diff options
| author |   Milan Broz <gmazyland@gmail.com> | 2018-11-07 22:24:55 +0100 |
|---|---|---|
| committer |   Mike Snitzer <snitzer@redhat.com> | 2018-12-18 09:02:26 -0500 |
| commit | ef87bfc24f9b8da82c89aff493df20f078bc9cb1 (patch) | |
| tree | 9f0f98dbf82d895699bcf1036b326df2ac6d464f /drivers/md/dm-raid1.c | |
| parent | dm crypt: use u64 instead of sector_t to store iv_offset (diff) | |
| download | linux-dev-ef87bfc24f9b8da82c89aff493df20f078bc9cb1.tar.xz linux-dev-ef87bfc24f9b8da82c89aff493df20f078bc9cb1.zip | |
dm: Check for device sector overflow if CONFIG_LBDAF is not set
Reference to a device in device-mapper table contains offset in sectors.
If the sector_t is 32bit integer (CONFIG_LBDAF is not set), then
several device-mapper targets can overflow this offset and validity
check is then performed on a wrong offset and a wrong table is activated.
See for example (on 32bit without CONFIG_LBDAF) this overflow:
# dmsetup create test --table "0 2048 linear /dev/sdg 4294967297"
# dmsetup table test
0 2048 linear 8:96 1
This patch adds explicit check for overflow if the offset is sector_t type.
Signed-off-by: Milan Broz <gmazyland@gmail.com>
Reviewed-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Diffstat (limited to 'drivers/md/dm-raid1.c')
| -rw-r--r-- | drivers/md/dm-raid1.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/md/dm-raid1.c b/drivers/md/dm-raid1.c index 79eab1071ec2..5a51151f680d 100644 --- a/drivers/md/dm-raid1.c +++ b/drivers/md/dm-raid1.c @@ -943,7 +943,8 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti, char dummy; int ret; - if (sscanf(argv[1], "%llu%c", &offset, &dummy) != 1) { + if (sscanf(argv[1], "%llu%c", &offset, &dummy) != 1 || + offset != (sector_t)offset) { ti->error = "Invalid offset"; return -EINVAL; } |