-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmQtPjAACgkQONu9yGCS
aT4xmRAAvwO3WPc76Yo+6GQRbtKotLTPDz5njffcHeQwDnsdjMKwHnn9lH9Xt44v
YdBtRtKql9MUSR9voqx+nXX25g7m5yemLEam5BNRInGZ2jyKNXXc/5VmQvQukbFc
DWlM3wuzeGSJ8nWit6fWGvi4xNcQPjcVyyuhba27YMAU2qz4dgOOccnDXoVA3goz
5VqsZkw6UHKQRTzVs/ygJ2Ke4YldPB3QV4TBvpJFgJVQRm0f/vigKlaUgvOoawDc
+iulDe2tvQNn2nQakP7KNzRntfY75iuJs+eexyfkxhTdAPtwRuZrztZpA5sL+c1N
MYSZk3Gldz05EsAc9FKwLy+CP2L7yCNpdQso8r7cXPlO8J4MLbpuTBzCbM26CaCH
IJigHCya38mgQX2VfpWxegNgft2D9WoIMdjMtQG8AqNEynG86PBBD48MHP1eNC8X
CnBSVt+Ho31FMwfrzT1en2ExbEbZXsKNHdY8077iiCO+/Zc+aea7BXzEAiL0Ui1z
6Qo0zLTG9Wmhwl3Q6R2iShf7zJIM0kpGJ+5qjpE1qhihFFRIe4aYuhrDRH4F01ec
XJFxBr94brfgCp9F/XnFLOQ2SqXGn5C3pJiu6UymcTF9XJUT9llNNt4v6Xbnp/8Y
YsDF16Fm0mpperbG0m9LBtUP4zmA1soZtNC4EEI3YsXVe9x6uEA=
=ArYR
-----END PGP SIGNATURE-----
Merge 5.10.177 into android12-5.10-lts
Changes in 5.10.177
interconnect: qcom: osm-l3: fix icc_onecell_data allocation
perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output
perf: fix perf_event_context->time
ipmi:ssif: make ssif_i2c_send() void
ipmi:ssif: Increase the message retry time
ipmi:ssif: resend_msg() cannot fail
ipmi:ssif: Add a timer between request retries
KVM: Clean up benign vcpu->cpu data races when kicking vCPUs
KVM: KVM: Use cpumask_available() to check for NULL cpumask when kicking vCPUs
KVM: Optimize kvm_make_vcpus_request_mask() a bit
KVM: Pre-allocate cpumasks for kvm_make_all_cpus_request_except()
KVM: Register /dev/kvm as the _very_ last thing during initialization
serial: fsl_lpuart: Fix comment typo
tty: serial: fsl_lpuart: fix race on RX DMA shutdown
serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED
serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it
drm/sun4i: fix missing component unbind on bind errors
net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf()
power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync
power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition
power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition
ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl
ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl
xsk: Add missing overflow check in xdp_umem_reg
iavf: fix inverted Rx hash condition leading to disabled hash
iavf: fix non-tunneled IPv6 UDP packet type and hashing
intel/igbvf: free irq on the error path in igbvf_request_msix()
igbvf: Regard vf reset nack as success
igc: fix the validation logic for taprio's gate list
i2c: imx-lpi2c: check only for enabled interrupt flags
scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
net: usb: smsc95xx: Limit packet length to skb->len
qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info
xirc2ps_cs: Fix use after free bug in xirc2ps_detach
net: phy: Ensure state transitions are processed from phy_stop()
net: mdio: fix owner field for mdio buses registered using device-tree
net: qcom/emac: Fix use after free bug in emac_remove due to race condition
net/ps3_gelic_net: Fix RX sk_buff length
net/ps3_gelic_net: Use dma_mapping_error
bootconfig: Fix testcase to increase max node
keys: Do not cache key in task struct if key is requested from kernel thread
bpf: Adjust insufficient default bpf_jit_limit
net/mlx5: Fix steering rules cleanup
net/mlx5: Read the TC mapping of all priorities on ETS query
net/mlx5: E-Switch, Fix an Oops in error handling code
atm: idt77252: fix kmemleak when rmmod idt77252
erspan: do not use skb_mac_header() in ndo_start_xmit()
net/sonic: use dma_mapping_error() for error check
nvme-tcp: fix nvme_tcp_term_pdu to match spec
gve: Cache link_speed value from device
net: mdio: thunder: Add missing fwnode_handle_put()
Bluetooth: btqcomsmd: Fix command timeout after setting BD address
Bluetooth: L2CAP: Fix not checking for maximum number of DCID
Bluetooth: L2CAP: Fix responding with wrong PDU type
Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work
platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl
hwmon: fix potential sensor registration fail if of_node is missing
hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs
scsi: qla2xxx: Perform lockless command completion in abort path
uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2
thunderbolt: Use scale field when allocating USB3 bandwidth
thunderbolt: Use const qualifier for `ring_interrupt_index`
riscv: Bump COMMAND_LINE_SIZE value to 1024
HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded
ca8210: fix mac_len negative array access
m68k: Only force 030 bus error if PC not in exception table
selftests/bpf: check that modifier resolves after pointer
scsi: target: iscsi: Fix an error message in iscsi_check_key()
scsi: hisi_sas: Check devm_add_action() return value
scsi: ufs: core: Add soft dependency on governor_simpleondemand
scsi: lpfc: Avoid usage of list iterator variable after loop
scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file
net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990
net: usb: qmi_wwan: add Telit 0x1080 composition
sh: sanitize the flags on sigreturn
cifs: empty interface list when server doesn't support query interfaces
scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
usb: dwc2: fix a devres leak in hw_enable upon suspend resume
usb: gadget: u_audio: don't let userspace block driver unbind
fsverity: Remove WQ_UNBOUND from fsverity read workqueue
