Re: [PATCH v9 RESEND #2 2/2] block: add overflow checks for Amiga partition support

From: kernel test robot <hidden>
Date: 2022-08-23 05:22:38
Also in: linux-m68k, stable

Hi Michael,

I love your patch! Perhaps something to improve:

[auto build test WARNING on axboe-block/for-next]
[also build test WARNING on linus/master v6.0-rc2 next-20220822]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Michael-Schmitz/Amiga-RDB-partition-support-fixes/20220823-051457
base:   https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git for-next
config: i386-randconfig-s002 (https://download.01.org/0day-ci/archive/20220823/202208231319.Ng5RTzzg-lkp@intel.com/config)
compiler: gcc-11 (Debian 11.3.0-5) 11.3.0
reproduce:
        # apt-get install sparse
        # sparse version: v0.6.4-39-gce1a6720-dirty
        # https://github.com/intel-lab-lkp/linux/commit/6b86551e8891f07839a8c3ad19e3f770b0f738e9
        git remote add linux-review https://github.com/intel-lab-lkp/linux
        git fetch --no-tags linux-review Michael-Schmitz/Amiga-RDB-partition-support-fixes/20220823-051457
        git checkout 6b86551e8891f07839a8c3ad19e3f770b0f738e9
        # save the config file
        mkdir build_dir && cp config build_dir/.config
        make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=i386 SHELL=/bin/bash block/partitions/

If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <redacted>

sparse warnings: (new ones prefixed by >>)

quoted

block/partitions/amiga.c:132:30: sparse: sparse: cast to restricted __be32

   block/partitions/amiga.c:133:25: sparse: sparse: cast to restricted __be32

vim +132 block/partitions/amiga.c

    35	
    36	int amiga_partition(struct parsed_partitions *state)
    37	{
    38		Sector sect;
    39		unsigned char *data;
    40		struct RigidDiskBlock *rdb;
    41		struct PartitionBlock *pb;
    42		u64 start_sect, nr_sects;
    43		sector_t blk, end_sect;
    44		u32 cylblk;		/* rdb_CylBlocks = nr_heads*sect_per_track */
    45		u32 nr_hd, nr_sect, lo_cyl, hi_cyl;
    46		int part, res = 0;
    47		unsigned int blksize = 1;	/* Multiplier for disk block size */
    48		int slot = 1;
    49	
    50		for (blk = 0; ; blk++, put_dev_sector(sect)) {
    51			if (blk == RDB_ALLOCATION_LIMIT)
    52				goto rdb_done;
    53			data = read_part_sector(state, blk, &sect);
    54			if (!data) {
    55				pr_err("Dev %s: unable to read RDB block %llu\n",
    56				       state->disk->disk_name, blk);
    57				res = -1;
    58				goto rdb_done;
    59			}
    60			if (*(__be32 *)data != cpu_to_be32(IDNAME_RIGIDDISK))
    61				continue;
    62	
    63			rdb = (struct RigidDiskBlock *)data;
    64			if (checksum_block((__be32 *)data, be32_to_cpu(rdb->rdb_SummedLongs) & 0x7F) == 0)
    65				break;
    66			/* Try again with 0xdc..0xdf zeroed, Windows might have
    67			 * trashed it.
    68			 */
    69			*(__be32 *)(data+0xdc) = 0;
    70			if (checksum_block((__be32 *)data,
    71					be32_to_cpu(rdb->rdb_SummedLongs) & 0x7F)==0) {
    72				pr_err("Trashed word at 0xd0 in block %llu ignored in checksum calculation\n",
    73				       blk);
    74				break;
    75			}
    76	
    77			pr_err("Dev %s: RDB in block %llu has bad checksum\n",
    78			       state->disk->disk_name, blk);
    79		}
    80	
    81		/* blksize is blocks per 512 byte standard block */
    82		blksize = be32_to_cpu( rdb->rdb_BlockBytes ) / 512;
    83	
    84		{
    85			char tmp[7 + 10 + 1 + 1];
    86	
    87			/* Be more informative */
    88			snprintf(tmp, sizeof(tmp), " RDSK (%d)", blksize * 512);
    89			strlcat(state->pp_buf, tmp, PAGE_SIZE);
    90		}
    91		blk = be32_to_cpu(rdb->rdb_PartitionList);
    92		put_dev_sector(sect);
    93		for (part = 1; blk>0 && part<=16; part++, put_dev_sector(sect)) {
    94			/* Read in terms partition table understands */
    95			if (check_mul_overflow(blk, (sector_t) blksize, &blk)) {
    96				pr_err("Dev %s: overflow calculating partition block %llu! Skipping partitions %u and beyond\n",
    97					state->disk->disk_name, blk, part);
    98				break;
    99			}
   100			data = read_part_sector(state, blk, &sect);
   101			if (!data) {
   102				pr_err("Dev %s: unable to read partition block %llu\n",
   103				       state->disk->disk_name, blk);
   104				res = -1;
   105				goto rdb_done;
   106			}
   107			pb  = (struct PartitionBlock *)data;
   108			blk = be32_to_cpu(pb->pb_Next);
   109			if (pb->pb_ID != cpu_to_be32(IDNAME_PARTITION))
   110				continue;
   111			if (checksum_block((__be32 *)pb, be32_to_cpu(pb->pb_SummedLongs) & 0x7F) != 0 )
   112				continue;
   113	
   114			/* RDB gives us more than enough rope to hang ourselves with,
   115			 * many times over (2^128 bytes if all fields max out).
   116			 * Some careful checks are in order, so check for potential
   117			 * overflows.
   118			 * We are multiplying four 32 bit numbers to one sector_t!
   119			 */
   120	
   121			nr_hd   = be32_to_cpu(pb->pb_Environment[NR_HD]);
   122			nr_sect = be32_to_cpu(pb->pb_Environment[NR_SECT]);
   123	
   124			/* CylBlocks is total number of blocks per cylinder */
   125			if (check_mul_overflow(nr_hd, nr_sect, &cylblk)) {
   126				pr_err("Dev %s: heads*sects %u overflows u32, skipping partition!\n",
   127					state->disk->disk_name, cylblk);
   128				continue;
   129			}
   130	
   131			/* check for consistency with RDB defined CylBlocks */
 > 132			if (cylblk > be32_to_cpu((__be32)rdb->rdb_CylBlocks)) {

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help