On Mon, Dec 09, 2019 at 02:28:28PM -0800, Jaegeuk Kim wrote: > On 12/09, Eric Biggers wrote: > > From: Eric Biggers <ebiggers@xxxxxxxxxx> > > > > META_MAPPING is used to move blocks for both encrypted and verity files. > > So the META_MAPPING invalidation condition in do_checkpoint() should > > consider verity too, not just encrypt. > > > > Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> > > --- > > fs/f2fs/checkpoint.c | 6 +++--- > > 1 file changed, 3 insertions(+), 3 deletions(-) > > > > diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c > > index ffdaba0c55d29..44e84ac5c9411 100644 > > --- a/fs/f2fs/checkpoint.c > > +++ b/fs/f2fs/checkpoint.c > > @@ -1509,10 +1509,10 @@ static int do_checkpoint(struct f2fs_sb_info *sbi, struct cp_control *cpc) > > f2fs_wait_on_all_pages_writeback(sbi); > > > > /* > > - * invalidate intermediate page cache borrowed from meta inode > > - * which are used for migration of encrypted inode's blocks. > > + * invalidate intermediate page cache borrowed from meta inode which are > > + * used for migration of encrypted or verity inode's blocks. > > */ > > - if (f2fs_sb_has_encrypt(sbi)) > > + if (f2fs_sb_has_encrypt(sbi) || f2fs_sb_has_verity(sbi)) > > Do we need f2fs_post_read_required() aligned to the condition of > move_data_block()? > I think you're asking why verity files have to be moved via META_MAPPING? The reason is that we have to be super careful not to read pages of a verity file into its own address_space without doing the fs-verity data verification, as then unverified data would be available to userspace. In theory, F2FS's garbage collector could do the data verification. But it's tricky because ->i_verity_info may not have been set up yet. So it might be easiest to continue to treat verity files like encrypted files. - Eric
|