diff options
| author | Alden Tondettar <alden.tondettar@gmail.com> | 2016-05-18 17:09:19 -0400 |
|---|---|---|
| committer | Jan Kara <jack@suse.cz> | 2016-05-19 07:00:35 -0400 |
| commit | 7888824b0b1c9c3753d2aedf1d00e7a1c20c18af (patch) | |
| tree | 1fee893e1b2ac9cb85029081986bfafe5f2b5d87 /fs | |
| parent | 3743a03e72b73b6234768bce06d7bf5a57c47285 (diff) | |
udf: Use correct partition reference number for metadata
UDF/OSTA terminology is confusing. Partition Numbers (PNs) are arbitrary
16-bit values, one for each physical partition in the volume. Partition
Reference Numbers (PRNs) are indices into the the Partition Map Table
and do not necessarily equal the PN of the mapped partition.
The current metadata code mistakenly uses the PN instead of the PRN when
mapping metadata blocks to physical/sparable blocks. Windows-created
UDF 2.5 discs for some reason use large, arbitrary PNs, resulting in
mount failure and KASAN read warnings in udf_read_inode().
For example, a NetBSD UDF 2.5 partition might look like this:
PRN PN Type
--- -- ----
0 0 Sparable
1 0 Metadata
Since PRN == PN, we are fine.
But Windows could gives us:
PRN PN Type
--- ---- ----
0 8192 Sparable
1 8192 Metadata
So udf_read_inode() will start out by checking the partition length in
sbi->s_partmaps[8192], which is obviously out of bounds.
Fix this by creating a new field (s_phys_partition_ref) in struct
udf_meta_data, referencing whatever physical or sparable map has the
same partition number as the metadata partition.
[JK: Add comment about s_phys_partition_ref, change its name]
Signed-off-by: Alden Tondettar <alden.tondettar@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/udf/partition.c | 6 | ||||
| -rw-r--r-- | fs/udf/super.c | 22 | ||||
| -rw-r--r-- | fs/udf/udf_sb.h | 5 |
3 files changed, 21 insertions, 12 deletions
diff --git a/fs/udf/partition.c b/fs/udf/partition.c index ca3cde336324..888c364b2fe9 100644 --- a/fs/udf/partition.c +++ b/fs/udf/partition.c | |||
| @@ -295,7 +295,8 @@ static uint32_t udf_try_read_meta(struct inode *inode, uint32_t block, | |||
| 295 | map = &UDF_SB(sb)->s_partmaps[partition]; | 295 | map = &UDF_SB(sb)->s_partmaps[partition]; |
| 296 | /* map to sparable/physical partition desc */ | 296 | /* map to sparable/physical partition desc */ |
| 297 | phyblock = udf_get_pblock(sb, eloc.logicalBlockNum, | 297 | phyblock = udf_get_pblock(sb, eloc.logicalBlockNum, |
| 298 | map->s_partition_num, ext_offset + offset); | 298 | map->s_type_specific.s_metadata.s_phys_partition_ref, |
| 299 | ext_offset + offset); | ||
| 299 | } | 300 | } |
| 300 | 301 | ||
| 301 | brelse(epos.bh); | 302 | brelse(epos.bh); |
| @@ -325,7 +326,8 @@ uint32_t udf_get_pblock_meta25(struct super_block *sb, uint32_t block, | |||
| 325 | udf_warn(sb, "error reading from METADATA, trying to read from MIRROR\n"); | 326 | udf_warn(sb, "error reading from METADATA, trying to read from MIRROR\n"); |
| 326 | if (!(mdata->s_flags & MF_MIRROR_FE_LOADED)) { | 327 | if (!(mdata->s_flags & MF_MIRROR_FE_LOADED)) { |
| 327 | mdata->s_mirror_fe = udf_find_metadata_inode_efe(sb, | 328 | mdata->s_mirror_fe = udf_find_metadata_inode_efe(sb, |
| 328 | mdata->s_mirror_file_loc, map->s_partition_num); | 329 | mdata->s_mirror_file_loc, |
| 330 | mdata->s_phys_partition_ref); | ||
| 329 | if (IS_ERR(mdata->s_mirror_fe)) | 331 | if (IS_ERR(mdata->s_mirror_fe)) |
| 330 | mdata->s_mirror_fe = NULL; | 332 | mdata->s_mirror_fe = NULL; |
| 331 | mdata->s_flags |= MF_MIRROR_FE_LOADED; | 333 | mdata->s_flags |= MF_MIRROR_FE_LOADED; |
diff --git a/fs/udf/super.c b/fs/udf/super.c index 5e2c8c814e1b..4942549e7dc8 100644 --- a/fs/udf/super.c +++ b/fs/udf/super.c | |||
| @@ -951,13 +951,13 @@ out2: | |||
| 951 | } | 951 | } |
| 952 | 952 | ||
| 953 | struct inode *udf_find_metadata_inode_efe(struct super_block *sb, | 953 | struct inode *udf_find_metadata_inode_efe(struct super_block *sb, |
| 954 | u32 meta_file_loc, u32 partition_num) | 954 | u32 meta_file_loc, u32 partition_ref) |
| 955 | { | 955 | { |
| 956 | struct kernel_lb_addr addr; | 956 | struct kernel_lb_addr addr; |
| 957 | struct inode *metadata_fe; | 957 | struct inode *metadata_fe; |
| 958 | 958 | ||
| 959 | addr.logicalBlockNum = meta_file_loc; | 959 | addr.logicalBlockNum = meta_file_loc; |
| 960 | addr.partitionReferenceNum = partition_num; | 960 | addr.partitionReferenceNum = partition_ref; |
| 961 | 961 | ||
| 962 | metadata_fe = udf_iget_special(sb, &addr); | 962 | metadata_fe = udf_iget_special(sb, &addr); |
| 963 | 963 | ||
| @@ -974,7 +974,8 @@ struct inode *udf_find_metadata_inode_efe(struct super_block *sb, | |||
| 974 | return metadata_fe; | 974 | return metadata_fe; |
| 975 | } | 975 | } |
| 976 | 976 | ||
| 977 | static int udf_load_metadata_files(struct super_block *sb, int partition) | 977 | static int udf_load_metadata_files(struct super_block *sb, int partition, |
| 978 | int type1_index) | ||
| 978 | { | 979 | { |
| 979 | struct udf_sb_info *sbi = UDF_SB(sb); | 980 | struct udf_sb_info *sbi = UDF_SB(sb); |
| 980 | struct udf_part_map *map; | 981 | struct udf_part_map *map; |
| @@ -984,20 +985,21 @@ static int udf_load_metadata_files(struct super_block *sb, int partition) | |||
| 984 | 985 | ||
| 985 | map = &sbi->s_partmaps[partition]; | 986 | map = &sbi->s_partmaps[partition]; |
| 986 | mdata = &map->s_type_specific.s_metadata; | 987 | mdata = &map->s_type_specific.s_metadata; |
| 988 | mdata->s_phys_partition_ref = type1_index; | ||
| 987 | 989 | ||
| 988 | /* metadata address */ | 990 | /* metadata address */ |
| 989 | udf_debug("Metadata file location: block = %d part = %d\n", | 991 | udf_debug("Metadata file location: block = %d part = %d\n", |
| 990 | mdata->s_meta_file_loc, map->s_partition_num); | 992 | mdata->s_meta_file_loc, mdata->s_phys_partition_ref); |
| 991 | 993 | ||
| 992 | fe = udf_find_metadata_inode_efe(sb, mdata->s_meta_file_loc, | 994 | fe = udf_find_metadata_inode_efe(sb, mdata->s_meta_file_loc, |
| 993 | map->s_partition_num); | 995 | mdata->s_phys_partition_ref); |
| 994 | if (IS_ERR(fe)) { | 996 | if (IS_ERR(fe)) { |
| 995 | /* mirror file entry */ | 997 | /* mirror file entry */ |
| 996 | udf_debug("Mirror metadata file location: block = %d part = %d\n", | 998 | udf_debug("Mirror metadata file location: block = %d part = %d\n", |
| 997 | mdata->s_mirror_file_loc, map->s_partition_num); | 999 | mdata->s_mirror_file_loc, mdata->s_phys_partition_ref); |
| 998 | 1000 | ||
| 999 | fe = udf_find_metadata_inode_efe(sb, mdata->s_mirror_file_loc, | 1001 | fe = udf_find_metadata_inode_efe(sb, mdata->s_mirror_file_loc, |
| 1000 | map->s_partition_num); | 1002 | mdata->s_phys_partition_ref); |
| 1001 | 1003 | ||
| 1002 | if (IS_ERR(fe)) { | 1004 | if (IS_ERR(fe)) { |
| 1003 | udf_err(sb, "Both metadata and mirror metadata inode efe can not found\n"); | 1005 | udf_err(sb, "Both metadata and mirror metadata inode efe can not found\n"); |
| @@ -1015,7 +1017,7 @@ static int udf_load_metadata_files(struct super_block *sb, int partition) | |||
| 1015 | */ | 1017 | */ |
| 1016 | if (mdata->s_bitmap_file_loc != 0xFFFFFFFF) { | 1018 | if (mdata->s_bitmap_file_loc != 0xFFFFFFFF) { |
| 1017 | addr.logicalBlockNum = mdata->s_bitmap_file_loc; | 1019 | addr.logicalBlockNum = mdata->s_bitmap_file_loc; |
| 1018 | addr.partitionReferenceNum = map->s_partition_num; | 1020 | addr.partitionReferenceNum = mdata->s_phys_partition_ref; |
| 1019 | 1021 | ||
| 1020 | udf_debug("Bitmap file location: block = %d part = %d\n", | 1022 | udf_debug("Bitmap file location: block = %d part = %d\n", |
| 1021 | addr.logicalBlockNum, addr.partitionReferenceNum); | 1023 | addr.logicalBlockNum, addr.partitionReferenceNum); |
| @@ -1283,7 +1285,7 @@ static int udf_load_partdesc(struct super_block *sb, sector_t block) | |||
| 1283 | p = (struct partitionDesc *)bh->b_data; | 1285 | p = (struct partitionDesc *)bh->b_data; |
| 1284 | partitionNumber = le16_to_cpu(p->partitionNumber); | 1286 | partitionNumber = le16_to_cpu(p->partitionNumber); |
| 1285 | 1287 | ||
| 1286 | /* First scan for TYPE1, SPARABLE and METADATA partitions */ | 1288 | /* First scan for TYPE1 and SPARABLE partitions */ |
| 1287 | for (i = 0; i < sbi->s_partitions; i++) { | 1289 | for (i = 0; i < sbi->s_partitions; i++) { |
| 1288 | map = &sbi->s_partmaps[i]; | 1290 | map = &sbi->s_partmaps[i]; |
| 1289 | udf_debug("Searching map: (%d == %d)\n", | 1291 | udf_debug("Searching map: (%d == %d)\n", |
| @@ -1333,7 +1335,7 @@ static int udf_load_partdesc(struct super_block *sb, sector_t block) | |||
| 1333 | goto out_bh; | 1335 | goto out_bh; |
| 1334 | 1336 | ||
| 1335 | if (map->s_partition_type == UDF_METADATA_MAP25) { | 1337 | if (map->s_partition_type == UDF_METADATA_MAP25) { |
| 1336 | ret = udf_load_metadata_files(sb, i); | 1338 | ret = udf_load_metadata_files(sb, i, type1_idx); |
| 1337 | if (ret < 0) { | 1339 | if (ret < 0) { |
| 1338 | udf_err(sb, "error loading MetaData partition map %d\n", | 1340 | udf_err(sb, "error loading MetaData partition map %d\n", |
| 1339 | i); | 1341 | i); |
diff --git a/fs/udf/udf_sb.h b/fs/udf/udf_sb.h index 27b5335730c9..c13875d669c0 100644 --- a/fs/udf/udf_sb.h +++ b/fs/udf/udf_sb.h | |||
| @@ -61,6 +61,11 @@ struct udf_meta_data { | |||
| 61 | __u32 s_bitmap_file_loc; | 61 | __u32 s_bitmap_file_loc; |
| 62 | __u32 s_alloc_unit_size; | 62 | __u32 s_alloc_unit_size; |
| 63 | __u16 s_align_unit_size; | 63 | __u16 s_align_unit_size; |
| 64 | /* | ||
| 65 | * Partition Reference Number of the associated physical / sparable | ||
| 66 | * partition | ||
| 67 | */ | ||
| 68 | __u16 s_phys_partition_ref; | ||
| 64 | int s_flags; | 69 | int s_flags; |
| 65 | struct inode *s_metadata_fe; | 70 | struct inode *s_metadata_fe; |
| 66 | struct inode *s_mirror_fe; | 71 | struct inode *s_mirror_fe; |