[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240213160554.35cpsfqqeqpgtux2@quack3>
Date: Tue, 13 Feb 2024 17:05:54 +0100
From: Jan Kara <jack@...e.cz>
To: Baokun Li <libaokun1@...wei.com>
Cc: linux-ext4@...r.kernel.org, tytso@....edu, adilger.kernel@...ger.ca,
jack@...e.cz, ritesh.list@...il.com, linux-kernel@...r.kernel.org,
yi.zhang@...wei.com, yangerkun@...wei.com, chengzhihao1@...wei.com,
yukuai3@...wei.com
Subject: Re: [PATCH 1/7] ext4: avoid overflow when setting values via sysfs
On Fri 26-01-24 16:57:10, Baokun Li wrote:
> When setting values of type unsigned int through sysfs, we use kstrtoul()
> to parse it and then truncate part of it as the final set value, when the
> set value is greater than UINT_MAX, the set value will not match what we
> see because of the truncation. As follows:
>
> $ echo 4294967296 > /sys/fs/ext4/sda/mb_max_linear_groups
> $ cat /sys/fs/ext4/sda/mb_max_linear_groups
> 0
>
> So when the value set is outside the variable type range, -EINVAL is
> returned to avoid the inconsistency described above. In addition, a
> judgment is added to avoid setting s_resv_clusters less than 0.
>
> Signed-off-by: Baokun Li <libaokun1@...wei.com>
> ---
> fs/ext4/sysfs.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c
> index 6d332dff79dd..3671a8aaf4af 100644
> --- a/fs/ext4/sysfs.c
> +++ b/fs/ext4/sysfs.c
> @@ -104,7 +104,7 @@ static ssize_t reserved_clusters_store(struct ext4_sb_info *sbi,
> int ret;
>
> ret = kstrtoull(skip_spaces(buf), 0, &val);
> - if (ret || val >= clusters)
> + if (ret || val >= clusters || (s64)val < 0)
> return -EINVAL;
This looks a bit pointless, doesn't it? 'val' is u64, clusters is u64. We
know that val < clusters so how could (s64)val be < 0?
> @@ -463,6 +463,8 @@ static ssize_t ext4_attr_store(struct kobject *kobj,
> ret = kstrtoul(skip_spaces(buf), 0, &t);
> if (ret)
> return ret;
> + if (t != (unsigned int)t)
> + return -EINVAL;
> if (a->attr_ptr == ptr_ext4_super_block_offset)
> *((__le32 *) ptr) = cpu_to_le32(t);
> else
I kind of agree with Alexey that using kstrtouint() here instead would look
nicer. And it isn't like you have to define many new variables. You just
need unsigned long for attr_pointer_ul and unsigned int for
attr_pointer_ui.
Honza
--
Jan Kara <jack@...e.com>
SUSE Labs, CR
Powered by blists - more mailing lists