Commit 284d5db5 authored by Eric Biggers's avatar Eric Biggers

fsverity: use unsigned long for level_start

fs/verity/ isn't consistent with whether Merkle tree block indices are
'unsigned long' or 'u64'.  There's no real point to using u64 for them,
though, since (a) a Merkle tree with over ULONG_MAX blocks would only be
needed for a file larger than MAX_LFS_FILESIZE, and (b) for reads, the
status of all Merkle tree blocks has to be tracked in memory.

Therefore, let's make things a bit more efficient on 32-bit systems by
using 'unsigned long[]' for merkle_tree_params::level_start, instead of
'u64[]'.  Also, to be extra safe, explicitly check that there aren't
more than ULONG_MAX Merkle tree blocks.
Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
Reviewed-by: default avatarAndrey Albershteyn <aalbersh@redhat.com>
Tested-by: default avatarOjaswin Mujoo <ojaswin@linux.ibm.com>
Link: https://lore.kernel.org/r/20221223203638.41293-2-ebiggers@kernel.org
parent 86f66569
...@@ -52,7 +52,7 @@ struct merkle_tree_params { ...@@ -52,7 +52,7 @@ struct merkle_tree_params {
* Starting block index for each tree level, ordered from leaf level (0) * Starting block index for each tree level, ordered from leaf level (0)
* to root level ('num_levels - 1') * to root level ('num_levels - 1')
*/ */
u64 level_start[FS_VERITY_MAX_LEVELS]; unsigned long level_start[FS_VERITY_MAX_LEVELS];
}; };
/* /*
......
...@@ -34,6 +34,7 @@ int fsverity_init_merkle_tree_params(struct merkle_tree_params *params, ...@@ -34,6 +34,7 @@ int fsverity_init_merkle_tree_params(struct merkle_tree_params *params,
struct fsverity_hash_alg *hash_alg; struct fsverity_hash_alg *hash_alg;
int err; int err;
u64 blocks; u64 blocks;
u64 blocks_in_level[FS_VERITY_MAX_LEVELS];
u64 offset; u64 offset;
int level; int level;
...@@ -94,17 +95,26 @@ int fsverity_init_merkle_tree_params(struct merkle_tree_params *params, ...@@ -94,17 +95,26 @@ int fsverity_init_merkle_tree_params(struct merkle_tree_params *params,
} }
blocks = (blocks + params->hashes_per_block - 1) >> blocks = (blocks + params->hashes_per_block - 1) >>
params->log_arity; params->log_arity;
/* temporarily using level_start[] to store blocks in level */ blocks_in_level[params->num_levels++] = blocks;
params->level_start[params->num_levels++] = blocks;
} }
params->level0_blocks = params->level_start[0]; params->level0_blocks = blocks_in_level[0];
/* Compute the starting block of each level */ /* Compute the starting block of each level */
offset = 0; offset = 0;
for (level = (int)params->num_levels - 1; level >= 0; level--) { for (level = (int)params->num_levels - 1; level >= 0; level--) {
blocks = params->level_start[level];
params->level_start[level] = offset; params->level_start[level] = offset;
offset += blocks; offset += blocks_in_level[level];
}
/*
* Since the data, and thus also the Merkle tree, cannot have more than
* ULONG_MAX pages, hash block indices can always fit in an
* 'unsigned long'. To be safe, explicitly check for it too.
*/
if (offset > ULONG_MAX) {
fsverity_err(inode, "Too many blocks in Merkle tree");
err = -EFBIG;
goto out_err;
} }
params->tree_size = offset << log_blocksize; params->tree_size = offset << log_blocksize;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment