bcache: fix input overflow to sequential_cutoff

People may set sequential_cutoff of a cached device via sysfs file, but current code does not check input value overflow. E.g. if value 4294967295 (UINT_MAX) is written to file sequential_cutoff, its value is 4GB, but if 4294967296 (UINT_MAX + 1) is written into, its value will be 0. This is an unexpected behavior. This patch replaces d_strtoi_h() by sysfs_strtoul_clamp() to convert input string to unsigned integer value, and limit its range in [0, UINT_MAX]. Then the input overflow can be fixed. Signed-off-by: Coly Li <colyli@suse.de> Signed-off-by: Jens Axboe <axboe@kernel.dk>

bcache: fix input overflow to sequential_cutoff
People may set sequential_cutoff of a cached device via sysfs file, but current code does not check input value overflow. E.g. if value 4294967295 (UINT_MAX) is written to file sequential_cutoff, its value is 4GB, but if 4294967296 (UINT_MAX + 1) is written into, its value will be 0. This is an unexpected behavior. This patch replaces d_strtoi_h() by sysfs_strtoul_clamp() to convert input string to unsigned integer value, and limit its range in [0, UINT_MAX]. Then the input overflow can be fixed. Signed-off-by: Coly Li <colyli@suse.de> Signed-off-by: Jens Axboe <axboe@kernel.dk>
8c27a395 · Coly Li · Jens Axboe · f54478c6 · 8c27a395
Commit 8c27a395 authored Feb 09, 2019 by Coly Li Committed by Jens Axboe Feb 09, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

drivers/md/bcache/sysfs.c drivers/md/bcache/sysfs.c +3 -1

No files found.
--- a/drivers/md/bcache/sysfs.c
+++ b/drivers/md/bcache/sysfs.c
@@ -314,7 +314,9 @@ STORE(__cached_dev)
 		dc->io_disable = v ? 1 : 0;
 	}

-	d_strtoi_h(sequential_cutoff);
+	sysfs_strtoul_clamp(sequential_cutoff,
+			    dc->sequential_cutoff,
+			    0, UINT_MAX);
 	d_strtoi_h(readahead);

 	if (attr == &sysfs_clear_stats)