On Wed, Apr 24, 2024 at 11:18:26AM -0700, Darrick J. Wong wrote: > On Thu, Apr 04, 2024 at 11:09:11PM -0400, Eric Biggers wrote: > > On Fri, Mar 29, 2024 at 05:35:32PM -0700, Darrick J. Wong wrote: > > > + /** > > > + * Notify the filesystem that file data validation failed > > > + * > > > + * @inode: the inode being validated > > > + * @pos: the file position of the invalid data > > > + * @len: the length of the invalid data > > > + * > > > + * This is called when fs-verity cannot validate the file contents. > > > + */ > > > + void (*fail_validation)(struct inode *inode, loff_t pos, size_t len); > > > > There is a difference between the file actually being corrupt (mismatching > > hashes) and other problems like disk errors reading from the Merkle tree. > > "Validation failed" is a bit ambiguous, and "cannot validate the file contents" > > even more so. Do you want only file corruption errors? If so it may be a good > > idea to call this 'file_corrupt', which would be consistent with the > > "FILE CORRUPTED" error message in fs/verity/verify.c. Or do you actually want > > all errors? Either way, it needs to be clarified what is actually meant. > > I only want actual file corruption errors -- XFS can handle disk errors > from reading merkle tree blocks on its own. I'll change this to > file_corrupt. How's this? > > /** > * Notify the filesystem that file data is corrupt. > * > * @inode: the inode being validated > * @pos: the file position of the invalid data > * @len: the length of the invalid data > * > * This function is called when fs-verity cannot validate the file > * contents against the merkle tree hashes and logs a FILE CORRUPTED > * error message. > */ > void (*file_corrupt)(struct inode *inode, loff_t pos, size_t len); It looks good except for the last sentence, which still has the potentially misleading "cannot validate the file contents" wording. How about something like the following: "This function is called when fs-verity detects that a portion of a file's data is inconsistent with the Merkle tree, or a Merkle tree block needed to validate the data is inconsistent with the level above it." - Eric
