unix: add fs-verity consts and types
See https://www.kernel.org/doc/html/latest/filesystems/fsverity.html for
details.
Change-Id: I5b02d0ef84f21d05ea3f1ac8e905232733ea3739
Reviewed-on: https://go-review.googlesource.com/c/sys/+/225698
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
diff --git a/unix/linux/types.go b/unix/linux/types.go
index 2cdb7dd..1e90b2e 100644
--- a/unix/linux/types.go
+++ b/unix/linux/types.go
@@ -88,6 +88,7 @@
#include <linux/fanotify.h>
#include <linux/filter.h>
#include <linux/fs.h>
+#include <linux/fsverity.h>
#include <linux/genetlink.h>
#include <linux/hdreg.h>
#include <linux/icmpv6.h>
@@ -2283,3 +2284,9 @@
DEVLINK_DPIPE_HEADER_IPV4 = C.DEVLINK_DPIPE_HEADER_IPV4
DEVLINK_DPIPE_HEADER_IPV6 = C.DEVLINK_DPIPE_HEADER_IPV6
)
+
+// fs-verity
+
+type FsverityDigest C.struct_fsverity_digest
+
+type FsverityEnableArg C.struct_fsverity_enable_arg
diff --git a/unix/mkerrors.sh b/unix/mkerrors.sh
index bc076cf..2979bc9 100755
--- a/unix/mkerrors.sh
+++ b/unix/mkerrors.sh
@@ -200,6 +200,7 @@
#include <linux/filter.h>
#include <linux/fs.h>
#include <linux/fscrypt.h>
+#include <linux/fsverity.h>
#include <linux/genetlink.h>
#include <linux/hdreg.h>
#include <linux/icmpv6.h>
@@ -506,7 +507,8 @@
$2 ~ /^CAP_/ ||
$2 ~ /^ALG_/ ||
$2 ~ /^FS_(POLICY_FLAGS|KEY_DESC|ENCRYPTION_MODE|[A-Z0-9_]+_KEY_SIZE)/ ||
- $2 ~ /^FS_IOC_.*ENCRYPTION/ ||
+ $2 ~ /^FS_IOC_.*(ENCRYPTION|VERITY|GETFLAGS)/ ||
+ $2 ~ /^FS_VERITY_/ ||
$2 ~ /^FSCRYPT_/ ||
$2 ~ /^GRND_/ ||
$2 ~ /^RND/ ||
diff --git a/unix/zerrors_linux.go b/unix/zerrors_linux.go
index 84c599c..99a59d6 100644
--- a/unix/zerrors_linux.go
+++ b/unix/zerrors_linux.go
@@ -671,6 +671,7 @@
FS_IOC_ADD_ENCRYPTION_KEY = 0xc0506617
FS_IOC_GET_ENCRYPTION_KEY_STATUS = 0xc080661a
FS_IOC_GET_ENCRYPTION_POLICY_EX = 0xc0096616
+ FS_IOC_MEASURE_VERITY = 0xc0046686
FS_IOC_REMOVE_ENCRYPTION_KEY = 0xc0406618
FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS = 0xc0406619
FS_KEY_DESCRIPTOR_SIZE = 0x8
@@ -683,6 +684,9 @@
FS_POLICY_FLAGS_PAD_8 = 0x1
FS_POLICY_FLAGS_PAD_MASK = 0x3
FS_POLICY_FLAGS_VALID = 0xf
+ FS_VERITY_FL = 0x100000
+ FS_VERITY_HASH_ALG_SHA256 = 0x1
+ FS_VERITY_HASH_ALG_SHA512 = 0x2
FUTEXFS_SUPER_MAGIC = 0xbad1dea
F_ADD_SEALS = 0x409
F_DUPFD = 0x0
diff --git a/unix/zerrors_linux_386.go b/unix/zerrors_linux_386.go
index 0876cf9..028c9d8 100644
--- a/unix/zerrors_linux_386.go
+++ b/unix/zerrors_linux_386.go
@@ -73,6 +73,8 @@
FFDLY = 0x8000
FLUSHO = 0x1000
FP_XSTATE_MAGIC2 = 0x46505845
+ FS_IOC_ENABLE_VERITY = 0x40806685
+ FS_IOC_GETFLAGS = 0x80046601
FS_IOC_GET_ENCRYPTION_POLICY = 0x400c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x40106614
FS_IOC_SET_ENCRYPTION_POLICY = 0x800c6613
diff --git a/unix/zerrors_linux_amd64.go b/unix/zerrors_linux_amd64.go
index d5be2e8..005970f 100644
--- a/unix/zerrors_linux_amd64.go
+++ b/unix/zerrors_linux_amd64.go
@@ -73,6 +73,8 @@
FFDLY = 0x8000
FLUSHO = 0x1000
FP_XSTATE_MAGIC2 = 0x46505845
+ FS_IOC_ENABLE_VERITY = 0x40806685
+ FS_IOC_GETFLAGS = 0x80086601
FS_IOC_GET_ENCRYPTION_POLICY = 0x400c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x40106614
FS_IOC_SET_ENCRYPTION_POLICY = 0x800c6613
diff --git a/unix/zerrors_linux_arm.go b/unix/zerrors_linux_arm.go
index fbeef83..0541f36 100644
--- a/unix/zerrors_linux_arm.go
+++ b/unix/zerrors_linux_arm.go
@@ -72,6 +72,8 @@
FF1 = 0x8000
FFDLY = 0x8000
FLUSHO = 0x1000
+ FS_IOC_ENABLE_VERITY = 0x40806685
+ FS_IOC_GETFLAGS = 0x80046601
FS_IOC_GET_ENCRYPTION_POLICY = 0x400c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x40106614
FS_IOC_SET_ENCRYPTION_POLICY = 0x800c6613
diff --git a/unix/zerrors_linux_arm64.go b/unix/zerrors_linux_arm64.go
index 06daa50..9ee8d1b 100644
--- a/unix/zerrors_linux_arm64.go
+++ b/unix/zerrors_linux_arm64.go
@@ -75,6 +75,8 @@
FFDLY = 0x8000
FLUSHO = 0x1000
FPSIMD_MAGIC = 0x46508001
+ FS_IOC_ENABLE_VERITY = 0x40806685
+ FS_IOC_GETFLAGS = 0x80086601
FS_IOC_GET_ENCRYPTION_POLICY = 0x400c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x40106614
FS_IOC_SET_ENCRYPTION_POLICY = 0x800c6613
diff --git a/unix/zerrors_linux_mips.go b/unix/zerrors_linux_mips.go
index 7c866b8..4826bd7 100644
--- a/unix/zerrors_linux_mips.go
+++ b/unix/zerrors_linux_mips.go
@@ -72,6 +72,8 @@
FF1 = 0x8000
FFDLY = 0x8000
FLUSHO = 0x2000
+ FS_IOC_ENABLE_VERITY = 0x80806685
+ FS_IOC_GETFLAGS = 0x40046601
FS_IOC_GET_ENCRYPTION_POLICY = 0x800c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x80106614
FS_IOC_SET_ENCRYPTION_POLICY = 0x400c6613
diff --git a/unix/zerrors_linux_mips64.go b/unix/zerrors_linux_mips64.go
index c42966d..2346dc5 100644
--- a/unix/zerrors_linux_mips64.go
+++ b/unix/zerrors_linux_mips64.go
@@ -72,6 +72,8 @@
FF1 = 0x8000
FFDLY = 0x8000
FLUSHO = 0x2000
+ FS_IOC_ENABLE_VERITY = 0x80806685
+ FS_IOC_GETFLAGS = 0x40086601
FS_IOC_GET_ENCRYPTION_POLICY = 0x800c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x80106614
FS_IOC_SET_ENCRYPTION_POLICY = 0x400c6613
diff --git a/unix/zerrors_linux_mips64le.go b/unix/zerrors_linux_mips64le.go
index a5b2b42..e758b61 100644
--- a/unix/zerrors_linux_mips64le.go
+++ b/unix/zerrors_linux_mips64le.go
@@ -72,6 +72,8 @@
FF1 = 0x8000
FFDLY = 0x8000
FLUSHO = 0x2000
+ FS_IOC_ENABLE_VERITY = 0x80806685
+ FS_IOC_GETFLAGS = 0x40086601
FS_IOC_GET_ENCRYPTION_POLICY = 0x800c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x80106614
FS_IOC_SET_ENCRYPTION_POLICY = 0x400c6613
diff --git a/unix/zerrors_linux_mipsle.go b/unix/zerrors_linux_mipsle.go
index 7f91881..2dfe6bb 100644
--- a/unix/zerrors_linux_mipsle.go
+++ b/unix/zerrors_linux_mipsle.go
@@ -72,6 +72,8 @@
FF1 = 0x8000
FFDLY = 0x8000
FLUSHO = 0x2000
+ FS_IOC_ENABLE_VERITY = 0x80806685
+ FS_IOC_GETFLAGS = 0x40046601
