Age | Commit message (Collapse) | Author |
|
Also add the lock order for verity fs, and add a lock to protect dentry
hash.
PiperOrigin-RevId: 342946537
|
|
children names map can be used to verify whether a child is expected
during walking, so that we can detect unexpected modifications that
deleted/renamed both the target file and the corresponding merkle tree
file.
PiperOrigin-RevId: 342170715
|
|
This lets us avoid treating a value of 0 as one reference. All references
using the refsvfs2 template must call InitRefs() before the reference is
incremented/decremented, or else a panic will occur. Therefore, it should be
pretty easy to identify missing InitRef calls during testing.
Updates #1486.
PiperOrigin-RevId: 341411151
|
|
PiperOrigin-RevId: 340275942
|
|
Also refactor the template and CheckedObject interface to make this cleaner.
Updates #1486.
PiperOrigin-RevId: 339577120
|
|
PiperOrigin-RevId: 339377254
|
|
Also change verity test to use a context with an active task. This is
required to delete/rename the file in the underlying file system.
PiperOrigin-RevId: 339146445
|
|
PiperOrigin-RevId: 338847417
|
|
Updates #1486.
PiperOrigin-RevId: 338832085
|
|
PiperOrigin-RevId: 338798433
|
|
Read is implemented by PRead, with offset obtained from Seek.
PiperOrigin-RevId: 338718587
|
|
Even if the child dentry has been cached, we should still check whether
the file and the corresponding Merkle tree file exist as expected. This
ensures that we can detect deletion/renaming of files that have been
previous enabled and opened.
Also make all verification failures to return EIO. This helps to test
verify failures.
PiperOrigin-RevId: 338709055
|
|
PiperOrigin-RevId: 337384146
|
|
This fixes reference leaks related to accidentally forgetting to DecRef()
after calling one or the other.
PiperOrigin-RevId: 336918922
|
|
Singleton filesystem like devpts and devtmpfs have a single filesystem shared
among all mounts, so they acquire a "self-reference" when initialized that
must be released when the entire virtual filesystem is released at sandbox
exit.
PiperOrigin-RevId: 336828852
|
|
verity Mu should be per file system instead of global, so that enabling
and verifying in different file systems won't block each other.
Also Lock verity Mu in PRead.
PiperOrigin-RevId: 336779356
|
|
Merkle tree library was originally using Read/Seek to access data and
tree, since the parameters are io.ReadSeeker. This could cause race
conditions if multiple threads accesses the same fd to read. Here we
change to use ReaderAt, and implement it with PRead to make it thread
safe.
PiperOrigin-RevId: 336779260
|
|
PiperOrigin-RevId: 336395445
|
|
When a child's root hash or its Merkle path is modified in its parent's
Merkle tree file, opening the file should fail, provided the directory
is verity enabled. The test for this behavior is added.
PiperOrigin-RevId: 334963690
|
|
PiperOrigin-RevId: 334682753
|
|
PiperOrigin-RevId: 334678513
|
|
The tests confirms that when a file is opened in verity, the
corresponding Merkle trees are generated. Also a normal read succeeds on
verity enabled files, but fails if either the verity file or the Merkle
tree file is modified.
PiperOrigin-RevId: 334640331
|
|
Updates #1663
PiperOrigin-RevId: 333539293
|
|
PiperOrigin-RevId: 333412836
|
|
PiperOrigin-RevId: 333404727
|
|
PiperOrigin-RevId: 332486111
|
|
This constant is used to represent int32 stored in file xattrs. The
integers are stored as strings there, so the real size should be the
string size (number of digits) instead of an int size (4 bytes).
PiperOrigin-RevId: 332353217
|
|
PiperOrigin-RevId: 332340342
|
|
As noticed by @ayushr2, the "implements" comments are not
consistent, e.g.
// IterDirents implements kernfs.inodeDynamicLookup.
// Generate implements vfs.DynamicBytesSource.Generate.
This patch improves this by making the comments like this
consistently include the package name (when the interface
and struct are not in the same package) and method name.
Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
|
|
OpenAt() for verity fs is implemented by opening both the target file or
directory and the corresponding Merkle tree file in the underlying file
system. Generally they are only open for read. In allowRuntimeEnable
mode, the Merkle tree file is also open for write.
PiperOrigin-RevId: 332116423
|
|
PRead is implemented by read from the underlying file in blocks, and
verify each block. The verified contents are saved into the output
buffer.
PiperOrigin-RevId: 332092267
|
|
PiperOrigin-RevId: 331940975
|
|
PiperOrigin-RevId: 331905347
|
|
The check in verity walk returns error for non ENOENT cases, and all
ENOENT results should be checked. This case was missing.
PiperOrigin-RevId: 330604771
|
|
ioctl with FS_IOC_ENABLE_VERITY is added to verity file system to enable
a file as verity file. For a file, a Merkle tree is built with its data.
For a directory, a Merkle tree is built with the root hashes of its
children.
PiperOrigin-RevId: 330604368
|
|
PiperOrigin-RevId: 330554450
|
|
Implement walk directories in gvisor verity file system. For each step,
the child dentry is verified against a verified parent root hash.
PiperOrigin-RevId: 329358747
|
|
verity GetFilesystem is implemented by mounting the underlying file
system, save the mount, and store both the underlying root dentry and
root Merkle file dentry in verity's root dentry.
PiperOrigin-RevId: 327959334
|
|
PiperOrigin-RevId: 327123477
|