| Message ID | 20230615160929.9240-1-min15.li@samsung.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | block: add capacity validation in bdev_add_partition() | expand |
On 6/16/23 01:09, min15.li wrote: > In the function bdev_add_partition(),there is no check that the start > and end sectors exceed the size of the disk before calling add_partition. > When we call the block's ioctl interface directly to add a partition, > and the capacity of the disk is set to 0 by driver,the command will > continue to execute. > > Signed-off-by: min15.li <min15.li@samsung.com> > --- > block/partitions/core.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/block/partitions/core.c b/block/partitions/core.c > index 49e0496ff23c..9806a804e1a4 100644 > --- a/block/partitions/core.c > +++ b/block/partitions/core.c > @@ -445,6 +445,12 @@ int bdev_add_partition(struct gendisk *disk, int partno, sector_t start, > goto out; > } > > + if (start >= get_capacity(disk) || > + start + length > get_capacity(disk)) { declaring: sector_t capacity = get_capacity(disk); at the beginning of the function would make this check prettier and fit on one line. > + ret = -EINVAL; > + goto out; > + } > + > if (partition_overlaps(disk, start, length, -1)) { > ret = -EBUSY; > goto out;
On Thu, Jun 15, 2023 at 04:09:29PM +0000, min15.li wrote: > + if (start >= get_capacity(disk) || > + start + length > get_capacity(disk)) { We need to check for overflows of the start + length value, probably best using a helper like check_add_overflow. Also a single tab indent (and thus the same as code below) is always wrong for continuations, plase use either two tabs or align to the opening brace.
On Thu, Jun 15, 2023 at 04:09:29PM +0000, min15.li wrote: > In the function bdev_add_partition(),there is no check that the start > and end sectors exceed the size of the disk before calling add_partition. > When we call the block's ioctl interface directly to add a partition, > and the capacity of the disk is set to 0 by driver,the command will > continue to execute. > > Signed-off-by: min15.li <min15.li@samsung.com> > --- > block/partitions/core.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/block/partitions/core.c b/block/partitions/core.c > index 49e0496ff23c..9806a804e1a4 100644 > --- a/block/partitions/core.c > +++ b/block/partitions/core.c > @@ -445,6 +445,12 @@ int bdev_add_partition(struct gendisk *disk, int partno, sector_t start, > goto out; > } > > + if (start >= get_capacity(disk) || > + start + length > get_capacity(disk)) { > + ret = -EINVAL; > + goto out; > + } > + > if (partition_overlaps(disk, start, length, -1)) { > ret = -EBUSY; > goto out; > -- > 2.34.1 > Hi, This is the friendly patch-bot of Greg Kroah-Hartman. You have sent him a patch that has triggered this response. He used to manually respond to these common problems, but in order to save his sanity (he kept writing the same thing over and over, yet to different people), I was created. Hopefully you will not take offence and will fix the problem in your patch and resubmit it so that it can be accepted into the Linux kernel tree. You are receiving this message because of the following common error(s) as indicated below: - It looks like you did not use your "real" name for the patch on either the Signed-off-by: line, or the From: line (both of which have to match). Please read the kernel file, Documentation/process/submitting-patches.rst for how to do this correctly. If you wish to discuss this problem further, or you have questions about how to resolve this issue, please feel free to respond to this email and Greg will reply once he has dug out from the pending patches received from other developers. thanks, greg k-h's patch email bot
diff --git a/block/partitions/core.c b/block/partitions/core.c index 49e0496ff23c..9806a804e1a4 100644 --- a/block/partitions/core.c +++ b/block/partitions/core.c @@ -445,6 +445,12 @@ int bdev_add_partition(struct gendisk *disk, int partno, sector_t start, goto out; } + if (start >= get_capacity(disk) || + start + length > get_capacity(disk)) { + ret = -EINVAL; + goto out; + } + if (partition_overlaps(disk, start, length, -1)) { ret = -EBUSY; goto out;
In the function bdev_add_partition(),there is no check that the start and end sectors exceed the size of the disk before calling add_partition. When we call the block's ioctl interface directly to add a partition, and the capacity of the disk is set to 0 by driver,the command will continue to execute. Signed-off-by: min15.li <min15.li@samsung.com> --- block/partitions/core.c | 6 ++++++ 1 file changed, 6 insertions(+)