2018-09-12 08:16:07 +07:00
|
|
|
// SPDX-License-Identifier: GPL-2.0
|
2012-11-29 11:28:09 +07:00
|
|
|
/*
|
2012-11-02 15:12:17 +07:00
|
|
|
* fs/f2fs/xattr.h
|
|
|
|
*
|
|
|
|
* Copyright (c) 2012 Samsung Electronics Co., Ltd.
|
|
|
|
* http://www.samsung.com/
|
|
|
|
*
|
|
|
|
* Portions of this code from linux/fs/ext2/xattr.h
|
|
|
|
*
|
|
|
|
* On-disk format of extended attributes for the ext2 filesystem.
|
|
|
|
*
|
|
|
|
* (C) 2001 Andreas Gruenbacher, <a.gruenbacher@computer.org>
|
|
|
|
*/
|
|
|
|
#ifndef __F2FS_XATTR_H__
|
|
|
|
#define __F2FS_XATTR_H__
|
|
|
|
|
|
|
|
#include <linux/init.h>
|
|
|
|
#include <linux/xattr.h>
|
|
|
|
|
|
|
|
/* Magic value in attribute blocks */
|
|
|
|
#define F2FS_XATTR_MAGIC 0xF2F52011
|
|
|
|
|
|
|
|
/* Maximum number of references to one attribute block */
|
|
|
|
#define F2FS_XATTR_REFCOUNT_MAX 1024
|
|
|
|
|
|
|
|
/* Name indexes */
|
2015-12-02 20:44:36 +07:00
|
|
|
#define F2FS_SYSTEM_ADVISE_NAME "system.advise"
|
2012-11-02 15:12:17 +07:00
|
|
|
#define F2FS_XATTR_INDEX_USER 1
|
|
|
|
#define F2FS_XATTR_INDEX_POSIX_ACL_ACCESS 2
|
|
|
|
#define F2FS_XATTR_INDEX_POSIX_ACL_DEFAULT 3
|
|
|
|
#define F2FS_XATTR_INDEX_TRUSTED 4
|
|
|
|
#define F2FS_XATTR_INDEX_LUSTRE 5
|
|
|
|
#define F2FS_XATTR_INDEX_SECURITY 6
|
|
|
|
#define F2FS_XATTR_INDEX_ADVISE 7
|
2015-04-11 06:43:31 +07:00
|
|
|
/* Should be same as EXT4_XATTR_INDEX_ENCRYPTION */
|
|
|
|
#define F2FS_XATTR_INDEX_ENCRYPTION 9
|
f2fs: add fs-verity support
Add fs-verity support to f2fs. fs-verity is a filesystem feature that
enables transparent integrity protection and authentication of read-only
files. It uses a dm-verity like mechanism at the file level: a Merkle
tree is used to verify any block in the file in log(filesize) time. It
is implemented mainly by helper functions in fs/verity/. See
Documentation/filesystems/fsverity.rst for the full documentation.
The f2fs support for fs-verity consists of:
- Adding a filesystem feature flag and an inode flag for fs-verity.
- Implementing the fsverity_operations to support enabling verity on an
inode and reading/writing the verity metadata.
- Updating ->readpages() to verify data as it's read from verity files
and to support reading verity metadata pages.
- Updating ->write_begin(), ->write_end(), and ->writepages() to support
writing verity metadata pages.
- Calling the fs-verity hooks for ->open(), ->setattr(), and ->ioctl().
Like ext4, f2fs stores the verity metadata (Merkle tree and
fsverity_descriptor) past the end of the file, starting at the first 64K
boundary beyond i_size. This approach works because (a) verity files
are readonly, and (b) pages fully beyond i_size aren't visible to
userspace but can be read/written internally by f2fs with only some
relatively small changes to f2fs. Extended attributes cannot be used
because (a) f2fs limits the total size of an inode's xattr entries to
4096 bytes, which wouldn't be enough for even a single Merkle tree
block, and (b) f2fs encryption doesn't encrypt xattrs, yet the verity
metadata *must* be encrypted when the file is because it contains hashes
of the plaintext data.
