On Tue, Jul 26, 2022 at 04:57:47PM +1200, Michael Schmitz wrote:
The Amiga partition parser module uses signed int for partition sector
address and count, which will overflow for disks larger than 1 TB.
Use u64 as type for sector address and size to allow using disks up to
2 TB without LBD support, and disks larger than 2 TB with LBD. The RBD
format allows to specify disk sizes up to 2^128 bytes (though native
OS limitations reduce this somewhat, to max 2^68 bytes), so check for
u64 overflow carefully to protect against overflowing sector_t.
Bail out if sector addresses overflow 32 bits on kernels without LBD
support.
This bug was reported originally in 2012, and the fix was created by
the RDB author, Joanne Dow <jdow@xxxxxxxxxxxxx>. A patch had been
discussed and reviewed on linux-m68k at that time but never officially
submitted (now resubmitted as separate patch).
This patch adds additional error checking and warning messages.
Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=43511
Reported-by: Martin Steigerwald <Martin@xxxxxxxxxxxx>
Message-ID: <201206192146.09327.Martin@xxxxxxxxxxxx>
Signed-off-by: Michael Schmitz <schmitzmic@xxxxxxxxx>
Reviewed-by: Geert Uytterhoeven <geert@xxxxxxxxxxxxxx>
---
block/partitions/amiga.c | 111 +++++++++++++++++++++++++++++++--------
1 file changed, 89 insertions(+), 22 deletions(-)
diff --git a/block/partitions/amiga.c b/block/partitions/amiga.c
index f98191545d9a..7356b39cbe10 100644
--- a/block/partitions/amiga.c
+++ b/block/partitions/amiga.c
@@ -11,10 +11,18 @@
#define pr_fmt(fmt) fmt
#include <linux/types.h>
+#include <linux/mm_types.h>
+#include <linux/overflow.h>
#include <linux/affs_hardblocks.h>
#include "check.h"
+/* magic offsets in partition DosEnvVec */
+#define NR_HD 3
+#define NR_SECT 5
+#define LO_CYL 9
+#define HI_CYL 10
The last line has a tab after the #define while the previous three
don't. Pick one style and stick to it for the others.
if (!data) {
- pr_err("Dev %s: unable to read RDB block %d\n",
- state->disk->disk_name, blk);
+ pr_err("Dev %s: unable to read RDB block %llu\n",
+ state->disk->disk_name, (u64) blk);
No need for the various printk casts, a sector_t is always an
unsigned long long.
