[PATCH] erofs: verify metadata accesses for file-backed mounts
Chunhai Guo
guochunhai at vivo.com
Thu Apr 2 17:46:00 AEDT 2026
On 3/30/2026 10:20 AM, Gao Xiang wrote:
> For file-backed mounts, metadata is fetched via the page cache of
> backing inodes to avoid double caching and redundant copy ops, which is
> currently used by Android APEXes, ComposeFS and containerd for example.
> However, rw_verify_area() was missing prior to metadata accesses.
>
> Similar to vfs_iocb_iter_read(), fix this by:
> - Enabling fanotify pre-content hooks on metadata accesses;
> - security_file_permission() for security modules.
>
> Verified that fanotify pre-content hooks now works correctly.
>
> Fixes: fb176750266a ("erofs: add file-backed mount support")
> Acked-by: Amir Goldstein <amir73il at gmail.com>
> Signed-off-by: Gao Xiang <hsiangkao at linux.alibaba.com>
> ---
Reviewed-by: Chunhai Guo <guochunhai at vivo.com>
Thanks,
More information about the Linux-erofs
mailing list