[dm-devel] [PATCH] dm-verity: Fix a boundary condition that caused failure for certain device sizes

Mikulas Patocka mpatocka at redhat.com
Fri Jun 28 14:56:31 UTC 2013



On Fri, 28 Jun 2013, Mikulas Patocka wrote:

Fix a boundary condition that caused failure for certain device sizes

The problem is reported at
http://code.google.com/p/cryptsetup/issues/detail?id=160

This is the userspace fix.

Signed-off-by: Mikulas Patocka <mpatocka at redhat.com

---
 lib/verity/verity_hash.c |    6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

Index: cryptsetup-1.6.1/lib/verity/verity_hash.c
===================================================================
--- cryptsetup-1.6.1.orig/lib/verity/verity_hash.c	2013-06-28 01:20:35.000000000 +0200
+++ cryptsetup-1.6.1/lib/verity/verity_hash.c	2013-06-28 01:24:47.000000000 +0200
@@ -220,7 +220,7 @@ static int VERITY_create_or_verify_hash(
 	off_t hash_level_block[VERITY_MAX_LEVELS];
 	off_t hash_level_size[VERITY_MAX_LEVELS];
 	off_t data_file_blocks, s;
-	size_t hash_per_block, hash_per_block_bits;
+	size_t hash_per_block_bits;
 	off_t data_device_size = 0, hash_device_size = 0;
 	uint64_t dev_size;
 	int levels, i, r;
@@ -251,7 +251,6 @@ static int VERITY_create_or_verify_hash(
 	}
 
 	hash_per_block_bits = get_bits_down(hash_block_size / digest_size);
-	hash_per_block = 1 << hash_per_block_bits;
 	if (!hash_per_block_bits)
 		return -EINVAL;
 
@@ -271,8 +270,7 @@ static int VERITY_create_or_verify_hash(
 	for (i = levels - 1; i >= 0; i--) {
 		hash_level_block[i] = hash_position;
 		// verity position of block data_file_blocks at level i
-		s = data_file_blocks >> (i * hash_per_block_bits);
-		s = (s + hash_per_block - 1) / hash_per_block;
+		s = (data_file_blocks + ((off_t)1 << ((i + 1) * hash_per_block_bits)) - 1) >> ((i + 1) * hash_per_block_bits);
 		hash_level_size[i] = s;
 		if ((hash_position + s) < hash_position ||
 		    (hash_position + s) < 0) {




More information about the dm-devel mailing list