igb: revert rtnl_lock() that causes deadlock
dm thin: fix deadlock when swapping to thin device
usb: cdns3: Fix issue with using incorrect PCI device function
usb: chipdea: core: fix return -EINVAL if request role is the same with current role
usb: chipidea: core: fix possible concurrent when switch role
usb: ucsi: Fix NULL pointer deref in ucsi_connector_change()
wifi: mac80211: fix qos on mesh interfaces
nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
drm/i915/active: Fix missing debug object activation
drm/i915: Preserve crtc_state->inherited during state clearing
tee: amdtee: fix race condition in amdtee_open_session
firmware: arm_scmi: Fix device node validation for mailbox transport
i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()
dm stats: check for and propagate alloc_percpu failure
dm crypt: add cond_resched() to dmcrypt_write()
sched/fair: sanitize vruntime of entity being placed
sched/fair: Sanitize vruntime of entity being migrated
ocfs2: fix data corruption after failed write
xfs: shut down the filesystem if we screw up quota reservation
xfs: don't reuse busy extents on extent trim
KVM: fix memoryleak in kvm_init()
NFSD: fix use-after-free in __nfs42_ssc_open()
usb: dwc3: gadget: move cmd_endtransfer to extra function
usb: dwc3: gadget: Add 1ms delay after end transfer command without IOC
kernel: kcsan: kcsan_test: build without structleak plugin
kcsan: avoid passing -g for test
drm/meson: Fix error handling when afbcd.ops->init fails
drm/meson: fix missing component unbind on bind errors
bus: imx-weim: fix branch condition evaluates to a garbage value
dm crypt: avoid accessing uninitialized tasklet
fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY
md: avoid signed overflow in slot_store()
net: hsr: Don't log netdev_err message on unknown prp dst node
ALSA: asihpi: check pao in control_message()
ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
fbdev: tgafb: Fix potential divide by zero
sched_getaffinity: don't assume 'cpumask_size()' is fully initialized
fbdev: nvidia: Fix potential divide by zero
fbdev: intelfb: Fix potential divide by zero
fbdev: lxfb: Fix potential divide by zero
fbdev: au1200fb: Fix potential divide by zero
tools/power turbostat: Fix /dev/cpu_dma_latency warnings
tracing: Fix wrong return in kprobe_event_gen_test.c
ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx()
mips: bmips: BCM6358: disable RAC flush for TP1
mtd: rawnand: meson: invalidate cache on polling ECC bit
sfc: ef10: don't overwrite offload features at NIC reset
scsi: megaraid_sas: Fix crash after a double completion
ptp_qoriq: fix memory leak in probe()
r8169: fix RTL8168H and RTL8107E rx crc error
regulator: Handle deferred clk
net/net_failover: fix txq exceeding warning
net: stmmac: don't reject VLANs when IFF_PROMISC is set
can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
s390/vfio-ap: fix memory leak in vfio_ap device driver
ALSA: ymfpci: Fix assignment in if condition
ALSA: ymfpci: Fix BUG_ON in probe function
net: ipa: compute DMA pool size properly
i40e: fix registers dump after run ethtool adapter self test
bnxt_en: Fix typo in PCI id to device description string mapping
bnxt_en: Add missing 200G link speed reporting
net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only
pinctrl: ocelot: Fix alt mode for ocelot
Input: alps - fix compatibility with -funsigned-char
Input: focaltech - use explicitly signed char type
cifs: prevent infinite recursion in CIFSGetDFSRefer()
cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table
btrfs: fix race between quota disable and quota assign ioctls
xen/netback: don't do grant copy across page boundary
net: phy: dp83869: fix default value for tx-/rx-internal-delay
pinctrl: amd: Disable and mask interrupts on resume
pinctrl: at91-pio4: fix domain name assignment
powerpc: Don't try to copy PPR for task with NULL pt_regs
NFSv4: Fix hangs when recovering open state after a server reboot
ALSA: hda/conexant: Partial revert of a quirk for Lenovo
ALSA: usb-audio: Fix regression on detection of Roland VS-100
ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z
xtensa: fix KASAN report for show_stack
rcu: Fix rcu_torture_read ftrace event
drm/etnaviv: fix reference leak when mmaping imported buffer
drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub
s390/uaccess: add missing earlyclobber annotations to __clear_user()
btrfs: scan device in non-exclusive mode
zonefs: Fix error message in zonefs_file_dio_append()
selftests/bpf: Test btf dump for struct with padding only fields
libbpf: Fix BTF-to-C converter's padding logic
selftests/bpf: Add few corner cases to test padding handling of btf_dump
libbpf: Fix btf_dump's packed struct determination
ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
gfs2: Always check inode size of inline inodes
hsr: ratelimit only when errors are printed
Linux 5.10.177
Change-Id: Ib596b399350d080d7e94c80c1a6bb3c64e971187
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit a075bacde257f755bea0e53400c9f1cdd1b8e8e6 ]
The full pagecache drop at the end of FS_IOC_ENABLE_VERITY is causing
performance problems and is hindering adoption of fsverity. It was
intended to solve a race condition where unverified pages might be left
in the pagecache. But actually it doesn't solve it fully.
