udf: Verify domain identifier fields
OSTA UDF standard defines that domain identifier in logical volume descriptor and file set descriptor should contain a particular string and the identifier suffix contains flags possibly making media write-protected. Verify these constraints and allow only read-only mount if they are not met. Tested-by: Steven J. Magnani <steve@digidescorp.com> Reviewed-by: Steven J. Magnani <steve@digidescorp.com> Signed-off-by: Jan Kara <jack@suse.cz>
This commit is contained in:
Jan Kara
parent
c3367a1b47
commit
2dee5aac05
|
|
@ -88,6 +88,20 @@ struct regid {
|
||||||
#define ENTITYID_FLAGS_DIRTY 0x00
|
#define ENTITYID_FLAGS_DIRTY 0x00
|
||||||
#define ENTITYID_FLAGS_PROTECTED 0x01
|
#define ENTITYID_FLAGS_PROTECTED 0x01
|
||||||
|
|
||||||
|
/* OSTA UDF 2.1.5.2 */
|
||||||
|
#define UDF_ID_COMPLIANT "*OSTA UDF Compliant"
|
||||||
|
|
||||||
|
/* OSTA UDF 2.1.5.3 */
|
||||||
|
struct domainEntityIDSuffix {
|
||||||
|
uint16_t revision;
|
||||||
|
uint8_t flags;
|
||||||
|
uint8_t reserved[5];
|
||||||
|
};
|
||||||
|
|
||||||
|
/* OSTA UDF 2.1.5.3 */
|
||||||
|
#define ENTITYIDSUFFIX_FLAGS_HARDWRITEPROTECT 0
|
||||||
|
#define ENTITYIDSUFFIX_FLAGS_SOFTWRITEPROTECT 1
|
||||||
|
|
||||||
/* Volume Structure Descriptor (ECMA 167r3 2/9.1) */
|
/* Volume Structure Descriptor (ECMA 167r3 2/9.1) */
|
||||||
#define VSD_STD_ID_LEN 5
|
#define VSD_STD_ID_LEN 5
|
||||||
struct volStructDesc {
|
struct volStructDesc {
|
||||||
|
|
|
||||||
|
|
@ -94,7 +94,7 @@ static int udf_remount_fs(struct super_block *, int *, char *);
|
||||||
static void udf_load_logicalvolint(struct super_block *, struct kernel_extent_ad);
|
static void udf_load_logicalvolint(struct super_block *, struct kernel_extent_ad);
|
||||||
static int udf_find_fileset(struct super_block *, struct kernel_lb_addr *,
|
static int udf_find_fileset(struct super_block *, struct kernel_lb_addr *,
|
||||||
struct kernel_lb_addr *);
|
struct kernel_lb_addr *);
|
||||||
static void udf_load_fileset(struct super_block *, struct buffer_head *,
|
static int udf_load_fileset(struct super_block *, struct fileSetDesc *,
|
||||||
struct kernel_lb_addr *);
|
struct kernel_lb_addr *);
|
||||||
static void udf_open_lvid(struct super_block *);
|
static void udf_open_lvid(struct super_block *);
|
||||||
static void udf_close_lvid(struct super_block *);
|
static void udf_close_lvid(struct super_block *);
|
||||||
|
|
@ -775,28 +775,27 @@ static int udf_find_fileset(struct super_block *sb,
|
||||||
{
|
{
|
||||||
struct buffer_head *bh = NULL;
|
struct buffer_head *bh = NULL;
|
||||||
uint16_t ident;
|
uint16_t ident;
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
if (fileset->logicalBlockNum == 0xFFFFFFFF &&
|
||||||
|
fileset->partitionReferenceNum == 0xFFFF)
|
||||||
|
return -EINVAL;
|
||||||
|
|
||||||
if (fileset->logicalBlockNum != 0xFFFFFFFF ||
|
|
||||||
fileset->partitionReferenceNum != 0xFFFF) {
|
|
||||||
bh = udf_read_ptagged(sb, fileset, 0, &ident);
|
bh = udf_read_ptagged(sb, fileset, 0, &ident);
|
||||||
|
if (!bh)
|
||||||
if (!bh) {
|
return -EIO;
|
||||||
return 1;
|
if (ident != TAG_IDENT_FSD) {
|
||||||
} else if (ident != TAG_IDENT_FSD) {
|
|
||||||
brelse(bh);
|
brelse(bh);
|
||||||
return 1;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
udf_debug("Fileset at block=%u, partition=%u\n",
|
udf_debug("Fileset at block=%u, partition=%u\n",
|
||||||
fileset->logicalBlockNum,
|
fileset->logicalBlockNum, fileset->partitionReferenceNum);
|
||||||
fileset->partitionReferenceNum);
|
|
||||||
|
|
||||||
UDF_SB(sb)->s_partition = fileset->partitionReferenceNum;
|
UDF_SB(sb)->s_partition = fileset->partitionReferenceNum;
|
||||||
udf_load_fileset(sb, bh, root);
|
ret = udf_load_fileset(sb, (struct fileSetDesc *)bh->b_data, root);
|
||||||
brelse(bh);
|
brelse(bh);
|
||||||
return 0;
|
return ret;
|
||||||
}
|
|
||||||
return 1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
@ -952,19 +951,53 @@ static int udf_load_metadata_files(struct super_block *sb, int partition,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void udf_load_fileset(struct super_block *sb, struct buffer_head *bh,
|
static int udf_verify_domain_identifier(struct super_block *sb,
|
||||||
|
struct regid *ident, char *dname)
|
||||||
|
{
|
||||||
|
struct domainEntityIDSuffix *suffix;
|
||||||
|
|
||||||
|
if (memcmp(ident->ident, UDF_ID_COMPLIANT, strlen(UDF_ID_COMPLIANT))) {
|
||||||
|
udf_warn(sb, "Not OSTA UDF compliant %s descriptor.\n", dname);
|
||||||
|
goto force_ro;
|
||||||
|
}
|
||||||
|
if (ident->flags & (1 << ENTITYID_FLAGS_DIRTY)) {
|
||||||
|
udf_warn(sb, "Possibly not OSTA UDF compliant %s descriptor.\n",
|
||||||
|
dname);
|
||||||
|
goto force_ro;
|
||||||
|
}
|
||||||
|
suffix = (struct domainEntityIDSuffix *)ident->identSuffix;
|
||||||
|
if (suffix->flags & (1 << ENTITYIDSUFFIX_FLAGS_HARDWRITEPROTECT) ||
|
||||||
|
suffix->flags & (1 << ENTITYIDSUFFIX_FLAGS_SOFTWRITEPROTECT)) {
|
||||||
|
if (!sb_rdonly(sb)) {
|
||||||
|
udf_warn(sb, "Descriptor for %s marked write protected."
|
||||||
|
" Forcing read only mount.\n", dname);
|
||||||
|
}
|
||||||
|
goto force_ro;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
force_ro:
|
||||||
|
if (!sb_rdonly(sb))
|
||||||
|
return -EACCES;
|
||||||
|
UDF_SET_FLAG(sb, UDF_FLAG_RW_INCOMPAT);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int udf_load_fileset(struct super_block *sb, struct fileSetDesc *fset,
|
||||||
struct kernel_lb_addr *root)
|
struct kernel_lb_addr *root)
|
||||||
{
|
{
|
||||||
struct fileSetDesc *fset;
|
int ret;
|
||||||
|
|
||||||
fset = (struct fileSetDesc *)bh->b_data;
|
ret = udf_verify_domain_identifier(sb, &fset->domainIdent, "file set");
|
||||||
|
if (ret < 0)
|
||||||
|
return ret;
|
||||||
|
|
||||||
*root = lelb_to_cpu(fset->rootDirectoryICB.extLocation);
|
*root = lelb_to_cpu(fset->rootDirectoryICB.extLocation);
|
||||||
|
|
||||||
UDF_SB(sb)->s_serial_number = le16_to_cpu(fset->descTag.tagSerialNum);
|
UDF_SB(sb)->s_serial_number = le16_to_cpu(fset->descTag.tagSerialNum);
|
||||||
|
|
||||||
udf_debug("Rootdir at block=%u, partition=%u\n",
|
udf_debug("Rootdir at block=%u, partition=%u\n",
|
||||||
root->logicalBlockNum, root->partitionReferenceNum);
|
root->logicalBlockNum, root->partitionReferenceNum);
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int udf_compute_nr_groups(struct super_block *sb, u32 partition)
|
int udf_compute_nr_groups(struct super_block *sb, u32 partition)
|
||||||
|
|
@ -1375,6 +1408,10 @@ static int udf_load_logicalvol(struct super_block *sb, sector_t block,
|
||||||
goto out_bh;
|
goto out_bh;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ret = udf_verify_domain_identifier(sb, &lvd->domainIdent,
|
||||||
|
"logical volume");
|
||||||
|
if (ret)
|
||||||
|
goto out_bh;
|
||||||
ret = udf_sb_alloc_partition_maps(sb, le32_to_cpu(lvd->numPartitionMaps));
|
ret = udf_sb_alloc_partition_maps(sb, le32_to_cpu(lvd->numPartitionMaps));
|
||||||
if (ret)
|
if (ret)
|
||||||
goto out_bh;
|
goto out_bh;
|
||||||
|
|
@ -2227,9 +2264,9 @@ static int udf_fill_super(struct super_block *sb, void *options, int silent)
|
||||||
UDF_SET_FLAG(sb, UDF_FLAG_RW_INCOMPAT);
|
UDF_SET_FLAG(sb, UDF_FLAG_RW_INCOMPAT);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (udf_find_fileset(sb, &fileset, &rootdir)) {
|
ret = udf_find_fileset(sb, &fileset, &rootdir);
|
||||||
|
if (ret < 0) {
|
||||||
udf_warn(sb, "No fileset found\n");
|
udf_warn(sb, "No fileset found\n");
|
||||||
ret = -EINVAL;
|
|
||||||
goto error_out;
|
goto error_out;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue