Re: [PATCH v2 0/5] btrfs: support fsverity

[Boris Burkov <boris@bur.io>]

On Mon, Mar 15, 2021 at 04:09:41PM -0700, Eric Biggers wrote:
> On Fri, Mar 05, 2021 at 11:26:28AM -0800, Boris Burkov wrote:
> > This patchset provides support for fsverity in btrfs.
> > 
> > At a high level, we store the verity descriptor and Merkle tree data
> > in the file system btree with the file's inode as the objectid, and
> > direct reads/writes to those items to implement the generic fsverity
> > interface required by fs/verity/.
> > 
> > The first patch is a preparatory patch which adds a notion of
> > compat_flags to the btrfs_inode and inode_item in order to allow
> > enabling verity on a file without making the file system unmountable for
> > older kernels. (It runs afoul of the leaf corruption check otherwise)
> > 
> > The second patch is the bulk of the fsverity implementation. It
> > implements the fsverity interface and adds verity checks for the typical
> > file reading case.
> > 
> > The third patch cleans up the corner cases in readpage, covering inline
> > extents, preallocated extents, and holes.
> > 
> > The fourth patch handles direct io of a veritied file by falling back to
> > buffered io.
> > 
> > The fifth patch handles crashes mid-verity enable via orphan items
> > 
> 
> Can you include information about how this was tested?

Right now, I'm testing it with the btrfs xfstest I added as well as a
one-off script that corrupts regular extent data. I'm still working on
integrating the btrfs specifics with the generic verity xfstests, and
how to test verity+compression without hacks.

> 
> Also, fsverity-utils works with btrfs as-is, correct?
> 

As far as I know, yes. I've tested using both the rpm packaged by Fedora
and building from source.

> - Eric