Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp4842490pxj; Tue, 22 Jun 2021 09:11:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyoJMgxSMyy2FKeszJ5QpOPXa00xbD/hpS6eNMe6d54ZZXP+wJbQ2o5NHF+K+Qg1VrmY/Fi X-Received: by 2002:a5d:96c6:: with SMTP id r6mr3506078iol.25.1624378279589; Tue, 22 Jun 2021 09:11:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624378279; cv=none; d=google.com; s=arc-20160816; b=cXX66iIe8ualuHwig4W+483ppraPDBbiN1C2XYUBtwoUq6Bavj4E2qYW+HQNzGI77U HDcio+6+jaa7fL3F04+5WNQLh6RPVx+HAdU52elKcVVrnYEWtrCP3vP2qmKU+jk5p2KF MoYWj+rY4LUxbBWGJaJfHvG2pd4772SIihUH4WvM86XJnj1javohOy6CI3NHG35VLy06 UOFygiKz9otgdf5N2oDXVOT4F2rgt9bZRwYjRLzgUaj7XFESFmpcONKX2aLzlyPaXT4u 8tJR+/E5rfg4bONXge+aaxokoLaRrM2XHewgLRp0CnosAEvEcYXW/tuB09yKsOms28rI Yocw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=i+pKtokUfHb9UEDL49Cs/ADaX0vnVkh3TA5MqGHAFU0=; b=haHn3mQDAJYBmvp1iQjg7JmReeUUU40qC3yZPGj0LcHuHQzFyDgLO7zVzoczmJ9m/Y wZInAwdFu92mYGRKZRNPd/coVmLBv7JXq+W0XDd0lfY8fHW/IW9J4LP2pU5ehneLuF1E 3EpA1iuoTDIV8WalLdG9ep/vJcT/H11cEO+hfWnMOEkANzY7MSkztTzkBj7dVBMBf3Gg YyWLnFq1IxKa/dXDwSuzk7ecHvMwjQKLvoF8CBLOryopxWJ6KI0gQOydNfZtUtS7SC2t roAqPPEfmdxSGrcXDFYmcc6KqRMrCMDRMqxVBBRSn7Fb1n1+Sxi23HRk8cQmswCMS/+t FhkQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=dSOqXku6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j1si20242052jat.105.2021.06.22.09.11.06; Tue, 22 Jun 2021 09:11:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=dSOqXku6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229786AbhFVQMo (ORCPT + 99 others); Tue, 22 Jun 2021 12:12:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41158 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229674AbhFVQMn (ORCPT ); Tue, 22 Jun 2021 12:12:43 -0400 Received: from mail-pj1-x102d.google.com (mail-pj1-x102d.google.com [IPv6:2607:f8b0:4864:20::102d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9879CC061574; Tue, 22 Jun 2021 09:10:26 -0700 (PDT) Received: by mail-pj1-x102d.google.com with SMTP id t19-20020a17090ae513b029016f66a73701so2011813pjy.3; Tue, 22 Jun 2021 09:10:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=i+pKtokUfHb9UEDL49Cs/ADaX0vnVkh3TA5MqGHAFU0=; b=dSOqXku68l3KNrDrATiu7AmcidU75ZovkEJ+m1Oaj7CVzeF8GVlh+HUpKBitX9YXiV UCBZ0eNURtnp3raaEammg6fMZsgUPdRDWOp8swppEbWB3zTeil4gjTWBCF1s1uCbEDhs upF+1O2kCw2iG9jwzdaempVXjIoYxWBJ1vQmBk8sKy7NCuUyMjZraSPmWVqgzDdodmY6 aQWdhJo3YArme+oAWXcrnV2GT9qlMow9MZeAtWRjQtlqnauQiOTCx6Ithz4vVV0eXVp4 DP2kVa9NEHCkiLWK2EfPr2XSwpSDNxepvjFDfuXqDCZBJ3zWVNTHMt2FhLKqsSB7AYjX dVWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=i+pKtokUfHb9UEDL49Cs/ADaX0vnVkh3TA5MqGHAFU0=; b=FMun6Evh7wRd/kdgJnp9sGdDyOWQjK0Z3lsKjRrjSV1geq2F3nhJkXyPQ7WyBheX+U cQ3qu7KVoL3W07uqmvbN2MM/ok8sy1up2ip0PBUZMNwniQ1lYT/TZj2GaZAv4Xst//Py mbSV0Aedtx4CtOpMauTBgIY0vYB4wzRhU/+b2k782/o8QQBTbvs/OOATHR2DUSQA0iqC 6TEu2aH7vF86ZB3S7Wza1lQZE3x3XwtfCR2GRtHN47S5/rZ4FVTtoiEiM/EpuncmlMxF l/hYk2oYpCBgk4aTvQdQpDOunFnGXd4AfqhvyDQvEbg2JiHUmV0n29SWUbLWKH3O7awl IkUw== X-Gm-Message-State: AOAM532wN2FVGZzvsh/h3+mw4Wwv4zhPSWn0FIWlGnV/X9eai0S8qGdf zVGKt6W7WI0BsA8WRHcVm5Q= X-Received: by 2002:a17:90b:1bc4:: with SMTP id oa4mr4724360pjb.18.1624378226122; Tue, 22 Jun 2021 09:10:26 -0700 (PDT) Received: from fedora.. ([2405:201:6008:6d7c:6bfd:dac8:eafe:7bde]) by smtp.googlemail.com with ESMTPSA id ml5sm2780135pjb.3.2021.06.22.09.10.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Jun 2021 09:10:25 -0700 (PDT) From: Shreyansh Chouhan To: axboe@kernel.dk Cc: Shreyansh Chouhan , linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, syzbot+cf89d662483d6a1a0790@syzkaller.appspotmail.com Subject: [PATCH] loop: fix setting arbitrarily large block size Date: Tue, 22 Jun 2021 21:40:19 +0530 Message-Id: <20210622161019.130090-1-chouhan.shreyansh630@gmail.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org loop_validate_block_size took an unsigned short argument. Passing an argument with size greater than the size of unsigned short would cause an overflow and could potentially render the upper bound check on the block size useless, allowing to set an arbitrarily large block size. Reproted-by: syzbot+cf89d662483d6a1a0790@syzkaller.appspotmail.com Signed-off-by: Shreyansh Chouhan --- drivers/block/loop.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/block/loop.c b/drivers/block/loop.c index 9a758cf66507..635baff0dd66 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c @@ -236,7 +236,7 @@ static void __loop_update_dio(struct loop_device *lo, bool dio) * @bsize: size to validate */ static int -loop_validate_block_size(unsigned short bsize) +loop_validate_block_size(unsigned long bsize) { if (bsize < 512 || bsize > PAGE_SIZE || !is_power_of_2(bsize)) return -EINVAL; -- 2.31.1