Commit f54478c6 authored by Coly Li's avatar Coly Li Committed by Jens Axboe
Browse files

bcache: fix input integer overflow of congested threshold 



Cache set congested threshold values congested_read_threshold_us and
congested_write_threshold_us can be set via sysfs interface. These
two values are 'unsigned int' type, but sysfs interface uses strtoul
to convert input string. So if people input a large number like
9999999999, the value indeed set is 1410065407, which is not expected
behavior.

This patch replaces sysfs_strtoul() by sysfs_strtoul_clamp() when
convert input string to unsigned int value, and set value range in
[0, UINT_MAX], to avoid the above integer overflow errors.

Signed-off-by: default avatarColy Li <colyli@suse.de>
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent 596b5a5d

drivers/md/bcache/sysfs.c

+6 −4
Original line number Diff line number Diff line
@@ -778,10 +778,12 @@ STORE(__bch_cache_set) 
		c->shrink.scan_objects(&c->shrink, &sc);

	}



	sysfs_strtoul(congested_read_threshold_us,

		      c->congested_read_threshold_us);

	sysfs_strtoul(congested_write_threshold_us,

		      c->congested_write_threshold_us);

	sysfs_strtoul_clamp(congested_read_threshold_us,

			    c->congested_read_threshold_us,

			    0, UINT_MAX);

	sysfs_strtoul_clamp(congested_write_threshold_us,

			    c->congested_write_threshold_us,

			    0, UINT_MAX);



	if (attr == &sysfs_errors) {

		v = __sysfs_match_string(error_actions, -1, buf);

CRA Git | Maintained and supported by SUSTech CRA and CCSE