From: Darrick J. Wong <djwong@xxxxxxxxxx>
Create a secret command to turn off fsverity if we need to.
Signed-off-by: Darrick J. Wong <djwong@xxxxxxxxxx>
---
io/scrub.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++
man/man8/xfs_io.8 | 3 +++
2 files changed, 50 insertions(+)
diff --git a/io/scrub.c b/io/scrub.c
index dc40afdfb36f..8a4a7e2fc3af 100644
--- a/io/scrub.c
+++ b/io/scrub.c
@@ -19,6 +19,7 @@
static struct cmdinfo scrub_cmd;
static struct cmdinfo repair_cmd;
static const struct cmdinfo scrubv_cmd;
+static const struct cmdinfo noverity_cmd;
static void
scrub_help(void)
@@ -356,6 +357,7 @@ scrub_init(void)
add_command(&scrub_cmd);
add_command(&scrubv_cmd);
+ add_command(&noverity_cmd);
}
static void
@@ -730,3 +732,48 @@ static const struct cmdinfo scrubv_cmd = {
.oneline = N_("vectored metadata scrub"),
.help = scrubv_help,
};
+
+static void
+noverity_help(void)
+{
+ printf(_(
+"\n"
+" Disable fsverity on a file.\n"));
+}
+
+#ifndef FS_IOC_DISABLE_VERITY
+# define FS_IOC_DISABLE_VERITY _IO('f', 136)
+#endif
+
+static int
+noverity_f(
+ int argc,
+ char **argv)
+{
+ int c;
+ int error;
+
+ while ((c = getopt(argc, argv, "")) != EOF) {
+ switch (c) {
+ default:
+ noverity_help();
+ return 0;
+ }
+ }
+
+ error = ioctl(file->fd, FS_IOC_DISABLE_VERITY);
+ if (error)
+ perror("noverity");
+
+ return 0;
+}
+
+static const struct cmdinfo noverity_cmd = {
+ .name = "noverity",
+ .cfunc = noverity_f,
+ .argmin = -1,
+ .argmax = -1,
+ .flags = CMD_NOMAP_OK,
+ .oneline = N_("disable fsverity"),
+ .help = noverity_help,
+};
diff --git a/man/man8/xfs_io.8 b/man/man8/xfs_io.8
index 4991ad471bd7..013750faa113 100644
--- a/man/man8/xfs_io.8
+++ b/man/man8/xfs_io.8
@@ -1093,6 +1093,9 @@ Check parameters without changing anything.
Do not print timing information at all.
.PD
.RE
+.TP
+.B noverity
+Disable fs-verity on this file.
.SH MEMORY MAPPED I/O COMMANDS
.TP
