Re: [PATCH] fsverity: support block-based Merkle tree caching

[Eric Biggers <ebiggers@kernel.org>]

On Fri, May 31, 2024 at 02:32:12PM -0700, Darrick J. Wong wrote:
> On Tue, May 14, 2024 at 06:53:20PM -0700, Eric Biggers wrote:
> > From: Eric Biggers <ebiggers@google.com>
> > 
> > Currently fs/verity/ assumes that filesystems cache Merkle tree blocks
> > in the page cache.  Specifically, it requires that filesystems provide a
> > ->read_merkle_tree_page() method which returns a page of blocks.  It
> > also stores the "is the block verified" flag in PG_checked, or (if there
> > are multiple blocks per page) in a bitmap, with PG_checked used to
> > detect cache evictions instead.  This solution is specific to the page
> > cache, as a different cache would store the flag in a different way.
> > 
> > To allow XFS to use a custom Merkle tree block cache, this patch
> > refactors the Merkle tree caching interface to be based around the
> > concept of reading and dropping blocks (not pages), where the storage of
> > the "is the block verified" flag is up to the implementation.
> > 
> > The existing pagecache based solution, used by ext4, f2fs, and btrfs, is
> > reimplemented using this interface.
> > 
> > Co-developed-by: Andrey Albershteyn <aalbersh@redhat.com>
> > Signed-off-by: Andrey Albershteyn <aalbersh@redhat.com>
> > Co-developed-by: Darrick J. Wong <djwong@kernel.org>
> > Signed-off-by: Darrick J. Wong <djwong@kernel.org>
> > Signed-off-by: Eric Biggers <ebiggers@google.com>
> > ---
> > 
> > This reworks the block-based caching patch to clean up many different
> > things, including putting the pagecache based caching behind the same
> > interface as suggested by Christoph.
> 
> I gather this means that you ported btrfs/f2fs/ext4 to use the read/drop
> merkle_tree_block interfaces?

Yes, this patch does that.

> >                                       This applies to mainline commit
> > a5131c3fdf26.  It corresponds to the following patches in Darrick's v5.6
> > patchset:
> > 
> >     fsverity: convert verification to use byte instead of page offsets
> >     fsverity: support block-based Merkle tree caching
> >     fsverity: pass the merkle tree block level to fsverity_read_merkle_tree_block
> >     fsverity: pass the zero-hash value to the implementation
> > 
> > (I don't really understand the split between the first two, as I see
> > them as being logically part of the same change.  The new parameters
> > would make sense to split out though.)
> 
> I separated the first two to reduce the mental burden of rebasing these
> patches against new -rc1 kernels.  It's a lot less effort if one only
> has to concentrate on one aspect at a time.  You might have heard that
> it's difficult to add an xfs feature without it taking multiple kernel
> cycles.
> 
> (That said, 6.10 wasn't bad at all.)
> 

I'd be glad to start applying some of the fsverity patches for 6.11.  This one
seems good to me (if it's revised to split the new parameters back into separate
patches again), but it only really makes sense if XFS is going to use it, and
that seems uncertain now.  Either way though, we could go ahead with the
workqueue change, FS_XFLAG_VERITY, and tracepoints.

- Eric