From: Andrey Albershteyn <aalbersh@redhat.com>
To: fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org,
linux-xfs@vger.kernel.org, david@fromorbit.com,
djwong@kernel.org, ebiggers@kernel.org, hch@lst.de
Subject: [PATCH RFC 06/29] fsverity: report validation errors back to the filesystem
Date: Mon, 28 Jul 2025 22:30:10 +0200 [thread overview]
Message-ID: <20250728-fsverity-v1-6-9e5443af0e34@kernel.org> (raw)
In-Reply-To: <20250728-fsverity-v1-0-9e5443af0e34@kernel.org>
From: "Darrick J. Wong" <djwong@kernel.org>
Provide a new function call so that validation errors can be reported
back to the filesystem.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
---
fs/verity/verify.c | 4 ++++
include/linux/fsverity.h | 14 ++++++++++++++
include/trace/events/fsverity.h | 19 +++++++++++++++++++
3 files changed, 37 insertions(+)
diff --git a/fs/verity/verify.c b/fs/verity/verify.c
index 580486168467..917a5fb5388f 100644
--- a/fs/verity/verify.c
+++ b/fs/verity/verify.c
@@ -243,6 +243,10 @@ verify_data_block(struct inode *inode, struct fsverity_info *vi,
data_pos, level - 1,
params->hash_alg->name, hsize, want_hash,
params->hash_alg->name, hsize, real_hash);
+ trace_fsverity_file_corrupt(inode, data_pos, params->block_size);
+ if (inode->i_sb->s_vop->file_corrupt)
+ inode->i_sb->s_vop->file_corrupt(inode, data_pos,
+ params->block_size);
error:
for (; level > 0; level--) {
kunmap_local(hblocks[level - 1].addr);
diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h
index 9b91bd54fb75..d263e988bec2 100644
--- a/include/linux/fsverity.h
+++ b/include/linux/fsverity.h
@@ -120,6 +120,20 @@ struct fsverity_operations {
*/
int (*write_merkle_tree_block)(struct inode *inode, const void *buf,
u64 pos, unsigned int size);
+
+ /**
+ * Notify the filesystem that file data is corrupt.
+ *
+ * @inode: the inode being validated
+ * @pos: the file position of the invalid data
+ * @len: the length of the invalid data
+ *
+ * This function is called when fs-verity detects that a portion of a
+ * file's data is inconsistent with the Merkle tree, or a Merkle tree
+ * block needed to validate the data is inconsistent with the level
+ * above it.
+ */
+ void (*file_corrupt)(struct inode *inode, loff_t pos, size_t len);
};
#ifdef CONFIG_FS_VERITY
diff --git a/include/trace/events/fsverity.h b/include/trace/events/fsverity.h
index dab220884b89..375fdddac6a9 100644
--- a/include/trace/events/fsverity.h
+++ b/include/trace/events/fsverity.h
@@ -137,6 +137,25 @@ TRACE_EVENT(fsverity_verify_merkle_block,
__entry->hidx)
);
+TRACE_EVENT(fsverity_file_corrupt,
+ TP_PROTO(const struct inode *inode, loff_t pos, size_t len),
+ TP_ARGS(inode, pos, len),
+ TP_STRUCT__entry(
+ __field(ino_t, ino)
+ __field(loff_t, pos)
+ __field(size_t, len)
+ ),
+ TP_fast_assign(
+ __entry->ino = inode->i_ino;
+ __entry->pos = pos;
+ __entry->len = len;
+ ),
+ TP_printk("ino %lu pos %llu len %zu",
+ (unsigned long) __entry->ino,
+ __entry->pos,
+ __entry->len)
+);
+
#endif /* _TRACE_FSVERITY_H */
/* This part must be outside protection */
--
2.50.0
next prev parent reply other threads:[~2025-07-28 20:31 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-28 20:30 [PATCH RFC 00/29] fs-verity support for XFS with post EOF merkle tree Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 01/29] iomap: add iomap_writepages_unbound() to write beyond EOF Andrey Albershteyn
2025-07-29 22:07 ` Darrick J. Wong
2025-07-31 15:04 ` Andrey Albershteyn
2025-07-31 18:43 ` Joanne Koong
2025-08-04 11:34 ` Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 02/29] iomap: introduce iomap_read/write_region interface Andrey Albershteyn
2025-07-29 22:22 ` Darrick J. Wong
2025-07-31 15:51 ` Andrey Albershteyn
2025-08-11 11:43 ` Christoph Hellwig
2025-07-28 20:30 ` [PATCH RFC 03/29] fs: add FS_XFLAG_VERITY for verity files Andrey Albershteyn
2025-07-29 9:53 ` Amir Goldstein
2025-07-29 10:35 ` Andrey Albershteyn
2025-07-29 12:06 ` Amir Goldstein
2025-08-12 7:51 ` Christoph Hellwig
2025-07-28 20:30 ` [PATCH RFC 04/29] fsverity: add per-sb workqueue for post read processing Andrey Albershteyn
2025-08-11 11:45 ` Christoph Hellwig
2025-08-11 17:51 ` Tejun Heo
2025-08-12 7:43 ` Christoph Hellwig
2025-08-12 19:52 ` Tejun Heo
2025-07-28 20:30 ` [PATCH RFC 05/29] fsverity: add tracepoints Andrey Albershteyn
2025-07-28 20:30 ` Andrey Albershteyn [this message]
2025-08-11 11:46 ` [PATCH RFC 06/29] fsverity: report validation errors back to the filesystem Christoph Hellwig
2025-08-11 15:31 ` Darrick J. Wong
2025-08-12 7:34 ` Christoph Hellwig
2025-08-12 7:56 ` Christoph Hellwig
2025-07-28 20:30 ` [PATCH RFC 07/29] fsverity: pass super_block to fsverity_enqueue_verify_work Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 08/29] ext4: use a per-superblock fsverity workqueue Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 09/29] f2fs: " Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 10/29] btrfs: " Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 11/29] fsverity: remove system-wide workqueue Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 12/29] fsverity: expose merkle tree geometry to callers Andrey Albershteyn
2025-08-11 11:48 ` Christoph Hellwig
2025-08-11 15:38 ` Darrick J. Wong
2025-08-11 19:06 ` Andrey Albershteyn
2025-08-12 7:42 ` Christoph Hellwig
2025-08-12 19:09 ` Darrick J. Wong
2025-07-28 20:30 ` [PATCH RFC 13/29] iomap: integrate fs-verity verification into iomap's read path Andrey Albershteyn
2025-07-29 23:21 ` Darrick J. Wong
2025-07-31 11:34 ` Andrey Albershteyn
2025-07-31 14:52 ` Darrick J. Wong
2025-07-31 15:01 ` Andrey Albershteyn
2025-07-31 15:08 ` Darrick J. Wong
2025-07-28 20:30 ` [PATCH RFC 14/29] xfs: add attribute type for fs-verity Andrey Albershteyn
2025-08-11 11:50 ` Christoph Hellwig
2025-08-11 19:00 ` Andrey Albershteyn
2025-08-12 7:44 ` Christoph Hellwig
2025-08-12 17:11 ` Andrey Albershteyn
2025-08-12 19:12 ` Darrick J. Wong
2025-07-28 20:30 ` [PATCH RFC 15/29] xfs: add fs-verity ro-compat flag Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 16/29] xfs: add inode on-disk VERITY flag Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 17/29] xfs: initialize fs-verity on file open and cleanup on inode destruction Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 18/29] xfs: don't allow to enable DAX on fs-verity sealed inode Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 19/29] xfs: disable direct read path for fs-verity files Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 20/29] xfs: disable preallocations for fsverity Merkle tree writes Andrey Albershteyn
2025-07-29 22:27 ` Darrick J. Wong
2025-07-31 11:42 ` Andrey Albershteyn
2025-07-31 14:49 ` Darrick J. Wong
2025-07-28 20:30 ` [PATCH RFC 21/29] xfs: add writeback and iomap reading of Merkel tree pages Andrey Albershteyn
2025-07-29 22:33 ` Darrick J. Wong
2025-07-28 20:30 ` [PATCH RFC 22/29] xfs: add fs-verity support Andrey Albershteyn
2025-07-29 23:05 ` Darrick J. Wong
2025-07-31 14:50 ` Andrey Albershteyn
2025-07-31 15:07 ` Darrick J. Wong
2025-07-28 20:30 ` [PATCH RFC 23/29] xfs: add fs-verity ioctls Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 24/29] xfs: advertise fs-verity being available on filesystem Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 25/29] xfs: check and repair the verity inode flag state Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 26/29] xfs: fix scrub trace with null pointer in quotacheck Andrey Albershteyn
2025-07-29 15:28 ` Darrick J. Wong
2025-07-31 14:54 ` Andrey Albershteyn
2025-07-31 16:03 ` Carlos Maiolino
2025-07-28 20:30 ` [PATCH RFC 27/29] xfs: report verity failures through the health system Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 28/29] xfs: add fsverity traces Andrey Albershteyn
2025-07-29 23:06 ` Darrick J. Wong
2025-07-28 20:30 ` [PATCH RFC 29/29] xfs: enable ro-compat fs-verity flag Andrey Albershteyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250728-fsverity-v1-6-9e5443af0e34@kernel.org \
--to=aalbersh@redhat.com \
--cc=david@fromorbit.com \
--cc=djwong@kernel.org \
--cc=ebiggers@kernel.org \
--cc=fsverity@lists.linux.dev \
--cc=hch@lst.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).