Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp5625948rwd; Mon, 12 Jun 2023 07:37:19 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ64eJeg6dlxnTp3X3iEE8Jvpj2n2EjpSM59cHOoAK1pQ61La8htOGel6uN4sID+yQaiaeEj X-Received: by 2002:a17:90a:bf90:b0:259:156e:9429 with SMTP id d16-20020a17090abf9000b00259156e9429mr8193300pjs.20.1686580639273; Mon, 12 Jun 2023 07:37:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686580639; cv=none; d=google.com; s=arc-20160816; b=Zl9IJ4IKIDWwtGTGODYBa8IhtQ9prtUeVHwn1F9hij3gF0DKUDTPODHKXM62Q02Jga ZOGTG4MQT8jI+t8PVmmvd9dVJcjd8NHWw/83btaJ7DhHfoH8yRy97NVHiJpT+H2SljOP IVclZjNAzhMbOcEBE58INDtBLFIblz77+HO0BZxX3RQFL0oPENVLJOtntH8uwOW5cH28 YCdIoZ1vLO8WR3FE5lRqiITtsYK70+3+AwQbLw+B2JyxteNGp2y3IjMRMAtbEFuQ3iUG kQGKEPkADiggSrQ6wPV9sL6NLXh4XIba/RtdVWWjIKwZz1SZJuJNvBNnpeVtJTLrClRW g+qQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=dsXBeIKmiuqk2B6ZSL3uQsgcMPef5MttmsFYHwb3vi8=; b=UGCeClyzDUGNEzIPo0uq+Fh4SyGaNl1EjDjwfnGEG/tr/w8mrwDxFCs2meODkDlDII Xwt+MlGBiuEVFFbli40sjBVh3MXNv/4B+jFjoF66ALexS4SHB+RycAAbmswSq/apOTXR 8TKfaiRzy5Vl0AXKAs0s/CvspTuh3L88qdQpZ9NHUdH8B2iyLXP9G85WADLwOhKkDHoM SCHMzdQdJpncuvG0F656AEJcAK8nML3YbfmpxyKzx4yXVdSkWhDZJ1NNuJh3/zthkOgm mr1NaZehC4ODBZHl28xxNKVUpyUzNfN2ZQJLZtRasKSr0nodeZ2AQKBT/oMEbSMXdNJD x11g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a2-20020a17090a480200b0025be765111esi1562383pjh.142.2023.06.12.07.37.05; Mon, 12 Jun 2023 07:37:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236339AbjFLOBH (ORCPT + 99 others); Mon, 12 Jun 2023 10:01:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47090 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236177AbjFLOA5 (ORCPT ); Mon, 12 Jun 2023 10:00:57 -0400 Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B603310E6 for ; Mon, 12 Jun 2023 07:00:54 -0700 (PDT) Received: from kwepemm600012.china.huawei.com (unknown [172.30.72.53]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4QftcS0cSHzTl2s; Mon, 12 Jun 2023 22:00:24 +0800 (CST) Received: from build.huawei.com (10.175.101.6) by kwepemm600012.china.huawei.com (7.193.23.74) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Mon, 12 Jun 2023 22:00:51 +0800 From: Wenchao Hao To: Jan Kara , CC: , Wenchao Hao Subject: [PATCH 2/2] udf:check if buffer head's data when getting lvidiu Date: Tue, 13 Jun 2023 11:22:54 +0800 Message-ID: <20230613032254.1235752-3-haowenchao2@huawei.com> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20230613032254.1235752-1-haowenchao2@huawei.com> References: <20230613032254.1235752-1-haowenchao2@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII X-Originating-IP: [10.175.101.6] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To kwepemm600012.china.huawei.com (7.193.23.74) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-1.0 required=5.0 tests=BAYES_00,DATE_IN_FUTURE_12_24, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org We can not always assume udf_sb_info->s_lvid_bh's data is valid. If the data is corrupted, we would get an incorrect offset and cause the following code access an illegal address. Signed-off-by: Wenchao Hao --- fs/udf/super.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/udf/super.c b/fs/udf/super.c index 6304e3c5c3d9..71481b60c871 100644 --- a/fs/udf/super.c +++ b/fs/udf/super.c @@ -114,6 +114,8 @@ struct logicalVolIntegrityDescImpUse *udf_sb_lvidiu(struct super_block *sb) if (!UDF_SB(sb)->s_lvid_bh) return NULL; + if (!udf_check_tagged_bh(sb, UDF_SB(sb)->s_lvid_bh)) + return NULL; lvid = (struct logicalVolIntegrityDesc *)UDF_SB(sb)->s_lvid_bh->b_data; partnum = le32_to_cpu(lvid->numOfPartitions); /* The offset is to skip freeSpaceTable and sizeTable arrays */ -- 2.35.3