[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2] ide: atapi: check logical block address and read size (CV
|
From: |
P J P |
|
Subject: |
Re: [PATCH v2] ide: atapi: check logical block address and read size (CVE-2020-29443) |
|
Date: |
Mon, 18 Jan 2021 17:14:08 +0530 (IST) |
+-- On Mon, 18 Jan 2021, Paolo Bonzini wrote --+
| Thank you! This looks great.
| With the small spacing fix suggested by checkpatch,
| Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Thank you. Will send patch v3 with space typo fix.
| You may add a small patch on top to clamp s->nb_sectors at (uint64_t)INT_MAX
| << 2, just to be super safe.
To confirm:
* (uint64_t)INT_MAX << 2 is => 8589934588 ~= 8.5G sectors ?
Media size would be:
8.5G * 512B(sector) => ~4TB
8.5G * 4096B(sector) => ~32TB
* We are limiting IDE media size to ~4TB/~32TB ?
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
Re: [PATCH v2] ide: atapi: check logical block address and read size (CVE-2020-29443), Philippe Mathieu-Daudé, 2021/01/18