diff options
| author | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2021-08-17 00:05:17 +0200 |
|---|---|---|
| committer | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2021-08-17 00:05:17 +0200 |
| commit | 4a704a0ad95973249544f3f95e30e328e701a871 (patch) | |
| tree | 861ef383f6de782b5f09c13d2d9d5d65836c03e1 /linux/src | |
| parent | f67a2a46931028753364ab6bcb6a43c12f8303b2 (diff) | |
| download | gnumach-4a704a0ad95973249544f3f95e30e328e701a871.tar.gz gnumach-4a704a0ad95973249544f3f95e30e328e701a871.tar.bz2 gnumach-4a704a0ad95973249544f3f95e30e328e701a871.zip | |
block: Look out for disk sector number overflow
* linux/dev/drivers/block/ahci.c (ahci_do_port_request): Reject sectors
beyond LBA48 or LBA28.
* linux/dev/glue/block.c (check_rw_block): New function.
(rdwr_partial, rdwr_full): Use check_rw_block to reject block number
overflows.
* linux/src/drivers/block/ide.c (do_rw_disk): Reject sectors beyond
LBA28 or CHS.
Diffstat (limited to 'linux/src')
| -rw-r--r-- | linux/src/drivers/block/ide.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/linux/src/drivers/block/ide.c b/linux/src/drivers/block/ide.c index 170e4e13..2d0fc77e 100644 --- a/linux/src/drivers/block/ide.c +++ b/linux/src/drivers/block/ide.c @@ -1475,6 +1475,11 @@ static inline void do_rw_disk (ide_drive_t *drive, struct request *rq, unsigned #else /* !CONFIG_BLK_DEV_PROMISE */ if (drive->select.b.lba) { #endif /* CONFIG_BLK_DEV_PROMISE */ + if (block >= 1UL << 28) { + printk("block %lu beyond LBA28\n", block); + ide_end_request(0, hwif->hwgroup); + return; + } #ifdef DEBUG printk("%s: %sing: LBAsect=%ld, sectors=%ld, buffer=0x%08lx\n", drive->name, (rq->cmd==READ)?"read":"writ", @@ -1491,6 +1496,13 @@ static inline void do_rw_disk (ide_drive_t *drive, struct request *rq, unsigned OUT_BYTE(sect,io_base+IDE_SECTOR_OFFSET); head = track % drive->head; cyl = track / drive->head; + + if (cyl >= 1 << 16) { + printk("block %lu cylinder %u beyond CHS\n", block, cyl); + ide_end_request(0, hwif->hwgroup); + return; + } + OUT_BYTE(cyl,io_base+IDE_LCYL_OFFSET); OUT_BYTE(cyl>>8,io_base+IDE_HCYL_OFFSET); OUT_BYTE(head|drive->select.all,io_base+IDE_SELECT_OFFSET); |