From nobody Sun Feb 8 17:48:04 2026 Delivered-To: importer@patchew.org Received-SPF: temperror (zoho.com: Error in retrieving data from DNS) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=temperror (zoho.com: Error in retrieving data from DNS) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1506517163198900.0182945559757; Wed, 27 Sep 2017 05:59:23 -0700 (PDT) Received: from localhost ([::1]:54724 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dxBvt-0000Ci-7s for importer@patchew.org; Wed, 27 Sep 2017 08:59:21 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50087) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dxBqx-0004V8-Jk for qemu-devel@nongnu.org; Wed, 27 Sep 2017 08:54:16 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dxBqr-0001aU-JQ for qemu-devel@nongnu.org; Wed, 27 Sep 2017 08:54:15 -0400 Received: from mx1.redhat.com ([209.132.183.28]:37784) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dxBqj-0001UF-7c; Wed, 27 Sep 2017 08:54:01 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3EBEB7EA94; Wed, 27 Sep 2017 12:53:59 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.42.22.189]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8A1037F760; Wed, 27 Sep 2017 12:53:57 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 3EBEB7EA94 Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=berrange@redhat.com From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Wed, 27 Sep 2017 13:53:37 +0100 Message-Id: <20170927125340.12360-4-berrange@redhat.com> In-Reply-To: <20170927125340.12360-1-berrange@redhat.com> References: <20170927125340.12360-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Wed, 27 Sep 2017 12:53:59 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v4 3/6] block: fix data type casting for crypto payload offset X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , qemu-block@nongnu.org, Stefan Hajnoczi , Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_6 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" The crypto APIs report the offset of the data payload as an uint64_t type, but the block driver is casting to size_t or ssize_t which will potentially truncate. Most of the block APIs use int64_t for offsets meanwhile, so even if using uint64_t in the crypto block driver we are still at risk of truncation. Change the block crypto driver to use uint64_t, but add asserts that the value is less than INT64_MAX. Reviewed-by: Max Reitz Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange --- block/crypto.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/block/crypto.c b/block/crypto.c index 684cabeaf8..61f5d77bc0 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -364,8 +364,9 @@ static int block_crypto_truncate(BlockDriverState *bs, = int64_t offset, PreallocMode prealloc, Error **errp) { BlockCrypto *crypto =3D bs->opaque; - size_t payload_offset =3D + uint64_t payload_offset =3D qcrypto_block_get_payload_offset(crypto->block); + assert(payload_offset < (INT64_MAX - offset)); =20 offset +=3D payload_offset; =20 @@ -395,8 +396,9 @@ block_crypto_co_readv(BlockDriverState *bs, int64_t sec= tor_num, uint8_t *cipher_data =3D NULL; QEMUIOVector hd_qiov; int ret =3D 0; - size_t payload_offset =3D + uint64_t payload_offset =3D qcrypto_block_get_payload_offset(crypto->block) / 512; + assert(payload_offset < (INT64_MAX / 512)); =20 qemu_iovec_init(&hd_qiov, qiov->niov); =20 @@ -462,8 +464,9 @@ block_crypto_co_writev(BlockDriverState *bs, int64_t se= ctor_num, uint8_t *cipher_data =3D NULL; QEMUIOVector hd_qiov; int ret =3D 0; - size_t payload_offset =3D + uint64_t payload_offset =3D qcrypto_block_get_payload_offset(crypto->block) / 512; + assert(payload_offset < (INT64_MAX / 512)); =20 qemu_iovec_init(&hd_qiov, qiov->niov); =20 @@ -524,7 +527,9 @@ static int64_t block_crypto_getlength(BlockDriverState = *bs) BlockCrypto *crypto =3D bs->opaque; int64_t len =3D bdrv_getlength(bs->file->bs); =20 - ssize_t offset =3D qcrypto_block_get_payload_offset(crypto->block); + uint64_t offset =3D qcrypto_block_get_payload_offset(crypto->block); + assert(offset < INT64_MAX); + assert(offset < len); =20 len -=3D offset; =20 --=20 2.13.5