Thread (42 messages) 42 messages, 3 authors, 2019-06-19

Re: [PATCH v4 05/16] fs-verity: add Kconfig and the helper functions for hashing

From: Eric Biggers <ebiggers@kernel.org>
Date: 2019-06-18 16:33:00
Also in: linux-ext4, linux-f2fs-devel, linux-fscrypt, linux-fsdevel, linux-integrity 

On Sat, Jun 15, 2019 at 08:57:31AM -0400, Theodore Ts'o wrote:
On Thu, Jun 06, 2019 at 08:51:54AM -0700, Eric Biggers wrote:
quoted
From: Eric Biggers <redacted>

Add the beginnings of the fs/verity/ support layer, including the
Kconfig option and various helper functions for hashing.  To start, only
SHA-256 is supported, but other hash algorithms can easily be added.

Signed-off-by: Eric Biggers <redacted>
Looks good; you can add:

Reviewed-off-by: Theodore Ts'o [off-list ref]

One thought for consideration below...
quoted
+
+/*
+ * Maximum depth of the Merkle tree.  Up to 64 levels are theoretically possible
+ * with a very small block size, but we'd like to limit stack usage during
+ * verification, and in practice this is plenty.  E.g., with SHA-256 and 4K
+ * blocks, a file with size UINT64_MAX bytes needs just 8 levels.
+ */
+#define FS_VERITY_MAX_LEVELS		16
Maybe we should make FS_VERITY_MAX_LEVELS 8 for now?  This is an
implementation-level restriction, and currently we don't support any
architectures that have a page size < 4k.  We can always bump this
number up in the future if it ever becomes necessary, and limiting max
levels to 8 saves almost 100 bytes of stack space in verify_page().

						- Ted
Yes, I agree.  I'll reduce MAX_LEVELS to 8 for now and tweak the comment.

- Eric
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help