Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp1088368rwd; Thu, 25 May 2023 07:56:00 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ433kiPnWv2xBcfBN6qnNemOPBUacWJaNe5HUvwke+K0DS1wClLrAOP4sDLA6ttK0wTEs9a X-Received: by 2002:a17:903:22cd:b0:1aa:f6e9:4cb3 with SMTP id y13-20020a17090322cd00b001aaf6e94cb3mr2113412plg.52.1685026560540; Thu, 25 May 2023 07:56:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685026560; cv=none; d=google.com; s=arc-20160816; b=ZRNjDfmXTBcBPoEd4+MQwo+7ZL0bmqfiw313ZDveW+UO4xunvTV/jADQu6/6RLusDw YtFxyZ5KtgQRjj6Q8XoVS3gUOje8ECpk879NLA+cl/jC35mxCZhIB16xcEfT7beqUu0a 27NO6qugtyj/vtaTPTikI1/t2PlOjw6jjAmgb+nY9rh0yL1vCOtrJvxYJ3BQFmDloZLA E62r6Ykik7E3zkai9up8ukQQ9aRf6joCXohZxaCHdfzNduvg7hqucmYhHnsxAQa5OjW4 aS0Tt2MZIB1ckpqo4R5/1YdIFiSY7E8piFtTVHuHEi/65O2uuRpsqzmqcp2HV094+an/ UFmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:subject:user-agent:mime-version:date:message-id; bh=zLY+TTE8csbG19swWoNdjD7yRPP4vuVHXm3vAo8vN1s=; b=mHbwCyBxaW26phhWeP3SwtPuaN9Fl9aNmyLhd/NEkiJ011OSdM2tZTt6ttLVbfbfr5 2U53K+3G97skKwhYYcvOX+HwSo/YJDf5hBKtB47eRoE89mRYwt+SgDduR1hRUkLa5mzu 0p1i/hMA92sXo2LavozdTIqIuGHL0F9Nro2b7jyxO3Fs3I89Dfrmz0a/oOZmbcwFCb3a 5jPrVcHFrfvyyyHsZYxQ99LpNW4xDITgctjbx0pVBQwwXMX8axSq3Wmkrgkt5EF50WoL +iixE8UNl1JttR8S2b09IY4VSaXQmVvl+R51IBapy2Cle9sCcBSSvdLciAgFI2UwoAB/ Oa3Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w8-20020a170902e88800b001b0044f186fsi225643plg.41.2023.05.25.07.55.47; Thu, 25 May 2023 07:56:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241551AbjEYOMd (ORCPT + 99 others); Thu, 25 May 2023 10:12:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49902 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234918AbjEYOMb (ORCPT ); Thu, 25 May 2023 10:12:31 -0400 Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7FCFF191; Thu, 25 May 2023 07:12:26 -0700 (PDT) Received: from kwepemm600002.china.huawei.com (unknown [172.30.72.55]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4QRqh75P1XzYsmC; Thu, 25 May 2023 22:10:15 +0800 (CST) Received: from [10.174.178.159] (10.174.178.159) by kwepemm600002.china.huawei.com (7.193.23.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Thu, 25 May 2023 22:12:23 +0800 Message-ID: <5ec837a5-4e54-b5a2-fd53-a6d7845fb5d7@huawei.com> Date: Thu, 25 May 2023 22:12:11 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.6.1 Subject: Re: [PATCH -next] block: Fix the partition start may overflow in add_partition() To: Christoph Hellwig , Zhong Jinghua CC: , , , , , , References: <20230522070615.1485014-1-zhongjinghua@huaweicloud.com> From: zhongjinghua In-Reply-To: Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.174.178.159] X-ClientProxiedBy: dggems704-chm.china.huawei.com (10.3.19.181) To kwepemm600002.china.huawei.com (7.193.23.29) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 在 2023/5/25 16:55, Christoph Hellwig 写道: > On Mon, May 22, 2023 at 03:06:15PM +0800, Zhong Jinghua wrote: >> + if (p.start < 0 || p.length <= 0 || p.start + p.length < 0) >> + return -EINVAL; >> + >> start = p.start >> SECTOR_SHIFT; >> length = p.length >> SECTOR_SHIFT; >> >> + /* length may be equal to 0 after right shift */ >> + if (!length || start + length > get_capacity(bdev->bd_disk)) >> + return -EINVAL; > While we're at it, shouldn't these be switched to use > check_add_overflow? However, using check_add_overflow requires the introduction of an additional local variable for the third parameter, which does not make much difference to the current check. Is it worth it? e.g: diff --git a/block/ioctl.c b/block/ioctl.c index 3223ea862523..9a40e8f864cb 100644 --- a/block/ioctl.c +++ b/block/ioctl.c @@ -18,7 +18,7 @@ static int blkpg_do_ioctl(struct block_device *bdev,  {         struct gendisk *disk = bdev->bd_disk;         struct blkpg_partition p; -       long long start, length; +       long long start, length, tmp_check;         if (!capable(CAP_SYS_ADMIN))                 return -EACCES; @@ -33,7 +33,7 @@ static int blkpg_do_ioctl(struct block_device *bdev,         if (op == BLKPG_DEL_PARTITION)                 return bdev_del_partition(disk, p.pno); -       if (p.start < 0 || p.length <= 0 || p.start + p.length < 0) +       if (p.start < 0 || p.length <= 0 || check_add_overflow(p.start, p.length, &tmp_check))                 return -EINVAL;         start = p.start >> SECTOR_SHIFT; Or do you have a better idea?