Commit 294f6cf4 authored by Timo Warns's avatar Timo Warns Committed by Linus Torvalds

ldm: corrupted partition table can cause kernel oops

The kernel automatically evaluates partition tables of storage devices.
The code for evaluating LDM partitions (in fs/partitions/ldm.c) contains
a bug that causes a kernel oops on certain corrupted LDM partitions.  A
kernel subsystem seems to crash, because, after the oops, the kernel no
longer recognizes newly connected storage devices.

The patch changes ldm_parse_vmdb() to Validate the value of vblk_size.
Signed-off-by: default avatarTimo Warns <warns@pre-sense.de>
Cc: Eugene Teo <eugeneteo@kernel.sg>
Acked-by: default avatarRichard Russon <ldm@flatcap.org>
Cc: Harvey Harrison <harvey.harrison@gmail.com>
Cc: <stable@kernel.org>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 2876592f
...@@ -251,6 +251,11 @@ static bool ldm_parse_vmdb (const u8 *data, struct vmdb *vm) ...@@ -251,6 +251,11 @@ static bool ldm_parse_vmdb (const u8 *data, struct vmdb *vm)
} }
vm->vblk_size = get_unaligned_be32(data + 0x08); vm->vblk_size = get_unaligned_be32(data + 0x08);
if (vm->vblk_size == 0) {
ldm_error ("Illegal VBLK size");
return false;
}
vm->vblk_offset = get_unaligned_be32(data + 0x0C); vm->vblk_offset = get_unaligned_be32(data + 0x0C);
vm->last_vblk_seq = get_unaligned_be32(data + 0x04); vm->last_vblk_seq = get_unaligned_be32(data + 0x04);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment