From: Michael Schmitz schmitzmic@gmail.com
[ Upstream commit fc3d092c6bb48d5865fec15ed5b333c12f36288c ]
The Amiga partition parser module uses signed int for partition sector address and count, which will overflow for disks larger than 1 TB.
Use sector_t as type for sector address and size to allow using disks up to 2 TB without LBD support, and disks larger than 2 TB with LBD.
This bug was reported originally in 2012, and the fix was created by the RDB author, Joanne Dow jdow@earthlink.net. A patch had been discussed and reviewed on linux-m68k at that time but never officially submitted. This patch differs from Joanne's patch only in its use of sector_t instead of unsigned int. No checking for overflows is done (see patch 3 of this series for that).
Reported-by: Martin Steigerwald Martin@lichtvoll.de Closes: https://bugzilla.kernel.org/show_bug.cgi?id=43511 Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Message-ID: 201206192146.09327.Martin@lichtvoll.de Cc: stable@vger.kernel.org # 5.2 Signed-off-by: Michael Schmitz schmitzmic@gmail.com Tested-by: Martin Steigerwald Martin@lichtvoll.de Reviewed-by: Geert Uytterhoeven geert@linux-m68k.org Reviewed-by: Christoph Hellwig hch@lst.de Link: https://lore.kernel.org/r/20230620201725.7020-2-schmitzmic@gmail.com Signed-off-by: Jens Axboe axboe@kernel.dk Signed-off-by: Sasha Levin sashal@kernel.org --- block/partitions/amiga.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/block/partitions/amiga.c b/block/partitions/amiga.c index 560936617d9c1..4a4160221183b 100644 --- a/block/partitions/amiga.c +++ b/block/partitions/amiga.c @@ -32,7 +32,8 @@ int amiga_partition(struct parsed_partitions *state) unsigned char *data; struct RigidDiskBlock *rdb; struct PartitionBlock *pb; - int start_sect, nr_sects, blk, part, res = 0; + sector_t start_sect, nr_sects; + int blk, part, res = 0; int blksize = 1; /* Multiplier for disk block size */ int slot = 1; char b[BDEVNAME_SIZE]; @@ -100,14 +101,14 @@ int amiga_partition(struct parsed_partitions *state)
/* Tell Kernel about it */
- nr_sects = (be32_to_cpu(pb->pb_Environment[10]) + 1 - - be32_to_cpu(pb->pb_Environment[9])) * + nr_sects = ((sector_t)be32_to_cpu(pb->pb_Environment[10]) + 1 - + be32_to_cpu(pb->pb_Environment[9])) * be32_to_cpu(pb->pb_Environment[3]) * be32_to_cpu(pb->pb_Environment[5]) * blksize; if (!nr_sects) continue; - start_sect = be32_to_cpu(pb->pb_Environment[9]) * + start_sect = (sector_t)be32_to_cpu(pb->pb_Environment[9]) * be32_to_cpu(pb->pb_Environment[3]) * be32_to_cpu(pb->pb_Environment[5]) * blksize;
On Mon, Apr 15, 2024 at 3:38 PM Sasha Levin sashal@kernel.org wrote:
From: Michael Schmitz schmitzmic@gmail.com
[ Upstream commit fc3d092c6bb48d5865fec15ed5b333c12f36288c ]
The Amiga partition parser module uses signed int for partition sector address and count, which will overflow for disks larger than 1 TB.
Use sector_t as type for sector address and size to allow using disks up to 2 TB without LBD support, and disks larger than 2 TB with LBD.
This bug was reported originally in 2012, and the fix was created by the RDB author, Joanne Dow jdow@earthlink.net. A patch had been discussed and reviewed on linux-m68k at that time but never officially submitted. This patch differs from Joanne's patch only in its use of sector_t instead of unsigned int. No checking for overflows is done (see patch 3 of this series for that).
Reported-by: Martin Steigerwald Martin@lichtvoll.de Closes: https://bugzilla.kernel.org/show_bug.cgi?id=43511 Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Message-ID: 201206192146.09327.Martin@lichtvoll.de Cc: stable@vger.kernel.org # 5.2
^^^ Before commit 72deb455b5ec619f ("block: remove CONFIG_LBDAF") in v5.2, support for 64-bit sector_t and blkcnt_t was optional on 32-bit architectures.
Signed-off-by: Michael Schmitz schmitzmic@gmail.com Tested-by: Martin Steigerwald Martin@lichtvoll.de Reviewed-by: Geert Uytterhoeven geert@linux-m68k.org Reviewed-by: Christoph Hellwig hch@lst.de Link: https://lore.kernel.org/r/20230620201725.7020-2-schmitzmic@gmail.com Signed-off-by: Jens Axboe axboe@kernel.dk Signed-off-by: Sasha Levin sashal@kernel.org
block/partitions/amiga.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/block/partitions/amiga.c b/block/partitions/amiga.c index 560936617d9c1..4a4160221183b 100644 --- a/block/partitions/amiga.c +++ b/block/partitions/amiga.c @@ -32,7 +32,8 @@ int amiga_partition(struct parsed_partitions *state) unsigned char *data; struct RigidDiskBlock *rdb; struct PartitionBlock *pb;
int start_sect, nr_sects, blk, part, res = 0;
sector_t start_sect, nr_sects;int blk, part, res = 0; int blksize = 1; /* Multiplier for disk block size */ int slot = 1; char b[BDEVNAME_SIZE];@@ -100,14 +101,14 @@ int amiga_partition(struct parsed_partitions *state)
/* Tell Kernel about it */
nr_sects = (be32_to_cpu(pb->pb_Environment[10]) + 1 -be32_to_cpu(pb->pb_Environment[9])) *
nr_sects = ((sector_t)be32_to_cpu(pb->pb_Environment[10]) + 1 -be32_to_cpu(pb->pb_Environment[9])) * be32_to_cpu(pb->pb_Environment[3]) * be32_to_cpu(pb->pb_Environment[5]) * blksize; if (!nr_sects) continue;
start_sect = be32_to_cpu(pb->pb_Environment[9]) *
start_sect = (sector_t)be32_to_cpu(pb->pb_Environment[9]) * be32_to_cpu(pb->pb_Environment[3]) * be32_to_cpu(pb->pb_Environment[5]) * blksize;
Gr{oetje,eeting}s,
Geert
-- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds
linux-stable-mirror@lists.linaro.org
-
Geert Uytterhoeven -
Sasha Levin