linux-stable/block/partitions/amiga.c
Michael Schmitz 7eb1e47696 block/partition: fix signedness issue for Amiga partitions
Making 'blk' sector_t (i.e. 64 bit if LBD support is active) fails the
'blk>0' test in the partition block loop if a value of (signed int) -1 is
used to mark the end of the partition block list.

Explicitly cast 'blk' to signed int to allow use of -1 to terminate the
partition block linked list.

Fixes: b6f3f28f60 ("block: add overflow checks for Amiga partition support")
Reported-by: Christian Zigotzky <chzigotzky@xenosoft.de>
Link: https://lore.kernel.org/r/024ce4fa-cc6d-50a2-9aae-3701d0ebf668@xenosoft.de
Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
Reviewed-by: Martin Steigerwald <martin@lichtvoll.de>
Tested-by: Christian Zigotzky <chzigotzky@xenosoft.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2023-07-05 16:34:56 -06:00

207 lines
5.7 KiB
C

// SPDX-License-Identifier: GPL-2.0
/*
* fs/partitions/amiga.c
*
* Code extracted from drivers/block/genhd.c
*
* Copyright (C) 1991-1998 Linus Torvalds
* Re-organised Feb 1998 Russell King
*/
#define pr_fmt(fmt) fmt
#include <linux/types.h>
#include <linux/mm_types.h>
#include <linux/overflow.h>
#include <linux/affs_hardblocks.h>
#include "check.h"
/* magic offsets in partition DosEnvVec */
#define NR_HD 3
#define NR_SECT 5
#define LO_CYL 9
#define HI_CYL 10
static __inline__ u32
checksum_block(__be32 *m, int size)
{
u32 sum = 0;
while (size--)
sum += be32_to_cpu(*m++);
return sum;
}
int amiga_partition(struct parsed_partitions *state)
{
Sector sect;
unsigned char *data;
struct RigidDiskBlock *rdb;
struct PartitionBlock *pb;
u64 start_sect, nr_sects;
sector_t blk, end_sect;
u32 cylblk; /* rdb_CylBlocks = nr_heads*sect_per_track */
u32 nr_hd, nr_sect, lo_cyl, hi_cyl;
int part, res = 0;
unsigned int blksize = 1; /* Multiplier for disk block size */
int slot = 1;
for (blk = 0; ; blk++, put_dev_sector(sect)) {
if (blk == RDB_ALLOCATION_LIMIT)
goto rdb_done;
data = read_part_sector(state, blk, &sect);
if (!data) {
pr_err("Dev %s: unable to read RDB block %llu\n",
state->disk->disk_name, blk);
res = -1;
goto rdb_done;
}
if (*(__be32 *)data != cpu_to_be32(IDNAME_RIGIDDISK))
continue;
rdb = (struct RigidDiskBlock *)data;
if (checksum_block((__be32 *)data, be32_to_cpu(rdb->rdb_SummedLongs) & 0x7F) == 0)
break;
/* Try again with 0xdc..0xdf zeroed, Windows might have
* trashed it.
*/
*(__be32 *)(data+0xdc) = 0;
if (checksum_block((__be32 *)data,
be32_to_cpu(rdb->rdb_SummedLongs) & 0x7F)==0) {
pr_err("Trashed word at 0xd0 in block %llu ignored in checksum calculation\n",
blk);
break;
}
pr_err("Dev %s: RDB in block %llu has bad checksum\n",
state->disk->disk_name, blk);
}
/* blksize is blocks per 512 byte standard block */
blksize = be32_to_cpu( rdb->rdb_BlockBytes ) / 512;
{
char tmp[7 + 10 + 1 + 1];
/* Be more informative */
snprintf(tmp, sizeof(tmp), " RDSK (%d)", blksize * 512);
strlcat(state->pp_buf, tmp, PAGE_SIZE);
}
blk = be32_to_cpu(rdb->rdb_PartitionList);
put_dev_sector(sect);
for (part = 1; (s32) blk>0 && part<=16; part++, put_dev_sector(sect)) {
/* Read in terms partition table understands */
if (check_mul_overflow(blk, (sector_t) blksize, &blk)) {
pr_err("Dev %s: overflow calculating partition block %llu! Skipping partitions %u and beyond\n",
state->disk->disk_name, blk, part);
break;
}
data = read_part_sector(state, blk, &sect);
if (!data) {
pr_err("Dev %s: unable to read partition block %llu\n",
state->disk->disk_name, blk);
res = -1;
goto rdb_done;
}
pb = (struct PartitionBlock *)data;
blk = be32_to_cpu(pb->pb_Next);
if (pb->pb_ID != cpu_to_be32(IDNAME_PARTITION))
continue;
if (checksum_block((__be32 *)pb, be32_to_cpu(pb->pb_SummedLongs) & 0x7F) != 0 )
continue;
/* RDB gives us more than enough rope to hang ourselves with,
* many times over (2^128 bytes if all fields max out).
* Some careful checks are in order, so check for potential
* overflows.
* We are multiplying four 32 bit numbers to one sector_t!
*/
nr_hd = be32_to_cpu(pb->pb_Environment[NR_HD]);
nr_sect = be32_to_cpu(pb->pb_Environment[NR_SECT]);
/* CylBlocks is total number of blocks per cylinder */
if (check_mul_overflow(nr_hd, nr_sect, &cylblk)) {
pr_err("Dev %s: heads*sects %u overflows u32, skipping partition!\n",
state->disk->disk_name, cylblk);
continue;
}
/* check for consistency with RDB defined CylBlocks */
if (cylblk > be32_to_cpu(rdb->rdb_CylBlocks)) {
pr_warn("Dev %s: cylblk %u > rdb_CylBlocks %u!\n",
state->disk->disk_name, cylblk,
be32_to_cpu(rdb->rdb_CylBlocks));
}
/* RDB allows for variable logical block size -
* normalize to 512 byte blocks and check result.
*/
if (check_mul_overflow(cylblk, blksize, &cylblk)) {
pr_err("Dev %s: partition %u bytes per cyl. overflows u32, skipping partition!\n",
state->disk->disk_name, part);
continue;
}
/* Calculate partition start and end. Limit of 32 bit on cylblk
* guarantees no overflow occurs if LBD support is enabled.
*/
lo_cyl = be32_to_cpu(pb->pb_Environment[LO_CYL]);
start_sect = ((u64) lo_cyl * cylblk);
hi_cyl = be32_to_cpu(pb->pb_Environment[HI_CYL]);
nr_sects = (((u64) hi_cyl - lo_cyl + 1) * cylblk);
if (!nr_sects)
continue;
/* Warn user if partition end overflows u32 (AmigaDOS limit) */
if ((start_sect + nr_sects) > UINT_MAX) {
pr_warn("Dev %s: partition %u (%llu-%llu) needs 64 bit device support!\n",
state->disk->disk_name, part,
start_sect, start_sect + nr_sects);
}
if (check_add_overflow(start_sect, nr_sects, &end_sect)) {
pr_err("Dev %s: partition %u (%llu-%llu) needs LBD device support, skipping partition!\n",
state->disk->disk_name, part,
start_sect, end_sect);
continue;
}
/* Tell Kernel about it */
put_partition(state,slot++,start_sect,nr_sects);
{
/* Be even more informative to aid mounting */
char dostype[4];
char tmp[42];
__be32 *dt = (__be32 *)dostype;
*dt = pb->pb_Environment[16];
if (dostype[3] < ' ')
snprintf(tmp, sizeof(tmp), " (%c%c%c^%c)",
dostype[0], dostype[1],
dostype[2], dostype[3] + '@' );
else
snprintf(tmp, sizeof(tmp), " (%c%c%c%c)",
dostype[0], dostype[1],
dostype[2], dostype[3]);
strlcat(state->pp_buf, tmp, PAGE_SIZE);
snprintf(tmp, sizeof(tmp), "(res %d spb %d)",
be32_to_cpu(pb->pb_Environment[6]),
be32_to_cpu(pb->pb_Environment[4]));
strlcat(state->pp_buf, tmp, PAGE_SIZE);
}
res = 1;
}
strlcat(state->pp_buf, "\n", PAGE_SIZE);
rdb_done:
return res;
}