From: Damien Le Moal <dlemoal@kernel.org>
To: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Cc: Naohiro Aota <naohiro.aota@wdc.com>,
linux-fsdevel@vger.kernel.org,
Alexey Dobriyan <adobriyan@gmail.com>
Subject: Re: [PATCH] zonefs: handle integer overflow in zonefs_fname_to_fno
Date: Tue, 12 May 2026 07:55:35 +0900 [thread overview]
Message-ID: <7ee40e26-252c-4199-8dfc-69746bd43746@kernel.org> (raw)
In-Reply-To: <20260429205815.810952-1-johannes.thumshirn@wdc.com>
On 4/30/26 05:58, Johannes Thumshirn wrote:
> In zonefs the file name in one of the two directories corresponds to the
> zone number.
>
> Here Alexey reported a possible integer overflow in zonefs_fname_to_fno(),
> where the parsing of the zone number from the file name can overflow the
> 'long' data type.
>
> Add a check for integer overflows and if the fno 'long' did overflow
> return -ENOENT.
>
> Reported-by: Alexey Dobriyan <adobriyan@gmail.com>
> Signed-off-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Applied to for-7.1-fixes, with the Fixes tag added.
> ---
> fs/zonefs/super.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/fs/zonefs/super.c b/fs/zonefs/super.c
> index 9b646cb5335d..c3b497707f82 100644
> --- a/fs/zonefs/super.c
> +++ b/fs/zonefs/super.c
> @@ -610,11 +610,15 @@ static long zonefs_fname_to_fno(const struct qstr *fname)
> return c - '0';
>
> for (i = 0, rname = name + len - 1; i < len; i++, rname--) {
> + long digit;
> +
> c = *rname;
> if (!isdigit(c))
> return -ENOENT;
> - fno += (c - '0') * shift;
> + digit = (c - '0') * shift;
> shift *= 10;
> + if (check_add_overflow(fno, digit, &fno))
> + return -ENOENT;
Note: I moved this hunk one line up, keeping "shift *= 10;" as the last line of
the loop.
> }
>
> return fno;
--
Damien Le Moal
Western Digital Research
prev parent reply other threads:[~2026-05-11 22:55 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-29 20:58 [PATCH] zonefs: handle integer overflow in zonefs_fname_to_fno Johannes Thumshirn
2026-04-29 22:41 ` Damien Le Moal
2026-04-30 11:52 ` Johannes Thumshirn
2026-05-11 22:55 ` Damien Le Moal [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7ee40e26-252c-4199-8dfc-69746bd43746@kernel.org \
--to=dlemoal@kernel.org \
--cc=adobriyan@gmail.com \
--cc=johannes.thumshirn@wdc.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=naohiro.aota@wdc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.