From: "Darrick J. Wong" <djwong@kernel.org>
To: Andrey Albershteyn <aalbersh@redhat.com>
Cc: fsverity@lists.linux.dev, linux-fsdevel@vger.kernel.org,
linux-xfs@vger.kernel.org, david@fromorbit.com,
ebiggers@kernel.org, hch@lst.de,
Andrey Albershteyn <aalbersh@kernel.org>
Subject: Re: [PATCH RFC 20/29] xfs: disable preallocations for fsverity Merkle tree writes
Date: Thu, 31 Jul 2025 07:49:47 -0700 [thread overview]
Message-ID: <20250731144947.GZ2672029@frogsfrogsfrogs> (raw)
In-Reply-To: <hnpu2acy45q3v3k4sj3p3yazfqfpihh3rnvrdyh6ljgmkod6cz@poli3ifoi6my>
On Thu, Jul 31, 2025 at 01:42:54PM +0200, Andrey Albershteyn wrote:
> On 2025-07-29 15:27:36, Darrick J. Wong wrote:
> > On Mon, Jul 28, 2025 at 10:30:24PM +0200, Andrey Albershteyn wrote:
> > > While writing Merkle tree, file is read-only and there's no further
> > > writes except Merkle tree building. The file is truncated beforehand to
> > > remove any preallocated extents.
> > >
> > > The Merkle tree is the only data XFS will write. As we don't want XFS to
> > > truncate file after we done writing, let's also skip truncation on
> > > fsverity files. Therefore, we also need to disable preallocations while
> > > writing merkle tree as we don't want any unused extents past the tree.
> > >
> > > Signed-off-by: Andrey Albershteyn <aalbersh@kernel.org>
> > > ---
> > > fs/xfs/xfs_iomap.c | 13 ++++++++++++-
> > > 1 file changed, 12 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/fs/xfs/xfs_iomap.c b/fs/xfs/xfs_iomap.c
> > > index ff05e6b1b0bb..00ec1a738b39 100644
> > > --- a/fs/xfs/xfs_iomap.c
> > > +++ b/fs/xfs/xfs_iomap.c
> > > @@ -32,6 +32,8 @@
> > > #include "xfs_rtbitmap.h"
> > > #include "xfs_icache.h"
> > > #include "xfs_zone_alloc.h"
> > > +#include "xfs_fsverity.h"
> > > +#include <linux/fsverity.h>
> >
> > What do these includes pull in for the iflags tests below?
>
> Probably need to be removed, thanks for noting
>
> >
> > > #define XFS_ALLOC_ALIGN(mp, off) \
> > > (((off) >> mp->m_allocsize_log) << mp->m_allocsize_log)
> > > @@ -1849,7 +1851,9 @@ xfs_buffered_write_iomap_begin(
> > > * Determine the initial size of the preallocation.
> > > * We clean up any extra preallocation when the file is closed.
> > > */
> > > - if (xfs_has_allocsize(mp))
> > > + if (xfs_iflags_test(ip, XFS_VERITY_CONSTRUCTION))
> > > + prealloc_blocks = 0;
> > > + else if (xfs_has_allocsize(mp))
> > > prealloc_blocks = mp->m_allocsize_blocks;
> > > else if (allocfork == XFS_DATA_FORK)
> > > prealloc_blocks = xfs_iomap_prealloc_size(ip, allocfork,
> > > @@ -1976,6 +1980,13 @@ xfs_buffered_write_iomap_end(
> > > if (flags & IOMAP_FAULT)
> > > return 0;
> > >
> > > + /*
> > > + * While writing Merkle tree to disk we would not have any other
> > > + * delayed allocations
> > > + */
> > > + if (xfs_iflags_test(XFS_I(inode), XFS_VERITY_CONSTRUCTION))
> > > + return 0;
> >
> > I assume XFS_VERITY_CONSTRUCTION doesn't get set until after we've
> > locked the inode, flushed the dirty pagecache, and truncated the file to
> > EOF? In which case I guess this is ok -- we're never going to have new
> > delalloc reservations,
>
> yes, this is my thinking here
>
> > and verity data can't be straddling the EOF
> > folio, no matter how large it is. Right?
>
> Not sure, what you mean here. In page cache merkle tree is stored
> at (1 << 53) offset, and there's check for file overlapping this in
> patch 22 xfs_fsverity_begin_enable().
Yeah, I hadn't gotten to that patch yet. That part looks fine to me,
though I sorta wondered why not put it at offset 1<<62 to allow for even
bigger files. But the impression I've gotten from Eric is that they
don't really want to handle files that huge with merkle trees that big
so the loss of file range address space probably doesn't matter.
