All of lore.kernel.org
 help / color / mirror / Atom feed
* Integer overflow in target_core_device.c in Linux Kernel
@ 2016-04-21 22:13 Марк Коренберг
  2016-04-22  2:08 ` Greg KH
  0 siblings, 1 reply; 2+ messages in thread
From: Марк Коренберг @ 2016-04-21 22:13 UTC (permalink / raw)
  To: Mike Christie; +Cc: stable, Nicholas Bellinger

Linux kernel commit 8a9ebe717a133ba7bc90b06047f43cc6b8bcb8b3

attrib->max_unmap_lba_count = (q->limits.max_discard_sectors << 9)

Since max_discard_sectors is 32-bit, there may be integer overflow,
making wrong max_unmap_lba_count.

For example, LVM Thin provisioning reports that it have 16 GB maximal
discard block.

Exactly the same bug in DRBD9, I have already reported.


-- 
Segmentation fault

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: Integer overflow in target_core_device.c in Linux Kernel
  2016-04-21 22:13 Integer overflow in target_core_device.c in Linux Kernel Марк Коренберг
@ 2016-04-22  2:08 ` Greg KH
  0 siblings, 0 replies; 2+ messages in thread
From: Greg KH @ 2016-04-22  2:08 UTC (permalink / raw)
  To: Марк
	Коренберг
  Cc: Mike Christie, stable, Nicholas Bellinger

On Fri, Apr 22, 2016 at 03:13:58AM +0500, Марк Коренберг wrote:
> Linux kernel commit 8a9ebe717a133ba7bc90b06047f43cc6b8bcb8b3
> 
> attrib->max_unmap_lba_count = (q->limits.max_discard_sectors << 9)
> 
> Since max_discard_sectors is 32-bit, there may be integer overflow,
> making wrong max_unmap_lba_count.
> 
> For example, LVM Thin provisioning reports that it have 16 GB maximal
> discard block.
> 
> Exactly the same bug in DRBD9, I have already reported.

Please report this to the mailing list for the subsystem, stable@
doesn't care about stuff like this until it is resolved.

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-04-22  2:08 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-04-21 22:13 Integer overflow in target_core_device.c in Linux Kernel Марк Коренберг
2016-04-22  2:08 ` Greg KH

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.