On Wed 18-05-16 14:09:19, Alden Tondettar wrote: > UDF/OSTA terminology is confusing. Partition Numbers (PNs) are arbitrary > 16-bit values, one for each physical partition in the volume. Partition > Reference Numbers (PRNs) are indices into the the Partition Map Table and > do not necessarily equal the PN of the mapped partition. > > The current metadata code mistakenly uses the PN instead of the PRN when > mapping metadata blocks to physical/sparable blocks. Windows-created > UDF 2.5 discs for some reason use large, arbitrary PNs, resulting in mount > failure and KASAN read warnings in udf_read_inode(). > > For example, a NetBSD UDF 2.5 partition might look like this: > > PRN PN Type > --- -- ---- > 0 0 Sparable > 1 0 Metadata > > Since PRN == PN, we are fine. > > But Windows could gives us: > > PRN PN Type > --- ---- ---- > 0 8192 Sparable > 1 8192 Metadata > > So udf_read_inode() will start out by checking the partition length in > sbi->s_partmaps[8192], which is obviously out of bounds. > > Fix this by creating a new field (s_partition_ref) in struct udf_meta_data, > referencing whatever physical or sparable map has the same partition number > as the metadata partition. > > Signed-off-by: Alden Tondettar <alden.tondettar@xxxxxxxxx> Ah, I've missed this subtlety when reading the specification! Thanks for fixing this. I've added this patch to my tree, I have just changed s_partition_ref to s_phys_partition_ref and added a comment about it to udf_sb.h.. Honza -- Jan Kara <jack@xxxxxxxx> SUSE Labs, CR -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
