On 2/21/2023 1:50 AM, Zhong Jinghua wrote:
> From: Zhong Jinghua <zhongjinghua@xxxxxxxxxx>
>
> In loop_set_status_from_info(), lo->lo_offset and lo->lo_sizelimit should
> be checked before reassignment, because if an overflow error occurs, the
> original correct value will be changed to the wrong value, and it will not
> be changed back.
>
> More, the original patch did not solve the problem, the value was set and
> ioctl returned an error, but the subsequent io used the value in the loop
> driver, which still caused an alarm:
>
> loop_handle_cmd
> do_req_filebacked
> loff_t pos = ((loff_t) blk_rq_pos(rq) << 9) + lo->lo_offset;
> lo_rw_aio
> cmd->iocb.ki_pos = pos
>
> Fixes: c490a0b5a4f3 ("loop: Check for overflow while configuring loop")
> Signed-off-by: Zhong Jinghua <zhongjinghua@xxxxxxxxxx>
Reviewed-by: Chaitanya Kulkarni <kch@xxxxxxxxxx>
-ck
