From 671e67b47e9fffd12c8f69eda853a202cb5b3fc5 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Mon, 22 Jul 2019 09:26:21 -0700 Subject: fs-verity: add Kconfig and the helper functions for hashing Add the beginnings of the fs/verity/ support layer, including the Kconfig option and various helper functions for hashing. To start, only SHA-256 is supported, but other hash algorithms can easily be added. Reviewed-by: Theodore Ts'o Reviewed-by: Jaegeuk Kim Signed-off-by: Eric Biggers --- fs/verity/init.c | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 fs/verity/init.c (limited to 'fs/verity/init.c') diff --git a/fs/verity/init.c b/fs/verity/init.c new file mode 100644 index 000000000000..40076bbe452a --- /dev/null +++ b/fs/verity/init.c @@ -0,0 +1,41 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * fs/verity/init.c: fs-verity module initialization and logging + * + * Copyright 2019 Google LLC + */ + +#include "fsverity_private.h" + +#include + +void fsverity_msg(const struct inode *inode, const char *level, + const char *fmt, ...) +{ + static DEFINE_RATELIMIT_STATE(rs, DEFAULT_RATELIMIT_INTERVAL, + DEFAULT_RATELIMIT_BURST); + struct va_format vaf; + va_list args; + + if (!__ratelimit(&rs)) + return; + + va_start(args, fmt); + vaf.fmt = fmt; + vaf.va = &args; + if (inode) + printk("%sfs-verity (%s, inode %lu): %pV\n", + level, inode->i_sb->s_id, inode->i_ino, &vaf); + else + printk("%sfs-verity: %pV\n", level, &vaf); + va_end(args); +} + +static int __init fsverity_init(void) +{ + fsverity_check_hash_algs(); + + pr_debug("Initialized fs-verity\n"); + return 0; +} +late_initcall(fsverity_init) -- cgit v1.2.3 From fd2d1acfcadfe2e42567afaec5e989b38061a7d2 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Mon, 22 Jul 2019 09:26:22 -0700 Subject: fs-verity: add the hook for file ->open() Add the fsverity_file_open() function, which prepares an fs-verity file to be read from. If not already done, it loads the fs-verity descriptor from the filesystem and sets up an fsverity_info structure for the inode which describes the Merkle tree and contains the file measurement. It also denies all attempts to open verity files for writing. This commit also begins the include/linux/fsverity.h header, which declares the interface between fs/verity/ and filesystems. Reviewed-by: Theodore Ts'o Reviewed-by: Jaegeuk Kim Signed-off-by: Eric Biggers --- fs/verity/init.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'fs/verity/init.c') diff --git a/fs/verity/init.c b/fs/verity/init.c index 40076bbe452a..fff1fd634335 100644 --- a/fs/verity/init.c +++ b/fs/verity/init.c @@ -33,8 +33,14 @@ void fsverity_msg(const struct inode *inode, const char *level, static int __init fsverity_init(void) { + int err; + fsverity_check_hash_algs(); + err = fsverity_init_info_cache(); + if (err) + return err; + pr_debug("Initialized fs-verity\n"); return 0; } -- cgit v1.2.3 From 8a1d0f9cacc997bedc017056a94f35dc823394ed Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Mon, 22 Jul 2019 09:26:22 -0700 Subject: fs-verity: add data verification hooks for ->readpages() Add functions that verify data pages that have been read from a fs-verity file, against that file's Merkle tree. These will be called from filesystems' ->readpage() and ->readpages() methods. Since data verification can block, a workqueue is provided for these methods to enqueue verification work from their bio completion callback. See the "Verifying data" section of Documentation/filesystems/fsverity.rst for more information. Reviewed-by: Theodore Ts'o Reviewed-by: Jaegeuk Kim Signed-off-by: Eric Biggers --- fs/verity/init.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'fs/verity/init.c') diff --git a/fs/verity/init.c b/fs/verity/init.c index fff1fd634335..b593805aafcc 100644 --- a/fs/verity/init.c +++ b/fs/verity/init.c @@ -41,7 +41,15 @@ static int __init fsverity_init(void) if (err) return err; + err = fsverity_init_workqueue(); + if (err) + goto err_exit_info_cache; + pr_debug("Initialized fs-verity\n"); return 0; + +err_exit_info_cache: + fsverity_exit_info_cache(); + return err; } late_initcall(fsverity_init) -- cgit v1.2.3 From 432434c9f8e18cb4cf0fe05bc3eeceada0e10dc6 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Mon, 22 Jul 2019 09:26:23 -0700 Subject: fs-verity: support builtin file signatures To meet some users' needs, add optional support for having fs-verity handle a portion of the authentication policy in the kernel. An ".fs-verity" keyring is created to which X.509 certificates can be added; then a sysctl 'fs.verity.require_signatures' can be set to cause the kernel to enforce that all fs-verity files contain a signature of their file measurement by a key in this keyring. See the "Built-in signature verification" section of Documentation/filesystems/fsverity.rst for the full documentation. Reviewed-by: Theodore Ts'o Signed-off-by: Eric Biggers --- fs/verity/init.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'fs/verity/init.c') diff --git a/fs/verity/init.c b/fs/verity/init.c index b593805aafcc..94c104e00861 100644 --- a/fs/verity/init.c +++ b/fs/verity/init.c @@ -45,9 +45,15 @@ static int __init fsverity_init(void) if (err) goto err_exit_info_cache; + err = fsverity_init_signature(); + if (err) + goto err_exit_workqueue; + pr_debug("Initialized fs-verity\n"); return 0; +err_exit_workqueue: + fsverity_exit_workqueue(); err_exit_info_cache: fsverity_exit_info_cache(); return err; -- cgit v1.2.3