On Nov 6, 2019, at 6:44 PM, Darrick J. Wong <darrick.wong@xxxxxxxxxx> wrote: > > On Tue, Oct 29, 2019 at 01:41:38PM -0700, Eric Biggers wrote: >> From: Eric Biggers <ebiggers@xxxxxxxxxx> >> >> Add a statx attribute bit STATX_ATTR_VERITY which will be set if the >> file has fs-verity enabled. This is the statx() equivalent of >> FS_VERITY_FL which is returned by FS_IOC_GETFLAGS. >> >> This is useful because it allows applications to check whether a file is >> a verity file without opening it. Opening a verity file can be >> expensive because the fsverity_info is set up on open, which involves >> parsing metadata and optionally verifying a cryptographic signature. >> >> This is analogous to how various other bits are exposed through both >> FS_IOC_GETFLAGS and statx(), e.g. the encrypt bit. >> >> Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> >> --- >> include/linux/stat.h | 3 ++- >> include/uapi/linux/stat.h | 2 +- >> 2 files changed, 3 insertions(+), 2 deletions(-) >> >> diff --git a/include/linux/stat.h b/include/linux/stat.h >> index 765573dc17d659..528c4baad09146 100644 >> --- a/include/linux/stat.h >> +++ b/include/linux/stat.h >> @@ -33,7 +33,8 @@ struct kstat { >> STATX_ATTR_IMMUTABLE | \ >> STATX_ATTR_APPEND | \ >> STATX_ATTR_NODUMP | \ >> - STATX_ATTR_ENCRYPTED \ >> + STATX_ATTR_ENCRYPTED | \ >> + STATX_ATTR_VERITY \ >> )/* Attrs corresponding to FS_*_FL flags */ >> u64 ino; >> dev_t dev; >> diff --git a/include/uapi/linux/stat.h b/include/uapi/linux/stat.h >> index 7b35e98d3c58b1..ad80a5c885d598 100644 >> --- a/include/uapi/linux/stat.h >> +++ b/include/uapi/linux/stat.h >> @@ -167,8 +167,8 @@ struct statx { >> #define STATX_ATTR_APPEND 0x00000020 /* [I] File is append-only */ >> #define STATX_ATTR_NODUMP 0x00000040 /* [I] File is not to be dumped */ >> #define STATX_ATTR_ENCRYPTED 0x00000800 /* [I] File requires key to decrypt in fs */ >> - >> #define STATX_ATTR_AUTOMOUNT 0x00001000 /* Dir: Automount trigger */ >> +#define STATX_ATTR_VERITY 0x00100000 /* [I] Verity protected file */ > > Any reason why this wasn't 0x2000? A few lines earlier in this file it states: * Note that the flags marked [I] correspond to generic FS_IOC_FLAGS * semantically. Where possible, the numerical value is picked to * correspond also. Cheers, Andreas
Attachment:
signature.asc
Description: Message signed with OpenPGP