| Message ID | 1539304018-11786-2-git-send-email-schmitzmic@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Amiga RDB partition support fixes | expand |
Hi Michael, On Fri, Oct 12, 2018 at 2:27 AM Michael Schmitz <schmitzmic@gmail.com> wrote: > The Amiga partition parser module uses signed int for partition sector > address and count, which will overflow for disks larger than 1 TB. > > Use sector_t as type for sector address and size to allow using disks > up to 2 TB without LBD support, and disks larger than 2 TB with LBD. > > This bug was reported originally in 2012, and the fix was created by > the RDB author, Joanne Dow <jdow@earthlink.net>. A patch had been > discussed and reviewed on linux-m68k at that time but never officially > submitted. This patch differs from Joanne's patch only in its use of > sector_t instead of unsigned int. No checking for overflows is done > (see patch 2 of this series for that). > > Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=43511 > Reported-by: Martin Steigerwald <Martin@lichtvoll.de> > Message-ID: <201206192146.09327.Martin@lichtvoll.de> > Signed-off-by: Michael Schmitz <schmitzmic@gmail.com> > Tested-by: Martin Steigerwald <Martin@lichtvoll.de> Thanks for your patch! > Changes from v4: > > Andreas Schwab: > - correct cast to sector_t in sector address calculations Which you only did for the first case... > --- a/block/partitions/amiga.c > +++ b/block/partitions/amiga.c > @@ -100,14 +101,14 @@ int amiga_partition(struct parsed_partitions *state) > > /* Tell Kernel about it */ > > - nr_sects = (be32_to_cpu(pb->pb_Environment[10]) + 1 - > - be32_to_cpu(pb->pb_Environment[9])) * > + nr_sects = ((sector_t) be32_to_cpu(pb->pb_Environment[10]) ...here ... > + + 1 - be32_to_cpu(pb->pb_Environment[9])) * > be32_to_cpu(pb->pb_Environment[3]) * > be32_to_cpu(pb->pb_Environment[5]) * > blksize; > if (!nr_sects) > continue; > - start_sect = be32_to_cpu(pb->pb_Environment[9]) * > + start_sect = (sector_t) be32_to_cpu(pb->pb_Environment[9]) * ... but not here? > be32_to_cpu(pb->pb_Environment[3]) * > be32_to_cpu(pb->pb_Environment[5]) * > blksize; Gr{oetje,eeting}s, Geert
Hi Geert, Am 12.10.2018 um 21:59 schrieb Geert Uytterhoeven: >> Changes from v4: >> >> Andreas Schwab: >> - correct cast to sector_t in sector address calculations > > Which you only did for the first case... > >> --- a/block/partitions/amiga.c >> +++ b/block/partitions/amiga.c > >> @@ -100,14 +101,14 @@ int amiga_partition(struct parsed_partitions *state) >> >> /* Tell Kernel about it */ >> >> - nr_sects = (be32_to_cpu(pb->pb_Environment[10]) + 1 - >> - be32_to_cpu(pb->pb_Environment[9])) * >> + nr_sects = ((sector_t) be32_to_cpu(pb->pb_Environment[10]) > > ...here ... > >> + + 1 - be32_to_cpu(pb->pb_Environment[9])) * >> be32_to_cpu(pb->pb_Environment[3]) * >> be32_to_cpu(pb->pb_Environment[5]) * >> blksize; >> if (!nr_sects) >> continue; >> - start_sect = be32_to_cpu(pb->pb_Environment[9]) * >> + start_sect = (sector_t) be32_to_cpu(pb->pb_Environment[9]) * > > ... but not here? I meant to cast the first operand to sector_t here? Using int main(int argc, char *argv) { unsigned int a, b; unsigned long long c, d; a = 0xffffffff; b = 0xffffffff; c = a * b; d = (unsigned long long) a * b; fprintf(stdout, "%llx %llx\n", c, d); } I get this: 1 fffffffe00000001 But I can add brackets if you think the compiler might get this wrong. Cheers, Michael > >> be32_to_cpu(pb->pb_Environment[3]) * >> be32_to_cpu(pb->pb_Environment[5]) * >> blksize; > > Gr{oetje,eeting}s, > > Geert >
Hi Michael, On Sat, Oct 13, 2018 at 4:46 AM Michael Schmitz <schmitzmic@gmail.com> wrote: > Am 12.10.2018 um 21:59 schrieb Geert Uytterhoeven: > >> Changes from v4: > >> > >> Andreas Schwab: > >> - correct cast to sector_t in sector address calculations > > > > Which you only did for the first case... > > > >> --- a/block/partitions/amiga.c > >> +++ b/block/partitions/amiga.c > > > >> @@ -100,14 +101,14 @@ int amiga_partition(struct parsed_partitions *state) > >> > >> /* Tell Kernel about it */ > >> > >> - nr_sects = (be32_to_cpu(pb->pb_Environment[10]) + 1 - > >> - be32_to_cpu(pb->pb_Environment[9])) * > >> + nr_sects = ((sector_t) be32_to_cpu(pb->pb_Environment[10]) > > > > ...here ... > > > >> + + 1 - be32_to_cpu(pb->pb_Environment[9])) * > >> be32_to_cpu(pb->pb_Environment[3]) * > >> be32_to_cpu(pb->pb_Environment[5]) * > >> blksize; > >> if (!nr_sects) > >> continue; > >> - start_sect = be32_to_cpu(pb->pb_Environment[9]) * > >> + start_sect = (sector_t) be32_to_cpu(pb->pb_Environment[9]) * > > > > ... but not here? > > I meant to cast the first operand to sector_t here? Silly me. > But I can add brackets if you think the compiler might get this wrong. No it's fine as-is. Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org> Gr{oetje,eeting}s, Geert
diff --git a/block/partitions/amiga.c b/block/partitions/amiga.c index 5609366..7ea9540 100644 --- a/block/partitions/amiga.c +++ b/block/partitions/amiga.c @@ -32,7 +32,8 @@ int amiga_partition(struct parsed_partitions *state) unsigned char *data; struct RigidDiskBlock *rdb; struct PartitionBlock *pb; - int start_sect, nr_sects, blk, part, res = 0; + sector_t start_sect, nr_sects; + int blk, part, res = 0; int blksize = 1; /* Multiplier for disk block size */ int slot = 1; char b[BDEVNAME_SIZE]; @@ -100,14 +101,14 @@ int amiga_partition(struct parsed_partitions *state) /* Tell Kernel about it */ - nr_sects = (be32_to_cpu(pb->pb_Environment[10]) + 1 - - be32_to_cpu(pb->pb_Environment[9])) * + nr_sects = ((sector_t) be32_to_cpu(pb->pb_Environment[10]) + + 1 - be32_to_cpu(pb->pb_Environment[9])) * be32_to_cpu(pb->pb_Environment[3]) * be32_to_cpu(pb->pb_Environment[5]) * blksize; if (!nr_sects) continue; - start_sect = be32_to_cpu(pb->pb_Environment[9]) * + start_sect = (sector_t) be32_to_cpu(pb->pb_Environment[9]) * be32_to_cpu(pb->pb_Environment[3]) * be32_to_cpu(pb->pb_Environment[5]) * blksize;