On Tue, Mar 05, 2024 at 08:55:43PM -0800, Eric Biggers wrote:
> On Mon, Mar 04, 2024 at 08:10:44PM +0100, Andrey Albershteyn wrote:
> > +static void
> > +xfs_verity_put_listent(
> > + struct xfs_attr_list_context *context,
> > + int flags,
> > + unsigned char *name,
> > + int namelen,
> > + int valuelen)
> > +{
> > + struct fsverity_blockbuf block = {
> > + .offset = xfs_fsverity_name_to_block_offset(name),
> > + .size = valuelen,
> > + };
> > + /*
> > + * Verity descriptor is smaller than 1024; verity block min size is
> > + * 1024. Exclude verity descriptor
> > + */
> > + if (valuelen < 1024)
> > + return;
> > +
>
> Is there no way to directly check whether it's the verity descriptor? The
> 'valuelen < 1024' check is fragile because it will break if support for smaller
> Merkle tree block sizes is ever added. (Silently, because this is doing
> invalidation which is hard to test and we need to be super careful with.)
>
> If you really must introduce the assumption that the Merkle tree block size is
> at least 1024, this needs to be documented in the comment in
> fsverity_init_merkle_tree_params() that explains the reasoning behind the
> current restrictions on the Merkle tree block size.
Also, the verity descriptor can be >= 1024 bytes if there is a large builtin
signature attached to it.
- Eric
