Skip to content
Commit e82fc785 authored by Ming Lei's avatar Ming Lei Committed by Jens Axboe
Browse files

block: don't create too many partitions 

Commit a33df75c

 ("block: use an xarray for disk->part_tbl") drops the
check on max supported number of partitionsr, and allows partition with
bigger partition numbers to be added. However, ->bd_partno is defined as
u8, so partition index of xarray table may not match with ->bd_partno.
Then delete_partition() may delete one unmatched partition, and caused
use-after-free.

Reviewed-by: default avatarBart Van Assche <bvanassche@acm.org>
Reported-by: default avatar <syzbot+8fede7e30c7cee0de139@syzkaller.appspotmail.com>
Fixes: a33df75c

 ("block: use an xarray for disk->part_tbl")
Signed-off-by: default avatarMing Lei <ming.lei@redhat.com>
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent 7de55b7d
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment