[PATCH v4 2/3] md/raid10: fix wrong setting of max_corr_read_errors

linan666@xxxxxxxxxxxxxxx · Mon, 22 May 2023 15:25:34 +0800

From: Li Nan <linan122@xxxxxxxxxx>

There is no input check when echo md/max_read_errors and overflow might
occur. Add check of input number.

Fixes: 1e50915fe0bb ("raid: improve MD/raid10 handling of correctable read errors.")
Signed-off-by: Li Nan <linan122@xxxxxxxxxx>
Reviewed-by: Yu Kuai <yukuai3@xxxxxxxxxx>
---
 drivers/md/md.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/md/md.c b/drivers/md/md.c
index b2d69260b5b1..350094f1cb09 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -4478,6 +4478,8 @@ max_corrected_read_errors_store(struct mddev *mddev, const char *buf, size_t len
 	rv = kstrtouint(buf, 10, &n);
 	if (rv < 0)
 		return rv;
+	if (n > INT_MAX)
+		return -EINVAL;
 	atomic_set(&mddev->max_corr_read_errors, n);
 	return len;
 }
-- 
2.31.1







