From: Christoph Hellwig Date: Wed, 28 Jan 2026 15:26:13 +0000 (+0100) Subject: fs,fsverity: reject size changes on fsverity files in setattr_prepare X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e9734653c523c744f03333ece6ae7a315187f05c;p=thirdparty%2Fkernel%2Flinux.git fs,fsverity: reject size changes on fsverity files in setattr_prepare Add the check to reject truncates of fsverity files directly to setattr_prepare instead of requiring the file system to handle it. Besides removing boilerplate code, this also fixes the complete lack of such check in btrfs. Fixes: 146054090b08 ("btrfs: initial fsverity support") Signed-off-by: Christoph Hellwig Reviewed-by: Jan Kara Reviewed-by: "Darrick J. Wong" Link: https://lore.kernel.org/r/20260128152630.627409-2-hch@lst.de Signed-off-by: Eric Biggers --- diff --git a/fs/attr.c b/fs/attr.c index b9ec6b47bab2f..e7d7c6d19fe90 100644 --- a/fs/attr.c +++ b/fs/attr.c @@ -169,7 +169,17 @@ int setattr_prepare(struct mnt_idmap *idmap, struct dentry *dentry, * ATTR_FORCE. */ if (ia_valid & ATTR_SIZE) { - int error = inode_newsize_ok(inode, attr->ia_size); + int error; + + /* + * Verity files are immutable, so deny truncates. This isn't + * covered by the open-time check because sys_truncate() takes a + * path, not an open file. + */ + if (IS_ENABLED(CONFIG_FS_VERITY) && IS_VERITY(inode)) + return -EPERM; + + error = inode_newsize_ok(inode, attr->ia_size); if (error) return error; } diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 0c466ccbed696..8c2ef98fa5304 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -5835,10 +5835,6 @@ int ext4_setattr(struct mnt_idmap *idmap, struct dentry *dentry, if (error) return error; - error = fsverity_prepare_setattr(dentry, attr); - if (error) - return error; - if (is_quota_modification(idmap, inode, attr)) { error = dquot_initialize(inode); if (error) diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index d7047ca6b98d8..da029fed4e5af 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -1074,10 +1074,6 @@ int f2fs_setattr(struct mnt_idmap *idmap, struct dentry *dentry, if (err) return err; - err = fsverity_prepare_setattr(dentry, attr); - if (err) - return err; - if (unlikely(IS_IMMUTABLE(inode))) return -EPERM; diff --git a/fs/verity/open.c b/fs/verity/open.c index 77b1c977af025..2aa5eae5a5403 100644 --- a/fs/verity/open.c +++ b/fs/verity/open.c @@ -384,14 +384,6 @@ int __fsverity_file_open(struct inode *inode, struct file *filp) } EXPORT_SYMBOL_GPL(__fsverity_file_open); -int __fsverity_prepare_setattr(struct dentry *dentry, struct iattr *attr) -{ - if (attr->ia_valid & ATTR_SIZE) - return -EPERM; - return 0; -} -EXPORT_SYMBOL_GPL(__fsverity_prepare_setattr); - void __fsverity_cleanup_inode(struct inode *inode) { struct fsverity_info **vi_addr = fsverity_info_addr(inode); diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h index 5bc7280425a71..86fb1708676ba 100644 --- a/include/linux/fsverity.h +++ b/include/linux/fsverity.h @@ -179,7 +179,6 @@ int fsverity_get_digest(struct inode *inode, /* open.c */ int __fsverity_file_open(struct inode *inode, struct file *filp); -int __fsverity_prepare_setattr(struct dentry *dentry, struct iattr *attr); void __fsverity_cleanup_inode(struct inode *inode); /** @@ -251,12 +250,6 @@ static inline int __fsverity_file_open(struct inode *inode, struct file *filp) return -EOPNOTSUPP; } -static inline int __fsverity_prepare_setattr(struct dentry *dentry, - struct iattr *attr) -{ - return -EOPNOTSUPP; -} - static inline void fsverity_cleanup_inode(struct inode *inode) { } @@ -338,22 +331,4 @@ static inline int fsverity_file_open(struct inode *inode, struct file *filp) return 0; } -/** - * fsverity_prepare_setattr() - prepare to change a verity inode's attributes - * @dentry: dentry through which the inode is being changed - * @attr: attributes to change - * - * Verity files are immutable, so deny truncates. This isn't covered by the - * open-time check because sys_truncate() takes a path, not a file descriptor. - * - * Return: 0 on success, -errno on failure - */ -static inline int fsverity_prepare_setattr(struct dentry *dentry, - struct iattr *attr) -{ - if (IS_VERITY(d_inode(dentry))) - return __fsverity_prepare_setattr(dentry, attr); - return 0; -} - #endif /* _LINUX_FSVERITY_H */