On 05/08/2018 06:27 PM, Eric Blake wrote: > Detected by Coverity: Multiplying two 32-bit int and assigning > the result to a 64-bit number is a risk of overflow. Prior to > the conversion to byte-based interfaces, the block layer took > care of ensuring that a status request never exceeded 2G in > the driver; but after that conversion, the block layer expects > drivers to deal with any size request (the driver can always > truncate the request size back down, as long as it makes > progress). So, in the off-chance that someone makes a large > request, we are at the mercy of whether iscsi_get_lba_status_task() > will cap things to at most INT_MAX / iscsilun->block_size when > it populates lbasd->num_blocks; since I could not easily audit > that, it's better to be safe than sorry by just forcing a 64-bit > multiply.
:) > > Fixes: 92809c36 > CC: [email protected] > Signed-off-by: Eric Blake <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> > --- > block/iscsi.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/block/iscsi.c b/block/iscsi.c > index 35423ded03b..a6311b9a320 100644 > --- a/block/iscsi.c > +++ b/block/iscsi.c > @@ -732,7 +732,7 @@ retry: > goto out_unlock; > } > > - *pnum = lbasd->num_blocks * iscsilun->block_size; > + *pnum = (int64_t) lbasd->num_blocks * iscsilun->block_size; > > if (lbasd->provisioning == SCSI_PROVISIONING_TYPE_DEALLOCATED || > lbasd->provisioning == SCSI_PROVISIONING_TYPE_ANCHORED) { >
signature.asc
Description: OpenPGP digital signature
