[merged] block-partitions-efic-fix-bound-check.patch removed from -mm tree

akpm@xxxxxxxxxxxxxxxxxxxx · Fri, 22 Nov 2013 13:21:57 -0800

Subject: [merged] block-partitions-efic-fix-bound-check.patch removed from -mm tree
To: amiettinen@xxxxxxxxxx,davidlohr@xxxxxx,hdoyu@xxxxxxxxxx,matt.fleming@xxxxxxxxx,wad@xxxxxxxxxxxx,mm-commits@xxxxxxxxxxxxxxx
From: akpm@xxxxxxxxxxxxxxxxxxxx
Date: Fri, 22 Nov 2013 13:21:57 -0800


The patch titled
     Subject: block/partitions/efi.c: fix bound check
has been removed from the -mm tree.  Its filename was
     block-partitions-efic-fix-bound-check.patch

This patch was dropped because it was merged into mainline or a subsystem tree

------------------------------------------------------
From: Antti P Miettinen <amiettinen@xxxxxxxxxx>
Subject: block/partitions/efi.c: fix bound check

Use ARRAY_SIZE instead of sizeof to get proper max for label length.

Since this is just a read out of bounds it's not that bad, but the problem
becomes user-visible e.g.  if one tries to use CONFIG_DEBUG_PAGEALLOC and
CONFIG_DEBUG_RODATA, at least with some enhancements from Hiroshi.  Of
course the destination array can contain garbage when we read beyond the
end of source array so that would be another user-visible problem.

Signed-off-by: Antti P Miettinen <amiettinen@xxxxxxxxxx>
Reviewed-by: Hiroshi Doyu <hdoyu@xxxxxxxxxx>
Tested-by: Hiroshi Doyu <hdoyu@xxxxxxxxxx>
Cc: Will Drewry <wad@xxxxxxxxxxxx>
Cc: Matt Fleming <matt.fleming@xxxxxxxxx>
Acked-by: Davidlohr Bueso <davidlohr@xxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 block/partitions/efi.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff -puN block/partitions/efi.c~block-partitions-efic-fix-bound-check block/partitions/efi.c

--- a/block/partitions/efi.c~block-partitions-efic-fix-bound-check
+++ a/block/partitions/efi.c
@@ -96,6 +96,7 @@
  * - Code works, detects all the partitions.
  *
  ************************************************************/
+#include <linux/kernel.h>
 #include <linux/crc32.h>
 #include <linux/ctype.h>
 #include <linux/math64.h>
@@ -715,8 +716,8 @@ int efi_partition(struct parsed_partitio
 		efi_guid_unparse(&ptes[i].unique_partition_guid, info->uuid);
 
 		/* Naively convert UTF16-LE to 7 bits. */
-		label_max = min(sizeof(info->volname) - 1,
-				sizeof(ptes[i].partition_name));
+		label_max = min(ARRAY_SIZE(info->volname) - 1,
+				ARRAY_SIZE(ptes[i].partition_name));
 		info->volname[label_max] = 0;
 		while (label_count < label_max) {
 			u8 c = ptes[i].partition_name[label_count] & 0xff;
_

Patches currently in -mm which might be from amiettinen@xxxxxxxxxx are

origin.patch

--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html







