[PATCH v2 1/4] scsi: sd: reject invalid pr_read_keys() num_keys values
Christoph Hellwig
hch at lst.de
Sun Nov 30 22:34:13 PST 2025
On Thu, Nov 27, 2025 at 10:54:21AM -0500, Stefan Hajnoczi wrote:
> + /*
> + * Each reservation key takes 8 bytes and there is an 8-byte header
> + * before the reservation key list. The total size must fit into the
> + * 16-bit ALLOCATION LENGTH field.
> + */
> + if (num_keys > (USHRT_MAX / 8) - 1)
> + return -EINVAL;
> +
> + data_len = num_keys * 8 + 8;
Having the same arithmerics express here in two different ways is a bit
odd.
I'd expected this to be something like:
if (check_mul_overflow(num_keys, 8, &data_len) || data_len > USHRT_MAX)
return -EINVAL;
More information about the Linux-nvme
mailing list