Eric Biggers <ebiggers@xxxxxxxxxx> wrote:
>
> + if (multibuffer) {
> + if (ctx->pending_data) {
> + /* Hash and verify two data blocks. */
> + err = fsverity_hash_2_blocks(params,
> + inode,
> + ctx->pending_data,
> + data,
> + ctx->hash1,
> + ctx->hash2);
> + kunmap_local(data);
> + kunmap_local(ctx->pending_data);
> + ctx->pending_data = NULL;
> + if (err != 0 ||
> + !verify_data_block(inode, vi, ctx->hash1,
> + ctx->pending_pos,
> + ctx->max_ra_pages) ||
> + !verify_data_block(inode, vi, ctx->hash2,
> + pos, ctx->max_ra_pages))
> + return false;
> + } else {
> + /* Wait and see if there's another block. */
> + ctx->pending_data = data;
> + ctx->pending_pos = pos;
> + }
> + } else {
> + /* Hash and verify one data block. */
> + err = fsverity_hash_block(params, inode, data,
> + ctx->hash1);
> + kunmap_local(data);
> + if (err != 0 ||
> + !verify_data_block(inode, vi, ctx->hash1,
> + pos, ctx->max_ra_pages))
> + return false;
> + }
> + pos += block_size;
I think this complexity is gross. Look at how we did GSO in
networking. There should be a unified code-path for aggregated
data and simple data, not an aggregated path versus a simple path.
I think ultimately it stems from the fact that this code went from
ahash to shash. What were the issues back then? If it's just vmalloc
we should fix ahash to support that, rather than making users of the
Crypto API go through contortions like this.
Cheers,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
