[PATCH v3 1/4] scsi: sd: reject invalid pr_read_keys() num_keys values
Christoph Hellwig
hch at lst.de
Mon Dec 1 21:58:31 PST 2025
On Mon, Dec 01, 2025 at 04:43:26PM -0500, Stefan Hajnoczi wrote:
> + /*
> + * Each reservation key takes 8 bytes and there is an 8-byte header
> + * before the reservation key list. The total size must fit into the
> + * 16-bit ALLOCATION LENGTH field.
> + */
> + if (check_mul_overflow(num_keys, 8, &data_len) ||
> + check_add_overflow(data_len, 8, &data_len) ||
Using data_len for the throw away key size is a little confusing,
but then again I guess compared to all the surrounding code that's
harmless :)
So:
Reviewed-by: Christoph Hellwig <hch at lst.de>
More information about the Linux-nvme
mailing list