On Thu, Jun 06, 2019 at 08:51:56AM -0700, Eric Biggers wrote: > From: Eric Biggers <ebiggers@xxxxxxxxxx> > > Add the fsverity_file_open() function, which prepares an fs-verity file > to be read from. If not already done, it loads the fs-verity descriptor > from the filesystem and sets up an fsverity_info structure for the inode > which describes the Merkle tree and contains the file measurement. It > also denies all attempts to open verity files for writing. > > This commit also begins the include/linux/fsverity.h header, which > declares the interface between fs/verity/ and filesystems. > > Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> Looks good; you can add: Reviewed-off-by: Theodore Ts'o <tytso@xxxxxxx> - Ted > +/* > + * Validate the given fsverity_descriptor and create a new fsverity_info from > + * it. The signature (if present) is also checked. > + */ > +struct fsverity_info *fsverity_create_info(const struct inode *inode, > + const void *_desc, size_t desc_size) Well, technically it's not checked (yet). It doesn't get checked until [PATCH 13/16]: support builtin file signatures. If we want to be really nit-picky, that portion of the comment could be moved to later in the series.
