From: Jan Kara <jack@suse.cz>
To: "Pali Rohár" <pali.rohar@gmail.com>
Cc: Jan Kara <jack@suse.cz>, linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH 2/6] udf: Simplify handling of Volume Descriptor Pointers
Date: Thu, 15 Feb 2018 09:43:12 +0100 [thread overview]
Message-ID: <20180215084312.u4icv4ecdiflwpmy@quack2.suse.cz> (raw)
In-Reply-To: <20180214172603.z4sl5qhrxxsscltu@pali>
On Wed 14-02-18 18:26:03, Pali Roh�r wrote:
> On Wednesday 14 February 2018 11:28:46 Jan Kara wrote:
> > According to ECMA-167 3/8.4.2 Volume Descriptor Pointer is terminating
> > current extent of Volume Descriptor Sequence. Also according to ECMA-167
> > 3/8.4.3 Volume Descriptor Sequence Number is not significant for Volume
> > Descriptor Pointers. Simplify the handling of Volume Descriptor Pointers
> > to take this into account.
> >
> > Signed-off-by: Jan Kara <jack@suse.cz>
> > ---
> > fs/udf/super.c | 41 ++++++++++++++++-------------------------
> > 1 file changed, 16 insertions(+), 25 deletions(-)
> >
> > diff --git a/fs/udf/super.c b/fs/udf/super.c
> > index 5c5d5fd513cc..f80b97173acd 100644
> > --- a/fs/udf/super.c
> > +++ b/fs/udf/super.c
> > @@ -1615,7 +1615,6 @@ static noinline int udf_process_sequence(
> > bool done = false;
> > uint32_t vdsn;
> > uint16_t ident;
> > - long next_s = 0, next_e = 0;
> > int ret;
> > unsigned int indirections = 0;
> >
> > @@ -1647,19 +1646,22 @@ static noinline int udf_process_sequence(
> > }
> > break;
> > case TAG_IDENT_VDP: /* ISO 13346 3/10.3 */
> > - curr = &vds[VDS_POS_VOL_DESC_PTR];
> > - if (vdsn >= curr->volDescSeqNum) {
> > - curr->volDescSeqNum = vdsn;
> > - curr->block = block;
> > -
> > - vdp = (struct volDescPtr *)bh->b_data;
> > - next_s = le32_to_cpu(
> > - vdp->nextVolDescSeqExt.extLocation);
> > - next_e = le32_to_cpu(
> > - vdp->nextVolDescSeqExt.extLength);
> > - next_e = next_e >> sb->s_blocksize_bits;
> > - next_e += next_s - 1;
> > + if (++indirections > UDF_MAX_TD_NESTING) {
> > + udf_err(sb, "too many Volume Descriptor "
> > + "Pointers (max %u supported)\n",
> > + UDF_MAX_TD_NESTING);
> > + brelse(bh);
> > + return -EIO;
> > }
> > +
> > + vdp = (struct volDescPtr *)bh->b_data;
> > + block = le32_to_cpu(vdp->nextVolDescSeqExt.extLocation);
>
> Another pathological case: disc with two (or more) VDP descriptors and
> each points to another in cycle.
>
> Seems that this would not cause infinite loop due to
> UDF_MAX_TD_NESTING, but probably can cause some troubles.
Yes. Such disk is invalid so our only goal is not to crash / livelock the
kernel and UDF_MAX_TD_NESTING protection is enough for that.
Honza
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
next prev parent reply other threads:[~2018-02-15 8:43 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-14 10:28 [PATCH 0/6] udf: Fix processing of Volume Descriptor Sequence Jan Kara
2018-02-14 10:28 ` [PATCH 1/6] udf: Fix off-by-one in volume descriptor sequence length Jan Kara
2018-02-14 10:28 ` [PATCH 2/6] udf: Simplify handling of Volume Descriptor Pointers Jan Kara
2018-02-14 17:26 ` Pali Rohár
2018-02-15 8:43 ` Jan Kara [this message]
2018-02-15 22:33 ` Pali Rohár
2018-02-16 10:16 ` Jan Kara
2018-02-14 10:28 ` [PATCH 3/6] udf: Allow volume descriptor sequence to be terminated by unrecorded block Jan Kara
2018-02-14 10:28 ` [PATCH 4/6] udf: Convert descriptor index definitions to enum Jan Kara
2018-02-14 10:28 ` [PATCH 5/6] udf: Unify common handling of descriptors Jan Kara
2018-02-14 10:28 ` [PATCH 6/6] udf: Fix handling of Partition Descriptors Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180215084312.u4icv4ecdiflwpmy@quack2.suse.cz \
--to=jack@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=pali.rohar@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.