From: Andrey Albershteyn <aalbersh@kernel.org>
To: linux-xfs@vger.kernel.org, fsverity@lists.linux.dev,
linux-fsdevel@vger.kernel.org, ebiggers@kernel.org
Cc: Andrey Albershteyn <aalbersh@kernel.org>,
hch@lst.de, linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-btrfs@vger.kernel.org, djwong@kernel.org
Subject: [PATCH v6 07/22] iomap: teach iomap to read files with fsverity
Date: Tue, 31 Mar 2026 23:28:08 +0200 [thread overview]
Message-ID: <20260331212827.2631020-8-aalbersh@kernel.org> (raw)
In-Reply-To: <20260331212827.2631020-1-aalbersh@kernel.org>
Obtain fsverity info for folios with file data and fsverity metadata.
Filesystem can pass vi down to ioend and then to fsverity for
verification. This is different from other filesystems ext4, f2fs, btrfs
supporting fsverity, these filesystems don't need fsverity_info for
reading fsverity metadata. While reading merkle tree iomap requires
fsverity info to synthesize hashes for zeroed data block.
fsverity metadata has two kinds of holes - ones in merkle tree and one
after fsverity descriptor.
Merkle tree holes are blocks full of hashes of zeroed data blocks. These
are not stored on the disk but synthesized on the fly. This saves a bit
of space for sparse files. Due to this iomap also need to lookup
fsverity_info for folios with fsverity metadata. ->vi has a hash of the
zeroed data block which will be used to fill the merkle tree block.
The hole past descriptor is interpreted as end of metadata region. As we
don't have EOF here we use this hole as an indication that rest of the
folio is empty. This patch marks rest of the folio beyond fsverity
descriptor as uptodate.
For file data, fsverity needs to verify consistency of the whole file
against the root hash, hashes of holes are included in the merkle tree.
Verify them too.
Issue reading of fsverity merkle tree on the fsverity inodes. This way
metadata will be available at I/O completion time.
Signed-off-by: Andrey Albershteyn <aalbersh@kernel.org>
---
fs/iomap/buffered-io.c | 41 +++++++++++++++++++++++++++++++++++++++--
include/linux/iomap.h | 2 ++
2 files changed, 41 insertions(+), 2 deletions(-)
diff --git a/fs/iomap/buffered-io.c b/fs/iomap/buffered-io.c
index a80fcb598cc8..7ac319618f8e 100644
--- a/fs/iomap/buffered-io.c
+++ b/fs/iomap/buffered-io.c
@@ -9,6 +9,7 @@
#include <linux/swap.h>
#include <linux/migrate.h>
#include <linux/fserror.h>
+#include <linux/fsverity.h>
#include "internal.h"
#include "trace.h"
@@ -561,9 +562,27 @@ static int iomap_read_folio_iter(struct iomap_iter *iter,
if (plen == 0)
return 0;
- /* zero post-eof blocks as the page may be mapped */
- if (iomap_block_needs_zeroing(iter, pos)) {
+ /*
+ * Handling of fsverity "holes". We hit this for two case:
+ * 1. No need to go further, the hole after fsverity
+ * descriptor is the end of the fsverity metadata.
+ *
+ * 2. This folio contains merkle tree blocks which need to be
+ * synthesized. If we already have fsverity info (ctx->vi)
+ * synthesize these blocks.
+ */
+ if ((iomap->flags & IOMAP_F_FSVERITY) &&
+ iomap->type == IOMAP_HOLE) {
+ if (ctx->vi)
+ fsverity_fill_zerohash(folio, poff, plen,
+ ctx->vi);
+ iomap_set_range_uptodate(folio, poff, plen);
+ } else if (iomap_block_needs_zeroing(iter, pos)) {
+ /* zero post-eof blocks as the page may be mapped */
folio_zero_range(folio, poff, plen);
+ if (ctx->vi &&
+ !fsverity_verify_blocks(ctx->vi, folio, plen, poff))
+ return -EIO;
iomap_set_range_uptodate(folio, poff, plen);
} else {
if (!*bytes_submitted)
@@ -614,6 +633,15 @@ void iomap_read_folio(const struct iomap_ops *ops,
trace_iomap_readpage(iter.inode, 1);
+ /*
+ * Fetch fsverity_info for both data and fsverity metadata, as iomap
+ * needs zeroed hash for merkle tree block synthesis
+ */
+ ctx->vi = fsverity_get_info(iter.inode);
+ if (ctx->vi && iter.pos < i_size_read(iter.inode))
+ fsverity_readahead(ctx->vi, folio->index,
+ folio_nr_pages(folio));
+
while ((ret = iomap_iter(&iter, ops)) > 0)
iter.status = iomap_read_folio_iter(&iter, ctx,
&bytes_submitted);
@@ -681,6 +709,15 @@ void iomap_readahead(const struct iomap_ops *ops,
trace_iomap_readahead(rac->mapping->host, readahead_count(rac));
+ /*
+ * Fetch fsverity_info for both data and fsverity metadata, as iomap
+ * needs zeroed hash for merkle tree block synthesis
+ */
+ ctx->vi = fsverity_get_info(iter.inode);
+ if (ctx->vi && iter.pos < i_size_read(iter.inode))
+ fsverity_readahead(ctx->vi, readahead_index(rac),
+ readahead_count(rac));
+
while (iomap_iter(&iter, ops) > 0)
iter.status = iomap_readahead_iter(&iter, ctx,
&cur_bytes_submitted);
diff --git a/include/linux/iomap.h b/include/linux/iomap.h
index 4506a99d5285..4d9202cae29f 100644
--- a/include/linux/iomap.h
+++ b/include/linux/iomap.h
@@ -435,6 +435,7 @@ struct iomap_ioend {
loff_t io_offset; /* offset in the file */
sector_t io_sector; /* start sector of ioend */
void *io_private; /* file system private data */
+ struct fsverity_info *io_vi; /* fsverity info */
struct bio io_bio; /* MUST BE LAST! */
};
@@ -509,6 +510,7 @@ struct iomap_read_folio_ctx {
struct readahead_control *rac;
void *read_ctx;
loff_t read_ctx_file_offset;
+ struct fsverity_info *vi;
};
struct iomap_read_ops {
--
2.51.2
next prev parent reply other threads:[~2026-03-31 21:28 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-31 21:28 [PATCH v6 00/22] fs-verity support for XFS with post EOF merkle tree Andrey Albershteyn
2026-03-31 21:28 ` [PATCH v6 01/22] fsverity: report validation errors through fserror to fsnotify Andrey Albershteyn
2026-04-01 21:19 ` Eric Biggers
2026-03-31 21:28 ` [PATCH v6 02/22] fsverity: expose ensure_fsverity_info() Andrey Albershteyn
2026-04-01 6:27 ` Christoph Hellwig
2026-04-01 22:02 ` Eric Biggers
2026-04-02 14:02 ` Andrey Albershteyn
2026-03-31 21:28 ` [PATCH v6 03/22] fsverity: generate and store zero-block hash Andrey Albershteyn
2026-04-01 22:27 ` Eric Biggers
2026-04-02 14:47 ` Andrey Albershteyn
2026-03-31 21:28 ` [PATCH v6 04/22] fsverity: pass digest size and hash of the empty block to ->write Andrey Albershteyn
2026-04-01 23:36 ` Eric Biggers
2026-03-31 21:28 ` [PATCH v6 05/22] fsverity: hoist pagecache_read from f2fs/ext4 to fsverity Andrey Albershteyn
2026-04-01 23:44 ` Eric Biggers
2026-03-31 21:28 ` [PATCH v6 06/22] iomap: introduce IOMAP_F_FSVERITY and teach writeback to handle fsverity Andrey Albershteyn
2026-04-01 6:28 ` Christoph Hellwig
2026-03-31 21:28 ` Andrey Albershteyn [this message]
2026-03-31 23:30 ` [PATCH v6 07/22] iomap: teach iomap to read files with fsverity Darrick J. Wong
2026-04-01 6:30 ` Christoph Hellwig
2026-03-31 21:28 ` [PATCH v6 08/22] iomap: introduce iomap_fsverity_write() for writing fsverity metadata Andrey Albershteyn
2026-03-31 23:32 ` Darrick J. Wong
2026-03-31 21:28 ` [PATCH v6 09/22] xfs: introduce fsverity on-disk changes Andrey Albershteyn
2026-03-31 21:28 ` [PATCH v6 10/22] xfs: initialize fs-verity on file open Andrey Albershteyn
2026-03-31 21:28 ` [PATCH v6 11/22] xfs: don't allow to enable DAX on fs-verity sealed inode Andrey Albershteyn
2026-03-31 21:28 ` [PATCH v6 12/22] xfs: disable direct read path for fs-verity files Andrey Albershteyn
2026-03-31 21:28 ` [PATCH v6 13/22] xfs: handle fsverity I/O in write/read path Andrey Albershteyn
2026-03-31 21:28 ` [PATCH v6 14/22] xfs: use read ioend for fsverity data verification Andrey Albershteyn
2026-03-31 23:34 ` Darrick J. Wong
2026-03-31 21:28 ` [PATCH v6 15/22] xfs: add fs-verity support Andrey Albershteyn
2026-03-31 23:35 ` Darrick J. Wong
2026-04-01 23:57 ` Eric Biggers
2026-03-31 21:28 ` [PATCH v6 16/22] xfs: remove unwritten extents after preallocations in fsverity metadata Andrey Albershteyn
2026-03-31 23:36 ` Darrick J. Wong
2026-03-31 21:28 ` [PATCH v6 17/22] xfs: add fs-verity ioctls Andrey Albershteyn
2026-03-31 21:28 ` [PATCH v6 18/22] xfs: advertise fs-verity being available on filesystem Andrey Albershteyn
2026-03-31 21:28 ` [PATCH v6 19/22] xfs: check and repair the verity inode flag state Andrey Albershteyn
2026-03-31 21:28 ` [PATCH v6 20/22] xfs: introduce health state for corrupted fsverity metadata Andrey Albershteyn
2026-03-31 21:28 ` [PATCH v6 21/22] xfs: add fsverity traces Andrey Albershteyn
2026-04-01 6:31 ` Christoph Hellwig
2026-04-01 13:19 ` Andrey Albershteyn
2026-03-31 21:28 ` [PATCH v6 22/22] xfs: enable ro-compat fs-verity flag Andrey Albershteyn
2026-04-01 6:32 ` Christoph Hellwig
2026-04-01 6:32 ` [PATCH v6 00/22] fs-verity support for XFS with post EOF merkle tree Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260331212827.2631020-8-aalbersh@kernel.org \
--to=aalbersh@kernel.org \
--cc=djwong@kernel.org \
--cc=ebiggers@kernel.org \
--cc=fsverity@lists.linux.dev \
--cc=hch@lst.de \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox