From 4632a71fdacfcf126501de6cb73f6a82be34f215 Mon Sep 17 00:00:00 2001
From: zhangyao <zhangyao108@huawei.com>
Date: Thu, 16 Mar 2023 09:28:27 +0800
Subject: [PATCH] nvidia_raid: validate checksum

---
 ...bblkid-nvidia_raid-validate-checksum.patch | 55 +++++++++++++++++++
 ...d-nvidia_raid-verify-superblock-size.patch | 38 +++++++++++++
 util-linux.spec                               | 12 +++-
 3 files changed, 104 insertions(+), 1 deletion(-)
 create mode 100644 backport-libblkid-nvidia_raid-validate-checksum.patch
 create mode 100644 backport-libblkid-nvidia_raid-verify-superblock-size.patch

diff --git a/backport-libblkid-nvidia_raid-validate-checksum.patch b/backport-libblkid-nvidia_raid-validate-checksum.patch
new file mode 100644
index 0000000..2915295
--- /dev/null
+++ b/backport-libblkid-nvidia_raid-validate-checksum.patch
@@ -0,0 +1,55 @@
+From 8a08c34aad61cb59c977212458bf55f5a81186e8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas@t-8ch.de>
+Date: Thu, 2 Mar 2023 15:54:39 +0000
+Subject: [PATCH] libblkid: nvidia_raid: validate checksum
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+See #1843
+
+Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
+---
+ libblkid/src/superblocks/nvidia_raid.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/libblkid/src/superblocks/nvidia_raid.c b/libblkid/src/superblocks/nvidia_raid.c
+index 35c663c8d..f59a0e100 100644
+--- a/libblkid/src/superblocks/nvidia_raid.c
++++ b/libblkid/src/superblocks/nvidia_raid.c
+@@ -27,6 +27,14 @@ struct nv_metadata {
+ #define NVIDIA_SUPERBLOCK_SIZE		120
+ 
+ 
++static int nvraid_verify_checksum(blkid_probe pr, const struct nv_metadata *nv)
++{
++	uint32_t csum = le32_to_cpu(nv->chksum);
++	for (size_t i = 0; i < le32_to_cpu(nv->size); i++)
++		csum += le32_to_cpu(((uint32_t *) nv)[i]);
++	return blkid_probe_verify_csum(pr, csum, le32_to_cpu(nv->chksum));
++}
++
+ static int probe_nvraid(blkid_probe pr,
+ 		const struct blkid_idmag *mag __attribute__((__unused__)))
+ {
+@@ -42,7 +50,7 @@ static int probe_nvraid(blkid_probe pr,
+ 	nv = (struct nv_metadata *)
+ 		blkid_probe_get_buffer(pr,
+ 				off,
+-				sizeof(struct nv_metadata));
++				NVIDIA_SUPERBLOCK_SIZE);
+ 	if (!nv)
+ 		return errno ? -errno : 1;
+ 
+@@ -50,6 +58,8 @@ static int probe_nvraid(blkid_probe pr,
+ 		return 1;
+ 	if (le32_to_cpu(nv->size) * 4 != NVIDIA_SUPERBLOCK_SIZE)
+ 		return 1;
++	if (!nvraid_verify_checksum(pr, nv))
++		return 1;
+ 	if (blkid_probe_sprintf_version(pr, "%u", le16_to_cpu(nv->version)) != 0)
+ 		return 1;
+ 	if (blkid_probe_set_magic(pr, off, sizeof(nv->vendor),
+-- 
+2.27.0
+
diff --git a/backport-libblkid-nvidia_raid-verify-superblock-size.patch b/backport-libblkid-nvidia_raid-verify-superblock-size.patch
new file mode 100644
index 0000000..62ea0b5
--- /dev/null
+++ b/backport-libblkid-nvidia_raid-verify-superblock-size.patch
@@ -0,0 +1,38 @@
+From d8d164db5ee217034dea7788263b532114bcd2fd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas@t-8ch.de>
+Date: Thu, 2 Mar 2023 15:27:58 +0000
+Subject: [PATCH] libblkid: nvidia_raid: verify superblock size
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
+---
+ libblkid/src/superblocks/nvidia_raid.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/libblkid/src/superblocks/nvidia_raid.c b/libblkid/src/superblocks/nvidia_raid.c
+index 5db8ec260..35c663c8d 100644
+--- a/libblkid/src/superblocks/nvidia_raid.c
++++ b/libblkid/src/superblocks/nvidia_raid.c
+@@ -24,6 +24,8 @@ struct nv_metadata {
+ } __attribute__((packed));
+ 
+ #define NVIDIA_SIGNATURE		"NVIDIA"
++#define NVIDIA_SUPERBLOCK_SIZE		120
++
+ 
+ static int probe_nvraid(blkid_probe pr,
+ 		const struct blkid_idmag *mag __attribute__((__unused__)))
+@@ -46,6 +48,8 @@ static int probe_nvraid(blkid_probe pr,
+ 
+ 	if (memcmp(nv->vendor, NVIDIA_SIGNATURE, sizeof(NVIDIA_SIGNATURE)-1) != 0)
+ 		return 1;
++	if (le32_to_cpu(nv->size) * 4 != NVIDIA_SUPERBLOCK_SIZE)
++		return 1;
+ 	if (blkid_probe_sprintf_version(pr, "%u", le16_to_cpu(nv->version)) != 0)
+ 		return 1;
+ 	if (blkid_probe_set_magic(pr, off, sizeof(nv->vendor),
+-- 
+2.27.0
+
diff --git a/util-linux.spec b/util-linux.spec
index 9cead94..d033fbb 100644
--- a/util-linux.spec
+++ b/util-linux.spec
@@ -3,7 +3,7 @@
 
 Name:           util-linux
 Version:        2.37.2
-Release:        16
+Release:        17
 Summary:        A random collection of Linux utilities
 License:        GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain
 URL:            https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git
@@ -71,6 +71,8 @@ Patch6049:      backport-wdctl-mark-flags-field-as-unsigned-long.patch
 Patch6050:      backport-login-never-send-signals-to-init.patch
 Patch6051:      backport-mkswap-do-not-use-uninitialized-stack-value.patch
 Patch6052:      backport-lib-pager-fix-signal-safety-issues.patch
+Patch6053:	backport-libblkid-nvidia_raid-verify-superblock-size.patch
+Patch6054:	backport-libblkid-nvidia_raid-validate-checksum.patch
 
 Patch9000:      Add-check-to-resolve-uname26-version-test-failed.patch
 Patch9001:      SKIPPED-no-root-permissions-test.patch
@@ -441,6 +443,14 @@ fi
 %{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*}
 
 %changelog
+* Thu Mar 16 2023 zhangyao <zhangyao108@huawei.com> - 2.37.2-17
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:nvidia_raid: validate checksum
+       [add] backport-libblkid-nvidia_raid-verify-superblock-size.patch
+       backport-libblkid-nvidia_raid-validate-checksum.patch
+
 * Wed Mar 8 2023 zhangyao <zhangyao108@huawei.com> - 2.37.2-16
 - Type:bugfix
 - CVE:NA
-- 
Gitee