From patchwork Tue Jun 13 03:22:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Wenchao Hao X-Patchwork-Id: 106604 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp2617326vqr; Mon, 12 Jun 2023 07:11:34 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5UGbh2ayZ/enIz+Rqz1STE2Hl5/StFMnuVK6idvufeXAZN2VyUHRDcmZxrGFMnO5H2zhXE X-Received: by 2002:a05:6a00:3a28:b0:643:b653:3aa with SMTP id fj40-20020a056a003a2800b00643b65303aamr9542263pfb.32.1686579093856; Mon, 12 Jun 2023 07:11:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686579093; cv=none; d=google.com; s=arc-20160816; b=W1gjQQxhrXiw85PdZYeF0+tILA++pr9/yYK5XTW5o/m190nZlZa6aGY03cW59P/mHf kxM6Aoi9aKl2sf5uqbywDg/t2OOiGo7nC/bCrBhixwKsHOuFnhitmwOPLOY16kpKh0P+ q1UvjR96QL/ihSxwdETu15+OHdQjycE0QXqS4R6ghagbUMDLnI3Rwh+OP6lJNY/rRc4g s/U7cXrBaOudylIGzGzXIUggZwzQavOxUxXUEUKrk0iF/S9lFJEtoHA+XTCmFtN66Wv9 X5p0iL1vDJxxLpF93NlQVIszo8/6JdO2eTe9kWIHzGPpVAhrGZPZZxiLSXfGfJvmuuyM BGrA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=dsXBeIKmiuqk2B6ZSL3uQsgcMPef5MttmsFYHwb3vi8=; b=UGCeClyzDUGNEzIPo0uq+Fh4SyGaNl1EjDjwfnGEG/tr/w8mrwDxFCs2meODkDlDII Xwt+MlGBiuEVFFbli40sjBVh3MXNv/4B+jFjoF66ALexS4SHB+RycAAbmswSq/apOTXR 8TKfaiRzy5Vl0AXKAs0s/CvspTuh3L88qdQpZ9NHUdH8B2iyLXP9G85WADLwOhKkDHoM SCHMzdQdJpncuvG0F656AEJcAK8nML3YbfmpxyKzx4yXVdSkWhDZJ1NNuJh3/zthkOgm mr1NaZehC4ODBZHl28xxNKVUpyUzNfN2ZQJLZtRasKSr0nodeZ2AQKBT/oMEbSMXdNJD x11g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d7-20020aa797a7000000b00643c4d0d0f5si6954440pfq.39.2023.06.12.07.11.19; Mon, 12 Jun 2023 07:11:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236758AbjFLOBI (ORCPT + 99 others); Mon, 12 Jun 2023 10:01:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47090 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236177AbjFLOA5 (ORCPT ); Mon, 12 Jun 2023 10:00:57 -0400 Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B603310E6 for ; Mon, 12 Jun 2023 07:00:54 -0700 (PDT) Received: from kwepemm600012.china.huawei.com (unknown [172.30.72.53]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4QftcS0cSHzTl2s; Mon, 12 Jun 2023 22:00:24 +0800 (CST) Received: from build.huawei.com (10.175.101.6) by kwepemm600012.china.huawei.com (7.193.23.74) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Mon, 12 Jun 2023 22:00:51 +0800 From: Wenchao Hao To: Jan Kara , CC: , Wenchao Hao Subject: [PATCH 2/2] udf:check if buffer head's data when getting lvidiu Date: Tue, 13 Jun 2023 11:22:54 +0800 Message-ID: <20230613032254.1235752-3-haowenchao2@huawei.com> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20230613032254.1235752-1-haowenchao2@huawei.com> References: <20230613032254.1235752-1-haowenchao2@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.175.101.6] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To kwepemm600012.china.huawei.com (7.193.23.74) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-1.0 required=5.0 tests=BAYES_00,DATE_IN_FUTURE_12_24, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1768506359990317348?= X-GMAIL-MSGID: =?utf-8?q?1768506359990317348?= We can not always assume udf_sb_info->s_lvid_bh's data is valid. If the data is corrupted, we would get an incorrect offset and cause the following code access an illegal address. Signed-off-by: Wenchao Hao --- fs/udf/super.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/udf/super.c b/fs/udf/super.c index 6304e3c5c3d9..71481b60c871 100644 --- a/fs/udf/super.c +++ b/fs/udf/super.c @@ -114,6 +114,8 @@ struct logicalVolIntegrityDescImpUse *udf_sb_lvidiu(struct super_block *sb) if (!UDF_SB(sb)->s_lvid_bh) return NULL; + if (!udf_check_tagged_bh(sb, UDF_SB(sb)->s_lvid_bh)) + return NULL; lvid = (struct logicalVolIntegrityDesc *)UDF_SB(sb)->s_lvid_bh->b_data; partnum = le32_to_cpu(lvid->numOfPartitions); /* The offset is to skip freeSpaceTable and sizeTable arrays */