[mirror_ubuntu-jammy-kernel.git] / fs / verity / open.c

// SPDX-License-Identifier: GPL-2.0
/*
 * fs/verity/open.c: opening fs-verity files
 *
 * Copyright 2019 Google LLC
 */

#include "fsverity_private.h"

#include <linux/slab.h>

static struct kmem_cache *fsverity_info_cachep;

/**
 * fsverity_init_merkle_tree_params() - initialize Merkle tree parameters
 * @params: the parameters struct to initialize
 * @inode: the inode for which the Merkle tree is being built
 * @hash_algorithm: number of hash algorithm to use
 * @log_blocksize: log base 2 of block size to use
 * @salt: pointer to salt (optional)
 * @salt_size: size of salt, possibly 0
 *
 * Validate the hash algorithm and block size, then compute the tree topology
 * (num levels, num blocks in each level, etc.) and initialize @params.
 *
 * Return: 0 on success, -errno on failure
 */
int fsverity_init_merkle_tree_params(struct merkle_tree_params *params,
				     const struct inode *inode,
				     unsigned int hash_algorithm,
				     unsigned int log_blocksize,
				     const u8 *salt, size_t salt_size)
{
	const struct fsverity_hash_alg *hash_alg;
	int err;
	u64 blocks;
	u64 offset;
	int level;

	memset(params, 0, sizeof(*params));

	hash_alg = fsverity_get_hash_alg(inode, hash_algorithm);
	if (IS_ERR(hash_alg))
		return PTR_ERR(hash_alg);
	params->hash_alg = hash_alg;
	params->digest_size = hash_alg->digest_size;

	params->hashstate = fsverity_prepare_hash_state(hash_alg, salt,
							salt_size);
	if (IS_ERR(params->hashstate)) {
		err = PTR_ERR(params->hashstate);
		params->hashstate = NULL;
		fsverity_err(inode, "Error %d preparing hash state", err);
		goto out_err;
	}

	if (log_blocksize != PAGE_SHIFT) {
		fsverity_warn(inode, "Unsupported log_blocksize: %u",
			      log_blocksize);
		err = -EINVAL;
		goto out_err;
	}
	params->log_blocksize = log_blocksize;
	params->block_size = 1 << log_blocksize;

	if (WARN_ON(!is_power_of_2(params->digest_size))) {
		err = -EINVAL;
		goto out_err;
	}
	if (params->block_size < 2 * params->digest_size) {
		fsverity_warn(inode,
			      "Merkle tree block size (%u) too small for hash algorithm \"%s\"",
			      params->block_size, hash_alg->name);
		err = -EINVAL;
		goto out_err;
	}
	params->log_arity = params->log_blocksize - ilog2(params->digest_size);
	params->hashes_per_block = 1 << params->log_arity;

	pr_debug("Merkle tree uses %s with %u-byte blocks (%u hashes/block), salt=%*phN\n",
		 hash_alg->name, params->block_size, params->hashes_per_block,
		 (int)salt_size, salt);

	/*
	 * Compute the number of levels in the Merkle tree and create a map from
	 * level to the starting block of that level.  Level 'num_levels - 1' is
	 * the root and is stored first.  Level 0 is the level directly "above"
	 * the data blocks and is stored last.
	 */

	/* Compute number of levels and the number of blocks in each level */
	blocks = (inode->i_size + params->block_size - 1) >> log_blocksize;
	pr_debug("Data is %lld bytes (%llu blocks)\n", inode->i_size, blocks);
	while (blocks > 1) {
		if (params->num_levels >= FS_VERITY_MAX_LEVELS) {
			fsverity_err(inode, "Too many levels in Merkle tree");
			err = -EINVAL;
			goto out_err;
		}
		blocks = (blocks + params->hashes_per_block - 1) >>
			 params->log_arity;
		/* temporarily using level_start[] to store blocks in level */
		params->level_start[params->num_levels++] = blocks;
	}

	/* Compute the starting block of each level */
	offset = 0;
	for (level = (int)params->num_levels - 1; level >= 0; level--) {
		blocks = params->level_start[level];
		params->level_start[level] = offset;
		pr_debug("Level %d is %llu blocks starting at index %llu\n",
			 level, blocks, offset);
		offset += blocks;
	}

	params->tree_size = offset << log_blocksize;
	return 0;

out_err:
	kfree(params->hashstate);
	memset(params, 0, sizeof(*params));
	return err;
}

/*
 * Compute the file measurement by hashing the fsverity_descriptor excluding the
 * signature and with the sig_size field set to 0.
 */
static int compute_file_measurement(const struct fsverity_hash_alg *hash_alg,
				    struct fsverity_descriptor *desc,
				    u8 *measurement)
{
	__le32 sig_size = desc->sig_size;
	int err;

	desc->sig_size = 0;
	err = fsverity_hash_buffer(hash_alg, desc, sizeof(*desc), measurement);
	desc->sig_size = sig_size;

	return err;
}

/*
 * Validate the given fsverity_descriptor and create a new fsverity_info from
 * it.  The signature (if present) is also checked.
 */
struct fsverity_info *fsverity_create_info(const struct inode *inode,
					   void *_desc, size_t desc_size)
{
	struct fsverity_descriptor *desc = _desc;
	struct fsverity_info *vi;
	int err;

	if (desc_size < sizeof(*desc)) {
		fsverity_err(inode, "Unrecognized descriptor size: %zu bytes",
			     desc_size);
		return ERR_PTR(-EINVAL);
	}

	if (desc->version != 1) {
		fsverity_err(inode, "Unrecognized descriptor version: %u",
			     desc->version);
		return ERR_PTR(-EINVAL);
	}

	if (memchr_inv(desc->__reserved, 0, sizeof(desc->__reserved))) {
		fsverity_err(inode, "Reserved bits set in descriptor");
		return ERR_PTR(-EINVAL);
	}

	if (desc->salt_size > sizeof(desc->salt)) {
		fsverity_err(inode, "Invalid salt_size: %u", desc->salt_size);
		return ERR_PTR(-EINVAL);
	}

	if (le64_to_cpu(desc->data_size) != inode->i_size) {
		fsverity_err(inode,
			     "Wrong data_size: %llu (desc) != %lld (inode)",
			     le64_to_cpu(desc->data_size), inode->i_size);
		return ERR_PTR(-EINVAL);
	}

	vi = kmem_cache_zalloc(fsverity_info_cachep, GFP_KERNEL);
	if (!vi)
		return ERR_PTR(-ENOMEM);
	vi->inode = inode;

	err = fsverity_init_merkle_tree_params(&vi->tree_params, inode,
					       desc->hash_algorithm,
					       desc->log_blocksize,
					       desc->salt, desc->salt_size);
	if (err) {
		fsverity_err(inode,
			     "Error %d initializing Merkle tree parameters",
			     err);
		goto out;
	}

	memcpy(vi->root_hash, desc->root_hash, vi->tree_params.digest_size);

	err = compute_file_measurement(vi->tree_params.hash_alg, desc,
				       vi->measurement);
	if (err) {
		fsverity_err(inode, "Error %d computing file measurement", err);
		goto out;
	}
	pr_debug("Computed file measurement: %s:%*phN\n",
		 vi->tree_params.hash_alg->name,
		 vi->tree_params.digest_size, vi->measurement);

	err = fsverity_verify_signature(vi, desc, desc_size);
out:
	if (err) {
		fsverity_free_info(vi);
		vi = ERR_PTR(err);
	}
	return vi;
}

void fsverity_set_info(struct inode *inode, struct fsverity_info *vi)
{
	/*
	 * Multiple processes may race to set ->i_verity_info, so use cmpxchg.
	 * This pairs with the READ_ONCE() in fsverity_get_info().
	 */
	if (cmpxchg(&inode->i_verity_info, NULL, vi) != NULL)
		fsverity_free_info(vi);
}

void fsverity_free_info(struct fsverity_info *vi)
{
	if (!vi)
		return;
	kfree(vi->tree_params.hashstate);
	kmem_cache_free(fsverity_info_cachep, vi);
}

