... > case NBD_SET_SIZE: > return nbd_set_size(nbd, arg, config->blksize); > case NBD_SET_SIZE_BLOCKS: > - if (check_mul_overflow((loff_t)arg, config->blksize, > &bytesize)) > + if (arg && (LLONG_MAX / arg <= config->blksize)) > return -EINVAL; > - return nbd_set_size(nbd, bytesize, config->blksize); > + return nbd_set_size(nbd, arg * config->blksize, > + config->blksize); Shouldn't there just be sanity bound checks on 'config->blksize' and 'arg' so that the product is never going to overflow? It isn't as though any values near the overflow limit are sane. I suspect you could check config->blksize <= 64k && arg <= 32k and even that would be generous. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