--D
> --
> - Andrey
>
>
next prev parent reply other threads:[~2025-07-31 14:49 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-28 20:30 [PATCH RFC 00/29] fs-verity support for XFS with post EOF merkle tree Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 01/29] iomap: add iomap_writepages_unbound() to write beyond EOF Andrey Albershteyn
2025-07-29 22:07 ` Darrick J. Wong
2025-07-31 15:04 ` Andrey Albershteyn
2025-07-31 18:43 ` Joanne Koong
2025-08-04 11:34 ` Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 02/29] iomap: introduce iomap_read/write_region interface Andrey Albershteyn
2025-07-29 22:22 ` Darrick J. Wong
2025-07-31 15:51 ` Andrey Albershteyn
2025-08-11 11:43 ` Christoph Hellwig
2025-07-28 20:30 ` [PATCH RFC 03/29] fs: add FS_XFLAG_VERITY for verity files Andrey Albershteyn
2025-07-29 9:53 ` Amir Goldstein
2025-07-29 10:35 ` Andrey Albershteyn
2025-07-29 12:06 ` Amir Goldstein
2025-08-12 7:51 ` Christoph Hellwig
2025-07-28 20:30 ` [PATCH RFC 04/29] fsverity: add per-sb workqueue for post read processing Andrey Albershteyn
2025-08-11 11:45 ` Christoph Hellwig
2025-08-11 17:51 ` Tejun Heo
2025-08-12 7:43 ` Christoph Hellwig
2025-08-12 19:52 ` Tejun Heo
2025-07-28 20:30 ` [PATCH RFC 05/29] fsverity: add tracepoints Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 06/29] fsverity: report validation errors back to the filesystem Andrey Albershteyn
2025-08-11 11:46 ` Christoph Hellwig
2025-08-11 15:31 ` Darrick J. Wong
2025-08-12 7:34 ` Christoph Hellwig
2025-08-12 7:56 ` Christoph Hellwig
2025-07-28 20:30 ` [PATCH RFC 07/29] fsverity: pass super_block to fsverity_enqueue_verify_work Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 08/29] ext4: use a per-superblock fsverity workqueue Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 09/29] f2fs: " Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 10/29] btrfs: " Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 11/29] fsverity: remove system-wide workqueue Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 12/29] fsverity: expose merkle tree geometry to callers Andrey Albershteyn
2025-08-11 11:48 ` Christoph Hellwig
2025-08-11 15:38 ` Darrick J. Wong
2025-08-11 19:06 ` Andrey Albershteyn
2025-08-12 7:42 ` Christoph Hellwig
2025-08-12 19:09 ` Darrick J. Wong
2025-07-28 20:30 ` [PATCH RFC 13/29] iomap: integrate fs-verity verification into iomap's read path Andrey Albershteyn
2025-07-29 23:21 ` Darrick J. Wong
2025-07-31 11:34 ` Andrey Albershteyn
2025-07-31 14:52 ` Darrick J. Wong
2025-07-31 15:01 ` Andrey Albershteyn
2025-07-31 15:08 ` Darrick J. Wong
2025-07-28 20:30 ` [PATCH RFC 14/29] xfs: add attribute type for fs-verity Andrey Albershteyn
2025-08-11 11:50 ` Christoph Hellwig
2025-08-11 19:00 ` Andrey Albershteyn
2025-08-12 7:44 ` Christoph Hellwig
2025-08-12 17:11 ` Andrey Albershteyn
2025-08-12 19:12 ` Darrick J. Wong
2025-07-28 20:30 ` [PATCH RFC 15/29] xfs: add fs-verity ro-compat flag Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 16/29] xfs: add inode on-disk VERITY flag Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 17/29] xfs: initialize fs-verity on file open and cleanup on inode destruction Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 18/29] xfs: don't allow to enable DAX on fs-verity sealed inode Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 19/29] xfs: disable direct read path for fs-verity files Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 20/29] xfs: disable preallocations for fsverity Merkle tree writes Andrey Albershteyn
2025-07-29 22:27 ` Darrick J. Wong
2025-07-31 11:42 ` Andrey Albershteyn
2025-07-31 14:49 ` Darrick J. Wong [this message]
2025-07-28 20:30 ` [PATCH RFC 21/29] xfs: add writeback and iomap reading of Merkel tree pages Andrey Albershteyn
2025-07-29 22:33 ` Darrick J. Wong
2025-07-28 20:30 ` [PATCH RFC 22/29] xfs: add fs-verity support Andrey Albershteyn
2025-07-29 23:05 ` Darrick J. Wong
2025-07-31 14:50 ` Andrey Albershteyn
2025-07-31 15:07 ` Darrick J. Wong
2025-07-28 20:30 ` [PATCH RFC 23/29] xfs: add fs-verity ioctls Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 24/29] xfs: advertise fs-verity being available on filesystem Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 25/29] xfs: check and repair the verity inode flag state Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 26/29] xfs: fix scrub trace with null pointer in quotacheck Andrey Albershteyn
2025-07-29 15:28 ` Darrick J. Wong
2025-07-31 14:54 ` Andrey Albershteyn
2025-07-31 16:03 ` Carlos Maiolino
2025-07-28 20:30 ` [PATCH RFC 27/29] xfs: report verity failures through the health system Andrey Albershteyn
2025-07-28 20:30 ` [PATCH RFC 28/29] xfs: add fsverity traces Andrey Albershteyn
2025-07-29 23:06 ` Darrick J. Wong
2025-07-28 20:30 ` [PATCH RFC 29/29] xfs: enable ro-compat fs-verity flag Andrey Albershteyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250731144947.GZ2672029@frogsfrogsfrogs \
--to=djwong@kernel.org \
--cc=aalbersh@kernel.org \
--cc=aalbersh@redhat.com \
--cc=david@fromorbit.com \
--cc=ebiggers@kernel.org \
--cc=fsverity@lists.linux.dev \
--cc=hch@lst.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).