On Mon, Apr 15, 2024 at 3:38 PM Sasha Levin sashal@kernel.org wrote:

From: Michael Schmitz schmitzmic@gmail.com

[ Upstream commit fc3d092c6bb48d5865fec15ed5b333c12f36288c ]

The Amiga partition parser module uses signed int for partition sector address and count, which will overflow for disks larger than 1 TB.

Use sector_t as type for sector address and size to allow using disks up to 2 TB without LBD support, and disks larger than 2 TB with LBD.

This bug was reported originally in 2012, and the fix was created by the RDB author, Joanne Dow jdow@earthlink.net. A patch had been discussed and reviewed on linux-m68k at that time but never officially submitted. This patch differs from Joanne's patch only in its use of sector_t instead of unsigned int. No checking for overflows is done (see patch 3 of this series for that).

Reported-by: Martin Steigerwald Martin@lichtvoll.de Closes: https://bugzilla.kernel.org/show_bug.cgi?id=43511 Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Message-ID: 201206192146.09327.Martin@lichtvoll.de Cc: stable@vger.kernel.org # 5.2

^^^ Before commit 72deb455b5ec619f ("block: remove CONFIG_LBDAF") in v5.2, support for 64-bit sector_t and blkcnt_t was optional on 32-bit architectures.

Signed-off-by: Michael Schmitz schmitzmic@gmail.com Tested-by: Martin Steigerwald Martin@lichtvoll.de Reviewed-by: Geert Uytterhoeven geert@linux-m68k.org Reviewed-by: Christoph Hellwig hch@lst.de Link: https://lore.kernel.org/r/20230620201725.7020-2-schmitzmic@gmail.com Signed-off-by: Jens Axboe axboe@kernel.dk Signed-off-by: Sasha Levin sashal@kernel.org

---

block/partitions/amiga.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/block/partitions/amiga.c b/block/partitions/amiga.c index 560936617d9c1..4a4160221183b 100644 --- a/block/partitions/amiga.c +++ b/block/partitions/amiga.c @@ -32,7 +32,8 @@ int amiga_partition(struct parsed_partitions *state) unsigned char *data; struct RigidDiskBlock *rdb; struct PartitionBlock *pb;

•   int start_sect, nr_sects, blk, part, res = 0;
  

•   sector_t start_sect, nr_sects;
  

•   int blk, part, res = 0;
    int blksize = 1;        /* Multiplier for disk block size */
    int slot = 1;
    char b[BDEVNAME_SIZE];
  

@@ -100,14 +101,14 @@ int amiga_partition(struct parsed_partitions *state)

            /* Tell Kernel about it */

•           nr_sects = (be32_to_cpu(pb->pb_Environment[10]) + 1 -
  

•                       be32_to_cpu(pb->pb_Environment[9])) *
  

•           nr_sects = ((sector_t)be32_to_cpu(pb->pb_Environment[10]) + 1 -
  

•                      be32_to_cpu(pb->pb_Environment[9])) *
                       be32_to_cpu(pb->pb_Environment[3]) *
                       be32_to_cpu(pb->pb_Environment[5]) *
                       blksize;
            if (!nr_sects)
                    continue;
  

•           start_sect = be32_to_cpu(pb->pb_Environment[9]) *
  

•           start_sect = (sector_t)be32_to_cpu(pb->pb_Environment[9]) *
                         be32_to_cpu(pb->pb_Environment[3]) *
                         be32_to_cpu(pb->pb_Environment[5]) *
                         blksize;
  

Gr{oetje,eeting}s,

Geert

-- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds