[09/11] bcache: fix input overflow to journal_delay_ms

Message ID	20181223110937.11559-10-colyli@suse.de (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-block-owner@kernel.org> From: Coly Li <colyli@suse.de> To: linux-bcache@vger.kernel.org Cc: linux-block@vger.kernel.org, Coly Li <colyli@suse.de> Subject: [PATCH 09/11] bcache: fix input overflow to journal_delay_ms Date: Sun, 23 Dec 2018 19:09:35 +0800 Message-Id: <20181223110937.11559-10-colyli@suse.de> In-Reply-To: <20181223110937.11559-1-colyli@suse.de> References: <20181223110937.11559-1-colyli@suse.de> Sender: linux-block-owner@vger.kernel.org Precedence: bulk
Series	fixes for setting values via sysfs interface \| expand [00/11] fixes for setting values via sysfs interface [01/11] bcache: fix input integer overflow of congested threshold [02/11] bcache: fix input overflow to sequential_cutoff [03/11] bcache: add sysfs_strtoul_bool() for setting bit-field variables [04/11] bcache: use sysfs_strtoul_bool() to set bit-field variables [05/11] bcache: fix input overflow to writeback_delay [06/11] bcache: fix potential div-zero error of writeback_rate_i_term_inverse [07/11] bcache: fix potential div-zero error of writeback_rate_p_term_inverse [08/11] bcache: fix input overflow to writeback_rate_minimum [09/11] bcache: fix input overflow to journal_delay_ms [10/11] bcache: fix input overflow to cache set io_error_limit [11/11] bcache: fix input overflow to cache set sysfs file io_error_halflife

Message ID

20181223110937.11559-10-colyli@suse.de (mailing list archive)

State

New, archived

Headers

From: Coly Li <colyli@suse.de>
To: linux-bcache@vger.kernel.org
Cc: linux-block@vger.kernel.org, Coly Li <colyli@suse.de>
Subject: [PATCH 09/11] bcache: fix input overflow to journal_delay_ms
Date: Sun, 23 Dec 2018 19:09:35 +0800
Message-Id: <20181223110937.11559-10-colyli@suse.de>
In-Reply-To: <20181223110937.11559-1-colyli@suse.de>
References: <20181223110937.11559-1-colyli@suse.de>
Sender: linux-block-owner@vger.kernel.org
Precedence: bulk

Series

fixes for setting values via sysfs interface | expand

Commit Message

Coly Li Dec. 23, 2018, 11:09 a.m. UTC

c->journal_delay_ms is in type unsigned short, it is set via sysfs
interface and converted by sysfs_strtoul() from input string to
unsigned short value. Therefore overflow to unsigned short might be
happen when the converted value exceed USHRT_MAX. e.g. writing
65536 into sysfs file journal_delay_ms, c->journal_delay_ms is set to
0.

This patch uses sysfs_strtoul_clamp() to convert the input string and
limit value range in [0, USHRT_MAX], to avoid the input overflow.

Signed-off-by: Coly Li <colyli@suse.de>
---
 drivers/md/bcache/sysfs.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c
index 31e41cc3c162..032d108d3041 100644
--- a/drivers/md/bcache/sysfs.c
+++ b/drivers/md/bcache/sysfs.c
@@ -809,7 +809,9 @@  STORE(__bch_cache_set)
 		}
 	}
 
-	sysfs_strtoul(journal_delay_ms,		c->journal_delay_ms);
+	sysfs_strtoul_clamp(journal_delay_ms,
+			    c->journal_delay_ms,
+			    0, USHRT_MAX);
 	sysfs_strtoul_bool(verify,		c->verify);
 	sysfs_strtoul_bool(key_merging_disabled, c->key_merging_disabled);
 	sysfs_strtoul(expensive_debug_checks,	c->expensive_debug_checks);

[09/11] bcache: fix input overflow to journal_delay_ms

Commit Message

Patch