fsverity: move sysctl registration out of signature.c (456ae5fe) · Commits · EulixOS / Software / Kernel

fs/verity/fsverity_private.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -123,6 +123,7 @@ void __init fsverity_init_info_cache(void);
		/* signature.c */

		#ifdef CONFIG_FS_VERITY_BUILTIN_SIGNATURES
		extern int fsverity_require_signatures;
		int fsverity_verify_signature(const struct fsverity_info *vi,
		const u8 *signature, size_t sig_size);

+32 −0

Original line number	Diff line number	Diff line
		@@ -9,6 +9,37 @@

		#include <linux/ratelimit.h>

		#ifdef CONFIG_SYSCTL
		static struct ctl_table_header *fsverity_sysctl_header;

		static struct ctl_table fsverity_sysctl_table[] = {
		#ifdef CONFIG_FS_VERITY_BUILTIN_SIGNATURES
		{
		.procname = "require_signatures",
		.data = &fsverity_require_signatures,
		.maxlen = sizeof(int),
		.mode = 0644,
		.proc_handler = proc_dointvec_minmax,
		.extra1 = SYSCTL_ZERO,
		.extra2 = SYSCTL_ONE,
		},
		#endif
		{ }
		};

		static void __init fsverity_init_sysctl(void)
		{
		fsverity_sysctl_header = register_sysctl("fs/verity",
		fsverity_sysctl_table);
		if (!fsverity_sysctl_header)
		panic("fsverity sysctl registration failed");
		}
		#else /* CONFIG_SYSCTL */
		static inline void fsverity_init_sysctl(void)
		{
		}
		#endif /* !CONFIG_SYSCTL */

		void fsverity_msg(const struct inode inode, const char level,
		const char *fmt, ...)
		{
		@@ -36,6 +67,7 @@ static int __init fsverity_init(void)
		fsverity_check_hash_algs();
		fsverity_init_info_cache();
		fsverity_init_workqueue();
		fsverity_init_sysctl();
		fsverity_init_signature();
		return 0;
		}

+1 −32

Original line number	Diff line number	Diff line
		@@ -24,7 +24,7 @@
		* /proc/sys/fs/verity/require_signatures
		* If 1, all verity files must have a valid builtin signature.
		*/
		static int fsverity_require_signatures;
		int fsverity_require_signatures;

		/*
		* Keyring that contains the trusted X.509 certificates.
		@@ -93,35 +93,6 @@ int fsverity_verify_signature(const struct fsverity_info *vi,
		return 0;
		}

		#ifdef CONFIG_SYSCTL
		static struct ctl_table_header *fsverity_sysctl_header;

		static struct ctl_table fsverity_sysctl_table[] = {
		{
		.procname = "require_signatures",
		.data = &fsverity_require_signatures,
		.maxlen = sizeof(int),
		.mode = 0644,
		.proc_handler = proc_dointvec_minmax,
		.extra1 = SYSCTL_ZERO,
		.extra2 = SYSCTL_ONE,
		},
		{ }
		};

		static void __init fsverity_sysctl_init(void)
		{
		fsverity_sysctl_header = register_sysctl("fs/verity",
		fsverity_sysctl_table);
		if (!fsverity_sysctl_header)
		panic("fsverity sysctl registration failed");
		}
		#else /* !CONFIG_SYSCTL */
		static inline void fsverity_sysctl_init(void)
		{
		}
		#endif /* !CONFIG_SYSCTL */

		void __init fsverity_init_signature(void)
		{
		fsverity_keyring =
		@@ -132,6 +103,4 @@ void __init fsverity_init_signature(void)
		KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
		if (IS_ERR(fsverity_keyring))
		panic("failed to allocate \".fs-verity\" keyring");

		fsverity_sysctl_init();
		}