On Thu, Apr 04, 2024 at 10:50:45PM -0400, Eric Biggers wrote:
> On Fri, Mar 29, 2024 at 05:34:45PM -0700, Darrick J. Wong wrote:
> > +/**
> > + * fsverity_merkle_tree_geometry() - return Merkle tree geometry
> > + * @inode: the inode for which the Merkle tree is being built
>
> This function is actually for inodes that already have fsverity enabled. So the
> above comment is misleading.
How about:
/**
* fsverity_merkle_tree_geometry() - return Merkle tree geometry
* @inode: the inode to query
* @block_size: size of a merkle tree block, in bytes
* @tree_size: size of the merkle tree, in bytes
*
* Callers are not required to have opened the file.
*/
> > +int fsverity_merkle_tree_geometry(struct inode *inode, unsigned int *block_size,
> > + u64 *tree_size)
> > +{
> > + struct fsverity_info *vi;
> > + int error;
> > +
> > + if (!IS_VERITY(inode))
> > + return -EOPNOTSUPP;
>
> Maybe use ENODATA, similar to fsverity_ioctl_measure() and
> bpf_get_fsverity_digest().
Done.
> > +
> > + error = ensure_verity_info(inode);
> > + if (error)
> > + return error;
> > +
> > + vi = fsverity_get_info(inode);
>
> This can just use 'vi = inode->i_verity_info', since ensure_verity_info() was
> called.
Changed.
> It should also be documented that an open need not have been done on the file
> yet, as this behavior differs from functions like fsverity_get_digest() that
> require that an open was done first.
Done.
--D
> - Eric
>
