37 lines
1.3 KiB
Diff
37 lines
1.3 KiB
Diff
|
From fc5b9cb39257527568911f65c64d80e23f9f6ae3 Mon Sep 17 00:00:00 2001
|
||
|
|
From: qihao <qihao_yewu@cmss.chinamobile.com>
|
||
|
|
Date: Wed, 18 Sep 2024 10:32:42 -0400
|
||
|
|
Subject: [PATCH] hw/block: fix uint32 overflow
|
||
|
|
|
||
|
|
cheery-pick from 89cd6254b80784a1b3f574407192493ef92fe65f
|
||
|
|
|
||
|
|
The product bs->bl.zone_size * (bs->bl.nr_zones - 1) may overflow
|
||
|
|
uint32.
|
||
|
|
|
||
|
|
Found by Linux Verification Center (linuxtesting.org) with SVACE.
|
||
|
|
|
||
|
|
Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
|
||
|
|
Message-id: 20240917080356.270576-2-frolov@swemel.ru
|
||
|
|
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||
|
|
Signed-off-by: qihao_yewu <qihao_yewu@cmss.chinamobile.com>
|
||
|
|
---
|
||
|
|
hw/block/virtio-blk.c | 2 +-
|
||
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
|
||
|
|
index 2eb096a6dc..beedc0cf5f 100644
|
||
|
|
--- a/hw/block/virtio-blk.c
|
||
|
|
+++ b/hw/block/virtio-blk.c
|
||
|
|
@@ -860,7 +860,7 @@ static int virtio_blk_handle_zone_mgmt(VirtIOBlockReq *req, BlockZoneOp op)
|
||
|
|
} else {
|
||
|
|
if (bs->bl.zone_size > capacity - offset) {
|
||
|
|
/* The zoned device allows the last smaller zone. */
|
||
|
|
- len = capacity - bs->bl.zone_size * (bs->bl.nr_zones - 1);
|
||
|
|
+ len = capacity - bs->bl.zone_size * (bs->bl.nr_zones - 1ull);
|
||
|
|
} else {
|
||
|
|
len = bs->bl.zone_size;
|
||
|
|
}
|
||
|
|
--
|
||
|
|
2.41.0.windows.1
|
||
|
|
|