| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260124211956.GF2762@quark>
Date: Sat, 24 Jan 2026 13:19:56 -0800
From: Eric Biggers <ebiggers@...nel.org>
To: Christoph Hellwig <hch@....de>
Cc: Al Viro <viro@...iv.linux.org.uk>,
Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>,
David Sterba <dsterba@...e.com>, Theodore Ts'o <tytso@....edu>,
Jaegeuk Kim <jaegeuk@...nel.org>, Chao Yu <chao@...nel.org>,
Andrey Albershteyn <aalbersh@...hat.com>,
"Matthew Wilcox (Oracle)" <willy@...radead.org>,
linux-fsdevel@...r.kernel.org, linux-btrfs@...r.kernel.org,
linux-ext4@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net,
fsverity@...ts.linux.dev
Subject: Re: [PATCH 06/11] fsverity: push out fsverity_info lookup
On Thu, Jan 22, 2026 at 09:22:02AM +0100, Christoph Hellwig wrote:
> Pass a struct fsverity_info to the verification and readahead helpers,
> and push the lookup into the callers. Right now this is a very
> dumb almost mechanic move that open codes a lot of fsverity_info_addr()
> calls int the file systems. The subsequent patches will clean this up.
>
> This prepares for reducing the number of fsverity_info lookups, which
> will allow to amortize them better when using a more expensive lookup
> method.
>
> Signed-off-by: Christoph Hellwig <hch@....de>
> ---
> fs/btrfs/extent_io.c | 4 +++-
> fs/buffer.c | 4 +++-
> fs/ext4/readpage.c | 11 ++++++++---
> fs/f2fs/compress.c | 4 +++-
> fs/f2fs/data.c | 15 +++++++++++----
> fs/verity/verify.c | 26 ++++++++++++++------------
> include/linux/fsverity.h | 24 +++++++++++++++---------
> 7 files changed, 57 insertions(+), 31 deletions(-)
This patch introduces another bisection hazard by adding calls to
fsverity_info_addr() when CONFIG_FS_VERITY=n. fsverity_info_addr() has
a definition only when CONFIG_FS_VERITY=y.
Maybe temporarily add a CONFIG_FS_VERITY=n stub for fsverity_info_addr()
that returns NULL, and also ensure that it's dereferenced only when it's
known that fsverity verification is needed. Most of the call sites look
okay, but the second one in ext4_mpage_readpages() needs to be fixed.
> @@ -430,6 +431,7 @@ EXPORT_SYMBOL_GPL(fsverity_verify_blocks);
> #ifdef CONFIG_BLOCK
> /**
> * fsverity_verify_bio() - verify a 'read' bio that has just completed
> + * @vi: fsverity_info for the inode to be read
> * @bio: the bio to verify
> *
> * Verify the bio's data against the file's Merkle tree. All bio data segments
> @@ -442,13 +444,13 @@ EXPORT_SYMBOL_GPL(fsverity_verify_blocks);
> * filesystems) must instead call fsverity_verify_page() directly on each page.
> * All filesystems must also call fsverity_verify_page() on holes.
> */
> -void fsverity_verify_bio(struct bio *bio)
> +void fsverity_verify_bio(struct fsverity_info *vi, struct bio *bio)
> {
> struct inode *inode = bio_first_folio_all(bio)->mapping->host;
> struct fsverity_verification_context ctx;
> struct folio_iter fi;
>
> - fsverity_init_verification_context(&ctx, inode);
> + fsverity_init_verification_context(&ctx, inode, vi);
Note that fsverity_info has a back-pointer to the inode. So,
fsverity_init_verification_context() could just take the vi and set
ctx->inode to vi->inode.
Then it wouldn't be necessary to get the inode from
bio_first_folio_all(bio)->mapping->host (in fsverity_verify_bio()) or
folio->mapping->host (in fsverity_verify_blocks()).
Similarly in fsverity_readahead() too.
(It might make sense to handle this part as a separate patch.)
- Eric
Powered by blists - more mailing lists