From: Andrey Albershteyn <aalbersh@kernel.org>
To: linux-xfs@vger.kernel.org, fsverity@lists.linux.dev,
linux-fsdevel@vger.kernel.org, ebiggers@kernel.org
Cc: Andrey Albershteyn <aalbersh@kernel.org>,
hch@lst.de, linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-btrfs@vger.kernel.org, djwong@kernel.org
Subject: [PATCH v5 23/25] xfs: introduce health state for corrupted fsverity metadata
Date: Thu, 19 Mar 2026 18:02:10 +0100 [thread overview]
Message-ID: <20260319170231.1455553-24-aalbersh@kernel.org> (raw)
In-Reply-To: <20260319170231.1455553-1-aalbersh@kernel.org>
Report corrupted fsverity descriptor through health system.
Signed-off-by: Andrey Albershteyn <aalbersh@kernel.org>
Reviewed-by: "Darrick J. Wong" <djwong@kernel.org>
---
fs/xfs/libxfs/xfs_fs.h | 1 +
fs/xfs/libxfs/xfs_health.h | 4 +++-
fs/xfs/xfs_fsverity.c | 13 ++++++++++---
fs/xfs/xfs_health.c | 1 +
4 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/fs/xfs/libxfs/xfs_fs.h b/fs/xfs/libxfs/xfs_fs.h
index ebf17a0b0722..cece31ecee81 100644
--- a/fs/xfs/libxfs/xfs_fs.h
+++ b/fs/xfs/libxfs/xfs_fs.h
@@ -422,6 +422,7 @@ struct xfs_bulkstat {
#define XFS_BS_SICK_SYMLINK (1 << 6) /* symbolic link remote target */
#define XFS_BS_SICK_PARENT (1 << 7) /* parent pointers */
#define XFS_BS_SICK_DIRTREE (1 << 8) /* directory tree structure */
+#define XFS_BS_SICK_FSVERITY (1 << 9) /* fsverity metadata */
/*
* Project quota id helpers (previously projid was 16bit only
diff --git a/fs/xfs/libxfs/xfs_health.h b/fs/xfs/libxfs/xfs_health.h
index 1d45cf5789e8..932b447190da 100644
--- a/fs/xfs/libxfs/xfs_health.h
+++ b/fs/xfs/libxfs/xfs_health.h
@@ -104,6 +104,7 @@ struct xfs_rtgroup;
/* Don't propagate sick status to ag health summary during inactivation */
#define XFS_SICK_INO_FORGET (1 << 12)
#define XFS_SICK_INO_DIRTREE (1 << 13) /* directory tree structure */
+#define XFS_SICK_INO_FSVERITY (1 << 14) /* fsverity metadata */
/* Primary evidence of health problems in a given group. */
#define XFS_SICK_FS_PRIMARY (XFS_SICK_FS_COUNTERS | \
@@ -140,7 +141,8 @@ struct xfs_rtgroup;
XFS_SICK_INO_XATTR | \
XFS_SICK_INO_SYMLINK | \
XFS_SICK_INO_PARENT | \
- XFS_SICK_INO_DIRTREE)
+ XFS_SICK_INO_DIRTREE | \
+ XFS_SICK_INO_FSVERITY)
#define XFS_SICK_INO_ZAPPED (XFS_SICK_INO_BMBTD_ZAPPED | \
XFS_SICK_INO_BMBTA_ZAPPED | \
diff --git a/fs/xfs/xfs_fsverity.c b/fs/xfs/xfs_fsverity.c
index b193009a1bdb..ecc66ee8bac5 100644
--- a/fs/xfs/xfs_fsverity.c
+++ b/fs/xfs/xfs_fsverity.c
@@ -84,16 +84,23 @@ xfs_fsverity_get_descriptor(
return error;
desc_size = be32_to_cpu(d_desc_size);
- if (XFS_IS_CORRUPT(mp, desc_size > FS_VERITY_MAX_DESCRIPTOR_SIZE))
+ if (XFS_IS_CORRUPT(mp, desc_size > FS_VERITY_MAX_DESCRIPTOR_SIZE)) {
+ xfs_inode_mark_sick(XFS_I(inode), XFS_SICK_INO_FSVERITY);
return -ERANGE;
- if (XFS_IS_CORRUPT(mp, desc_size > desc_size_pos))
+ }
+
+ if (XFS_IS_CORRUPT(mp, desc_size > desc_size_pos)) {
+ xfs_inode_mark_sick(XFS_I(inode), XFS_SICK_INO_FSVERITY);
return -ERANGE;
+ }
if (!buf_size)
return desc_size;
- if (XFS_IS_CORRUPT(mp, desc_size > buf_size))
+ if (XFS_IS_CORRUPT(mp, desc_size > buf_size)) {
+ xfs_inode_mark_sick(XFS_I(inode), XFS_SICK_INO_FSVERITY);
return -ERANGE;
+ }
desc_pos = round_down(desc_size_pos - desc_size, blocksize);
error = fsverity_pagecache_read(inode, buf, desc_size, desc_pos);
diff --git a/fs/xfs/xfs_health.c b/fs/xfs/xfs_health.c
index 239b843e83d4..be66760fb120 100644
--- a/fs/xfs/xfs_health.c
+++ b/fs/xfs/xfs_health.c
@@ -625,6 +625,7 @@ static const struct ioctl_sick_map ino_map[] = {
{ XFS_SICK_INO_DIR_ZAPPED, XFS_BS_SICK_DIR },
{ XFS_SICK_INO_SYMLINK_ZAPPED, XFS_BS_SICK_SYMLINK },
{ XFS_SICK_INO_DIRTREE, XFS_BS_SICK_DIRTREE },
+ { XFS_SICK_INO_FSVERITY, XFS_BS_SICK_FSVERITY },
};
/* Fill out bulkstat health info. */
--
2.51.2
next prev parent reply other threads:[~2026-03-19 17:03 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-19 17:01 [PATCH v5 00/25] fs-verity support for XFS with post EOF merkle tree Andrey Albershteyn
2026-03-19 17:01 ` [PATCH v5 01/25] fsverity: report validation errors through fserror to fsnotify Andrey Albershteyn
2026-03-19 17:15 ` Darrick J. Wong
2026-03-25 7:54 ` Christoph Hellwig
2026-03-25 11:41 ` Andrey Albershteyn
2026-03-25 16:02 ` Darrick J. Wong
2026-03-26 6:20 ` Christoph Hellwig
2026-03-19 17:01 ` [PATCH v5 02/25] fsverity: expose ensure_fsverity_info() Andrey Albershteyn
2026-03-25 7:56 ` Christoph Hellwig
2026-03-19 17:01 ` [PATCH v5 03/25] fsverity: generate and store zero-block hash Andrey Albershteyn
2026-03-25 7:57 ` Christoph Hellwig
2026-03-25 12:03 ` Andrey Albershteyn
2026-03-25 16:07 ` Darrick J. Wong
2026-03-19 17:01 ` [PATCH v5 04/25] fsverity: introduce fsverity_folio_zero_hash() Andrey Albershteyn
2026-03-25 7:57 ` Christoph Hellwig
2026-03-19 17:01 ` [PATCH v5 05/25] fsverity: pass digest size and hash of the empty block to ->write Andrey Albershteyn
2026-03-19 17:01 ` [PATCH v5 06/25] fsverity: hoist pagecache_read from f2fs/ext4 to fsverity Andrey Albershteyn
2026-03-25 7:58 ` Christoph Hellwig
2026-03-19 17:01 ` [PATCH v5 07/25] iomap: introduce IOMAP_F_FSVERITY and teach writeback to handle fsverity Andrey Albershteyn
2026-03-25 8:00 ` Christoph Hellwig
2026-03-25 12:38 ` Andrey Albershteyn
2026-03-25 16:26 ` Darrick J. Wong
2026-03-19 17:01 ` [PATCH v5 08/25] iomap: obtain fsverity info for read path Andrey Albershteyn
2026-03-19 17:01 ` [PATCH v5 09/25] iomap: issue readahead for fsverity merkle tree Andrey Albershteyn
2026-03-25 8:04 ` Christoph Hellwig
2026-03-25 12:08 ` Andrey Albershteyn
2026-03-19 17:01 ` [PATCH v5 10/25] iomap: teach iomap to handle fsverity holes and verify data holes Andrey Albershteyn
2026-03-25 16:29 ` Darrick J. Wong
2026-03-19 17:01 ` [PATCH v5 11/25] iomap: introduce iomap_fsverity_write() for writing fsverity metadata Andrey Albershteyn
2026-03-25 8:05 ` Christoph Hellwig
2026-03-19 17:01 ` [PATCH v5 12/25] xfs: introduce fsverity on-disk changes Andrey Albershteyn
2026-03-25 8:05 ` Christoph Hellwig
2026-03-19 17:02 ` [PATCH v5 13/25] xfs: initialize fs-verity on file open Andrey Albershteyn
2026-03-25 8:06 ` Christoph Hellwig
2026-03-19 17:02 ` [PATCH v5 14/25] xfs: don't allow to enable DAX on fs-verity sealed inode Andrey Albershteyn
2026-03-25 8:06 ` Christoph Hellwig
2026-03-19 17:02 ` [PATCH v5 15/25] xfs: disable direct read path for fs-verity files Andrey Albershteyn
2026-03-25 8:06 ` Christoph Hellwig
2026-03-19 17:02 ` [PATCH v5 16/25] xfs: handle fsverity I/O in write/read path Andrey Albershteyn
2026-03-25 8:07 ` Christoph Hellwig
2026-03-19 17:02 ` [PATCH v5 17/25] xfs: use read ioend for fsverity data verification Andrey Albershteyn
2026-03-25 8:07 ` Christoph Hellwig
2026-03-19 17:02 ` [PATCH v5 18/25] xfs: add fs-verity support Andrey Albershteyn
2026-03-25 8:08 ` Christoph Hellwig
2026-03-19 17:02 ` [PATCH v5 19/25] xfs: remove unwritten extents after preallocations in fsverity metadata Andrey Albershteyn
2026-03-25 8:09 ` Christoph Hellwig
2026-03-19 17:02 ` [PATCH v5 20/25] xfs: add fs-verity ioctls Andrey Albershteyn
2026-03-25 8:09 ` Christoph Hellwig
2026-03-19 17:02 ` [PATCH v5 21/25] xfs: advertise fs-verity being available on filesystem Andrey Albershteyn
2026-03-25 8:10 ` Christoph Hellwig
2026-03-19 17:02 ` [PATCH v5 22/25] xfs: check and repair the verity inode flag state Andrey Albershteyn
2026-03-25 8:10 ` Christoph Hellwig
2026-03-19 17:02 ` Andrey Albershteyn [this message]
2026-03-25 8:10 ` [PATCH v5 23/25] xfs: introduce health state for corrupted fsverity metadata Christoph Hellwig
2026-03-19 17:02 ` [PATCH v5 24/25] xfs: add fsverity traces Andrey Albershteyn
2026-03-19 17:02 ` [PATCH v5 25/25] xfs: enable ro-compat fs-verity flag Andrey Albershteyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260319170231.1455553-24-aalbersh@kernel.org \
--to=aalbersh@kernel.org \
--cc=djwong@kernel.org \
--cc=ebiggers@kernel.org \
--cc=fsverity@lists.linux.dev \
--cc=hch@lst.de \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox