From d22b7155c84b81d97ffdefd2a0300e41da302f62 Mon Sep 17 00:00:00 2001 From: Jason Andryuk Date: Tue, 8 Mar 2022 11:21:11 -0500 Subject: [PATCH 01/10] block-crypto: Fix -DOPEN_XT build MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit vhd_open_crypto has a redeclaration error: block-crypto.c: In function ‘vhd_open_crypto’: block-crypto.c:351:17: error: ‘key’ redeclared as different kind of symbol 351 | uint8_t key[MAX_AES_XTS_PLAIN_KEYSIZE / sizeof(uint8_t)] = { 0 }; | ^~~ block-crypto.c:346:52: note: previous definition of ‘key’ with type ‘const uint8_t *’ {aka ‘const unsigned char *’} 346 | vhd_open_crypto(vhd_context_t *vhd, const uint8_t *key, size_t key_bytes, const char *name) OPEN_XT populates its key with chain_find_keyed_vhd, while the non-OPEN_XT version has the key passed in. Rename the local buffer and assign key to it to keep things working. chain_find_keyed_vhd can't accept the const key, so pass keybuf to it. Signed-off-by: Jason Andryuk --- drivers/block-crypto.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/block-crypto.c b/drivers/block-crypto.c index 93d0d7d5..69123f5e 100644 --- a/drivers/block-crypto.c +++ b/drivers/block-crypto.c @@ -348,7 +348,8 @@ vhd_open_crypto(vhd_context_t *vhd, const uint8_t *key, size_t key_bytes, const struct vhd_keyhash keyhash; int err; #ifdef OPEN_XT - uint8_t key[MAX_AES_XTS_PLAIN_KEYSIZE / sizeof(uint8_t)] = { 0 }; + uint8_t keybuf[MAX_AES_XTS_PLAIN_KEYSIZE / sizeof(uint8_t)] = { 0 }; + key = keybuf; int keysize = 0; #endif @@ -356,7 +357,7 @@ vhd_open_crypto(vhd_context_t *vhd, const uint8_t *key, size_t key_bytes, const return 0; #ifdef OPEN_XT - err = chain_find_keyed_vhd(vhd, key, &keysize, &keyhash); + err = chain_find_keyed_vhd(vhd, keybuf, &keysize, &keyhash); if (err) { DPRINTF("error in vhd chain: %d\n", err); return err; From 1e2fd629dccae8a6331d3ff99c7aa182cbedca3f Mon Sep 17 00:00:00 2001 From: Jason Andryuk Date: Thu, 10 Mar 2022 14:53:25 -0500 Subject: [PATCH 02/10] block-crypto: Increase path size for OPEN_XT MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit GCC complains: block-crypto.c: In function ‘find_keyfile’: block-crypto.c:153:32: error: ‘,aes-xts-plain,’ directive output may be truncated writing 15 bytes into a region of size between 0 and 255 [-Werror=format-truncation=] 153 | "%s/%s,aes-xts-plain,%d.key", | ^~~~~~~~~~~~~~~ block-crypto.c:152:17: note: ‘snprintf’ output 22 or more bytes (assuming 277) into a destination of size 256 152 | snprintf(path, sizeof(path), | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ 153 | "%s/%s,aes-xts-plain,%d.key", | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 154 | keydir, basename, keysize); | ~~~~~~~~~~~~~~~~~~~~~~~~~~ Increase the size of path. Signed-off-by: Jason Andryuk --- drivers/block-crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/block-crypto.c b/drivers/block-crypto.c index 69123f5e..4bca6696 100644 --- a/drivers/block-crypto.c +++ b/drivers/block-crypto.c @@ -133,7 +133,7 @@ find_keyfile(char **keyfile, const char *dirs, *keyfile = NULL; while (dirs && strlen(dirs) > 0) { - char keydir[256] = { 0 }, path[256] = { 0 }; + char keydir[256] = { 0 }, path[277] = { 0 }; struct stat st; int err; From 517bbcd22b490ae32860c2f981dc0776db88f9fc Mon Sep 17 00:00:00 2001 From: Chris Rogers Date: Thu, 10 Mar 2022 14:56:40 -0500 Subject: [PATCH 03/10] block-crypto: Fix OPEN_XT key_bytes findkey() sets keysize to 512 or 256, but an xts case deals with bytes, better name the variables to indicate whether they contain keysize in bytes or bits, and make sure we convert chain_find_keyed_vhd to bytes before calling xts_aes_setkey() Signed-off-by: Chris Rogers Signed-off-by: Jason Andryuk --- drivers/block-crypto.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/block-crypto.c b/drivers/block-crypto.c index 4bca6696..bd2e61cf 100644 --- a/drivers/block-crypto.c +++ b/drivers/block-crypto.c @@ -350,19 +350,21 @@ vhd_open_crypto(vhd_context_t *vhd, const uint8_t *key, size_t key_bytes, const #ifdef OPEN_XT uint8_t keybuf[MAX_AES_XTS_PLAIN_KEYSIZE / sizeof(uint8_t)] = { 0 }; key = keybuf; - int keysize = 0; + int key_bits; #endif if (vhd->xts_tfm) return 0; #ifdef OPEN_XT - err = chain_find_keyed_vhd(vhd, keybuf, &keysize, &keyhash); + err = chain_find_keyed_vhd(vhd, keybuf, &key_bits, &keyhash); if (err) { DPRINTF("error in vhd chain: %d\n", err); return err; } + key_bytes = key_bits / 8; + if (keyhash.cookie == 0) { return 0; } From 35f9708719ede85f0ec69f9f5a3b1e199d898ccc Mon Sep 17 00:00:00 2001 From: Jason Andryuk Date: Thu, 10 Mar 2022 15:06:00 -0500 Subject: [PATCH 04/10] block-vhd: Always load crypto for -DOPEN_XT OpenXT doesn't pass in the encryption key, but loads it later when opening the VHD itself. Therefore it needs to always load the crypto library to have it available. Re-arrange to make that the case. While doing this, swap the if branches, to let the condition be a positive check. Signed-off-by: Jason Andryuk --- drivers/block-vhd.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/drivers/block-vhd.c b/drivers/block-vhd.c index f71cd679..0095726a 100644 --- a/drivers/block-vhd.c +++ b/drivers/block-vhd.c @@ -694,18 +694,19 @@ void dummy_close_crypto(vhd_context_t *vhd) static int __load_crypto(struct td_vbd_encryption *encryption) { + bool load_crypto = encryption->encryption_key != NULL; + crypto_interface = malloc(sizeof(struct crypto_interface)); if (!crypto_interface) { EPRINTF("Failed to allocate memory\n"); return -ENOMEM; } - if (encryption->encryption_key == NULL) { - crypto_interface->vhd_open_crypto = dummy_open_crypto; - crypto_interface->vhd_close_crypto = dummy_close_crypto; - crypto_interface->vhd_crypto_encrypt = NULL; - crypto_interface->vhd_crypto_decrypt = NULL; - } else { +#ifdef OPEN_XT + load_crypto = true; +#endif + + if (load_crypto) { dlerror(); crypto_handle = dlopen(LIBBLOCKCRYPTO_NAME, RTLD_LAZY); if (crypto_handle == NULL) { @@ -739,6 +740,11 @@ __load_crypto(struct td_vbd_encryption *encryption) return -EINVAL; } DPRINTF("Loaded cryptography library\n"); + } else { + crypto_interface->vhd_open_crypto = dummy_open_crypto; + crypto_interface->vhd_close_crypto = dummy_close_crypto; + crypto_interface->vhd_crypto_encrypt = NULL; + crypto_interface->vhd_crypto_decrypt = NULL; } return 0; From f744dfc1abc7a5791eb416b638cdd4af0f155e9f Mon Sep 17 00:00:00 2001 From: Jason Andryuk Date: Mon, 16 Oct 2023 15:17:24 -0400 Subject: [PATCH 05/10] block-crypto: Fix OPEN_XT crypto build We need to include the util.h for the safe_strncpy declararion. Fixes: 6ffa1d8a97 "CA-366761: replace use of strncpy with inlined wrapper" Signed-off-by: Jason Andryuk --- drivers/block-crypto.