The Amiga partition parser module uses signed int for partition sector address and count, which will overflow for disks larger than 1 TB. Use sector_t as type for sector address and size to allow using disks up to 2 TB without LBD support, and disks larger than 2 TB with LBD. This bug was reported originally in 2012, and the fix was created by the RDB author, Joanne Dow <jdow@xxxxxxxxxxxxx>. A patch had been discussed and reviewed on linux-m68k at that time but never officially submitted. This patch differs from Joanne's patch only in its use of sector_t instead of unsigned int. No checking for overflows is done (see patch 2 of this series for that). Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=43511 Reported-by: Martin Steigerwald <Martin@xxxxxxxxxxxx> Message-ID: <201206192146.09327.Martin@xxxxxxxxxxxx> Signed-off-by: Michael Schmitz <schmitzmic@xxxxxxxxx> Tested-by: Martin Steigerwald <Martin@xxxxxxxxxxxx> --- Changes from v3: - split off change of sector address type as quick fix. - cast to sector_t in sector address calculations. - move overflow checking to separate patch for more thorough review. --- block/partitions/amiga.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/block/partitions/amiga.c b/block/partitions/amiga.c index 5609366..902ddeb 100644 --- a/block/partitions/amiga.c +++ b/block/partitions/amiga.c @@ -32,7 +32,8 @@ int amiga_partition(struct parsed_partitions *state) unsigned char *data; struct RigidDiskBlock *rdb; struct PartitionBlock *pb; - int start_sect, nr_sects, blk, part, res = 0; + sector_t start_sect, nr_sects; + int blk, part, res = 0; int blksize = 1; /* Multiplier for disk block size */ int slot = 1; char b[BDEVNAME_SIZE]; @@ -100,17 +101,17 @@ int amiga_partition(struct parsed_partitions *state) /* Tell Kernel about it */ - nr_sects = (be32_to_cpu(pb->pb_Environment[10]) + 1 - - be32_to_cpu(pb->pb_Environment[9])) * + nr_sects = (sector_t) ((be32_to_cpu(pb->pb_Environment[10]) + + 1 - be32_to_cpu(pb->pb_Environment[9])) * be32_to_cpu(pb->pb_Environment[3]) * be32_to_cpu(pb->pb_Environment[5]) * - blksize; + blksize); if (!nr_sects) continue; - start_sect = be32_to_cpu(pb->pb_Environment[9]) * + start_sect = (sector_t) (be32_to_cpu(pb->pb_Environment[9]) * be32_to_cpu(pb->pb_Environment[3]) * be32_to_cpu(pb->pb_Environment[5]) * - blksize; + blksize); put_partition(state,slot++,start_sect,nr_sects); { /* Be even more informative to aid mounting */ -- 1.9.1
