partitions: aix: bound the lvd scan to one sector#935
Open
blktests-ci[bot] wants to merge 1 commit into
Open
Conversation
Author
|
Upstream branch: ddd664b |
blktests-ci
Bot
force-pushed
the
linus-master_base
branch
from
7bed9c3 to
a7bb5c5
Compare
Author
|
Upstream branch: 979c294 |
blktests-ci
Bot
force-pushed
the
series/1107036=>linus-master
branch
from
cab902d to
ad07641
Compare
blktests-ci
Bot
force-pushed
the
linus-master_base
branch
from
a7bb5c5 to
5e41a3b
Compare
Author
|
Upstream branch: acb7500 |
blktests-ci
Bot
force-pushed
the
series/1107036=>linus-master
branch
from
ad07641 to
2044088
Compare
blktests-ci
Bot
force-pushed
the
linus-master_base
branch
from
5e41a3b to
c3a084b
Compare
Author
|
Upstream branch: 9716c08 |
blktests-ci
Bot
force-pushed
the
series/1107036=>linus-master
branch
from
2044088 to
17a2d2e
Compare
blktests-ci
Bot
force-pushed
the
linus-master_base
branch
from
c3a084b to
5f78e5d
Compare
Author
|
Upstream branch: 2a2974b |
blktests-ci
Bot
force-pushed
the
series/1107036=>linus-master
branch
from
17a2d2e to
5b14dce
Compare
blktests-ci
Bot
force-pushed
the
linus-master_base
branch
from
5f78e5d to
e48f9db
Compare
Author
|
Upstream branch: 062871f |
blktests-ci
Bot
force-pushed
the
series/1107036=>linus-master
branch
from
5b14dce to
25e182b
Compare
blktests-ci
Bot
force-pushed
the
linus-master_base
branch
2 times, most recently
from
199644a to
e6d9eb8
Compare
Author
|
Upstream branch: 66affa3 |
blktests-ci
Bot
force-pushed
the
series/1107036=>linus-master
branch
from
25e182b to
9a680f3
Compare
blktests-ci
Bot
force-pushed
the
linus-master_base
branch
from
e6d9eb8 to
7d8604f
Compare
Author
|
Upstream branch: bade58e |
blktests-ci
Bot
force-pushed
the
series/1107036=>linus-master
branch
from
9a680f3 to
52e4e85
Compare
blktests-ci
Bot
force-pushed
the
linus-master_base
branch
from
7d8604f to
4cc45a3
Compare
Author
|
Upstream branch: 4edcdef |
blktests-ci
Bot
force-pushed
the
series/1107036=>linus-master
branch
from
52e4e85 to
665a519
Compare
blktests-ci
Bot
force-pushed
the
linus-master_base
branch
from
4cc45a3 to
90ffd56
Compare
Author
|
Upstream branch: dc59e4f |
aix_partition() reads the logical-volume descriptor array as a single
sector and then scans it:
if (numlvs && (d = read_part_sector(state, vgda_sector + 1, §))) {
struct lvd *p = (struct lvd *)d;
...
for (i = 0; foundlvs < numlvs && i < state->limit; i += 1) {
lvip[i].pps_per_lv = be16_to_cpu(p[i].num_lps);
p points at a single 512-byte sector, which holds 512 / sizeof(struct
lvd) = 16 entries, but the loop runs until foundlvs reaches the on-disk
numlvs or i reaches state->limit (DISK_MAX_PARTS, 256). numlvs is an
on-disk __be16 read straight from the volume group descriptor and is not
validated, so a crafted AIX image with numlvs larger than 16 and lvd
entries whose num_lps fields are zero (so foundlvs never advances) drives
the loop to read p[i] well past the end of the read sector buffer.
The 2014 off-by-one fix d97a86c hardened the matching write of
lvip[lv_ix] but left this read loop unbounded.
Bound the scan to the number of struct lvd entries that fit in the
sector that was actually read.
Fixes: 6ceea22 ("partitions: add aix lvm partition support files")
Assisted-by: Claude:claude-opus-4-8
Signed-off-by: Michael Bommarito <michael.bommarito@gmail.com>
blktests-ci
Bot
force-pushed
the
series/1107036=>linus-master
branch
from
665a519 to
6ad93db
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: partitions: aix: bound the lvd scan to one sector
version: 1
url: https://patchwork.kernel.org/project/linux-block/list/?series=1107036