From: "Darrick J. Wong" <djwong@kernel.org>
To: Andrey Albershteyn <aalbersh@kernel.org>
Cc: linux-xfs@vger.kernel.org, fsverity@lists.linux.dev,
linux-fsdevel@vger.kernel.org, ebiggers@kernel.org, hch@lst.de,
linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-btrfs@vger.kernel.org
Subject: Re: [PATCH v4 12/25] xfs: introduce fsverity on-disk changes
Date: Mon, 9 Mar 2026 18:05:52 -0700 [thread overview]
Message-ID: <20260310010552.GC1105363@frogsfrogsfrogs> (raw)
In-Reply-To: <20260309192355.176980-13-aalbersh@kernel.org>
On Mon, Mar 09, 2026 at 08:23:27PM +0100, Andrey Albershteyn wrote:
> Introduce XFS_DIFLAG2_VERITY for inodes with fsverity. This flag
> indicates that inode has fs-verity enabled (i.e. descriptor exist,
> tree is built and file is read-only).
>
> Introduce XFS_SB_FEAT_RO_COMPAT_VERITY for filesystems having
> fsverity inodes. As on-disk changes applies to fsverity inodes only, let
> older kernels read-only access. This will be enabled in the further
> patch after full fsverity support.
>
> Signed-off-by: Andrey Albershteyn <aalbersh@kernel.org>
> ---
> fs/xfs/libxfs/xfs_format.h | 8 +++++++-
> fs/xfs/libxfs/xfs_inode_buf.c | 8 ++++++++
> fs/xfs/libxfs/xfs_inode_util.c | 2 ++
> fs/xfs/libxfs/xfs_sb.c | 2 ++
> fs/xfs/xfs_iops.c | 2 ++
> fs/xfs/xfs_mount.h | 2 ++
> 6 files changed, 23 insertions(+), 1 deletion(-)
>
> diff --git a/fs/xfs/libxfs/xfs_format.h b/fs/xfs/libxfs/xfs_format.h
> index 779dac59b1f3..d67b404964fc 100644
> --- a/fs/xfs/libxfs/xfs_format.h
> +++ b/fs/xfs/libxfs/xfs_format.h
> @@ -374,6 +374,7 @@ xfs_sb_has_compat_feature(
> #define XFS_SB_FEAT_RO_COMPAT_RMAPBT (1 << 1) /* reverse map btree */
> #define XFS_SB_FEAT_RO_COMPAT_REFLINK (1 << 2) /* reflinked files */
> #define XFS_SB_FEAT_RO_COMPAT_INOBTCNT (1 << 3) /* inobt block counts */
> +#define XFS_SB_FEAT_RO_COMPAT_VERITY (1 << 4) /* fs-verity */
> #define XFS_SB_FEAT_RO_COMPAT_ALL \
> (XFS_SB_FEAT_RO_COMPAT_FINOBT | \
> XFS_SB_FEAT_RO_COMPAT_RMAPBT | \
> @@ -1230,16 +1231,21 @@ static inline void xfs_dinode_put_rdev(struct xfs_dinode *dip, xfs_dev_t rdev)
> */
> #define XFS_DIFLAG2_METADATA_BIT 5
>
> +/* inodes sealed with fs-verity */
> +#define XFS_DIFLAG2_VERITY_BIT 6
> +
> #define XFS_DIFLAG2_DAX (1ULL << XFS_DIFLAG2_DAX_BIT)
> #define XFS_DIFLAG2_REFLINK (1ULL << XFS_DIFLAG2_REFLINK_BIT)
> #define XFS_DIFLAG2_COWEXTSIZE (1ULL << XFS_DIFLAG2_COWEXTSIZE_BIT)
> #define XFS_DIFLAG2_BIGTIME (1ULL << XFS_DIFLAG2_BIGTIME_BIT)
> #define XFS_DIFLAG2_NREXT64 (1ULL << XFS_DIFLAG2_NREXT64_BIT)
> #define XFS_DIFLAG2_METADATA (1ULL << XFS_DIFLAG2_METADATA_BIT)
> +#define XFS_DIFLAG2_VERITY (1ULL << XFS_DIFLAG2_VERITY_BIT)
>
> #define XFS_DIFLAG2_ANY \
> (XFS_DIFLAG2_DAX | XFS_DIFLAG2_REFLINK | XFS_DIFLAG2_COWEXTSIZE | \
> - XFS_DIFLAG2_BIGTIME | XFS_DIFLAG2_NREXT64 | XFS_DIFLAG2_METADATA)
> + XFS_DIFLAG2_BIGTIME | XFS_DIFLAG2_NREXT64 | XFS_DIFLAG2_METADATA | \
> + XFS_DIFLAG2_VERITY)
>
> static inline bool xfs_dinode_has_bigtime(const struct xfs_dinode *dip)
> {
> diff --git a/fs/xfs/libxfs/xfs_inode_buf.c b/fs/xfs/libxfs/xfs_inode_buf.c
> index a017016e9075..c5822d938d81 100644
> --- a/fs/xfs/libxfs/xfs_inode_buf.c
> +++ b/fs/xfs/libxfs/xfs_inode_buf.c
> @@ -756,6 +756,14 @@ xfs_dinode_verify(
> !xfs_has_rtreflink(mp))
> return __this_address;
>
> + /* only regular files can have fsverity */
> + if (flags2 & XFS_DIFLAG2_VERITY) {
> + if (!xfs_has_verity(mp))
> + return __this_address;
> + if ((mode & S_IFMT) != S_IFREG)
Nit: This can be S_ISREG(mode)
With that tidied up,
Reviewed-by: "Darrick J. Wong" <djwong@kernel.org>
--D
> + return __this_address;
> + }
> +
> if (xfs_has_zoned(mp) &&
> dip->di_metatype == cpu_to_be16(XFS_METAFILE_RTRMAP)) {
> if (be32_to_cpu(dip->di_used_blocks) > mp->m_sb.sb_rgextents)
> diff --git a/fs/xfs/libxfs/xfs_inode_util.c b/fs/xfs/libxfs/xfs_inode_util.c
> index 551fa51befb6..6b1e20a4bb9b 100644
> --- a/fs/xfs/libxfs/xfs_inode_util.c
> +++ b/fs/xfs/libxfs/xfs_inode_util.c
> @@ -126,6 +126,8 @@ xfs_ip2xflags(
> flags |= FS_XFLAG_DAX;
> if (ip->i_diflags2 & XFS_DIFLAG2_COWEXTSIZE)
> flags |= FS_XFLAG_COWEXTSIZE;
> + if (ip->i_diflags2 & XFS_DIFLAG2_VERITY)
> + flags |= FS_XFLAG_VERITY;
> }
>
> if (xfs_inode_has_attr_fork(ip))
> diff --git a/fs/xfs/libxfs/xfs_sb.c b/fs/xfs/libxfs/xfs_sb.c
> index 38d16fe1f6d8..4401a5f16344 100644
> --- a/fs/xfs/libxfs/xfs_sb.c
> +++ b/fs/xfs/libxfs/xfs_sb.c
> @@ -165,6 +165,8 @@ xfs_sb_version_to_features(
> features |= XFS_FEAT_REFLINK;
> if (sbp->sb_features_ro_compat & XFS_SB_FEAT_RO_COMPAT_INOBTCNT)
> features |= XFS_FEAT_INOBTCNT;
> + if (sbp->sb_features_ro_compat & XFS_SB_FEAT_RO_COMPAT_VERITY)
> + features |= XFS_FEAT_VERITY;
> if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_FTYPE)
> features |= XFS_FEAT_FTYPE;
> if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_SPINODES)
> diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c
> index 208543e57eda..ca369eb96561 100644
> --- a/fs/xfs/xfs_iops.c
> +++ b/fs/xfs/xfs_iops.c
> @@ -1415,6 +1415,8 @@ xfs_diflags_to_iflags(
> flags |= S_NOATIME;
> if (init && xfs_inode_should_enable_dax(ip))
> flags |= S_DAX;
> + if (xflags & FS_XFLAG_VERITY)
> + flags |= S_VERITY;
>
> /*
> * S_DAX can only be set during inode initialization and is never set by
> diff --git a/fs/xfs/xfs_mount.h b/fs/xfs/xfs_mount.h
> index 61c71128d171..c746bc90cf3e 100644
> --- a/fs/xfs/xfs_mount.h
> +++ b/fs/xfs/xfs_mount.h
> @@ -385,6 +385,7 @@ typedef struct xfs_mount {
> #define XFS_FEAT_EXCHANGE_RANGE (1ULL << 27) /* exchange range */
> #define XFS_FEAT_METADIR (1ULL << 28) /* metadata directory tree */
> #define XFS_FEAT_ZONED (1ULL << 29) /* zoned RT device */
> +#define XFS_FEAT_VERITY (1ULL << 30) /* fs-verity */
>
> /* Mount features */
> #define XFS_FEAT_NOLIFETIME (1ULL << 47) /* disable lifetime hints */
> @@ -442,6 +443,7 @@ __XFS_HAS_FEAT(exchange_range, EXCHANGE_RANGE)
> __XFS_HAS_FEAT(metadir, METADIR)
> __XFS_HAS_FEAT(zoned, ZONED)
> __XFS_HAS_FEAT(nolifetime, NOLIFETIME)
> +__XFS_HAS_FEAT(verity, VERITY)
>
> static inline bool xfs_has_rtgroups(const struct xfs_mount *mp)
> {
> --
> 2.51.2
>
>
next prev parent reply other threads:[~2026-03-10 1:05 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-09 19:23 [PATCH v4 00/25] fs-verity support for XFS with post EOF merkle tree Andrey Albershteyn
2026-03-09 19:23 ` [PATCH v4 01/25] fsverity: report validation errors through fserror to fsnotify Andrey Albershteyn
2026-03-10 0:46 ` Darrick J. Wong
2026-03-11 11:47 ` Andrey Albershteyn
2026-03-09 19:23 ` [PATCH v4 02/25] fsverity: expose ensure_fsverity_info() Andrey Albershteyn
2026-03-09 19:23 ` [PATCH v4 03/25] fsverity: generate and store zero-block hash Andrey Albershteyn
2026-03-09 19:23 ` [PATCH v4 04/25] fsverity: introduce fsverity_folio_zero_hash() Andrey Albershteyn
2026-03-10 0:47 ` Darrick J. Wong
2026-03-09 19:23 ` [PATCH v4 05/25] fsverity: pass digest size and hash of the empty block to ->write Andrey Albershteyn
2026-03-10 0:49 ` Darrick J. Wong
2026-03-09 19:23 ` [PATCH v4 06/25] fsverity: hoist pagecache_read from f2fs/ext4 to fsverity Andrey Albershteyn
2026-03-10 0:49 ` Darrick J. Wong
2026-03-09 19:23 ` [PATCH v4 07/25] iomap: introduce IOMAP_F_FSVERITY and teach writeback to handle fsverity Andrey Albershteyn
2026-03-10 0:54 ` Darrick J. Wong
2026-03-10 8:44 ` Christoph Hellwig
2026-03-09 19:23 ` [PATCH v4 08/25] iomap: obtain fsverity info for read path Andrey Albershteyn
2026-03-10 0:57 ` Darrick J. Wong
2026-03-10 8:44 ` Christoph Hellwig
2026-03-09 19:23 ` [PATCH v4 09/25] iomap: issue readahead for fsverity merkle tree Andrey Albershteyn
2026-03-10 0:57 ` Darrick J. Wong
2026-03-10 8:45 ` Christoph Hellwig
2026-03-09 19:23 ` [PATCH v4 10/25] iomap: teach iomap to handle fsverity holes and verify data holes Andrey Albershteyn
2026-03-10 1:05 ` Darrick J. Wong
2026-03-10 14:42 ` Andrey Albershteyn
2026-03-10 9:14 ` Christoph Hellwig
2026-03-09 19:23 ` [PATCH v4 11/25] iomap: introduce iomap_fsverity_write() for writing fsverity metadata Andrey Albershteyn
2026-03-10 1:02 ` Darrick J. Wong
2026-03-09 19:23 ` [PATCH v4 12/25] xfs: introduce fsverity on-disk changes Andrey Albershteyn
2026-03-10 1:05 ` Darrick J. Wong [this message]
2026-03-09 19:23 ` [PATCH v4 13/25] xfs: initialize fs-verity on file open Andrey Albershteyn
2026-03-09 19:23 ` [PATCH v4 14/25] xfs: don't allow to enable DAX on fs-verity sealed inode Andrey Albershteyn
2026-03-09 19:23 ` [PATCH v4 15/25] xfs: disable direct read path for fs-verity files Andrey Albershteyn
2026-03-09 19:23 ` [PATCH v4 16/25] xfs: handle fsverity I/O in write/read path Andrey Albershteyn
2026-03-10 1:17 ` Darrick J. Wong
2026-03-09 19:23 ` [PATCH v4 17/25] xfs: use read ioend for fsverity data verification Andrey Albershteyn
2026-03-10 1:21 ` Darrick J. Wong
2026-03-11 11:40 ` Andrey Albershteyn
2026-03-10 9:11 ` Christoph Hellwig
2026-03-09 19:23 ` [PATCH v4 18/25] xfs: add fs-verity support Andrey Albershteyn
2026-03-10 1:26 ` Darrick J. Wong
2026-03-10 15:26 ` Andrey Albershteyn
2026-03-09 19:23 ` [PATCH v4 19/25] xfs: remove unwritten extents after preallocations in fsverity metadata Andrey Albershteyn
2026-03-10 1:29 ` Darrick J. Wong
2026-03-12 13:50 ` Andrey Albershteyn
2026-03-12 14:52 ` Darrick J. Wong
2026-03-13 11:17 ` Andrey Albershteyn
2026-03-13 14:55 ` Darrick J. Wong
2026-03-09 19:23 ` [PATCH v4 20/25] xfs: add fs-verity ioctls Andrey Albershteyn
2026-03-09 19:23 ` [PATCH v4 21/25] xfs: advertise fs-verity being available on filesystem Andrey Albershteyn
2026-03-09 19:23 ` [PATCH v4 22/25] xfs: check and repair the verity inode flag state Andrey Albershteyn
2026-03-09 19:23 ` [PATCH v4 23/25] xfs: introduce health state for corrupted fsverity metadata Andrey Albershteyn
2026-03-09 19:23 ` [PATCH v4 24/25] xfs: add fsverity traces Andrey Albershteyn
2026-03-09 19:23 ` [PATCH v4 25/25] xfs: enable ro-compat fs-verity flag Andrey Albershteyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260310010552.GC1105363@frogsfrogsfrogs \
--to=djwong@kernel.org \
--cc=aalbersh@kernel.org \
--cc=ebiggers@kernel.org \
--cc=fsverity@lists.linux.dev \
--cc=hch@lst.de \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox