| Message ID | 20220408234707.2562835-1-khazhy@google.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | block/compat_ioctl: fix range check in BLKGETSIZE | expand |
On 4/8/22 16:47, Khazhismel Kumykov wrote: > kernel ulong and compat_ulong_t may not be same width. Use type directly > to eliminate mismatches. > > This would result in truncation rather than EFBIG for 32bit mode for > large disks. > > Signed-off-by: Khazhismel Kumykov <khazhy@google.com> > --- > block/ioctl.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > Noticed this one was sitting in my "not landed yet" pile, third time's > the charm? :) > > diff --git a/block/ioctl.c b/block/ioctl.c > index 4a86340133e4..959e93a90b29 100644 > --- a/block/ioctl.c > +++ b/block/ioctl.c > @@ -629,7 +629,7 @@ long compat_blkdev_ioctl(struct file *file, unsigned cmd, unsigned long arg) > return compat_put_long(argp, > (bdev->bd_disk->bdi->ra_pages * PAGE_SIZE) / 512); > case BLKGETSIZE: > - if (bdev_nr_sectors(bdev) > ~0UL) > + if (bdev_nr_sectors(bdev) > ~((compat_ulong_t)0UL)) > return -EFBIG; > return compat_put_ulong(argp, bdev_nr_sectors(bdev)); A nit: the "UL" and two parentheses can be left out. Anyway: Reviewed-by: Bart Van Assche <bvanassche@acm.org>
diff --git a/block/ioctl.c b/block/ioctl.c index 4a86340133e4..959e93a90b29 100644 --- a/block/ioctl.c +++ b/block/ioctl.c @@ -629,7 +629,7 @@ long compat_blkdev_ioctl(struct file *file, unsigned cmd, unsigned long arg) return compat_put_long(argp, (bdev->bd_disk->bdi->ra_pages * PAGE_SIZE) / 512); case BLKGETSIZE: - if (bdev_nr_sectors(bdev) > ~0UL) + if (bdev_nr_sectors(bdev) > ~((compat_ulong_t)0UL)) return -EFBIG; return compat_put_ulong(argp, bdev_nr_sectors(bdev));
kernel ulong and compat_ulong_t may not be same width. Use type directly to eliminate mismatches. This would result in truncation rather than EFBIG for 32bit mode for large disks. Signed-off-by: Khazhismel Kumykov <khazhy@google.com> --- block/ioctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Noticed this one was sitting in my "not landed yet" pile, third time's the charm? :)