[patch -resend] NVMe: check for integer overflow in nvme_map_user_pages()
Matthew Wilcox
willy at linux.intel.com
Fri May 17 09:41:28 EDT 2013
On Mon, May 13, 2013 at 05:59:50PM +0300, Dan Carpenter wrote:
> You need to have CAP_SYS_ADMIN to trigger this overflow but it makes the
> static checkers complain so we should fix it. The worry is that
> "length" comes from copy_from_user() so we need to check that "length +
> offset" can't overflow.
>
> I also changed the min_t() cast to be unsigned instead of signed. Now
> that we cap "length" to INT_MAX it doesn't make a difference, but it's a
> little easier for reviewers to know that large values aren't cast to
> negative.
>
> Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
Applied
More information about the Linux-nvme
mailing list