Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp896341rwl; Wed, 12 Apr 2023 05:48:04 -0700 (PDT) X-Google-Smtp-Source: AKy350bqvj+JsFU4QtYHGf8+WFPXtMONqrsEVoQxhaoZday3Lr7AKWk18kqN7TlAdZYBsqjhTeTP X-Received: by 2002:a17:906:3957:b0:94a:6229:8fc1 with SMTP id g23-20020a170906395700b0094a62298fc1mr2735658eje.31.1681303684629; Wed, 12 Apr 2023 05:48:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681303684; cv=none; d=google.com; s=arc-20160816; b=cVXRk/AYD++wORiDke92nKSAAZUMyglEgt0Z8rtCtoD774v4l9B+uxah6HQ22j4lwc ha6Mkj2b05MZo/KuGAeNWLqAu4qLhOJSHv6I9BqwAqHzGkPjsdM96IyO6nsmRJoikagy 9QuRBlZpFRjto2eKcPdYfnT5RbzrHBQDS5snVz857aV+FbJm8lgwVbkbiTTjLclFzDNf B5npJVQgZQ7dCfDe97ho0XgxZ3s2Q0YvhLfK0XUDwtKZexDDAID7Zi6CN7coa2ah8Wee ltNDbW1coGSf6x5t3/JnD47ndcOH+uoqA8q9KZxylnLn+W0qrVMeHa4HmmAvjyhyjj8k Aevw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=E0KHAAQwHuVG+JUkhMNXRzfAxWNr8pB44DMS1FIDYiU=; b=NO0Nb8ljqPo8usREwnsMHYSb5Tm1ZJqsR26kzQMd/0V8bmz8mhLsrh/a6BWGO3Vu7J v+ef6VfzJ1Sb5F4yyZFLeaQt5CSL7Z3OKM7d8yv9fHupJQl34CAYxqECAnEmGrpiSqjq ECwD1iHGDuCCdGMLgobQH06KPJ2kCu5zUNKdUaEh9DTAXdpf4TU+t9+W6zC15Bfz3Yzk KHlyPEq7Q/ckDSFfV2pfi7xRQ7TX4A0SmnH+6bdHRiULEbh1IYP30Lti8G/zZj0fwLv/ zssJzGe8mOKl7ltUYeA9eTpiLI6HXpHiH1pzmRfAbI2xwyHKoPuemHJT3d280Eu0gfQS Wwnw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=bombadil.20210309 header.b=VL2Xq3mX; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h8-20020a170906828800b0094a689788b7si576780ejx.930.2023.04.12.05.47.39; Wed, 12 Apr 2023 05:48:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=bombadil.20210309 header.b=VL2Xq3mX; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231701AbjDLMk4 (ORCPT + 99 others); Wed, 12 Apr 2023 08:40:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55738 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229773AbjDLMkz (ORCPT ); Wed, 12 Apr 2023 08:40:55 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2CAD083DE; Wed, 12 Apr 2023 05:40:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=In-Reply-To:Content-Type:MIME-Version :References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=E0KHAAQwHuVG+JUkhMNXRzfAxWNr8pB44DMS1FIDYiU=; b=VL2Xq3mXsX5zJ0mUpgFdjyqzch uwDtv5eusczS8yue8CmgTqmgQlhiERF1JwLtsis14nYKk+RIdUpZM47LPD2BFHt6UpXsa1xX7MUlq QnekFKGKo9ViGfaiGcAq6s4YKopGqFR+iW722YWss5oQKb9l+u8zu789Ruzb9HbRx/zZzFsQ0umAx slzq+P5/cNMhF2GmdH3M1qVbcfQCtTUpgUHQhqO9u68CXXozNoINOdCVMV5plzm+dz1gNP7jGrZvE ZlrzIKFvEvvcxXN0E09iz3XsChVPky8ItYBLK1I+opyB93pWAQHQtWawRH5b332rI/xu7+YxbuakL SS0C2vgQ==; Received: from hch by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pmZlw-003AdB-0z; Wed, 12 Apr 2023 12:40:24 +0000 Date: Wed, 12 Apr 2023 05:40:24 -0700 From: Christoph Hellwig To: Eric Biggers Cc: Christoph Hellwig , Andrey Albershteyn , djwong@kernel.org, dchinner@redhat.com, linux-xfs@vger.kernel.org, fsverity@lists.linux.dev, rpeterso@redhat.com, agruenba@redhat.com, xiang@kernel.org, chao@kernel.org, damien.lemoal@opensource.wdc.com, jth@kernel.org, linux-erofs@lists.ozlabs.org, linux-btrfs@vger.kernel.org, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, cluster-devel@redhat.com Subject: Re: [PATCH v2 00/23] fs-verity support for XFS Message-ID: References: <20230404145319.2057051-1-aalbersh@redhat.com> <20230412023319.GA5105@sol.localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230412023319.GA5105@sol.localdomain> X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org On Tue, Apr 11, 2023 at 07:33:19PM -0700, Eric Biggers wrote: > It seems it's really just the Merkle tree caching interface that is causing > problems, as it's currently too closely tied to the page cache? That is just an > implementation detail that could be reworked along the lines of what is being > discussed. Well, that and some of the XFS internal changes that seem a bit ugly. But it's not only very much tied to the page cache, but also to page aligned data, which is really part of the problem. > But anyway, it is up to the XFS folks. Keep in mind there is also the option of > doing what btrfs is doing, where it stores the Merkle tree separately from the > file data stream, but caches it past i_size in the page cache at runtime. That seems to be the worst of both worlds. > I guess there is also the issue of encryption, which hasn't come up yet since > we're talking about fsverity support only. The Merkle tree (including the > fsverity_descriptor) is supposed to be encrypted, just like the file contents > are. Having it be stored after the file contents accomplishes that easily... > Of course, it doesn't have to be that way; a separate key could be derived, or > the Merkle tree blocks could be encrypted with the file contents key using > indices past i_size, without them physically being stored in the data stream. xattrs contents better be encrypted as well, fsverity or not.