From: "Darrick J. Wong" <djwong@kernel.org>
To: Andrey Albershteyn <aalbersh@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>,
Andrey Albershteyn <aalbersh@kernel.org>,
linux-xfs@vger.kernel.org, fsverity@lists.linux.dev,
linux-fsdevel@vger.kernel.org, ebiggers@kernel.org
Subject: Re: [PATCH v3 28/35] xfs: add fs-verity support
Date: Thu, 19 Feb 2026 09:29:17 -0800 [thread overview]
Message-ID: <20260219172917.GK6490@frogsfrogsfrogs> (raw)
In-Reply-To: <5ueyigipyfwqvysmx6ejqxpclu3oiy7wwpftnfsnyanu7z2abq@dnceynnumjh3>
On Thu, Feb 19, 2026 at 03:38:57PM +0100, Andrey Albershteyn wrote:
> On 2026-02-19 14:41:01, Christoph Hellwig wrote:
> > On Thu, Feb 19, 2026 at 10:51:14AM +0100, Andrey Albershteyn wrote:
> > > > > fs block size < PAGE_SIZE when these tree holes are in one folio
> > > > > with descriptor. Iomap can not fill them without getting descriptor
> > > > > first.
> > > >
> > > > Should we just simply not create tree holes for that case? Anything
> > > > involving page cache validation is a pain, so if we have an easy
> > > > enough way to avoid it I'd rather do that.
> > >
> > > I don't think we can. Any hole at the tree tail which gets into the
> > > same folio with descriptor need to be skipped. If we write out
> > > hashes instead of the holes for the 4k page then other holes at
> > > lower offsets of the tree still can have holes on bigger page
> > > system.
> >
> > Ok.
> >
> > > Adding a bit of space between tree tail and descriptor would
> > > probably work but that's also dependent on the page size.
> >
> > Well, I guess then the only thing we can do is writes very detailed
> > comments explaining all this.
> >
>
> I have a comment right above this function:
>
> +/*
> + * In cases when merkle tree block (1k) == fs block size (1k) and less than
> + * PAGE_SIZE (4k) we can get the following layout in the file:
> + *
> + * [ merkle block | 1k hole | 1k hole | fsverity descriptor]
> + *
> + * These holes are merkle tree blocks which are filled by iomap with hashes of
> + * zeroed data blocks.
> + *
> + * Anything in fsverity starts with reading a descriptor. When iomap reads this
> + * page for the descriptor it doesn't know how to synthesize those merkle tree
> + * blocks. So, those are left with random data and marked uptodate.
> + *
> + * After we're done with reading the descriptor we invalidate the page
> + * containing descriptor. As a descriptor for this inode is already searchable
> + * in the hashtable, iomap can synthesize these blocks when requested again.
> + */
> +static int
> +xfs_fsverity_drop_descriptor_page(
> + struct inode *inode,
> + u64 offset)
>
> I will rephrase the first sentence to make it clear that this could
> happen for larger page sizes too.
I wonder if you could rearrange the layout to put the fsverity
descriptor first and start the merkle tree at the next
fsverity-blocksize-aligned offset past the descriptor? Then you
wouldn't have to care with a sparse tail.
OTOH it's been so long since I fiddled with fsverity that I don't
remember if there's a Much Better Reason not to do that. <shrug>
--D
> --
> - Andrey
>
>
next prev parent reply other threads:[~2026-02-19 17:29 UTC|newest]
Thread overview: 94+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-17 23:19 [PATCH v3 00/35] fs-verity support for XFS with post EOF merkle tree Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 01/35] fsverity: report validation errors back to the filesystem Andrey Albershteyn
2026-02-18 21:40 ` Darrick J. Wong
2026-02-17 23:19 ` [PATCH v3 02/35] fsverity: expose ensure_fsverity_info() Andrey Albershteyn
2026-02-18 21:41 ` Darrick J. Wong
2026-02-17 23:19 ` [PATCH v3 03/35] fsverity: add consolidated pagecache offset for metadata Andrey Albershteyn
2026-02-18 6:17 ` Christoph Hellwig
2026-02-18 21:57 ` Darrick J. Wong
2026-02-19 13:09 ` Andrey Albershteyn
2026-02-19 17:16 ` Darrick J. Wong
2026-02-17 23:19 ` [PATCH v3 04/35] fsverity: generate and store zero-block hash Andrey Albershteyn
2026-02-18 22:04 ` Darrick J. Wong
2026-02-19 13:00 ` Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 05/35] fsverity: introduce fsverity_folio_zero_hash() Andrey Albershteyn
2026-02-18 22:53 ` Darrick J. Wong
2026-02-19 12:45 ` Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 06/35] fsverity: pass digest size and hash of the empty block to ->write Andrey Albershteyn
2026-02-18 6:18 ` Christoph Hellwig
2026-02-18 12:17 ` Andrey Albershteyn
2026-02-19 5:58 ` Christoph Hellwig
2026-02-19 6:30 ` Eric Biggers
2026-02-23 13:23 ` Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 07/35] iomap: introduce IOMAP_F_FSVERITY Andrey Albershteyn
2026-02-18 23:03 ` Darrick J. Wong
2026-02-19 6:00 ` Christoph Hellwig
2026-02-19 6:04 ` Darrick J. Wong
2026-02-17 23:19 ` [PATCH v3 08/35] iomap: don't limit fsverity metadata by EOF in writeback Andrey Albershteyn
2026-02-18 23:05 ` Darrick J. Wong
2026-02-19 12:27 ` Andrey Albershteyn
2026-02-20 16:42 ` Matthew Wilcox
2026-02-20 16:44 ` Christoph Hellwig
2026-02-17 23:19 ` [PATCH v3 09/35] iomap: obtain fsverity info for read path Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 10/35] iomap: issue readahead for fsverity merkle tree Andrey Albershteyn
2026-02-18 23:06 ` Darrick J. Wong
2026-02-17 23:19 ` [PATCH v3 11/35] iomap: allow filesystem to read fsverity metadata beyound EOF Andrey Albershteyn
2026-02-18 6:36 ` Christoph Hellwig
2026-02-18 9:41 ` Andrey Albershteyn
2026-02-19 6:04 ` Christoph Hellwig
2026-02-19 11:11 ` Andrey Albershteyn
2026-02-19 13:38 ` Christoph Hellwig
2026-02-19 14:23 ` Andrey Albershteyn
2026-02-20 15:31 ` Christoph Hellwig
2026-02-23 15:10 ` Andrey Albershteyn
2026-02-24 14:42 ` Christoph Hellwig
2026-02-17 23:19 ` [PATCH v3 12/35] iomap: let fsverity verify holes Andrey Albershteyn
2026-02-18 23:09 ` Darrick J. Wong
2026-02-17 23:19 ` [PATCH v3 13/35] xfs: use folio host instead of file struct Andrey Albershteyn
2026-02-18 6:32 ` Christoph Hellwig
2026-02-18 9:42 ` Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 14/35] xfs: add fs-verity ro-compat flag Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 15/35] xfs: add inode on-disk VERITY flag Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 16/35] xfs: initialize fs-verity on file open Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 17/35] xfs: don't allow to enable DAX on fs-verity sealed inode Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 18/35] xfs: disable direct read path for fs-verity files Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 19/35] xfs: introduce XFS_FSVERITY_CONSTRUCTION inode flag Andrey Albershteyn
2026-02-18 23:10 ` Darrick J. Wong
2026-02-17 23:19 ` [PATCH v3 20/35] xfs: introduce XFS_FSVERITY_REGION_START constant Andrey Albershteyn
2026-02-18 6:33 ` Christoph Hellwig
2026-02-18 23:11 ` Darrick J. Wong
2026-02-17 23:19 ` [PATCH v3 21/35] xfs: disable preallocations for fsverity Merkle tree writes Andrey Albershteyn
2026-02-18 23:12 ` Darrick J. Wong
2026-02-17 23:19 ` [PATCH v3 22/35] xfs: add iomap write/writeback and reading of Merkle tree pages Andrey Albershteyn
2026-02-18 6:35 ` Christoph Hellwig
2026-02-18 10:18 ` Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 23/35] xfs: add helper to check that inode data need fsverity verification Andrey Albershteyn
2026-02-18 6:38 ` Christoph Hellwig
2026-02-18 9:46 ` Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 24/35] xfs: use read ioend for fsverity data verification Andrey Albershteyn
2026-02-18 6:39 ` Christoph Hellwig
2026-02-17 23:19 ` [PATCH v3 25/35] xfs: add helpers to convert between pagecache and on-disk offset Andrey Albershteyn
2026-02-18 23:20 ` Darrick J. Wong
2026-02-17 23:19 ` [PATCH v3 26/35] xfs: add a helper to decide if bmbt record needs offset conversion Andrey Albershteyn
2026-02-19 17:41 ` Darrick J. Wong
2026-02-17 23:19 ` [PATCH v3 27/35] xfs: use different on-disk and pagecache offset for fsverity Andrey Albershteyn
2026-02-19 19:30 ` Darrick J. Wong
2026-02-17 23:19 ` [PATCH v3 28/35] xfs: add fs-verity support Andrey Albershteyn
2026-02-18 6:44 ` Christoph Hellwig
2026-02-18 9:57 ` Andrey Albershteyn
2026-02-19 6:11 ` Christoph Hellwig
2026-02-19 9:51 ` Andrey Albershteyn
2026-02-19 13:41 ` Christoph Hellwig
2026-02-19 14:38 ` Andrey Albershteyn
2026-02-19 17:29 ` Darrick J. Wong [this message]
2026-02-17 23:19 ` [PATCH v3 29/35] xfs: add fs-verity ioctls Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 30/35] xfs: advertise fs-verity being available on filesystem Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 31/35] xfs: check and repair the verity inode flag state Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 32/35] xfs: report verity failures through the health system Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 33/35] xfs: introduce health state for corrupted fsverity metadata Andrey Albershteyn
2026-02-19 17:34 ` Darrick J. Wong
2026-02-23 18:19 ` Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 34/35] xfs: add fsverity traces Andrey Albershteyn
2026-02-19 17:36 ` Darrick J. Wong
2026-02-23 18:12 ` Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 35/35] xfs: enable ro-compat fs-verity flag Andrey Albershteyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260219172917.GK6490@frogsfrogsfrogs \
--to=djwong@kernel.org \
--cc=aalbersh@kernel.org \
--cc=aalbersh@redhat.com \
--cc=ebiggers@kernel.org \
--cc=fsverity@lists.linux.dev \
--cc=hch@lst.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox