diff options
author | Coly Li <colyli@suse.de> | 2019-02-09 12:53:09 +0800 |
---|---|---|
committer | Jens Axboe <axboe@kernel.dk> | 2019-02-09 07:18:32 -0700 |
commit | b15008403b59955c9fa0c8b55cadd6dae991a4e9 (patch) | |
tree | 1283e2fdc1b648c3206581a4b8a19278a91181dd /drivers | |
parent | 453745fbbebecf7e459785db7e29e11563908525 (diff) | |
download | linux-riscv-b15008403b59955c9fa0c8b55cadd6dae991a4e9.tar.gz linux-riscv-b15008403b59955c9fa0c8b55cadd6dae991a4e9.tar.bz2 linux-riscv-b15008403b59955c9fa0c8b55cadd6dae991a4e9.zip |
bcache: fix input overflow to cache set io_error_limit
c->error_limit is in type unsigned int, it is set via cache set sysfs
file io_error_limit. Inside the bcache code, input string is converted
by strtoul_or_return() and set the converted value to c->error_limit.
Because the converted value is unsigned long, and c->error_limit is
unsigned int, if the input is large enought, overflow will happen to
c->error_limit.
This patch uses sysfs_strtoul_clamp() to convert input string, and set
the range in [0, UINT_MAX] to avoid the potential overflow.
Signed-off-by: Coly Li <colyli@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'drivers')
-rw-r--r-- | drivers/md/bcache/sysfs.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c index 201e85bbe3eb..467105614324 100644 --- a/drivers/md/bcache/sysfs.c +++ b/drivers/md/bcache/sysfs.c @@ -801,8 +801,7 @@ STORE(__bch_cache_set) c->on_error = v; } - if (attr == &sysfs_io_error_limit) - c->error_limit = strtoul_or_return(buf); + sysfs_strtoul_clamp(io_error_limit, c->error_limit, 0, UINT_MAX); /* See count_io_errors() for why 88 */ if (attr == &sysfs_io_error_halflife) |