From: Andrey Albershteyn <aalbersh@kernel.org>
To: linux-xfs@vger.kernel.org, fsverity@lists.linux.dev,
linux-fsdevel@vger.kernel.org, ebiggers@kernel.org
Cc: Andrey Albershteyn <aalbersh@kernel.org>,
hch@lst.de, linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-btrfs@vger.kernel.org, linux-unionfs@vger.kernel.org,
djwong@kernel.org
Subject: [PATCH v8 02/22] fsverity: expose ensure_fsverity_info()
Date: Mon, 20 Apr 2026 13:46:49 +0200 [thread overview]
Message-ID: <20260420114714.1621982-3-aalbersh@kernel.org> (raw)
In-Reply-To: <20260420114714.1621982-1-aalbersh@kernel.org>
This function will be used by XFS's scrub to force fsverity activation,
therefore, to read fsverity context.
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Acked-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Andrey Albershteyn <aalbersh@kernel.org>
---
fs/verity/open.c | 22 ++++++++++++++++++++--
include/linux/fsverity.h | 2 ++
2 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/fs/verity/open.c b/fs/verity/open.c
index dfa0d1afe0fe..d32d0899df25 100644
--- a/fs/verity/open.c
+++ b/fs/verity/open.c
@@ -344,7 +344,24 @@ int fsverity_get_descriptor(struct inode *inode,
return 0;
}
-static int ensure_verity_info(struct inode *inode)
+/**
+ * fsverity_ensure_verity_info() - cache verity info if it's not already cached
+ * @inode: the inode for which verity info should be cached
+ *
+ * Ensure this inode has verity info attached to it, it's assumed the inode
+ * already has fsverity enabled. Read fsverity descriptor and creates verity
+ * based on that.
+ *
+ * This needs to be called at least once before any of the inode's data
+ * can be verified (and thus read at all) or the inode's fsverity digest
+ * retrieved. fsverity_file_open() calls this already, which handles
+ * normal file accesses. If a filesystem does any internal (i.e. not
+ * associated with a file descriptor) reads of the file's data or
+ * fsverity digest, it must call this explicitly before doing so.
+ *
+ * Return: 0 on success, -errno on failure
+ */
+int fsverity_ensure_verity_info(struct inode *inode)
{
struct fsverity_info *vi = fsverity_get_info(inode), *found;
struct fsverity_descriptor *desc;
@@ -380,12 +397,13 @@ static int ensure_verity_info(struct inode *inode)
kfree(desc);
return err;
}
+EXPORT_SYMBOL_GPL(fsverity_ensure_verity_info);
int __fsverity_file_open(struct inode *inode, struct file *filp)
{
if (filp->f_mode & FMODE_WRITE)
return -EPERM;
- return ensure_verity_info(inode);
+ return fsverity_ensure_verity_info(inode);
}
EXPORT_SYMBOL_GPL(__fsverity_file_open);
diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h
index a8f9aa75b792..5562271bd628 100644
--- a/include/linux/fsverity.h
+++ b/include/linux/fsverity.h
@@ -309,6 +309,8 @@ static inline int fsverity_file_open(struct inode *inode, struct file *filp)
return 0;
}
+int fsverity_ensure_verity_info(struct inode *inode);
+
void fsverity_cleanup_inode(struct inode *inode);
struct page *generic_read_merkle_tree_page(struct inode *inode, pgoff_t index);
--
2.51.2
WARNING: multiple messages have this Message-ID (diff)
From: Andrey Albershteyn via Linux-f2fs-devel <linux-f2fs-devel@lists.sourceforge.net>
To: linux-xfs@vger.kernel.org, fsverity@lists.linux.dev,
linux-fsdevel@vger.kernel.org, ebiggers@kernel.org
Cc: Andrey Albershteyn <aalbersh@kernel.org>,
djwong@kernel.org, linux-unionfs@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-ext4@vger.kernel.org, hch@lst.de,
linux-btrfs@vger.kernel.org
Subject: [f2fs-dev] [PATCH v8 02/22] fsverity: expose ensure_fsverity_info()
Date: Mon, 20 Apr 2026 13:46:49 +0200 [thread overview]
Message-ID: <20260420114714.1621982-3-aalbersh@kernel.org> (raw)
In-Reply-To: <20260420114714.1621982-1-aalbersh@kernel.org>
This function will be used by XFS's scrub to force fsverity activation,
therefore, to read fsverity context.
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Acked-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Andrey Albershteyn <aalbersh@kernel.org>
---
fs/verity/open.c | 22 ++++++++++++++++++++--
include/linux/fsverity.h | 2 ++
2 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/fs/verity/open.c b/fs/verity/open.c
index dfa0d1afe0fe..d32d0899df25 100644
--- a/fs/verity/open.c
+++ b/fs/verity/open.c
@@ -344,7 +344,24 @@ int fsverity_get_descriptor(struct inode *inode,
return 0;
}
-static int ensure_verity_info(struct inode *inode)
+/**
+ * fsverity_ensure_verity_info() - cache verity info if it's not already cached
+ * @inode: the inode for which verity info should be cached
+ *
+ * Ensure this inode has verity info attached to it, it's assumed the inode
+ * already has fsverity enabled. Read fsverity descriptor and creates verity
+ * based on that.
+ *
+ * This needs to be called at least once before any of the inode's data
+ * can be verified (and thus read at all) or the inode's fsverity digest
+ * retrieved. fsverity_file_open() calls this already, which handles
+ * normal file accesses. If a filesystem does any internal (i.e. not
+ * associated with a file descriptor) reads of the file's data or
+ * fsverity digest, it must call this explicitly before doing so.
+ *
+ * Return: 0 on success, -errno on failure
+ */
+int fsverity_ensure_verity_info(struct inode *inode)
{
struct fsverity_info *vi = fsverity_get_info(inode), *found;
struct fsverity_descriptor *desc;
@@ -380,12 +397,13 @@ static int ensure_verity_info(struct inode *inode)
kfree(desc);
return err;
}
+EXPORT_SYMBOL_GPL(fsverity_ensure_verity_info);
int __fsverity_file_open(struct inode *inode, struct file *filp)
{
if (filp->f_mode & FMODE_WRITE)
return -EPERM;
- return ensure_verity_info(inode);
+ return fsverity_ensure_verity_info(inode);
}
EXPORT_SYMBOL_GPL(__fsverity_file_open);
diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h
index a8f9aa75b792..5562271bd628 100644
--- a/include/linux/fsverity.h
+++ b/include/linux/fsverity.h
@@ -309,6 +309,8 @@ static inline int fsverity_file_open(struct inode *inode, struct file *filp)
return 0;
}
+int fsverity_ensure_verity_info(struct inode *inode);
+
void fsverity_cleanup_inode(struct inode *inode);
struct page *generic_read_merkle_tree_page(struct inode *inode, pgoff_t index);
--
2.51.2
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next prev parent reply other threads:[~2026-04-20 11:47 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-20 11:46 [PATCH v8 00/22] fs-verity support for XFS with post EOF merkle tree Andrey Albershteyn
2026-04-20 11:46 ` [f2fs-dev] " Andrey Albershteyn via Linux-f2fs-devel
2026-04-20 11:46 ` [PATCH v8 01/22] fsverity: report validation errors through fserror to fsnotify Andrey Albershteyn
2026-04-20 11:46 ` [f2fs-dev] " Andrey Albershteyn via Linux-f2fs-devel
2026-04-20 11:46 ` Andrey Albershteyn [this message]
2026-04-20 11:46 ` [f2fs-dev] [PATCH v8 02/22] fsverity: expose ensure_fsverity_info() Andrey Albershteyn via Linux-f2fs-devel
2026-04-20 11:46 ` [PATCH v8 03/22] ovl: use core fsverity ensure info interface Andrey Albershteyn
2026-04-20 11:46 ` [f2fs-dev] " Andrey Albershteyn via Linux-f2fs-devel
2026-04-21 21:44 ` Eric Biggers
2026-04-21 21:44 ` [f2fs-dev] " Eric Biggers via Linux-f2fs-devel
2026-04-22 9:59 ` Andrey Albershteyn
2026-04-22 9:59 ` [f2fs-dev] " Andrey Albershteyn via Linux-f2fs-devel
2026-04-22 22:46 ` Eric Biggers
2026-04-22 22:46 ` [f2fs-dev] " Eric Biggers via Linux-f2fs-devel
2026-04-20 11:46 ` [PATCH v8 04/22] fsverity: generate and store zero-block hash Andrey Albershteyn
2026-04-20 11:46 ` [f2fs-dev] " Andrey Albershteyn via Linux-f2fs-devel
2026-04-21 21:47 ` Eric Biggers
2026-04-21 21:47 ` [f2fs-dev] " Eric Biggers via Linux-f2fs-devel
2026-04-20 11:46 ` [PATCH v8 05/22] fsverity: pass digest size and hash of the all-zeroes block to ->write Andrey Albershteyn
2026-04-20 11:46 ` [f2fs-dev] " Andrey Albershteyn via Linux-f2fs-devel
2026-04-20 11:46 ` [PATCH v8 06/22] fsverity: hoist pagecache_read from f2fs/ext4 to fsverity Andrey Albershteyn
2026-04-20 11:46 ` [f2fs-dev] " Andrey Albershteyn via Linux-f2fs-devel
2026-04-20 11:46 ` [PATCH v8 07/22] iomap: introduce IOMAP_F_FSVERITY and teach writeback to handle fsverity Andrey Albershteyn
2026-04-20 11:46 ` [f2fs-dev] " Andrey Albershteyn via Linux-f2fs-devel
2026-04-20 11:46 ` [PATCH v8 08/22] iomap: teach iomap to read files with fsverity Andrey Albershteyn
2026-04-20 11:46 ` [f2fs-dev] " Andrey Albershteyn via Linux-f2fs-devel
2026-04-20 11:46 ` [PATCH v8 09/22] iomap: introduce iomap_fsverity_write() for writing fsverity metadata Andrey Albershteyn
2026-04-20 11:46 ` [f2fs-dev] " Andrey Albershteyn via Linux-f2fs-devel
2026-04-20 11:46 ` [PATCH v8 10/22] xfs: introduce fsverity on-disk changes Andrey Albershteyn
2026-04-20 11:46 ` [f2fs-dev] " Andrey Albershteyn via Linux-f2fs-devel
2026-04-20 11:46 ` [PATCH v8 11/22] xfs: initialize fs-verity on file open Andrey Albershteyn
2026-04-20 11:46 ` [f2fs-dev] " Andrey Albershteyn via Linux-f2fs-devel
2026-04-20 11:46 ` [PATCH v8 12/22] xfs: don't allow to enable DAX on fs-verity sealed inode Andrey Albershteyn
2026-04-20 11:46 ` [f2fs-dev] " Andrey Albershteyn via Linux-f2fs-devel
2026-04-20 11:47 ` [PATCH v8 13/22] xfs: disable direct read path for fs-verity files Andrey Albershteyn
2026-04-20 11:47 ` [f2fs-dev] " Andrey Albershteyn via Linux-f2fs-devel
2026-04-20 11:47 ` [PATCH v8 14/22] xfs: handle fsverity I/O in write/read path Andrey Albershteyn
2026-04-20 11:47 ` [f2fs-dev] " Andrey Albershteyn via Linux-f2fs-devel
2026-04-20 11:47 ` [PATCH v8 15/22] xfs: use read ioend for fsverity data verification Andrey Albershteyn
2026-04-20 11:47 ` [f2fs-dev] " Andrey Albershteyn via Linux-f2fs-devel
2026-04-20 11:47 ` [PATCH v8 16/22] xfs: add fs-verity support Andrey Albershteyn
2026-04-20 11:47 ` [f2fs-dev] " Andrey Albershteyn via Linux-f2fs-devel
2026-04-20 11:47 ` [PATCH v8 17/22] xfs: remove unwritten extents after preallocations in fsverity metadata Andrey Albershteyn
2026-04-20 11:47 ` [f2fs-dev] " Andrey Albershteyn via Linux-f2fs-devel
2026-04-20 11:47 ` [PATCH v8 18/22] xfs: add fs-verity ioctls Andrey Albershteyn
2026-04-20 11:47 ` [f2fs-dev] " Andrey Albershteyn via Linux-f2fs-devel
2026-04-20 11:47 ` [PATCH v8 19/22] xfs: advertise fs-verity being available on filesystem Andrey Albershteyn
2026-04-20 11:47 ` [f2fs-dev] " Andrey Albershteyn via Linux-f2fs-devel
2026-04-20 11:47 ` [PATCH v8 20/22] xfs: check and repair the verity inode flag state Andrey Albershteyn
2026-04-20 11:47 ` [f2fs-dev] " Andrey Albershteyn via Linux-f2fs-devel
2026-04-20 11:47 ` [PATCH v8 21/22] xfs: introduce health state for corrupted fsverity metadata Andrey Albershteyn
2026-04-20 11:47 ` [f2fs-dev] " Andrey Albershteyn via Linux-f2fs-devel
2026-04-20 11:47 ` [PATCH v8 22/22] xfs: enable ro-compat fs-verity flag Andrey Albershteyn
2026-04-20 11:47 ` [f2fs-dev] " Andrey Albershteyn via Linux-f2fs-devel
2026-04-21 21:43 ` [PATCH v8 00/22] fs-verity support for XFS with post EOF merkle tree Eric Biggers
2026-04-21 21:43 ` [f2fs-dev] " Eric Biggers via Linux-f2fs-devel
2026-04-22 8:58 ` Andrey Albershteyn
2026-04-22 8:58 ` [f2fs-dev] " Andrey Albershteyn via Linux-f2fs-devel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260420114714.1621982-3-aalbersh@kernel.org \
--to=aalbersh@kernel.org \
--cc=djwong@kernel.org \
--cc=ebiggers@kernel.org \
--cc=fsverity@lists.linux.dev \
--cc=hch@lst.de \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.