Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp5338995pxj;
        Tue, 22 Jun 2021 22:12:10 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJweBTS8jMYCtfwckrDVwW4iOtt0iCeGeo4btbbMGl/yccjHgXBbHowm/g97fJnk5ETmK9+m
X-Received: by 2002:a17:907:9719:: with SMTP id jg25mr7959670ejc.82.1624425129922;
        Tue, 22 Jun 2021 22:12:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1624425129; cv=none;
        d=google.com; s=arc-20160816;
        b=OvoUxWtYnI8YkT3OsH/t20aFJdWUO1sNDvIvYJ/ZRZsrMx48R6mY19JrL61sn+NddE
         gLce5DBZsz0T4JuycLfr3rE+jCk8IheB3OGR7uoN0L8wp4coszwjJB/YGI2+5XWCJfbd
         VvI7tqFsPeTiqZb7fVWpQkE1652JpwdFlJ2tIMvNl4tkKV6wcSkMb+9ZnyIxqIuUooYW
         tIpC5906zAF05QJqfbTSWux1D+GNP4Fi/xaakiuXXcPWYqU46sBqUkVzXJMknFNdX1cX
         W6VFmMYanAAH+aPgtJY4mbL3p0v1eA0xjeAfks6cevfqrf9+DjUW/BfwRHfY9JsLb6Ho
         0F0Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=VqGeL42RTOC+E9+SQYGTfGiCaSotCi3VvO6rfkKcNPM=;
        b=pDd/6t9VQdEiYi7Y3N/aT1k8jFMX4ZZdYl4PgFSy1L3c1+oUbzatXE2d+7bXNgZ6nQ
         ECrJVkr6sxHywshSG24cEe/KCC7QY9jnFM7hWVm36T7pTF3PlNPBUVER1pCLGmMhcO2L
         o90xBHP6VefQj1F7lfDLmEqB/ayQv9vCqAGl5xkegcmJf9Uq/wu03ItBNeF9W/RLEf57
         RMWn69atgAIK3+cFTxNsRu0LcXln0lpCzk8QCN9G9HlcaJe309GbrT/ALbMeZM1rPxV1
         7O7EZf3V1TPUiQe2hZAz4zOLSohGHhJ3UmEnTYCpXFUYigcld2BoyF2tE7i4jxKPxwFA
         gBQQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b="IFrz/YEU";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id z3si16035586ejr.183.2021.06.22.22.11.45;
        Tue, 22 Jun 2021 22:12:09 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b="IFrz/YEU";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229755AbhFWFL5 (ORCPT <rfc822;macmurkernel@gmail.com>
        + 99 others); Wed, 23 Jun 2021 01:11:57 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45880 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229660AbhFWFL5 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 23 Jun 2021 01:11:57 -0400
Received: from mail-pl1-x630.google.com (mail-pl1-x630.google.com [IPv6:2607:f8b0:4864:20::630])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 580DFC061574;
        Tue, 22 Jun 2021 22:09:40 -0700 (PDT)
Received: by mail-pl1-x630.google.com with SMTP id o21so533638pll.6;
        Tue, 22 Jun 2021 22:09:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=VqGeL42RTOC+E9+SQYGTfGiCaSotCi3VvO6rfkKcNPM=;
        b=IFrz/YEUJopX8c+nwgr5e7kHD4d3/0DLR664YUFXmllUS8s/XAICU1COB9WhfGKg1F
         6kzPJ4H5hyRXiPGrIORjx2exRf001o6nb8cZpp5ZMOqyS+3KrTCYuKHaT6EAmtFSu5Y4
         NcMIzlITwTHPZ7HqmoGVM5qBUruP/cdScjP60NpqfgcwxonQjZqQMfJDwx/v4yO8mwdb
         vjI0iPjkwqSRGIodJjbUrd+Y4+y7R0gb2UgNV4wmsZ5DBjbQSAb9k+KuWWtTprxSppKC
         94RCrahpqrITPMyvOkbC1Cf/MrxGulpQQAeTe2ZbPNw2KGicdE2EiOoEIp1HfCkHuaNT
         6UDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=VqGeL42RTOC+E9+SQYGTfGiCaSotCi3VvO6rfkKcNPM=;
        b=T/xJHQI4X9IinUqHsEQAgMJKDdlhqfY567nTHoValNouO2lF8Dm6lA0E4iWX0QNsMd
         7aBMnrxJaJ5EaJfwp9YfjgCV9GtMrbgsuHLzeQhxL9FN/V2SLHKehISlsf8HdV6H73nI
         3GrzBZ5E9dcEoJDbOHzsjeIRgvMnwkBd1Wu3ed7UsHU0fMqImt4iZlPQeJCGY+K0yBAg
         mBWdfz16lRBaHan4+p+fWVA/D3E78uS5JL+/3RCnErivq9UGc7l2ZZxPpdpY1lNa9Hbu
         LHm5MzNFmKBZwtkZ6Qgt39x+4TqgcMiqV45Gu2kUu+5yRKXMzHmmfoh4/kQG4Qy96QCv
         wKGA==
X-Gm-Message-State: AOAM532uLLwRhxk5b1WE4rgVPpPSLz889bIS4V6Di+qaiTy0NdIE8mEm
        Jn6oC+cYx1PKZwdWNEssydY=
X-Received: by 2002:a17:90a:5889:: with SMTP id j9mr3674221pji.234.1624424979646;
        Tue, 22 Jun 2021 22:09:39 -0700 (PDT)
Received: from fedora.. ([2405:201:6008:6d7c:6bfd:dac8:eafe:7bde])
        by smtp.googlemail.com with ESMTPSA id h8sm22340998pgr.43.2021.06.22.22.09.36
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 22 Jun 2021 22:09:39 -0700 (PDT)
From:   Shreyansh Chouhan <chouhan.shreyansh630@gmail.com>
To:     axboe@kernel.dk
Cc:     Shreyansh Chouhan <chouhan.shreyansh630@gmail.com>,
        linux-block@vger.kernel.org, linux-kernel@vger.kernel.org,
        syzbot+cf89d662483d6a1a0790@syzkaller.appspotmail.com
Subject: [RESEND PATCH] loop: fix setting arbitrarily large block size
Date:   Wed, 23 Jun 2021 10:39:33 +0530
Message-Id: <20210623050933.140572-1-chouhan.shreyansh630@gmail.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20210622161019.130090-1-chouhan.shreyansh630@gmail.com>
References: <20210622161019.130090-1-chouhan.shreyansh630@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

REASON FOR RESEND: Fixed spelling of the Reported-by tag.

loop_validate_block_size took an unsigned short argument. Passing an
argument with size greater than the size of unsigned short would cause
an overflow and could potentially render the upper bound check on the
block size useless, allowing to set an arbitrarily large block size.

Reported-by: syzbot+cf89d662483d6a1a0790@syzkaller.appspotmail.com
Signed-off-by: Shreyansh Chouhan <chouhan.shreyansh630@gmail.com>
---
 drivers/block/loop.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/block/loop.c b/drivers/block/loop.c
index 9a758cf66507..635baff0dd66 100644
--- a/drivers/block/loop.c
+++ b/drivers/block/loop.c
@@ -236,7 +236,7 @@ static void __loop_update_dio(struct loop_device *lo, bool dio)
  * @bsize: size to validate
  */
 static int
-loop_validate_block_size(unsigned short bsize)
+loop_validate_block_size(unsigned long bsize)
 {
 	if (bsize < 512 || bsize > PAGE_SIZE || !is_power_of_2(bsize))
 		return -EINVAL;
-- 
2.31.1