add new system file

hc

2024-02-20 102a0743326a03cd1a1202ceda21e175b7d3575c

 kernel/block/partitions/amiga.c
..
..
@@ -11,9 +11,17 @@
11
11
 #define pr_fmt(fmt) fmt
12
12
 
13
13
 #include <linux/types.h>
14
+#include <linux/mm_types.h>
15
+#include <linux/overflow.h>
14
16
 #include <linux/affs_hardblocks.h>
15
17
 
16
18
 #include "check.h"
19
+
20
+/* magic offsets in partition DosEnvVec */
21
+#define NR_HD	3
22
+#define NR_SECT	5
23
+#define LO_CYL	9
24
+#define HI_CYL	10
17
25
 
18
26
 static __inline__ u32
19
27
 checksum_block(__be32 *m, int size)
..
..
@@ -31,8 +39,12 @@
31
39
 	unsigned char *data;
32
40
 	struct RigidDiskBlock *rdb;
33
41
 	struct PartitionBlock *pb;
34
-	int start_sect, nr_sects, blk, part, res = 0;
35
-	int blksize = 1;	/* Multiplier for disk block size */
42
+	u64 start_sect, nr_sects;
43
+	sector_t blk, end_sect;
44
+	u32 cylblk;		/* rdb_CylBlocks = nr_heads*sect_per_track */
45
+	u32 nr_hd, nr_sect, lo_cyl, hi_cyl;
46
+	int part, res = 0;
47
+	unsigned int blksize = 1;	/* Multiplier for disk block size */
36
48
 	int slot = 1;
37
49
 	char b[BDEVNAME_SIZE];
38
50
 
..
..
@@ -41,7 +53,7 @@
41
53
 			goto rdb_done;
42
54
 		data = read_part_sector(state, blk, &sect);
43
55
 		if (!data) {
44
-			pr_err("Dev %s: unable to read RDB block %d\n",
56
+			pr_err("Dev %s: unable to read RDB block %llu\n",
45
57
 			       bdevname(state->bdev, b), blk);
46
58
 			res = -1;
47
59
 			goto rdb_done;
..
..
@@ -58,12 +70,12 @@
58
70
 		*(__be32 *)(data+0xdc) = 0;
59
71
 		if (checksum_block((__be32 *)data,
60
72
 				be32_to_cpu(rdb->rdb_SummedLongs) & 0x7F)==0) {
61
-			pr_err("Trashed word at 0xd0 in block %d ignored in checksum calculation\n",
73
+			pr_err("Trashed word at 0xd0 in block %llu ignored in checksum calculation\n",
62
74
 			       blk);
63
75
 			break;
64
76
 		}
65
77
 
66
-		pr_err("Dev %s: RDB in block %d has bad checksum\n",
78
+		pr_err("Dev %s: RDB in block %llu has bad checksum\n",
67
79
 		       bdevname(state->bdev, b), blk);
68
80
 	}
69
81
 
..
..
@@ -79,11 +91,16 @@
79
91
 	}
80
92
 	blk = be32_to_cpu(rdb->rdb_PartitionList);
81
93
 	put_dev_sector(sect);
82
-	for (part = 1; blk>0 && part<=16; part++, put_dev_sector(sect)) {
83
-		blk *= blksize;	/* Read in terms partition table understands */
94
+	for (part = 1; (s32) blk>0 && part<=16; part++, put_dev_sector(sect)) {
95
+		/* Read in terms partition table understands */
96
+		if (check_mul_overflow(blk, (sector_t) blksize, &blk)) {
97
+			pr_err("Dev %s: overflow calculating partition block %llu! Skipping partitions %u and beyond\n",
98
+				bdevname(state->bdev, b), blk, part);
99
+			break;
100
+		}
84
101
 		data = read_part_sector(state, blk, &sect);
85
102
 		if (!data) {
86
-			pr_err("Dev %s: unable to read partition block %d\n",
103
+			pr_err("Dev %s: unable to read partition block %llu\n",
87
104
 			       bdevname(state->bdev, b), blk);
88
105
 			res = -1;
89
106
 			goto rdb_done;
..
..
@@ -95,19 +112,70 @@
95
112
 		if (checksum_block((__be32 *)pb, be32_to_cpu(pb->pb_SummedLongs) & 0x7F) != 0 )
96
113
 			continue;
97
114
 
98
-		/* Tell Kernel about it */
115
+		/* RDB gives us more than enough rope to hang ourselves with,
116
+		 * many times over (2^128 bytes if all fields max out).
117
+		 * Some careful checks are in order, so check for potential
118
+		 * overflows.
119
+		 * We are multiplying four 32 bit numbers to one sector_t!
120
+		 */
99
121
 
100
-		nr_sects = (be32_to_cpu(pb->pb_Environment[10]) + 1 -
101
-			    be32_to_cpu(pb->pb_Environment[9])) *
102
-			   be32_to_cpu(pb->pb_Environment[3]) *
103
-			   be32_to_cpu(pb->pb_Environment[5]) *
104
-			   blksize;
122
+		nr_hd   = be32_to_cpu(pb->pb_Environment[NR_HD]);
123
+		nr_sect = be32_to_cpu(pb->pb_Environment[NR_SECT]);
124
+
125
+		/* CylBlocks is total number of blocks per cylinder */
126
+		if (check_mul_overflow(nr_hd, nr_sect, &cylblk)) {
127
+			pr_err("Dev %s: heads*sects %u overflows u32, skipping partition!\n",
128
+				bdevname(state->bdev, b), cylblk);
129
+			continue;
130
+		}
131
+
132
+		/* check for consistency with RDB defined CylBlocks */
133
+		if (cylblk > be32_to_cpu(rdb->rdb_CylBlocks)) {
134
+			pr_warn("Dev %s: cylblk %u > rdb_CylBlocks %u!\n",
135
+				bdevname(state->bdev, b), cylblk,
136
+				be32_to_cpu(rdb->rdb_CylBlocks));
137
+		}
138
+
139
+		/* RDB allows for variable logical block size -
140
+		 * normalize to 512 byte blocks and check result.
141
+		 */
142
+
143
+		if (check_mul_overflow(cylblk, blksize, &cylblk)) {
144
+			pr_err("Dev %s: partition %u bytes per cyl. overflows u32, skipping partition!\n",
145
+				bdevname(state->bdev, b), part);
146
+			continue;
147
+		}
148
+
149
+		/* Calculate partition start and end. Limit of 32 bit on cylblk
150
+		 * guarantees no overflow occurs if LBD support is enabled.
151
+		 */
152
+
153
+		lo_cyl = be32_to_cpu(pb->pb_Environment[LO_CYL]);
154
+		start_sect = ((u64) lo_cyl * cylblk);
155
+
156
+		hi_cyl = be32_to_cpu(pb->pb_Environment[HI_CYL]);
157
+		nr_sects = (((u64) hi_cyl - lo_cyl + 1) * cylblk);
158
+
105
159
 		if (!nr_sects)
106
160
 			continue;
107
-		start_sect = be32_to_cpu(pb->pb_Environment[9]) *
108
-			     be32_to_cpu(pb->pb_Environment[3]) *
109
-			     be32_to_cpu(pb->pb_Environment[5]) *
110
-			     blksize;
161
+
162
+		/* Warn user if partition end overflows u32 (AmigaDOS limit) */
163
+
164
+		if ((start_sect + nr_sects) > UINT_MAX) {
165
+			pr_warn("Dev %s: partition %u (%llu-%llu) needs 64 bit device support!\n",
166
+				bdevname(state->bdev, b), part,
167
+				start_sect, start_sect + nr_sects);
168
+		}
169
+
170
+		if (check_add_overflow(start_sect, nr_sects, &end_sect)) {
171
+			pr_err("Dev %s: partition %u (%llu-%llu) needs LBD device support, skipping partition!\n",
172
+				bdevname(state->bdev, b), part,
173
+				start_sect, end_sect);
174
+			continue;
175
+		}
176
+
177
+		/* Tell Kernel about it */
178
+
111
179
 		put_partition(state,slot++,start_sect,nr_sects);
112
180
 		{
113
181
 			/* Be even more informative to aid mounting */