6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Disseldorp ddiss@suse.de
commit 2b0122aaa800b021e36027d7f29e206f87c761d6 upstream.
The value set as scrub_speed_max accepts size with suffixes (k/m/g/t/p/e) but we should still validate it for trailing characters, similar to what we do with chunk_size_store.
CC: stable@vger.kernel.org # 5.15+ Signed-off-by: David Disseldorp ddiss@suse.de Reviewed-by: David Sterba dsterba@suse.com Signed-off-by: David Sterba dsterba@suse.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- fs/btrfs/sysfs.c | 4 ++++ 1 file changed, 4 insertions(+)
--- a/fs/btrfs/sysfs.c +++ b/fs/btrfs/sysfs.c @@ -1760,6 +1760,10 @@ static ssize_t btrfs_devinfo_scrub_speed unsigned long long limit;
limit = memparse(buf, &endptr); + /* There could be trailing '\n', also catch any typos after the value. */ + endptr = skip_spaces(endptr); + if (*endptr != 0) + return -EINVAL; WRITE_ONCE(device->scrub_speed_max, limit); return len; }