authfs: refine/rename trait ReadOnlyDataByChunk
- ReadOnlyDataByChunk is renamed to ReadByChunk
- `fn read_chunk` now takes a fixed-size array of chunk size
- Behavior change:
1. Reading beyond file size now should not crash, and should return 0.
2. `read_chunk` should return a full chunk unless it's the last
(wasn't clearly defined previously).
Bug: 181674212
Bug: 182173887
Test: atest
Change-Id: I7017b5ed986d0bfc594da58a1ed9f59ac555643e
diff --git a/authfs/src/file.rs b/authfs/src/file.rs
index 89fbd9d..9ff8ea5 100644
--- a/authfs/src/file.rs
+++ b/authfs/src/file.rs
@@ -6,6 +6,8 @@
use std::io;
+use crate::common::CHUNK_SIZE;
+
use authfs_aidl_interface::aidl::com::android::virt::fs::IVirtFdService;
use authfs_aidl_interface::binder::{get_interface, Strong};
@@ -15,14 +17,15 @@
get_interface(&service_name).expect("Cannot reach authfs_fd_server binder service")
}
-/// A trait for reading data by chunks. The data is assumed readonly and has fixed length. Chunks
-/// can be read by specifying the chunk index. Only the last chunk may have incomplete chunk size.
-pub trait ReadOnlyDataByChunk {
- /// Read the `chunk_index`-th chunk to `buf`. Each slice/chunk has size `CHUNK_SIZE` except for
- /// the last one, which can be an incomplete chunk. `buf` is currently required to be large
- /// enough to hold a full chunk of data. Reading beyond the file size (including empty file)
- /// will crash.
- fn read_chunk(&self, chunk_index: u64, buf: &mut [u8]) -> io::Result<usize>;
+pub type ChunkBuffer = [u8; CHUNK_SIZE as usize];
+
+/// A trait for reading data by chunks. Chunks can be read by specifying the chunk index. Only the
+/// last chunk may have incomplete chunk size.
+pub trait ReadByChunk {
+ /// Reads the `chunk_index`-th chunk to a `ChunkBuffer`. Returns the size read, which has to be
+ /// `CHUNK_SIZE` except for the last incomplete chunk. Reading beyond the file size (including
+ /// empty file) should return 0.
+ fn read_chunk(&self, chunk_index: u64, buf: &mut ChunkBuffer) -> io::Result<usize>;
}
/// A trait to write a buffer to the destination at a given offset. The implementation does not
diff --git a/authfs/src/file/local_file.rs b/authfs/src/file/local_file.rs
index 0692767..13c954f 100644
--- a/authfs/src/file/local_file.rs
+++ b/authfs/src/file/local_file.rs
@@ -14,20 +14,14 @@
* limitations under the License.
*/
+use std::cmp::min;
use std::fs::File;
-use std::io::Result;
+use std::io;
use std::os::unix::fs::FileExt;
-use super::ReadOnlyDataByChunk;
+use super::{ChunkBuffer, ReadByChunk};
use crate::common::CHUNK_SIZE;
-fn chunk_index_to_range(size: u64, chunk_index: u64) -> Result<(u64, u64)> {
- let start = chunk_index * CHUNK_SIZE;
- assert!(start < size);
- let end = std::cmp::min(size, start + CHUNK_SIZE);
- Ok((start, end))
-}
-
/// A read-only file that can be read by chunks.
pub struct LocalFileReader {
file: File,
@@ -36,7 +30,7 @@
impl LocalFileReader {
/// Creates a `LocalFileReader` to read from for the specified `path`.
- pub fn new(file: File) -> Result<LocalFileReader> {
+ pub fn new(file: File) -> io::Result<LocalFileReader> {
let size = file.metadata()?.len();
Ok(LocalFileReader { file, size })
}
@@ -46,12 +40,17 @@
}
}
-impl ReadOnlyDataByChunk for LocalFileReader {
- fn read_chunk(&self, chunk_index: u64, buf: &mut [u8]) -> Result<usize> {
- debug_assert!(buf.len() as u64 >= CHUNK_SIZE);
- let (start, end) = chunk_index_to_range(self.size, chunk_index)?;
- let size = (end - start) as usize;
- self.file.read_at(&mut buf[..size], start)
+impl ReadByChunk for LocalFileReader {
+ fn read_chunk(&self, chunk_index: u64, buf: &mut ChunkBuffer) -> io::Result<usize> {
+ let start = chunk_index * CHUNK_SIZE;
+ if start >= self.size {
+ return Ok(0);
+ }
+ let end = min(self.size, start + CHUNK_SIZE);
+ let read_size = (end - start) as usize;
+ debug_assert!(read_size <= buf.len());
+ self.file.read_exact_at(&mut buf[..read_size], start)?;
+ Ok(read_size)
}
}
@@ -61,7 +60,7 @@
use std::env::temp_dir;
#[test]
- fn test_read_4k_file() -> Result<()> {
+ fn test_read_4k_file() -> io::Result<()> {
let file_reader = LocalFileReader::new(File::open("testdata/input.4k")?)?;
let mut buf = [0u8; 4096];
let size = file_reader.read_chunk(0, &mut buf)?;
@@ -70,7 +69,7 @@
}
#[test]
- fn test_read_4k1_file() -> Result<()> {
+ fn test_read_4k1_file() -> io::Result<()> {
let file_reader = LocalFileReader::new(File::open("testdata/input.4k1")?)?;
let mut buf = [0u8; 4096];
let size = file_reader.read_chunk(0, &mut buf)?;
@@ -81,7 +80,7 @@
}
#[test]
- fn test_read_4m_file() -> Result<()> {
+ fn test_read_4m_file() -> io::Result<()> {
let file_reader = LocalFileReader::new(File::open("testdata/input.4m")?)?;
for index in 0..file_reader.len() / 4096 {
let mut buf = [0u8; 4096];
@@ -92,20 +91,22 @@
}
#[test]
- #[should_panic]
- fn test_read_beyond_file_size() {
+ fn test_read_beyond_file_size() -> io::Result<()> {
let file_reader = LocalFileReader::new(File::open("testdata/input.4k").unwrap()).unwrap();
let mut buf = [0u8; 4096];
- let _ = file_reader.read_chunk(1u64, &mut buf); // should panic
+ let size = file_reader.read_chunk(1u64, &mut buf)?;
+ assert_eq!(size, 0);
+ Ok(())
}
#[test]
- #[should_panic]
- fn test_read_empty_file() {
+ fn test_read_empty_file() -> io::Result<()> {
let mut temp_file = temp_dir();
temp_file.push("authfs_test_empty_file");
let file_reader = LocalFileReader::new(File::create(temp_file).unwrap()).unwrap();
let mut buf = [0u8; 4096];
- let _ = file_reader.read_chunk(0, &mut buf); // should panic
+ let size = file_reader.read_chunk(0, &mut buf)?;
+ assert_eq!(size, 0);
+ Ok(())
}
}
diff --git a/authfs/src/file/remote_file.rs b/authfs/src/file/remote_file.rs
index dbf6bd9..f2ac23f 100644
--- a/authfs/src/file/remote_file.rs
+++ b/authfs/src/file/remote_file.rs
@@ -14,12 +14,12 @@
* limitations under the License.
*/
+use std::cmp::min;
use std::convert::TryFrom;
use std::io;
-use std::io::Write;
use std::sync::{Arc, Mutex};
-use super::{RandomWrite, ReadOnlyDataByChunk};
+use super::{ChunkBuffer, RandomWrite, ReadByChunk};
use crate::common::CHUNK_SIZE;
use authfs_aidl_interface::aidl::com::android::virt::fs::IVirtFdService;
@@ -31,7 +31,7 @@
service: &Arc<Mutex<VirtFdService>>,
remote_fd: i32,
chunk_index: u64,
- mut buf: &mut [u8],
+ buf: &mut ChunkBuffer,
) -> io::Result<usize> {
let offset = i64::try_from(chunk_index * CHUNK_SIZE)
.map_err(|_| io::Error::from_raw_os_error(libc::EOVERFLOW))?;
@@ -41,7 +41,8 @@
.unwrap()
.readFile(remote_fd, offset, buf.len() as i32)
.map_err(|e| io::Error::new(io::ErrorKind::Other, e.get_description()))?;
- buf.write(&chunk)
+ buf.copy_from_slice(&chunk);
+ Ok(min(buf.len(), chunk.len()))
}
pub struct RemoteFileReader {
@@ -56,8 +57,8 @@
}
}
-impl ReadOnlyDataByChunk for RemoteFileReader {
- fn read_chunk(&self, chunk_index: u64, buf: &mut [u8]) -> io::Result<usize> {
+impl ReadByChunk for RemoteFileReader {
+ fn read_chunk(&self, chunk_index: u64, buf: &mut ChunkBuffer) -> io::Result<usize> {
remote_read_chunk(&self.service, self.file_fd, chunk_index, buf)
}
}
@@ -75,8 +76,8 @@
}
}
-impl ReadOnlyDataByChunk for RemoteMerkleTreeReader {
- fn read_chunk(&self, chunk_index: u64, mut buf: &mut [u8]) -> io::Result<usize> {
+impl ReadByChunk for RemoteMerkleTreeReader {
+ fn read_chunk(&self, chunk_index: u64, buf: &mut ChunkBuffer) -> io::Result<usize> {
let offset = i64::try_from(chunk_index * CHUNK_SIZE)
.map_err(|_| io::Error::from_raw_os_error(libc::EOVERFLOW))?;
@@ -86,7 +87,8 @@
.unwrap()
.readFsverityMerkleTree(self.file_fd, offset, buf.len() as i32)
.map_err(|e| io::Error::new(io::ErrorKind::Other, e.get_description()))?;
- buf.write(&chunk)
+ buf.copy_from_slice(&chunk);
+ Ok(min(buf.len(), chunk.len()))
}
}
@@ -116,8 +118,8 @@
}
}
-impl ReadOnlyDataByChunk for RemoteFileEditor {
- fn read_chunk(&self, chunk_index: u64, buf: &mut [u8]) -> io::Result<usize> {
+impl ReadByChunk for RemoteFileEditor {
+ fn read_chunk(&self, chunk_index: u64, buf: &mut ChunkBuffer) -> io::Result<usize> {
remote_read_chunk(&self.service, self.file_fd, chunk_index, buf)
}
}
diff --git a/authfs/src/fsverity/editor.rs b/authfs/src/fsverity/editor.rs
index 543e9ac..81ccd53 100644
--- a/authfs/src/fsverity/editor.rs
+++ b/authfs/src/fsverity/editor.rs
@@ -58,7 +58,7 @@
use super::builder::MerkleLeaves;
use crate::common::{ChunkedSizeIter, CHUNK_SIZE};
use crate::crypto::{CryptoError, Sha256Hash, Sha256Hasher};
-use crate::file::{RandomWrite, ReadOnlyDataByChunk};
+use crate::file::{ChunkBuffer, RandomWrite, ReadByChunk};
// Implement the conversion from `CryptoError` to `io::Error` just to avoid manual error type
// mapping below.
@@ -70,12 +70,12 @@
/// VerifiedFileEditor provides an integrity layer to an underlying read-writable file, which may
/// not be stored in a trusted environment. Only new, empty files are currently supported.
