diff options
author | Boris Burkov <boris@bur.io> | 2022-08-15 23:54:28 +0300 |
---|---|---|
committer | David Sterba <dsterba@suse.com> | 2022-09-26 13:27:55 +0300 |
commit | 38622010a6de3a62cc72688348548854ed82dcf5 (patch) | |
tree | 0ea2e8084cf69994d818ec9a0bc9ba50d3ab82b4 /include/linux/fsverity.h | |
parent | e5677f056010298d3a8d43f710f8b445dd73462d (diff) | |
download | linux-38622010a6de3a62cc72688348548854ed82dcf5.tar.xz |
btrfs: send: add support for fs-verity
Preserve the fs-verity status of a btrfs file across send/recv.
There is no facility for installing the Merkle tree contents directly on
the receiving filesystem, so we package up the parameters used to enable
verity found in the verity descriptor. This gives the receive side
enough information to properly enable verity again. Note that this means
that receive will have to re-compute the whole Merkle tree, similar to
how compression worked before encoded_write.
Since the file becomes read-only after verity is enabled, it is
important that verity is added to the send stream after any file writes.
Therefore, when we process a verity item, merely note that it happened,
then actually create the command in the send stream during
'finish_inode_if_needed'.
This also creates V3 of the send stream format, without any format
changes besides adding the new commands and attributes.
Signed-off-by: Boris Burkov <boris@bur.io>
Signed-off-by: David Sterba <dsterba@suse.com>
Diffstat (limited to 'include/linux/fsverity.h')
-rw-r--r-- | include/linux/fsverity.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/include/linux/fsverity.h b/include/linux/fsverity.h index 7af030fa3c36..40f14e5fed9d 100644 --- a/include/linux/fsverity.h +++ b/include/linux/fsverity.h @@ -22,6 +22,9 @@ */ #define FS_VERITY_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE +/* Arbitrary limit to bound the kmalloc() size. Can be changed. */ +#define FS_VERITY_MAX_DESCRIPTOR_SIZE 16384 + /* Verity operations for filesystems */ struct fsverity_operations { |