* [PATCH] udf: Avoid excessive partition lengths
@ 2024-06-20 13:04 Jan Kara
2024-06-20 13:49 ` Matthew Wilcox
0 siblings, 1 reply; 3+ messages in thread
From: Jan Kara @ 2024-06-20 13:04 UTC (permalink / raw)
To: linux-fsdevel; +Cc: Jan Kara
Avoid mounting filesystems where the partition would overflow the
32-bits used for block number. Also refuse to mount filesystems where
the partition length is so large we cannot safely index bits in a
block bitmap.
Signed-off-by: Jan Kara <jack@suse.cz>
---
fs/udf/super.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
I plan to merge this patch through my tree.
diff --git a/fs/udf/super.c b/fs/udf/super.c
index 9381a66c6ce5..c7bdda3f9369 100644
--- a/fs/udf/super.c
+++ b/fs/udf/super.c
@@ -1110,12 +1110,19 @@ static int udf_fill_partdesc_info(struct super_block *sb,
struct udf_part_map *map;
struct udf_sb_info *sbi = UDF_SB(sb);
struct partitionHeaderDesc *phd;
+ u32 sum;
int err;
map = &sbi->s_partmaps[p_index];
map->s_partition_len = le32_to_cpu(p->partitionLength); /* blocks */
map->s_partition_root = le32_to_cpu(p->partitionStartingLocation);
+ if (check_add_overflow(map->s_partition_root, map->s_partition_len,
+ &sum)) {
+ udf_err(sb, "Partition %d has invalid location %u + %u\n",
+ p_index, map->s_partition_root, map->s_partition_len);
+ return -EFSCORRUPTED;
+ }
if (p->accessType == cpu_to_le32(PD_ACCESS_TYPE_READ_ONLY))
map->s_partition_flags |= UDF_PART_FLAG_READ_ONLY;
@@ -1171,6 +1178,14 @@ static int udf_fill_partdesc_info(struct super_block *sb,
bitmap->s_extPosition = le32_to_cpu(
phd->unallocSpaceBitmap.extPosition);
map->s_partition_flags |= UDF_PART_FLAG_UNALLOC_BITMAP;
+ /* Check whether math over bitmap won't overflow. */
+ if (check_add_overflow(map->s_partition_len,
+ sizeof(struct spaceBitmapDesc) << 3,
+ &sum)) {
+ udf_err(sb, "Partition %d it too long (%u)\n", p_index,
+ map->s_partition_len);
+ return -EFSCORRUPTED;
+ }
udf_debug("unallocSpaceBitmap (part %d) @ %u\n",
p_index, bitmap->s_extPosition);
}
--
2.35.3
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] udf: Avoid excessive partition lengths
2024-06-20 13:04 [PATCH] udf: Avoid excessive partition lengths Jan Kara
@ 2024-06-20 13:49 ` Matthew Wilcox
2024-06-20 14:07 ` Jan Kara
0 siblings, 1 reply; 3+ messages in thread
From: Matthew Wilcox @ 2024-06-20 13:49 UTC (permalink / raw)
To: Jan Kara; +Cc: linux-fsdevel
On Thu, Jun 20, 2024 at 03:04:03PM +0200, Jan Kara wrote:
> + udf_err(sb, "Partition %d it too long (%u)\n", p_index,
> + map->s_partition_len);
s/it/is/ ?
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] udf: Avoid excessive partition lengths
2024-06-20 13:49 ` Matthew Wilcox
@ 2024-06-20 14:07 ` Jan Kara
0 siblings, 0 replies; 3+ messages in thread
From: Jan Kara @ 2024-06-20 14:07 UTC (permalink / raw)
To: Matthew Wilcox; +Cc: Jan Kara, linux-fsdevel
On Thu 20-06-24 14:49:30, Matthew Wilcox wrote:
> On Thu, Jun 20, 2024 at 03:04:03PM +0200, Jan Kara wrote:
> > + udf_err(sb, "Partition %d it too long (%u)\n", p_index,
> > + map->s_partition_len);
>
> s/it/is/ ?
Yup, thanks!
Honza
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-06-20 14:07 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-06-20 13:04 [PATCH] udf: Avoid excessive partition lengths Jan Kara
2024-06-20 13:49 ` Matthew Wilcox
2024-06-20 14:07 ` Jan Kara
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).