[PATCH] fs: partitions: efi: Fix bound check

[PATCH] fs: partitions: efi: Fix bound check

[Antti P Miettinen]

Use ARRAY_SIZE instead of sizeof to get proper max for label
length.

Signed-off-by: Antti P Miettinen <amiettinen@nvidia.com>
Reviewed-by: Hiroshi Doyu <hdoyu@nvidia.com>
Tested-by: Hiroshi Doyu <hdoyu@nvidia.com>
---
 block/partitions/efi.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/block/partitions/efi.c b/block/partitions/efi.c
index a8287b4..dc51f46 100644
--- a/block/partitions/efi.c
+++ b/block/partitions/efi.c
@@ -96,6 +96,7 @@
  * - Code works, detects all the partitions.
  *
  ************************************************************/
+#include <linux/kernel.h>
 #include <linux/crc32.h>
 #include <linux/ctype.h>
 #include <linux/math64.h>
@@ -715,8 +716,8 @@ int efi_partition(struct parsed_partitions *state)
 		efi_guid_unparse(&ptes[i].unique_partition_guid, info->uuid);
 
 		/* Naively convert UTF16-LE to 7 bits. */
-		label_max = min(sizeof(info->volname) - 1,
-				sizeof(ptes[i].partition_name));
+		label_max = min(ARRAY_SIZE(info->volname) - 1,
+				ARRAY_SIZE(ptes[i].partition_name));
 		info->volname[label_max] = 0;
 		while (label_count < label_max) {
 			u8 c = ptes[i].partition_name[label_count] & 0xff;
-- 
1.8.3.2

Re: [PATCH] fs: partitions: efi: Fix bound check

[Andrew Morton]

On Fri, 15 Nov 2013 19:14:22 +0200 (EET) Antti P Miettinen <amiettinen@nvidia.com> wrote:

> Use ARRAY_SIZE instead of sizeof to get proper max for label
> length.
> 
> Signed-off-by: Antti P Miettinen <amiettinen@nvidia.com>
> Reviewed-by: Hiroshi Doyu <hdoyu@nvidia.com>
> Tested-by: Hiroshi Doyu <hdoyu@nvidia.com>

When fixing a bug, please provide a description of the user-visible
impact of that bug.  This is so that others can decide which kernel
version(s) need the patch.  

Hiroshi Doyu tested this patch, so I assume there was some observable
misbehaviour to test.  Please fully describe that.

Re: [PATCH] fs: partitions: efi: Fix bound check

[Antti Miettinen]

On 20.11.2013 02:04, Andrew Morton wrote:
> On Fri, 15 Nov 2013 19:14:22 +0200 (EET) Antti P Miettinen
> <amiettinen@nvidia.com> wrote:
>
>  > Use ARRAY_SIZE instead of sizeof to get proper max for label
>  > length.
>  >
>  > Signed-off-by: Antti P Miettinen <amiettinen@nvidia.com>
>  > Reviewed-by: Hiroshi Doyu <hdoyu@nvidia.com>
>  > Tested-by: Hiroshi Doyu <hdoyu@nvidia.com>
>
> When fixing a bug, please provide a description of the user-visible
> impact of that bug.  This is so that others can decide which kernel
> version(s) need the patch.
>
> Hiroshi Doyu tested this patch, so I assume there was some observable
> misbehaviour to test.  Please fully describe that.

Since this is just a read out of bounds it's not that bad, but the 
problem becomes user-visible e.g. if one tries to use 
CONFIG_DEBUG_PAGEALLOC and CONFIG_DEBUG_RODATA, at least with some 
enhancements from Hiroshi. Of course the destination array can contain 
garbage when we read beyond the end of source array so that would be 
another user-visible problem.

Should I send a new version with better commit message?

	--Antti

Re: [PATCH] fs: partitions: efi: Fix bound check

[Hiroshi Doyu]

Antti Miettinen <amiettinen@nvidia.com> wrote @ Wed, 20 Nov 2013 08:18:50 +0100:

> On 20.11.2013 02:04, Andrew Morton wrote:
> > On Fri, 15 Nov 2013 19:14:22 +0200 (EET) Antti P Miettinen
> > <amiettinen@nvidia.com> wrote:
> >
> >  > Use ARRAY_SIZE instead of sizeof to get proper max for label
> >  > length.
> >  >
> >  > Signed-off-by: Antti P Miettinen <amiettinen@nvidia.com>
> >  > Reviewed-by: Hiroshi Doyu <hdoyu@nvidia.com>
> >  > Tested-by: Hiroshi Doyu <hdoyu@nvidia.com>
> >
> > When fixing a bug, please provide a description of the user-visible
> > impact of that bug.  This is so that others can decide which kernel
> > version(s) need the patch.
> >
> > Hiroshi Doyu tested this patch, so I assume there was some observable
> > misbehaviour to test.  Please fully describe that.
> 
> Since this is just a read out of bounds it's not that bad, but the 
> problem becomes user-visible e.g. if one tries to use 
> CONFIG_DEBUG_PAGEALLOC and CONFIG_DEBUG_RODATA, at least with some 
> enhancements from Hiroshi.

The above enhancement is almost ARCH_SUPPORTS_DEBUG_PAGEALLOC for ARM,
which could catch illegal memory access(read/write) with a page fault
although that enhancement itself needs some cleanups before being
upstreamed.

Re: [PATCH] fs: partitions: efi: Fix bound check

[Davidlohr Bueso]

On Wed, 2013-11-20 at 08:18 +0100, Antti Miettinen wrote:
> On 20.11.2013 02:04, Andrew Morton wrote:
> > On Fri, 15 Nov 2013 19:14:22 +0200 (EET) Antti P Miettinen
> > <amiettinen@nvidia.com> wrote:
> >
> >  > Use ARRAY_SIZE instead of sizeof to get proper max for label
> >  > length.
> >  >
> >  > Signed-off-by: Antti P Miettinen <amiettinen@nvidia.com>
> >  > Reviewed-by: Hiroshi Doyu <hdoyu@nvidia.com>
> >  > Tested-by: Hiroshi Doyu <hdoyu@nvidia.com>
> >
> > When fixing a bug, please provide a description of the user-visible
> > impact of that bug.  This is so that others can decide which kernel
> > version(s) need the patch.
> >
> > Hiroshi Doyu tested this patch, so I assume there was some observable
> > misbehaviour to test.  Please fully describe that.
> 
> Since this is just a read out of bounds it's not that bad, but the 
> problem becomes user-visible e.g. if one tries to use 
> CONFIG_DEBUG_PAGEALLOC and CONFIG_DEBUG_RODATA, at least with some 
> enhancements from Hiroshi. Of course the destination array can contain 
> garbage when we read beyond the end of source array so that would be 
> another user-visible problem.
> 

Cc'ing Will - this path as been untouched since it's inclusion back in
2.6.37:

commit eec7ecfede74bb996060efefd5c157acd5794e8a
Author: Will Drewry <wad@chromium.org>
Date:   Tue Aug 31 15:47:06 2010 -0500

    genhd, efi: add efi partition metadata to hd_structs
    
    This change extends the partition_meta_info structure to
    support EFI GPT-specific metadata and ensures that data
    is copied in on partition scanning.
    
    Signed-off-by: Will Drewry <wad@chromium.org>
    Signed-off-by: Jens Axboe <jaxboe@fusionio.com>


> Should I send a new version with better commit message?
> 
> 	--Antti

Re: [PATCH] fs: partitions: efi: Fix bound check

[Davidlohr Bueso]

On Fri, 2013-11-15 at 19:14 +0200, Antti P Miettinen wrote:
> Use ARRAY_SIZE instead of sizeof to get proper max for label
> length.
> 
> Signed-off-by: Antti P Miettinen <amiettinen@nvidia.com>
> Reviewed-by: Hiroshi Doyu <hdoyu@nvidia.com>
> Tested-by: Hiroshi Doyu <hdoyu@nvidia.com>

I haven't tested the patch, but using ARRAY_SIZE for fields defined as
arrays does make more sense than sizeof.

Acked-by: Davidlohr Bueso <davidlohr@hp.com>

> ---
>  block/partitions/efi.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/block/partitions/efi.c b/block/partitions/efi.c
> index a8287b4..dc51f46 100644
> --- a/block/partitions/efi.c
> +++ b/block/partitions/efi.c
> @@ -96,6 +96,7 @@
>   * - Code works, detects all the partitions.
>   *
>   ************************************************************/
> +#include <linux/kernel.h>
>  #include <linux/crc32.h>
>  #include <linux/ctype.h>
>  #include <linux/math64.h>
> @@ -715,8 +716,8 @@ int efi_partition(struct parsed_partitions *state)
>  		efi_guid_unparse(&ptes[i].unique_partition_guid, info->uuid);
>  
>  		/* Naively convert UTF16-LE to 7 bits. */
> -		label_max = min(sizeof(info->volname) - 1,
> -				sizeof(ptes[i].partition_name));
> +		label_max = min(ARRAY_SIZE(info->volname) - 1,
> +				ARRAY_SIZE(ptes[i].partition_name));
>  		info->volname[label_max] = 0;
>  		while (label_count < label_max) {
>  			u8 c = ptes[i].partition_name[label_count] & 0xff;