From: Eric Biggers <ebiggers@kernel.org>
To: linux-fscrypt@vger.kernel.org
Cc: Andrey Albershteyn <aalbersh@redhat.com>,
linux-f2fs-devel@lists.sourceforge.net,
linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-ext4@vger.kernel.org, linux-btrfs@vger.kernel.org
Subject: [f2fs-dev] [PATCH v2 01/11] fsverity: use unsigned long for level_start
Date: Fri, 23 Dec 2022 12:36:28 -0800 [thread overview]
Message-ID: <20221223203638.41293-2-ebiggers@kernel.org> (raw)
In-Reply-To: <20221223203638.41293-1-ebiggers@kernel.org>
From: Eric Biggers <ebiggers@google.com>
fs/verity/ isn't consistent with whether Merkle tree block indices are
'unsigned long' or 'u64'. There's no real point to using u64 for them,
though, since (a) a Merkle tree with over ULONG_MAX blocks would only be
needed for a file larger than MAX_LFS_FILESIZE, and (b) for reads, the
status of all Merkle tree blocks has to be tracked in memory.
Therefore, let's make things a bit more efficient on 32-bit systems by
using 'unsigned long[]' for merkle_tree_params::level_start, instead of
'u64[]'. Also, to be extra safe, explicitly check that there aren't
more than ULONG_MAX Merkle tree blocks.
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
fs/verity/fsverity_private.h | 2 +-
fs/verity/open.c | 20 +++++++++++++++-----
2 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/fs/verity/fsverity_private.h b/fs/verity/fsverity_private.h
index a16038a0ee67d..e8b40c8000be7 100644
--- a/fs/verity/fsverity_private.h
+++ b/fs/verity/fsverity_private.h
@@ -52,7 +52,7 @@ struct merkle_tree_params {
* Starting block index for each tree level, ordered from leaf level (0)
* to root level ('num_levels - 1')
*/
- u64 level_start[FS_VERITY_MAX_LEVELS];
+ unsigned long level_start[FS_VERITY_MAX_LEVELS];
};
/*
diff --git a/fs/verity/open.c b/fs/verity/open.c
index e0ef1a6283943..83ccc3c137363 100644
--- a/fs/verity/open.c
+++ b/fs/verity/open.c
@@ -34,6 +34,7 @@ int fsverity_init_merkle_tree_params(struct merkle_tree_params *params,
struct fsverity_hash_alg *hash_alg;
int err;
u64 blocks;
+ u64 blocks_in_level[FS_VERITY_MAX_LEVELS];
u64 offset;
int level;
@@ -94,17 +95,26 @@ int fsverity_init_merkle_tree_params(struct merkle_tree_params *params,
}
blocks = (blocks + params->hashes_per_block - 1) >>
params->log_arity;
- /* temporarily using level_start[] to store blocks in level */
- params->level_start[params->num_levels++] = blocks;
+ blocks_in_level[params->num_levels++] = blocks;
}
- params->level0_blocks = params->level_start[0];
+ params->level0_blocks = blocks_in_level[0];
/* Compute the starting block of each level */
offset = 0;
for (level = (int)params->num_levels - 1; level >= 0; level--) {
- blocks = params->level_start[level];
params->level_start[level] = offset;
- offset += blocks;
+ offset += blocks_in_level[level];
+ }
+
+ /*
+ * Since the data, and thus also the Merkle tree, cannot have more than
+ * ULONG_MAX pages, hash block indices can always fit in an
+ * 'unsigned long'. To be safe, explicitly check for it too.
+ */
+ if (offset > ULONG_MAX) {
+ fsverity_err(inode, "Too many blocks in Merkle tree");
+ err = -EFBIG;
+ goto out_err;
}
params->tree_size = offset << log_blocksize;
--
2.39.0
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next prev parent reply other threads:[~2022-12-23 20:37 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-23 20:36 [f2fs-dev] [PATCH v2 00/11] fsverity: support for non-4K pages Eric Biggers
2022-12-23 20:36 ` Eric Biggers [this message]
2022-12-23 20:36 ` [f2fs-dev] [PATCH v2 02/11] fsverity: simplify Merkle tree readahead size calculation Eric Biggers
2022-12-23 20:36 ` [f2fs-dev] [PATCH v2 03/11] fsverity: store log2(digest_size) precomputed Eric Biggers
2022-12-23 20:36 ` [f2fs-dev] [PATCH v2 04/11] fsverity: use EFBIG for file too large to enable verity Eric Biggers
2022-12-23 20:36 ` [f2fs-dev] [PATCH v2 05/11] fsverity: replace fsverity_hash_page() with fsverity_hash_block() Eric Biggers
2022-12-23 20:36 ` [f2fs-dev] [PATCH v2 06/11] fsverity: support verification with tree block size < PAGE_SIZE Eric Biggers
2022-12-23 20:36 ` [f2fs-dev] [PATCH v2 07/11] fsverity: support enabling " Eric Biggers
2022-12-23 20:36 ` [f2fs-dev] [PATCH v2 08/11] ext4: simplify ext4_readpage_limit() Eric Biggers
2022-12-23 20:36 ` [f2fs-dev] [PATCH v2 09/11] f2fs: simplify f2fs_readpage_limit() Eric Biggers
2022-12-23 20:36 ` [f2fs-dev] [PATCH v2 10/11] fs/buffer.c: support fsverity in block_read_full_folio() Eric Biggers
2023-01-10 2:37 ` Andrew Morton
2023-01-10 3:05 ` Eric Biggers
2023-01-20 19:56 ` Eric Biggers
2023-01-21 6:39 ` Christoph Hellwig
2022-12-23 20:36 ` [f2fs-dev] [PATCH v2 11/11] ext4: allow verity with fs block size < PAGE_SIZE Eric Biggers
2023-01-04 6:38 ` [f2fs-dev] [PATCH v2 00/11] fsverity: support for non-4K pages Ojaswin Mujoo via Linux-f2fs-devel
2023-01-04 7:25 ` Eric Biggers
2023-01-05 11:24 ` Ojaswin Mujoo via Linux-f2fs-devel
2023-01-09 17:38 ` Eric Biggers
2023-01-09 19:34 ` Andrey Albershteyn
2023-01-10 3:10 ` Eric Biggers
2023-02-03 22:01 ` Eric Biggers
2023-02-28 1:01 ` patchwork-bot+f2fs
2023-02-28 1:30 ` Eric Biggers
2023-02-28 3:53 ` Jaegeuk Kim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221223203638.41293-2-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=aalbersh@redhat.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).