lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20061121115117.GU6851@gamma.logic.tuwien.ac.at>
Date:	Tue, 21 Nov 2006 12:51:17 +0100
From:	Andreas Leitgeb <avl@...ic.at>
To:	Alan <alan@...rguk.ukuu.org.uk>
Cc:	avl@...ic.at, linux-kernel@...r.kernel.org
Subject: Re: possible bug in ide-disk.c (2.6.18.2 but also older)

On Mon, Nov 20, 2006 at 05:28:12PM +0000, Alan wrote:
> The reason I ask is that they put the partition in the last sector which
> means a block read of the last sector goes off the end of the disk and
> certainly used to be mishandled by the IDE code.

After reading it a second time, I'll see if I got it straight now:

.) the kernel always loads even-aligned pairs of sectors.
.) for an odd-sectored disk, this results in the GPT plus the
     following (non-existent) sector being accessed from disk.
.) the old, unmaintained ide-driver generally does not handle
     the odd-size case right, as it misinterprets the harddisks
     error for the second sector (the one after the end) as a
     general error causing dma to be turned off, after some retries.
     It would also do that, if I later accessed the last sector
     (e.g. dd if=/dev/hda ..., or by accessing a file that happens
     to be stored there per filesystem, if at all possible),
     not just during the initial GPT-check.
.) If I remove the "addr++;", then the harddisk is actually
     believed to be 1 sector smaller than it really is, which
     means that it looks like an even-sized disk. This could mean
     that an eventually existing GPT could be missed. What would
     be the "worst-case" consequences?
.) if ((old ide-driver) && (odd # of sectors)) youre_doomed_anyway(); ?

Right so far?

If yes, then wouldn't it be most sane to generally *ignore*
any trailing single sectors, at least as long as we still have
to deal with old ide driver:
    addr = (addr & ~1) + 1;
Since this piece of code is in the old ide-disk.c, it would
become ineffective automatically, once libpata (or what it's
called) is ready to take over.

Thanks for caring.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