[PATCH] nullb: Adjust device size calculation in null_alloc_dev()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

In null_alloc_dev() device size is a subject to overflow because 'g_gb'
(which is module parameter, may have any value and is not validated
anywhere) is not cast to a larger data type before performing arithmetic.

Cast 'g_gb' to unsigned long to prevent overflow.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 2984c8684f96 ("nullb: factor disk parameters")
Signed-off-by: Aleksandr Mishin <amishin@xxxxxxxxxx>
---
 drivers/block/null_blk/main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/block/null_blk/main.c b/drivers/block/null_blk/main.c
index 2f0431e42c49..5edbf9c0aceb 100644
--- a/drivers/block/null_blk/main.c
+++ b/drivers/block/null_blk/main.c
@@ -762,7 +762,7 @@ static struct nullb_device *null_alloc_dev(void)
 		return NULL;
 	}
 
-	dev->size = g_gb * 1024;
+	dev->size = (unsigned long)g_gb * 1024;
 	dev->completion_nsec = g_completion_nsec;
 	dev->submit_queues = g_submit_queues;
 	dev->prev_submit_queues = g_submit_queues;
-- 
2.30.2
[Index of Archives]     [Linux RAID]     [Linux SCSI]     [Linux ATA RAID]     [IDE]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Device Mapper]

  Powered by Linux