On Thu, Mar 14, 2024 at 06:16:02PM +0100, Andrey Albershteyn wrote: > On 2024-03-14 10:06:20, Darrick J. Wong wrote: > > On Wed, Mar 13, 2024 at 10:58:03AM -0700, Darrick J. Wong wrote: > > > From: Andrey Albershteyn <aalbersh@xxxxxxxxxx> > > > > > > Add integration with fs-verity. The XFS store fs-verity metadata in > > > the extended file attributes. The metadata consist of verity > > > descriptor and Merkle tree blocks. > > > > > > The descriptor is stored under "vdesc" extended attribute. The > > > Merkle tree blocks are stored under binary indexes which are offsets > > > into the Merkle tree. > > > > > > When fs-verity is enabled on an inode, the XFS_IVERITY_CONSTRUCTION > > > flag is set meaning that the Merkle tree is being build. The > > > initialization ends with storing of verity descriptor and setting > > > inode on-disk flag (XFS_DIFLAG2_VERITY). > > > > > > The verification on read is done in read path of iomap. > > > > > > Signed-off-by: Andrey Albershteyn <aalbersh@xxxxxxxxxx> > > > Reviewed-by: Darrick J. Wong <djwong@xxxxxxxxxx> > > > [djwong: replace caching implementation with an xarray, other cleanups] > > > Signed-off-by: Darrick J. Wong <djwong@xxxxxxxxxx> > > > > I started writing more of userspace (xfs_db decoding of verity xattrs, > > repair/scrub support) so I think I want to make one more change to this. > > Just to note, I have a version of xfs_db with a few modification to > make it work with xfstests and make it aware of fs-verity: > > https://github.com/alberand/xfsprogs/tree/fsverity-v5 <nod> I implemented online and offline repair today and made a few more tweaks; after I let it run through QA overnight I'll send that out to the list. Note that I moved the to_disk/from_disk helpers back to xfs_da_format.h and added some more hooks to fsverity so that online fsck can do some basic checks for stale merkle tree blocks and the like. Also I modified xfs_verity_write_merkle to skip trailing zeroes to save space, and changed the hash function to use the merkle tree offset so that the merkle blocks get written out in linear(ish) order with fewer hash collisions in the xattr index. That said, I think we're close to finished on this one. :) --D > -- > - Andrey > >
