From patchwork Tue Jan 22 21:58:14 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alex Elder X-Patchwork-Id: 2021011 Return-Path: X-Original-To: patchwork-ceph-devel@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork2.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork2.kernel.org (Postfix) with ESMTP id E2752DF2EB for ; Tue, 22 Jan 2013 21:58:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755608Ab3AVV6V (ORCPT ); Tue, 22 Jan 2013 16:58:21 -0500 Received: from mail-ie0-f177.google.com ([209.85.223.177]:62891 "EHLO mail-ie0-f177.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755151Ab3AVV6R (ORCPT ); Tue, 22 Jan 2013 16:58:17 -0500 Received: by mail-ie0-f177.google.com with SMTP id k13so12130943iea.8 for ; Tue, 22 Jan 2013 13:58:17 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding :x-gm-message-state; bh=yuSE+dgnFfbrc1yQQwOhftabbPY85rm/yVZvS3OvBo0=; b=Rh+9eDRldF0nXYwWdrv86imxmb0byeJQlCKqFjvQcj7FPbhY0eAezQdZR6OQoavdWX cAY1vrYo7o9VBfMmt0Oq8adHDgHImMLhG9Psq2qxIggkdN2s2hmhn8VZ8JzNP31Fu39P H8BDPS4wz6LEmvVhAnCyV5308v9dUcNHX0d0jPXQFmoan8QaxvoXqpQdV9/qdsNQIWSL yn18JnKtQkJYDDhiYbBwWA2nu3JHRHd2yPGGfzmW2p29capUQ199hTNw9skiS88a50Fw gpHOIOCyjAJ5AE0SUD3WtV9+ILDtklgipmzsEgTV/cvpnV2wh8bs48jT2BDvl7J6VA7z 4AVg== X-Received: by 10.50.77.133 with SMTP id s5mr13285892igw.110.1358891896740; Tue, 22 Jan 2013 13:58:16 -0800 (PST) Received: from [172.22.22.4] (c-71-195-31-37.hsd1.mn.comcast.net. [71.195.31.37]) by mx.google.com with ESMTPS id vq4sm11670432igb.10.2013.01.22.13.58.15 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 22 Jan 2013 13:58:15 -0800 (PST) Message-ID: <50FF0B76.5040402@inktank.com> Date: Tue, 22 Jan 2013 15:58:14 -0600 From: Alex Elder User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130106 Thunderbird/17.0.2 MIME-Version: 1.0 To: "ceph-devel@vger.kernel.org" Subject: [PATCH 2/3] rbd: check for overflow in rbd_get_num_segments() References: <50FF0B22.5060201@inktank.com> In-Reply-To: <50FF0B22.5060201@inktank.com> X-Gm-Message-State: ALoCoQnW81mVbyqppy1zED+sX7GcdziojBXpq9wr1ak8d4tBuc+uzcltJZulQKSTuPsr37NRyEGr Sender: ceph-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org The return type of rbd_get_num_segments() is int, but the values it operates on are u64. Although it's not likely, there's no guarantee the result won't exceed what can be respresented in an int. The function is already designed to return -ERANGE on error, so just add this possible overflow as another reason to return that. Signed-off-by: Alex Elder Reviewed-by: Dan Mick Reviewed-by: Josh Durgin --- drivers/block/rbd.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) return 0; @@ -829,7 +830,11 @@ static int rbd_get_num_segments(struct rbd_image_header *header, start_seg = ofs >> header->obj_order; end_seg = (ofs + len - 1) >> header->obj_order; - return end_seg - start_seg + 1; + result = end_seg - start_seg + 1; + if (result > (u64) INT_MAX) + return -ERANGE; + + return (int) result; } /* diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c index 4ed0741..58d01e3 100644 --- a/drivers/block/rbd.c +++ b/drivers/block/rbd.c @@ -820,6 +820,7 @@ static int rbd_get_num_segments(struct rbd_image_header *header, { u64 start_seg; u64 end_seg; + u64 result; if (!len)