forked from ~ljy/RK356X_SDK_RELEASE

blame | history | patch | commit | commitdiff
hc
2024-01-05 071106ecf68c401173c58808b1cf5f68cc50d390 
 kernel/Documentation/filesystems/fsverity.rst
....@@ -84,7 +84,7 @@
8484 --------------------
8585 
8686 The FS_IOC_ENABLE_VERITY ioctl enables fs-verity on a file.  It takes
87
-in a pointer to a :c:type:`struct fsverity_enable_arg`, defined as
87
+in a pointer to a struct fsverity_enable_arg, defined as
8888 follows::
8989 
9090     struct fsverity_enable_arg {
....@@ -216,6 +216,82 @@
216216   feature enabled on it.  (See `Filesystem support`_.)
217217 - ``EOVERFLOW``: the digest is longer than the specified
218218   ``digest_size`` bytes.  Try providing a larger buffer.
219
+
220
+FS_IOC_READ_VERITY_METADATA
221
+---------------------------
222
+
223
+The FS_IOC_READ_VERITY_METADATA ioctl reads verity metadata from a
224
+verity file.  This ioctl is available since Linux v5.12.
225
+
226
+This ioctl allows writing a server program that takes a verity file
227
+and serves it to a client program, such that the client can do its own
228
+fs-verity compatible verification of the file.  This only makes sense
229
+if the client doesn't trust the server and if the server needs to
230
+provide the storage for the client.
231
+
232
+This is a fairly specialized use case, and most fs-verity users won't
233
+need this ioctl.
234
+
235
+This ioctl takes in a pointer to the following structure::
236
+
237
+   #define FS_VERITY_METADATA_TYPE_MERKLE_TREE     1
238
+   #define FS_VERITY_METADATA_TYPE_DESCRIPTOR      2
239
+   #define FS_VERITY_METADATA_TYPE_SIGNATURE       3
240
+
241
+   struct fsverity_read_metadata_arg {
242
+           __u64 metadata_type;
243
+           __u64 offset;
244
+           __u64 length;
245
+           __u64 buf_ptr;
246
+           __u64 __reserved;
247
+   };
248
+
249
+``metadata_type`` specifies the type of metadata to read:
250
+
251
+- ``FS_VERITY_METADATA_TYPE_MERKLE_TREE`` reads the blocks of the
252
+  Merkle tree.  The blocks are returned in order from the root level
253
+  to the leaf level.  Within each level, the blocks are returned in
254
+  the same order that their hashes are themselves hashed.
255
+  See `Merkle tree`_ for more information.
256
+
257
+- ``FS_VERITY_METADATA_TYPE_DESCRIPTOR`` reads the fs-verity
258
+  descriptor.  See `fs-verity descriptor`_.
259
+
260
+- ``FS_VERITY_METADATA_TYPE_SIGNATURE`` reads the signature which was
261
+  passed to FS_IOC_ENABLE_VERITY, if any.  See `Built-in signature
262
+  verification`_.
263
+
264
+The semantics are similar to those of ``pread()``.  ``offset``
265
+specifies the offset in bytes into the metadata item to read from, and
266
+``length`` specifies the maximum number of bytes to read from the
267
+metadata item.  ``buf_ptr`` is the pointer to the buffer to read into,
268
+cast to a 64-bit integer.  ``__reserved`` must be 0.  On success, the
269
+number of bytes read is returned.  0 is returned at the end of the
270
+metadata item.  The returned length may be less than ``length``, for
271
+example if the ioctl is interrupted.
272
+
273
+The metadata returned by FS_IOC_READ_VERITY_METADATA isn't guaranteed
274
+to be authenticated against the file digest that would be returned by
275
+`FS_IOC_MEASURE_VERITY`_, as the metadata is expected to be used to
276
+implement fs-verity compatible verification anyway (though absent a
277
+malicious disk, the metadata will indeed match).  E.g. to implement
278
+this ioctl, the filesystem is allowed to just read the Merkle tree
279
+blocks from disk without actually verifying the path to the root node.
280
+
281
+FS_IOC_READ_VERITY_METADATA can fail with the following errors:
282
+
283
+- ``EFAULT``: the caller provided inaccessible memory
284
+- ``EINTR``: the ioctl was interrupted before any data was read
285
+- ``EINVAL``: reserved fields were set, or ``offset + length``
286
+  overflowed
287
+- ``ENODATA``: the file is not a verity file, or
288
+  FS_VERITY_METADATA_TYPE_SIGNATURE was requested but the file doesn't
289
+  have a built-in signature
290
+- ``ENOTTY``: this type of filesystem does not implement fs-verity, or
291
+  this ioctl is not yet implemented on it
292
+- ``EOPNOTSUPP``: the kernel was not configured with fs-verity
293
+  support, or the filesystem superblock has not had the 'verity'
294
+  feature enabled on it.  (See `Filesystem support`_.)
219295 
220296 FS_IOC_GETFLAGS
221297 ---------------
....@@ -655,7 +731,7 @@
655731       retrofit existing filesystems with new consistency mechanisms.
656732       Data journalling is available on ext4, but is very slow.
657733 
658
-    - Rebuilding the the Merkle tree after every write, which would be
734
+    - Rebuilding the Merkle tree after every write, which would be
659735       extremely inefficient.  Alternatively, a different authenticated
660736       dictionary structure such as an "authenticated skiplist" could
661737       be used.  However, this would be far more complex.