[parted-devel] gpt_probe(): possible bug.

Karel Zak kzak at redhat.com
Thu Sep 10 12:55:02 UTC 2009 

On Sat, Sep 05, 2009 at 11:34:42PM +0530, rahul dev wrote:
> --- On Fri, 31/7/09, rahul dev <rahul_dev_agg at yahoo.co.in> wrote:
> 
> > From: rahul dev <rahul_dev_agg at yahoo.co.in>
> > Subject: [parted-devel] gpt_probe(): possible bug.
> > To: parted-devel at lists.alioth.debian.org
> > Date: Friday, 31 July, 2009, 5:43 PM
> > Guys,
> > 
> >   gpt_probe() function doesn't check for
> > GPT_HEADER_SIGNATURE in the backup copy of partition table
> > if the gpt signature is not found in the primary table.
> >
> > if (ped_device_read(dev, pth_raw, 1, GPT_HEADER_SECTORS)
> > || ped_device_read(dev, pth_raw, dev->length - 1,
> > GPT_HEADER_SECTORS)) {
> >        gpt = pth_new_from_raw
> > (dev, pth_raw);
> >        if (gpt->Signature ==
> > PED_CPU_TO_LE64(GPT_HEADER_SIGNATURE))
> >            
> >    gpt_sig_found = 1;
> > }
> > 
> > If the signature is not found in the primary header, it
> > doesn't check for it in the secondary header.
> > 
> > Is this a bug ?

 Yes. Maybe I'm wrong, but I see more bugs in the GPT validation.

         Extensible Firmware Interface Specification
         11.2.2.1 EFI Partition Header
         ....
         The following test must be performed to determine if a GUID Partition
         Table is valid:

         • Check the GUID Partition Table Signature
         • Check the GUID Partition Table CRC
         • Check that the MyLBA entry points to the LBA that contains the GUID
         Partition Table
         • Check the CRC of the GUID Partition Entry Array

 I don't see MyLBA check and GPT Entry array CRC check in  _header_is_valid().
 The GPT Entry array CRC is nowhere checked in the code. It seems like a 
 serious bug.

 The other (less important) problem is that gpt_read() is using
 gpt->AlternateLBA from invalid header (=does not pass validation in
 _read_header() + _header_is_valid()). For example Linux kernel does
 not use any information from the invalid primary header. It seems that 
 more paranoid solution is to use a backup header from last sector and
 ignore AlternateLBA from invalid primary header.

 (Sorry, I don't time to write a patch right now.)

    Karel

-- 
 Karel Zak  <kzak at redhat.com>

More information about the parted-devel mailing list