From: Zhu Yanjun <yanjun.zhu@linux.dev>
To: Damien Le Moal <dlemoal@kernel.org>,
Aleksandr Mishin <amishin@t-argos.ru>, Shaohua Li <shli@fb.com>
Cc: Jens Axboe <axboe@kernel.dk>, Hannes Reinecke <hare@suse.de>,
Johannes Thumshirn <johannes.thumshirn@wdc.com>,
Chaitanya Kulkarni <kch@nvidia.com>,
Chengming Zhou <zhouchengming@bytedance.com>,
John Garry <john.g.garry@oracle.com>,
Yu Kuai <yukuai3@huawei.com>,
Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>,
linux-block@vger.kernel.org, linux-kernel@vger.kernel.org,
lvc-project@linuxtesting.org
Subject: Re: [PATCH] nullb: Adjust device size calculation in null_alloc_dev()
Date: Wed, 18 Sep 2024 00:29:35 +0800 [thread overview]
Message-ID: <df22ea76-f123-4d27-a6ad-e217259a13ba@linux.dev> (raw)
In-Reply-To: <e1aad556-eab1-4ac4-aec3-1706e302cfb1@kernel.org>
在 2024/9/17 15:24, Damien Le Moal 写道:
> On 2024/09/17 16:21, Damien Le Moal wrote:
>> On 2024/09/17 16:07, Aleksandr Mishin wrote:
>>> In null_alloc_dev() device size is a subject to overflow because 'g_gb'
>>> (which is module parameter, may have any value and is not validated
>>> anywhere) is not cast to a larger data type before performing arithmetic.
>>>
>>> Cast 'g_gb' to unsigned long to prevent overflow.
>>>
>>> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>>>
>>> Fixes: 2984c8684f96 ("nullb: factor disk parameters")
>>> Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
>>> ---
>>> drivers/block/null_blk/main.c | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/block/null_blk/main.c b/drivers/block/null_blk/main.c
>>> index 2f0431e42c49..5edbf9c0aceb 100644
>>> --- a/drivers/block/null_blk/main.c
>>> +++ b/drivers/block/null_blk/main.c
>>> @@ -762,7 +762,7 @@ static struct nullb_device *null_alloc_dev(void)
>>> return NULL;
>>> }
>>>
>>> - dev->size = g_gb * 1024;
>>> + dev->size = (unsigned long)g_gb * 1024;
>>
>> This still does not prevent overflows... So what about doing a proper check ?
>
> This still does not prevent overflows on 32-bits architectures.
Because "unsigned long" on 32-bits architectures is 32 bit, so solution
1 is to change the type "unsigned long" to u64, and the diff is as below:
diff --git a/drivers/block/null_blk/main.c b/drivers/block/null_blk/main.c
index 2f0431e42c49..27a453b3094d 100644
--- a/drivers/block/null_blk/main.c
+++ b/drivers/block/null_blk/main.c
@@ -762,7 +762,7 @@ static struct nullb_device *null_alloc_dev(void)
return NULL;
}
- dev->size = g_gb * 1024;
+ dev->size = (u64)g_gb * 1024;
dev->completion_nsec = g_completion_nsec;
dev->submit_queues = g_submit_queues;
dev->prev_submit_queues = g_submit_queues;
diff --git a/drivers/block/null_blk/null_blk.h
b/drivers/block/null_blk/null_blk.h
index a7bb32f73ec3..e30c011909ad 100644
--- a/drivers/block/null_blk/null_blk.h
+++ b/drivers/block/null_blk/null_blk.h
@@ -74,7 +74,7 @@ struct nullb_device {
bool need_zone_res_mgmt;
spinlock_t zone_res_lock;
- unsigned long size; /* device size in MB */
+ u64 size; /* device size in MB */
unsigned long completion_nsec; /* time in ns to complete a
request */
unsigned long cache_size; /* disk cache size in MB */
unsigned long zone_size; /* zone size in MB if device is zoned */
I just built it and did not make tests.
Zhu Yanjun
>
>>
>>> dev->completion_nsec = g_completion_nsec;
>>> dev->submit_queues = g_submit_queues;
>>> dev->prev_submit_queues = g_submit_queues;
>>
>
next prev parent reply other threads:[~2024-09-17 16:30 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-17 7:07 [PATCH] nullb: Adjust device size calculation in null_alloc_dev() Aleksandr Mishin
2024-09-17 7:21 ` Zhu Yanjun
2024-09-17 7:21 ` Damien Le Moal
2024-09-17 7:24 ` Damien Le Moal
2024-09-17 7:44 ` Zhu Yanjun
2024-09-17 16:29 ` Zhu Yanjun [this message]
2024-09-18 2:07 ` Yu Kuai
2024-09-18 2:57 ` Zhu Yanjun
2024-09-22 8:59 ` [PATCH 1/1] null_blk: Use u64 to avoid overflow " Zhu Yanjun
2024-09-23 8:11 ` Damien Le Moal
2024-09-23 9:28 ` Yu Kuai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=df22ea76-f123-4d27-a6ad-e217259a13ba@linux.dev \
--to=yanjun.zhu@linux.dev \
--cc=amishin@t-argos.ru \
--cc=axboe@kernel.dk \
--cc=dlemoal@kernel.org \
--cc=hare@suse.de \
--cc=johannes.thumshirn@wdc.com \
--cc=john.g.garry@oracle.com \
--cc=kch@nvidia.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lvc-project@linuxtesting.org \
--cc=shinichiro.kawasaki@wdc.com \
--cc=shli@fb.com \
--cc=yukuai3@huawei.com \
--cc=zhouchengming@bytedance.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).