SRU: partx wraps partition offset and length mod 2^32 (2^23 sectors)

Bug #1389321 reported by h1repp on 2014-11-04
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
util-linux (Ubuntu)
Trusty
High
Phillip Susi

Bug Description

[Impact]

Partx is used to activate partitions on loopback devices. It is had a bug causing it to overflow and wraparound at the 4 GB mark, causing it to put the partitions in the wrong place giving access to the wrong areas of the disk, which at best, renders the activated partitions unusable, and at worst, may cause corrupt data to be written to disk.

[Test Case]

truncate -s 6g img
sudo losetup /dev/loop0 img
sudo parted -s /dev/loop0 mklabel msdos mkpart primary ext2 5g 6g
cat /sys/block/loop0/loop0p1/start

The value should be 9764864, which corresponds to 4999610368 bytes. Instead the bug causes it to be 1376256, or 704643072 bytes.

[Regression Potential]

None. The fix was simply to change the data type of the argument to partx_add_partition from 32 bit ( unsigned long ) to 64 bit ( unsigned long long ), which upstream did long ago.

Related branches

Phillip Susi (psusi) on 2014-11-04
Changed in util-linux (Ubuntu):
assignee: nobody → Phillip Susi (psusi)
importance: Undecided → High
status: New → In Progress
Phillip Susi (psusi) wrote :

Yep, it's using the wrong data type. On amd64 it maps to a 64 bit int, which is why I never noticed this. On 32 bit platforms however, it maps to 32 bits.

Phillip Susi (psusi) wrote :

Nevermind, I misread things... it was simply using 32 bits all the time in trusty. This was fixed upstream long ago so does not affect 13.10.

Phillip Susi (psusi) on 2014-11-05
description: updated
summary: - partx wraps partition offset and length mod 2^32 (2^23 sectors)
+ SRU: partx wraps partition offset and length mod 2^32 (2^23 sectors)
Phillip Susi (psusi) on 2014-11-05
Changed in util-linux (Ubuntu Trusty):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Phillip Susi (psusi)
no longer affects: util-linux (Ubuntu)
Martin Pitt (pitti) wrote :

Thanks Phillip! Uploaded the patch to trusty-proposed (BTW, attaching simple debdiffs makes review and sponsoring much simpler and faster; UDD is quite broken especially for SRUs).

Phillip Susi (psusi) wrote :

Oh, I didn't know that. Will do next time.

Hello h1repp, or anyone else affected,

Accepted util-linux into trusty-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/util-linux/2.20.1-5.1ubuntu20.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in util-linux (Ubuntu Trusty):
status: In Progress → Fix Committed
h1repp (heinz-repp) wrote :

Phillip and all others: thank you for your incredibly quick response and the fix you provided in no time!

I did test the newly built package util-linux_2.20.1-5.1ubuntu20.3_i386.deb and can confirm: partx from this package gets offset and sizes right with the same loop device where the previous version failed. So this fix works for me, and I will change the status accordingly.

tags: added: verfication-done
h1repp (heinz-repp) on 2014-11-07
tags: added: verification-done
removed: verfication-done
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package util-linux - 2.20.1-5.1ubuntu20.3

---------------
util-linux (2.20.1-5.1ubuntu20.3) trusty; urgency=medium

  * partx/partx.h: Fix partx_add_partition to take 64 bit
    offsets to avoid wrapping above 4 GB (LP: #1389321)
 -- Phillip Susi <email address hidden> Wed, 05 Nov 2014 11:30:17 -0500

Changed in util-linux (Ubuntu Trusty):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for util-linux has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers