// SPDX-License-Identifier: GPL-2.0 /* * Data verification functions, i.e. hooks for ->readahead() * * Copyright 2019 Google LLC */ #include "fsverity_private.h" #include <crypto/hash.h> #include <linux/bio.h> static struct workqueue_struct *fsverity_read_workqueue; /* * Returns true if the hash block with index @hblock_idx in the tree, located in * @hpage, has already been verified. */ static bool is_hash_block_verified(struct fsverity_info *vi, struct page *hpage, unsigned long hblock_idx) { … } /* * Verify a single data block against the file's Merkle tree. * * In principle, we need to verify the entire path to the root node. However, * for efficiency the filesystem may cache the hash blocks. Therefore we need * only ascend the tree until an already-verified hash block is seen, and then * verify the path to that block. * * Return: %true if the data block is valid, else %false. */ static bool verify_data_block(struct inode *inode, struct fsverity_info *vi, const void *data, u64 data_pos, unsigned long max_ra_pages) { … } static bool verify_data_blocks(struct folio *data_folio, size_t len, size_t offset, unsigned long max_ra_pages) { … } /** * fsverity_verify_blocks() - verify data in a folio * @folio: the folio containing the data to verify * @len: the length of the data to verify in the folio * @offset: the offset of the data to verify in the folio * * Verify data that has just been read from a verity file. The data must be * located in a pagecache folio that is still locked and not yet uptodate. The * length and offset of the data must be Merkle tree block size aligned. * * Return: %true if the data is valid, else %false. */ bool fsverity_verify_blocks(struct folio *folio, size_t len, size_t offset) { … } EXPORT_SYMBOL_GPL(…); #ifdef CONFIG_BLOCK /** * fsverity_verify_bio() - verify a 'read' bio that has just completed * @bio: the bio to verify * * Verify the bio's data against the file's Merkle tree. All bio data segments * must be aligned to the file's Merkle tree block size. If any data fails * verification, then bio->bi_status is set to an error status. * * This is a helper function for use by the ->readahead() method of filesystems * that issue bios to read data directly into the page cache. Filesystems that * populate the page cache without issuing bios (e.g. non block-based * filesystems) must instead call fsverity_verify_page() directly on each page. * All filesystems must also call fsverity_verify_page() on holes. */ void fsverity_verify_bio(struct bio *bio) { … } EXPORT_SYMBOL_GPL(…); #endif /* CONFIG_BLOCK */ /** * fsverity_enqueue_verify_work() - enqueue work on the fs-verity workqueue * @work: the work to enqueue * * Enqueue verification work for asynchronous processing. */ void fsverity_enqueue_verify_work(struct work_struct *work) { … } EXPORT_SYMBOL_GPL(…); void __init fsverity_init_workqueue(void) { … }
Codebase Browser
linux