ext4: update on-disk format documentation for fs-verity

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Document the format of verity files on ext4, and the corresponding inode
and superblock flags.

Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Eric Biggers <ebiggers@google.com>

Eric Biggers 6 years ago 84fb7ca4 22cfe4b4

+48 -2

4 changed files

expand all

Documentation

filesystems

ext4

inodes.rst

overview.rst

super.rst

verity.rst

+4 -2

Documentation/filesystems/ext4/inodes.rst

··· 277 277 - This is a huge file (EXT4\_HUGE\_FILE\_FL). 278 278 * - 0x80000 279 279 - Inode uses extents (EXT4\_EXTENTS\_FL). 280 + * - 0x100000 281 + - Verity protected file (EXT4\_VERITY\_FL). 280 282 * - 0x200000 281 283 - Inode stores a large extended attribute value in its data blocks 282 284 (EXT4\_EA\_INODE\_FL). ··· 301 299 - Reserved for ext4 library (EXT4\_RESERVED\_FL). 302 300 * - 303 301 - Aggregate flags: 304 - * - 0x4BDFFF 302 + * - 0x705BDFFF 305 303 - User-visible flags. 306 - * - 0x4B80FF 304 + * - 0x604BC0FF 307 305 - User-modifiable flags. Note that while EXT4\_JOURNAL\_DATA\_FL and 308 306 EXT4\_EXTENTS\_FL can be set with setattr, they are not in the kernel's 309 307 EXT4\_FL\_USER\_MODIFIABLE mask, since it needs to handle the setting of

Documentation/filesystems/ext4/overview.rst

··· 24 24 .. include:: bigalloc.rst 25 25 .. include:: inlinedata.rst 26 26 .. include:: eainode.rst 27 + .. include:: verity.rst

Documentation/filesystems/ext4/super.rst

··· 696 696 (RO\_COMPAT\_READONLY) 697 697 * - 0x2000 698 698 - Filesystem tracks project quotas. (RO\_COMPAT\_PROJECT) 699 + * - 0x8000 700 + - Verity inodes may be present on the filesystem. (RO\_COMPAT\_VERITY) 699 701 700 702 .. _super_def_hash: 701 703

+41

Documentation/filesystems/ext4/verity.rst

··· 1 + .. SPDX-License-Identifier: GPL-2.0 2 + 3 + Verity files 4 + ------------ 5 + 6 + ext4 supports fs-verity, which is a filesystem feature that provides 7 + Merkle tree based hashing for individual readonly files. Most of 8 + fs-verity is common to all filesystems that support it; see 9 + :ref:`Documentation/filesystems/fsverity.rst <fsverity>` for the 10 + fs-verity documentation. However, the on-disk layout of the verity 11 + metadata is filesystem-specific. On ext4, the verity metadata is 12 + stored after the end of the file data itself, in the following format: 13 + 14 + - Zero-padding to the next 65536-byte boundary. This padding need not 15 + actually be allocated on-disk, i.e. it may be a hole. 16 + 17 + - The Merkle tree, as documented in 18 + :ref:`Documentation/filesystems/fsverity.rst 19 + <fsverity_merkle_tree>`, with the tree levels stored in order from 20 + root to leaf, and the tree blocks within each level stored in their 21 + natural order. 22 + 23 + - Zero-padding to the next filesystem block boundary. 24 + 25 + - The verity descriptor, as documented in 26 + :ref:`Documentation/filesystems/fsverity.rst <fsverity_descriptor>`, 27 + with optionally appended signature blob. 28 + 29 + - Zero-padding to the next offset that is 4 bytes before a filesystem 30 + block boundary. 31 + 32 + - The size of the verity descriptor in bytes, as a 4-byte little 33 + endian integer. 34 + 35 + Verity inodes have EXT4_VERITY_FL set, and they must use extents, i.e. 36 + EXT4_EXTENTS_FL must be set and EXT4_INLINE_DATA_FL must be clear. 37 + They can have EXT4_ENCRYPT_FL set, in which case the verity metadata 38 + is encrypted as well as the data itself. 39 + 40 + Verity files cannot have blocks allocated past the end of the verity 41 + metadata.