diff mbox series

[07/24] fsverity: flush pagecache before enabling verity

Message ID 20241229133927.1194609-8-aalbersh@kernel.org (mailing list archive)
State New
Headers show
Series fsverity integration for XFS based on direct mapped xattrs | expand

Commit Message

Andrey Albershteyn Dec. 29, 2024, 1:39 p.m. UTC 
From: Andrey Albershteyn <aalbersh@redhat.com>

XFS uses iomap interface to write Merkle tree. The writeback
distinguish between data and Merkle tree pages via
XFS_VERITY_CONSTRUCTION flag set on inode. Data pages could get in a
way in writeback path when the file is read-only and Merkle tree
construction already started.

Flush the page cache before enabling fsverity.

Signed-off-by: Andrey Albershteyn <aalbersh@redhat.com>
---
 fs/verity/enable.c | 5 +++++
 fs/verity/verify.c | 1 +
 2 files changed, 6 insertions(+)
diff mbox series

Patch

diff --git a/fs/verity/enable.c b/fs/verity/enable.c
index 1d4a6de96014..af4fcbb6363d 100644
--- a/fs/verity/enable.c
+++ b/fs/verity/enable.c
@@ -11,6 +11,7 @@ 
 #include <linux/mount.h>
 #include <linux/sched/signal.h>
 #include <linux/uaccess.h>
+#include <linux/pagemap.h>
 
 struct block_buffer {
 	u32 filled;
@@ -374,6 +375,10 @@  int fsverity_ioctl_enable(struct file *filp, const void __user *uarg)
 	if (!S_ISREG(inode->i_mode))
 		return -EINVAL;
 
+	err = filemap_write_and_wait(inode->i_mapping);
+	if (err)
+		return err;
+
 	err = mnt_want_write_file(filp);
 	if (err) /* -EROFS */
 		return err;
diff --git a/fs/verity/verify.c b/fs/verity/verify.c
index 587f3a4eb34e..940f59bf3f53 100644
--- a/fs/verity/verify.c
+++ b/fs/verity/verify.c
@@ -9,6 +9,7 @@ 
 
 #include <crypto/hash.h>
 #include <linux/bio.h>
+#include <linux/pagemap.h>
 
 static struct workqueue_struct *fsverity_read_workqueue;