On Thu, Jan 22, 2026 at 09:22:01AM +0100, Christoph Hellwig wrote:
> +/**
> + * generic_readahead_merkle_tree() - generic ->readahead_merkle_tree helper
> + * @inode: inode containing the Merkle tree
> + * @index: 0-based index of the first page to read ahead in the inode
> + * @nr_pages: number of data pages to read ahead
> + *
> + * The caller needs to adjust @index from the Merkle-tree relative index
> passed
> + * to ->read_merkle_tree_page to the actual index where the Merkle tree is
> + * stored in the page cache for @inode.
> + */
> +void generic_readahead_merkle_tree(struct inode *inode, pgoff_t index,
> + unsigned long nr_pages)
> {
> struct folio *folio;
>
> folio = __filemap_get_folio(inode->i_mapping, index, FGP_ACCESSED, 0);
> - if (IS_ERR(folio) || !folio_test_uptodate(folio)) {
> + if (PTR_ERR(folio) == -ENOENT || !folio_test_uptodate(folio)) {
This dereferences an ERR_PTR() when __filemap_get_folio() returns an
error other than -ENOENT.
> diff --git a/fs/verity/read_metadata.c b/fs/verity/read_metadata.c
> index cba5d6af4e04..430306abc4c6 100644
> --- a/fs/verity/read_metadata.c
> +++ b/fs/verity/read_metadata.c
> @@ -28,24 +28,24 @@ static int fsverity_read_merkle_tree(struct inode *inode,
> if (offset >= end_offset)
> return 0;
> offs_in_page = offset_in_page(offset);
> + index = offset >> PAGE_SHIFT;
> last_index = (end_offset - 1) >> PAGE_SHIFT;
>
> + __fsverity_readahead(inode, vi, offset, last_index - index + 1);
This passes a position in the Merkle tree to a function that expects a
position in the file data.
I think the correct thing to do here would be the following:
if (inode->i_sb->s_vop->readahead_merkle_tree)
inode->i_sb->s_vop->readahead_merkle_tree(inode, index,
last_index - index +
1);
Then __fsverity_readahead() can be folded into fsverity_readahead().
> +void __fsverity_readahead(struct inode *inode, const struct fsverity_info
> *vi,
> + loff_t data_start_pos, unsigned long nr_pages)
> +{
> + const struct merkle_tree_params *params = &vi->tree_params;
> + u64 start_hidx = data_start_pos >> params->log_blocksize;
> + u64 end_hidx = (data_start_pos + ((nr_pages - 1) << PAGE_SHIFT)) >>
> + params->log_blocksize;
(nr_pages - 1) << PAGE_SHIFT can overflow an 'unsigned long'.
(nr_pages - 1) needs to be cast to u64 before doing the shift.
But also it would make more sense to pass
(pgoff_t start_index, unsigned long nr_pages) instead of
(loff_t data_start_pos, unsigned long nr_pages),
so that the two numbers have the same units.
start_idx and end_hidx could then be computed as follows:
u64 start_hidx = (u64)start_index << params->log_blocks_per_page;
u64 end_hidx = (((u64)start_index + nr_pages) <<
params->log_blocks_per_page) - 1;
Note that fsverity_readahead() derives the position from the index. If
it just used the index directly, that would be more direct.
> + int level;
> +
> + if (!inode->i_sb->s_vop->readahead_merkle_tree)
> + return;
> + if (unlikely(data_start_pos >= inode->i_size))
> + return;
The check against i_size shouldn't be necessary: the caller should just
call this only for data it's actually going to read.
> + for (level = 0; level < params->num_levels; level++) {
> + unsigned long level_start = params->level_start[level];
> + unsigned long next_start_hidx = start_hidx >> params->log_arity;
> + unsigned long next_end_hidx = end_hidx >> params->log_arity;
> + unsigned long start_idx = (level_start + next_start_hidx) >>
> + params->log_blocks_per_page;
> + unsigned long end_idx = (level_start + next_end_hidx) >>
> + params->log_blocks_per_page;
start_idx and end_idx should have type pgoff_t to make it clear that
they're page indices.
> +EXPORT_SYMBOL_GPL(fsverity_readahead);
This should be below the definition of fsverity_readahead, not the
definition of __fsverity_readahead.
> +/**
> + * fsverity_readahead() - kick off readahead on fsverity hashes
> + * @folio: first folio that is being read
folio => file data folio
Otherwise it can be confused with the Merkle tree.
> + * Start readahead on fsverity hashes. To be called from the file systems
> + * ->read_folio and ->readahead methods to ensure that the hashes are
> + * already cached on completion of the file data read if possible.
Similarly, it would be helpful to clarify that the readahead is done on
the hashes *that will be needed to verify the specified file data*.
Otherwise it might sound like the caller is specifying the hashes to
readahead directly.
> + /**
> + * Perform readahad of a Merkle tree for the given inode.
readahad => readahead
- Eric
_______________________________________________
Linux-f2fs-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
