From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 737E638423A; Mon, 20 Apr 2026 11:47:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776685661; cv=none; b=f08v5RCs3X3IenfNI3VyvXEh7q6rSrNZXWR+acChEkZeyrH4E72Wj80RQ6bM/yu5yCVtCM4q9OMCV2K7IeSyUxbT6hSva5ECF2015Ig/KYA/oLtB0BdSuWjo0d8wRTYXwgCq6GHqi8ApCIRVuHcsXd4Pk9/METSeAO73eN+B0Ek= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776685661; c=relaxed/simple; bh=5N+dWqoeOYxeisPRy5znoys7rfHJB7cC5xNXENMMBQQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=e/t2HoYmA7OInjy61omXSBd59iPtJzXq+yicrvbJ/natjRGIMirXa3/LZKr+6gby/PTBxiBRgwKaDXBTEsofMOT6AEMDaOwrgqkSyhQqoIKmQ8KbH1hz5SBTBVhKZrEbBErnTUgXqSTFoyAGplDmAQ1jX6h3aL+DmmBZixZEP88= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ZQtu/+/A; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ZQtu/+/A" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9C19AC19425; Mon, 20 Apr 2026 11:47:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1776685661; bh=5N+dWqoeOYxeisPRy5znoys7rfHJB7cC5xNXENMMBQQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZQtu/+/AejGtcgdvO/yXm4thjRzxIAMK5jj4bgfLpzaKWlIpornw7FVenkndYmW1Y 97VxGxP7iGb5rEgZ3BbTjwYt5hYGD+j/N7QDI761pQ6M+imDwg1zlePqskEwIVS39c fp4xiuazyfyffCQvzswV0yq7KRg9BDWOvwBemqcCOr5WmHDDwQQqaqvC41qdH3/nuo pWs3ciDwyNuxLuY5S7kuy6fTlD3EQ+ezUYNYSmPIhNHIl3cZxxVf98GOgiQcVJIi13 EojNzPxew0uE6WZSdX6b5/n6/ge/3+GVerH6gPDN+MG0xLQkssFG+ijzjxOjyXQA/U 4T4eFYQfvNvtQ== From: Andrey Albershteyn To: linux-xfs@vger.kernel.org, fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org, ebiggers@kernel.org Cc: Andrey Albershteyn , hch@lst.de, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-btrfs@vger.kernel.org, linux-unionfs@vger.kernel.org, djwong@kernel.org Subject: [PATCH v8 02/22] fsverity: expose ensure_fsverity_info() Date: Mon, 20 Apr 2026 13:46:49 +0200 Message-ID: <20260420114714.1621982-3-aalbersh@kernel.org> X-Mailer: git-send-email 2.51.2 In-Reply-To: <20260420114714.1621982-1-aalbersh@kernel.org> References: <20260420114714.1621982-1-aalbersh@kernel.org> Precedence: bulk X-Mailing-List: linux-ext4@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit This function will be used by XFS's scrub to force fsverity activation, therefore, to read fsverity context. Reviewed-by: Darrick J. Wong Acked-by: Eric Biggers Signed-off-by: Andrey Albershteyn --- fs/verity/open.c | 22 ++++++++++++++++++++-- include/linux/fsverity.h | 2 ++ 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/fs/verity/open.c b/fs/verity/open.c index dfa0d1afe0fe..d32d0899df25 100644 --- a/fs/verity/open.c +++ b/fs/verity/open.c @@ -344,7 +344,24 @@ int fsverity_get_descriptor(struct inode *inode, return 0; } -static int ensure_verity_info(struct inode *inode) +/** + * fsverity_ensure_verity_info() - cache verity info if it's not already cached + * @inode: the inode for which verity info should be cached + * + * Ensure this inode has verity info attached to it, it's assumed the inode + * already has fsverity enabled. Read fsverity descriptor and creates verity + * based on that. + * + * This needs to be called at least once before any of the inode's data + * can be verified (and thus read at all) or the inode's fsverity digest + * retrieved. fsverity_file_open() calls this already, which handles + * normal file accesses. If a filesystem does any internal (i.e. not + * associated with a file descriptor) reads of the file's data or + * fsverity digest, it must call this explicitly before doing so. + * + * Return: 0 on success, -errno on failure + */ +int fsverity_ensure_verity_info(struct inode *inode) { struct fsverity_info *vi = fsverity_get_info(inode), *found; struct fsverity_descriptor *desc; @@ -380,12 +397,13 @@ static int ensure_verity_info(struct inode *inode) kfree(desc); return err; } +EXPORT_SYMBOL_GPL(fsverity_ensure_verity_info); int __fsverity_file_open(struct inode *inode, struct file *filp) { if (filp->f_mode & FMODE_WRITE) return -EPERM; - return ensure_verity_info(inode); + return fsverity_ensure_verity_info(inode); } EXPORT_SYMBOL_GPL(__fsverity_file_open); diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h index a8f9aa75b792..5562271bd628 100644 --- a/include/linux/fsverity.h +++ b/include/linux/fsverity.h @@ -309,6 +309,8 @@ static inline int fsverity_file_open(struct inode *inode, struct file *filp) return 0; } +int fsverity_ensure_verity_info(struct inode *inode); + void fsverity_cleanup_inode(struct inode *inode); struct page *generic_read_merkle_tree_page(struct inode *inode, pgoff_t index); -- 2.51.2