| Message ID | 20260520123722.405752-4-aalbersh@kernel.org |
|---|---|
| State | Not Applicable |
| Headers | show |
| Series | fs-verity support for XFS with post EOF merkle tree | expand |
On 2026-05-20 14:37:01, Andrey Albershteyn wrote: > fsverity now exposes fsverity_ensure_verity_info() which could be used > instead of opening file to ensure that fsverity info is loaded and > attached to inode. > > Signed-off-by: Andrey Albershteyn <aalbersh@kernel.org> > Acked-by: Amir Goldstein <amir73il@gmail.com> Amir, Eric, this is the last patch missing a review. Could one of you have a look at it. Not sure who should review this.
> the last patch missing a review
oh sorry, the 04 patch is also one without
On Wed, May 20, 2026 at 2:54 PM Andrey Albershteyn <aalbersh@kernel.org> wrote: > > On 2026-05-20 14:37:01, Andrey Albershteyn wrote: > > fsverity now exposes fsverity_ensure_verity_info() which could be used > > instead of opening file to ensure that fsverity info is loaded and > > attached to inode. > > > > Signed-off-by: Andrey Albershteyn <aalbersh@kernel.org> > > Acked-by: Amir Goldstein <amir73il@gmail.com> > > Amir, Eric, this is the last patch missing a review. Could one of > you have a look at it. Not sure who should review this. Feel free to upgrade my ack to: Reviewed-by: Amir Goldstein <amir73il@gmail.com> Thanks, Amir.
On Wed, May 20, 2026 at 02:37:01PM +0200, Andrey Albershteyn wrote: > fsverity now exposes fsverity_ensure_verity_info() which could be used > instead of opening file to ensure that fsverity info is loaded and > attached to inode. > > Signed-off-by: Andrey Albershteyn <aalbersh@kernel.org> > Acked-by: Amir Goldstein <amir73il@gmail.com> > --- > fs/overlayfs/util.c | 14 +++----------- > 1 file changed, 3 insertions(+), 11 deletions(-) Reviewed-by: Eric Biggers <ebiggers@kernel.org> I'm still confused by the new implementation of fsverity_active() that got introduced by "fsverity: use a hashtable to find the fsverity_info", though. I should have caught this during review of that commit. For one its comment is outdated, but also the memory barrier seems to be specific to the fsverity_get_info() caller and probably should be moved to there. Anyway, that's not directly related to this patch. - Eric
diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index b41f4788e4f0..1e783cab4fbf 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -16,6 +16,7 @@ #include <linux/namei.h> #include <linux/ratelimit.h> #include <linux/overflow.h> +#include <linux/fsverity.h> #include "overlayfs.h" /* Get write access to upper mnt - may fail if upper sb was remounted ro */ @@ -1352,18 +1353,9 @@ char *ovl_get_redirect_xattr(struct ovl_fs *ofs, const struct path *path, int pa int ovl_ensure_verity_loaded(const struct path *datapath) { struct inode *inode = d_inode(datapath->dentry); - struct file *filp; - if (IS_VERITY(inode) && fsverity_get_info(inode) == NULL) { - /* - * If this inode was not yet opened, the verity info hasn't been - * loaded yet, so we need to do that here to force it into memory. - */ - filp = kernel_file_open(datapath, O_RDONLY, current_cred()); - if (IS_ERR(filp)) - return PTR_ERR(filp); - fput(filp); - } + if (fsverity_active(inode)) + return fsverity_ensure_verity_info(inode); return 0; }