On Tue, Dec 13, 2022 at 06:29:33PM +0100, Andrey Albershteyn wrote:
> Add fs-verity page verification in read IO path. The verification
> itself is offloaded into workqueue (provided by fs-verity).
>
> The work_struct items are allocated from bioset side by side with
> bio being processed.
>
> As inodes with fs-verity doesn't use large folios we check only
> first page of the folio for errors (set by fs-verity if verification
> failed).
>
> Signed-off-by: Andrey Albershteyn <aalbersh@xxxxxxxxxx>
> ---
> fs/iomap/buffered-io.c | 80 +++++++++++++++++++++++++++++++++++++++---
> include/linux/iomap.h | 5 +++
> 2 files changed, 81 insertions(+), 4 deletions(-)
>
> diff --git a/fs/iomap/buffered-io.c b/fs/iomap/buffered-io.c
> index 91ee0b308e13d..b7abc2f806cfc 100644
> --- a/fs/iomap/buffered-io.c
> +++ b/fs/iomap/buffered-io.c
> @@ -17,6 +17,7 @@
> #include <linux/bio.h>
> #include <linux/sched/signal.h>
> #include <linux/migrate.h>
> +#include <linux/fsverity.h>
> #include "trace.h"
>
> #include "../internal.h"
> @@ -42,6 +43,7 @@ static inline struct iomap_page *to_iomap_page(struct folio *folio)
> }
>
> static struct bio_set iomap_ioend_bioset;
> +static struct bio_set iomap_readend_bioset;
>
> static struct iomap_page *
> iomap_page_create(struct inode *inode, struct folio *folio, unsigned int flags)
> @@ -189,9 +191,39 @@ static void iomap_read_end_io(struct bio *bio)
> int error = blk_status_to_errno(bio->bi_status);
> struct folio_iter fi;
>
> - bio_for_each_folio_all(fi, bio)
> + bio_for_each_folio_all(fi, bio) {
> + /*
> + * As fs-verity doesn't work with multi-page folios, verity
> + * inodes have large folios disabled (only single page folios
> + * are used)
> + */
> + if (!error)
> + error = PageError(folio_page(fi.folio, 0));
> +
> iomap_finish_folio_read(fi.folio, fi.offset, fi.length, error);
> + }
fs/verity/ no longer uses PG_error to report errors. See upstream commit
98dc08bae678 ("fsverity: stop using PG_error to track error status").
- Eric
