQKaDiw0TwcySUBJFWTi6GZg== X-Received: by 2002:a2e:9b08:0:b0:287:625a:4d4f with SMTP id u8-20020a2e9b08000000b00287625a4d4fmr3770281lji.1.1673624117126; Fri, 13 Jan 2023 07:35:17 -0800 (PST) Received: from localhost.localdomain (c-e6a5e255.022-110-73746f36.bbcust.telenor.se. [85.226.165.230]) by smtp.googlemail.com with ESMTPSA id p20-20020a2e9a94000000b00289bb528b8dsm725473lji.49.2023.01.13.07.35.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Jan 2023 07:35:16 -0800 (PST) From: Alexander Larsson To: linux-fsdevel@vger.kernel.org Cc: linux-kernel@vger.kernel.org, gscrivan@redhat.com, Alexander Larsson , linux-doc@vger.kernel.org Subject: [PATCH v2 5/6] composefs: Add documentation Date: Fri, 13 Jan 2023 16:33:58 +0100 Message-Id: X-Mailer: git-send-email 2.39.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Adds documentation about the composefs filesystem and how to use it. Signed-off-by: Alexander Larsson --- Documentation/filesystems/composefs.rst | 169 ++++++++++++++++++++++++ Documentation/filesystems/index.rst | 1 + 2 files changed, 170 insertions(+) create mode 100644 Documentation/filesystems/composefs.rst diff --git a/Documentation/filesystems/composefs.rst b/Documentation/filesy= stems/composefs.rst new file mode 100644 index 000000000000..306f0e2e22ba --- /dev/null +++ b/Documentation/filesystems/composefs.rst @@ -0,0 +1,169 @@ +.. SPDX-License-Identifier: GPL-2.0 + +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +Composefs Filesystem +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +Introduction +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +Composefs is a read-only file system that is backed by regular files +(rather than a block device). It is designed to help easily share +content between different directory trees, such as container images in +a local store or ostree checkouts. In addition it also has support for +integrity validation of file content and directory metadata, in an +efficient way (using fs-verity). + +The filesystem mount source is a binary blob called the descriptor. It +contains all the inode and directory entry data for the entire +filesystem. However, instead of storing the file content each regular +file inode stores a relative path name, and the filesystem gets the +file content from the filesystem by looking up that filename in a set +of base directories. + +Given such a descriptor called "image.cfs" and a directory with files +called "/dir" you can mount it like:: + + mount -t composefs image.cfs -o basedir=3D/dir /mnt + +Content sharing +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +Suppose you have a single basedir where the files are content +addressed (i.e. named by content digest), and a set of composefs +descriptors using this basedir. Any file that happen to be shared +between two images (same content, so same digest) will now only be +stored once on the disk. + +Such sharing is possible even if the metadata for the file in the +image differs (common reasons for metadata difference are mtime, +permissions, xattrs, etc). The sharing is also anonymous in the sense +that you can't tell the difference on the mounted files from a +non-shared file (for example by looking at the link count for a +hardlinked file). + +In addition, any shared files that are actively in use will share +page-cache, because the page cache for the file contents will be +addressed by the backing file in the basedir, This means (for example) +that shared libraries between images will only be mmap:ed once across +all mounts. + +Integrity validation +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +Composefs uses :doc:`fs-verity ` for integrity validation, +and extends it by making the validation also apply to the directory +metadata. This happens on two levels, validation of the descriptor +and validation of the backing files. + +For descriptor validation, the idea is that you enable fs-verity on +the descriptor file which seals it from changes that would affect the +directory metadata. Additionally you can pass a `digest` mount option, +which composefs verifies against the descriptor fs-verity +measure. Such a mount option could be encoded in a trusted source +(like a signed kernel command line) and be used as a root of trust if +using composefs for the root filesystem. + +For file validation, the descriptor can contain digest for each +backing file, and you can enable fs-verity on the backing +files. Composefs will validate the digest before using the backing +files. This means any (accidental or malicious) modification of the +basedir will be detected at the time the file is used. + +Expected use-cases +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +Container Image Storage +``````````````````````` + +Typically a container image is stored as a set of "layer" +directories. merged into one mount by using overlayfs. The lower +layers are read-only image content and the upper layer is the +writable state of a running container. Multiple uses of the same +layer can be shared this way, but it is hard to share individual +files between unrelated layers. + +Using composefs, we can instead use a shared, content-addressed +store for all the images in the system, and use a composefs image +for the read-only image content of each image, pointing into the +shared store. Then for a running container we use an overlayfs +with the lower dir being the composefs and the upper dir being +the writable state. + + +Ostree root filesystem validation +````````````````````````````````` + +Ostree uses a content-addressed on-disk store for file content, +allowing efficient updates and sharing of content. However to actually +use these as a root filesystem it needs to create a real +"chroot-style" directory, containing hard links into the store. The +store itself is validated when created, but once the hard-link +directory is created, nothing validates the directory structure of +that. + +Instead of a chroot we can we can use composefs. We create a composefs +image pointing into the object store, enable fs-verity for everything +and encode the fs-verity digest of the descriptor in the +kernel-command line. This will allow booting a trusted system where +all directory metadata and file content is validated lazily at use. + + +Mount options +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +basedir + A colon separated list of directories to use as a base when resolving + relative content paths. + +verity_check=3D[0,1,2] + When to verify backing file fs-verity: 0 =3D=3D never, 1 =3D=3D if spe= cified in + image, 2 =3D=3D always and require it in image. + +digest + A fs-verity sha256 digest that the descriptor file must match. If set, + `verity_check` defaults to 2. + + +Filesystem format +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +The format of the descriptor is contains three sections: header, +inodes and variable data. All data in the file is stored in +little-endian form. + +The header starts at the beginning of the file and contains version, +magic value, offsets to the variable data and the root inode nr. + +The inode section starts at a fixed location right after the +header. It is a array of inode data, where for each inode there is +first a variable length chunk and then a fixed size chunk. An inode nr +is the offset in the inode data to the start of the fixed chunk. + +The fixed inode chunk starts with a flag that tells what parts of the +inode are stored in the file (meaning it is only the maximal size that +is fixed). After that the various inode attributes are serialized in +order, such as mode, ownership, xattrs, and payload length. The +payload length attribute gives the size of the variable chunk. + +The inode variable chunk contains different things depending on the +file type. For regular files it is the backing filename. For symlinks +it is the symlink target. For directories it is a list of references to +dentries, stored in chunks of maximum 4k. The dentry chunks themselves +are stored in the variable data section. + +The variable data section is stored after the inode section, and you +can find it from the offset in the header. It contains dentries and +Xattrs data. The xattrs are referred to by offset and size in the +xattr attribute in the inode data. Each xattr data can be used by many +inodes in the filesystem. The variable data chunks are all smaller than +a page (4K) and are padded to not span pages. + +Tools +=3D=3D=3D=3D=3D + +Tools for composefs can be found at https://github.com/containers/composefs + +There is a mkcomposefs tool which can be used to create images on the +CLI, and a library that applications can use to create composefs +images. diff --git a/Documentation/filesystems/index.rst b/Documentation/filesystem= s/index.rst index bee63d42e5ec..9b7cf136755d 100644 --- a/Documentation/filesystems/index.rst +++ b/Documentation/filesystems/index.rst @@ -75,6 +75,7 @@ Documentation for filesystem implementations. cifs/index ceph coda + composefs configfs cramfs dax --=20 2.39.0 From nobody Mon Sep 15 06:20:52 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E4B5EC54EBD for ; Fri, 13 Jan 2023 15:46:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229609AbjAMPqy (ORCPT ); Fri, 13 Jan 2023 10:46:54 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36926 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229949AbjAMPpp (ORCPT ); Fri, 13 Jan 2023 10:45:45 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 67F579585 for ; Fri, 13 Jan 2023 07:35:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1673624127; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=M9kcFm4bZIrWxqb92kaZI81madTzRGEizfXuC8UiNAg=; b=TvduCiF3iNV562DnVH4+1FT1+GzwSFGcPvbuCshdIi1sKbgWxYxgX+5pNIbLgh52Z4jdrT 7VTQkB0H1trpSYzozgK5ABkZzyPrkc0AgDLse5k/yEHx3HIie1yP4wfJVw5v3xwiyYmJq+ xIS2LBeVhO9EiyMoviESdskKRe32YS4= Received: from mail-lj1-f197.google.com (mail-lj1-f197.google.com [209.85.208.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-55-8GSV_tszMvSXmXjg5pv4QQ-1; Fri, 13 Jan 2023 10:35:23 -0500 X-MC-Unique: 8GSV_tszMvSXmXjg5pv4QQ-1 Received: by mail-lj1-f197.google.com with SMTP id r20-20020a2e8e34000000b002838fc9f1feso4718101ljk.9 for ; Fri, 13 Jan 2023 07:35:23 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=M9kcFm4bZIrWxqb92kaZI81madTzRGEizfXuC8UiNAg=; b=mj72GvNUEWJQod73CKHzhHJcP3KXMs9G3kfQvWjsfde4EYRFsjyyUUCK8c6TADkbrX pbbNXQsIu4Fz7A8gCkEHJIcfbpHeM/AxdvXkqy2NlQYDcdEJ+HUXmLZ2dlEjOY/4OkWt oxCOU0SiJLxCg0PkwWLKxDX11o/MdGmN4KLV78/RQBY9Jmxe6dhhH7gEwWu9GjF/wphQ n8XCmwGADYGrdAVlmI9GFGAeE3JbbiiWpnOk4wa3mjJ8G/u0xm5BFYbMlGyWvOgJrRtB rbb7qWbsa6whiogTBE1VlXxtO1HeYu8eqr905MOKUhr8oSJ+Og02hfkDcaC8LS0UHNqD cXnA== X-Gm-Message-State: AFqh2kpvy/PRslPoZJxSNYHS7QUQs9/yvY+/VR93pAjumKa0SbH5ORAa kpfmHxp+dmq71dtgrJT2HATtntx1+mvX+ZUABQEJn+H4+ClNqLVSDmw6VTVZv61EaBeWW0Lg4df bV9WvrBvkMk/C9eIfa5ISld2X X-Received: by 2002:a05:651c:2382:b0:27f:c869:79df with SMTP id bk2-20020a05651c238200b0027fc86979dfmr37437ljb.48.1673624122089; Fri, 13 Jan 2023 07:35:22 -0800 (PST) X-Google-Smtp-Source: AMrXdXvmjmybujP0N8n04T1ckkET6oZsbCUI2QaQPefp9fcGTi4MrxysQ5l3DSbnQ3hKb7R9yNAANA== X-Received: by 2002:a05:651c:2382:b0:27f:c869:79df with SMTP id bk2-20020a05651c238200b0027fc86979dfmr37427ljb.48.1673624121911; Fri, 13 Jan 2023 07:35:21 -0800 (PST) Received: from localhost.localdomain (c-e6a5e255.022-110-73746f36.bbcust.telenor.se. [85.226.165.230]) by smtp.googlemail.com with ESMTPSA id p20-20020a2e9a94000000b00289bb528b8dsm725473lji.49.2023.01.13.07.35.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Jan 2023 07:35:21 -0800 (PST) From: Alexander Larsson To: linux-fsdevel@vger.kernel.org Cc: linux-kernel@vger.kernel.org, gscrivan@redhat.com, Alexander Larsson Subject: [PATCH v2 6/6] composefs: Add kconfig and build support Date: Fri, 13 Jan 2023 16:33:59 +0100 Message-Id: <3cacd5065575e30f2120be6aa8587bc736aee774.1673623253.git.alexl@redhat.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" This commit adds Makefile and Kconfig for composefs, and updates Makefile and Kconfig files in the fs directory Signed-off-by: Alexander Larsson --- fs/Kconfig | 1 + fs/Makefile | 1 + fs/composefs/Kconfig | 18 ++++++++++++++++++ fs/composefs/Makefile | 5 +++++ 4 files changed, 25 insertions(+) create mode 100644 fs/composefs/Kconfig create mode 100644 fs/composefs/Makefile diff --git a/fs/Kconfig b/fs/Kconfig index 2685a4d0d353..de8493fc2b1e 100644 --- a/fs/Kconfig +++ b/fs/Kconfig @@ -127,6 +127,7 @@ source "fs/quota/Kconfig" source "fs/autofs/Kconfig" source "fs/fuse/Kconfig" source "fs/overlayfs/Kconfig" +source "fs/composefs/Kconfig" =20 menu "Caches" =20 diff --git a/fs/Makefile b/fs/Makefile index 4dea17840761..d16974e02468 100644 --- a/fs/Makefile +++ b/fs/Makefile @@ -137,3 +137,4 @@ obj-$(CONFIG_EFIVAR_FS) +=3D efivarfs/ obj-$(CONFIG_EROFS_FS) +=3D erofs/ obj-$(CONFIG_VBOXSF_FS) +=3D vboxsf/ obj-$(CONFIG_ZONEFS_FS) +=3D zonefs/ +obj-$(CONFIG_COMPOSEFS_FS) +=3D composefs/ diff --git a/fs/composefs/Kconfig b/fs/composefs/Kconfig new file mode 100644 index 000000000000..88c5b55380e6 --- /dev/null +++ b/fs/composefs/Kconfig @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: GPL-2.0-only + +config COMPOSEFS_FS + tristate "Composefs filesystem support" + select EXPORTFS + help + Composefs is a filesystem that allows combining file content from + existing regular files with a metadata directory structure from + a separate binary file. This is useful to share file content between + many different directory trees, such as in a local container image stor= e. + + Composefs also allows using fs-verity to validate the content of the + content-files as well as the metadata file which allows dm-verity + like validation with the flexibility of regular files. + + For more information see Documentation/filesystems/composefs.rst + + If unsure, say N. diff --git a/fs/composefs/Makefile b/fs/composefs/Makefile new file mode 100644 index 000000000000..eac8445e7d25 --- /dev/null +++ b/fs/composefs/Makefile @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: GPL-2.0-only + +obj-$(CONFIG_COMPOSEFS_FS) +=3D composefs.o + +composefs-objs +=3D cfs-reader.o cfs.o --=20 2.39.0