fsverity: remove debug messages and CONFIG_FS_VERITY_DEBUG

I've gotten very little use out of these debug messages, and I'm not
aware of anyone else having used them.

Indeed, sprinkling pr_debug around is not really a best practice these
days, especially for filesystem code.  Tracepoints are used instead.

Let's just remove these and start from a clean slate.

This change does not affect info, warning, and error messages.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Link: https://lore.kernel.org/r/20221215060420.60692-1-ebiggers@kernel.org

diff --git a/fs/verity/Kconfig b/fs/verity/Kconfig
index aad1f1d998b9ddd5dbbdac28f3e78686307f4d12..a7ffd718f1719e4e404ab5dfec6c9a1fa1ee5eb3 100644 (file)
--- a/fs/verity/Kconfig
+++ b/fs/verity/Kconfig
@@ -34,14 +34,6 @@ config FS_VERITY
 
          If unsure, say N.
 
-config FS_VERITY_DEBUG
-       bool "FS Verity debugging"
-       depends on FS_VERITY
-       help
-         Enable debugging messages related to fs-verity by default.
-
-         Say N unless you are an fs-verity developer.
-
 config FS_VERITY_BUILTIN_SIGNATURES
        bool "FS Verity builtin signature support"
        depends on FS_VERITY

diff --git a/fs/verity/enable.c b/fs/verity/enable.c
index a949ce817202acfb6514b70f96519e1ef9402569..8a9189d4798375c819d59f1d7417baae174f5950 100644 (file)
--- a/fs/verity/enable.c
+++ b/fs/verity/enable.c
@@ -70,10 +70,6 @@ static int build_merkle_tree_level(struct file *filp, unsigned int level,
        for (i = 0; i < num_blocks_to_hash; i++) {
                struct page *src_page;
 
-               if ((pgoff_t)i % 10000 == 0 || i + 1 == num_blocks_to_hash)
-                       pr_debug("Hashing block %llu of %llu for level %u\n",
-                                i + 1, num_blocks_to_hash, level);
-
                if (level == 0) {
                        /* Leaf: hashing a data block */
                        src_page = read_file_data_page(filp, i, &ra,
@@ -263,15 +259,12 @@ static int enable_verity(struct file *filp,
         * ->begin_enable_verity() and ->end_enable_verity() using the inode
         * lock and only allow one process to be here at a time on a given file.
         */
-       pr_debug("Building Merkle tree...\n");
        BUILD_BUG_ON(sizeof(desc->root_hash) < FS_VERITY_MAX_DIGEST_SIZE);
        err = build_merkle_tree(filp, &params, desc->root_hash);
        if (err) {
                fsverity_err(inode, "Error %d building Merkle tree", err);
                goto rollback;
        }
-       pr_debug("Done building Merkle tree.  Root hash is %s:%*phN\n",
-                params.hash_alg->name, params.digest_size, desc->root_hash);
 
        /*
         * Create the fsverity_info.  Don't bother trying to save work by
@@ -286,10 +279,6 @@ static int enable_verity(struct file *filp,
                goto rollback;
        }
 
-       if (arg->sig_size)
-               pr_debug("Storing a %u-byte PKCS#7 signature alongside the file\n",
-                        arg->sig_size);
-
        /*
         * Tell the filesystem to finish enabling verity on the file.
         * Serialized with ->begin_enable_verity() by the inode lock.

diff --git a/fs/verity/fsverity_private.h b/fs/verity/fsverity_private.h
index c7fcb855e0682c83551a7d8edafcc5fc1dd0315b..a16038a0ee67d340253d32c1774387a60ad6a4a6 100644 (file)
--- a/fs/verity/fsverity_private.h
+++ b/fs/verity/fsverity_private.h
@@ -8,10 +8,6 @@
 #ifndef _FSVERITY_PRIVATE_H
 #define _FSVERITY_PRIVATE_H
 
-#ifdef CONFIG_FS_VERITY_DEBUG
-#define DEBUG
-#endif
-
 #define pr_fmt(fmt) "fs-verity: " fmt
 
 #include <linux/fsverity.h>

diff --git a/fs/verity/init.c b/fs/verity/init.c
index c98b7016f446be963e9ee57d96660335906743ae..0239051510355471a1f235287b68de634b568ad4 100644 (file)
--- a/fs/verity/init.c
+++ b/fs/verity/init.c
@@ -49,7 +49,6 @@ static int __init fsverity_init(void)
        if (err)
                goto err_exit_workqueue;
 
-       pr_debug("Initialized fs-verity\n");
        return 0;
 
 err_exit_workqueue:

diff --git a/fs/verity/open.c b/fs/verity/open.c
index c723a62841dbfd5bd07b3e7ac5a5d4dade355a2e..e0ef1a62839436e462cbb9b3862c18eb5e0edfba 100644 (file)
--- a/fs/verity/open.c
+++ b/fs/verity/open.c
@@ -77,10 +77,6 @@ int fsverity_init_merkle_tree_params(struct merkle_tree_params *params,
        params->log_arity = params->log_blocksize - ilog2(params->digest_size);
        params->hashes_per_block = 1 << params->log_arity;
 
-       pr_debug("Merkle tree uses %s with %u-byte blocks (%u hashes/block), salt=%*phN\n",
-                hash_alg->name, params->block_size, params->hashes_per_block,
-                (int)salt_size, salt);
-
        /*
         * Compute the number of levels in the Merkle tree and create a map from
         * level to the starting block of that level.  Level 'num_levels - 1' is
@@ -90,7 +86,6 @@ int fsverity_init_merkle_tree_params(struct merkle_tree_params *params,
 
        /* Compute number of levels and the number of blocks in each level */
        blocks = ((u64)inode->i_size + params->block_size - 1) >> log_blocksize;
-       pr_debug("Data is %lld bytes (%llu blocks)\n", inode->i_size, blocks);
        while (blocks > 1) {
                if (params->num_levels >= FS_VERITY_MAX_LEVELS) {
                        fsverity_err(inode, "Too many levels in Merkle tree");
@@ -109,8 +104,6 @@ int fsverity_init_merkle_tree_params(struct merkle_tree_params *params,
        for (level = (int)params->num_levels - 1; level >= 0; level--) {
                blocks = params->level_start[level];
                params->level_start[level] = offset;
-               pr_debug("Level %d is %llu blocks starting at index %llu\n",
-                        level, blocks, offset);
                offset += blocks;
        }
 
@@ -176,9 +169,6 @@ struct fsverity_info *fsverity_create_info(const struct inode *inode,
                fsverity_err(inode, "Error %d computing file digest", err);
                goto out;
        }
-       pr_debug("Computed file digest: %s:%*phN\n",
-                vi->tree_params.hash_alg->name,
-                vi->tree_params.digest_size, vi->file_digest);
 
        err = fsverity_verify_signature(vi, desc->signature,
                                        le32_to_cpu(desc->sig_size));
@@ -327,23 +317,16 @@ out_free_desc:
 
 int __fsverity_file_open(struct inode *inode, struct file *filp)
 {
-       if (filp->f_mode & FMODE_WRITE) {
-               pr_debug("Denying opening verity file (ino %lu) for write\n",
-                        inode->i_ino);
+       if (filp->f_mode & FMODE_WRITE)
                return -EPERM;
-       }
-
        return ensure_verity_info(inode);
 }
 EXPORT_SYMBOL_GPL(__fsverity_file_open);
 
 int __fsverity_prepare_setattr(struct dentry *dentry, struct iattr *attr)
 {
-       if (attr->ia_valid & ATTR_SIZE) {
-               pr_debug("Denying truncate of verity file (ino %lu)\n",
-                        d_inode(dentry)->i_ino);
+       if (attr->ia_valid & ATTR_SIZE)
                return -EPERM;
-       }
        return 0;
 }
 EXPORT_SYMBOL_GPL(__fsverity_prepare_setattr);

diff --git a/fs/verity/signature.c b/fs/verity/signature.c
index 143a530a80088bc62514b65ad3e21718ca819077..e7d3ca919a1e0554c92c1ffb8adea0b8cfefc4fa 100644 (file)
--- a/fs/verity/signature.c
+++ b/fs/verity/signature.c
@@ -82,8 +82,6 @@ int fsverity_verify_signature(const struct fsverity_info *vi,
                return err;
        }
 
-       pr_debug("Valid signature for file digest %s:%*phN\n",
-                hash_alg->name, hash_alg->digest_size, vi->file_digest);
        return 0;
 }
 

diff --git a/fs/verity/verify.c b/fs/verity/verify.c
index 961ba248021f9dd4f0e00c3ad157f325144528c6..de0d7aef785bfedbbda8de2b965e2ccf8dc647cc 100644 (file)
--- a/fs/verity/verify.c
+++ b/fs/verity/verify.c
@@ -9,7 +9,6 @@
 
 #include <crypto/hash.h>
 #include <linux/bio.h>
-#include <linux/ratelimit.h>
 
 static struct workqueue_struct *fsverity_read_workqueue;
 
@@ -91,8 +90,6 @@ static bool verify_page(struct inode *inode, const struct fsverity_info *vi,
        if (WARN_ON_ONCE(!PageLocked(data_page) || PageUptodate(data_page)))
                return false;
 
-       pr_debug_ratelimited("Verifying data page %lu...\n", index);
-
        /*
         * Starting at the leaf level, ascend the tree saving hash pages along
         * the way until we find a verified hash page, indicated by PageChecked;
@@ -105,9 +102,6 @@ static bool verify_page(struct inode *inode, const struct fsverity_info *vi,
 
                hash_at_level(params, index, level, &hindex, &hoffset);
 
-               pr_debug_ratelimited("Level %d: hindex=%lu, hoffset=%u\n",
-                                    level, hindex, hoffset);
-
                hpage = inode->i_sb->s_vop->read_merkle_tree_page(inode, hindex,
                                level == 0 ? level0_ra_pages : 0);
                if (IS_ERR(hpage)) {
@@ -122,19 +116,13 @@ static bool verify_page(struct inode *inode, const struct fsverity_info *vi,
                        memcpy_from_page(_want_hash, hpage, hoffset, hsize);
                        want_hash = _want_hash;
                        put_page(hpage);
-                       pr_debug_ratelimited("Hash page already checked, want %s:%*phN\n",
-                                            params->hash_alg->name,
-                                            hsize, want_hash);
                        goto descend;
                }
-               pr_debug_ratelimited("Hash page not yet checked\n");
                hpages[level] = hpage;
                hoffsets[level] = hoffset;
        }
 
        want_hash = vi->root_hash;
-       pr_debug("Want root hash: %s:%*phN\n",
-                params->hash_alg->name, hsize, want_hash);
 descend:
        /* Descend the tree verifying hash pages */
        for (; level > 0; level--) {
@@ -151,8 +139,6 @@ descend:
                memcpy_from_page(_want_hash, hpage, hoffset, hsize);
                want_hash = _want_hash;
                put_page(hpage);
-               pr_debug("Verified hash page at level %d, now want %s:%*phN\n",
-                        level - 1, params->hash_alg->name, hsize, want_hash);
        }
 
        /* Finally, verify the data page */