Acked-by: Jaegeuk Kim <jaegeuk@kernel.org>
Acked-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
2019-07-22 23:26:24 +07:00
|
|
|
#define F2FS_XATTR_INDEX_VERITY 11
|
2015-04-11 06:43:31 +07:00
|
|
|
|
|
|
|
#define F2FS_XATTR_NAME_ENCRYPTION_CONTEXT "c"
|
f2fs: add fs-verity support
Add fs-verity support to f2fs. fs-verity is a filesystem feature that
enables transparent integrity protection and authentication of read-only
files. It uses a dm-verity like mechanism at the file level: a Merkle
tree is used to verify any block in the file in log(filesize) time. It
is implemented mainly by helper functions in fs/verity/. See
Documentation/filesystems/fsverity.rst for the full documentation.
The f2fs support for fs-verity consists of:
- Adding a filesystem feature flag and an inode flag for fs-verity.
- Implementing the fsverity_operations to support enabling verity on an
inode and reading/writing the verity metadata.
- Updating ->readpages() to verify data as it's read from verity files
and to support reading verity metadata pages.
- Updating ->write_begin(), ->write_end(), and ->writepages() to support
writing verity metadata pages.
- Calling the fs-verity hooks for ->open(), ->setattr(), and ->ioctl().
Like ext4, f2fs stores the verity metadata (Merkle tree and
fsverity_descriptor) past the end of the file, starting at the first 64K
boundary beyond i_size. This approach works because (a) verity files
are readonly, and (b) pages fully beyond i_size aren't visible to
userspace but can be read/written internally by f2fs with only some
relatively small changes to f2fs. Extended attributes cannot be used
because (a) f2fs limits the total size of an inode's xattr entries to
4096 bytes, which wouldn't be enough for even a single Merkle tree
block, and (b) f2fs encryption doesn't encrypt xattrs, yet the verity
metadata *must* be encrypted when the file is because it contains hashes
of the plaintext data.
Acked-by: Jaegeuk Kim <jaegeuk@kernel.org>
Acked-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
2019-07-22 23:26:24 +07:00
|
|
|
#define F2FS_XATTR_NAME_VERITY "v"
|
2012-11-02 15:12:17 +07:00
|
|
|
|
|
|
|
struct f2fs_xattr_header {
|
|
|
|
__le32 h_magic; /* magic number for identification */
|
|
|
|
__le32 h_refcount; /* reference count */
|
|
|
|
__u32 h_reserved[4]; /* zero right now */
|
|
|
|
};
|
|
|
|
|
|
|
|
struct f2fs_xattr_entry {
|
|
|
|
__u8 e_name_index;
|
|
|
|
__u8 e_name_len;
|
|
|
|
__le16 e_value_size; /* size of attribute value */
|
|
|
|
char e_name[0]; /* attribute name */
|
|
|
|
};
|
|
|
|
|
|
|
|
#define XATTR_HDR(ptr) ((struct f2fs_xattr_header *)(ptr))
|
|
|
|
#define XATTR_ENTRY(ptr) ((struct f2fs_xattr_entry *)(ptr))
|
2013-08-13 08:13:55 +07:00
|
|
|
#define XATTR_FIRST_ENTRY(ptr) (XATTR_ENTRY(XATTR_HDR(ptr) + 1))
|
2012-11-02 15:12:17 +07:00
|
|
|
#define XATTR_ROUND (3)
|
|
|
|
|
2017-04-09 06:11:36 +07:00
|
|
|
#define XATTR_ALIGN(size) (((size) + XATTR_ROUND) & ~XATTR_ROUND)
|
2012-11-02 15:12:17 +07:00
|
|
|
|
|
|
|
