Commit b1500840 authored by Coly Li's avatar Coly Li Committed by Jens Axboe

bcache: fix input overflow to cache set io_error_limit

c->error_limit is in type unsigned int, it is set via cache set sysfs
file io_error_limit. Inside the bcache code, input string is converted
by strtoul_or_return() and set the converted value to c->error_limit.

Because the converted value is unsigned long, and c->error_limit is
unsigned int, if the input is large enought, overflow will happen to
c->error_limit.

This patch uses sysfs_strtoul_clamp() to convert input string, and set
the range in [0, UINT_MAX] to avoid the potential overflow.
Signed-off-by: default avatarColy Li <colyli@suse.de>
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent 453745fb
...@@ -801,8 +801,7 @@ STORE(__bch_cache_set) ...@@ -801,8 +801,7 @@ STORE(__bch_cache_set)
c->on_error = v; c->on_error = v;
} }
if (attr == &sysfs_io_error_limit) sysfs_strtoul_clamp(io_error_limit, c->error_limit, 0, UINT_MAX);
c->error_limit = strtoul_or_return(buf);
/* See count_io_errors() for why 88 */ /* See count_io_errors() for why 88 */
if (attr == &sysfs_io_error_halflife) if (attr == &sysfs_io_error_halflife)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment