verity: remove the depth parameter from bht_create

dm-bht.c

  /*
  * Copyright (C) 2010 The Chromium OS Authors <chromium-os-dev@chromium.org>
  *
  * Device-Mapper block hash tree interface.
  * See Documentation/device-mapper/dm-bht.txt for details.
  *
  * This file is released under the GPL.
  */
 
 #include <asm/atomic.h>
@@ skipping 186 matching lines @@
  * @bht:        pointer to a dm_bht_create()d bht
  * @depth:      tree depth without the root; including block hashes
  * @block_count:the number of block hashes / tree leaves
  * @alg_name:   crypto hash algorithm name
  *
  * Returns 0 on success.
  *
  * Callers can offset into devices by storing the data in the io callbacks.
  * TODO(wad) bust up into smaller helpers
  */
-int dm_bht_create(struct dm_bht *bht, unsigned int depth,
-                  unsigned int block_count, const char *alg_name)
+int dm_bht_create(struct dm_bht *bht, unsigned int block_count,
+                  const char *alg_name)
 {
         int status = 0;
         int cpu = 0;
 
         /* Allocate enough crypto contexts to be able to perform verifies
          * on all available CPUs.
          */
         bht->hash_desc = (struct hash_desc *)
                 kcalloc(nr_cpu_ids, sizeof(struct hash_desc), GFP_KERNEL);
         if (!bht->hash_desc) {
@@ skipping 56 matching lines @@
          */
         bht->node_count = 1 << bht->node_count_shift;
 
         /* This is unlikely to happen, but with 64k pages, who knows. */
         if (bht->node_count > UINT_MAX / bht->digest_size) {
                 DMERR("node_count * hash_len exceeds UINT_MAX!");
                 status = -EINVAL;
                 goto bad_node_count;
         }
 
-        /* if depth == 0, create a "regular" trie with a single root block */
-        if (depth == 0)
-                depth = DIV_ROUND_UP(fls(block_count - 1),
-                                     bht->node_count_shift);
-        if (depth > UINT_MAX / sizeof(struct dm_bht_level)) {
-                DMERR("bht depth is invalid: %u", depth);
-                status = -EINVAL;
-                goto bad_depth;
-        }
-        DMDEBUG("Setting depth to %u.", depth);
-        bht->depth = depth;
-
-        /* Ensure that we can safely shift by this value. */
-        if (depth * bht->node_count_shift >= sizeof(unsigned int) * 8) {

[Will Drewry, 2011/04/07 22:45:17]

You'll probably still want this check.  While node_count_shift may divide into
it cleanly, if the depth is too deep, the indexing using shift may
shift-off-into-space.  Or am I missing something obvious?

[Mandeep Singh Baines, 2011/04/08 14:28:40]

You're right. There is a chance. My reasoning was:

1) block_count is an unsigned int
2) block_count <= UINT_MAX
3) log2(block_count) <= log2(UINT_MAX)
4) depth * node_count_shift = log2(block_count)
5) depth * node_count_shift <= log2(UINT_MAX)

But 4) is not exactly true because of the DIV_ROUND_UP. So if block_count was
close to UINT_MAX and the round up didn't work out so well (digest_size not a
power of 2) you could have an overflow in that extreme case.

-                DMERR("specified depth and node_count_shift is too large");
-                status = -EINVAL;
-                goto bad_node_count;
-        }
+        bht->depth = DIV_ROUND_UP(fls(block_count - 1), bht->node_count_shift);
+        DMDEBUG("Setting depth to %u.", bht->depth);
 
         /* Allocate levels. Each level of the tree may have an arbitrary number
          * of dm_bht_entry structs.  Each entry contains node_count nodes.
          * Each node in the tree is a cryptographic digest of either node_count
          * nodes on the subsequent level or of a specific block on disk.
          */
         bht->levels = (struct dm_bht_level *)
-                        kcalloc(depth, sizeof(struct dm_bht_level), GFP_KERNEL);
+                        kcalloc(bht->depth,
+                                sizeof(struct dm_bht_level), GFP_KERNEL);
         if (!bht->levels) {
                 DMERR("failed to allocate tree levels");
                 status = -ENOMEM;
                 goto bad_level_alloc;
         }
 
         /* Setup callback stubs */
         bht->read_cb = &dm_bht_read_callback_stub;
         bht->write_cb = &dm_bht_write_callback_stub;
 
         status = dm_bht_initialize_entries(bht);
         if (status)
                 goto bad_entries_alloc;
 
         return 0;
 
 bad_entries_alloc:
         while (bht->depth-- > 0)
                 kfree(bht->levels[bht->depth].entries);
         kfree(bht->levels);
 bad_node_count:
 bad_level_alloc:
 bad_block_count:
-bad_depth:
         kfree(bht->root_digest);
 bad_root_digest_alloc:
 bad_digest_len:
         for (cpu = 0; cpu < nr_cpu_ids; ++cpu)
                 if (bht->hash_desc[cpu].tfm)
                         crypto_free_hash(bht->hash_desc[cpu].tfm);
 bad_hash_alg:
         kfree(bht->hash_desc);
         return status;
 }
@@ skipping 845 matching lines @@
         if (!bht->root_digest) {
                 DMERR("no root digest exists to export");
                 if (available > 0)
                         *hexdigest = 0;
                 return -1;
         }
         dm_bht_bin_to_hex(bht->root_digest, hexdigest, bht->digest_size);
         return 0;
 }
 EXPORT_SYMBOL(dm_bht_root_hexdigest);