enable_verity

函数名称：enable_verity

函数原型：static int enable_verity(struct file *filp, const struct fsverity_enable_arg *arg)

返回类型：int

参数：

类型	参数	名称
struct file *	filp
const struct fsverity_enable_arg *	arg

160

inode等于file_inode(filp)

161

vops等于s_vop

162

struct merkle_tree_params params = {}

164

desc_size等于desc的长度加sig_size

169

desc等于分配内存并置零

170

如果非desc则返回:负ENOMEM

172

must be 1 等于1

173

Merkle tree hash algorithm 等于hash_algorithm

174

log2 of size of data and tree blocks 等于log2 - log base 2 of 32-bit or a 64-bit unsigned value*@n: parameter* constant-capable log of base 2 calculation* - this can be used to initialise global variables from constant data, hence* the massive ternary operator construction* selects the (block_size)

177

如果salt_size且copy_from_user(salt prepended to each hashed block , (constu8 __user * )(uintptr_t)salt_ptr, salt_size)则

181

err等于负EFAULT

182

转到:out

184

size of salt in bytes; 0 if none 等于salt_size

187

如果sig_size且copy_from_user(ptional PKCS#7 signature , (constu8 __user * )(uintptr_t)sig_ptr, sig_size)则

191

err等于负EFAULT

192

转到:out

194

size of signature in bytes; 0 if none 等于cpu_to_le32(sig_size)

196

size of file the Merkle tree is built over 等于The following macros are to be defined by (i_size)

199

203

如果err则转到:out

210

inode_lock(inode)

211

如果IS_VERITY(inode)则err等于负EEXIST

213

否则err等于begin_enable_verity(filp)

215

inode_unlock(inode)

216

如果err则转到:out

228

pr_debug("Building Merkle tree...\n")

229

BUILD_BUG_ON - break compile if a condition is true(Merkle tree root hash 的长度 < Largest digest size among all hash algorithms supported by fs-verity.* Currently assumed to be <= size of fsverity_descriptor::root_hash.)

230

err等于Build the Merkle tree for the given inode using the given parameters, and* return the root hash in @root_hash.* The tree is written to a filesystem-specific location as determined by the* ->write_merkle_tree_block() method

231

如果err则

232

fsverity_err(inode, "Error %d building Merkle tree", err)

233

转到:rollback

235

pr_debug("Done building Merkle tree. Root hash is %s:%*phN\n", crypto API name, e.g. sha256 , same as hash_alg->digest_size , Merkle tree root hash )

245

vi等于Validate the given fsverity_descriptor and create a new fsverity_info from* it. The signature (if present) is also checked.

246

如果是错误则

247

err等于错误

248

转到:rollback

251

如果sig_size则pr_debug("Storing a %u-byte PKCS#7 signature alongside the file\n", sig_size)

259

inode_lock(inode)

260

err等于end_enable_verity(filp, desc, desc_size, Merkle tree size in bytes )

261

inode_unlock(inode)

262

如果err则

263

fsverity_err(inode, "%ps() failed with err %d", end_enable_verity, err)

265

fsverity_free_info(vi)

266

否则如果WARN_ON(!IS_VERITY(inode))则

267

err等于负EINVAL

268

fsverity_free_info(vi)

269

否则

277

fsverity_set_info(inode, vi)

279

out :

280

281

282

返回:err

284

285

inode_lock(inode)

286

end_enable_verity(filp, NULL, 0, Merkle tree size in bytes )

287

inode_unlock(inode)

288

转到:out

**调用者**
名称	描述
fsverity_ioctl_enable	sverity_ioctl_enable() - enable verity on a file* Enable fs-verity on a file. See the "FS_IOC_ENABLE_VERITY" section of* Documentation/filesystems/fsverity.rst for the documentation.* Return: 0 on success, -errno on failure

源代码转换工具开放的插件接口	X
支持：c/c++/esqlc/java Oracle/Informix/Mysql 插件可实现：逻辑报告代码生成和批量转换代码