[LU-6877] Potential integer overflow in osc_shrink_grant and osc_shrink_grant_to_target Created: 19/Jul/15 Updated: 30/Jan/22 |
|
| Status: | Open |
| Project: | Lustre |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Minor |
| Reporter: | Oleg Drokin | Assignee: | Yang Sheng |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | patch | ||
| Severity: | 3 |
| Rank (Obsolete): | 9223372036854775807 |
| Description |
|
Currently a low priority because I don't think we allow grants to go up over 2 or 4 G, here's the potential one: static int osc_shrink_grant(struct client_obd *cli) ... __u64 target_bytes... ... if (cli->cl_avail_grant <= target_bytes) target_bytes = cli->cl_max_pages_per_rpc << PAGE_CACHE_SHIFT; ... cli->cl_max_pages_per_rpc is a 32 bit type, so result of the shift is also 32 bit and the overflow could happen. Same bug in the osc_shrink_grant_to_target a few lines below. |
| Comments |
| Comment by Gerrit Updater [ 26/Feb/16 ] |
|
Yang Sheng (yang.sheng@intel.com) uploaded a new patch: http://review.whamcloud.com/18682 |