[PATCH AUTOSEL 5.17 33/34] block/compat_ioctl: fix range check in BLKGETSIZE

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Khazhismel Kumykov <khazhy@google.com>,
	Bart Van Assche <bvanassche@acm.org>,
	Chaitanya Kulkarni <kch@nvidia.com>, Jens Axboe <axboe@kernel.dk>,
	Sasha Levin <sashal@kernel.org>,
	linux-block@vger.kernel.org
Subject: [PATCH AUTOSEL 5.17 33/34] block/compat_ioctl: fix range check in BLKGETSIZE
Date: Tue, 19 Apr 2022 14:11:00 -0400	[thread overview]
Message-ID: <20220419181104.484667-33-sashal@kernel.org> (raw)
In-Reply-To: <20220419181104.484667-1-sashal@kernel.org>

From: Khazhismel Kumykov <khazhy@google.com>

[ Upstream commit ccf16413e520164eb718cf8b22a30438da80ff23 ]

kernel ulong and compat_ulong_t may not be same width. Use type directly
to eliminate mismatches.

This would result in truncation rather than EFBIG for 32bit mode for
large disks.

Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Khazhismel Kumykov <khazhy@google.com>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Link: https://lore.kernel.org/r/20220414224056.2875681-1-khazhy@google.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 block/ioctl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/block/ioctl.c b/block/ioctl.c
index 4a86340133e4..f8703db99c73 100644
--- a/block/ioctl.c
+++ b/block/ioctl.c
@@ -629,7 +629,7 @@ long compat_blkdev_ioctl(struct file *file, unsigned cmd, unsigned long arg)
 		return compat_put_long(argp,
 			(bdev->bd_disk->bdi->ra_pages * PAGE_SIZE) / 512);
 	case BLKGETSIZE:
-		if (bdev_nr_sectors(bdev) > ~0UL)
+		if (bdev_nr_sectors(bdev) > ~(compat_ulong_t)0)
 			return -EFBIG;
 		return compat_put_ulong(argp, bdev_nr_sectors(bdev));
 
-- 
2.35.1

next prev parent reply	other threads:[~2022-04-19 18:14 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-19 18:10 [PATCH AUTOSEL 5.17 01/34] drm/msm/gpu: Rename runtime suspend/resume functions Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 02/34] drm/msm/gpu: Remove mutex from wait_event condition Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 03/34] ARM: vexpress/spc: Avoid negative array index when !SMP Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 04/34] reset: renesas: Check return value of reset_control_deassert() Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 05/34] reset: tegra-bpmp: Restore Handle errors in BPMP response Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 06/34] platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 07/34] ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 08/34] drm/msm/disp: check the return value of kzalloc() Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 09/34] selftests: KVM: Free the GIC FD when cleaning up in arch_timer Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 10/34] ALSA: hda: intel-dsp-config: update AlderLake PCI IDs Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 11/34] arm64: dts: imx: Fix imx8*-var-som touchscreen property sizes Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 12/34] vxlan: fix error return code in vxlan_fdb_append Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 13/34] cifs: Check the IOCB_DIRECT flag, not O_DIRECT Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 14/34] net: atlantic: Avoid out-of-bounds indexing Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 15/34] mt76: Fix undefined behavior due to shift overflowing the constant Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 16/34] brcmfmac: sdio: " Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 17/34] dpaa_eth: Fix missing of_node_put in dpaa_get_ts_info() Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 18/34] drm/msm/mdp5: check the return of kzalloc() Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 19/34] drm/msm: Stop using iommu_present() Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 20/34] KVM: x86: hyper-v: Avoid writing to TSC page without an active vCPU Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 21/34] net: macb: Restart tx only if queue pointer is lagging Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 22/34] scsi: iscsi: Move iscsi_ep_disconnect() Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 23/34] scsi: iscsi: Fix offload conn cleanup when iscsid restarts Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 24/34] scsi: iscsi: Release endpoint ID when its freed Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 25/34] scsi: iscsi: Merge suspend fields Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 26/34] scsi: iscsi: Fix NOP handling during conn recovery Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 27/34] scsi: qedi: Fix failed disconnect handling Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 28/34] stat: fix inconsistency between struct stat and struct compat_stat Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 29/34] VFS: filename_create(): fix incorrect intent Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 30/34] nvme: add a quirk to disable namespace identifiers Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 31/34] nvme-pci: disable namespace identifiers for the MAXIO MAP1002/1202 Sasha Levin
2022-04-19 18:10 ` [PATCH AUTOSEL 5.17 32/34] nvme-pci: disable namespace identifiers for Qemu controllers Sasha Levin
2022-04-19 18:11 ` Sasha Levin [this message]
2022-04-19 18:11 ` [PATCH AUTOSEL 5.17 34/34] irq_work: use kasan_record_aux_stack_noalloc() record callstack Sasha Levin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:4a86340133e dfblob:f8703db99c7 )
 OR (
bs:"[PATCH AUTOSEL 5.17 33/34] block/compat_ioctl: fix range check in BLKGETSIZE" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220419181104.484667-33-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=axboe@kernel.dk \
    --cc=bvanassche@acm.org \
    --cc=kch@nvidia.com \
    --cc=khazhy@google.com \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).