[lvc-project] [PATCH] ceph: fix possible integer overflow in ceph_zero_objects()
Viacheslav Dubeyko
Slava.Dubeyko at ibm.com
Tue Apr 22 21:25:58 MSK 2025
On Tue, 2025-04-22 at 12:32 +0300, Dmitry Kandybka wrote:
> In 'ceph_zero_objects', promote 'object_size' to 'u64' to avoid possible
> integer overflow.
> Compile tested only.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Signed-off-by: Dmitry Kandybka <d.kandybka at gmail.com>
> ---
> fs/ceph/file.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/ceph/file.c b/fs/ceph/file.c
> index 851d70200c6b..a7254cab44cc 100644
> --- a/fs/ceph/file.c
> +++ b/fs/ceph/file.c
> @@ -2616,7 +2616,7 @@ static int ceph_zero_objects(struct inode *inode, loff_t offset, loff_t length)
> s32 stripe_unit = ci->i_layout.stripe_unit;
> s32 stripe_count = ci->i_layout.stripe_count;
> s32 object_size = ci->i_layout.object_size;
Frankly speaking, I don't quite follow why we are using signed type here (s32).
As object size as stripe count should be positive value always.
> - u64 object_set_size = object_size * stripe_count;
> + u64 object_set_size = (u64) object_size * stripe_count;
> u64 nearly, t;
>
> /* round offset up to next period boundary */
Looks good.
Reviewed-by: Viacheslav Dubeyko <Slava.Dubeyko at ibm.com>
Thanks,
Slava.
More information about the lvc-project
mailing list