|
|
0bd263 |
From 8f8f0b3258152a260c6a40be89b485f943f81484 Mon Sep 17 00:00:00 2001
|
|
|
0bd263 |
From: Milan Broz <gmazyland@gmail.com>
|
|
|
0bd263 |
Date: Mon, 26 Aug 2019 10:01:17 +0200
|
|
|
0bd263 |
Subject: [PATCH] Fix mapped segments overflow on 32bit architectures.
|
|
|
0bd263 |
|
|
|
0bd263 |
All set_segment funcions must use uin64_t everywhere,
|
|
|
0bd263 |
not size_t that is platform dependent.
|
|
|
0bd263 |
|
|
|
0bd263 |
The code later uses it correctly, it is just wrong function
|
|
|
0bd263 |
prototype definitions.
|
|
|
0bd263 |
|
|
|
0bd263 |
Reported in
|
|
|
0bd263 |
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935702
|
|
|
0bd263 |
|
|
|
0bd263 |
(TODO: add a test for other segment types.)
|
|
|
0bd263 |
---
|
|
|
0bd263 |
lib/libdevmapper.c | 12 ++++++------
|
|
|
0bd263 |
lib/utils_dm.h | 12 ++++++------
|
|
|
0bd263 |
tests/integrity-compat-test | 26 ++++++++++++++++++++++++++
|
|
|
0bd263 |
3 files changed, 38 insertions(+), 12 deletions(-)
|
|
|
0bd263 |
|
|
|
0bd263 |
diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c
|
|
|
0bd263 |
index e92ceda..9c40bb1 100644
|
|
|
0bd263 |
--- a/lib/libdevmapper.c
|
|
|
0bd263 |
+++ b/lib/libdevmapper.c
|
|
|
0bd263 |
@@ -2759,9 +2759,9 @@ int dm_is_dm_kernel_name(const char *name)
|
|
|
0bd263 |
return strncmp(name, "dm-", 3) ? 0 : 1;
|
|
|
0bd263 |
}
|
|
|
0bd263 |
|
|
|
0bd263 |
-int dm_crypt_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
|
|
|
0bd263 |
+int dm_crypt_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
|
|
|
0bd263 |
struct device *data_device, struct volume_key *vk, const char *cipher,
|
|
|
0bd263 |
- size_t iv_offset, size_t data_offset, const char *integrity, uint32_t tag_size,
|
|
|
0bd263 |
+ uint64_t iv_offset, uint64_t data_offset, const char *integrity, uint32_t tag_size,
|
|
|
0bd263 |
uint32_t sector_size)
|
|
|
0bd263 |
{
|
|
|
0bd263 |
int r = -EINVAL;
|
|
|
0bd263 |
@@ -2800,7 +2800,7 @@ err:
|
|
|
0bd263 |
return r;
|
|
|
0bd263 |
}
|
|
|
0bd263 |
|
|
|
0bd263 |
-int dm_verity_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
|
|
|
0bd263 |
+int dm_verity_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
|
|
|
0bd263 |
struct device *data_device, struct device *hash_device, struct device *fec_device,
|
|
|
0bd263 |
const char *root_hash, uint32_t root_hash_size, uint64_t hash_offset_block,
|
|
|
0bd263 |
uint64_t hash_blocks, struct crypt_params_verity *vp)
|
|
|
0bd263 |
@@ -2826,7 +2826,7 @@ int dm_verity_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_si
|
|
|
0bd263 |
return 0;
|
|
|
0bd263 |
}
|
|
|
0bd263 |
|
|
|
0bd263 |
-int dm_integrity_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
|
|
|
0bd263 |
+int dm_integrity_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
|
|
|
0bd263 |
struct device *meta_device,
|
|
|
0bd263 |