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/block-crypto.c b/drivers/block-crypto.c index bd2e61cf..73889261 100644 --- a/drivers/block-crypto.c +++ b/drivers/block-crypto.c @@ -42,6 +42,7 @@ #include "libvhd.h" #include "tapdisk.h" #include "vhd-util.h" +#include "util.h" #include "crypto/compat-crypto-openssl.h" #include "crypto/xts_aes.h" From eff9bddfe6d04c2ea41e3ef672d74caa5c0e93c8 Mon Sep 17 00:00:00 2001 From: Jason Andryuk Date: Tue, 7 Feb 2023 11:41:36 -0500 Subject: [PATCH 06/10] td-blkif: Make static inline functions tapdisk_xenblkif_evtchn_event_id() tapdisk_xenblkif_chkrng_event_id() tapdisk_xenblkif_stoppolling_event_id() Can all be static inline functions within td-blkif.c Signed-off-by: Jason Andryuk --- drivers/td-blkif.c | 56 +++++++++++++++++++++++++++++----------------- drivers/td-blkif.h | 22 ------------------ 2 files changed, 35 insertions(+), 43 deletions(-) diff --git a/drivers/td-blkif.c b/drivers/td-blkif.c index 631f96d8..50b4206e 100644 --- a/drivers/td-blkif.c +++ b/drivers/td-blkif.c @@ -50,6 +50,41 @@ #include "td-ctx.h" #include "td-req.h" + +/** + * Returns the event ID associated with the event channel. Since the event + * channel can be shared by multiple block interfaces, the event ID will be + * shared as well. + */ +static inline event_id_t +tapdisk_xenblkif_evtchn_event_id(const struct td_xenblkif *blkif) +{ + return blkif->ctx->ring_event; +} + + +/** + * Returns the event ID associated with checking the ring. This is a private + * event. + */ +static inline event_id_t +tapdisk_xenblkif_chkrng_event_id(const struct td_xenblkif * const blkif) +{ + return blkif->chkrng_event; +} + + +/** + * Returns the event ID associated with stopping polling. This is a private + * event. + */ +static inline event_id_t +tapdisk_xenblkif_stoppolling_event_id(const struct td_xenblkif * const blkif) +{ + return blkif->stoppolling_event; +} + + struct td_xenblkif * tapdisk_xenblkif_find(const domid_t domid, const int devid) { @@ -627,27 +662,6 @@ tapdisk_xenblkif_connect(domid_t domid, int devid, const grant_ref_t * grefs, } -event_id_t -tapdisk_xenblkif_evtchn_event_id(const struct td_xenblkif *blkif) -{ - return blkif->ctx->ring_event; -} - - -event_id_t -tapdisk_xenblkif_chkrng_event_id(const struct td_xenblkif *blkif) -{ - return blkif->chkrng_event; -} - - -event_id_t -tapdisk_xenblkif_stoppolling_event_id(const struct td_xenblkif *blkif) -{ - return blkif->stoppolling_event; -} - - int tapdisk_xenblkif_ring_stats_update(struct td_xenblkif *blkif) { diff --git a/drivers/td-blkif.h b/drivers/td-blkif.h index b50fa8a5..7aa77ec2 100644 --- a/drivers/td-blkif.h +++ b/drivers/td-blkif.h @@ -265,28 +265,6 @@ tapdisk_xenblkif_destroy(struct td_xenblkif * blkif); struct td_xenblkif * tapdisk_xenblkif_find(const domid_t domid, const int devid); -/** - * Returns the event ID associated with the event channel. Since the event - * channel can be shared by multiple block interfaces, the event ID will be - * shared as well. - */ -extern event_id_t -tapdisk_xenblkif_evtchn_event_id(const struct td_xenblkif *blkif); - -/** - * Returns the event ID associated wit checking the ring. This is a private - * event. - */ -extern event_id_t -tapdisk_xenblkif_chkrng_event_id(const struct td_xenblkif * const blkif); - -/** - * Returns the event ID associated with stopping polling. This is a private - * event. - */ -extern event_id_t -tapdisk_xenblkif_stoppolling_event_id(const struct td_xenblkif * const blkif); - /** * Updates ring stats. */ From e332439aecd21d42041a360971c2d55d6d92f658 Mon Sep 17 00:00:00 2001 From: Jason Andryuk Date: Tue, 7 Feb 2023 11:43:41 -0500 Subject: [PATCH 07/10] Make tapdisk_vbd_contains_dead_rings static inline Move into the header as a proper static inline. Signed-off-by: Jason Andryuk --- drivers/tapdisk-vbd.c | 7 ------- drivers/tapdisk-vbd.h | 6 +++++- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/drivers/tapdisk-vbd.c b/drivers/tapdisk-vbd.c index 21fea471..0fc5ac64 100644 --- a/drivers/tapdisk-vbd.c +++ b/drivers/tapdisk-vbd.c @@ -1875,10 +1875,3 @@ tapdisk_vbd_stats(td_vbd_t *vbd, td_stats_t *st) tapdisk_stats_leave(st, '}'); } - - -bool -tapdisk_vbd_contains_dead_rings(td_vbd_t * vbd) -{ - return !list_empty(&vbd->dead_rings); -} diff --git a/drivers/tapdisk-vbd.h b/drivers/tapdisk-vbd.h index aae9404e..b27818f6 100644 --- a/drivers/tapdisk-vbd.h +++ b/drivers/tapdisk-vbd.h @@ -246,5 +246,9 @@ void tapdisk_vbd_complete_block_status_request(td_request_t, int); /** * Tells whether the VBD contains at least one dead ring. */ -bool tapdisk_vbd_contains_dead_rings(td_vbd_t * vbd); +static inline bool +tapdisk_vbd_contains_dead_rings(td_vbd_t * vbd) +{ + return !list_empty(&vbd->dead_rings); +} #endif From 159443767caf519a7ff18c0117e29c7fde277eb0 Mon Sep 17 00:00:00 2001 From: Jason Andryuk Date: Fri, 13 Oct 2023 08:45:14 -0400 Subject: [PATCH 08/10] blktap: Remove __RD* macros The __RD* macros are already defined in Xen's io/ring.h which is included through blkif.h and they have been there for years. In Xen 4.18 the macros changed for MISRA and now the definitions are out of sync leading to redefinition errors. Just remove the local versions and rely on the io/ring.h ones. Signed-off-by: Jason Andryuk --- drivers/tapdisk-blktap.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/drivers/tapdisk-blktap.c b/drivers/tapdisk-blktap.c index d706724c..790a8975 100644 --- a/drivers/tapdisk-blktap.c +++ b/drivers/tapdisk-blktap.c @@ -61,12 +61,6 @@ #define WARN(_f, _a...) tlog_syslog(TLOG_WARN, "WARNING: "_f "in %s:%d", \ ##_a, __func__, __LINE__) -#define __RD2(_x) (((_x) & 0x00000002) ? 0x2 : ((_x) & 0x1)) -#define __RD4(_x) (((_x) & 0x0000000c) ? __RD2((_x)>>2)<<2 : __RD2(_x)) -#define __RD8(_x) (((_x) & 0x000000f0) ? __RD4((_x)>>4)<<4 : __RD4(_x)) -#define __RD16(_x) (((_x) & 0x0000ff00) ? __RD8((_x)>>8)<<8 : __RD8(_x)) -#define __RD32(_x) (((_x) & 0xffff0000) ? __RD16((_x)>>16)<<16 : __RD16(_x)) - #define BLKTAP_RD32(_n) __RD32(_n) #define BLKTAP_RING_SIZE __BLKTAP_RING_SIZE(PAGE_SIZE) From 8baa12db996d71f03a79493413d9dcec6e35c328 Mon Sep 17 00:00:00 2001 From: Jason Andryuk Date: Fri, 13 Oct 2023 09:04:39 -0400 Subject: [PATCH 09/10] Fix -Werror=stringop-truncation errors In the lib/vhd code: In function 'safe_strncpy', inlined from 'vhd_initialize_footer' at libvhd.c:2882:2: include/util.h:46:17: error: 'strncpy' output truncated before terminating nul copying 3 bytes from a string of the same length [-Werror=stringop-truncation] 46 | pdest = strncpy(dest, src, n - 1); In the lvm code twice: In function 'safe_strncpy', inlined from 'lvm_copy_name' at lvm-util.c:71:2, inlined from 'lvm_scan_lvs' at lvm-util.c:289:9: include/util.h:46:17: error: 'strncpy' output may be truncated copying 255 bytes from a string of length 255 [-Werror=stringop-truncation] 46 | pdest = strncpy(dest, src, n - 1); For VHD, just set the footer bytes individually and avoid the string ops. For LVM, switching back to strncpy and providing the full destination size silences the errors. strncpy does NUL terminate the string - it just may truncate. (safe_strncpy silences many other instances of stringop-truncation like: "error: 'strncpy' specified bound 1024 equals destination size", so we want to keep it.) Signed-off-by: Jason Andryuk --- lvm/lvm-util.c | 6 +++--- vhd/lib/libvhd.c | 5 ++++- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/lvm/lvm-util.c b/lvm/lvm-util.c index ab22c38c..d3ac0ba2 100644 --- a/lvm/lvm-util.c +++ b/lvm/lvm-util.c @@ -68,7 +68,7 @@ lvm_copy_name(char *dst, const char *src, size_t size) if (strnlen(src, size) == size) return -ENAMETOOLONG; - safe_strncpy(dst, src, size); + strncpy(dst, src, size); return 0; } @@ -102,7 +102,7 @@ lvm_parse_pv(struct vg *vg, const char *name, int pvs, uint64_t start) if (i == pvs) return -ENOMEM; - err = lvm_copy_name(pv->name, name, sizeof(pv->name) - 1); + err = lvm_copy_name(pv->name, name, sizeof(pv->name)); if (err) return err; @@ -286,7 +286,7 @@ lvm_scan_lvs(struct vg *vg) lv->segments = segs; lv->first_segment = seg; - err = lvm_copy_name(lv->name, name, sizeof(lv->name) - 1); + err = lvm_copy_name(lv->name, name, sizeof(lv->name)); if (err) goto out; err = -EINVAL; diff --git a/vhd/lib/libvhd.c b/vhd/lib/libvhd.c index 3b160114..9c349225 100644 --- a/vhd/lib/libvhd.c +++ b/vhd/lib/libvhd.c @@ -2879,7 +2879,10 @@ vhd_initialize_footer(vhd_context_t *ctx, int type, uint64_t size) ctx->footer.type = type; ctx->footer.saved = 0; ctx->footer.data_offset = 0xFFFFFFFFFFFFFFFFULL; - safe_strncpy(ctx->footer.crtr_app, "tap", sizeof(ctx->footer.crtr_app)); + ctx->footer.crtr_app[0] = 't'; + ctx->footer.crtr_app[1] = 'a'; + ctx->footer.crtr_app[2] = 'p'; + ctx->footer.crtr_app[3] = '\0'; uuid_generate(ctx->footer.uuid); } From 498a1244b363071cf41eb7ef08ee1b7d8bdec0f8 Mon Sep 17 00:00:00 2001 From: Jason Andryuk Date: Wed, 18 Oct 2023 08:41:08 -0400 Subject: [PATCH 10/10] cbt: Move libuuid linking OpenXT, using OpenEmbedded Dundell, fails to link cbt-util with errors like: ld: ./.libs/libcbtutil.a(cbt-util.o): in function `cbt_util_set': ld: cbt/cbt-util.c:360: undefined reference to `uuid_parse' libcbtutil.a/cbt-util.c reference the uuid funtions, and main.c doesn't have any references. Move the linking to the library to resolve the issue. Signed-off-by: Jason Andryuk --- cbt/Makefile.am | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cbt/Makefile.am b/cbt/Makefile.am index 83307f6d..b7a6bdf1 100644 --- a/cbt/Makefile.am +++ b/cbt/Makefile.am @@ -9,9 +9,10 @@ sbin_PROGRAMS = cbt-util noinst_LTLIBRARIES = libcbtutil.la libcbtutil_la_SOURCES = cbt-util.c +libcbtutil_la_LIBADD = -luuid cbt_util_SOURCES = main.c -cbt_util_LDADD = -lrt -luuid libcbtutil.la +cbt_util_LDADD = -lrt libcbtutil.la clean-local: -rm -rf *.gc??