On Mon, Mar 18, 2024 at 09:38:47AM -0700, Eric Biggers wrote:
> On Sun, Mar 17, 2024 at 09:27:34AM -0700, Darrick J. Wong wrote:
> > diff --git a/fs/verity/open.c b/fs/verity/open.c
> > index 7a86407732c4..433a70eeca55 100644
> > --- a/fs/verity/open.c
> > +++ b/fs/verity/open.c
> > @@ -144,6 +144,13 @@ int fsverity_init_merkle_tree_params(struct merkle_tree_params *params,
> > goto out_err;
> > }
> >
> > + err = fsverity_hash_buffer(params->hash_alg, page_address(ZERO_PAGE(0)),
> > + i_blocksize(inode), params->zero_digest);
> > + if (err) {
> > + fsverity_err(inode, "Error %d computing zero digest", err);
> > + goto out_err;
> > + }
>
> This doesn't take the salt into account. Also it's using the wrong block size
> (filesystem block size instead of Merkle tree block size).
>
> How about using fsverity_hash_block()?
/me looks at build_merkle_tree again, realizes that it calls
hash_one_block on params->block_size bytes of file data.
IOWs, fsverity_hash_block is indeed the correct function to call here.
Thanks for the correction!
--D
> - Eric
