From: Andrey Albershteyn <aalbersh@kernel.org>
To: linux-xfs@vger.kernel.org, fsverity@lists.linux.dev,
linux-fsdevel@vger.kernel.org, ebiggers@kernel.org
Cc: Andrey Albershteyn <aalbersh@kernel.org>,
hch@lst.de, linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-btrfs@vger.kernel.org, djwong@kernel.org
Subject: [PATCH v7 21/22] xfs: introduce health state for corrupted fsverity metadata
Date: Thu, 9 Apr 2026 15:13:53 +0200 [thread overview]
Message-ID: <20260409131404.1545834-22-aalbersh@kernel.org> (raw)
In-Reply-To: <20260409131404.1545834-1-aalbersh@kernel.org>
Report corrupted fsverity descriptor through health system.
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrey Albershteyn <aalbersh@kernel.org>
---
fs/xfs/libxfs/xfs_fs.h | 1 +
fs/xfs/libxfs/xfs_health.h | 4 +++-
fs/xfs/xfs_fsverity.c | 13 ++++++++++---
fs/xfs/xfs_health.c | 1 +
4 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/fs/xfs/libxfs/xfs_fs.h b/fs/xfs/libxfs/xfs_fs.h
index ebf17a0b0722..cece31ecee81 100644
--- a/fs/xfs/libxfs/xfs_fs.h
+++ b/fs/xfs/libxfs/xfs_fs.h
@@ -422,6 +422,7 @@ struct xfs_bulkstat {
#define XFS_BS_SICK_SYMLINK (1 << 6) /* symbolic link remote target */
#define XFS_BS_SICK_PARENT (1 << 7) /* parent pointers */
#define XFS_BS_SICK_DIRTREE (1 << 8) /* directory tree structure */
+#define XFS_BS_SICK_FSVERITY (1 << 9) /* fsverity metadata */
/*
* Project quota id helpers (previously projid was 16bit only
diff --git a/fs/xfs/libxfs/xfs_health.h b/fs/xfs/libxfs/xfs_health.h
index 1d45cf5789e8..932b447190da 100644
--- a/fs/xfs/libxfs/xfs_health.h
+++ b/fs/xfs/libxfs/xfs_health.h
@@ -104,6 +104,7 @@ struct xfs_rtgroup;
/* Don't propagate sick status to ag health summary during inactivation */
#define XFS_SICK_INO_FORGET (1 << 12)
#define XFS_SICK_INO_DIRTREE (1 << 13) /* directory tree structure */
+#define XFS_SICK_INO_FSVERITY (1 << 14) /* fsverity metadata */
/* Primary evidence of health problems in a given group. */
#define XFS_SICK_FS_PRIMARY (XFS_SICK_FS_COUNTERS | \
@@ -140,7 +141,8 @@ struct xfs_rtgroup;
XFS_SICK_INO_XATTR | \
XFS_SICK_INO_SYMLINK | \
XFS_SICK_INO_PARENT | \
- XFS_SICK_INO_DIRTREE)
+ XFS_SICK_INO_DIRTREE | \
+ XFS_SICK_INO_FSVERITY)
#define XFS_SICK_INO_ZAPPED (XFS_SICK_INO_BMBTD_ZAPPED | \
XFS_SICK_INO_BMBTA_ZAPPED | \
diff --git a/fs/xfs/xfs_fsverity.c b/fs/xfs/xfs_fsverity.c
index ef5cf97ad700..8ac810f0ffa1 100644
--- a/fs/xfs/xfs_fsverity.c
+++ b/fs/xfs/xfs_fsverity.c
@@ -84,16 +84,23 @@ xfs_fsverity_get_descriptor(
return error;
desc_size = be32_to_cpu(d_desc_size);
- if (XFS_IS_CORRUPT(mp, desc_size > FS_VERITY_MAX_DESCRIPTOR_SIZE))
+ if (XFS_IS_CORRUPT(mp, desc_size > FS_VERITY_MAX_DESCRIPTOR_SIZE)) {
+ xfs_inode_mark_sick(XFS_I(inode), XFS_SICK_INO_FSVERITY);
return -ERANGE;
- if (XFS_IS_CORRUPT(mp, desc_size > desc_size_pos))
+ }
+
+ if (XFS_IS_CORRUPT(mp, desc_size > desc_size_pos)) {
+ xfs_inode_mark_sick(XFS_I(inode), XFS_SICK_INO_FSVERITY);
return -ERANGE;
+ }
if (!buf_size)
return desc_size;
- if (XFS_IS_CORRUPT(mp, desc_size > buf_size))
+ if (XFS_IS_CORRUPT(mp, desc_size > buf_size)) {
+ xfs_inode_mark_sick(XFS_I(inode), XFS_SICK_INO_FSVERITY);
return -ERANGE;
+ }
desc_pos = round_down(desc_size_pos - desc_size, blocksize);
error = fsverity_pagecache_read(inode, buf, desc_size, desc_pos);
