Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752222AbdIMQW3 (ORCPT ); Wed, 13 Sep 2017 12:22:29 -0400 Received: from mail-io0-f181.google.com ([209.85.223.181]:46708 "EHLO mail-io0-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751457AbdIMQW0 (ORCPT ); Wed, 13 Sep 2017 12:22:26 -0400 X-Google-Smtp-Source: AOwi7QA/GvH+TOunQVFi5d3LWRB3l24jL1s8XstcNa0eqIXkcBE8VsL5p62Xb3NzBNeC8bK1/wx+cSSc7treUKmm67A= MIME-Version: 1.0 In-Reply-To: References: From: Dan Williams Date: Wed, 13 Sep 2017 09:22:24 -0700 Message-ID: Subject: Re: [PATCH] brd: fix overflow in __brd_direct_access To: Mikulas Patocka Cc: Jens Axboe , linux-block@vger.kernel.org, "linux-kernel@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1211 Lines: 31 On Wed, Sep 13, 2017 at 6:17 AM, Mikulas Patocka wrote: > The code in __brd_direct_access multiplies the pgoff variable by page size > and divides it by 512. It can cause overflow on 32-bit architectures. The > overflow happens if we create ramdisk larger than 4G and use it as a > sparse device. > > This patch replaces multiplication and division with multiplication by the > number of sectors per page. > > Signed-off-by: Mikulas Patocka > Fixes: 1647b9b959c7 ("brd: add dax_operations support") > Cc: stable@vger.kernel.org # 4.12+ > > --- > drivers/block/brd.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > Index: linux-4.13/drivers/block/brd.c > =================================================================== > --- linux-4.13.orig/drivers/block/brd.c > +++ linux-4.13/drivers/block/brd.c > @@ -339,7 +339,7 @@ static long __brd_direct_access(struct b > > if (!brd) > return -ENODEV; > - page = brd_insert_page(brd, PFN_PHYS(pgoff) / 512); > + page = brd_insert_page(brd, (sector_t)pgoff << PAGE_SECTORS_SHIFT); Looks good to me, you can add: Reviewed-by: Dan Williams