From: Andrey Albershteyn <aalbersh@redhat.com>
To: fsverity@lists.linux.dev, linux-xfs@vger.kernel.org,
ebiggers@kernel.org, linux-fsdevel@vger.kernel.org,
aalbersh@kernel.org, aalbersh@redhat.com, djwong@kernel.org
Cc: djwong@kernel.org, david@fromorbit.com, hch@lst.de
Subject: [PATCH v2 0/23] fs-verity support for XFS with post EOF merkle tree
Date: Mon, 12 Jan 2026 15:49:44 +0100 [thread overview]
Message-ID: <cover.1768229271.patch-series@thinky> (raw)
Hi all,
This patch series adds fs-verity support for XFS. This version stores
merkle tree beyond end of the file, the same way as ext4 does it. The
verity descriptor is stored at the tail of the merkle tree.
The patchset starts with a few fs-verity preparation patches. Then, a few
patches to allow iomap to work in post EOF region. The XFS fs-verity
implementation follows.
Preallocations. The preallocations are disabled for fs-verity files. If
inode is fs-verity one the allocation size is set to zero. This is fine
as the only writing happening is merkle tree data and descriptor. It
would be nice to allocate tree size on first write, this could be
improved in the future.
The tree is read by iomap into page cache at offset 1 << 53. This is far
enough to handle any supported file size.
Testing. The -g verity is passing for 1k, 8k and 4k with/without quota,
the tests include different merkle tree block size.
Feedback is welcomed :)
xfsprogs:
https://github.com/alberand/xfsprogs/tree/b4/fsverity
xfstests:
https://github.com/alberand/xfstests/tree/b4/fsverity
Cc: fsverity@lists.linux.dev
Cc: linux-fsdevel@vger.kernel.org
Cc: linux-xfs@vger.kernel.org
Cc: david@fromorbit.com
Cc: djwong@kernel.org
Cc: ebiggers@kernel.org
Cc: hch@lst.de
Andrey Albershteyn <aalbersh@kernel.org>:
fsverity: expose ensure_fsverity_info()
iomap: introduce IOMAP_F_BEYOND_EOF
iomap: allow iomap_file_buffered_write() take iocb without file
iomap: integrate fs-verity verification into iomap's read path
xfs: add fs-verity ro-compat flag
xfs: add inode on-disk VERITY flag
xfs: initialize fs-verity on file open and cleanup on inode destruction
xfs: don't allow to enable DAX on fs-verity sealed inode
xfs: disable direct read path for fs-verity files
xfs: add verity info pointer to xfs inode
xfs: introduce XFS_FSVERITY_CONSTRUCTION inode flag
xfs: introduce XFS_FSVERITY_REGION_START constant
xfs: disable preallocations for fsverity Merkle tree writes
xfs: add writeback and iomap reading of Merkle tree pages
xfs: add fs-verity support
xfs: add fs-verity ioctls
xfs: add fsverity traces
xfs: enable ro-compat fs-verity flag
Darrick J. Wong <djwong@kernel.org>:
fsverity: report validation errors back to the filesystem
xfs: advertise fs-verity being available on filesystem
xfs: check and repair the verity inode flag state
xfs: report verity failures through the health system
Diffstat:
fs/iomap/bio.c | 66 +++++++++++++++++++++++++---
fs/iomap/buffered-io.c | 31 ++++++++++---
fs/iomap/ioend.c | 41 ++++++++++++++++-
fs/iomap/trace.h | 3 +-
fs/verity/open.c | 4 +-
fs/verity/verify.c | 4 +
fs/xfs/Makefile | 1 +
fs/xfs/libxfs/xfs_format.h | 13 +++--
