From: "Darrick J. Wong" <djwong@kernel.org>
To: Andrey Albershteyn <aalbersh@kernel.org>
Cc: linux-xfs@vger.kernel.org, fsverity@lists.linux.dev,
linux-fsdevel@vger.kernel.org, ebiggers@kernel.org, hch@lst.de,
linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-btrfs@vger.kernel.org
Subject: Re: [PATCH v5 10/25] iomap: teach iomap to handle fsverity holes and verify data holes
Date: Wed, 25 Mar 2026 09:29:43 -0700 [thread overview]
Message-ID: <20260325162943.GW6223@frogsfrogsfrogs> (raw)
In-Reply-To: <20260319170231.1455553-11-aalbersh@kernel.org>
On Thu, Mar 19, 2026 at 06:01:57PM +0100, Andrey Albershteyn wrote:
> fsverity metadata has two kinds of holes - ones in merkle tree and one
> after fsverity descriptor.
>
> Merkle tree holes are blocks full of hashes of zeroed data blocks. These
> are not stored on the disk but synthesized on the fly. This saves a bit
> of space for sparse files. Due to this iomap also need to lookup
> fsverity_info for folios with fsverity metadata. ->vi has a hash of the
> zeroed data block which will be used to fill the merkle tree block. This
> patch extends lookup of fsverity_info from just for file data but also
> for all fsverity metadata.
>
> The hole past descriptor is interpreted as end of metadata region. As we
> don't have EOF here we use this hole as an indication that rest of the
> folio is empty. This patch marks rest of the folio beyond fsverity
> descriptor as uptodate.
>
> For file data, fsverity needs to verify consistency of the whole file
> against the root hash, hashes of holes are included in the merkle tree.
> Verify them too.
>
> Signed-off-by: Andrey Albershteyn <aalbersh@kernel.org>
> ---
> fs/iomap/buffered-io.c | 40 ++++++++++++++++++++++++++++++++--------
> 1 file changed, 32 insertions(+), 8 deletions(-)
>
> diff --git a/fs/iomap/buffered-io.c b/fs/iomap/buffered-io.c
> index a11e54975df8..fce748dfb2cf 100644
> --- a/fs/iomap/buffered-io.c
> +++ b/fs/iomap/buffered-io.c
> @@ -551,9 +551,27 @@ static int iomap_read_folio_iter(struct iomap_iter *iter,
> if (plen == 0)
> return 0;
>
> - /* zero post-eof blocks as the page may be mapped */
> - if (iomap_block_needs_zeroing(iter, pos)) {
> + /*
> + * Handling of fsverity "holes". We hit this for two case:
> + * 1. No need to go further, the hole after fsverity
> + * descriptor is the end of the fsverity metadata.
> + *
> + * 2. This folio contains merkle tree blocks which need to be
> + * synthesized. If we already have fsverity info (ctx->vi)
> + * synthesize these blocks.
> + */
> + if ((iomap->flags & IOMAP_F_FSVERITY) &&
> + iomap->type == IOMAP_HOLE) {
> + if (ctx->vi)
> + fsverity_folio_zero_hash(folio, poff, plen,
> + ctx->vi);
Let me nitpick one more time... should this ^^ function be named
fsverify_fill_zerohash, since it fills the folio with a repeating
pattern of the hash of a zeroed block?
(I'm nitpicking because zero is a noun and a verb)
Otherwise the logic looks fine to me, and like hch says this probably
ought to be rolled into patch 8.
--D
> + iomap_set_range_uptodate(folio, poff, plen);
> + } else if (iomap_block_needs_zeroing(iter, pos)) {
> + /* zero post-eof blocks as the page may be mapped */
> folio_zero_range(folio, poff, plen);
> + if (ctx->vi &&
> + !fsverity_verify_blocks(ctx->vi, folio, plen, poff))
> + return -EIO;
> iomap_set_range_uptodate(folio, poff, plen);
> } else {
> if (!*bytes_submitted)
> @@ -600,9 +618,12 @@ void iomap_read_folio(const struct iomap_ops *ops,
>
> trace_iomap_readpage(iter.inode, 1);
>
> - if (iter.pos < i_size_read(iter.inode))
> - ctx->vi = fsverity_get_info(iter.inode);
> - if (ctx->vi)
> + /*
> + * Fetch fsverity_info for both data and fsverity metadata, as iomap
> + * needs zeroed hash for merkle tree block synthesis
> + */
> + ctx->vi = fsverity_get_info(iter.inode);
> + if (ctx->vi && iter.pos < i_size_read(iter.inode))
> fsverity_readahead(ctx->vi, folio->index,
> folio_nr_pages(folio));
>
> @@ -673,9 +694,12 @@ void iomap_readahead(const struct iomap_ops *ops,
>
> trace_iomap_readahead(rac->mapping->host, readahead_count(rac));
>
> - if (iter.pos < i_size_read(iter.inode))
> - ctx->vi = fsverity_get_info(iter.inode);
> - if (ctx->vi)
> + /*
> + * Fetch fsverity_info for both data and fsverity metadata, as iomap
> + * needs zeroed hash for merkle tree block synthesis
> + */
> + ctx->vi = fsverity_get_info(iter.inode);
> + if (ctx->vi && iter.pos < i_size_read(iter.inode))
> fsverity_readahead(ctx->vi, readahead_index(rac),
> readahead_count(rac));
>
> --
> 2.51.2
>
>
next prev parent reply other threads:[~2026-03-25 16:29 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-19 17:01 [PATCH v5 00/25] fs-verity support for XFS with post EOF merkle tree Andrey Albershteyn
2026-03-19 17:01 ` [PATCH v5 01/25] fsverity: report validation errors through fserror to fsnotify Andrey Albershteyn
2026-03-19 17:15 ` Darrick J. Wong
2026-03-25 7:54 ` Christoph Hellwig
2026-03-25 11:41 ` Andrey Albershteyn
2026-03-25 16:02 ` Darrick J. Wong
2026-03-26 6:20 ` Christoph Hellwig
2026-03-19 17:01 ` [PATCH v5 02/25] fsverity: expose ensure_fsverity_info() Andrey Albershteyn
2026-03-25 7:56 ` Christoph Hellwig
2026-03-19 17:01 ` [PATCH v5 03/25] fsverity: generate and store zero-block hash Andrey Albershteyn
2026-03-25 7:57 ` Christoph Hellwig
2026-03-25 12:03 ` Andrey Albershteyn
2026-03-25 16:07 ` Darrick J. Wong
2026-03-19 17:01 ` [PATCH v5 04/25] fsverity: introduce fsverity_folio_zero_hash() Andrey Albershteyn
2026-03-25 7:57 ` Christoph Hellwig
2026-03-19 17:01 ` [PATCH v5 05/25] fsverity: pass digest size and hash of the empty block to ->write Andrey Albershteyn
2026-03-19 17:01 ` [PATCH v5 06/25] fsverity: hoist pagecache_read from f2fs/ext4 to fsverity Andrey Albershteyn
2026-03-25 7:58 ` Christoph Hellwig
2026-03-19 17:01 ` [PATCH v5 07/25] iomap: introduce IOMAP_F_FSVERITY and teach writeback to handle fsverity Andrey Albershteyn
2026-03-25 8:00 ` Christoph Hellwig
2026-03-25 12:38 ` Andrey Albershteyn
2026-03-25 16:26 ` Darrick J. Wong
2026-03-19 17:01 ` [PATCH v5 08/25] iomap: obtain fsverity info for read path Andrey Albershteyn
2026-03-19 17:01 ` [PATCH v5 09/25] iomap: issue readahead for fsverity merkle tree Andrey Albershteyn
2026-03-25 8:04 ` Christoph Hellwig
2026-03-25 12:08 ` Andrey Albershteyn
2026-03-19 17:01 ` [PATCH v5 10/25] iomap: teach iomap to handle fsverity holes and verify data holes Andrey Albershteyn
2026-03-25 16:29 ` Darrick J. Wong [this message]
2026-03-19 17:01 ` [PATCH v5 11/25] iomap: introduce iomap_fsverity_write() for writing fsverity metadata Andrey Albershteyn
2026-03-25 8:05 ` Christoph Hellwig
2026-03-19 17:01 ` [PATCH v5 12/25] xfs: introduce fsverity on-disk changes Andrey Albershteyn
2026-03-25 8:05 ` Christoph Hellwig
2026-03-19 17:02 ` [PATCH v5 13/25] xfs: initialize fs-verity on file open Andrey Albershteyn
2026-03-25 8:06 ` Christoph Hellwig
2026-03-19 17:02 ` [PATCH v5 14/25] xfs: don't allow to enable DAX on fs-verity sealed inode Andrey Albershteyn
2026-03-25 8:06 ` Christoph Hellwig
2026-03-19 17:02 ` [PATCH v5 15/25] xfs: disable direct read path for fs-verity files Andrey Albershteyn
2026-03-25 8:06 ` Christoph Hellwig
2026-03-19 17:02 ` [PATCH v5 16/25] xfs: handle fsverity I/O in write/read path Andrey Albershteyn
2026-03-25 8:07 ` Christoph Hellwig
2026-03-19 17:02 ` [PATCH v5 17/25] xfs: use read ioend for fsverity data verification Andrey Albershteyn
2026-03-25 8:07 ` Christoph Hellwig
2026-03-19 17:02 ` [PATCH v5 18/25] xfs: add fs-verity support Andrey Albershteyn
2026-03-25 8:08 ` Christoph Hellwig
2026-03-19 17:02 ` [PATCH v5 19/25] xfs: remove unwritten extents after preallocations in fsverity metadata Andrey Albershteyn
2026-03-25 8:09 ` Christoph Hellwig
2026-03-19 17:02 ` [PATCH v5 20/25] xfs: add fs-verity ioctls Andrey Albershteyn
2026-03-25 8:09 ` Christoph Hellwig
2026-03-19 17:02 ` [PATCH v5 21/25] xfs: advertise fs-verity being available on filesystem Andrey Albershteyn
2026-03-25 8:10 ` Christoph Hellwig
2026-03-19 17:02 ` [PATCH v5 22/25] xfs: check and repair the verity inode flag state Andrey Albershteyn
2026-03-25 8:10 ` Christoph Hellwig
2026-03-19 17:02 ` [PATCH v5 23/25] xfs: introduce health state for corrupted fsverity metadata Andrey Albershteyn
2026-03-25 8:10 ` Christoph Hellwig
2026-03-19 17:02 ` [PATCH v5 24/25] xfs: add fsverity traces Andrey Albershteyn
2026-03-19 17:02 ` [PATCH v5 25/25] xfs: enable ro-compat fs-verity flag Andrey Albershteyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260325162943.GW6223@frogsfrogsfrogs \
--to=djwong@kernel.org \
--cc=aalbersh@kernel.org \
--cc=ebiggers@kernel.org \
--cc=fsverity@lists.linux.dev \
--cc=hch@lst.de \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox