From patchwork Wed Jun 27 01:24:21 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Schmitz <schmitzmic@gmail.com>
X-Patchwork-Id: 10490401
Return-Path: <linux-block-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	4CC9460386 for <patchwork-linux-block@patchwork.kernel.org>;
	Wed, 27 Jun 2018 01:34:08 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3A5841FF29
	for <patchwork-linux-block@patchwork.kernel.org>;
	Wed, 27 Jun 2018 01:34:08 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 2DC2B28A10; Wed, 27 Jun 2018 01:34:08 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED, FREEMAIL_FROM, MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BE9DA1FF29
	for <patchwork-linux-block@patchwork.kernel.org>;
	Wed, 27 Jun 2018 01:34:07 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752619AbeF0BeH (ORCPT
	<rfc822;patchwork-linux-block@patchwork.kernel.org>);
	Tue, 26 Jun 2018 21:34:07 -0400
Received: from mx4-int.auckland.ac.nz ([130.216.125.246]:18367 "EHLO
	mx4-int.auckland.ac.nz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752258AbeF0BeG (ORCPT
	<rfc822;linux-block@vger.kernel.org>);
	Tue, 26 Jun 2018 21:34:06 -0400
X-Greylist: delayed 583 seconds by postgrey-1.27 at vger.kernel.org;
	Tue, 26 Jun 2018 21:34:05 EDT
X-IronPort-AV: E=Sophos;i="5.51,277,1526299200";
	d="scan'208,223";a="18278574"
X-Ironport-HAT: UNIVERSITY - $RELAY-THROTTLE
X-Ironport-Source: 130.216.57.67 - Outgoing - Outgoing
Received: from nmr-admin.che.auckland.ac.nz (HELO nmr-admin)
	([130.216.57.67])
	by mx4-int.auckland.ac.nz with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
	27 Jun 2018 13:24:21 +1200
Received: by nmr-admin (Postfix, from userid 1000)
	id 80B8F24E094; Wed, 27 Jun 2018 13:24:21 +1200 (NZST)
Subject: Subject: [PATCH RFC] block: fix Amiga RDB partition support for
	disks >= 2 TB
From: schmitzmic@gmail.com
CC: <geert@linux-m68k.org-r>, <jdow@earthlink.net>,
	<martin@lichtvoll.de>, <linux-m68k@lists.linux-m68k.org>,
	<linux-block@vger.kernel.org>
To: <schmitzmic@gmail.com>, <axboe@kernel.dk>
X-Mailer: mail (GNU Mailutils 2.99.98)
Message-Id: <20180627012421.80B8F24E094@nmr-admin>
Date: Wed, 27 Jun 2018 13:24:21 +1200 (NZST)
Sender: linux-block-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-block.vger.kernel.org>
X-Mailing-List: linux-block@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From 5299e0e64dfb33ac3a1f3137b42178734ce20087 Mon Sep 17 00:00:00 2001

The Amiga RDB partition parser module uses int for partition sector
address and count, which will overflow for disks 2 TB and larger.

Use sector_t as type for sector address and size (as expected by
put_partition) to allow using such disks without danger of data
corruption.

This bug was reported originally in 2012 by Martin Steigerwald
<Martin@lichtvoll.de>, and the fix was created by the RDB author,
Joanne Dow <jdow@earthlink.net>. The patch had been discussed and
reviewed on linux-m68k at that time but never officially submitted.

Following a stern warning by Joanne, a warning is printed if any
partition is found to overflow the old 32 bit calculations, on the
grounds that such a partition would be misparses on legacy 32 bit
systems (other than Linux).

Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=43511
Reported-by: Martin Steigerwald <Martin@lichtvoll.de>
Message-ID: <201206192146.09327.Martin@lichtvoll.de>
Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
Tested-by: Martin Steigerwald <Martin@lichtvoll.de>
Tested-by: Michael Schmitz <schmitzmic@gmail.com>
---
 block/partitions/amiga.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/block/partitions/amiga.c b/block/partitions/amiga.c
index 5609366..42c3f38 100644
--- a/block/partitions/amiga.c
+++ b/block/partitions/amiga.c
@@ -32,7 +32,8 @@ int amiga_partition(struct parsed_partitions *state)
 	unsigned char *data;
 	struct RigidDiskBlock *rdb;
 	struct PartitionBlock *pb;
-	int start_sect, nr_sects, blk, part, res = 0;
+	sector_t start_sect, nr_sects;
+	int blk, part, res = 0;
 	int blksize = 1;	/* Multiplier for disk block size */
 	int slot = 1;
 	char b[BDEVNAME_SIZE];
@@ -111,6 +112,16 @@ int amiga_partition(struct parsed_partitions *state)
 			     be32_to_cpu(pb->pb_Environment[3]) *
 			     be32_to_cpu(pb->pb_Environment[5]) *
 			     blksize;
+		if (start_sect > INT_MAX || nr_sects > INT_MAX
+			|| (start_sect + nr_sects) > INT_MAX) {
+			pr_err("%s: Warning: RDB partition overflow!\n",
+				bdevname(state->bdev, b));
+			pr_err("%s: start 0x%llX size 0x%llX\n",
+				bdevname(state->bdev, b), start_sect,
+				nr_sects);
+			pr_err("%s: partition incompatible with 32 bit OS\n",
+				bdevname(state->bdev, b));
+		}
 		put_partition(state,slot++,start_sect,nr_sects);
 		{
 			/* Be even more informative to aid mounting */