From: "Darrick J. Wong" <djwong@kernel.org>
To: Andrey Albershteyn <aalbersh@kernel.org>
Cc: linux-xfs@vger.kernel.org, fsverity@lists.linux.dev,
linux-fsdevel@vger.kernel.org, ebiggers@kernel.org, hch@lst.de
Subject: Re: [PATCH v3 01/35] fsverity: report validation errors back to the filesystem
Date: Wed, 18 Feb 2026 13:40:37 -0800 [thread overview]
Message-ID: <20260218214037.GA6467@frogsfrogsfrogs> (raw)
In-Reply-To: <20260217231937.1183679-2-aalbersh@kernel.org>
On Wed, Feb 18, 2026 at 12:19:01AM +0100, Andrey Albershteyn wrote:
> From: "Darrick J. Wong" <djwong@kernel.org>
>
> Provide a new function call so that validation errors can be reported
> back to the filesystem.
>
> Signed-off-by: Darrick J. Wong <djwong@kernel.org>
> Signed-off-by: Andrey Albershteyn <aalbersh@kernel.org>
> ---
> fs/verity/verify.c | 4 ++++
> include/linux/fsverity.h | 14 ++++++++++++++
> include/trace/events/fsverity.h | 19 +++++++++++++++++++
> 3 files changed, 37 insertions(+)
>
> diff --git a/fs/verity/verify.c b/fs/verity/verify.c
> index 404ab68aaf9b..8f930b2ed9c0 100644
> --- a/fs/verity/verify.c
> +++ b/fs/verity/verify.c
> @@ -312,6 +312,10 @@ static bool verify_data_block(struct fsverity_info *vi,
> data_pos, level - 1, params->hash_alg->name, hsize, want_hash,
> params->hash_alg->name, hsize,
> level == 0 ? dblock->real_hash : real_hash);
> + trace_fsverity_file_corrupt(inode, data_pos, params->block_size);
> + if (inode->i_sb->s_vop->file_corrupt)
> + inode->i_sb->s_vop->file_corrupt(inode, data_pos,
> + params->block_size);
Once 7.0-rc1 lands you could turn this into:
fserror_report_data_lost(inode, data_pos, params->block_size,
GFP_WHATEVER);
--D
> error:
> for (; level > 0; level--) {
> kunmap_local(hblocks[level - 1].addr);
> diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h
> index fed91023bea9..d8b581e3ce48 100644
> --- a/include/linux/fsverity.h
> +++ b/include/linux/fsverity.h
> @@ -132,6 +132,20 @@ struct fsverity_operations {
> */
> int (*write_merkle_tree_block)(struct file *file, const void *buf,
> u64 pos, unsigned int size);
> +
> + /**
> + * Notify the filesystem that file data is corrupt.
> + *
> + * @inode: the inode being validated
> + * @pos: the file position of the invalid data
> + * @len: the length of the invalid data
> + *
> + * This function is called when fs-verity detects that a portion of a
> + * file's data is inconsistent with the Merkle tree, or a Merkle tree
> + * block needed to validate the data is inconsistent with the level
> + * above it.
> + */
> + void (*file_corrupt)(struct inode *inode, loff_t pos, size_t len);
> };
>
> #ifdef CONFIG_FS_VERITY
> diff --git a/include/trace/events/fsverity.h b/include/trace/events/fsverity.h
> index a8c52f21cbd5..0c842aaa4158 100644
> --- a/include/trace/events/fsverity.h
> +++ b/include/trace/events/fsverity.h
> @@ -140,6 +140,25 @@ TRACE_EVENT(fsverity_verify_merkle_block,
> __entry->hidx)
> );
>
> +TRACE_EVENT(fsverity_file_corrupt,
> + TP_PROTO(const struct inode *inode, loff_t pos, size_t len),
> + TP_ARGS(inode, pos, len),
> + TP_STRUCT__entry(
> + __field(ino_t, ino)
> + __field(loff_t, pos)
> + __field(size_t, len)
> + ),
> + TP_fast_assign(
> + __entry->ino = inode->i_ino;
> + __entry->pos = pos;
> + __entry->len = len;
> + ),
> + TP_printk("ino %lu pos %llu len %zu",
> + (unsigned long) __entry->ino,
> + __entry->pos,
> + __entry->len)
> +);
> +
> #endif /* _TRACE_FSVERITY_H */
>
> /* This part must be outside protection */
> --
> 2.51.2
>
>
next prev parent reply other threads:[~2026-02-18 21:40 UTC|newest]
Thread overview: 94+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-17 23:19 [PATCH v3 00/35] fs-verity support for XFS with post EOF merkle tree Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 01/35] fsverity: report validation errors back to the filesystem Andrey Albershteyn
2026-02-18 21:40 ` Darrick J. Wong [this message]
2026-02-17 23:19 ` [PATCH v3 02/35] fsverity: expose ensure_fsverity_info() Andrey Albershteyn
2026-02-18 21:41 ` Darrick J. Wong
2026-02-17 23:19 ` [PATCH v3 03/35] fsverity: add consolidated pagecache offset for metadata Andrey Albershteyn
2026-02-18 6:17 ` Christoph Hellwig
2026-02-18 21:57 ` Darrick J. Wong
2026-02-19 13:09 ` Andrey Albershteyn
2026-02-19 17:16 ` Darrick J. Wong
2026-02-17 23:19 ` [PATCH v3 04/35] fsverity: generate and store zero-block hash Andrey Albershteyn
2026-02-18 22:04 ` Darrick J. Wong
2026-02-19 13:00 ` Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 05/35] fsverity: introduce fsverity_folio_zero_hash() Andrey Albershteyn
2026-02-18 22:53 ` Darrick J. Wong
2026-02-19 12:45 ` Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 06/35] fsverity: pass digest size and hash of the empty block to ->write Andrey Albershteyn
2026-02-18 6:18 ` Christoph Hellwig
2026-02-18 12:17 ` Andrey Albershteyn
2026-02-19 5:58 ` Christoph Hellwig
2026-02-19 6:30 ` Eric Biggers
2026-02-23 13:23 ` Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 07/35] iomap: introduce IOMAP_F_FSVERITY Andrey Albershteyn
2026-02-18 23:03 ` Darrick J. Wong
2026-02-19 6:00 ` Christoph Hellwig
2026-02-19 6:04 ` Darrick J. Wong
2026-02-17 23:19 ` [PATCH v3 08/35] iomap: don't limit fsverity metadata by EOF in writeback Andrey Albershteyn
2026-02-18 23:05 ` Darrick J. Wong
2026-02-19 12:27 ` Andrey Albershteyn
2026-02-20 16:42 ` Matthew Wilcox
2026-02-20 16:44 ` Christoph Hellwig
2026-02-17 23:19 ` [PATCH v3 09/35] iomap: obtain fsverity info for read path Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 10/35] iomap: issue readahead for fsverity merkle tree Andrey Albershteyn
2026-02-18 23:06 ` Darrick J. Wong
2026-02-17 23:19 ` [PATCH v3 11/35] iomap: allow filesystem to read fsverity metadata beyound EOF Andrey Albershteyn
2026-02-18 6:36 ` Christoph Hellwig
2026-02-18 9:41 ` Andrey Albershteyn
2026-02-19 6:04 ` Christoph Hellwig
2026-02-19 11:11 ` Andrey Albershteyn
2026-02-19 13:38 ` Christoph Hellwig
2026-02-19 14:23 ` Andrey Albershteyn
2026-02-20 15:31 ` Christoph Hellwig
2026-02-23 15:10 ` Andrey Albershteyn
2026-02-24 14:42 ` Christoph Hellwig
2026-02-17 23:19 ` [PATCH v3 12/35] iomap: let fsverity verify holes Andrey Albershteyn
2026-02-18 23:09 ` Darrick J. Wong
2026-02-17 23:19 ` [PATCH v3 13/35] xfs: use folio host instead of file struct Andrey Albershteyn
2026-02-18 6:32 ` Christoph Hellwig
2026-02-18 9:42 ` Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 14/35] xfs: add fs-verity ro-compat flag Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 15/35] xfs: add inode on-disk VERITY flag Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 16/35] xfs: initialize fs-verity on file open Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 17/35] xfs: don't allow to enable DAX on fs-verity sealed inode Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 18/35] xfs: disable direct read path for fs-verity files Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 19/35] xfs: introduce XFS_FSVERITY_CONSTRUCTION inode flag Andrey Albershteyn
2026-02-18 23:10 ` Darrick J. Wong
2026-02-17 23:19 ` [PATCH v3 20/35] xfs: introduce XFS_FSVERITY_REGION_START constant Andrey Albershteyn
2026-02-18 6:33 ` Christoph Hellwig
2026-02-18 23:11 ` Darrick J. Wong
2026-02-17 23:19 ` [PATCH v3 21/35] xfs: disable preallocations for fsverity Merkle tree writes Andrey Albershteyn
2026-02-18 23:12 ` Darrick J. Wong
2026-02-17 23:19 ` [PATCH v3 22/35] xfs: add iomap write/writeback and reading of Merkle tree pages Andrey Albershteyn
2026-02-18 6:35 ` Christoph Hellwig
2026-02-18 10:18 ` Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 23/35] xfs: add helper to check that inode data need fsverity verification Andrey Albershteyn
2026-02-18 6:38 ` Christoph Hellwig
2026-02-18 9:46 ` Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 24/35] xfs: use read ioend for fsverity data verification Andrey Albershteyn
2026-02-18 6:39 ` Christoph Hellwig
2026-02-17 23:19 ` [PATCH v3 25/35] xfs: add helpers to convert between pagecache and on-disk offset Andrey Albershteyn
2026-02-18 23:20 ` Darrick J. Wong
2026-02-17 23:19 ` [PATCH v3 26/35] xfs: add a helper to decide if bmbt record needs offset conversion Andrey Albershteyn
2026-02-19 17:41 ` Darrick J. Wong
2026-02-17 23:19 ` [PATCH v3 27/35] xfs: use different on-disk and pagecache offset for fsverity Andrey Albershteyn
2026-02-19 19:30 ` Darrick J. Wong
2026-02-17 23:19 ` [PATCH v3 28/35] xfs: add fs-verity support Andrey Albershteyn
2026-02-18 6:44 ` Christoph Hellwig
2026-02-18 9:57 ` Andrey Albershteyn
2026-02-19 6:11 ` Christoph Hellwig
2026-02-19 9:51 ` Andrey Albershteyn
2026-02-19 13:41 ` Christoph Hellwig
2026-02-19 14:38 ` Andrey Albershteyn
2026-02-19 17:29 ` Darrick J. Wong
2026-02-17 23:19 ` [PATCH v3 29/35] xfs: add fs-verity ioctls Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 30/35] xfs: advertise fs-verity being available on filesystem Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 31/35] xfs: check and repair the verity inode flag state Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 32/35] xfs: report verity failures through the health system Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 33/35] xfs: introduce health state for corrupted fsverity metadata Andrey Albershteyn
2026-02-19 17:34 ` Darrick J. Wong
2026-02-23 18:19 ` Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 34/35] xfs: add fsverity traces Andrey Albershteyn
2026-02-19 17:36 ` Darrick J. Wong
2026-02-23 18:12 ` Andrey Albershteyn
2026-02-17 23:19 ` [PATCH v3 35/35] xfs: enable ro-compat fs-verity flag Andrey Albershteyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260218214037.GA6467@frogsfrogsfrogs \
--to=djwong@kernel.org \
--cc=aalbersh@kernel.org \
--cc=ebiggers@kernel.org \
--cc=fsverity@lists.linux.dev \
--cc=hch@lst.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox