From: Darrick J. Wong <djwong@xxxxxxxxxx>
Compute the hash of one filesystem block's worth of zeros and pass a
reference to this to the merkle tree read and write functions. A
filesystem implementation can decide to elide merkle tree blocks
containing only this hash and synthesize the contents at read time.
Let's pretend that there's a file containing six data blocks and whose
merkle tree looks roughly like this:
root
+--leaf0
| +--data0
| +--data1
| `--data2
`--leaf1
+--data3
+--data4
`--data5
If data[0-2] are sparse holes, then leaf0 will contain a repeating
sequence of @zero_digest. Therefore, leaf0 need not be written to disk
because its contents can be synthesized.
A subsequent xfs patch will use this to reduce the size of the merkle
tree when dealing with sparse gold master disk images and the like.
Signed-off-by: Darrick J. Wong <djwong@xxxxxxxxxx>
---
fs/verity/enable.c | 2 ++
fs/verity/fsverity_private.h | 3 +++
fs/verity/open.c | 7 +++++++
fs/verity/verify.c | 2 ++
include/linux/fsverity.h | 8 ++++++++
5 files changed, 22 insertions(+)
diff --git a/fs/verity/enable.c b/fs/verity/enable.c
index 233b20fb12ff5..8c6fe4b72b14e 100644
--- a/fs/verity/enable.c
+++ b/fs/verity/enable.c
@@ -52,6 +52,8 @@ static int write_merkle_tree_block(struct inode *inode, const u8 *buf,
{
struct fsverity_writemerkle req = {
.inode = inode,
+ .zero_digest = params->zero_digest,
+ .digest_size = params->digest_size,
};
u64 pos = (u64)index << params->log_blocksize;
int err;
diff --git a/fs/verity/fsverity_private.h b/fs/verity/fsverity_private.h
index c1a306fd1f9b4..20208425e56fc 100644
--- a/fs/verity/fsverity_private.h
+++ b/fs/verity/fsverity_private.h
@@ -47,6 +47,9 @@ struct merkle_tree_params {
u64 tree_size; /* Merkle tree size in bytes */
unsigned long tree_pages; /* Merkle tree size in pages */
+ /* the hash of a merkle block-sized buffer of zeroes */
+ u8 zero_digest[FS_VERITY_MAX_DIGEST_SIZE];
+
/*
* Starting block index for each tree level, ordered from leaf level (0)
* to root level ('num_levels - 1')
diff --git a/fs/verity/open.c b/fs/verity/open.c
index aa71a4d3cbff1..c9d858d99f4ac 100644
--- a/fs/verity/open.c
+++ b/fs/verity/open.c
@@ -144,6 +144,13 @@ int fsverity_init_merkle_tree_params(struct merkle_tree_params *params,
goto out_err;
}
+ err = fsverity_hash_block(params, inode, page_address(ZERO_PAGE(0)),
+ params->zero_digest);
+ if (err) {
+ fsverity_err(inode, "Error %d computing zero digest", err);
+ goto out_err;
+ }
+
params->tree_size = offset << log_blocksize;
params->tree_pages = PAGE_ALIGN(params->tree_size) >> PAGE_SHIFT;
return 0;
diff --git a/fs/verity/verify.c b/fs/verity/verify.c
index c4c5e1c082de5..0782a69d89f26 100644
--- a/fs/verity/verify.c
+++ b/fs/verity/verify.c
@@ -425,6 +425,8 @@ int fsverity_read_merkle_tree_block(struct inode *inode,
.level = level,
.num_levels = params->num_levels,
.ra_bytes = ra_bytes,
+ .zero_digest = params->zero_digest,
+ .digest_size = params->digest_size,
};
err = vops->read_merkle_tree_block(&req, block);
diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h
index 710006552804d..dc8f85380b9c7 100644
--- a/include/linux/fsverity.h
+++ b/include/linux/fsverity.h
@@ -63,12 +63,16 @@ struct fsverity_blockbuf {
* if the page at @block->offset isn't already cached.
* Implementations may ignore this argument; it's only a
* performance optimization.
+ * @zero_digest: the hash of a merkle block-sized buffer of zeroes
+ * @digest_size: size of zero_digest, in bytes
*/
struct fsverity_readmerkle {
struct inode *inode;
unsigned long ra_bytes;
int level;
int num_levels;
+ const u8 *zero_digest;
+ unsigned int digest_size;
};
#define FSVERITY_STREAMING_READ (-1)
@@ -76,9 +80,13 @@ struct fsverity_readmerkle {
/**
* struct fsverity_writemerkle - Request to write a Merkle Tree block buffer
* @inode: the inode to read
+ * @zero_digest: the hash of a merkle block-sized buffer of zeroes
+ * @digest_size: size of zero_digest, in bytes
*/
struct fsverity_writemerkle {
struct inode *inode;
+ const u8 *zero_digest;
+ unsigned int digest_size;
};
/* Verity operations for filesystems */