struct device *data_device, uint64_t tag_size, uint64_t offset,
|
|
|
0bd263 |
uint32_t sector_size, struct volume_key *vk,
|
|
|
0bd263 |
@@ -2865,8 +2865,8 @@ int dm_integrity_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg
|
|
|
0bd263 |
return 0;
|
|
|
0bd263 |
}
|
|
|
0bd263 |
|
|
|
0bd263 |
-int dm_linear_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
|
|
|
0bd263 |
- struct device *data_device, size_t data_offset)
|
|
|
0bd263 |
+int dm_linear_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
|
|
|
0bd263 |
+ struct device *data_device, uint64_t data_offset)
|
|
|
0bd263 |
{
|
|
|
0bd263 |
if (!data_device)
|
|
|
0bd263 |
return -EINVAL;
|
|
|
0bd263 |
diff --git a/lib/utils_dm.h b/lib/utils_dm.h
|
|
|
0bd263 |
index 4a1e1d3..124a1c7 100644
|
|
|
0bd263 |
--- a/lib/utils_dm.h
|
|
|
0bd263 |
+++ b/lib/utils_dm.h
|
|
|
0bd263 |
@@ -168,22 +168,22 @@ void dm_backend_exit(struct crypt_device *cd);
|
|
|
0bd263 |
int dm_targets_allocate(struct dm_target *first, unsigned count);
|
|
|
0bd263 |
void dm_targets_free(struct crypt_device *cd, struct crypt_dm_active_device *dmd);
|
|
|
0bd263 |
|
|
|
0bd263 |
-int dm_crypt_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
|
|
|
0bd263 |
+int dm_crypt_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
|
|
|
0bd263 |
struct device *data_device, struct volume_key *vk, const char *cipher,
|
|
|
0bd263 |
- size_t iv_offset, size_t data_offset, const char *integrity,
|
|
|
0bd263 |
+ uint64_t iv_offset, uint64_t data_offset, const char *integrity,
|
|
|
0bd263 |
uint32_t tag_size, uint32_t sector_size);
|
|
|
0bd263 |
-int dm_verity_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
|
|
|
0bd263 |
+int dm_verity_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
|
|
|
0bd263 |
struct device *data_device, struct device *hash_device, struct device *fec_device,
|
|
|
0bd263 |
const char *root_hash, uint32_t root_hash_size, uint64_t hash_offset_block,
|
|
|
0bd263 |
uint64_t hash_blocks, struct crypt_params_verity *vp);
|
|
|
0bd263 |
-int dm_integrity_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
|
|
|
0bd263 |
+int dm_integrity_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
|
|
|
0bd263 |
struct device *meta_device,
|
|
|
0bd263 |
struct device *data_device, uint64_t tag_size, uint64_t offset, uint32_t sector_size,
|
|
|
0bd263 |
struct volume_key *vk,
|
|
|
0bd263 |
struct volume_key *journal_crypt_key, struct volume_key *journal_mac_key,
|
|
|
0bd263 |
const struct crypt_params_integrity *ip);
|
|
|
0bd263 |
-int dm_linear_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
|
|
|
0bd263 |
- struct device *data_device, size_t data_offset);
|
|
|
0bd263 |
+int dm_linear_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
|
|
|
0bd263 |
+ struct device *data_device, uint64_t data_offset);
|
|
|
0bd263 |
|
|
|
0bd263 |
int dm_remove_device(struct crypt_device *cd, const char *name, uint32_t flags);
|
|
|
0bd263 |
int dm_status_device(struct crypt_device *cd, const char *name);
|
|
|
0bd263 |
diff --git a/tests/integrity-compat-test b/tests/integrity-compat-test
|
|
|
0bd263 |
index 5f2c14e..836975d 100755
|
|
|
0bd263 |
--- a/tests/integrity-compat-test
|
|
|
0bd263 |
+++ b/tests/integrity-compat-test
|
|
|
0bd263 |
@@ -9,6 +9,8 @@ INTSETUP_VALGRIND=../.libs/integritysetup
|
|
|
0bd263 |
INTSETUP_LIB_VALGRIND=../.libs
|
|
|
0bd263 |
|
|
|
0bd263 |
DEV_NAME=dmc_test
|
|
|
0bd263 |
+DEV_NAME_BIG=dmc_fake
|
|
|
0bd263 |
+DEV_LOOP=""
|
|
|
0bd263 |
DEV=test123.img
|
|
|
0bd263 |
DEV2=test124.img
|
|
|
0bd263 |
KEY_FILE=key.img
|
|
|
0bd263 |
@@ -20,6 +22,9 @@ dmremove() { # device
|
|
|
0bd263 |
|
|
|
0bd263 |
cleanup() {
|
|
|
0bd263 |
[ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME
|
|
|
0bd263 |
+ [ -b /dev/mapper/$DEV_NAME_BIG ] && dmremove $DEV_NAME_BIG
|
|
|
0bd263 |
+ [ -n "$DEV_LOOP" ] && losetup -d "$DEV_LOOP"
|
|
|
0bd263 |
+ DEV_LOOP=""
|
|
|
0bd263 |
rm -f $DEV $DEV2 $KEY_FILE >/dev/null 2>&1
|
|
|
0bd263 |
}
|
|
|
0bd263 |
|
|
|
0bd263 |
@@ -292,6 +297,7 @@ int_mode() # alg tag_size sector_size [keyfile keysize]
|
|
|
0bd263 |
|
|
|
0bd263 |
[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
|
|
|
0bd263 |
[ ! -x "$INTSETUP" ] && skip "Cannot find $INTSETUP, test skipped."
|
|
|
0bd263 |
+which blockdev >/dev/null || skip "Cannot find blockdev utility, test skipped."
|
|
|
0bd263 |
|
|
|
0bd263 |
[ -n "$VALG" ] && valgrind_setup && INTSETUP=valgrind_run
|
|
|
0bd263 |
which hexdump >/dev/null 2>&1 || skip "WARNING: hexdump tool required."
|
|
|
0bd263 |
@@ -389,4 +395,24 @@ else
|
|
|
0bd263 |
echo "[N/A]"
|
|
|
0bd263 |
fi
|
|
|
0bd263 |
|
|
|
0bd263 |
+echo -n "Big device:"
|
|
|
0bd263 |
+add_device
|
|
|
0bd263 |
+DEV_LOOP=$(losetup -f $DEV --show)
|
|
|
0bd263 |
+if [ -n "$DEV_LOOP" ] ; then
|
|
|
0bd263 |
+dmsetup create $DEV_NAME_BIG <
|
|
|
0bd263 |
+0 16284 linear $DEV_LOOP 0
|
|
|
0bd263 |
+16284 80000000000 zero
|
|
|
0bd263 |
+EOF
|
|
|
0bd263 |
+ [ ! -b /dev/mapper/$DEV_NAME_BIG ] && fail
|
|
|
0bd263 |
+ $INTSETUP format -q -s 512 --no-wipe /dev/mapper/$DEV_NAME_BIG
|
|
|
0bd263 |
+ $INTSETUP open /dev/mapper/$DEV_NAME_BIG $DEV_NAME || fail
|
|
|
0bd263 |
+ D_SIZE=$($INTSETUP dump /dev/mapper/$DEV_NAME_BIG | grep provided_data_sectors | sed -e 's/.*provided_data_sectors\ \+//g')
|
|
|
0bd263 |
+ A_SIZE=$(blockdev --getsz /dev/mapper/$DEV_NAME)
|
|
|
0bd263 |
+ # Compare strings (to avoid 64bit integers), not integers
|
|
|
0bd263 |
+ [ -n "$A_SIZE" -a "$D_SIZE" != "$A_SIZE" ] && fail
|
|
|
0bd263 |
+ echo "[OK]"
|
|
|
0bd263 |
+else
|
|
|
0bd263 |
+ echo "[N/A]"
|
|
|
0bd263 |
+fi
|
|
|
0bd263 |
+
|
|
|
0bd263 |
cleanup
|
|
|
0bd263 |
--
|
|
|
0bd263 |
1.8.3.1
|
|
|
0bd263 |
|