Commit a3000002 authored Feb 21, 2026 by Eric Biggers

fsverity: add dependency on 64K or smaller pages

Currently, all filesystems that support fsverity (ext4, f2fs, and btrfs)
cache the Merkle tree in the pagecache at a 64K aligned offset after the
end of the file data. This offset needs to be a multiple of the page
size, which is guaranteed only when the page size is 64K or smaller.

64K was chosen to be the "largest reasonable page size". But it isn't
the largest *possible* page size: the hexagon and powerpc ports of Linux
support 256K pages, though that configuration is rarely used.

For now, just disable support for FS_VERITY in these odd configurations
to ensure it isn't used in cases where it would have incorrect behavior.

Fixes: 671e67b4 ("fs-verity: add Kconfig and the helper functions for hashing")
Reported-by: Christoph Hellwig <hch@lst.de>
Closes: https://lore.kernel.org/r/20260119063349.GA643@lst.de

Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Link: https://lore.kernel.org/r/20260221204525.30426-1-ebiggers@kernel.org

Signed-off-by: Eric Biggers <ebiggers@kernel.org>

parent 6de23f81

fs/verity/Kconfig

+3 −0

Original line number	Diff line number	Diff line
		@@ -2,6 +2,9 @@

		config FS_VERITY
		bool "FS Verity (read-only file-based authenticity protection)"
		# Filesystems cache the Merkle tree at a 64K aligned offset in the
		# pagecache. That approach assumes the page size is at most 64K.
		depends on PAGE_SHIFT <= 16
		select CRYPTO_HASH_INFO
		select CRYPTO_LIB_SHA256
		select CRYPTO_LIB_SHA512