Hi all, I've split Andrey's fsverity patchset into two parts -- refactoring fsverity to support per-block (instead of per-page) access to merkle tree blocks, moving all filesystems to a per-superblock workqueue, and enhancing iomap to support validating readahead with fsverity data. This will hopefully address everything that Eric Biggers noted in his review of the v5 patchset. To eliminate the requirement of using a verified bitmap, I added to the fsverity_blockbuf object the ability to pass around verified bits so that the underlying implementation can remember if the fsverity common code actually validated a block. To support cleaning up stale/dead merkle trees and online repair, I've added a couple of patches to export enough of the merkle tree geometry to XFS so that it can erase remnants of previous attempts to enable verity. I've also augmented it to share with XFS the hash of a completely zeroed data block so that we can elide writing merkle leaves for sparse regions of a file. This might be useful for enabling fsverity on gold master disk images. If you're going to start using this code, I strongly recommend pulling from my git trees, which are linked below. This has been running on the djcloud for months with no problems. Enjoy! Comments and questions are, as always, welcome. --D kernel git tree: https://git.kernel.org/cgit/linux/kernel/git/djwong/xfs-linux.git/log/?h=fsverity-by-block --- Commits in this patchset: * fs: add FS_XFLAG_VERITY for verity files * fsverity: pass tree_blocksize to end_enable_verity() * fsverity: convert verification to use byte instead of page offsets * fsverity: support block-based Merkle tree caching * fsverity: pass the merkle tree block level to fsverity_read_merkle_tree_block * fsverity: add per-sb workqueue for post read processing * fsverity: add tracepoints * fsverity: pass the new tree size and block size to ->begin_enable_verity * fsverity: expose merkle tree geometry to callers * fsverity: box up the write_merkle_tree_block parameters too * fsverity: pass the zero-hash value to the implementation * fsverity: report validation errors back to the filesystem * fsverity: pass super_block to fsverity_enqueue_verify_work * ext4: use a per-superblock fsverity workqueue * f2fs: use a per-superblock fsverity workqueue * btrfs: use a per-superblock fsverity workqueue * fsverity: remove system-wide workqueue * iomap: integrate fs-verity verification into iomap's read path --- Documentation/filesystems/fsverity.rst | 8 + MAINTAINERS | 1 fs/btrfs/super.c | 14 ++ fs/btrfs/verity.c | 13 +- fs/buffer.c | 7 + fs/ext4/readpage.c | 4 - fs/ext4/super.c | 11 ++ fs/ext4/verity.c | 13 +- fs/f2fs/compress.c | 3 fs/f2fs/data.c | 2 fs/f2fs/super.c | 11 ++ fs/f2fs/verity.c | 13 +- fs/ioctl.c | 11 ++ fs/iomap/buffered-io.c | 133 +++++++++++++++++- fs/super.c | 3 fs/verity/enable.c | 20 ++- fs/verity/fsverity_private.h | 13 ++ fs/verity/init.c | 2 fs/verity/open.c | 61 ++++++++ fs/verity/read_metadata.c | 66 ++++----- fs/verity/verify.c | 232 +++++++++++++++++++++++--------- include/linux/fs.h | 2 include/linux/fsverity.h | 166 ++++++++++++++++++++++- include/linux/iomap.h | 5 + include/trace/events/fsverity.h | 162 ++++++++++++++++++++++ include/uapi/linux/fs.h | 1 26 files changed, 835 insertions(+), 142 deletions(-) create mode 100644 include/trace/events/fsverity.h
