| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240917070729.15752-1-amishin@t-argos.ru>
Date: Tue, 17 Sep 2024 10:07:29 +0300
From: Aleksandr Mishin <amishin@...rgos.ru>
To: Shaohua Li <shli@...com>
CC: Aleksandr Mishin <amishin@...rgos.ru>, Jens Axboe <axboe@...nel.dk>,
Damien Le Moal <dlemoal@...nel.org>, Hannes Reinecke <hare@...e.de>, Johannes
Thumshirn <johannes.thumshirn@....com>, Chaitanya Kulkarni <kch@...dia.com>,
Zhu Yanjun <yanjun.zhu@...ux.dev>, Chengming Zhou
<zhouchengming@...edance.com>, John Garry <john.g.garry@...cle.com>, Yu Kuai
<yukuai3@...wei.com>, Shin'ichiro Kawasaki <shinichiro.kawasaki@....com>,
<linux-block@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
<lvc-project@...uxtesting.org>
Subject: [PATCH] nullb: Adjust device size calculation in null_alloc_dev()
In null_alloc_dev() device size is a subject to overflow because 'g_gb'
(which is module parameter, may have any value and is not validated
anywhere) is not cast to a larger data type before performing arithmetic.
Cast 'g_gb' to unsigned long to prevent overflow.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 2984c8684f96 ("nullb: factor disk parameters")
Signed-off-by: Aleksandr Mishin <amishin@...rgos.ru>
---
drivers/block/null_blk/main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/block/null_blk/main.c b/drivers/block/null_blk/main.c
index 2f0431e42c49..5edbf9c0aceb 100644
--- a/drivers/block/null_blk/main.c
+++ b/drivers/block/null_blk/main.c
@@ -762,7 +762,7 @@ static struct nullb_device *null_alloc_dev(void)
return NULL;
}
- dev->size = g_gb * 1024;
+ dev->size = (unsigned long)g_gb * 1024;
dev->completion_nsec = g_completion_nsec;
dev->submit_queues = g_submit_queues;
dev->prev_submit_queues = g_submit_queues;
--
2.30.2
Powered by blists - more mailing lists