diff options
| author | Coly Li <colyli@suse.de> | 2019-02-09 12:53:01 +0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-04-05 22:34:40 +0200 |
| commit | d4db0c5ee0b4c21c36b3556a20e44d5e1a372e2b (patch) | |
| tree | 70a9903cc05c86e25871218a3355d4e93a0fc06b | |
| parent | f48bb10d7615020d04bf527cb3b3e7a41288fac5 (diff) | |
| download | talos-obmc-linux-d4db0c5ee0b4c21c36b3556a20e44d5e1a372e2b.tar.gz talos-obmc-linux-d4db0c5ee0b4c21c36b3556a20e44d5e1a372e2b.zip | |
bcache: fix input overflow to sequential_cutoff
[ Upstream commit 8c27a3953e92eb0b22dbb03d599f543a05f9574e ]
People may set sequential_cutoff of a cached device via sysfs file,
but current code does not check input value overflow. E.g. if value
4294967295 (UINT_MAX) is written to file sequential_cutoff, its value
is 4GB, but if 4294967296 (UINT_MAX + 1) is written into, its value
will be 0. This is an unexpected behavior.
This patch replaces d_strtoi_h() by sysfs_strtoul_clamp() to convert
input string to unsigned integer value, and limit its range in
[0, UINT_MAX]. Then the input overflow can be fixed.
Signed-off-by: Coly Li <colyli@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
| -rw-r--r-- | drivers/md/bcache/sysfs.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c index 3b287f974fd9..f98cda32065d 100644 --- a/drivers/md/bcache/sysfs.c +++ b/drivers/md/bcache/sysfs.c @@ -299,7 +299,9 @@ STORE(__cached_dev) dc->io_disable = v ? 1 : 0; } - d_strtoi_h(sequential_cutoff); + sysfs_strtoul_clamp(sequential_cutoff, + dc->sequential_cutoff, + 0, UINT_MAX); d_strtoi_h(readahead); if (attr == &sysfs_clear_stats) |
