git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Gao Xiang <hsiangkao@linux.alibaba.com>
	Mon, 30 Mar 2026 02:29:29 +0000 (10:29 +0800)
committer	Gao Xiang <hsiangkao@linux.alibaba.com>
	Thu, 2 Apr 2026 08:08:43 +0000 (16:08 +0800)
commit	307210c262a29f41d7177851295ea1703bd04175
tree	4b2bc86859c8a1bce73b9d84f4c08daa0d1a71de	tree \| snapshot
parent	6a01f5478d208544c8ba5ddbd674ea660f1b7047	commit \| diff

erofs: verify metadata accesses for file-backed mounts

For file-backed mounts, metadata is fetched via the page cache of
backing inodes to avoid double caching and redundant copy ops out
of RO uptodate folios, which is used by Android APEXes, ComposeFS,
containerd. However, rw_verify_area() was missing prior to
metadata accesses.

Similar to vfs_iocb_iter_read(), fix this by:
- Enabling fanotify pre-content hooks on metadata accesses;
- security_file_permission() for security modules.

Verified that fanotify pre-content hooks now works correctly.

Fixes: fb176750266a ("erofs: add file-backed mount support")
Acked-by: Amir Goldstein <amir73il@gmail.com>
Reviewed-by: Chunhai Guo <guochunhai@vivo.com>
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>