Since the incomplete solution for this race condition has too much
performance impact for it to be worth it, let's remove it for now.
Fixes: 3fda4c617e ("fs-verity: implement FS_IOC_ENABLE_VERITY ioctl")
Cc: stable@vger.kernel.org
Reviewed-by: Victor Hsieh <victorhsieh@google.com>
Link: https://lore.kernel.org/r/20230314235332.50270-1-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit f959325e6ac3f499450088b8d9c626d1177be160 upstream.
WQ_UNBOUND causes significant scheduler latency on ARM64/Android. This
is problematic for latency sensitive workloads, like I/O
post-processing.
Removing WQ_UNBOUND gives a 96% reduction in fsverity workqueue related
scheduler latency and improves app cold startup times by ~30ms.
WQ_UNBOUND was also removed from the dm-verity workqueue for the same
reason [1].
This code was tested by running Android app startup benchmarks and
measuring how long the fsverity workqueue spent in the runnable state.
Before
Total workqueue scheduler latency: 553800us
After
Total workqueue scheduler latency: 18962us
[1]: https://lore.kernel.org/all/20230202012348.885402-1-nhuck@google.com/
Signed-off-by: Nathan Huckleberry <nhuck@google.com>
Fixes: 8a1d0f9cac ("fs-verity: add data verification hooks for ->readpages()")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230310193325.620493-1-nhuck@google.com
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
There are more vfs-only symbols that OEMs want to use, so place them in
the proper vfs-only namespace.
Bug: 157965270
Bug: 210074446
Bug: 227656251
Cc: Matthias Maennich <maennich@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I99b9facc8da45fb329f6627d204180d1f89bcf97
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmFdqxMACgkQONu9yGCS
aT4n8BAAt6WBtGY6OmnqqVDriJQxYPmF5oL+rpREdBRks97sinOCI4sAQS6NRb1T
J8GUzwv1A2KbDOW+iky+XUhYV6wF6RFaiUnYbEAz0hbg+FEbJYBLcO98naJpReTr
GnyjVEyMQ/NO/xDuJlguI3+6UHl6LPXmqoYR2XD77cwQiXEZW588VtbhtYoK4M8k
r/Fh0bIbhS5CkWF7TYnzUD3ceSwHWq7N4yGK86s+yrkaeMJ0BsKeisOe4PW5JI3f
iiqB4FJMbnNe412SdmYoPKfDcNWQbirJ4UnS1hdVslZMCyPktMiI2sRiVr1Euz45
zh221ObMIqyFK4attV809C2dtyqdI2Zt3maMCwtJWgOJOrpdeUpjyQ91cZ0WJcW0
2d0ZW0AqpkMpERFsHtcZNtkCBzLNcIgPu+yYJRlimG/Sh95VQWtMbtFsS0W5ZI5D
F+2PC8cluXwGFLgHvxfkpas/KXVhv2w3m9x0xEgaWxZis31lKzQ4vRVzLewNqhJ9
C5S7Qb6qEVjRzY9CzT07AV66+faai2RZp1UtC0Lf+mbh4nW4JN0jDc2uxggZWGMb
inTxl9LfIFFK0apCt6xvuEDPYvMwySKumeNJK3VMP2F3Py/PuZ4SW5Z/OH09+0/S
liA2dMFBOp8h/AivWQ7qV7B/qGcpasn5ZRabIkLYiaF6zftpUmo=
=ZCXg
-----END PGP SIGNATURE-----
Merge 5.10.71 into android12-5.10-lts
Changes in 5.10.71
tty: Fix out-of-bound vmalloc access in imageblit
cpufreq: schedutil: Use kobject release() method to free sugov_tunables
scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory
usb: cdns3: fix race condition before setting doorbell
ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops.
ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect
fs-verity: fix signed integer overflow with i_size near S64_MAX
hwmon: (tmp421) handle I2C errors
hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field
hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field
hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field
gpio: pca953x: do not ignore i2c errors
scsi: ufs: Fix illegal offset in UPIU event trace
mac80211: fix use-after-free in CCMP/GCMP RX
x86/kvmclock: Move this_cpu_pvti into kvmclock.h
KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect()
KVM: x86: nSVM: don't copy virt_ext from vmcb12
KVM: nVMX: Filter out all unsupported controls when eVMCS was activated
KVM: rseq: Update rseq when processing NOTIFY_RESUME on xfer to KVM guest
media: ir_toy: prevent device from hanging during transmit
RDMA/cma: Do not change route.addr.src_addr.ss_family
drm/amd/display: Pass PCI deviceid into DC
drm/amdgpu: correct initial cp_hqd_quantum for gfx9
ipvs: check that ip_vs_conn_tab_bits is between 8 and 20
bpf: Handle return value of BPF_PROG_TYPE_STRUCT_OPS prog
IB/cma: Do not send IGMP leaves for sendonly Multicast groups
RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure
bpf, mips: Validate conditional branch offsets
hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs
mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug
mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap
mac80211: mesh: fix potentially unaligned access
mac80211-hwsim: fix late beacon hrtimer handling
sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb
mptcp: don't return sockets in foreign netns
hwmon: (tmp421) report /PVLD condition as fault
hwmon: (tmp421) fix rounding for negative values
net: enetc: fix the incorrect clearing of IF_MODE bits
net: ipv4: Fix rtnexthop len when RTA_FLOW is present
smsc95xx: fix stalled rx after link change
drm/i915/request: fix early tracepoints
dsa: mv88e6xxx: 6161: Use chip wide MAX MTU
dsa: mv88e6xxx: Fix MTU definition
dsa: mv88e6xxx: Include tagger overhead when setting MTU for DSA and CPU ports
e100: fix length calculation in e100_get_regs_len
e100: fix buffer overrun in e100_get_regs
RDMA/hns: Fix inaccurate prints
bpf: Exempt CAP_BPF from checks against bpf_jit_limit
selftests, bpf: Fix makefile dependencies on libbpf
selftests, bpf: test_lwt_ip_encap: Really disable rp_filter
net: ks8851: fix link error
Revert "block, bfq: honor already-setup queue merges"
scsi: csiostor: Add module softdep on cxgb4
ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup
net: hns3: do not allow call hns3_nic_net_open repeatedly
net: hns3: keep MAC pause mode when multiple TCs are enabled
net: hns3: fix mixed flag HCLGE_FLAG_MQPRIO_ENABLE and HCLGE_FLAG_DCB_ENABLE
net: hns3: fix show wrong state when add existing uc mac address
net: hns3: fix prototype warning
net: hns3: reconstruct function hns3_self_test
net: hns3: fix always enable rx vlan filter problem after selftest
net: phy: bcm7xxx: Fixed indirect MMD operations
net: sched: flower: protect fl_walk() with rcu
af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
perf/x86/intel: Update event constraints for ICX
hwmon: (pmbus/mp2975) Add missed POUT attribute for page 1 mp2975 controller
nvme: add command id quirk for apple controllers
elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings
debugfs: debugfs_create_file_size(): use IS_ERR to check for error
ipack: ipoctal: fix stack information leak
ipack: ipoctal: fix tty registration race
ipack: ipoctal: fix tty-registration error handling
ipack: ipoctal: fix missing allocation-failure check
ipack: ipoctal: fix module reference leak
ext4: fix loff_t overflow in ext4_max_bitmap_size()
ext4: limit the number of blocks in one ADD_RANGE TLV
ext4: fix reserved space counter leakage
ext4: add error checking to ext4_ext_replay_set_iblocks()
ext4: fix potential infinite loop in ext4_dx_readdir()
HID: u2fzero: ignore incomplete packets without data
net: udp: annotate data race around udp_sk(sk)->corkflag
ASoC: dapm: use component prefix when checking widget names
usb: hso: remove the bailout parameter
crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
HID: betop: fix slab-out-of-bounds Write in betop_probe
netfilter: ipset: Fix oversized kvmalloc() calls
mm: don't allow oversized kvmalloc() calls
HID: usbhid: free raw_report buffers in usbhid_stop
KVM: x86: Handle SRCU initialization failure during page track init
netfilter: conntrack: serialize hash resizes and cleanups
netfilter: nf_tables: Fix oversized kvmalloc() calls
Linux 5.10.71
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I238c3de739c3d4ba0a04a484460356161899f222
commit 80f6e3080bfcf865062a926817b3ca6c4a137a57 upstream.
If the file size is almost S64_MAX, the calculated number of Merkle tree
levels exceeds FS_VERITY_MAX_LEVELS, causing FS_IOC_ENABLE_VERITY to
fail. This is unintentional, since as the comment above the definition
of FS_VERITY_MAX_LEVELS states, it is enough for over U64_MAX bytes of
data using SHA-256 and 4K blocks. (Specifically, 4096*128**8 >= 2**64.)
The bug is actually that when the number of blocks in the first level is
calculated from i_size, there is a signed integer overflow due to i_size
being signed. Fix this by treating i_size as unsigned.
This was found by the new test "generic: test fs-verity EFBIG scenarios"
(https://lkml.kernel.org/r/b1d116cd4d0ea74b9cd86f349c672021e005a75c.1631558495.git.boris@bur.io).
This didn't affect ext4 or f2fs since those have a smaller maximum file
size, but it did affect btrfs which allows files up to S64_MAX bytes.
Reported-by: Boris Burkov <boris@bur.io>
Fixes: 3fda4c617e ("fs-verity: implement FS_IOC_ENABLE_VERITY ioctl")
Fixes: fd2d1acfca ("fs-verity: add the hook for file ->open()")
Cc: <stable@vger.kernel.org> # v5.4+
Reviewed-by: Boris Burkov <boris@bur.io>
Link: https://lore.kernel.org/r/20210916203424.113376-1-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
CONFIG_CRYPTO_SHA256 denotes the generic C implementation of the SHA-256
shash algorithm, which is selected as the default crypto shash provider
for fsverity. However, fsverity has no strict link time dependency, and
the same shash could be exposed by an optimized implementation, and arm64
has a number of those (scalar, NEON-based and one based on special crypto
instructions). In such cases, it makes little sense to require that the
generic C implementation is incorporated as well, given that it will never
be called.
To address this, relax the 'select' clause to 'imply' so that the generic
driver can be omitted from the build if desired.
Bug: 153614920
Acked-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit e3a606f2c544b231f6079c8c5fea451e772e1139)
Change-Id: I3546d2ff037f8015af0c47e58c9e5ea656734d22
Signed-off-by: Ard Biesheuvel <ardb@google.com>
* aosp/upstream-f2fs-stable-linux-5.10.y:
fs-verity: support reading signature with ioctl
fs-verity: support reading descriptor with ioctl
fs-verity: support reading Merkle tree with ioctl
fs-verity: add FS_IOC_READ_VERITY_METADATA ioctl
fs-verity: don't pass whole descriptor to fsverity_verify_signature()
fs-verity: factor out fsverity_get_descriptor()
fs: simplify freeze_bdev/thaw_bdev
f2fs: remove FAULT_ALLOC_BIO
f2fs: use blkdev_issue_flush in __submit_flush_wait
f2fs: remove a few bd_part checks
Documentation: f2fs: fix typo s/automaic/automatic
f2fs: give a warning only for readonly partition
f2fs: don't grab superblock freeze for flush/ckpt thread
f2fs: add ckpt_thread_ioprio sysfs node
f2fs: introduce checkpoint_merge mount option
f2fs: relocate inline conversion from mmap() to mkwrite()
f2fs: fix a wrong condition in __submit_bio
f2fs: remove unnecessary initialization in xattr.c
f2fs: fix to avoid inconsistent quota data
f2fs: flush data when enabling checkpoint back
f2fs: deprecate f2fs_trace_io
f2fs: Remove readahead collision detection
f2fs: remove unused stat_{inc, dec}_atomic_write
f2fs: introduce sb_status sysfs node
f2fs: fix to use per-inode maxbytes
f2fs: compress: fix potential deadlock
libfs: unexport generic_ci_d_compare() and generic_ci_d_hash()
f2fs: fix to set/clear I_LINKABLE under i_lock
f2fs: fix null page reference in redirty_blocks
f2fs: clean up post-read processing
f2fs: trival cleanup in move_data_block()
f2fs: fix out-of-repair __setattr_copy()
f2fs: fix to tag FIEMAP_EXTENT_MERGED in f2fs_fiemap()
f2fs: introduce a new per-sb directory in sysfs
f2fs: compress: support compress level
f2fs: compress: deny setting unsupported compress algorithm
f2fs: relocate f2fs_precache_extents()
f2fs: enforce the immutable flag on open files
f2fs: enhance to update i_mode and acl atomically in f2fs_setattr()
f2fs: fix to set inode->i_mode correctly for posix_acl_update_mode
f2fs: Replace expression with offsetof()
f2fs: handle unallocated section and zone on pinned/atgc
Bug: 178226640
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I95112779a0a75f3cdbc222126a198d54f1e378ac
Allows a file system to provide its own fs-verity implementation
but still to hook into the signature check and control file from
fs-verity
Bug: 160634504
Bug: 170978993
Test: incfs_test running on this + subsequent changes
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Change-Id: I02020af460d62fa5eb459a083419208e175005e8
Add support for FS_VERITY_METADATA_TYPE_SIGNATURE to
FS_IOC_READ_VERITY_METADATA. This allows a userspace server program to
retrieve the built-in signature (if present) of a verity file for
serving to a client which implements fs-verity compatible verification.
See the patch which introduced FS_IOC_READ_VERITY_METADATA for more
details.
The ability for userspace to read the built-in signatures is also useful
because it allows a system that is using the in-kernel signature
verification to migrate to userspace signature verification.
This has been tested using a new xfstest which calls this ioctl via a
new subcommand for the 'fsverity' program from fsverity-utils.
Link: https://lore.kernel.org/r/20210115181819.34732-7-ebiggers@kernel.org
Reviewed-by: Victor Hsieh <victorhsieh@google.com>
Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Add support for FS_VERITY_METADATA_TYPE_DESCRIPTOR to
FS_IOC_READ_VERITY_METADATA. This allows a userspace server program to
retrieve the fs-verity descriptor of a file for serving to a client
which implements fs-verity compatible verification. See the patch which
introduced FS_IOC_READ_VERITY_METADATA for more details.
"fs-verity descriptor" here means only the part that userspace cares
about because it is hashed to produce the file digest. It doesn't
include the signature which ext4 and f2fs append to the
fsverity_descriptor struct when storing it on-disk, since that way of
storing the signature is an implementation detail. The next patch adds
a separate metadata_type value for retrieving the signature separately.
This has been tested using a new xfstest which calls this ioctl via a
new subcommand for the 'fsverity' program from fsverity-utils.
Link: https://lore.kernel.org/r/20210115181819.34732-6-ebiggers@kernel.org
Reviewed-by: Victor Hsieh <victorhsieh@google.com>
Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Add support for FS_VERITY_METADATA_TYPE_MERKLE_TREE to
FS_IOC_READ_VERITY_METADATA. This allows a userspace server program to
retrieve the Merkle tree of a verity file for serving to a client which
implements fs-verity compatible verification. See the patch which
introduced FS_IOC_READ_VERITY_METADATA for more details.
This has been tested using a new xfstest which calls this ioctl via a
new subcommand for the 'fsverity' program from fsverity-utils.
Link: https://lore.kernel.org/r/20210115181819.34732-5-ebiggers@kernel.org
Reviewed-by: Victor Hsieh <victorhsieh@google.com>
Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Add an ioctl FS_IOC_READ_VERITY_METADATA which will allow reading verity
metadata from a file that has fs-verity enabled, including:
- The Merkle tree
- The fsverity_descriptor (not including the signature if present)
- The built-in signature, if present
This ioctl has similar semantics to pread(). It is passed the type of
metadata to read (one of the above three), and a buffer, offset, and
size. It returns the number of bytes read or an error.
Separate patches will add support for each of the above metadata types.
This patch just adds the ioctl itself.
This ioctl doesn't make any assumption about where the metadata is
stored on-disk. It does assume the metadata is in a stable format, but
that's basically already the case:
- The Merkle tree and fsverity_descriptor are defined by how fs-verity
file digests are computed; see the "File digest computation" section
of Documentation/filesystems/fsverity.rst. Technically, the way in
which the levels of the tree are ordered relative to each other wasn't
previously specified, but it's logical to put the root level first.
- The built-in signature is the value passed to FS_IOC_ENABLE_VERITY.
This ioctl is useful because it allows writing a server program that
takes a verity file and serves it to a client program, such that the
client can do its own fs-verity compatible verification of the file.
This only makes sense if the client doesn't trust the server and if the
server needs to provide the storage for the client.
More concretely, there is interest in using this ability in Android to
export APK files (which are protected by fs-verity) to "protected VMs".
This would use Protected KVM (https://lwn.net/Articles/836693), which
provides an isolated execution environment without having to trust the
traditional "host". A "guest" VM can boot from a signed image and
perform specific tasks in a minimum trusted environment using files that
have fs-verity enabled on the host, without trusting the host or
requiring that the guest has its own trusted storage.
Technically, it would be possible to duplicate the metadata and store it
in separate files for serving. However, that would be less efficient
and would require extra care in userspace to maintain file consistency.
In addition to the above, the ability to read the built-in signatures is
useful because it allows a system that is using the in-kernel signature
verification to migrate to userspace signature verification.
Link: https://lore.kernel.org/r/20210115181819.34732-4-ebiggers@kernel.org
Reviewed-by: Victor Hsieh <victorhsieh@google.com>
Acked-by: Jaegeuk Kim <jaegeuk@kernel.org>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Now that fsverity_get_descriptor() validates the sig_size field,
fsverity_verify_signature() doesn't need to do it.
Just change the prototype of fsverity_verify_signature() to take the
signature directly rather than take a fsverity_descriptor.
Link: https://lore.kernel.org/r/20210115181819.34732-3-ebiggers@kernel.org
Reviewed-by: Victor Hsieh <victorhsieh@google.com>
Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org>
Reviewed-by: Amy Parker <enbyamy@gmail.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
The FS_IOC_READ_VERITY_METADATA ioctl will need to return the fs-verity
descriptor (and signature) to userspace.
There are a few ways we could implement this:
- Save a copy of the descriptor (and signature) in the fsverity_info
struct that hangs off of the in-memory inode. However, this would
waste memory since most of the time it wouldn't be needed.
- Regenerate the descriptor from the merkle_tree_params in the
fsverity_info. However, this wouldn't work for the signature, nor for
the salt which the merkle_tree_params only contains indirectly as part
of the 'hashstate'. It would also be error-prone.
- Just get them from the filesystem again. The disadvantage is that in
general we can't trust that they haven't been maliciously changed
since the file has opened. However, the use cases for
FS_IOC_READ_VERITY_METADATA don't require that it verifies the chain
of trust. So this is okay as long as we do some basic validation.
In preparation for implementing the third option, factor out a helper
function fsverity_get_descriptor() which gets the descriptor (and
appended signature) from the filesystem and does some basic validation.
As part of this, start checking the sig_size field for overflow.
Currently fsverity_verify_signature() does this. But the new ioctl will
need this too, so do it earlier.
Link: https://lore.kernel.org/r/20210115181819.34732-2-ebiggers@kernel.org
Reviewed-by: Victor Hsieh <victorhsieh@google.com>
Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Although it isn't used directly by the ioctls,
"struct fsverity_descriptor" is required by userspace programs that need
to compute fs-verity file digests in a standalone way. Therefore
it's also needed to sign files in a standalone way.
Similarly, "struct fsverity_formatted_digest" (previously called
"struct fsverity_signed_digest" which was misleading) is also needed to
sign files if the built-in signature verification is being used.
Therefore, move these structs to the UAPI header.
While doing this, try to make it clear that the signature-related fields
in fsverity_descriptor aren't used in the file digest computation.
Acked-by: Luca Boccassi <luca.boccassi@microsoft.com>
Link: https://lore.kernel.org/r/20201113211918.71883-5-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
I originally chose the name "file measurement" to refer to the fs-verity
file digest to avoid confusion with traditional full-file digests or
with the bare root hash of the Merkle tree.
But the name "file measurement" hasn't caught on, and usually people are
calling it something else, usually the "file digest". E.g. see
"struct fsverity_digest" and "struct fsverity_formatted_digest", the
libfsverity_compute_digest() and libfsverity_sign_digest() functions in
libfsverity, and the "fsverity digest" command.
Having multiple names for the same thing is always confusing.
So to hopefully avoid confusion in the future, rename
"fs-verity file measurement" to "fs-verity file digest".
This leaves FS_IOC_MEASURE_VERITY as the only reference to "measure" in
the kernel, which makes some amount of sense since the ioctl is actively
"measuring" the file.
I'll be renaming this in fsverity-utils too (though similarly the
'fsverity measure' command, which is a wrapper for
FS_IOC_MEASURE_VERITY, will stay).
Acked-by: Luca Boccassi <luca.boccassi@microsoft.com>
Link: https://lore.kernel.org/r/20201113211918.71883-4-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
The name "struct fsverity_signed_digest" is causing confusion because it
isn't actually a signed digest, but rather it's the way that the digest
is formatted in order to be signed. Rename it to
"struct fsverity_formatted_digest" to prevent this confusion.
Also update the struct's comment to clarify that it's specific to the
built-in signature verification support and isn't a requirement for all
fs-verity users.
I'll be renaming this struct in fsverity-utils too.
Acked-by: Luca Boccassi <luca.boccassi@microsoft.com>
Link: https://lore.kernel.org/r/20201113211918.71883-3-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Embedding the file path inside kernel source code files isn't
particularly useful as often files are moved around and the paths become
incorrect. checkpatch.pl warns about this since v5.10-rc1.
Acked-by: Luca Boccassi <luca.boccassi@microsoft.com>
Link: https://lore.kernel.org/r/20201113211918.71883-2-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Normally smp_store_release() or cmpxchg_release() is paired with
smp_load_acquire(). Sometimes smp_load_acquire() can be replaced with
the more lightweight READ_ONCE(). However, for this to be safe, all the
published memory must only be accessed in a way that involves the
pointer itself. This may not be the case if allocating the object also
involves initializing a static or global variable, for example.
fsverity_info::tree_params.hash_alg->tfm is a crypto_ahash object that's
internal to and is allocated by the crypto subsystem. So by using
READ_ONCE() for ->i_verity_info, we're relying on internal
implementation details of the crypto subsystem.
Remove this fragile assumption by using smp_load_acquire() instead.
Also fix the cmpxchg logic to correctly execute an ACQUIRE barrier when
losing the cmpxchg race, since cmpxchg doesn't guarantee a memory
barrier on failure.
(Note: I haven't seen any real-world problems here. This change is just
fixing the code to be guaranteed correct and less fragile.)
Fixes: fd2d1acfca ("fs-verity: add the hook for file ->open()")
Link: https://lore.kernel.org/r/20200721225920.114347-6-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Remove the unnecessary 'extern' keywords from function declarations.
This makes it so that we don't have a mix of both styles, so it won't be
ambiguous what to use in new fs-verity patches. This also makes the
code shorter and matches the 'checkpatch --strict' expectation.
Link: https://lore.kernel.org/r/20200511192118.71427-3-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Fix all kerneldoc warnings in fs/verity/ and include/linux/fsverity.h.
Most of these were due to missing documentation for function parameters.
Detected with:
scripts/kernel-doc -v -none fs/verity/*.{c,h} include/linux/fsverity.h
This cleanup makes it possible to check new patches for kerneldoc
warnings without having to filter out all the existing ones.
Link: https://lore.kernel.org/r/20200511192118.71427-2-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
When initializing an fs-verity hash algorithm, also initialize a mempool
that contains a single preallocated hash request object. Then replace
the direct calls to ahash_request_alloc() and ahash_request_free() with
allocating and freeing from this mempool.
This eliminates the possibility of the allocation failing, which is
desirable for the I/O path.
This doesn't cause deadlocks because there's no case where multiple hash
requests are needed at a time to make forward progress.
Link: https://lore.kernel.org/r/20191231175545.20709-1-ebiggers@kernel.org
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Eric Biggers <ebiggers@google.com>
When fs-verity verifies data pages, currently it reads each Merkle tree
page synchronously using read_mapping_page().
Therefore, when the Merkle tree pages aren't already cached, fs-verity
causes an extra 4 KiB I/O request for every 512 KiB of data (assuming
that the Merkle tree uses SHA-256 and 4 KiB blocks). This results in
more I/O requests and performance loss than is strictly necessary.
Therefore, implement readahead of the Merkle tree pages.
For simplicity, we take advantage of the fact that the kernel already
does readahead of the file's *data*, just like it does for any other
file. Due to this, we don't really need a separate readahead state
(struct file_ra_state) just for the Merkle tree, but rather we just need
to piggy-back on the existing data readahead requests.
We also only really need to bother with the first level of the Merkle
tree, since the usual fan-out factor is 128, so normally over 99% of
Merkle tree I/O requests are for the first level.
Therefore, make fsverity_verify_bio() enable readahead of the first
Merkle tree level, for up to 1/4 the number of pages in the bio, when it
sees that the REQ_RAHEAD flag is set on the bio. The readahead size is
then passed down to ->read_merkle_tree_page() for the filesystem to
(optionally) implement if it sees that the requested page is uncached.
While we're at it, also make build_merkle_tree_level() set the Merkle
tree readahead size, since it's easy to do there.
However, for now don't set the readahead size in fsverity_verify_page(),
since currently it's only used to verify holes on ext4 and f2fs, and it
would need parameters added to know how much to read ahead.
This patch significantly improves fs-verity sequential read performance.
Some quick benchmarks with 'cat'-ing a 250MB file after dropping caches:
On an ARM64 phone (using sha256-ce):
Before: 217 MB/s
After: 263 MB/s
(compare to sha256sum of non-verity file: 357 MB/s)
In an x86_64 VM (using sha256-avx2):
Before: 173 MB/s
After: 215 MB/s
(compare to sha256sum of non-verity file: 223 MB/s)
Link: https://lore.kernel.org/r/20200106205533.137005-1-ebiggers@kernel.org
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Eric Biggers <ebiggers@google.com>
When it builds the first level of the Merkle tree, FS_IOC_ENABLE_VERITY
sequentially reads each page of the file using read_mapping_page().
This works fine if the file's data is already in pagecache, which should
normally be the case, since this ioctl is normally used immediately
after writing out the file.
But in any other case this implementation performs very poorly, since
only one page is read at a time.
Fix this by implementing readahead using the functions from
mm/readahead.c.
This improves performance in the uncached case by about 20x, as seen in
the following benchmarks done on a 250MB file (on x86_64 with SHA-NI):
FS_IOC_ENABLE_VERITY uncached (before) 3.299s
FS_IOC_ENABLE_VERITY uncached (after) 0.160s
FS_IOC_ENABLE_VERITY cached 0.147s
sha256sum uncached 0.191s
sha256sum cached 0.145s
Note: we could instead switch to kernel_read(). But that would mean
we'd no longer be hashing the data directly from the pagecache, which is
a nice optimization of its own. And using kernel_read() would require
allocating another temporary buffer, hashing the data and tree pages
separately, and explicitly zero-padding the last page -- so it wouldn't
really be any simpler than direct pagecache access, at least for now.
Link: https://lore.kernel.org/r/20200106205410.136707-1-ebiggers@kernel.org
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Replace all the occurrences of FIELD_SIZEOF() with sizeof_field() except
at places where these are defined. Later patches will remove the unused
definition of FIELD_SIZEOF().
This patch is generated using following script:
EXCLUDE_FILES="include/linux/stddef.h|include/linux/kernel.h"
git grep -l -e "\bFIELD_SIZEOF\b" | while read file;
do
if [[ "$file" =~ $EXCLUDE_FILES ]]; then
continue
fi
sed -i -e 's/\bFIELD_SIZEOF\b/sizeof_field/g' $file;
done
Signed-off-by: Pankaj Bharadiya <pankaj.laxminarayan.bharadiya@intel.com>
Link: https://lore.kernel.org/r/20190924105839.110713-3-pankaj.laxminarayan.bharadiya@intel.com
Co-developed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: David Miller <davem@davemloft.net> # for net
To meet some users' needs, add optional support for having fs-verity
handle a portion of the authentication policy in the kernel. An
".fs-verity" keyring is created to which X.509 certificates can be
added; then a sysctl 'fs.verity.require_signatures' can be set to cause
the kernel to enforce that all fs-verity files contain a signature of
their file measurement by a key in this keyring.
See the "Built-in signature verification" section of
Documentation/filesystems/fsverity.rst for the full documentation.
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Add SHA-512 support to fs-verity. This is primarily a demonstration of
the trivial changes needed to support a new hash algorithm in fs-verity;
most users will still use SHA-256, due to the smaller space required to
store the hashes. But some users may prefer SHA-512.
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Add a function for filesystems to call to implement the
FS_IOC_MEASURE_VERITY ioctl. This ioctl retrieves the file measurement
that fs-verity calculated for the given file and is enforcing for reads;
i.e., reads that don't match this hash will fail. This ioctl can be
used for authentication or logging of file measurements in userspace.
See the "FS_IOC_MEASURE_VERITY" section of
Documentation/filesystems/fsverity.rst for the documentation.
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Add a function for filesystems to call to implement the
FS_IOC_ENABLE_VERITY ioctl. This ioctl enables fs-verity on a file.
See the "FS_IOC_ENABLE_VERITY" section of
Documentation/filesystems/fsverity.rst for the documentation.
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Add functions that verify data pages that have been read from a
fs-verity file, against that file's Merkle tree. These will be called
from filesystems' ->readpage() and ->readpages() methods.
Since data verification can block, a workqueue is provided for these
methods to enqueue verification work from their bio completion callback.
See the "Verifying data" section of
Documentation/filesystems/fsverity.rst for more information.
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Add a function fsverity_prepare_setattr() which filesystems that support
fs-verity must call to deny truncates of verity files.
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Add the fsverity_file_open() function, which prepares an fs-verity file
to be read from. If not already done, it loads the fs-verity descriptor
from the filesystem and sets up an fsverity_info structure for the inode
which describes the Merkle tree and contains the file measurement. It
also denies all attempts to open verity files for writing.
This commit also begins the include/linux/fsverity.h header, which
declares the interface between fs/verity/ and filesystems.
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Add the beginnings of the fs/verity/ support layer, including the
Kconfig option and various helper functions for hashing. To start, only
SHA-256 is supported, but other hash algorithms can easily be added.
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
