Use new format of extended attributes with filesystem block aligned
data (without header). The blocks are mapped through page cache via
iomap.
Andrey
Andrey Albershteyn (15):
fs: add FS_XFLAG_VERITY for verity files
fsverity: pass tree_blocksize to end_enable_verity()
fsverity: add tracepoints
fsverity: flush pagecache before enabling verity
iomap: integrate fs-verity verification into iomap's read path
xfs: add attribute type for fs-verity
xfs: add fs-verity ro-compat flag
xfs: add inode on-disk VERITY flag
xfs: initialize fs-verity on file open and cleanup on inode
destruction
xfs: don't allow to enable DAX on fs-verity sealed inode
xfs: disable direct read path for fs-verity files
xfs: add fs-verity support
xfs: add writeback page mapping for fs-verity
xfs: add fs-verity ioctls
xfs: enable ro-compat fs-verity flag
Darrick J. Wong (9):
fsverity: pass the new tree size and block size to
->begin_enable_verity
fsverity: expose merkle tree geometry to callers
fsverity: report validation errors back to the filesystem
xfs: use an empty transaction to protect xfs_attr_get from deadlocks
xfs: don't let xfs_bmap_first_unused overflow a xfs_dablk_t
xfs: use merkle tree offset as attr hash
xfs: advertise fs-verity being available on filesystem
xfs: check and repair the verity inode flag state
xfs: report verity failures through the health system
Documentation/filesystems/fsverity.rst | 8 +
MAINTAINERS | 1 +
fs/btrfs/verity.c | 7 +-
fs/ext4/verity.c | 6 +-
fs/f2fs/verity.c | 6 +-
fs/ioctl.c | 11 +
fs/iomap/buffered-io.c | 30 +-
fs/verity/enable.c | 18 +-
fs/verity/fsverity_private.h | 2 +
fs/verity/init.c | 1 +
fs/verity/open.c | 37 ++
fs/verity/verify.c | 13 +
fs/xfs/Makefile | 2 +
fs/xfs/libxfs/xfs_ag.h | 1 +
fs/xfs/libxfs/xfs_attr.c | 14 +
fs/xfs/libxfs/xfs_attr_remote.c | 3 +
fs/xfs/libxfs/xfs_da_btree.c | 3 +
fs/xfs/libxfs/xfs_da_format.h | 34 +-
fs/xfs/libxfs/xfs_format.h | 17 +-
fs/xfs/libxfs/xfs_fs.h | 2 +
fs/xfs/libxfs/xfs_health.h | 4 +-
fs/xfs/libxfs/xfs_inode_buf.c | 8 +
fs/xfs/libxfs/xfs_inode_util.c | 2 +
fs/xfs/libxfs/xfs_log_format.h | 1 +
fs/xfs/libxfs/xfs_ondisk.h | 4 +
fs/xfs/libxfs/xfs_sb.c | 4 +
fs/xfs/libxfs/xfs_verity.c | 74 ++++
fs/xfs/libxfs/xfs_verity.h | 14 +
fs/xfs/scrub/attr.c | 7 +
fs/xfs/scrub/common.c | 68 ++++
fs/xfs/scrub/common.h | 3 +
fs/xfs/scrub/inode.c | 7 +
fs/xfs/scrub/inode_repair.c | 36 ++
fs/xfs/xfs_aops.c | 141 +++++++-
fs/xfs/xfs_file.c | 23 +-
fs/xfs/xfs_fsops.c | 1 +
fs/xfs/xfs_fsverity.c | 482 +++++++++++++++++++++++++
fs/xfs/xfs_fsverity.h | 54 +++
fs/xfs/xfs_health.c | 1 +
fs/xfs/xfs_inode.h | 2 +
fs/xfs/xfs_ioctl.c | 16 +
fs/xfs/xfs_iomap.h | 2 +
fs/xfs/xfs_iops.c | 4 +
fs/xfs/xfs_mount.c | 1 +
fs/xfs/xfs_mount.h | 2 +
fs/xfs/xfs_super.c | 11 +
fs/xfs/xfs_trace.c | 1 +
fs/xfs/xfs_trace.h | 42 ++-
include/linux/fsverity.h | 34 +-
include/linux/iomap.h | 5 +
include/trace/events/fsverity.h | 162 +++++++++
include/uapi/linux/fs.h | 1 +
52 files changed, 1400 insertions(+), 33 deletions(-)
create mode 100644 fs/xfs/libxfs/xfs_verity.c
create mode 100644 fs/xfs/libxfs/xfs_verity.h
create mode 100644 fs/xfs/xfs_fsverity.c
create mode 100644 fs/xfs/xfs_fsverity.h
create mode 100644 include/trace/events/fsverity.h
--
2.47.0
