bcache: fix input overflow to writeback_delay
authorColy Li <colyli@suse.de>
Sat, 9 Feb 2019 04:53:04 +0000 (12:53 +0800)
committerJens Axboe <axboe@kernel.dk>
Sat, 9 Feb 2019 14:18:32 +0000 (07:18 -0700)
Sysfs file writeback_delay is used to configure dc->writeback_delay
which is type unsigned int. But bcache code uses sysfs_strtoul() to
convert the input string, therefore it might be overflowed if the input
value is too large. E.g. input value is 4294967296 but indeed 0 is
set to dc->writeback_delay.

This patch uses sysfs_strtoul_clamp() to convert the input string and
set the result value range in [0, UINT_MAX] to avoid such unsigned
integer overflow.

Signed-off-by: Coly Li <colyli@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
drivers/md/bcache/sysfs.c

index 57395e23747a2074c75e76bc2bbd02e84ef37b64..e4519326594f39e061b51b39cdd5effb85a96f00 100644 (file)
@@ -280,7 +280,7 @@ STORE(__cached_dev)
        sysfs_strtoul_bool(bypass_torture_test, dc->bypass_torture_test);
        sysfs_strtoul_bool(writeback_metadata, dc->writeback_metadata);
        sysfs_strtoul_bool(writeback_running, dc->writeback_running);
-       d_strtoul(writeback_delay);
+       sysfs_strtoul_clamp(writeback_delay, dc->writeback_delay, 0, UINT_MAX);
 
        sysfs_strtoul_clamp(writeback_percent, dc->writeback_percent,
                            0, bch_cutoff_writeback);