Generated wrong entry position for specific number data block number

[GoogleCodeExporter]

What steps will reproduce the problem?

1. Prepare 3rd_file image whose size is 64.4MB
2. generate hashes with command
   # veritysetup --no-superblock format 3rd_file 3rd_file_hashes 
3. generate image with the 3rd_file_hashes, verity show errors when mounting 
the image
   device-mapper: verity: metadata block 16511 is corrupted

What is the expected output? What do you see instead?

I found the problem is veritysetup generates wrong entry position for boundary 
case. for example, data block size is 16485 for data/hash block size: 4096, and 
use sha256 digest, the following code in lib/verity/verity_hash.c

       for (i = levels - 1; i >= 0; i--) {
                hash_level_block[i] = hash_position;
                // verity position of block data_file_blocks at level i
                s = data_file_blocks >> (i * hash_per_block_bits);
                s = (s + hash_per_block - 1) / hash_per_block;
                hash_level_size[i] = s;
                //
                hash_position += s;
        }

generates the below result:

hash_level_size[0] = 129
hash_level_size[1] = 1
hash_level_size[2] = 1

but a hash block only can store 128 entry of sha256(32 bytes). (4096 / 32 = 128 
entry). 

The reasonable hash size of each levels should be 

hash_level_size[0] = 129
hash_level_size[1] = 2
hash_level_size[2] = 1

If data blocks between 16385 - 16511 have this kind of problem, it means image 
size between 64.0xMB - 60.5MB will meet this problem. Actually, this problem 
happen 32768 - 32896, ... (128 * 128 * n) -- (128 * 128 * n) + 127, n = 1, 2, 
3, 4, ...

What version of the product are you using? On what operating system?

Generate hash with Cryptsetup Release 1.6.1 and test on kernel 3.4

Please provide any additional information below.

Both cryptsetup and kernel 3.4 have this problem. So I modify some code and 
make sure my image 64.4MB can work properly.
I attach the patch files.

Original issue reported on code.google.com by xuelin...@gmail.com on 18 Jun 2013 at 8:44

Attachments:

• cryptsetup-1.6.1.patch
• md_linux3.4.patch

[GoogleCodeExporter]

Thanks,
I asked Mikulas to check kernel patch, if it is verified and committed to 
upstream kernel, I'll fix userspace veritysetup as well.

(Kernel patches should go to dm-devel list but I can route it as well :-)

Original comment by gmazyl...@gmail.com on 18 Jun 2013 at 1:47

[GoogleCodeExporter]

Kernel part fix
https://www.redhat.com/archives/dm-devel/2013-June/msg00072.html

Original comment by gmazyl...@gmail.com on 28 Jun 2013 at 2:33

• Changed state: Accepted

[GoogleCodeExporter]

Fixed in
http://code.google.com/p/cryptsetup/source/detail?r=4f990d5a74898e494f3b7043a79a
9af904e253ab#

Original comment by gmazyl...@gmail.com on 28 Jun 2013 at 3:07

• Changed state: Fixed