This function will be used by XFS's scrub to force fsverity activation, therefore, to read fsverity context. Reviewed-by: Darrick J. Wong Acked-by: Eric Biggers Signed-off-by: Andrey Albershteyn Reviewed-by: Christoph Hellwig --- fs/verity/open.c | 22 ++++++++++++++++++++-- include/linux/fsverity.h | 2 ++ 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/fs/verity/open.c b/fs/verity/open.c index dfa0d1afe0fe..d32d0899df25 100644 --- a/fs/verity/open.c +++ b/fs/verity/open.c @@ -344,7 +344,24 @@ int fsverity_get_descriptor(struct inode *inode, return 0; } -static int ensure_verity_info(struct inode *inode) +/** + * fsverity_ensure_verity_info() - cache verity info if it's not already cached + * @inode: the inode for which verity info should be cached + * + * Ensure this inode has verity info attached to it, it's assumed the inode + * already has fsverity enabled. Read fsverity descriptor and creates verity + * based on that. + * + * This needs to be called at least once before any of the inode's data + * can be verified (and thus read at all) or the inode's fsverity digest + * retrieved. fsverity_file_open() calls this already, which handles + * normal file accesses. If a filesystem does any internal (i.e. not + * associated with a file descriptor) reads of the file's data or + * fsverity digest, it must call this explicitly before doing so. + * + * Return: 0 on success, -errno on failure + */ +int fsverity_ensure_verity_info(struct inode *inode) { struct fsverity_info *vi = fsverity_get_info(inode), *found; struct fsverity_descriptor *desc; @@ -380,12 +397,13 @@ static int ensure_verity_info(struct inode *inode) kfree(desc); return err; } +EXPORT_SYMBOL_GPL(fsverity_ensure_verity_info); int __fsverity_file_open(struct inode *inode, struct file *filp) { if (filp->f_mode & FMODE_WRITE) return -EPERM; - return ensure_verity_info(inode); + return fsverity_ensure_verity_info(inode); } EXPORT_SYMBOL_GPL(__fsverity_file_open); diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h index a8f9aa75b792..5562271bd628 100644 --- a/include/linux/fsverity.h +++ b/include/linux/fsverity.h @@ -309,6 +309,8 @@ static inline int fsverity_file_open(struct inode *inode, struct file *filp) return 0; } +int fsverity_ensure_verity_info(struct inode *inode); + void fsverity_cleanup_inode(struct inode *inode); struct page *generic_read_merkle_tree_page(struct inode *inode, pgoff_t index); -- 2.51.2