| Message ID | 20190709075348.24823-1-damien.lemoal@wdc.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | block: Fix potential overflow in blk_report_zones() | expand |
On Tue, Jul 09, 2019 at 04:53:48PM +0900, Damien Le Moal wrote: > For large values of the number of zones reported, the sector increment > calculated with "blk_queue_zone_sectors(q) * n" can overflow the > unsigned int type used. Fix this with a cast to sector_t type. How about just returning a sector_t from blk_queue_zone_sectors, turning this into an automatic implicit cast for all callers?
On 2019/07/09 22:37, Christoph Hellwig wrote: > On Tue, Jul 09, 2019 at 04:53:48PM +0900, Damien Le Moal wrote: >> For large values of the number of zones reported, the sector increment >> calculated with "blk_queue_zone_sectors(q) * n" can overflow the >> unsigned int type used. Fix this with a cast to sector_t type. > > How about just returning a sector_t from blk_queue_zone_sectors, turning > this into an automatic implicit cast for all callers? > That works too. Will send an update.
diff --git a/block/blk-zoned.c b/block/blk-zoned.c index 79ad269b545d..231b7e1b6d22 100644 --- a/block/blk-zoned.c +++ b/block/blk-zoned.c @@ -134,7 +134,7 @@ static int blk_report_zones(struct gendisk *disk, sector_t sector, return ret; if (!n) break; - sector += blk_queue_zone_sectors(q) * n; + sector += (sector_t)blk_queue_zone_sectors(q) * n; z += n; }
For large values of the number of zones reported, the sector increment calculated with "blk_queue_zone_sectors(q) * n" can overflow the unsigned int type used. Fix this with a cast to sector_t type. Fixes: e76239a3748c ("block: add a report_zones method") Cc: stable@vger.kernel.org Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com> --- block/blk-zoned.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)