From patchwork Sun Nov 4 13:42:34 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Milan Broz X-Patchwork-Id: 10666881 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 98E1A13A4 for ; Sun, 4 Nov 2018 14:06:54 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7E71D2914C for ; Sun, 4 Nov 2018 14:06:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 725C22970D; Sun, 4 Nov 2018 14:06:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.7 required=2.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 5454D2914C for ; Sun, 4 Nov 2018 14:06:53 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E4206394D39; Sun, 4 Nov 2018 14:06:51 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8CA8F1974F; Sun, 4 Nov 2018 14:06:51 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 578B24BB79; Sun, 4 Nov 2018 14:06:50 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id wA4Dh8JK002413 for ; Sun, 4 Nov 2018 08:43:08 -0500 Received: by smtp.corp.redhat.com (Postfix) id 8D450105704B; Sun, 4 Nov 2018 13:43:08 +0000 (UTC) Delivered-To: dm-devel@redhat.com Received: from mx1.redhat.com (ext-mx03.extmail.prod.ext.phx2.redhat.com [10.5.110.27]) by smtp.corp.redhat.com (Postfix) with ESMTPS id ED8C31054FD8; Sun, 4 Nov 2018 13:43:03 +0000 (UTC) Received: from mail-wr1-f67.google.com (mail-wr1-f67.google.com [209.85.221.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 21B4083F3C; Sun, 4 Nov 2018 13:43:02 +0000 (UTC) Received: by mail-wr1-f67.google.com with SMTP id 74-v6so6544581wrb.13; Sun, 04 Nov 2018 05:43:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=RUJbczvmDj0z8d3GjwvQkkn2mD73M0ygOvK3rZUYrxk=; b=n7kuucaXHc6BBFEzviC1ZQQk6jEoyE6IUEn10VdWroIPc67uKla1O9eTaxXZZHvjtB FaEAliclKbudnIYIlQVP1Re0BKLhkMtU070zMIvwN7DTa3pj8X9XzAhb3JQL+I0E0P7I MKyZvNtkbjTJLDshgE77QLUAN97TA1Q0pa6Uy0mzW4JxAMp7ZyNp8UJ8xPnpilwSGgob W2qmnvWSoo0zq/DSYD4c6ct+OkgPvumKZ9P8TqmrfOQds5zFa6hNX6ooYuXtZOryJrYu yUBQxkaPu57vtuxY+HcHi/HDrCSBVPG85o8d+weftpvDMu281klOcKza206O1xenTkH+ qagw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=RUJbczvmDj0z8d3GjwvQkkn2mD73M0ygOvK3rZUYrxk=; b=kNuD/9gNOwe9od30n+snYLRyHYcsKC2EtRVvITydXFdDZS118pgxiuvjMkW6xQ9Gag osAWXl2/afcb/vVESzTw8jk/5kgbeVRe/iBDc71IHHe8E1hkJwZ5simUn4RYVJVCyo0/ fA+ReJRUJotBUGNAUTpJSeIjFulG7Wfs5PgGFg4pxUcDZp8NEKV+Qy8ze/1/Vk10dil0 R0YJCVlbzfn15sNtstjePE6PVKoI/VtZRCId2IQPg+sL+wmpJJCiFzBQpPduYh4ORS/8 mfgTxo+UdZrevKY0NBkBv13uEWRVvg60CIAoE4K5xcaFQ8u/Yk555UUAcfJuTtP6DBji E5pA== X-Gm-Message-State: AGRZ1gJur4jspVjBApDDidC8M+h8uXWAd35vwwuTPG8tbMSbEUHM47im EhzkyOnOcv346lrbX3cElwZmMruX X-Google-Smtp-Source: AJdET5e22TUJL7wOsbiozmHITBHRYYA4G0MLwIWfZaZCJcMvX81+EzzX7fowfp9gd52hJYOO1rhjaQ== X-Received: by 2002:adf:f787:: with SMTP id q7-v6mr17575097wrp.9.1541338980342; Sun, 04 Nov 2018 05:43:00 -0800 (PST) Received: from merlot.mazyland.net (89-24-38-203.nat.epc.tmcz.cz. [89.24.38.203]) by smtp.googlemail.com with ESMTPSA id w18-v6sm3836865wrn.66.2018.11.04.05.42.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 04 Nov 2018 05:42:59 -0800 (PST) From: Milan Broz To: dm-devel@redhat.com Date: Sun, 4 Nov 2018 14:42:34 +0100 Message-Id: <20181104134234.13597-1-gmazyland@gmail.com> MIME-Version: 1.0 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Sun, 04 Nov 2018 13:43:02 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Sun, 04 Nov 2018 13:43:02 +0000 (UTC) for IP:'209.85.221.67' DOMAIN:'mail-wr1-f67.google.com' HELO:'mail-wr1-f67.google.com' FROM:'gmazyland@gmail.com' RCPT:'' X-RedHat-Spam-Score: -0.111 (DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_PASS) 209.85.221.67 mail-wr1-f67.google.com 209.85.221.67 mail-wr1-f67.google.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.27 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: dm-devel@redhat.com Cc: mpatocka@redhat.com, Milan Broz , snitzer@redhat.com Subject: [dm-devel] [RFC PATCH] dm: Check for device sector overflow if CONFIG_LBDAF is not set X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: dm-devel-bounces@redhat.com Errors-To: dm-devel-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Sun, 04 Nov 2018 14:06:52 +0000 (UTC) X-Virus-Scanned: ClamAV using ClamSMTP Reference to a device in device-mapper table contains offset in sectors. If the sector_t is 32bit integer (CONFIG_LBDAF is not set), then several device-mapper targets can overflow this offset and validity check is then performad on wrong offset and wrong table is activated. See for example (on 32bit without CONFIG_LBDAF) this overflow: # dmsetup create test --table "0 2048 linear /dev/sdg 4294967297" # dmsetup table test 0 2048 linear 8:96 1 In this patch I tried to add check for this problem to dm-linear and dm-crypt, but I am sure there are more places and I am not sure this is the proper way. Should we use uint64_t in DM internally for device offset instead? There are probably some internal calculations in dm-table.c that can overflow as well. NOTE: it is a RFC patch that is incomplete (more targets need fixes). Signed-off-by: Milan Broz --- drivers/md/dm-crypt.c | 4 ++++ drivers/md/dm-linear.c | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index 49be7a6a2e81..008fc40ef84b 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -2786,6 +2786,10 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) goto bad; } cc->start = tmpll; + if (sizeof(cc->start) < sizeof(tmpll) && cc->start != tmpll) { + ti->error = "Device sector overflow"; + goto bad; + } if (crypt_integrity_aead(cc) || cc->integrity_iv_size) { ret = crypt_integrity_ctr(cc, ti); diff --git a/drivers/md/dm-linear.c b/drivers/md/dm-linear.c index 8d7ddee6ac4d..b5a0065d1436 100644 --- a/drivers/md/dm-linear.c +++ b/drivers/md/dm-linear.c @@ -50,6 +50,10 @@ static int linear_ctr(struct dm_target *ti, unsigned int argc, char **argv) goto bad; } lc->start = tmp; + if (sizeof(lc->start) < sizeof(tmp) && lc->start != tmp) { + ti->error = "Device sector overflow"; + goto bad; + } ret = dm_get_device(ti, argv[0], dm_table_get_mode(ti->table), &lc->dev); if (ret) {