#define ENTRY_SIZE(entry) (XATTR_ALIGN(sizeof(struct f2fs_xattr_entry) + \
|
2017-04-09 06:11:36 +07:00
|
|
|
(entry)->e_name_len + le16_to_cpu((entry)->e_value_size)))
|
2012-11-02 15:12:17 +07:00
|
|
|
|
|
|
|
#define XATTR_NEXT_ENTRY(entry) ((struct f2fs_xattr_entry *)((char *)(entry) +\
|
|
|
|
ENTRY_SIZE(entry)))
|
|
|
|
|
|
|
|
#define IS_XATTR_LAST_ENTRY(entry) (*(__u32 *)(entry) == 0)
|
|
|
|
|
|
|
|
#define list_for_each_xattr(entry, addr) \
|
|
|
|
for (entry = XATTR_FIRST_ENTRY(addr);\
|
|
|
|
!IS_XATTR_LAST_ENTRY(entry);\
|
|
|
|
entry = XATTR_NEXT_ENTRY(entry))
|
2017-03-23 12:38:26 +07:00
|
|
|
#define VALID_XATTR_BLOCK_SIZE (PAGE_SIZE - sizeof(struct node_footer))
|
|
|
|
#define XATTR_PADDING_SIZE (sizeof(__u32))
|
2020-02-14 16:44:11 +07:00
|
|
|
#define XATTR_SIZE(i) ((F2FS_I(i)->i_xattr_nid ? \
|
|
|
|
VALID_XATTR_BLOCK_SIZE : 0) + \
|
2019-04-11 15:26:46 +07:00
|
|
|
(inline_xattr_size(i)))
|
2017-01-24 19:39:51 +07:00
|
|
|
#define MIN_OFFSET(i) XATTR_ALIGN(inline_xattr_size(i) + \
|
|
|
|
VALID_XATTR_BLOCK_SIZE)
|
2012-11-02 15:12:17 +07:00
|
|
|
|
2013-08-14 19:57:27 +07:00
|
|
|
#define MAX_VALUE_LEN(i) (MIN_OFFSET(i) - \
|
|
|
|
sizeof(struct f2fs_xattr_header) - \
|
|
|
|
sizeof(struct f2fs_xattr_entry))
|
2012-11-02 15:12:17 +07:00
|
|
|
|
2019-03-04 16:19:04 +07:00
|
|
|
#define MAX_INLINE_XATTR_SIZE \
|
|
|
|
(DEF_ADDRS_PER_INODE - \
|
|
|
|
F2FS_TOTAL_EXTRA_ATTR_SIZE / sizeof(__le32) - \
|
|
|
|
DEF_INLINE_RESERVED_SIZE - \
|
|
|
|
MIN_INLINE_DENTRY_SIZE / sizeof(__le32))
|
|
|
|
|
2012-11-29 11:28:09 +07:00
|
|
|
/*
|
2012-11-02 15:12:17 +07:00
|
|
|
* On-disk structure of f2fs_xattr
|
2013-08-14 19:57:27 +07:00
|
|
|
* We use inline xattrs space + 1 block for xattr.
|
2012-11-02 15:12:17 +07:00
|
|
|
*
|
|
|
|
* +--------------------+
|
|
|
|
* | f2fs_xattr_header |
|
|
|
|
* | |
|
|
|
|
* +--------------------+
|
|
|
|
* | f2fs_xattr_entry |
|
|
|
|
* | .e_name_index = 1 |
|
|
|
|
* | .e_name_len = 3 |
|
|
|
|
* | .e_value_size = 14 |
|
|
|
|
* | .e_name = "foo" |
|
|
|
|
* | "value_of_xattr" |<- value_offs = e_name + e_name_len
|
|
|
|
* +--------------------+
|
|
|
|
* | f2fs_xattr_entry |
|
|
|
|
* | .e_name_index = 4 |
|
|
|
|
* | .e_name = "bar" |
|
|
|
|
* +--------------------+
|
|
|
|
* | |
|
|
|
|
* | Free |
|
|
|
|
* | |
|
|
|
|
* +--------------------+<- MIN_OFFSET
|
|
|
|
* | node_footer |
|
|
|
|
* | (nid, ino, offset) |
|
|
|
|
* +--------------------+
|
|
|
|
*
|
|
|
|
**/
|
|
|
|
|
|
|
|
#ifdef CONFIG_F2FS_FS_XATTR
|
|
|
|
extern const struct xattr_handler f2fs_xattr_user_handler;
|
|
|
|
extern const struct xattr_handler f2fs_xattr_trusted_handler;
|
|
|
|
extern const struct xattr_handler f2fs_xattr_advise_handler;
|
2013-06-03 17:46:19 +07:00
|
|
|
extern const struct xattr_handler f2fs_xattr_security_handler;
|
2012-11-02 15:12:17 +07:00
|
|
|
|
|
|
|
extern const struct xattr_handler *f2fs_xattr_handlers[];
|
|
|
|
|
2013-06-03 17:46:19 +07:00
|
|
|
extern int f2fs_setxattr(struct inode *, int, const char *,
|
