From nobody Tue Nov 4 06:32:19 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1505215882814276.48632176902777; Tue, 12 Sep 2017 04:31:22 -0700 (PDT) Received: from localhost ([::1]:35016 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1drjPW-0004aZ-2Z for importer@patchew.org; Tue, 12 Sep 2017 07:31:22 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53809) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1drjNQ-0002zO-J3 for qemu-devel@nongnu.org; Tue, 12 Sep 2017 07:29:13 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1drjNP-0004RH-GG for qemu-devel@nongnu.org; Tue, 12 Sep 2017 07:29:12 -0400 Received: from mx1.redhat.com ([209.132.183.28]:44276) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1drjNN-0004Pe-4q; Tue, 12 Sep 2017 07:29:09 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4661081DEF; Tue, 12 Sep 2017 11:29:08 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.42.22.189]) by smtp.corp.redhat.com (Postfix) with ESMTP id F141D6C41C; Tue, 12 Sep 2017 11:29:06 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 4661081DEF Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=berrange@redhat.com From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 12 Sep 2017 12:28:51 +0100 Message-Id: <20170912112855.24269-4-berrange@redhat.com> In-Reply-To: <20170912112855.24269-1-berrange@redhat.com> References: <20170912112855.24269-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Tue, 12 Sep 2017 11:29:08 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v3 3/7] block: fix data type casting for crypto payload offset X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , qemu-block@nongnu.org, Stefan Hajnoczi , Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" The crypto APIs report the offset of the data payload as an uint64_t type, but the block driver is casting to size_t or ssize_t which will potentially truncate. Most of the block APIs use int64_t for offsets meanwhile, so even if using uint64_t in the crypto block driver we are still at risk of truncation. Change the block crypto driver to use uint64_t, but add asserts that the value is less than INT64_MAX. Signed-off-by: Daniel P. Berrange Reviewed-by: Eric Blake Reviewed-by: Max Reitz --- block/crypto.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/block/crypto.c b/block/crypto.c index cc8afe0e0d..d68cbac2ac 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -364,8 +364,9 @@ static int block_crypto_truncate(BlockDriverState *bs, = int64_t offset, PreallocMode prealloc, Error **errp) { BlockCrypto *crypto =3D bs->opaque; - size_t payload_offset =3D + uint64_t payload_offset =3D qcrypto_block_get_payload_offset(crypto->block); + assert(payload_offset < (INT64_MAX - offset)); =20 offset +=3D payload_offset; =20 @@ -391,8 +392,9 @@ block_crypto_co_readv(BlockDriverState *bs, int64_t sec= tor_num, uint8_t *cipher_data =3D NULL; QEMUIOVector hd_qiov; int ret =3D 0; - size_t payload_offset =3D + uint64_t payload_offset =3D qcrypto_block_get_payload_offset(crypto->block) / 512; + assert(payload_offset < (INT64_MAX / 512)); =20 qemu_iovec_init(&hd_qiov, qiov->niov); =20 @@ -458,8 +460,9 @@ block_crypto_co_writev(BlockDriverState *bs, int64_t se= ctor_num, uint8_t *cipher_data =3D NULL; QEMUIOVector hd_qiov; int ret =3D 0; - size_t payload_offset =3D + uint64_t payload_offset =3D qcrypto_block_get_payload_offset(crypto->block) / 512; + assert(payload_offset < (INT64_MAX / 512)); =20 qemu_iovec_init(&hd_qiov, qiov->niov); =20 @@ -520,7 +523,9 @@ static int64_t block_crypto_getlength(BlockDriverState = *bs) BlockCrypto *crypto =3D bs->opaque; int64_t len =3D bdrv_getlength(bs->file->bs); =20 - ssize_t offset =3D qcrypto_block_get_payload_offset(crypto->block); + uint64_t offset =3D qcrypto_block_get_payload_offset(crypto->block); + assert(offset < INT64_MAX); + assert(offset < len); =20 len -=3D offset; =20 --=20 2.13.5