-pub struct VerifiedFileEditor<F: ReadOnlyDataByChunk + RandomWrite> {
+pub struct VerifiedFileEditor<F: ReadByChunk + RandomWrite> {
file: F,
merkle_tree: Arc<RwLock<MerkleLeaves>>,
}
-impl<F: ReadOnlyDataByChunk + RandomWrite> VerifiedFileEditor<F> {
+impl<F: ReadByChunk + RandomWrite> VerifiedFileEditor<F> {
/// Wraps a supposedly new file for integrity protection.
pub fn new(file: F) -> Self {
Self { file, merkle_tree: Arc::new(RwLock::new(MerkleLeaves::new())) }
@@ -148,7 +148,7 @@
}
}
-impl<F: ReadOnlyDataByChunk + RandomWrite> RandomWrite for VerifiedFileEditor<F> {
+impl<F: ReadByChunk + RandomWrite> RandomWrite for VerifiedFileEditor<F> {
fn write_at(&self, buf: &[u8], offset: u64) -> io::Result<usize> {
// Since we don't need to support 32-bit CPU, make an assert to make conversion between
// u64 and usize easy below. Otherwise, we need to check `divide_roundup(offset + buf.len()
@@ -214,8 +214,8 @@
}
}
-impl<F: ReadOnlyDataByChunk + RandomWrite> ReadOnlyDataByChunk for VerifiedFileEditor<F> {
- fn read_chunk(&self, chunk_index: u64, buf: &mut [u8]) -> io::Result<usize> {
+impl<F: ReadByChunk + RandomWrite> ReadByChunk for VerifiedFileEditor<F> {
+ fn read_chunk(&self, chunk_index: u64, buf: &mut ChunkBuffer) -> io::Result<usize> {
self.file.read_chunk(chunk_index, buf)
}
}
@@ -255,10 +255,8 @@
}
}
- impl ReadOnlyDataByChunk for InMemoryEditor {
- fn read_chunk(&self, chunk_index: u64, buf: &mut [u8]) -> io::Result<usize> {
- debug_assert!(buf.len() as u64 >= CHUNK_SIZE);
-
+ impl ReadByChunk for InMemoryEditor {
+ fn read_chunk(&self, chunk_index: u64, buf: &mut ChunkBuffer) -> io::Result<usize> {
if self.fail_read {
return Err(io::Error::new(io::ErrorKind::Other, "test!"));
}
diff --git a/authfs/src/fsverity/verifier.rs b/authfs/src/fsverity/verifier.rs
index 4af360f..13de42a 100644
--- a/authfs/src/fsverity/verifier.rs
+++ b/authfs/src/fsverity/verifier.rs
@@ -22,7 +22,7 @@
use crate::auth::Authenticator;
use crate::common::{divide_roundup, CHUNK_SIZE};
use crate::crypto::{CryptoError, Sha256Hasher};
-use crate::file::ReadOnlyDataByChunk;
+use crate::file::{ChunkBuffer, ReadByChunk};
const ZEROS: [u8; CHUNK_SIZE as usize] = [0u8; CHUNK_SIZE as usize];
@@ -36,14 +36,14 @@
Sha256Hasher::new()?.update(&chunk)?.update(&ZEROS[..padding_size])?.finalize()
}
-fn verity_check<T: ReadOnlyDataByChunk>(
+fn verity_check<T: ReadByChunk>(
chunk: &[u8],
chunk_index: u64,
file_size: u64,
merkle_tree: &T,
) -> Result<HashBuffer, FsverityError> {
// The caller should not be able to produce a chunk at the first place if `file_size` is 0. The
- // current implementation expects to crash when a `ReadOnlyDataByChunk` implementation reads
+ // current implementation expects to crash when a `ReadByChunk` implementation reads
// beyond the file size, including empty file.
assert_ne!(file_size, 0);
@@ -68,7 +68,7 @@
/// offset of the child node's hash. It is up to the iterator user to use the node and hash,
/// e.g. for the actual verification.
