On 2024-03-14 10:06:20, Darrick J. Wong wrote: > On Wed, Mar 13, 2024 at 10:58:03AM -0700, Darrick J. Wong wrote: > > From: Andrey Albershteyn <aalbersh@xxxxxxxxxx> > > > > Add integration with fs-verity. The XFS store fs-verity metadata in > > the extended file attributes. The metadata consist of verity > > descriptor and Merkle tree blocks. > > > > The descriptor is stored under "vdesc" extended attribute. The > > Merkle tree blocks are stored under binary indexes which are offsets > > into the Merkle tree. > > > > When fs-verity is enabled on an inode, the XFS_IVERITY_CONSTRUCTION > > flag is set meaning that the Merkle tree is being build. The > > initialization ends with storing of verity descriptor and setting > > inode on-disk flag (XFS_DIFLAG2_VERITY). > > > > The verification on read is done in read path of iomap. > > > > Signed-off-by: Andrey Albershteyn <aalbersh@xxxxxxxxxx> > > Reviewed-by: Darrick J. Wong <djwong@xxxxxxxxxx> > > [djwong: replace caching implementation with an xarray, other cleanups] > > Signed-off-by: Darrick J. Wong <djwong@xxxxxxxxxx> > > I started writing more of userspace (xfs_db decoding of verity xattrs, > repair/scrub support) so I think I want to make one more change to this. Just to note, I have a version of xfs_db with a few modification to make it work with xfstests and make it aware of fs-verity: https://github.com/alberand/xfsprogs/tree/fsverity-v5 -- - Andrey
