fsverity: check IS_VERITY() in fsverity_cleanup_inode()

Since getting the address of the fsverity_info has gotten a bit more
expensive, make fsverity_cleanup_inode() check for IS_VERITY() instead.
This avoids adding more overhead to non-verity files.

This assumes that verity info is never set when !IS_VERITY(), which is
currently true, but add a VFS_WARN_ON_ONCE() that asserts that.  (This
of course defeats the optimization, but only when CONFIG_VFS_DEBUG=y.)

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Link: https://lore.kernel.org/20250810075706.172910-14-ebiggers@kernel.org
Signed-off-by: Christian Brauner <brauner@kernel.org>

diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h
index 844f7b8b56bbcee617118396995edfbcf5e70c73..5bc7280425a719a61e32ed32613ae3cb882ae337 100644 (file)
--- a/include/linux/fsverity.h
+++ b/include/linux/fsverity.h
@@ -190,8 +190,15 @@ void __fsverity_cleanup_inode(struct inode *inode);
  */
 static inline void fsverity_cleanup_inode(struct inode *inode)
 {
-       if (*fsverity_info_addr(inode))
+       /*
+        * Only IS_VERITY() inodes can have verity info, so start by checking
+        * for IS_VERITY() (which is faster than retrieving the pointer to the
+        * verity info).  This minimizes overhead for non-verity inodes.
+        */
+       if (IS_VERITY(inode))
                __fsverity_cleanup_inode(inode);
+       else
+               VFS_WARN_ON_ONCE(*fsverity_info_addr(inode) != NULL);
 }
 
 /* read_metadata.c */