On 6/28/2023 7:38 PM, Damien Le Moal wrote:
> On 6/29/23 19:26, Min Li wrote:
>> Before calling add partition or resize partition, there is no check
>> on whether the length is aligned with the logical block size.
>> If the logical block size of the disk is larger than 512 bytes,
>> then the partition size maybe not the multiple of the logical block size,
>> and when the last sector is read, bio_truncate() will adjust the bio size,
>> resulting in an IO error if the size of the read command is smaller than
>> the logical block size.If integrity data is supported, this will also
>> result in a null pointer dereference when calling bio_integrity_free.
>>
>> Cc: stable@xxxxxxxxxxxxxxx
>> Signed-off-by: Min Li <min15.li@xxxxxxxxxxx>>
>> ---
>> Changes from v1:
>>
>> - Add a space after /* and before */.
>> - Move length alignment check before the "start = p.start >> SECTOR_SHIFT"
>> - Move check for p.start being aligned together with this length alignment check.
>>
>> Changes from v2:
>>
>> - Add the assignment on the first line and merge the two lines into one.
>>
>> Changes from v3:
>>
>> - Change the blksz to unsigned int.
>> - Add check if p.start and p.length are negative.
>> ---
>> block/ioctl.c | 12 ++++++++----
>> 1 file changed, 8 insertions(+), 4 deletions(-)
>>
>> diff --git a/block/ioctl.c b/block/ioctl.c
>> index 3be11941fb2d..a8061c2fcae0 100644
>> --- a/block/ioctl.c
>> +++ b/block/ioctl.c
>> @@ -16,9 +16,10 @@
>> static int blkpg_do_ioctl(struct block_device *bdev,
>> struct blkpg_partition __user *upart, int op)
>> {
>> + unsigned int blksz = bdev_logical_block_size(bdev);
>> struct gendisk *disk = bdev->bd_disk;
>> struct blkpg_partition p;
>> - long long start, length;
>> + sector_t start, length;
>>
>> if (!capable(CAP_SYS_ADMIN))
>> return -EACCES;
>> @@ -33,14 +34,17 @@ static int blkpg_do_ioctl(struct block_device *bdev,
>> if (op == BLKPG_DEL_PARTITION)
>> return bdev_del_partition(disk, p.pno);
>>
>> + if (p.start < 0 || p.length <= 0 || p.start + p.length < 0)
>> + return -EINVAL;
>> + /* Check that the partition is aligned to the block size */
>> + if (!IS_ALIGNED(p.start | p.length, blksz))
>
> Minor nit: blksz is used only here now, so this could be changed to:
>
> if (!IS_ALIGNED(p.start | p.length, bdev_logical_block_size(bdev)))
>
> to not use that local variable.
>
> With or without this addressed, looks good to me.
>
> Reviewed-by: Damien Le Moal <dlemoal@xxxxxxxxxx>
>
>
With above comment addressed,
Reviewed-by: Chaitanya Kulkarni <kch@xxxxxxxxxx>
-ck
