Hi all, This patchset adds fs-verity support for XFS. This version store merkle tree beyond end of the file, similar as ext4 does it. The first two patches introduce new iomap_read/write interface in iomap. The reasons are: - it is not bound by EOF, - the iomap_read_region() also allocates folio and returns it to caller. Then follows changes to the fs-verity core, per-filesystem workqueue, iomap integration. These are mostly unchanged from previous patchsets. The iomap read path has a bit of a fs-verity only zeroing logic for the case when tree block size, fs block size and page size differ. As tree is contiguous region of memory I just zero the tail of the tree region. Preallocations. I just disabled preallocations by setting allocation size to zero for Merkle tree data. This should not be a problem as these files are read-only and in stable state when we get to Merkle tree writing. It would be nice to allocate tree size on first write, but I haven't got to it yet. The tree is read by iomap into page cache at offset 1 << 53. This seems to be far enough to handle any supported file size. Testing. The -g verity is passing for 1k and 4k with/without quota, the tests include different merkle tree block size. I plan to look into readahead and whole tree allocation on first write and xfsprogs requires a bit more work. Feedback is welcomed :) xfsprogs: https://github.com/alberand/xfsprogs/tree/b4/fsverity xfstests: https://github.com/alberand/xfstests/tree/b4/fsverity Cc: fsverity@xxxxxxxxxxxxxxx Cc: linux-fsdevel@xxxxxxxxxxxxxxx Cc: linux-xfs@xxxxxxxxxxxxxxx Cc: david@xxxxxxxxxxxxx Cc: djwong@xxxxxxxxxx Cc: ebiggers@xxxxxxxxxx Cc: hch@xxxxxx [RFC] Directly mapped xattr data & fs-verity [1]: https://lore.kernel.org/linux-xfs/20241229133350.1192387-1-aalbersh@xxxxxxxxxx/ --- Andrey Albershteyn (19): iomap: add iomap_writepages_unbound() to write beyond EOF iomap: introduce iomap_read/write_region interface fs: add FS_XFLAG_VERITY for verity files fsverity: add per-sb workqueue for post read processing fsverity: add tracepoints iomap: integrate fs-verity verification into iomap's read path xfs: add attribute type for fs-verity xfs: add fs-verity ro-compat flag xfs: add inode on-disk VERITY flag xfs: initialize fs-verity on file open and cleanup on inode destruction xfs: don't allow to enable DAX on fs-verity sealed inode xfs: disable direct read path for fs-verity files xfs: disable preallocations for fsverity Merkle tree writes xfs: add writeback and iomap reading of Merkel tree pages xfs: add fs-verity support xfs: add fs-verity ioctls xfs: fix scrub trace with null pointer in quotacheck xfs: add fsverity traces xfs: enable ro-compat fs-verity flag Darrick J. Wong (10): fsverity: report validation errors back to the filesystem fsverity: pass super_block to fsverity_enqueue_verify_work ext4: use a per-superblock fsverity workqueue f2fs: use a per-superblock fsverity workqueue btrfs: use a per-superblock fsverity workqueue fsverity: remove system-wide workqueue fsverity: expose merkle tree geometry to callers xfs: advertise fs-verity being available on filesystem xfs: check and repair the verity inode flag state xfs: report verity failures through the health system Documentation/filesystems/fsverity.rst | 8 + MAINTAINERS | 1 + fs/btrfs/super.c | 14 ++ fs/buffer.c | 7 +- fs/ext4/readpage.c | 4 +- fs/ext4/super.c | 11 ++ fs/f2fs/compress.c | 3 +- fs/f2fs/data.c | 2 +- fs/f2fs/super.c | 11 ++ fs/ioctl.c | 11 ++ fs/iomap/buffered-io.c | 301 ++++++++++++++++++++++++++++-- fs/iomap/ioend.c | 41 +++- fs/super.c | 3 + fs/verity/enable.c | 4 + fs/verity/fsverity_private.h | 2 +- fs/verity/init.c | 2 +- fs/verity/open.c | 37 ++++ fs/verity/verify.c | 52 +++--- fs/xfs/Makefile | 1 + fs/xfs/libxfs/xfs_da_format.h | 15 +- fs/xfs/libxfs/xfs_format.h | 13 +- fs/xfs/libxfs/xfs_fs.h | 2 + fs/xfs/libxfs/xfs_health.h | 4 +- fs/xfs/libxfs/xfs_inode_buf.c | 8 + fs/xfs/libxfs/xfs_inode_util.c | 2 + fs/xfs/libxfs/xfs_log_format.h | 1 + fs/xfs/libxfs/xfs_sb.c | 4 + fs/xfs/scrub/attr.c | 7 + fs/xfs/scrub/common.c | 74 ++++++++ fs/xfs/scrub/common.h | 3 + fs/xfs/scrub/inode.c | 7 + fs/xfs/scrub/inode_repair.c | 36 ++++ fs/xfs/scrub/trace.h | 2 +- fs/xfs/xfs_aops.c | 21 ++- fs/xfs/xfs_bmap_util.c | 7 + fs/xfs/xfs_file.c | 23 ++- fs/xfs/xfs_fsverity.c | 330 +++++++++++++++++++++++++++++++++ fs/xfs/xfs_fsverity.h | 28 +++ fs/xfs/xfs_health.c | 1 + fs/xfs/xfs_inode.h | 6 + fs/xfs/xfs_ioctl.c | 16 ++ fs/xfs/xfs_iomap.c | 22 ++- fs/xfs/xfs_iops.c | 4 + fs/xfs/xfs_mount.h | 2 + fs/xfs/xfs_super.c | 22 +++ fs/xfs/xfs_trace.h | 49 ++++- include/linux/fs.h | 2 + include/linux/fsverity.h | 49 ++++- include/linux/iomap.h | 32 ++++ include/trace/events/fsverity.h | 162 ++++++++++++++++ include/uapi/linux/fs.h | 1 + 51 files changed, 1399 insertions(+), 71 deletions(-) --- base-commit: 305d79226a6a797b193ca681e9f26f3bf081397b change-id: 20250212-fsverity-eb66cef7fe9b Best regards, -- Andrey Albershteyn <aalbersh@xxxxxxxxxx>
