From: Andrey Albershteyn <aalbersh@redhat.com>
To: fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org,
linux-xfs@vger.kernel.org, david@fromorbit.com,
djwong@kernel.org, ebiggers@kernel.org, hch@lst.de
Cc: Andrey Albershteyn <aalbersh@redhat.com>,
Andrey Albershteyn <aalbersh@kernel.org>
Subject: [PATCH RFC 00/29] fs-verity support for XFS with post EOF merkle tree
Date: Mon, 28 Jul 2025 22:30:04 +0200 [thread overview]
Message-ID: <20250728-fsverity-v1-0-9e5443af0e34@kernel.org> (raw)
Hi all,
This patchset adds fs-verity support for XFS. This version store merkle
tree beyond end of the file, similar as ext4 does it.
The first two patches introduce new iomap_read/write interface in iomap.
The reasons are:
- it is not bound by EOF,
- the iomap_read_region() also allocates folio and returns it to caller.
Then follows changes to the fs-verity core, per-filesystem workqueue,
iomap integration. These are mostly unchanged from previous patchsets.
The iomap read path has a bit of a fs-verity only zeroing logic for the
case when tree block size, fs block size and page size differ. As tree is
contiguous region of memory I just zero the tail of the tree region.
Preallocations. I just disabled preallocations by setting allocation
size to zero for Merkle tree data. This should not be a problem as these
files are read-only and in stable state when we get to Merkle tree
writing. It would be nice to allocate tree size on first write, but I
haven't got to it yet.
The tree is read by iomap into page cache at offset 1 << 53. This seems
to be far enough to handle any supported file size.
Testing. The -g verity is passing for 1k and 4k with/without quota, the
tests include different merkle tree block size.
I plan to look into readahead and whole tree allocation on first write
and xfsprogs requires a bit more work.
Feedback is welcomed :)
xfsprogs:
https://github.com/alberand/xfsprogs/tree/b4/fsverity
xfstests:
https://github.com/alberand/xfstests/tree/b4/fsverity
Cc: fsverity@lists.linux.dev
Cc: linux-fsdevel@vger.kernel.org
Cc: linux-xfs@vger.kernel.org
Cc: david@fromorbit.com
Cc: djwong@kernel.org
Cc: ebiggers@kernel.org
Cc: hch@lst.de
[RFC] Directly mapped xattr data & fs-verity
[1]: https://lore.kernel.org/linux-xfs/20241229133350.1192387-1-aalbersh@kernel.org/
---
Andrey Albershteyn (19):
iomap: add iomap_writepages_unbound() to write beyond EOF
iomap: introduce iomap_read/write_region interface
fs: add FS_XFLAG_VERITY for verity files
fsverity: add per-sb workqueue for post read processing
fsverity: add tracepoints
iomap: integrate fs-verity verification into iomap's read path
xfs: add attribute type for fs-verity
xfs: add fs-verity ro-compat flag
xfs: add inode on-disk VERITY flag
xfs: initialize fs-verity on file open and cleanup on inode destruction
xfs: don't allow to enable DAX on fs-verity sealed inode
xfs: disable direct read path for fs-verity files
xfs: disable preallocations for fsverity Merkle tree writes
xfs: add writeback and iomap reading of Merkel tree pages
xfs: add fs-verity support
xfs: add fs-verity ioctls
xfs: fix scrub trace with null pointer in quotacheck
xfs: add fsverity traces
xfs: enable ro-compat fs-verity flag
Darrick J. Wong (10):
fsverity: report validation errors back to the filesystem
fsverity: pass super_block to fsverity_enqueue_verify_work
ext4: use a per-superblock fsverity workqueue
f2fs: use a per-superblock fsverity workqueue
btrfs: use a per-superblock fsverity workqueue
fsverity: remove system-wide workqueue
fsverity: expose merkle tree geometry to callers
xfs: advertise fs-verity being available on filesystem
xfs: check and repair the verity inode flag state
xfs: report verity failures through the health system
Documentation/filesystems/fsverity.rst | 8 +
MAINTAINERS | 1 +
fs/btrfs/super.c | 14 ++
fs/buffer.c | 7 +-
fs/ext4/readpage.c | 4 +-
fs/ext4/super.c | 11 ++
fs/f2fs/compress.c | 3 +-
fs/f2fs/data.c | 2 +-
fs/f2fs/super.c | 11 ++
fs/ioctl.c | 11 ++
fs/iomap/buffered-io.c | 301 ++++++++++++++++++++++++++++--
fs/iomap/ioend.c | 41 +++-
fs/super.c | 3 +
fs/verity/enable.c | 4 +
fs/verity/fsverity_private.h | 2 +-
fs/verity/init.c | 2 +-
fs/verity/open.c | 37 ++++
fs/verity/verify.c | 52 +++---
fs/xfs/Makefile | 1 +
fs/xfs/libxfs/xfs_da_format.h | 15 +-
fs/xfs/libxfs/xfs_format.h | 13 +-
fs/xfs/libxfs/xfs_fs.h | 2 +
fs/xfs/libxfs/xfs_health.h | 4 +-
fs/xfs/libxfs/xfs_inode_buf.c | 8 +
fs/xfs/libxfs/xfs_inode_util.c | 2 +
fs/xfs/libxfs/xfs_log_format.h | 1 +
fs/xfs/libxfs/xfs_sb.c | 4 +
fs/xfs/scrub/attr.c | 7 +
fs/xfs/scrub/common.c | 74 ++++++++
fs/xfs/scrub/common.h | 3 +
fs/xfs/scrub/inode.c | 7 +
fs/xfs/scrub/inode_repair.c | 36 ++++
fs/xfs/scrub/trace.h | 2 +-
fs/xfs/xfs_aops.c | 21 ++-
fs/xfs/xfs_bmap_util.c | 7 +
fs/xfs/xfs_file.c | 23 ++-
fs/xfs/xfs_fsverity.c | 330 +++++++++++++++++++++++++++++++++
fs/xfs/xfs_fsverity.h | 28 +++
fs/xfs/xfs_health.c | 1 +
fs/xfs/xfs_inode.h | 6 +
fs/xfs/xfs_ioctl.c | 16 ++
fs/xfs/xfs_iomap.c | 22 ++-
fs/xfs/xfs_iops.c | 4 +
fs/xfs/xfs_mount.h | 2 +
fs/xfs/xfs_super.c | 22 +++
fs/xfs/xfs_trace.h | 49 ++++-
include/linux/fs.h | 2 +
include/linux/fsverity.h | 49 ++++-
include/linux/iomap.h | 32 ++++
include/trace/events/fsverity.h | 162 ++++++++++++++++
include/uapi/linux/fs.h | 1 +
51 files changed, 1399 insertions(+), 71 deletions(-)
---
base-commit: 305d79226a6a797b193ca681e9f26f3bf081397b
change-id: 20250212-fsverity-eb66cef7fe9b
Best regards,
--
Andrey Albershteyn <aalbersh@kernel.org>
next reply other threads:[~2025-07-28 20:31 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-28 20:30 Andrey Albershteyn [this message]
2025-07-28 20:30 ` [PATCH RFC 01/29] iomap: add iomap_writepages_unbound() to write beyond EOF Andrey Albershteyn
2025-07-29 22:07 ` Darrick J. Wong
2025-07-31 15:04 ` Andrey Albershteyn
2025-07-31 18:43 ` Joanne Koong
2025-08-04 11:34 ` Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 02/29] iomap: introduce iomap_read/write_region interface Andrey Albershteyn
2025-07-29 22:22 ` Darrick J. Wong
2025-07-31 15:51 ` Andrey Albershteyn
2025-08-11 11:43 ` Christoph Hellwig
2025-07-28 20:30 ` [PATCH RFC 03/29] fs: add FS_XFLAG_VERITY for verity files Andrey Albershteyn
2025-07-29 9:53 ` Amir Goldstein
2025-07-29 10:35 ` Andrey Albershteyn
2025-07-29 12:06 ` Amir Goldstein
2025-08-12 7:51 ` Christoph Hellwig
2025-07-28 20:30 ` [PATCH RFC 04/29] fsverity: add per-sb workqueue for post read processing Andrey Albershteyn
2025-08-11 11:45 ` Christoph Hellwig
2025-08-11 17:51 ` Tejun Heo
2025-08-12 7:43 ` Christoph Hellwig
2025-08-12 19:52 ` Tejun Heo
2025-07-28 20:30 ` [PATCH RFC 05/29] fsverity: add tracepoints Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 06/29] fsverity: report validation errors back to the filesystem Andrey Albershteyn
2025-08-11 11:46 ` Christoph Hellwig
2025-08-11 15:31 ` Darrick J. Wong
2025-08-12 7:34 ` Christoph Hellwig
2025-08-12 7:56 ` Christoph Hellwig
2025-07-28 20:30 ` [PATCH RFC 07/29] fsverity: pass super_block to fsverity_enqueue_verify_work Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 08/29] ext4: use a per-superblock fsverity workqueue Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 09/29] f2fs: " Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 10/29] btrfs: " Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 11/29] fsverity: remove system-wide workqueue Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 12/29] fsverity: expose merkle tree geometry to callers Andrey Albershteyn
2025-08-11 11:48 ` Christoph Hellwig
2025-08-11 15:38 ` Darrick J. Wong
2025-08-11 19:06 ` Andrey Albershteyn
2025-08-12 7:42 ` Christoph Hellwig
2025-08-12 19:09 ` Darrick J. Wong
2025-07-28 20:30 ` [PATCH RFC 13/29] iomap: integrate fs-verity verification into iomap's read path Andrey Albershteyn
2025-07-29 23:21 ` Darrick J. Wong
2025-07-31 11:34 ` Andrey Albershteyn
2025-07-31 14:52 ` Darrick J. Wong
2025-07-31 15:01 ` Andrey Albershteyn
2025-07-31 15:08 ` Darrick J. Wong
2025-07-28 20:30 ` [PATCH RFC 14/29] xfs: add attribute type for fs-verity Andrey Albershteyn
2025-08-11 11:50 ` Christoph Hellwig
2025-08-11 19:00 ` Andrey Albershteyn
2025-08-12 7:44 ` Christoph Hellwig
2025-08-12 17:11 ` Andrey Albershteyn
2025-08-12 19:12 ` Darrick J. Wong
2025-07-28 20:30 ` [PATCH RFC 15/29] xfs: add fs-verity ro-compat flag Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 16/29] xfs: add inode on-disk VERITY flag Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 17/29] xfs: initialize fs-verity on file open and cleanup on inode destruction Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 18/29] xfs: don't allow to enable DAX on fs-verity sealed inode Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 19/29] xfs: disable direct read path for fs-verity files Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 20/29] xfs: disable preallocations for fsverity Merkle tree writes Andrey Albershteyn
2025-07-29 22:27 ` Darrick J. Wong
2025-07-31 11:42 ` Andrey Albershteyn
2025-07-31 14:49 ` Darrick J. Wong
2025-07-28 20:30 ` [PATCH RFC 21/29] xfs: add writeback and iomap reading of Merkel tree pages Andrey Albershteyn
2025-07-29 22:33 ` Darrick J. Wong
2025-07-28 20:30 ` [PATCH RFC 22/29] xfs: add fs-verity support Andrey Albershteyn
2025-07-29 23:05 ` Darrick J. Wong
2025-07-31 14:50 ` Andrey Albershteyn
2025-07-31 15:07 ` Darrick J. Wong
2025-07-28 20:30 ` [PATCH RFC 23/29] xfs: add fs-verity ioctls Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 24/29] xfs: advertise fs-verity being available on filesystem Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 25/29] xfs: check and repair the verity inode flag state Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 26/29] xfs: fix scrub trace with null pointer in quotacheck Andrey Albershteyn
2025-07-29 15:28 ` Darrick J. Wong
2025-07-31 14:54 ` Andrey Albershteyn
2025-07-31 16:03 ` Carlos Maiolino
2025-07-28 20:30 ` [PATCH RFC 27/29] xfs: report verity failures through the health system Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 28/29] xfs: add fsverity traces Andrey Albershteyn
2025-07-29 23:06 ` Darrick J. Wong
2025-07-28 20:30 ` [PATCH RFC 29/29] xfs: enable ro-compat fs-verity flag Andrey Albershteyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250728-fsverity-v1-0-9e5443af0e34@kernel.org \
--to=aalbersh@redhat.com \
--cc=aalbersh@kernel.org \
--cc=david@fromorbit.com \
--cc=djwong@kernel.org \
--cc=ebiggers@kernel.org \
--cc=fsverity@lists.linux.dev \
--cc=hch@lst.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).