From 1d8c0f739b7eb6437dc68fdc07939dc2a94ef9d9 Mon Sep 17 00:00:00 2001
From: Timo Warns <Warns@pre-sense.de>
Date: Fri, 25 Feb 2011 14:44:21 -0800
Subject: [PATCH] ldm: corrupted partition table can cause kernel oops

BugLink: http://bugs.launchpad.net/bugs/771382

backported from 294f6cf48666825d23c9372ef37631232746e40d upstream.

The kernel automatically evaluates partition tables of storage devices.
The code for evaluating LDM partitions (in fs/partitions/ldm.c) contains
a bug that causes a kernel oops on certain corrupted LDM partitions.  A
kernel subsystem seems to crash, because, after the oops, the kernel no
longer recognizes newly connected storage devices.

The patch changes ldm_parse_vmdb() to Validate the value of vblk_size.

Signed-off-by: Timo Warns <warns@pre-sense.de>
Cc: Eugene Teo <eugeneteo@kernel.sg>
Acked-by: Richard Russon <ldm@flatcap.org>
Cc: Harvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
---
 fs/partitions/ldm.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/fs/partitions/ldm.c b/fs/partitions/ldm.c
index 7ab1c11..b94e145 100644
--- a/fs/partitions/ldm.c
+++ b/fs/partitions/ldm.c
@@ -256,6 +256,10 @@ static BOOL ldm_parse_vmdb (const u8 *data, struct vmdb *vm)
 	}
 
 	vm->vblk_size     = BE32 (data + 0x08);
+	if (vm->vblk_size == 0) {
+		ldm_error ("Illegal VBLK size");
+		return FALSE;
+	}
 	vm->vblk_offset   = BE32 (data + 0x0C);
 	vm->last_vblk_seq = BE32 (data + 0x04);
 
-- 
1.7.0.4