[PATCH v7 02/22] fsverity: expose ensure_fsverity_info()

public inbox for linux-ext4@vger.kernel.org
 help / color / mirror / Atom feed

From: Andrey Albershteyn <aalbersh@kernel.org>
To: linux-xfs@vger.kernel.org, fsverity@lists.linux.dev,
	linux-fsdevel@vger.kernel.org, ebiggers@kernel.org
Cc: Andrey Albershteyn <aalbersh@kernel.org>,
	hch@lst.de, linux-ext4@vger.kernel.org,
	linux-f2fs-devel@lists.sourceforge.net,
	linux-btrfs@vger.kernel.org, djwong@kernel.org
Subject: [PATCH v7 02/22] fsverity: expose ensure_fsverity_info()
Date: Thu,  9 Apr 2026 15:13:34 +0200	[thread overview]
Message-ID: <20260409131404.1545834-3-aalbersh@kernel.org> (raw)
In-Reply-To: <20260409131404.1545834-1-aalbersh@kernel.org>

This function will be used by XFS's scrub to force fsverity activation,
therefore, to read fsverity context.

Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Acked-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Andrey Albershteyn <aalbersh@kernel.org>
---
 fs/verity/open.c         | 22 ++++++++++++++++++++--
 include/linux/fsverity.h |  2 ++
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/fs/verity/open.c b/fs/verity/open.c
index dfa0d1afe0fe..d32d0899df25 100644
--- a/fs/verity/open.c
+++ b/fs/verity/open.c
@@ -344,7 +344,24 @@ int fsverity_get_descriptor(struct inode *inode,
 	return 0;
 }
 
-static int ensure_verity_info(struct inode *inode)
+/**
+ * fsverity_ensure_verity_info() - cache verity info if it's not already cached
+ * @inode: the inode for which verity info should be cached
+ *
+ * Ensure this inode has verity info attached to it, it's assumed the inode
+ * already has fsverity enabled. Read fsverity descriptor and creates verity
+ * based on that.
+ *
+ * This needs to be called at least once before any of the inode's data
+ * can be verified (and thus read at all) or the inode's fsverity digest
+ * retrieved.  fsverity_file_open() calls this already, which handles
+ * normal file accesses.  If a filesystem does any internal (i.e. not
+ * associated with a file descriptor) reads of the file's data or
+ * fsverity digest, it must call this explicitly before doing so.
+ *
+ * Return: 0 on success, -errno on failure
+ */
+int fsverity_ensure_verity_info(struct inode *inode)
 {
 	struct fsverity_info *vi = fsverity_get_info(inode), *found;
 	struct fsverity_descriptor *desc;
@@ -380,12 +397,13 @@ static int ensure_verity_info(struct inode *inode)
 	kfree(desc);
 	return err;
 }
+EXPORT_SYMBOL_GPL(fsverity_ensure_verity_info);
 
 int __fsverity_file_open(struct inode *inode, struct file *filp)
 {
 	if (filp->f_mode & FMODE_WRITE)
 		return -EPERM;
-	return ensure_verity_info(inode);
+	return fsverity_ensure_verity_info(inode);
 }
 EXPORT_SYMBOL_GPL(__fsverity_file_open);
 
diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h
index a8f9aa75b792..5562271bd628 100644
--- a/include/linux/fsverity.h
+++ b/include/linux/fsverity.h
@@ -309,6 +309,8 @@ static inline int fsverity_file_open(struct inode *inode, struct file *filp)
 	return 0;
 }
 
+int fsverity_ensure_verity_info(struct inode *inode);
+
 void fsverity_cleanup_inode(struct inode *inode);
 
 struct page *generic_read_merkle_tree_page(struct inode *inode, pgoff_t index);
-- 
2.51.2

next prev parent reply	other threads:[~2026-04-09 13:14 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-09 13:13 [PATCH v7 00/22] fs-verity support for XFS with post EOF merkle tree Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 01/22] fsverity: report validation errors through fserror to fsnotify Andrey Albershteyn
2026-04-09 13:13 ` Andrey Albershteyn [this message]
2026-04-09 13:13 ` [PATCH v7 03/22] ovl: use core fsverity ensure info interface Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 04/22] fsverity: generate and store zero-block hash Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 05/22] fsverity: pass digest size and hash of the all-zeroes block to ->write Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 06/22] fsverity: hoist pagecache_read from f2fs/ext4 to fsverity Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 07/22] iomap: introduce IOMAP_F_FSVERITY and teach writeback to handle fsverity Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 08/22] iomap: teach iomap to read files with fsverity Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 09/22] iomap: introduce iomap_fsverity_write() for writing fsverity metadata Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 10/22] xfs: introduce fsverity on-disk changes Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 11/22] xfs: initialize fs-verity on file open Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 12/22] xfs: don't allow to enable DAX on fs-verity sealed inode Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 13/22] xfs: disable direct read path for fs-verity files Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 14/22] xfs: handle fsverity I/O in write/read path Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 15/22] xfs: use read ioend for fsverity data verification Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 16/22] xfs: add fs-verity support Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 17/22] xfs: remove unwritten extents after preallocations in fsverity metadata Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 18/22] xfs: add fs-verity ioctls Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 19/22] xfs: advertise fs-verity being available on filesystem Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 20/22] xfs: check and repair the verity inode flag state Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 21/22] xfs: introduce health state for corrupted fsverity metadata Andrey Albershteyn
2026-04-09 13:13 ` [PATCH v7 22/22] xfs: enable ro-compat fs-verity flag Andrey Albershteyn

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:dfa0d1afe0f dfblob:d32d0899df2 dfblob:a8f9aa75b79
dfblob:5562271bd62 )
 OR (
bs:"[PATCH v7 02/22] fsverity: expose ensure_fsverity_info()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260409131404.1545834-3-aalbersh@kernel.org \
    --to=aalbersh@kernel.org \
    --cc=djwong@kernel.org \
    --cc=ebiggers@kernel.org \
    --cc=fsverity@lists.linux.dev \
    --cc=hch@lst.de \
    --cc=linux-btrfs@vger.kernel.org \
    --cc=linux-ext4@vger.kernel.org \
    --cc=linux-f2fs-devel@lists.sourceforge.net \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-xfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox