1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun * Ioctl to get a verity file's digest
4*4882a593Smuzhiyun *
5*4882a593Smuzhiyun * Copyright 2019 Google LLC
6*4882a593Smuzhiyun */
7*4882a593Smuzhiyun
8*4882a593Smuzhiyun #include "fsverity_private.h"
9*4882a593Smuzhiyun
10*4882a593Smuzhiyun #include <linux/uaccess.h>
11*4882a593Smuzhiyun
12*4882a593Smuzhiyun /**
13*4882a593Smuzhiyun * fsverity_ioctl_measure() - get a verity file's digest
14*4882a593Smuzhiyun * @filp: file to get digest of
15*4882a593Smuzhiyun * @_uarg: user pointer to fsverity_digest
16*4882a593Smuzhiyun *
17*4882a593Smuzhiyun * Retrieve the file digest that the kernel is enforcing for reads from a verity
18*4882a593Smuzhiyun * file. See the "FS_IOC_MEASURE_VERITY" section of
19*4882a593Smuzhiyun * Documentation/filesystems/fsverity.rst for the documentation.
20*4882a593Smuzhiyun *
21*4882a593Smuzhiyun * Return: 0 on success, -errno on failure
22*4882a593Smuzhiyun */
fsverity_ioctl_measure(struct file * filp,void __user * _uarg)23*4882a593Smuzhiyun int fsverity_ioctl_measure(struct file *filp, void __user *_uarg)
24*4882a593Smuzhiyun {
25*4882a593Smuzhiyun const struct inode *inode = file_inode(filp);
26*4882a593Smuzhiyun struct fsverity_digest __user *uarg = _uarg;
27*4882a593Smuzhiyun const struct fsverity_info *vi;
28*4882a593Smuzhiyun const struct fsverity_hash_alg *hash_alg;
29*4882a593Smuzhiyun struct fsverity_digest arg;
30*4882a593Smuzhiyun
31*4882a593Smuzhiyun vi = fsverity_get_info(inode);
32*4882a593Smuzhiyun if (!vi)
33*4882a593Smuzhiyun return -ENODATA; /* not a verity file */
34*4882a593Smuzhiyun hash_alg = vi->tree_params.hash_alg;
35*4882a593Smuzhiyun
36*4882a593Smuzhiyun /*
37*4882a593Smuzhiyun * The user specifies the digest_size their buffer has space for; we can
38*4882a593Smuzhiyun * return the digest if it fits in the available space. We write back
39*4882a593Smuzhiyun * the actual size, which may be shorter than the user-specified size.
40*4882a593Smuzhiyun */
41*4882a593Smuzhiyun
42*4882a593Smuzhiyun if (get_user(arg.digest_size, &uarg->digest_size))
43*4882a593Smuzhiyun return -EFAULT;
44*4882a593Smuzhiyun if (arg.digest_size < hash_alg->digest_size)
45*4882a593Smuzhiyun return -EOVERFLOW;
46*4882a593Smuzhiyun
47*4882a593Smuzhiyun memset(&arg, 0, sizeof(arg));
48*4882a593Smuzhiyun arg.digest_algorithm = hash_alg - fsverity_hash_algs;
49*4882a593Smuzhiyun arg.digest_size = hash_alg->digest_size;
50*4882a593Smuzhiyun
51*4882a593Smuzhiyun if (copy_to_user(uarg, &arg, sizeof(arg)))
52*4882a593Smuzhiyun return -EFAULT;
53*4882a593Smuzhiyun
54*4882a593Smuzhiyun if (copy_to_user(uarg->digest, vi->file_digest, hash_alg->digest_size))
55*4882a593Smuzhiyun return -EFAULT;
56*4882a593Smuzhiyun
57*4882a593Smuzhiyun return 0;
58*4882a593Smuzhiyun }
59*4882a593Smuzhiyun EXPORT_SYMBOL_GPL(fsverity_ioctl_measure);
60