mirror of
https://github.com/edk2-porting/linux-next.git
synced 2024-12-23 12:43:55 +08:00
fd2d1acfca
Add the fsverity_file_open() function, which prepares an fs-verity file to be read from. If not already done, it loads the fs-verity descriptor from the filesystem and sets up an fsverity_info structure for the inode which describes the Merkle tree and contains the file measurement. It also denies all attempts to open verity files for writing. This commit also begins the include/linux/fsverity.h header, which declares the interface between fs/verity/ and filesystems. Reviewed-by: Theodore Ts'o <tytso@mit.edu> Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org> Signed-off-by: Eric Biggers <ebiggers@google.com>
48 lines
927 B
C
48 lines
927 B
C
// SPDX-License-Identifier: GPL-2.0
|
|
/*
|
|
* fs/verity/init.c: fs-verity module initialization and logging
|
|
*
|
|
* Copyright 2019 Google LLC
|
|
*/
|
|
|
|
#include "fsverity_private.h"
|
|
|
|
#include <linux/ratelimit.h>
|
|
|
|
void fsverity_msg(const struct inode *inode, const char *level,
|
|
const char *fmt, ...)
|
|
{
|
|
static DEFINE_RATELIMIT_STATE(rs, DEFAULT_RATELIMIT_INTERVAL,
|
|
DEFAULT_RATELIMIT_BURST);
|
|
struct va_format vaf;
|
|
va_list args;
|
|
|
|
if (!__ratelimit(&rs))
|
|
return;
|
|
|
|
va_start(args, fmt);
|
|
vaf.fmt = fmt;
|
|
vaf.va = &args;
|
|
if (inode)
|
|
printk("%sfs-verity (%s, inode %lu): %pV\n",
|
|
level, inode->i_sb->s_id, inode->i_ino, &vaf);
|
|
else
|
|
printk("%sfs-verity: %pV\n", level, &vaf);
|
|
va_end(args);
|
|
}
|
|
|
|
static int __init fsverity_init(void)
|
|
{
|
|
int err;
|
|
|
|
fsverity_check_hash_algs();
|
|
|
|
err = fsverity_init_info_cache();
|
|
if (err)
|
|
return err;
|
|
|
|
pr_debug("Initialized fs-verity\n");
|
|
return 0;
|
|
}
|
|
late_initcall(fsverity_init)
|