2014-04-23 10:23:14 +07:00
|
|
|
const void *, size_t, struct page *, int);
|
2014-10-14 09:42:53 +07:00
|
|
|
extern int f2fs_getxattr(struct inode *, int, const char *, void *,
|
|
|
|
size_t, struct page *);
|
2013-06-03 17:46:19 +07:00
|
|
|
extern ssize_t f2fs_listxattr(struct dentry *, char *, size_t);
|
2012-11-02 15:12:17 +07:00
|
|
|
#else
|
|
|
|
|
|
|
|
#define f2fs_xattr_handlers NULL
|
2014-04-23 10:17:25 +07:00
|
|
|
static inline int f2fs_setxattr(struct inode *inode, int index,
|
f2fs: add missing argument to f2fs_setxattr stub
The f2fs_setxattr() prototype for CONFIG_F2FS_FS_XATTR=n has
been wrong for a long time, since 8ae8f1627f39 ("f2fs: support
xattr security labels"), but there have never been any callers,
so it did not matter.
Now, the function gets called from f2fs_ioc_keyctl(), which
causes a build failure:
fs/f2fs/file.c: In function 'f2fs_ioc_keyctl':
include/linux/stddef.h:7:14: error: passing argument 6 of 'f2fs_setxattr' makes integer from pointer without a cast [-Werror=int-conversion]
#define NULL ((void *)0)
^
fs/f2fs/file.c:1599:27: note: in expansion of macro 'NULL'
value, F2FS_KEY_SIZE, NULL, type);
^
In file included from ../fs/f2fs/file.c:29:0:
fs/f2fs/xattr.h:129:19: note: expected 'int' but argument is of type 'void *'
static inline int f2fs_setxattr(struct inode *inode, int index,
^
fs/f2fs/file.c:1597:9: error: too many arguments to function 'f2fs_setxattr'
return f2fs_setxattr(inode, F2FS_XATTR_INDEX_KEY,
^
In file included from ../fs/f2fs/file.c:29:0:
fs/f2fs/xattr.h:129:19: note: declared here
static inline int f2fs_setxattr(struct inode *inode, int index,
Thsi changes the prototype of the empty stub function to match
that of the actual implementation. This will not make the key
management work when F2FS_FS_XATTR is disabled, but it gets it
to build at least.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
2016-03-15 06:07:56 +07:00
|
|
|
const char *name, const void *value, size_t size,
|
|
|
|
struct page *page, int flags)
|
2012-11-02 15:12:17 +07:00
|
|
|
{
|
|
|
|
return -EOPNOTSUPP;
|
|
|
|
}
|
2014-04-23 10:17:25 +07:00
|
|
|
static inline int f2fs_getxattr(struct inode *inode, int index,
|
2014-10-14 09:42:53 +07:00
|
|
|
const char *name, void *buffer,
|
|
|
|
size_t buffer_size, struct page *dpage)
|
2012-11-02 15:12:17 +07:00
|
|
|
{
|
|
|
|
return -EOPNOTSUPP;
|
|
|
|
}
|
|
|
|
static inline ssize_t f2fs_listxattr(struct dentry *dentry, char *buffer,
|
|
|
|
size_t buffer_size)
|
|
|
|
{
|
|
|
|
return -EOPNOTSUPP;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2013-06-03 17:46:19 +07:00
|
|
|
#ifdef CONFIG_F2FS_FS_SECURITY
|
|
|
|
extern int f2fs_init_security(struct inode *, struct inode *,
|
|
|
|
const struct qstr *, struct page *);
|
|
|
|
#else
|
|
|
|
static inline int f2fs_init_security(struct inode *inode, struct inode *dir,
|
|
|
|
const struct qstr *qstr, struct page *ipage)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
#endif
|
2012-11-02 15:12:17 +07:00
|
|
|
#endif /* __F2FS_XATTR_H__ */
|