On Thu, Jun 06, 2019 at 08:51:54AM -0700, Eric Biggers wrote: > From: Eric Biggers <ebiggers@xxxxxxxxxx> > > Add the beginnings of the fs/verity/ support layer, including the > Kconfig option and various helper functions for hashing. To start, only > SHA-256 is supported, but other hash algorithms can easily be added. > > Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> Looks good; you can add: Reviewed-off-by: Theodore Ts'o <tytso@xxxxxxx> One thought for consideration below... > + > +/* > + * Maximum depth of the Merkle tree. Up to 64 levels are theoretically possible > + * with a very small block size, but we'd like to limit stack usage during > + * verification, and in practice this is plenty. E.g., with SHA-256 and 4K > + * blocks, a file with size UINT64_MAX bytes needs just 8 levels. > + */ > +#define FS_VERITY_MAX_LEVELS 16 Maybe we should make FS_VERITY_MAX_LEVELS 8 for now? This is an implementation-level restriction, and currently we don't support any architectures that have a page size < 4k. We can always bump this number up in the future if it ever becomes necessary, and limiting max levels to 8 saves almost 100 bytes of stack space in verify_page(). - Ted