FS_IOC_GET_ENCRYPTION_POLICY = 0x800c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x80106614
FS_IOC_SET_ENCRYPTION_POLICY = 0x400c6613
diff --git a/unix/zerrors_linux_ppc64.go b/unix/zerrors_linux_ppc64.go
index 63df355..5185866 100644
--- a/unix/zerrors_linux_ppc64.go
+++ b/unix/zerrors_linux_ppc64.go
@@ -72,6 +72,8 @@
FF1 = 0x4000
FFDLY = 0x4000
FLUSHO = 0x800000
+ FS_IOC_ENABLE_VERITY = 0x80806685
+ FS_IOC_GETFLAGS = 0x40086601
FS_IOC_GET_ENCRYPTION_POLICY = 0x800c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x80106614
FS_IOC_SET_ENCRYPTION_POLICY = 0x400c6613
diff --git a/unix/zerrors_linux_ppc64le.go b/unix/zerrors_linux_ppc64le.go
index 7ab68f7..4231b20 100644
--- a/unix/zerrors_linux_ppc64le.go
+++ b/unix/zerrors_linux_ppc64le.go
@@ -72,6 +72,8 @@
FF1 = 0x4000
FFDLY = 0x4000
FLUSHO = 0x800000
+ FS_IOC_ENABLE_VERITY = 0x80806685
+ FS_IOC_GETFLAGS = 0x40086601
FS_IOC_GET_ENCRYPTION_POLICY = 0x800c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x80106614
FS_IOC_SET_ENCRYPTION_POLICY = 0x400c6613
diff --git a/unix/zerrors_linux_riscv64.go b/unix/zerrors_linux_riscv64.go
index f99cf1b..6a0b2d2 100644
--- a/unix/zerrors_linux_riscv64.go
+++ b/unix/zerrors_linux_riscv64.go
@@ -72,6 +72,8 @@
FF1 = 0x8000
FFDLY = 0x8000
FLUSHO = 0x1000
+ FS_IOC_ENABLE_VERITY = 0x40806685
+ FS_IOC_GETFLAGS = 0x80086601
FS_IOC_GET_ENCRYPTION_POLICY = 0x400c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x40106614
FS_IOC_SET_ENCRYPTION_POLICY = 0x800c6613
diff --git a/unix/zerrors_linux_s390x.go b/unix/zerrors_linux_s390x.go
index 613ee23..95e950f 100644
--- a/unix/zerrors_linux_s390x.go
+++ b/unix/zerrors_linux_s390x.go
@@ -72,6 +72,8 @@
FF1 = 0x8000
FFDLY = 0x8000
FLUSHO = 0x1000
+ FS_IOC_ENABLE_VERITY = 0x40806685
+ FS_IOC_GETFLAGS = 0x80086601
FS_IOC_GET_ENCRYPTION_POLICY = 0x400c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x40106614
FS_IOC_SET_ENCRYPTION_POLICY = 0x800c6613
diff --git a/unix/zerrors_linux_sparc64.go b/unix/zerrors_linux_sparc64.go
index 1f7a68d..079762f 100644
--- a/unix/zerrors_linux_sparc64.go
+++ b/unix/zerrors_linux_sparc64.go
@@ -76,6 +76,8 @@
FF1 = 0x8000
FFDLY = 0x8000
FLUSHO = 0x1000
+ FS_IOC_ENABLE_VERITY = 0x80806685
+ FS_IOC_GETFLAGS = 0x40086601
FS_IOC_GET_ENCRYPTION_POLICY = 0x800c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x80106614
FS_IOC_SET_ENCRYPTION_POLICY = 0x400c6613
diff --git a/unix/ztypes_linux.go b/unix/ztypes_linux.go
index cb5e06c..a8d0eac 100644
--- a/unix/ztypes_linux.go
+++ b/unix/ztypes_linux.go
@@ -2291,3 +2291,20 @@
DEVLINK_DPIPE_HEADER_IPV4 = 0x1
DEVLINK_DPIPE_HEADER_IPV6 = 0x2
)
+
+type FsverityDigest struct {
+ Algorithm uint16
+ Size uint16
+}
+
+type FsverityEnableArg struct {
+ Version uint32
+ Hash_algorithm uint32
+ Block_size uint32
+ Salt_size uint32
+ Salt_ptr uint64
+ Sig_size uint32
+ _ uint32
+ Sig_ptr uint64
+ _ [11]uint64
+}
