Commit 8da572c5 authored by Eric Biggers's avatar Eric Biggers

fs-verity: mention btrfs support

btrfs supports fs-verity since Linux v5.15.  Document this.
Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
Acked-by: default avatarDavid Sterba <dsterba@suse.com>
Link: https://lore.kernel.org/r/20220610000616.18225-1-ebiggers@kernel.org
parent 32346491
...@@ -11,9 +11,9 @@ Introduction ...@@ -11,9 +11,9 @@ Introduction
fs-verity (``fs/verity/``) is a support layer that filesystems can fs-verity (``fs/verity/``) is a support layer that filesystems can
hook into to support transparent integrity and authenticity protection hook into to support transparent integrity and authenticity protection
of read-only files. Currently, it is supported by the ext4 and f2fs of read-only files. Currently, it is supported by the ext4, f2fs, and
filesystems. Like fscrypt, not too much filesystem-specific code is btrfs filesystems. Like fscrypt, not too much filesystem-specific
needed to support fs-verity. code is needed to support fs-verity.
fs-verity is similar to `dm-verity fs-verity is similar to `dm-verity
<https://www.kernel.org/doc/Documentation/device-mapper/verity.txt>`_ <https://www.kernel.org/doc/Documentation/device-mapper/verity.txt>`_
...@@ -473,9 +473,9 @@ files being swapped around. ...@@ -473,9 +473,9 @@ files being swapped around.
Filesystem support Filesystem support
================== ==================
fs-verity is currently supported by the ext4 and f2fs filesystems. fs-verity is supported by several filesystems, described below. The
The CONFIG_FS_VERITY kconfig option must be enabled to use fs-verity CONFIG_FS_VERITY kconfig option must be enabled to use fs-verity on
on either filesystem. any of these filesystems.
``include/linux/fsverity.h`` declares the interface between the ``include/linux/fsverity.h`` declares the interface between the
``fs/verity/`` support layer and filesystems. Briefly, filesystems ``fs/verity/`` support layer and filesystems. Briefly, filesystems
...@@ -544,6 +544,13 @@ Currently, f2fs verity only supports a Merkle tree block size of 4096. ...@@ -544,6 +544,13 @@ Currently, f2fs verity only supports a Merkle tree block size of 4096.
Also, f2fs doesn't support enabling verity on files that currently Also, f2fs doesn't support enabling verity on files that currently
have atomic or volatile writes pending. have atomic or volatile writes pending.
btrfs
-----
btrfs supports fs-verity since Linux v5.15. Verity-enabled inodes are
marked with a RO_COMPAT inode flag, and the verity metadata is stored
in separate btree items.
Implementation details Implementation details
====================== ======================
...@@ -622,14 +629,14 @@ workqueue, and then the workqueue work does the decryption or ...@@ -622,14 +629,14 @@ workqueue, and then the workqueue work does the decryption or
verification. Finally, pages where no decryption or verity error verification. Finally, pages where no decryption or verity error
occurred are marked Uptodate, and the pages are unlocked. occurred are marked Uptodate, and the pages are unlocked.
Files on ext4 and f2fs may contain holes. Normally, ``->readahead()`` On many filesystems, files can contain holes. Normally,
simply zeroes holes and sets the corresponding pages Uptodate; no bios ``->readahead()`` simply zeroes holes and sets the corresponding pages
are issued. To prevent this case from bypassing fs-verity, these Uptodate; no bios are issued. To prevent this case from bypassing
filesystems use fsverity_verify_page() to verify hole pages. fs-verity, these filesystems use fsverity_verify_page() to verify hole
pages.
ext4 and f2fs disable direct I/O on verity files, since otherwise Filesystems also disable direct I/O on verity files, since otherwise
direct I/O would bypass fs-verity. (They also do the same for direct I/O would bypass fs-verity.
encrypted files.)
Userspace utility Userspace utility
================= =================
...@@ -648,7 +655,7 @@ Tests ...@@ -648,7 +655,7 @@ Tests
To test fs-verity, use xfstests. For example, using `kvm-xfstests To test fs-verity, use xfstests. For example, using `kvm-xfstests
<https://github.com/tytso/xfstests-bld/blob/master/Documentation/kvm-quickstart.md>`_:: <https://github.com/tytso/xfstests-bld/blob/master/Documentation/kvm-quickstart.md>`_::
kvm-xfstests -c ext4,f2fs -g verity kvm-xfstests -c ext4,f2fs,btrfs -g verity
FAQ FAQ
=== ===
...@@ -771,15 +778,15 @@ weren't already directly answered in other parts of this document. ...@@ -771,15 +778,15 @@ weren't already directly answered in other parts of this document.
e.g. magically trigger construction of a Merkle tree. e.g. magically trigger construction of a Merkle tree.
:Q: Does fs-verity support remote filesystems? :Q: Does fs-verity support remote filesystems?
:A: Only ext4 and f2fs support is implemented currently, but in :A: So far all filesystems that have implemented fs-verity support are
principle any filesystem that can store per-file verity metadata local filesystems, but in principle any filesystem that can store
can support fs-verity, regardless of whether it's local or remote. per-file verity metadata can support fs-verity, regardless of
Some filesystems may have fewer options of where to store the whether it's local or remote. Some filesystems may have fewer
verity metadata; one possibility is to store it past the end of options of where to store the verity metadata; one possibility is
the file and "hide" it from userspace by manipulating i_size. The to store it past the end of the file and "hide" it from userspace
data verification functions provided by ``fs/verity/`` also assume by manipulating i_size. The data verification functions provided
that the filesystem uses the Linux pagecache, but both local and by ``fs/verity/`` also assume that the filesystem uses the Linux
remote filesystems normally do so. pagecache, but both local and remote filesystems normally do so.
:Q: Why is anything filesystem-specific at all? Shouldn't fs-verity :Q: Why is anything filesystem-specific at all? Shouldn't fs-verity
be implemented entirely at the VFS level? be implemented entirely at the VFS level?
......
...@@ -14,11 +14,11 @@ config FS_VERITY ...@@ -14,11 +14,11 @@ config FS_VERITY
help help
This option enables fs-verity. fs-verity is the dm-verity This option enables fs-verity. fs-verity is the dm-verity
mechanism implemented at the file level. On supported mechanism implemented at the file level. On supported
filesystems (currently EXT4 and F2FS), userspace can use an filesystems (currently ext4, f2fs, and btrfs), userspace can
ioctl to enable verity for a file, which causes the filesystem use an ioctl to enable verity for a file, which causes the
to build a Merkle tree for the file. The filesystem will then filesystem to build a Merkle tree for the file. The filesystem
transparently verify any data read from the file against the will then transparently verify any data read from the file
Merkle tree. The file is also made read-only. against the Merkle tree. The file is also made read-only.
This serves as an integrity check, but the availability of the This serves as an integrity check, but the availability of the
Merkle tree root hash also allows efficiently supporting Merkle tree root hash also allows efficiently supporting
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment