Patch "fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY" has been added to the 5.4-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY

to the 5.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     fsverity-don-t-drop-pagecache-at-end-of-fs_ioc_enabl.patch
and it can be found in the queue-5.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 2d9d9c22afe9e7253d6126536a1ecc296f4dde31
Author: Eric Biggers <ebiggers@xxxxxxxxxx>
Date:   Tue Mar 14 16:31:32 2023 -0700

    fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY
    
    [ Upstream commit a075bacde257f755bea0e53400c9f1cdd1b8e8e6 ]
    
    The full pagecache drop at the end of FS_IOC_ENABLE_VERITY is causing
    performance problems and is hindering adoption of fsverity.  It was
    intended to solve a race condition where unverified pages might be left
    in the pagecache.  But actually it doesn't solve it fully.
    
    Since the incomplete solution for this race condition has too much
    performance impact for it to be worth it, let's remove it for now.
    
    Fixes: 3fda4c617e84 ("fs-verity: implement FS_IOC_ENABLE_VERITY ioctl")
    Cc: stable@xxxxxxxxxxxxxxx
    Reviewed-by: Victor Hsieh <victorhsieh@xxxxxxxxxx>
    Link: https://lore.kernel.org/r/20230314235332.50270-1-ebiggers@xxxxxxxxxx
    Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/verity/enable.c b/fs/verity/enable.c
index 1370bfd17e870..39459b1eff752 100644
--- a/fs/verity/enable.c
+++ b/fs/verity/enable.c
@@ -350,25 +350,27 @@ int fsverity_ioctl_enable(struct file *filp, const void __user *uarg)
 		goto out_drop_write;
 
 	err = enable_verity(filp, &arg);
-	if (err)
-		goto out_allow_write_access;
 
 	/*
-	 * Some pages of the file may have been evicted from pagecache after
-	 * being used in the Merkle tree construction, then read into pagecache
-	 * again by another process reading from the file concurrently.  Since
-	 * these pages didn't undergo verification against the file measurement
-	 * which fs-verity now claims to be enforcing, we have to wipe the
-	 * pagecache to ensure that all future reads are verified.
+	 * We no longer drop the inode's pagecache after enabling verity.  This
+	 * used to be done to try to avoid a race condition where pages could be
+	 * evicted after being used in the Merkle tree construction, then
+	 * re-instantiated by a concurrent read.  Such pages are unverified, and
+	 * the backing storage could have filled them with different content, so
+	 * they shouldn't be used to fulfill reads once verity is enabled.
+	 *
+	 * But, dropping the pagecache has a big performance impact, and it
+	 * doesn't fully solve the race condition anyway.  So for those reasons,
+	 * and also because this race condition isn't very important relatively
+	 * speaking (especially for small-ish files, where the chance of a page
+	 * being used, evicted, *and* re-instantiated all while enabling verity
+	 * is quite small), we no longer drop the inode's pagecache.
 	 */
-	filemap_write_and_wait(inode->i_mapping);
-	invalidate_inode_pages2(inode->i_mapping);
 
 	/*
 	 * allow_write_access() is needed to pair with deny_write_access().
 	 * Regardless, the filesystem won't allow writing to verity files.
 	 */
-out_allow_write_access:
 	allow_write_access(filp);
 out_drop_write:
 	mnt_drop_write_file(filp);



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux