ext4: add fs-verity read support Make ext4_mpage_readpages() verify data as it is read from fs-verity files, using the helper functions from fs/verity/. To support both encryption and verity simultaneously, this required refactoring the decryption workflow into a generic "post-read processing" workflow which can do decryption, verification, or both. The case where the ext4 block size is not equal to the PAGE_SIZE is not supported yet, since in that case ext4_mpage_readpages() sometimes falls back to block_read_full_page(), which does not support fs-verity yet. Co-developed-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Eric Biggers <ebiggers@google.com>

commit: 22cfe4b48ccb5a3dbb92d6dcb88f396e0f400f74 [log] [tgz]
author: Eric Biggers <ebiggers@google.com> Mon Jul 22 09:26:24 2019 -0700
committer: Eric Biggers <ebiggers@google.com> Mon Aug 12 19:33:51 2019 -0700
tree: a542a34c4ff891e8b361b18c55602304e6487371
parent: c93d8f88580921c84d2213161ef3c22560511b84 [diff] [blame]
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 6de3d4b..cf0fce1 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c

@@ -3912,6 +3912,8 @@ static ssize_t ext4_direct_IO(struct kiocb *iocb, struct iov_iter *iter)
 	if (IS_ENCRYPTED(inode) && S_ISREG(inode->i_mode))
 		return 0;
 #endif
+	if (fsverity_active(inode))
+		return 0;
 
 	/*
 	 * If we are doing data journalling we don't support O_DIRECT
commit	22cfe4b48ccb5a3dbb92d6dcb88f396e0f400f74	[log] [tgz]
author	Eric Biggers <ebiggers@google.com>	Mon Jul 22 09:26:24 2019 -0700
committer	Eric Biggers <ebiggers@google.com>	Mon Aug 12 19:33:51 2019 -0700
tree	a542a34c4ff891e8b361b18c55602304e6487371
parent	c93d8f88580921c84d2213161ef3c22560511b84 [diff] [blame]