#[allow(clippy::needless_collect)]
-fn fsverity_walk<T: ReadOnlyDataByChunk>(
+fn fsverity_walk<T: ReadByChunk>(
chunk_index: u64,
file_size: u64,
merkle_tree: &T,
@@ -125,14 +125,14 @@
Ok(formatted_digest)
}
-pub struct VerifiedFileReader<F: ReadOnlyDataByChunk, M: ReadOnlyDataByChunk> {
+pub struct VerifiedFileReader<F: ReadByChunk, M: ReadByChunk> {
chunked_file: F,
file_size: u64,
merkle_tree: M,
root_hash: HashBuffer,
}
-impl<F: ReadOnlyDataByChunk, M: ReadOnlyDataByChunk> VerifiedFileReader<F, M> {
+impl<F: ReadByChunk, M: ReadByChunk> VerifiedFileReader<F, M> {
pub fn new<A: Authenticator>(
authenticator: &A,
chunked_file: F,
@@ -156,11 +156,8 @@
}
}
-impl<F: ReadOnlyDataByChunk, M: ReadOnlyDataByChunk> ReadOnlyDataByChunk
- for VerifiedFileReader<F, M>
-{
- fn read_chunk(&self, chunk_index: u64, buf: &mut [u8]) -> io::Result<usize> {
- debug_assert!(buf.len() as u64 >= CHUNK_SIZE);
+impl<F: ReadByChunk, M: ReadByChunk> ReadByChunk for VerifiedFileReader<F, M> {
+ fn read_chunk(&self, chunk_index: u64, buf: &mut ChunkBuffer) -> io::Result<usize> {
let size = self.chunked_file.read_chunk(chunk_index, buf)?;
let root_hash = verity_check(&buf[..size], chunk_index, self.file_size, &self.merkle_tree)
.map_err(|_| io::Error::from_raw_os_error(EIO))?;
@@ -176,7 +173,7 @@
mod tests {
use super::*;
use crate::auth::FakeAuthenticator;
- use crate::file::{LocalFileReader, ReadOnlyDataByChunk};
+ use crate::file::{LocalFileReader, ReadByChunk};
use anyhow::Result;
use std::fs::{self, File};
use std::io::Read;
@@ -215,7 +212,7 @@
for i in 0..total_chunk_number(file_size) {
let mut buf = [0u8; 4096];
- assert!(file_reader.read_chunk(i, &mut buf[..]).is_ok());
+ assert!(file_reader.read_chunk(i, &mut buf).is_ok());
}
Ok(())
}
@@ -230,7 +227,7 @@
for i in 0..total_chunk_number(file_size) {
let mut buf = [0u8; 4096];
- assert!(file_reader.read_chunk(i, &mut buf[..]).is_ok());
+ assert!(file_reader.read_chunk(i, &mut buf).is_ok());
}
Ok(())
}
@@ -245,7 +242,7 @@
for i in 0..total_chunk_number(file_size) {
let mut buf = [0u8; 4096];
- assert!(file_reader.read_chunk(i, &mut buf[..]).is_ok());
+ assert!(file_reader.read_chunk(i, &mut buf).is_ok());
}
Ok(())
}
@@ -264,9 +261,9 @@
let num_hashes = 4096 / 32;
let last_index = num_hashes;
for i in 0..last_index {
- assert!(file_reader.read_chunk(i, &mut buf[..]).is_err());
+ assert!(file_reader.read_chunk(i, &mut buf).is_err());
}
- assert!(file_reader.read_chunk(last_index, &mut buf[..]).is_ok());
+ assert!(file_reader.read_chunk(last_index, &mut buf).is_ok());
Ok(())
}
diff --git a/authfs/src/fusefs.rs b/authfs/src/fusefs.rs
index 13ec87d..4728418 100644
--- a/authfs/src/fusefs.rs
+++ b/authfs/src/fusefs.rs
@@ -34,7 +34,7 @@
use crate::common::{divide_roundup, ChunkedSizeIter, CHUNK_SIZE};
use crate::file::{
- LocalFileReader, RandomWrite, ReadOnlyDataByChunk, RemoteFileEditor, RemoteFileReader,
+ LocalFileReader, RandomWrite, ReadByChunk, RemoteFileEditor, RemoteFileReader,
RemoteMerkleTreeReader,
};
use crate::fsverity::{VerifiedFileEditor, VerifiedFileReader};
@@ -123,7 +123,7 @@
offset / CHUNK_SIZE
}
-fn read_chunks<W: io::Write, T: ReadOnlyDataByChunk>(
+fn read_chunks<W: io::Write, T: ReadByChunk>(
mut w: W,
file: &T,
file_size: u64,