For a huge read request with >= 524288 pages in list passed to 'start_read()', 'nr_pages << PAGE_SHIFT' may overflow 'int' (for a convenient 4K page size) and make 'len' undefined, so prefer 's64' for 'nr_pages' instead. Compile tested only.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Dmitry Antipov dmantipov@yandex.ru --- fs/ceph/addr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c index 2362f2591f4a..bc50918284bf 100644 --- a/fs/ceph/addr.c +++ b/fs/ceph/addr.c @@ -329,7 +329,7 @@ static int start_read(struct inode *inode, struct ceph_rw_context *rw_ctx, int i; struct page **pages; pgoff_t next_index; - int nr_pages = 0; + s64 nr_pages = 0; int got = 0; int ret = 0;
@@ -370,7 +370,7 @@ static int start_read(struct inode *inode, struct ceph_rw_context *rw_ctx, break; } len = nr_pages << PAGE_SHIFT; - dout("start_read %p nr_pages %d is %lld~%lld\n", inode, nr_pages, + dout("start_read %p nr_pages %lld is %lld~%lld\n", inode, nr_pages, off, len); vino = ceph_vino(inode); req = ceph_osdc_new_request(osdc, &ci->i_layout, vino, off, &len,
Hi,
Thanks for your patch.
FYI: kernel test robot notices the stable kernel rule is not satisfied.
The check is based on https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html#opti...
Rule: The upstream commit ID must be specified with a separate line above the commit text. Subject: [PATCH 4.19/5.4/5.10] ceph: fix possible overflow in start_read() Link: https://lore.kernel.org/stable/20241115103124.1361582-1-dmantipov%40yandex.r...
Please ignore this mail if the patch is not relevant for upstream.
linux-stable-mirror@lists.linaro.org
-
Dmitry Antipov -
kernel test robot