@@ -24,6 +24,7 @@
#include "xfs_rtgroup.h"
#include "xfs_fsverity.h"
#include <linux/bio-integrity.h>
+#include <linux/fsverity.h>
struct xfs_writepage_ctx {
struct iomap_writepage_ctx ctx;
@@ -171,6 +172,23 @@ xfs_end_ioend_write(
memalloc_nofs_restore(nofs_flag);
}
+/*
+ * IO read completion.
+ */
+static void
+xfs_end_ioend_read(
+ struct iomap_ioend *ioend)
+{
+ struct xfs_inode *ip = XFS_I(ioend->io_inode);
+
+ if (!ioend->io_bio.bi_status &&
+ xfs_fsverity_is_file_data(ip, ioend->io_offset))
+ fsverity_verify_bio(ioend->io_vi,
+ &ioend->io_bio);
+ iomap_finish_ioends(ioend,
+ blk_status_to_errno(ioend->io_bio.bi_status));
+}
+
/*
* Finish all pending IO completions that require transactional modifications.
*
@@ -205,8 +223,7 @@ xfs_end_io(
list_del_init(&ioend->io_list);
iomap_ioend_try_merge(ioend, &tmp);
if (bio_op(&ioend->io_bio) == REQ_OP_READ)
- iomap_finish_ioends(ioend,
- blk_status_to_errno(ioend->io_bio.bi_status));
+ xfs_end_ioend_read(ioend);
else
xfs_end_ioend_write(ioend);
cond_resched();
@@ -232,9 +249,14 @@ xfs_end_bio(
}
spin_lock_irqsave(&ip->i_ioend_lock, flags);
- if (list_empty(&ip->i_ioend_list))
- WARN_ON_ONCE(!queue_work(mp->m_unwritten_workqueue,
+ if (list_empty(&ip->i_ioend_list)) {
+ if (IS_ENABLED(CONFIG_FS_VERITY) && ioend->io_vi &&
+ ioend->io_offset < xfs_fsverity_metadata_offset(ip))
+ fsverity_enqueue_verify_work(&ip->i_ioend_work);
+ else
+ WARN_ON_ONCE(!queue_work(mp->m_unwritten_workqueue,
&ip->i_ioend_work));
+ }
list_add_tail(&ioend->io_list, &ip->i_ioend_list);
spin_unlock_irqrestore(&ip->i_ioend_lock, flags);
}
@@ -764,9 +786,13 @@ xfs_bio_submit_read(
struct iomap_read_folio_ctx *ctx)
{
struct bio *bio = ctx->read_ctx;
+ struct iomap_ioend *ioend;
/* defer read completions to the ioend workqueue */
- iomap_init_ioend(iter->inode, bio, ctx->read_ctx_file_offset, 0);
+ ioend = iomap_init_ioend(iter->inode, bio, ctx->read_ctx_file_offset,
+ 0);
+ ioend->io_vi = ctx->vi;
+
bio->bi_end_io = xfs_end_bio;
submit_bio(bio);
}
@@ -779,11 +805,13 @@ static const struct iomap_read_ops xfs_iomap_read_ops = {
static inline const struct iomap_read_ops *
xfs_get_iomap_read_ops(
- const struct address_space *mapping)
+ const struct address_space *mapping,
+ loff_t position)
{
struct xfs_inode *ip = XFS_I(mapping->host);
- if (bdev_has_integrity_csum(xfs_inode_buftarg(ip)->bt_bdev))
+ if (bdev_has_integrity_csum(xfs_inode_buftarg(ip)->bt_bdev) ||
+ xfs_fsverity_is_file_data(ip, position))
return &xfs_iomap_read_ops;
return &iomap_bio_read_ops;
}
@@ -795,7 +823,7 @@ xfs_vm_read_folio(
{
struct iomap_read_folio_ctx ctx = { .cur_folio = folio };
- ctx.ops = xfs_get_iomap_read_ops(folio->mapping);
+ ctx.ops = xfs_get_iomap_read_ops(folio->mapping, folio_pos(folio));
iomap_read_folio(&xfs_read_iomap_ops, &ctx, NULL);
return 0;
}
@@ -806,7 +834,7 @@ xfs_vm_readahead(
{
struct iomap_read_folio_ctx ctx = { .rac = rac };
- ctx.ops = xfs_get_iomap_read_ops(rac->mapping),
+ ctx.ops = xfs_get_iomap_read_ops(rac->mapping, readahead_pos(rac));
iomap_readahead(&xfs_read_iomap_ops, &ctx, NULL);
}
@@ -19,3 +19,12 @@ xfs_fsverity_metadata_offset(
{
return round_up(i_size_read(VFS_IC(ip)), XFS_FSVERITY_START_ALIGN);
}
+
+bool
+xfs_fsverity_is_file_data(
+ const struct xfs_inode *ip,
+ loff_t offset)
+{
+ return fsverity_active(VFS_IC(ip)) &&
+ offset < xfs_fsverity_metadata_offset(ip);
+}
@@ -9,12 +9,18 @@
#ifdef CONFIG_FS_VERITY
loff_t xfs_fsverity_metadata_offset(const struct xfs_inode *ip);
+bool xfs_fsverity_is_file_data(const struct xfs_inode *ip, loff_t offset);
#else
static inline loff_t xfs_fsverity_metadata_offset(const struct xfs_inode *ip)
{
WARN_ON_ONCE(1);
return ULLONG_MAX;
}
+static inline bool xfs_fsverity_is_file_data(const struct xfs_inode *ip,
+ loff_t offset)
+{
+ return false;
+}
#endif /* CONFIG_FS_VERITY */
#endif /* __XFS_FSVERITY_H__ */