[PATCH 3/6] partitions: gpt: validate mkpart range against GPT usable LBAs

Sascha Hauer s.hauer at pengutronix.de
Wed Jul 1 02:27:36 PDT 2026


efi_partition_mkpart() validated the requested partition range against
hardcoded device geometry: start_lba against a fixed 34 and end_lba
against last_lba(blk) - 33. These offsets assume the default layout of
128 partition entries (32 sectors) plus the backup GPT header.

The authoritative bounds are first_usable_lba and last_usable_lba stored
in the GPT header being modified. They can differ from the hardcoded
values, e.g. when a table is read from disk that was created for a
smaller device (last_usable_lba retains the smaller value until the GPT
is rewritten) or that reserves a differently sized partition entry
array. In those cases the old check allowed a partition to extend past
last_usable_lba, overlapping the reserved backup entry array and GPT
header.

Check start_lba/end_lba against the header's first_usable_lba and
last_usable_lba instead.

Signed-off-by: Sascha Hauer <sascha at saschahauer.de>
---
 common/partitions/efi.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/common/partitions/efi.c b/common/partitions/efi.c
index 98172672ff..59b9fa9b55 100644
--- a/common/partitions/efi.c
+++ b/common/partitions/efi.c
@@ -764,15 +764,18 @@ static __maybe_unused int efi_partition_mkpart(struct partition_desc *pd,
 	gpt_entry *pte;
 	int i;
 	const guid_t *guid;
+	uint64_t first_usable_lba = le64_to_cpu(gpt->first_usable_lba);
+	uint64_t last_usable_lba = le64_to_cpu(gpt->last_usable_lba);
 
-	if (start_lba < 34) {
-		pr_err("invalid start LBA %lld, minimum is 34\n", start_lba);
+	if (start_lba < first_usable_lba) {
+		pr_err("invalid start LBA %lld, minimum is %lld\n", start_lba,
+		       first_usable_lba);
 		return -EINVAL;
 	}
 
-	if (end_lba >= last_lba(pd->blk) - 33) {
+	if (end_lba > last_usable_lba) {
 		pr_err("invalid end LBA %lld, maximum is %lld\n", end_lba,
-		       last_lba(pd->blk) - 34);
+		       last_usable_lba);
 		return -EINVAL;
 	}
 

-- 
2.47.3




More information about the barebox mailing list