2024-05-15 14:07:25

by Martin K. Petersen

[permalink] [raw]
Subject: Re: [PATCH v2] scsi: sr: fix unintentional arithmetic wraparound


Justin,

> Running syzkaller with the newly reintroduced signed integer overflow
> sanitizer produces this report:
>
> [ 65.194362] ------------[ cut here ]------------
> [ 65.197752] UBSAN: signed-integer-overflow in ../drivers/scsi/sr_ioctl.c:436:9
> [ 65.203607] -2147483648 * 177 cannot be represented in type 'int'
> [ 65.207911] CPU: 2 PID: 10416 Comm: syz-executor.1 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1
> [ 65.213585] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
> [ 65.219923] Call Trace:
> [ 65.221556] <TASK>
> [ 65.223029] dump_stack_lvl+0x93/0xd0
> [ 65.225573] handle_overflow+0x171/0x1b0
> [ 65.228219] sr_select_speed+0xeb/0xf0
> [ 65.230786] ? __pm_runtime_resume+0xe6/0x130
> [ 65.233606] sr_block_ioctl+0x15d/0x1d0
> ...
>

Applied to 6.10/scsi-staging, thanks!

--
Martin K. Petersen Oracle Linux Engineering