[PATCH 041/241] target: Avoid integer overflow in se_dev_align_max_sectors()

From: Herton Ronaldo Krzesinski
Date: Thu Dec 13 2012 - 09:03:09 EST

Next message: Herton Ronaldo Krzesinski: "[PATCH 043/241] target: Fix incorrect usage of nested IRQ spinlocks in ABORT_TASK path"
Previous message: Herton Ronaldo Krzesinski: "[PATCH 039/241] nfs: Show original device name verbatim in /proc/*/mount{s,info}"
In reply to: Herton Ronaldo Krzesinski: "[PATCH 039/241] nfs: Show original device name verbatim in /proc/*/mount{s,info}"
Next in thread: Herton Ronaldo Krzesinski: "[PATCH 043/241] target: Fix incorrect usage of nested IRQ spinlocks in ABORT_TASK path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

3.5.7.2 -stable review patch. If anyone has any objections, please let me know.

------------------

From: Roland Dreier <roland@xxxxxxxxxxxxxxx>

commit 3e03989b5868acf69a391a424dc71fcd6cc48167 upstream.

The expression (max_sectors * block_size) might overflow a u32
(indeed, since iblock sets max_hw_sectors to UINT_MAX, it is
guaranteed to overflow and end up with a much-too-small result in many
common cases). Fix this by doing an equivalent calculation that
doesn't require multiplication.

While we're touching this code, avoid splitting a printk format across
two lines and use pr_info(...) instead of printk(KERN_INFO ...).

Signed-off-by: Roland Dreier <roland@xxxxxxxxxxxxxxx>
Signed-off-by: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx>
[ herton: unfuzz patch ]
Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski@xxxxxxxxxxxxx>
---
drivers/target/target_core_device.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
index 5ad9728..8542099 100644
--- a/drivers/target/target_core_device.c
+++ b/drivers/target/target_core_device.c
@@ -824,20 +824,20 @@ int se_dev_check_shutdown(struct se_device *dev)

u32 se_dev_align_max_sectors(u32 max_sectors, u32 block_size)
{
- u32 tmp, aligned_max_sectors;
+ u32 aligned_max_sectors;
+ u32 alignment;
/*
* Limit max_sectors to a PAGE_SIZE aligned value for modern
* transport_allocate_data_tasks() operation.
*/
- tmp = rounddown((max_sectors * block_size), PAGE_SIZE);
- aligned_max_sectors = (tmp / block_size);
- if (max_sectors != aligned_max_sectors) {
- printk(KERN_INFO "Rounding down aligned max_sectors from %u"
- " to %u\n", max_sectors, aligned_max_sectors);
- return aligned_max_sectors;
- }
+ alignment = max(1ul, PAGE_SIZE / block_size);
+ aligned_max_sectors = rounddown(max_sectors, alignment);
+
+ if (max_sectors != aligned_max_sectors)
+ pr_info("Rounding down aligned max_sectors from %u to %u\n",
+ max_sectors, aligned_max_sectors);

- return max_sectors;
+ return aligned_max_sectors;
}

void se_dev_set_default_attribs(
--
1.7.9.5

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Herton Ronaldo Krzesinski: "[PATCH 043/241] target: Fix incorrect usage of nested IRQ spinlocks in ABORT_TASK path"
Previous message: Herton Ronaldo Krzesinski: "[PATCH 039/241] nfs: Show original device name verbatim in /proc/*/mount{s,info}"
In reply to: Herton Ronaldo Krzesinski: "[PATCH 039/241] nfs: Show original device name verbatim in /proc/*/mount{s,info}"
Next in thread: Herton Ronaldo Krzesinski: "[PATCH 043/241] target: Fix incorrect usage of nested IRQ spinlocks in ABORT_TASK path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]