Message ID | 20240304191046.157464-20-aalbersh@redhat.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | fs-verity support for XFS | expand |
On Mon, Mar 04, 2024 at 08:10:41PM +0100, Andrey Albershteyn wrote: > fs-verity will read and attach metadata (not the tree itself) from > a disk for those inodes which already have fs-verity enabled. > > Signed-off-by: Andrey Albershteyn <aalbersh@redhat.com> > --- > fs/xfs/xfs_file.c | 8 ++++++++ > fs/xfs/xfs_super.c | 2 ++ > 2 files changed, 10 insertions(+) > > diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c > index 632653e00906..17404c2e7e31 100644 > --- a/fs/xfs/xfs_file.c > +++ b/fs/xfs/xfs_file.c > @@ -31,6 +31,7 @@ > #include <linux/mman.h> > #include <linux/fadvise.h> > #include <linux/mount.h> > +#include <linux/fsverity.h> > > static const struct vm_operations_struct xfs_file_vm_ops; > > @@ -1228,10 +1229,17 @@ xfs_file_open( > struct inode *inode, > struct file *file) > { > + int error = 0; Not sure why error needs an initializer here? Otherwise this patch looks good to me. --D > + > if (xfs_is_shutdown(XFS_M(inode->i_sb))) > return -EIO; > file->f_mode |= FMODE_NOWAIT | FMODE_BUF_RASYNC | FMODE_BUF_WASYNC | > FMODE_DIO_PARALLEL_WRITE | FMODE_CAN_ODIRECT; > + > + error = fsverity_file_open(inode, file); > + if (error) > + return error; > + > return generic_file_open(inode, file); > } > > diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c > index afa32bd5e282..9f9c35cff9bf 100644 > --- a/fs/xfs/xfs_super.c > +++ b/fs/xfs/xfs_super.c > @@ -49,6 +49,7 @@ > #include <linux/magic.h> > #include <linux/fs_context.h> > #include <linux/fs_parser.h> > +#include <linux/fsverity.h> > > static const struct super_operations xfs_super_operations; > > @@ -663,6 +664,7 @@ xfs_fs_destroy_inode( > ASSERT(!rwsem_is_locked(&inode->i_rwsem)); > XFS_STATS_INC(ip->i_mount, vn_rele); > XFS_STATS_INC(ip->i_mount, vn_remove); > + fsverity_cleanup_inode(inode); > xfs_inode_mark_reclaimable(ip); > } > > -- > 2.42.0 > >
diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c index 632653e00906..17404c2e7e31 100644 --- a/fs/xfs/xfs_file.c +++ b/fs/xfs/xfs_file.c @@ -31,6 +31,7 @@ #include <linux/mman.h> #include <linux/fadvise.h> #include <linux/mount.h> +#include <linux/fsverity.h> static const struct vm_operations_struct xfs_file_vm_ops; @@ -1228,10 +1229,17 @@ xfs_file_open( struct inode *inode, struct file *file) { + int error = 0; + if (xfs_is_shutdown(XFS_M(inode->i_sb))) return -EIO; file->f_mode |= FMODE_NOWAIT | FMODE_BUF_RASYNC | FMODE_BUF_WASYNC | FMODE_DIO_PARALLEL_WRITE | FMODE_CAN_ODIRECT; + + error = fsverity_file_open(inode, file); + if (error) + return error; + return generic_file_open(inode, file); } diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c index afa32bd5e282..9f9c35cff9bf 100644 --- a/fs/xfs/xfs_super.c +++ b/fs/xfs/xfs_super.c @@ -49,6 +49,7 @@ #include <linux/magic.h> #include <linux/fs_context.h> #include <linux/fs_parser.h> +#include <linux/fsverity.h> static const struct super_operations xfs_super_operations; @@ -663,6 +664,7 @@ xfs_fs_destroy_inode( ASSERT(!rwsem_is_locked(&inode->i_rwsem)); XFS_STATS_INC(ip->i_mount, vn_rele); XFS_STATS_INC(ip->i_mount, vn_remove); + fsverity_cleanup_inode(inode); xfs_inode_mark_reclaimable(ip); }
fs-verity will read and attach metadata (not the tree itself) from a disk for those inodes which already have fs-verity enabled. Signed-off-by: Andrey Albershteyn <aalbersh@redhat.com> --- fs/xfs/xfs_file.c | 8 ++++++++ fs/xfs/xfs_super.c | 2 ++ 2 files changed, 10 insertions(+)