Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp337248rwl; Tue, 11 Apr 2023 19:39:16 -0700 (PDT) X-Google-Smtp-Source: AKy350axTQo5og1u0CMf1fGhXflPAPhXOIw+8BVYjUniDyejZB68VW8yLemoNwOw20wtLcrXM3kF X-Received: by 2002:a17:906:2c14:b0:8b8:c06e:52d8 with SMTP id e20-20020a1709062c1400b008b8c06e52d8mr537376ejh.36.1681267156403; Tue, 11 Apr 2023 19:39:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681267156; cv=none; d=google.com; s=arc-20160816; b=vix0tqU8ofwH3B181gnbknufAqHkfl6ZFzrtELcWMC8f+dZ2ZR/TKTW16WgmoXnA0E SIwa+d4K8Q10e1XLNXnofkfIL1hbOkfXyV66fpkv+ZZrUu0uJIv40zZUu3++UoKq8BH2 XS4NCXepSku3esHzw1nNBos9kknoit1uNTtxsFwpFDZWFEIVrJ2Phqp0yiN6QeGYMErc s4BEMm+DPX0B9Z9UkWxLW5TsUwzVHREiA/S6E774i1N4thNiJ0WZIPqB983Ed+k/PAHu niIbJ9kKmtbFY8f7k9rCefVKr5Rn+bF5XLD5txLts9dyepFVY+AV0BY01n064vUAb8Ym M9sw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=M7cvxi4mXz5zjzi4JIBZ0G/0ou83kWE466Fx7kWGv6I=; b=Qy14dqFMAKIgPy9AMZP6LUvkIJDghVDU6pfjvK1FiM11L3Zcad+EVfrJbgo11isS1K Rz7pCk16tjvZsrkFvKjCUZhzKpntjNJHA5GAcAgtz5L+7JHpeiZDQd2cR8D8yQOCcKxs mbOr4vkjM5flf74bP61PKMUKm6hg8W85F12+96xHVXJfd9x3XDwEhvZMvfGnevSdxdUc VZ1L8uOcxl4I6HqlRdXA5cF1BRDY1Ded07jx1fYgADlSk/DN5o3RYVTy78ZrhA4DKw12 df/+ZNlZGatrvYnyJ3CAA8NCPeuyIPifEDZSavIAomGcxw7HRfzP6VYkxtw9Nof5eIw7 Gmwg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ICEWpWIH; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s10-20020a1709066c8a00b0094a8b7dca8dsi2003230ejr.468.2023.04.11.19.38.50; Tue, 11 Apr 2023 19:39:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ICEWpWIH; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229551AbjDLCdY (ORCPT + 99 others); Tue, 11 Apr 2023 22:33:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41592 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229469AbjDLCdX (ORCPT ); Tue, 11 Apr 2023 22:33:23 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 88C41172B; Tue, 11 Apr 2023 19:33:22 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 257C561C99; Wed, 12 Apr 2023 02:33:22 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0F370C433D2; Wed, 12 Apr 2023 02:33:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1681266801; bh=uWYRkl4H5QxQQyKZRkipfJYb8JT+WBT0+Wf0sQwa8R4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=ICEWpWIHfCvZctrTa23zt5ow0V8NDHh2F1i00eVdXSsHwgqMLrkRT/XlEYlKmjHDc 19nDnI8fLxzFqlz2xC7lWzBe/z+FLZQp9I6XnZMJNnBuVmGr4gIcbNqsErYoKb0m7p sxQgr5EWBTLQtP3m6ZbcVg4DVMLneqkbV0LUwwpej+ysbJ8GM6GOmxaIXmht+TVLM5 8AoJUx4LJxeAkTKLmK+QxNTrCOzWSGGlTQai0S4osbYt1lIObyZ+GefEjAWZe5ts/v 1DVrYg2TcXMS5rnXRentQX9hoIWFgOeiZNMnlongYGP1HyqIKramwdoHwdF+582obz FYYaJGFJaqEvg== Date: Tue, 11 Apr 2023 19:33:19 -0700 From: Eric Biggers To: Christoph Hellwig Cc: Andrey Albershteyn , djwong@kernel.org, dchinner@redhat.com, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev, rpeterso@redhat.com, agruenba@redhat.com, xiang@kernel.org, chao@kernel.org, damien.lemoal@opensource.wdc.com, jth@kernel.org, linux-erofs@lists.ozlabs.org, linux-btrfs@vger.kernel.org, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, cluster-devel@redhat.com Subject: Re: [PATCH v2 00/23] fs-verity support for XFS Message-ID: <20230412023319.GA5105@sol.localdomain> References: <20230404145319.2057051-1-aalbersh@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org On Mon, Apr 10, 2023 at 10:19:46PM -0700, Christoph Hellwig wrote: > Dave is going to hate me for this, but.. > > I've been looking over some of the interfaces here, and I'm starting > to very seriously questioning the design decisions of storing the > fsverity hashes in xattrs. > > Yes, storing them beyond i_size in the file is a bit of a hack, but > it allows to reuse a lot of the existing infrastructure, and much > of fsverity is based around it. So storing them in an xattrs causes > a lot of churn in the interface. And the XFS side with special > casing xattr indices also seems not exactly nice. It seems it's really just the Merkle tree caching interface that is causing problems, as it's currently too closely tied to the page cache? That is just an implementation detail that could be reworked along the lines of what is being discussed. But anyway, it is up to the XFS folks. Keep in mind there is also the option of doing what btrfs is doing, where it stores the Merkle tree separately from the file data stream, but caches it past i_size in the page cache at runtime. I guess there is also the issue of encryption, which hasn't come up yet since we're talking about fsverity support only. The Merkle tree (including the fsverity_descriptor) is supposed to be encrypted, just like the file contents are. Having it be stored after the file contents accomplishes that easily... Of course, it doesn't have to be that way; a separate key could be derived, or the Merkle tree blocks could be encrypted with the file contents key using indices past i_size, without them physically being stored in the data stream. - Eric