fs/xfs/libxfs/xfs_fs.h | 24 ++++++++++
fs/xfs/libxfs/xfs_health.h | 4 +-
fs/xfs/libxfs/xfs_inode_buf.c | 8 +++
fs/xfs/libxfs/xfs_inode_util.c | 2 +
fs/xfs/libxfs/xfs_sb.c | 4 +
fs/xfs/scrub/attr.c | 7 +++
fs/xfs/scrub/common.c | 53 +++++++++++++++++++++++
fs/xfs/scrub/common.h | 2 +
fs/xfs/scrub/inode.c | 7 +++
fs/xfs/scrub/inode_repair.c | 36 +++++++++++++++
fs/xfs/xfs_aops.c | 20 +++++++-
fs/xfs/xfs_bmap_util.c | 7 +++
fs/xfs/xfs_file.c | 23 ++++++++--
fs/xfs/xfs_fsverity.c | 395 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
fs/xfs/xfs_fsverity.h | 12 +++++
fs/xfs/xfs_health.c | 1 +
fs/xfs/xfs_icache.c | 3 +
fs/xfs/xfs_inode.h | 11 ++++
fs/xfs/xfs_ioctl.c | 16 +++++++
fs/xfs/xfs_iomap.c | 28 ++++++++++--
fs/xfs/xfs_iops.c | 4 +
fs/xfs/xfs_message.c | 4 +
fs/xfs/xfs_message.h | 1 +
fs/xfs/xfs_mount.h | 2 +
fs/xfs/xfs_super.c | 16 +++++++
fs/xfs/xfs_trace.h | 46 ++++++++++++++++++++
include/linux/fsverity.h | 16 +++++++
include/linux/iomap.h | 16 +++++++
include/trace/events/fsverity.h | 19 ++++++++
37 files changed, 924 insertions(+), 26 deletions(-)
--
- Andrey
next reply other threads:[~2026-01-12 14:49 UTC|newest]
Thread overview: 86+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-12 14:49 Andrey Albershteyn [this message]
2026-01-12 14:49 ` [PATCH v2 1/22] fsverity: report validation errors back to the filesystem Darrick J. Wong
2026-01-13 1:29 ` Darrick J. Wong
2026-01-13 8:09 ` Christoph Hellwig
2026-01-13 10:27 ` Andrey Albershteyn
2026-01-13 17:52 ` Darrick J. Wong
2026-01-12 14:49 ` [PATCH v2 2/22] fsverity: expose ensure_fsverity_info() Andrey Albershteyn
2026-01-12 22:05 ` Darrick J. Wong
2026-01-12 14:50 ` [PATCH v2 3/22] iomap: introduce IOMAP_F_BEYOND_EOF Andrey Albershteyn
2026-01-12 22:18 ` Darrick J. Wong
2026-01-12 22:31 ` Darrick J. Wong
2026-01-13 10:39 ` Andrey Albershteyn
2026-01-13 8:12 ` Christoph Hellwig
2026-01-13 10:50 ` Andrey Albershteyn
2026-01-13 16:22 ` Christoph Hellwig
2026-01-13 17:57 ` Darrick J. Wong
2026-01-16 21:52 ` Matthew Wilcox
2026-01-17 2:11 ` Darrick J. Wong
2026-01-12 14:50 ` [PATCH v2 4/22] iomap: allow iomap_file_buffered_write() take iocb without file Andrey Albershteyn
2026-01-12 22:22 ` Darrick J. Wong
2026-01-13 8:15 ` Christoph Hellwig
2026-01-13 10:53 ` Andrey Albershteyn
2026-01-13 16:43 ` Matthew Wilcox
2026-01-14 4:49 ` Matthew Wilcox
2026-01-14 6:41 ` Christoph Hellwig
2026-01-14 16:43 ` Darrick J. Wong
2026-01-12 14:50 ` [PATCH v2 5/22] iomap: integrate fs-verity verification into iomap's read path Andrey Albershteyn
2026-01-12 22:35 ` Darrick J. Wong
2026-01-13 11:16 ` Andrey Albershteyn
2026-01-13 16:23 ` Christoph Hellwig
2026-01-13 8:19 ` Christoph Hellwig
2026-01-12 14:50 ` [PATCH v2 6/22] xfs: add fs-verity ro-compat flag Andrey Albershteyn
2026-01-12 14:50 ` [PATCH v2 7/22] xfs: add inode on-disk VERITY flag Andrey Albershteyn
2026-01-12 14:50 ` [PATCH v2 8/22] xfs: initialize fs-verity on file open and cleanup on inode destruction Andrey Albershteyn
2026-01-12 14:50 ` [PATCH v2 9/22] xfs: don't allow to enable DAX on fs-verity sealed inode Andrey Albershteyn
2026-01-12 14:51 ` [PATCH v2 10/22] xfs: disable direct read path for fs-verity files Andrey Albershteyn
2026-01-13 8:20 ` Christoph Hellwig
2026-01-13 11:22 ` Andrey Albershteyn
2026-01-12 14:51 ` [PATCH v2 11/22] xfs: add verity info pointer to xfs inode Andrey Albershteyn
2026-01-12 22:39 ` Darrick J. Wong
2026-01-13 8:21 ` Christoph Hellwig
2026-01-13 18:02 ` Darrick J. Wong
2026-01-14 6:43 ` Christoph Hellwig
2026-01-12 14:51 ` [PATCH v2 12/22] xfs: introduce XFS_FSVERITY_CONSTRUCTION inode flag Andrey Albershteyn
2026-01-12 22:42 ` Darrick J. Wong
2026-01-13 11:24 ` Andrey Albershteyn
2026-01-12 14:51 ` [PATCH v2 13/22] xfs: introduce XFS_FSVERITY_REGION_START constant Andrey Albershteyn
2026-01-12 22:46 ` Darrick J. Wong
2026-01-13 12:23 ` Andrey Albershteyn
2026-01-13 18:06 ` Darrick J. Wong
2026-01-14 6:47 ` Christoph Hellwig
2026-01-14 7:59 ` Andrey Albershteyn
2026-01-14 16:50 ` Darrick J. Wong
2026-01-12 14:51 ` [PATCH v2 14/22] xfs: disable preallocations for fsverity Merkle tree writes Andrey Albershteyn
2026-01-12 22:49 ` Darrick J. Wong
2026-01-12 14:51 ` [PATCH v2 15/22] xfs: add writeback and iomap reading of Merkle tree pages Andrey Albershteyn
2026-01-12 22:51 ` Darrick J. Wong
2026-01-13 8:23 ` Christoph Hellwig
2026-01-13 12:31 ` Andrey Albershteyn
2026-01-12 14:51 ` [PATCH v2 16/22] xfs: add fs-verity support Andrey Albershteyn
2026-01-12 23:05 ` Darrick J. Wong
2026-01-13 18:32 ` Andrey Albershteyn
2026-01-14 16:40 ` Darrick J. Wong
2026-01-16 14:52 ` Andrey Albershteyn
2026-01-12 14:51 ` [PATCH v2 17/22] xfs: add fs-verity ioctls Andrey Albershteyn
2026-01-12 14:52 ` [PATCH v2 18/22] xfs: advertise fs-verity being available on filesystem Darrick J. Wong
2026-01-12 14:52 ` [PATCH v2 19/22] xfs: check and repair the verity inode flag state Darrick J. Wong
2026-01-12 14:52 ` [PATCH v2 20/22] xfs: report verity failures through the health system Darrick J. Wong
2026-01-12 14:52 ` [PATCH v2 21/22] xfs: add fsverity traces Andrey Albershteyn
2026-01-12 23:07 ` Darrick J. Wong
2026-01-12 14:52 ` [PATCH v2 22/22] xfs: enable ro-compat fs-verity flag Andrey Albershteyn
2026-01-13 16:36 ` [PATCH v2 0/23] fs-verity support for XFS with post EOF merkle tree Matthew Wilcox
2026-01-13 18:45 ` Andrey Albershteyn
2026-01-14 5:00 ` Matthew Wilcox
2026-01-14 6:15 ` Darrick J. Wong
2026-01-14 8:20 ` Andrey Albershteyn
2026-01-14 9:53 ` Andrey Albershteyn
2026-01-14 16:42 ` Darrick J. Wong
2026-01-19 6:33 ` fsverity metadata offset, was: " Christoph Hellwig
2026-01-19 19:32 ` Eric Biggers
2026-01-19 19:58 ` Darrick J. Wong
2026-01-20 7:32 ` Christoph Hellwig
2026-01-20 11:44 ` Andrey Albershteyn
2026-01-20 17:34 ` Darrick J. Wong
2026-01-21 15:03 ` Christoph Hellwig
2026-01-19 20:00 ` Matthew Wilcox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1768229271.patch-series@thinky \
--to=aalbersh@redhat.com \
--cc=aalbersh@kernel.org \
--cc=david@fromorbit.com \
--cc=djwong@kernel.org \
--cc=ebiggers@kernel.org \
--cc=fsverity@lists.linux.dev \
--cc=hch@lst.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox