From: Zhu Yanjun <yanjun.zhu@linux.dev>
To: Damien Le Moal <dlemoal@kernel.org>,
Aleksandr Mishin <amishin@t-argos.ru>, Shaohua Li <shli@fb.com>
Cc: Jens Axboe <axboe@kernel.dk>, Hannes Reinecke <hare@suse.de>,
Johannes Thumshirn <johannes.thumshirn@wdc.com>,
Chaitanya Kulkarni <kch@nvidia.com>,
Chengming Zhou <zhouchengming@bytedance.com>,
John Garry <john.g.garry@oracle.com>,
Yu Kuai <yukuai3@huawei.com>,
Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>,
linux-block@vger.kernel.org, linux-kernel@vger.kernel.org,
lvc-project@linuxtesting.org
Subject: Re: [PATCH] nullb: Adjust device size calculation in null_alloc_dev()
Date: Wed, 18 Sep 2024 00:29:35 +0800 [thread overview]
Message-ID: <df22ea76-f123-4d27-a6ad-e217259a13ba@linux.dev> (raw)
In-Reply-To: <e1aad556-eab1-4ac4-aec3-1706e302cfb1@kernel.org>
在 2024/9/17 15:24, Damien Le Moal 写道:
> On 2024/09/17 16:21, Damien Le Moal wrote:
>> On 2024/09/17 16:07, Aleksandr Mishin wrote:
>>> In null_alloc_dev() device size is a subject to overflow because 'g_gb'
>>> (which is module parameter, may have any value and is not validated
>>> anywhere) is not cast to a larger data type before performing arithmetic.
>>>
>>> Cast 'g_gb' to unsigned long to prevent overflow.
>>>
>>> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>>>
>>> Fixes: 2984c8684f96 ("nullb: factor disk parameters")
>>> Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
>>> ---
>>> drivers/block/null_blk/main.c | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/block/null_blk/main.c b/drivers/block/null_blk/main.c
>>> index 2f0431e42c49..5edbf9c0aceb 100644
>>> --- a/drivers/block/null_blk/main.c
>>> +++ b/drivers/block/null_blk/main.c
>>> @@ -762,7 +762,7 @@ static struct nullb_device *null_alloc_dev(void)
>>> return NULL;
>>> }
>>>
>>> - dev->size = g_gb * 1024;
>>> + dev->size = (unsigned long)g_gb * 1024;
>>
>> This still does not prevent overflows... So what about doing a proper check ?
>
> This still does not prevent overflows on 32-bits architectures.
Because "unsigned long" on 32-bits architectures is 32 bit, so solution
1 is to change the type "unsigned long" to u64, and the diff is as below:
diff --git a/drivers/block/null_blk/main.c b/drivers/block/null_blk/main.c
index 2f0431e42c49..27a453b3094d 100644
--- a/drivers/block/null_blk/main.c
+++ b/drivers/block/null_blk/main.c
@@ -762,7 +762,7 @@ static struct nullb_device *null_alloc_dev(void)
return NULL;
}
- dev->size = g_gb * 1024;
+ dev->size = (u64)g_gb * 1024;
dev->completion_nsec = g_completion_nsec;
dev->submit_queues = g_submit_queues;
dev->prev_submit_queues = g_submit_queues;
diff --git a/drivers/block/null_blk/null_blk.h
b/drivers/block/null_blk/null_blk.h
index a7bb32f73ec3..e30c011909ad 100644
--- a/drivers/block/null_blk/null_blk.h
+++ b/drivers/block/null_blk/null_blk.h
@@ -74,7 +74,7 @@ struct nullb_device {
bool need_zone_res_mgmt;
spinlock_t zone_res_lock;
- unsigned long size; /* device size in MB */
+ u64 size; /* device size in MB */
unsigned long completion_nsec; /* time in ns to complete a
request */
unsigned long cache_size; /* disk cache size in MB */
unsigned long zone_size; /* zone size in MB if device is zoned */
I just built it and did not make tests.
Zhu Yanjun
>
>>
>>> dev->completion_nsec = g_completion_nsec;
>>> dev->submit_queues = g_submit_queues;
>>> dev->prev_submit_queues = g_submit_queues;
>>
>
next prev parent reply other threads:[~2024-09-17 16:30 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-17 7:07 [PATCH] nullb: Adjust device size calculation in null_alloc_dev() Aleksandr Mishin
2024-09-17 7:21 ` Zhu Yanjun
2024-09-17 7:21 ` Damien Le Moal
2024-09-17 7:24 ` Damien Le Moal
2024-09-17 7:44 ` Zhu Yanjun
2024-09-17 16:29 ` Zhu Yanjun [this message]
2024-09-18 2:07 ` Yu Kuai
2024-09-18 2:57 ` Zhu Yanjun
2024-09-22 8:59 ` [PATCH 1/1] null_blk: Use u64 to avoid overflow " Zhu Yanjun
2024-09-23 8:11 ` Damien Le Moal
2024-09-23 9:28 ` Yu Kuai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=df22ea76-f123-4d27-a6ad-e217259a13ba@linux.dev \
--to=yanjun.zhu@linux.dev \
--cc=amishin@t-argos.ru \
--cc=axboe@kernel.dk \
--cc=dlemoal@kernel.org \
--cc=hare@suse.de \
--cc=johannes.thumshirn@wdc.com \
--cc=john.g.garry@oracle.com \
--cc=kch@nvidia.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lvc-project@linuxtesting.org \
--cc=shinichiro.kawasaki@wdc.com \
--cc=shli@fb.com \
--cc=yukuai3@huawei.com \
--cc=zhouchengming@bytedance.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.