diff --git a/fs/xfs/xfs_health.c b/fs/xfs/xfs_health.c
index 239b843e83d4..be66760fb120 100644
--- a/fs/xfs/xfs_health.c
+++ b/fs/xfs/xfs_health.c
@@ -625,6 +625,7 @@ static const struct ioctl_sick_map ino_map[] = {
{ XFS_SICK_INO_DIR_ZAPPED, XFS_BS_SICK_DIR },
{ XFS_SICK_INO_SYMLINK_ZAPPED, XFS_BS_SICK_SYMLINK },
{ XFS_SICK_INO_DIRTREE, XFS_BS_SICK_DIRTREE },
+ { XFS_SICK_INO_FSVERITY, XFS_BS_SICK_FSVERITY },
};
/* Fill out bulkstat health info. */
--
2.51.2
next prev parent reply other threads:[~2026-04-09 13:15 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-09 13:13 [PATCH v7 00/22] fs-verity support for XFS with post EOF merkle tree Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 01/22] fsverity: report validation errors through fserror to fsnotify Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 02/22] fsverity: expose ensure_fsverity_info() Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 03/22] ovl: use core fsverity ensure info interface Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 04/22] fsverity: generate and store zero-block hash Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 05/22] fsverity: pass digest size and hash of the all-zeroes block to ->write Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 06/22] fsverity: hoist pagecache_read from f2fs/ext4 to fsverity Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 07/22] iomap: introduce IOMAP_F_FSVERITY and teach writeback to handle fsverity Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 08/22] iomap: teach iomap to read files with fsverity Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 09/22] iomap: introduce iomap_fsverity_write() for writing fsverity metadata Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 10/22] xfs: introduce fsverity on-disk changes Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 11/22] xfs: initialize fs-verity on file open Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 12/22] xfs: don't allow to enable DAX on fs-verity sealed inode Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 13/22] xfs: disable direct read path for fs-verity files Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 14/22] xfs: handle fsverity I/O in write/read path Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 15/22] xfs: use read ioend for fsverity data verification Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 16/22] xfs: add fs-verity support Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 17/22] xfs: remove unwritten extents after preallocations in fsverity metadata Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 18/22] xfs: add fs-verity ioctls Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 19/22] xfs: advertise fs-verity being available on filesystem Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 20/22] xfs: check and repair the verity inode flag state Andrey Albershteyn
2026-04-09 13:13 ` Andrey Albershteyn [this message]
2026-04-09 13:13 ` [PATCH v7 22/22] xfs: enable ro-compat fs-verity flag Andrey Albershteyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260409131404.1545834-22-aalbersh@kernel.org \
--to=aalbersh@kernel.org \
--cc=djwong@kernel.org \
--cc=ebiggers@kernel.org \
--cc=fsverity@lists.linux.dev \
--cc=hch@lst.de \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox