| From: |
| Andrey Albershteyn <aalbersh-AT-redhat.com> |
| To: |
| fsverity-AT-lists.linux.dev, linux-fsdevel-AT-vger.kernel.org, linux-xfs-AT-vger.kernel.org, david-AT-fromorbit.com, djwong-AT-kernel.org, ebiggers-AT-kernel.org, hch-AT-lst.de |
| Subject: |
| [PATCH RFC 00/29] fs-verity support for XFS with post EOF merkle tree |
| Date: |
| Mon, 28 Jul 2025 22:30:04 +0200 |
| Message-ID: |
| <20250728-fsverity-v1-0-9e5443af0e34@kernel.org> |
| Cc: |
| Andrey Albershteyn <aalbersh-AT-redhat.com>, Andrey Albershteyn <aalbersh-AT-kernel.org> |
| Archive-link: |
| Article |
Hi all,
This patchset adds fs-verity support for XFS. This version store merkle
tree beyond end of the file, similar as ext4 does it.
The first two patches introduce new iomap_read/write interface in iomap.
The reasons are:
- it is not bound by EOF,
- the iomap_read_region() also allocates folio and returns it to caller.
Then follows changes to the fs-verity core, per-filesystem workqueue,
iomap integration. These are mostly unchanged from previous patchsets.
The iomap read path has a bit of a fs-verity only zeroing logic for the
case when tree block size, fs block size and page size differ. As tree is
contiguous region of memory I just zero the tail of the tree region.
Preallocations. I just disabled preallocations by setting allocation
size to zero for Merkle tree data. This should not be a problem as these
files are read-only and in stable state when we get to Merkle tree
writing. It would be nice to allocate tree size on first write, but I
haven't got to it yet.
The tree is read by iomap into page cache at offset 1 << 53. This seems
to be far enough to handle any supported file size.
Testing. The -g verity is passing for 1k and 4k with/without quota, the
tests include different merkle tree block size.
I plan to look into readahead and whole tree allocation on first write
and xfsprogs requires a bit more work.
Feedback is welcomed :)
xfsprogs:
https://github.com/alberand/xfsprogs/tree/b4/fsverity
xfstests:
https://github.com/alberand/xfstests/tree/b4/fsverity
Cc: fsverity@lists.linux.dev
Cc: linux-fsdevel@vger.kernel.org
Cc: linux-xfs@vger.kernel.org
Cc: david@fromorbit.com
Cc: djwong@kernel.org
Cc: ebiggers@kernel.org
Cc: hch@lst.de
[RFC] Directly mapped xattr data & fs-verity
[1]: https://lore.kernel.org/linux-xfs/20241229133350.1192387-...
---
Andrey Albershteyn (19):
iomap: add iomap_writepages_unbound() to write beyond EOF
iomap: introduce iomap_read/write_region interface
fs: add FS_XFLAG_VERITY for verity files
fsverity: add per-sb workqueue for post read processing
fsverity: add tracepoints
iomap: integrate fs-verity verification into iomap's read path
xfs: add attribute type for fs-verity
xfs: add fs-verity ro-compat flag
xfs: add inode on-disk VERITY flag
xfs: initialize fs-verity on file open and cleanup on inode destruction
xfs: don't allow to enable DAX on fs-verity sealed inode
xfs: disable direct read path for fs-verity files
xfs: disable preallocations for fsverity Merkle tree writes
xfs: add writeback and iomap reading of Merkel tree pages
xfs: add fs-verity support
xfs: add fs-verity ioctls
xfs: fix scrub trace with null pointer in quotacheck
xfs: add fsverity traces
xfs: enable ro-compat fs-verity flag
Darrick J. Wong (10):
fsverity: report validation errors back to the filesystem
fsverity: pass super_block to fsverity_enqueue_verify_work
ext4: use a per-superblock fsverity workqueue
f2fs: use a per-superblock fsverity workqueue
btrfs: use a per-superblock fsverity workqueue
fsverity: remove system-wide workqueue
fsverity: expose merkle tree geometry to callers
xfs: advertise fs-verity being available on filesystem
xfs: check and repair the verity inode flag state
xfs: report verity failures through the health system
Documentation/filesystems/fsverity.rst | 8 +
MAINTAINERS | 1 +
fs/btrfs/super.c | 14 ++
fs/buffer.c | 7 +-
fs/ext4/readpage.c | 4 +-
fs/ext4/super.c | 11 ++
fs/f2fs/compress.c | 3 +-
fs/f2fs/data.c | 2 +-
fs/f2fs/super.c | 11 ++
fs/ioctl.c | 11 ++
fs/iomap/buffered-io.c | 301 ++++++++++++++++++++++++++++--
fs/iomap/ioend.c | 41 +++-
fs/super.c | 3 +
fs/verity/enable.c | 4 +
fs/verity/fsverity_private.h | 2 +-
fs/verity/init.c | 2 +-
fs/verity/open.c | 37 ++++
fs/verity/verify.c | 52 +++---
fs/xfs/Makefile | 1 +
fs/xfs/libxfs/xfs_da_format.h | 15 +-
fs/xfs/libxfs/xfs_format.h | 13 +-
fs/xfs/libxfs/xfs_fs.h | 2 +
fs/xfs/libxfs/xfs_health.h | 4 +-
fs/xfs/libxfs/xfs_inode_buf.c | 8 +
fs/xfs/libxfs/xfs_inode_util.c | 2 +
fs/xfs/libxfs/xfs_log_format.h | 1 +
fs/xfs/libxfs/xfs_sb.c | 4 +
fs/xfs/scrub/attr.c | 7 +
fs/xfs/scrub/common.c | 74 ++++++++
fs/xfs/scrub/common.h | 3 +
fs/xfs/scrub/inode.c | 7 +
fs/xfs/scrub/inode_repair.c | 36 ++++
fs/xfs/scrub/trace.h | 2 +-
fs/xfs/xfs_aops.c | 21 ++-
fs/xfs/xfs_bmap_util.c | 7 +
fs/xfs/xfs_file.c | 23 ++-
fs/xfs/xfs_fsverity.c | 330 +++++++++++++++++++++++++++++++++
fs/xfs/xfs_fsverity.h | 28 +++
fs/xfs/xfs_health.c | 1 +
fs/xfs/xfs_inode.h | 6 +
fs/xfs/xfs_ioctl.c | 16 ++
fs/xfs/xfs_iomap.c | 22 ++-
fs/xfs/xfs_iops.c | 4 +
fs/xfs/xfs_mount.h | 2 +
fs/xfs/xfs_super.c | 22 +++
fs/xfs/xfs_trace.h | 49 ++++-
include/linux/fs.h | 2 +
include/linux/fsverity.h | 49 ++++-
include/linux/iomap.h | 32 ++++
include/trace/events/fsverity.h | 162 ++++++++++++++++
include/uapi/linux/fs.h | 1 +
51 files changed, 1399 insertions(+), 71 deletions(-)
---
base-commit: 305d79226a6a797b193ca681e9f26f3bf081397b
change-id: 20250212-fsverity-eb66cef7fe9b
Best regards,
--
Andrey Albershteyn <aalbersh@kernel.org>
