From: Michael Schmitz <schmitzmic@gmail.com>
To: linux-block@vger.kernel.org, axboe@kernel.dk
Cc: linux-m68k@vger.kernel.org, geert@linux-m68k.org,
Michael Schmitz <schmitzmic@gmail.com>
Subject: [PATCH v7 1/2] block: fix signed int overflow in Amiga partition support
Date: Mon, 15 Oct 2018 15:32:26 +1300 [thread overview]
Message-ID: <1539570747-19906-2-git-send-email-schmitzmic@gmail.com> (raw)
In-Reply-To: <1539570747-19906-1-git-send-email-schmitzmic@gmail.com>
The Amiga partition parser module uses signed int for partition sector
address and count, which will overflow for disks larger than 1 TB.
Use sector_t as type for sector address and size to allow using disks
up to 2 TB without LBD support, and disks larger than 2 TB with LBD.
This bug was reported originally in 2012, and the fix was created by
the RDB author, Joanne Dow <jdow@earthlink.net>. A patch had been
discussed and reviewed on linux-m68k at that time but never officially
submitted. This patch differs from Joanne's patch only in its use of
sector_t instead of unsigned int. No checking for overflows is done
(see patch 2 of this series for that).
Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=43511
Reported-by: Martin Steigerwald <Martin@lichtvoll.de>
Message-ID: <201206192146.09327.Martin@lichtvoll.de>
Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
Tested-by: Martin Steigerwald <Martin@lichtvoll.de>
Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
---
Changes from v3:
- split off change of sector address type as quick fix.
- cast to sector_t in sector address calculations.
- move overflow checking to separate patch for more thorough review.
Changes from v4:
Andreas Schwab:
- correct cast to sector_t in sector address calculations
---
block/partitions/amiga.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/block/partitions/amiga.c b/block/partitions/amiga.c
index 5609366..7ea9540 100644
--- a/block/partitions/amiga.c
+++ b/block/partitions/amiga.c
@@ -32,7 +32,8 @@ int amiga_partition(struct parsed_partitions *state)
unsigned char *data;
struct RigidDiskBlock *rdb;
struct PartitionBlock *pb;
- int start_sect, nr_sects, blk, part, res = 0;
+ sector_t start_sect, nr_sects;
+ int blk, part, res = 0;
int blksize = 1; /* Multiplier for disk block size */
int slot = 1;
char b[BDEVNAME_SIZE];
@@ -100,14 +101,14 @@ int amiga_partition(struct parsed_partitions *state)
/* Tell Kernel about it */
- nr_sects = (be32_to_cpu(pb->pb_Environment[10]) + 1 -
- be32_to_cpu(pb->pb_Environment[9])) *
+ nr_sects = ((sector_t) be32_to_cpu(pb->pb_Environment[10])
+ + 1 - be32_to_cpu(pb->pb_Environment[9])) *
be32_to_cpu(pb->pb_Environment[3]) *
be32_to_cpu(pb->pb_Environment[5]) *
blksize;
if (!nr_sects)
continue;
- start_sect = be32_to_cpu(pb->pb_Environment[9]) *
+ start_sect = (sector_t) be32_to_cpu(pb->pb_Environment[9]) *
be32_to_cpu(pb->pb_Environment[3]) *
be32_to_cpu(pb->pb_Environment[5]) *
blksize;
--
1.9.1
next prev parent reply other threads:[~2018-10-15 10:15 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-15 2:32 [PATCH v7 0/2] Amiga RDB partition support fixes Michael Schmitz
2018-10-15 2:32 ` Michael Schmitz [this message]
2018-10-15 2:32 ` [PATCH v7 2/2] block: add overflow checks for Amiga partition support Michael Schmitz
2022-07-25 12:36 ` Martin Steigerwald
2022-07-25 23:03 ` Jens Axboe
2022-07-26 1:53 ` Michael Schmitz
2022-07-26 3:40 ` Jens Axboe
2022-07-26 3:58 ` Michael Schmitz
2022-08-21 20:59 ` Martin Steigerwald
2022-08-22 5:46 ` Michael Schmitz
2022-08-22 13:57 ` Jens Axboe
2022-08-22 20:39 ` Michael Schmitz
2022-08-22 20:41 ` Jens Axboe
2022-08-22 20:56 ` Michael Schmitz
2023-06-13 7:25 ` Martin Steigerwald
2023-06-13 8:18 ` Michael Schmitz
2023-06-13 10:57 ` Martin Steigerwald
2023-06-13 22:11 ` Michael Schmitz
2023-06-14 0:07 ` Finn Thain
2023-06-14 1:20 ` Michael Schmitz
2023-06-14 7:19 ` Martin Steigerwald
2023-06-14 8:43 ` Michael Schmitz
[not found] ` <05bd2c1b-a985-d935-a955-06a048d54c18@earthlink.net>
2023-06-14 19:46 ` Michael Schmitz
2023-06-15 0:13 ` Finn Thain
2023-06-15 1:06 ` Michael Schmitz
2023-06-15 4:28 ` Christoph Hellwig
2019-01-31 0:40 ` [PATCH v7 0/2] Amiga RDB partition support fixes Michael Schmitz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1539570747-19906-2-git-send-email-schmitzmic@gmail.com \
--to=schmitzmic@gmail.com \
--cc=axboe@kernel.dk \
--cc=geert@linux-m68k.org \
--cc=linux-block@vger.kernel.org \
--cc=linux-m68k@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.