Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp1844083imm; Sat, 6 Oct 2018 11:42:10 -0700 (PDT) X-Google-Smtp-Source: ACcGV60YbQV+3pcEFq7IabafPj+WdMjNT3+zxg4CLs+I96ZnRpYWcbTJBKDfn8SAxtnffKM6D2dz X-Received: by 2002:a62:2542:: with SMTP id l63-v6mr11571324pfl.64.1538851330600; Sat, 06 Oct 2018 11:42:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538851330; cv=none; d=google.com; s=arc-20160816; b=otXtX0I5MDKnYx7/26mS4Y6XL/sJfUFa0VPV4JohAM7KzNnyFLsVwk4MfBf4iKX+OV qtQXEwWH2NM09r5Y9fY46N+8Csheh2vd/1pSK6qCKt/AK6TrgeDOvN6piGJPHsr7e5sY nPaNQm2mEC0y2Wso99gzA7whyYhn/iKMEzbM4kDoidIILdYZJ+2k+Vp64En7sKHFW0ev HSJe3ewC9HkUxcxB+VNf/b+ygnvvt7EUDP6d/8/Wsun7QKTBxFV33LOjaBGk3XJGCJBa R9WSsumk0vKTdWYHMwG/cXiSPo4jnL5qk1SGx7DYEt0C0eum4Ys6lzS7NBxT1d/nGFas TILg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=LhGcYQifUFhab0dWrZFati4U00BqsJHJdLqOzhALdzY=; b=gr2TXX6qoZRExWJvT+JraGoiUdRkuHMxmuh18U+sZqMEwMgdOxxQONOgEcDd6j5YdA wPf7CVws+27iYgKEgOQ6yjXOxA8CQFU+fQwkLMQVIi8VsGLkpaSP4JymfJuyLyYdJGkr p+8n5Yo/EKPTsMxi+icim3O9Xtm68YwOyuokXX/v+SJVUOQ9yihW5BCwwHOkEMIFeZpa OlZe2rRIjAE63EyhuM0yLwgRdsNn3N0qA8r50v89bQGK+08nwVmGsqRi0TcDVXOzNEB2 hoecFsCaYyjbd8Ayg1YdkR+CrGvcPWjhYDm1Zf4RBgaTW1vgB7u4a8AN3eGbCtaVnEz2 bdAQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="ivv/0a2c"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d21-v6si12117262plr.327.2018.10.06.11.41.55; Sat, 06 Oct 2018 11:42:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="ivv/0a2c"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727942AbeJGBqG (ORCPT + 99 others); Sat, 6 Oct 2018 21:46:06 -0400 Received: from mail-it1-f177.google.com ([209.85.166.177]:40428 "EHLO mail-it1-f177.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726285AbeJGBqG (ORCPT ); Sat, 6 Oct 2018 21:46:06 -0400 Received: by mail-it1-f177.google.com with SMTP id i191-v6so7056689iti.5; Sat, 06 Oct 2018 11:41:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=LhGcYQifUFhab0dWrZFati4U00BqsJHJdLqOzhALdzY=; b=ivv/0a2cENfb9jgZPGFPyNaAMKyEyzAi2rNlDLAk/VCi1eVATJUWbLViXK2jl0o5w4 OX6HKoaPntV4M6jeX3Ae49qWu0GILpQYsUvOhlBBFinzCva+sqKjNa75OF8Tv5carUYS ckzyWZQdF97B+pb1Q0pSPgpdAnzzNna/0Bvp1KU6eH5eqt2AstnbTr2IOJgX2uDwjPgM njlIsrpxkd4EEx8h977XsePyEbvKFsE88/2z0Ym8U/8XMYoof2QKL5S4hZT4oR70kHcq enoXyHyqKIvSQ+Nodahtn/BVFUeiiLp5rrToT+vXfRKRsCU/2OTYk3bbm+XllwG4nRKk MWGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=LhGcYQifUFhab0dWrZFati4U00BqsJHJdLqOzhALdzY=; b=jylSPKou8ZDJJxknA4oO0LIFqHu/Ym72mnovXX67cVxqDB7A6pnvXDucu/48wRMSJC HQFjBpdUJJWiFgEWhWbVIvyar4HOQinHKFr2zHLYAQu3OaJvBcV3gHwPwXJBD69ujU+0 MiCMbGOfHzdLSI/p2XAKmCxAgUw/r/UBMbCaziOIQ4tgT6QJScC8P9WwKC/c9GBpoM91 NItBKZpJAefx/vile5vntNFYBvPG9HRFqRBmur80CkdaViQz6pGWbx/r+xL8ZAtXX5FP HBLleJofnpAY0nlKoGijY/SAmZJEtPq8MBitsKFwsee9Frf9yvI4fPwDDxDyj4iCGZum L8iQ== X-Gm-Message-State: ABuFfogNyzRmJ2I32Uyt0Ud2HMOyjImd2fTYQX7sdARIchdbGRNAJes7 XiNIQ4zF+QZLjtH7IFhCcZswWNO9kfJB/xo6buc= X-Received: by 2002:a24:ddd4:: with SMTP id t203-v6mr11998634itf.128.1538851303917; Sat, 06 Oct 2018 11:41:43 -0700 (PDT) MIME-Version: 1.0 References: <20180911161527.GA30689@vnote> <20180912083844.iegei2kobcz4b7ag@ws.net.home> <6d349d22d37041c1a2942d8ed4c76b69@AcuMS.aculab.com> <2db38b2d1af34ab9b653c665d08872f1@AcuMS.aculab.com> <20180914110703.ishvqwcpcf5ozihy@ws.net.home> In-Reply-To: <20180914110703.ishvqwcpcf5ozihy@ws.net.home> From: Eugene Korenevsky Date: Sat, 6 Oct 2018 21:41:27 +0300 Message-ID: Subject: Re: [PATCH v2] efi: take size of partition entry from GPT header To: kzak@redhat.com Cc: David.Laight@aculab.com, Davidlohr Bueso , linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, Ard Biesheuvel Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > is_gpt_valid() already contains > pt_size = (u64)le32_to_cpu((*gpt)->num_partition_entries) * > le32_to_cpu((*gpt)->sizeof_partition_entry); > if (pt_size > KMALLOC_MAX_SIZE) > pr_debug("GUID Partition Table is too large: %llu > %lu bytes\n", > (unsigned long long)pt_size, KMALLOC_MAX_SIZE); > goto fail; > } > I guess it good enough for sanity check. > > If you want to be really paranoid than you can also check that array > is possible to store to the expected area on the disk: > > pt_size <= (gpt->first_usable_lba - gpt->partition_entry_lba) > Well, we should apply several checks for different cases: - primary GPT: table entries should not override gpt->first_usable_lba - alternate GPT, table entries BEFORE agpt (agpt->partition_entry_lba < agpt_lba): table entries should not override agpt_lba AND agpt->partition_entry_lba MUST BE more than agpt->last_usable_lba - alternate GPT, table entries AFTER agpt (agpt->partition_entry_lba > agpt_lba): table entries should not override the end of the disk Is this correct? -- Eugene