From mboxrd@z Thu Jan 1 00:00:00 1970 From: Sasha Levin Subject: [PATCH] fs: aio: use correct integer overflow checks when creation aio ctx Date: Fri, 17 May 2013 14:23:54 -0400 Message-ID: <1368815034-844-1-git-send-email-sasha.levin@oracle.com> Cc: tytso@mit.edu, viro@zeniv.linux.org.uk, bcrl@kvack.org, linux-aio@kvack.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Sasha Levin To: koverstreet@google.com, akpm@linux-foundation.org Return-path: Sender: owner-linux-aio@kvack.org List-Id: linux-fsdevel.vger.kernel.org Commit "aio: percpu reqs_available" added some math to the nr_requests calculation, but didn't correct the overflow calculations to handle that. This means that this: #include void main(void) { aio_context_t ctx_idp; io_setup(0x80000001, &ctx_idp); } Would trigger the newly added BUG() couple of lines after the overflow checks. Signed-off-by: Sasha Levin --- fs/aio.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/aio.c b/fs/aio.c index 5b7ed78..0ae450a 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -411,7 +411,8 @@ static struct kioctx *ioctx_alloc(unsigned nr_events) /* Prevent overflows */ if ((nr_events > (0x10000000U / sizeof(struct io_event))) || - (nr_events > (0x10000000U / sizeof(struct kiocb)))) { + (nr_events > (0x10000000U / sizeof(struct kiocb))) || + (nr_events < num_possible_cpus() * 4)) { pr_debug("ENOMEM: nr_events too high\n"); return ERR_PTR(-EINVAL); } -- 1.8.2.1 -- To unsubscribe, send a message with 'unsubscribe linux-aio' in the body to majordomo@kvack.org. For more info on Linux AIO, see: http://www.kvack.org/aio/ Don't email: aart@kvack.org