Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-6877

Potential integer overflow in osc_shrink_grant and osc_shrink_grant_to_target

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
      None
    • Severity:
      3
    • Rank (Obsolete):
      9223372036854775807

      Description

      Currently a low priority because I don't think we allow grants to go up over 2 or 4 G, here's the potential one:

      static int osc_shrink_grant(struct client_obd *cli)
      ...
      __u64 target_bytes...
      ...
              if (cli->cl_avail_grant <= target_bytes)
                      target_bytes = cli->cl_max_pages_per_rpc << PAGE_CACHE_SHIFT;
      ...
      

      cli->cl_max_pages_per_rpc is a 32 bit type, so result of the shift is also 32 bit and the overflow could happen.

      Same bug in the osc_shrink_grant_to_target a few lines below.

        Attachments

          Activity

            People

            • Assignee:
              ys Yang Sheng
              Reporter:
              green Oleg Drokin
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: