Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp3445058imm; Mon, 8 Oct 2018 04:16:06 -0700 (PDT) X-Google-Smtp-Source: ACcGV60boagNRwiBGvpRLqbL7heFk4LWA2t8zke0JyTRz/LPRdGt47/D5qlKGcJZwmQoI+xPjSef X-Received: by 2002:a17:902:8d82:: with SMTP id v2-v6mr24121121plo.9.1538997366693; Mon, 08 Oct 2018 04:16:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538997366; cv=none; d=google.com; s=arc-20160816; b=pUurz8WKhIB/4/v2Ihs9ueG2LSZDttz5Qt7mLRz7rJQkh62dJ76uwLtnDaSCAo7ky9 RpOZba+HQ0r+dVrI32mO2/Et7iZA/jj1A1uflQD7oLJRfdkdKZf1CtAmu1QCL0G7mJTd HX9fiHI2Bb29jti2NhD8DbdyrDBCQuwOyyfELHvnzWAT8mFVgJccBIc55lq/tXZWIkg1 84fR6KDM+6I426TUM0QElIKdpa5SdwlIHJAPX4ykXXT84mgRcsmT8q43zxyW+J8Zmih9 4KgMvxVn2j/NUAmWlciWxLI9V1eT9fFHttMjiNJ4WvGTzqhB8KZst4jDFZK8t1j5F289 HrDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=k6lQS33wx9WllFVJp5t21gzEGN0aUtBO8uFwO6XBaJw=; b=ipL6qONC3WMIcD6o2ten1uJ/J6+HZX+o0ViCdGQV6kQkOyI2LNpIWam/TWgRlfGOYC oGdOGo+reN5mcO504E0jWT3vrioK1xuDgHGM/ZII9YxkaY3xpXvHHz+X/YbSfaiFFegh f8ekCBn4rmK49UhSTcm5zcJoiIc6XXcCAfUhCymEYJ83Gc3Sj4snFj57AyViNaTSyS+t EEALPdaDpPUj3Nddzw9ygdqeOKz87HZ+0kp6p3wNIkFVQQIVlFcwIBGrR5mWBVm9u53S 0WbOrYGmv/2tG6CcmtSdfKgNaL1NPJJ6bEn9N4NQGlmT5jb8+FOeB1zItnmgNyTWzM5V wY6A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g7-v6si16337645pgj.116.2018.10.08.04.15.51; Mon, 08 Oct 2018 04:16:06 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727942AbeJHS0m (ORCPT + 99 others); Mon, 8 Oct 2018 14:26:42 -0400 Received: from mx1.redhat.com ([209.132.183.28]:48988 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726771AbeJHS0m (ORCPT ); Mon, 8 Oct 2018 14:26:42 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C85FF83F3F; Mon, 8 Oct 2018 11:15:28 +0000 (UTC) Received: from ws.net.home (ovpn-117-176.ams2.redhat.com [10.36.117.176]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4C6F51057076; Mon, 8 Oct 2018 11:15:27 +0000 (UTC) Date: Mon, 8 Oct 2018 13:15:25 +0200 From: Karel Zak To: Eugene Korenevsky Cc: David.Laight@aculab.com, Davidlohr Bueso , linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, Ard Biesheuvel Subject: Re: [PATCH v2] efi: take size of partition entry from GPT header Message-ID: <20181008111525.hm6jcnlsf7xrjre3@ws.net.home> References: <20180911161527.GA30689@vnote> <20180912083844.iegei2kobcz4b7ag@ws.net.home> <6d349d22d37041c1a2942d8ed4c76b69@AcuMS.aculab.com> <2db38b2d1af34ab9b653c665d08872f1@AcuMS.aculab.com> <20180914110703.ishvqwcpcf5ozihy@ws.net.home> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20180716-423-e60b71 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Mon, 08 Oct 2018 11:15:28 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Oct 06, 2018 at 09:41:27PM +0300, Eugene Korenevsky wrote: > > is_gpt_valid() already contains > > pt_size = (u64)le32_to_cpu((*gpt)->num_partition_entries) * > > le32_to_cpu((*gpt)->sizeof_partition_entry); > > if (pt_size > KMALLOC_MAX_SIZE) > > pr_debug("GUID Partition Table is too large: %llu > %lu bytes\n", > > (unsigned long long)pt_size, KMALLOC_MAX_SIZE); > > goto fail; > > } > > I guess it good enough for sanity check. > > > > If you want to be really paranoid than you can also check that array > > is possible to store to the expected area on the disk: > > > > pt_size <= (gpt->first_usable_lba - gpt->partition_entry_lba) > > > > Well, we should apply several checks for different cases: > - primary GPT: table entries should not override gpt->first_usable_lba and gpt->last_usable_lba > - alternate GPT, table entries BEFORE agpt (agpt->partition_entry_lba > < agpt_lba): table entries should not override agpt_lba AND > agpt->partition_entry_lba MUST BE more than agpt->last_usable_lba > - alternate GPT, table entries AFTER agpt (agpt->partition_entry_lba > > agpt_lba): table entries should not override the end of the disk > > Is this correct? Yes, the table defines range for all partitions (last and first usable LBA). All partition table stuff (label and partitions array) has to be outside this area and partitions have to point to this area. | label | entries | partitioned area | backup-entries | backup-label | ^ ^ first_usable_lba last_usable_lba and it's possible and valid if there is gap between entries array and first usable LBA (you can use this unused place to hide same data :-) And vice-versa for backup entries and last usable LBA. Karel -- Karel Zak http://karelzak.blogspot.com