/* Ensure the inode has an ->i_verity_info */
static int ensure_verity_info(struct inode *inode)
{
	struct fsverity_info *vi = fsverity_get_info(inode);
	struct fsverity_descriptor *desc;
	int res;

	if (vi)
		return 0;

	res = inode->i_sb->s_vop->get_verity_descriptor(inode, NULL, 0);
	if (res < 0) {
		fsverity_err(inode,
			     "Error %d getting verity descriptor size", res);
		return res;
	}
	if (res > FS_VERITY_MAX_DESCRIPTOR_SIZE) {
		fsverity_err(inode, "Verity descriptor is too large (%d bytes)",
			     res);
		return -EMSGSIZE;
	}
	desc = kmalloc(res, GFP_KERNEL);
	if (!desc)
		return -ENOMEM;
	res = inode->i_sb->s_vop->get_verity_descriptor(inode, desc, res);
	if (res < 0) {
		fsverity_err(inode, "Error %d reading verity descriptor", res);
		goto out_free_desc;
	}

	vi = fsverity_create_info(inode, desc, res);
	if (IS_ERR(vi)) {
		res = PTR_ERR(vi);
		goto out_free_desc;
	}

	fsverity_set_info(inode, vi);
	res = 0;
out_free_desc:
	kfree(desc);
	return res;
}

/**
 * fsverity_file_open() - prepare to open a verity file
 * @inode: the inode being opened
 * @filp: the struct file being set up
 *
 * When opening a verity file, deny the open if it is for writing.  Otherwise,
 * set up the inode's ->i_verity_info if not already done.
 *
 * When combined with fscrypt, this must be called after fscrypt_file_open().
 * Otherwise, we won't have the key set up to decrypt the verity metadata.
 *
 * Return: 0 on success, -errno on failure
 */
int fsverity_file_open(struct inode *inode, struct file *filp)
{
	if (!IS_VERITY(inode))
		return 0;

	if (filp->f_mode & FMODE_WRITE) {
		pr_debug("Denying opening verity file (ino %lu) for write\n",
			 inode->i_ino);
		return -EPERM;
	}

	return ensure_verity_info(inode);
}
EXPORT_SYMBOL_GPL(fsverity_file_open);

/**
 * fsverity_prepare_setattr() - prepare to change a verity inode's attributes
 * @dentry: dentry through which the inode is being changed
 * @attr: attributes to change
 *
 * Verity files are immutable, so deny truncates.  This isn't covered by the
 * open-time check because sys_truncate() takes a path, not a file descriptor.
 *
 * Return: 0 on success, -errno on failure
 */
int fsverity_prepare_setattr(struct dentry *dentry, struct iattr *attr)
{
	if (IS_VERITY(d_inode(dentry)) && (attr->ia_valid & ATTR_SIZE)) {
		pr_debug("Denying truncate of verity file (ino %lu)\n",
			 d_inode(dentry)->i_ino);
		return -EPERM;
	}
	return 0;
}
EXPORT_SYMBOL_GPL(fsverity_prepare_setattr);

/**
 * fsverity_cleanup_inode() - free the inode's verity info, if present
 *
 * Filesystems must call this on inode eviction to free ->i_verity_info.
 */
void fsverity_cleanup_inode(struct inode *inode)
{
	fsverity_free_info(inode->i_verity_info);
	inode->i_verity_info = NULL;
}
EXPORT_SYMBOL_GPL(fsverity_cleanup_inode);

int __init fsverity_init_info_cache(void)
{
	fsverity_info_cachep = KMEM_CACHE_USERCOPY(fsverity_info,
						   SLAB_RECLAIM_ACCOUNT,
						   measurement);
	if (!fsverity_info_cachep)
		return -ENOMEM;
	return 0;
}

void __init fsverity_exit_info_cache(void)
{
	kmem_cache_destroy(fsverity_info_cachep);
	fsverity_info_cachep = NULL;
}
Commit	Line	Data
fd2d1acf EB	1	// SPDX-License-Identifier: GPL-2.0
	2	/*
	3	* fs/verity/open.c: opening fs-verity files
	4	*
	5	* Copyright 2019 Google LLC
	6	*/
	7
	8	#include "fsverity_private.h"
	9
	10	#include <linux/slab.h>
	11
	12	static struct kmem_cache *fsverity_info_cachep;
	13
	14	/**
	15	* fsverity_init_merkle_tree_params() - initialize Merkle tree parameters
	16	* @params: the parameters struct to initialize
	17	* @inode: the inode for which the Merkle tree is being built
	18	* @hash_algorithm: number of hash algorithm to use
	19	* @log_blocksize: log base 2 of block size to use
	20	* @salt: pointer to salt (optional)
	21	* @salt_size: size of salt, possibly 0
	22	*
	23	* Validate the hash algorithm and block size, then compute the tree topology
	24	* (num levels, num blocks in each level, etc.) and initialize @params.
	25	*
	26	* Return: 0 on success, -errno on failure
	27	*/
	28	int fsverity_init_merkle_tree_params(struct merkle_tree_params *params,
	29	const struct inode *inode,
	30	unsigned int hash_algorithm,
	31	unsigned int log_blocksize,
	32	const u8 *salt, size_t salt_size)
	33	{
	34	const struct fsverity_hash_alg *hash_alg;
	35	int err;
	36	u64 blocks;
	37	u64 offset;
	38	int level;
	39
	40	memset(params, 0, sizeof(*params));
	41
	42	hash_alg = fsverity_get_hash_alg(inode, hash_algorithm);
	43	if (IS_ERR(hash_alg))
	44	return PTR_ERR(hash_alg);
	45	params->hash_alg = hash_alg;
	46	params->digest_size = hash_alg->digest_size;
	47
	48	params->hashstate = fsverity_prepare_hash_state(hash_alg, salt,
	49	salt_size);
	50	if (IS_ERR(params->hashstate)) {
	51	err = PTR_ERR(params->hashstate);
	52	params->hashstate = NULL;
	53	fsverity_err(inode, "Error %d preparing hash state", err);
	54	goto out_err;
	55	}
	56
	57	if (log_blocksize != PAGE_SHIFT) {
	58	fsverity_warn(inode, "Unsupported log_blocksize: %u",
	59	log_blocksize);
	60	err = -EINVAL;
	61	goto out_err;
	62	}
	63	params->log_blocksize = log_blocksize;
	64	params->block_size = 1 << log_blocksize;
65
66	if (WARN_ON(!is_power_of_2(params->digest_size))) {
67	err = -EINVAL;
68	goto out_err;
69	}
70	if (params->block_size < 2 * params->digest_size) {
71	fsverity_warn(inode,
72	"Merkle tree block size (%u) too small for hash algorithm \"%s\"",
73	params->block_size, hash_alg->name);
74	err = -EINVAL;
75	goto out_err;
76	}
77	params->log_arity = params->log_blocksize - ilog2(params->digest_size);
78	params->hashes_per_block = 1 << params->log_arity;
79
80	pr_debug("Merkle tree uses %s with %u-byte blocks (%u hashes/block), salt=%*phN\n",
81	hash_alg->name, params->block_size, params->hashes_per_block,
82	(int)salt_size, salt);
83
84	/*
85	* Compute the number of levels in the Merkle tree and create a map from
86	* level to the starting block of that level. Level 'num_levels - 1' is
87	* the root and is stored first. Level 0 is the level directly "above"
88	* the data blocks and is stored last.
89	*/
90
91	/* Compute number of levels and the number of blocks in each level */
92	blocks = (inode->i_size + params->block_size - 1) >> log_blocksize;
93	pr_debug("Data is %lld bytes (%llu blocks)\n", inode->i_size, blocks);
94	while (blocks > 1) {
95	if (params->num_levels >= FS_VERITY_MAX_LEVELS) {
96	fsverity_err(inode, "Too many levels in Merkle tree");
97	err = -EINVAL;
98	goto out_err;
99	}
100	blocks = (blocks + params->hashes_per_block - 1) >>
101	params->log_arity;
102	/* temporarily using level_start[] to store blocks in level */
103	params->level_start[params->num_levels++] = blocks;
104	}
105
106	/* Compute the starting block of each level */
107	offset = 0;
108	for (level = (int)params->num_levels - 1; level >= 0; level--) {
109	blocks = params->level_start[level];
110	params->level_start[level] = offset;
111	pr_debug("Level %d is %llu blocks starting at index %llu\n",
112	level, blocks, offset);
113	offset += blocks;
114	}
115
116	params->tree_size = offset << log_blocksize;
117	return 0;
118
119	out_err:
120	kfree(params->hashstate);
121	memset(params, 0, sizeof(*params));
122	return err;
123	}
124
432434c9 EB	125	/*
	126	* Compute the file measurement by hashing the fsverity_descriptor excluding the
	127	* signature and with the sig_size field set to 0.
	128	*/
fd2d1acf	129	static int compute_file_measurement(const struct fsverity_hash_alg *hash_alg,
432434c9	130	struct fsverity_descriptor *desc,
fd2d1acf EB	131	u8 *measurement)
fd2d1acf EB	132	{
432434c9 EB	133	__le32 sig_size = desc->sig_size;
	134	int err;
	135
	136	desc->sig_size = 0;
	137	err = fsverity_hash_buffer(hash_alg, desc, sizeof(*desc), measurement);
	138	desc->sig_size = sig_size;
	139
	140	return err;
fd2d1acf EB	141	}
	142
	143	/*
	144	* Validate the given fsverity_descriptor and create a new fsverity_info from
432434c9	145	* it. The signature (if present) is also checked.
fd2d1acf EB	146	*/
fd2d1acf EB	147	struct fsverity_info fsverity_create_info(const struct inode inode,
432434c9	148	void *_desc, size_t desc_size)
fd2d1acf	149	{
432434c9	150	struct fsverity_descriptor *desc = _desc;
fd2d1acf EB	151	struct fsverity_info *vi;
	152	int err;
	153
	154	if (desc_size < sizeof(*desc)) {
	155	fsverity_err(inode, "Unrecognized descriptor size: %zu bytes",
	156	desc_size);
	157	return ERR_PTR(-EINVAL);
	158	}
	159
	160	if (desc->version != 1) {
	161	fsverity_err(inode, "Unrecognized descriptor version: %u",
	162	desc->version);
	163	return ERR_PTR(-EINVAL);
	164	}
	165
432434c9	166	if (memchr_inv(desc->__reserved, 0, sizeof(desc->__reserved))) {
fd2d1acf EB	167	fsverity_err(inode, "Reserved bits set in descriptor");
	168	return ERR_PTR(-EINVAL);
	169	}
	170
	171	if (desc->salt_size > sizeof(desc->salt)) {
	172	fsverity_err(inode, "Invalid salt_size: %u", desc->salt_size);
	173	return ERR_PTR(-EINVAL);
	174	}
	175
	176	if (le64_to_cpu(desc->data_size) != inode->i_size) {
	177	fsverity_err(inode,
	178	"Wrong data_size: %llu (desc) != %lld (inode)",
	179	le64_to_cpu(desc->data_size), inode->i_size);
	180	return ERR_PTR(-EINVAL);
	181	}
	182
	183	vi = kmem_cache_zalloc(fsverity_info_cachep, GFP_KERNEL);
	184	if (!vi)
	185	return ERR_PTR(-ENOMEM);
	186	vi->inode = inode;
	187
	188	err = fsverity_init_merkle_tree_params(&vi->tree_params, inode,
	189	desc->hash_algorithm,
	190	desc->log_blocksize,
	191	desc->salt, desc->salt_size);
	192	if (err) {
	193	fsverity_err(inode,
	194	"Error %d initializing Merkle tree parameters",
	195	err);
	196	goto out;
	197	}
	198
	199	memcpy(vi->root_hash, desc->root_hash, vi->tree_params.digest_size);
	200
	201	err = compute_file_measurement(vi->tree_params.hash_alg, desc,
	202	vi->measurement);
	203	if (err) {
	204	fsverity_err(inode, "Error %d computing file measurement", err);
	205	goto out;
	206	}
	207	pr_debug("Computed file measurement: %s:%*phN\n",
	208	vi->tree_params.hash_alg->name,
	209	vi->tree_params.digest_size, vi->measurement);
432434c9 EB	210
432434c9 EB	211	err = fsverity_verify_signature(vi, desc, desc_size);
fd2d1acf EB	212	out:
	213	if (err) {
	214	fsverity_free_info(vi);
	215	vi = ERR_PTR(err);
	216	}
	217	return vi;
	218	}
	219
	220	void fsverity_set_info(struct inode inode, struct fsverity_info vi)
	221	{
	222	/*
	223	* Multiple processes may race to set ->i_verity_info, so use cmpxchg.
	224	* This pairs with the READ_ONCE() in fsverity_get_info().
	225	*/
	226	if (cmpxchg(&inode->i_verity_info, NULL, vi) != NULL)
	227	fsverity_free_info(vi);
	228	}
	229
	230	void fsverity_free_info(struct fsverity_info *vi)
	231	{
	232	if (!vi)
	233	return;
	234	kfree(vi->tree_params.hashstate);
	235	kmem_cache_free(fsverity_info_cachep, vi);
	236	}
	237
	238	/* Ensure the inode has an ->i_verity_info */
	239	static int ensure_verity_info(struct inode *inode)
	240	{
	241	struct fsverity_info *vi = fsverity_get_info(inode);
	242	struct fsverity_descriptor *desc;
	243	int res;
	244
	245	if (vi)
	246	return 0;
	247
	248	res = inode->i_sb->s_vop->get_verity_descriptor(inode, NULL, 0);
	249	if (res < 0) {
	250	fsverity_err(inode,
	251	"Error %d getting verity descriptor size", res);
	252	return res;
	253	}
	254	if (res > FS_VERITY_MAX_DESCRIPTOR_SIZE) {
	255	fsverity_err(inode, "Verity descriptor is too large (%d bytes)",
	256	res);
	257	return -EMSGSIZE;
	258	}
	259	desc = kmalloc(res, GFP_KERNEL);
	260	if (!desc)
	261	return -ENOMEM;
	262	res = inode->i_sb->s_vop->get_verity_descriptor(inode, desc, res);
	263	if (res < 0) {
	264	fsverity_err(inode, "Error %d reading verity descriptor", res);
	265	goto out_free_desc;
	266	}
	267
	268	vi = fsverity_create_info(inode, desc, res);
	269	if (IS_ERR(vi)) {
	270	res = PTR_ERR(vi);
	271	goto out_free_desc;
	272	}
	273
	274	fsverity_set_info(inode, vi);
	275	res = 0;
276	out_free_desc:
277	kfree(desc);
278	return res;
279	}
280
281	/**
282	* fsverity_file_open() - prepare to open a verity file
283	* @inode: the inode being opened
284	* @filp: the struct file being set up
285	*
286	* When opening a verity file, deny the open if it is for writing. Otherwise,
287	* set up the inode's ->i_verity_info if not already done.
288	*
289	* When combined with fscrypt, this must be called after fscrypt_file_open().
290	* Otherwise, we won't have the key set up to decrypt the verity metadata.
291	*
292	* Return: 0 on success, -errno on failure
293	*/
294	int fsverity_file_open(struct inode inode, struct file filp)
295	{
296	if (!IS_VERITY(inode))
297	return 0;
298
299	if (filp->f_mode & FMODE_WRITE) {
300	pr_debug("Denying opening verity file (ino %lu) for write\n",
301	inode->i_ino);
302	return -EPERM;
303	}
304
305	return ensure_verity_info(inode);
306	}
307	EXPORT_SYMBOL_GPL(fsverity_file_open);
308
c1d9b584 EB	309	/**
	310	* fsverity_prepare_setattr() - prepare to change a verity inode's attributes
	311	* @dentry: dentry through which the inode is being changed
	312	* @attr: attributes to change
	313	*
	314	* Verity files are immutable, so deny truncates. This isn't covered by the
	315	* open-time check because sys_truncate() takes a path, not a file descriptor.
	316	*
	317	* Return: 0 on success, -errno on failure
	318	*/
	319	int fsverity_prepare_setattr(struct dentry dentry, struct iattr attr)
	320	{
	321	if (IS_VERITY(d_inode(dentry)) && (attr->ia_valid & ATTR_SIZE)) {
	322	pr_debug("Denying truncate of verity file (ino %lu)\n",
	323	d_inode(dentry)->i_ino);
	324	return -EPERM;
	325	}
	326	return 0;
	327	}
	328	EXPORT_SYMBOL_GPL(fsverity_prepare_setattr);
	329
fd2d1acf EB	330	/**
	331	* fsverity_cleanup_inode() - free the inode's verity info, if present
	332	*
	333	* Filesystems must call this on inode eviction to free ->i_verity_info.
	334	*/
	335	void fsverity_cleanup_inode(struct inode *inode)
	336	{
	337	fsverity_free_info(inode->i_verity_info);
	338	inode->i_verity_info = NULL;
	339	}
	340	EXPORT_SYMBOL_GPL(fsverity_cleanup_inode);
	341
	342	int __init fsverity_init_info_cache(void)
	343	{
	344	fsverity_info_cachep = KMEM_CACHE_USERCOPY(fsverity_info,
	345	SLAB_RECLAIM_ACCOUNT,
	346	measurement);
	347	if (!fsverity_info_cachep)
	348	return -ENOMEM;
	349	return 0;
	350	}
8a1d0f9c EB	351
	352	void __init fsverity_exit_info_cache(void)
	353	{
	354	kmem_cache_destroy(fsverity_info_cachep);
	355	fsverity_info_cachep = NULL;
	356	}