ovl: fix verity lazy-load guard broken by fsverity_active() semantic change

Commit f77f281b6118 ("fsverity: use a hashtable to find the
fsverity_info") made fsverity_active() check whether the inode has the
verity flag, rather than whether the inode's fsverity_info is loaded.
This broke ovl_ensure_verity_loaded(), which wants to load the
fsverity_info for any verity inodes that haven't had it loaded yet.

Therefore, to check that the fsverity_info hasn't yet been loaded, use
fsverity_get_info(inode) == NULL instead of !fsverity_active(inode).

Also, since fsverity_get_info() now involves a hash table lookup, put
the more lightweight IS_VERITY() flag check first.

Fixes: f77f281b6118 ("fsverity: use a hashtable to find the fsverity_info")
Cc: stable@vger.kernel.org
Link: https://github.com/bootc-dev/bootc/issues/2174
Signed-off-by: Colin Walters <walters@verbum.org>
Acked-by: Amir Goldstein <amir73il@gmail.com>
Link: https://patch.msgid.link/20260505224257.23213-1-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>

diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c
index 7b86a6bac6449a96e57bf9b71d8bbcc39093480f..b41f4788e4f06bd496c9851ff0f6e68d8964a10a 100644 (file)
--- a/fs/overlayfs/util.c
+++ b/fs/overlayfs/util.c
@@ -1354,7 +1354,7 @@ int ovl_ensure_verity_loaded(const struct path *datapath)
        struct inode *inode = d_inode(datapath->dentry);
        struct file *filp;
 
-       if (!fsverity_active(inode) && IS_VERITY(inode)) {
+       if (IS_VERITY(inode) && fsverity_get_info(inode) == NULL) {
                /*
                 * If this inode was not yet opened, the verity info hasn't been
                 * loaded yet, so we need to do that here to force it into memory.