bcache: fix input overflow to sequential_cutoff

[ Upstream commit 8c27a3953e92eb0b22dbb03d599f543a05f9574e ] People may set sequential_cutoff of a cached device via sysfs file, but current code does not check input value overflow. E.g. if value 4294967295 (UINT_MAX) is written to file sequential_cutoff, its value is 4GB, but if 4294967296 (UINT_MAX + 1) is written into, its value will be 0. This is an unexpected behavior. This patch replaces d_strtoi_h() by sysfs_strtoul_clamp() to convert input string to unsigned integer value, and limit its range in [0, UINT_MAX]. Then the input overflow can be fixed. Signed-off-by: Coly Li <colyli@suse.de> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Coly Li <colyli@suse.de> 2019-02-09 12:53:01 +0800
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-04-27 09:33:51 +0200
commit: 97f00d95dfb02f5d6689f74f11ce0df5ce1fa526 (patch)
tree: dbf1d52b32303b9a72879142d84b65008925d969 /drivers/md/bcache
parent: d775179e00cdc6fed4c33fef92dcfb24a797e39e (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c
index 87daccbbc61b..463ce6757338 100644
--- a/drivers/md/bcache/sysfs.c
+++ b/drivers/md/bcache/sysfs.c
@@ -215,7 +215,9 @@ STORE(__cached_dev)
 	d_strtoul(writeback_rate_d_term);
 	d_strtoul_nonzero(writeback_rate_p_term_inverse);
 
-	d_strtoi_h(sequential_cutoff);
+	sysfs_strtoul_clamp(sequential_cutoff,
+			    dc->sequential_cutoff,
+			    0, UINT_MAX);
 	d_strtoi_h(readahead);
 
 	if (attr == &sysfs_clear_stats)
author	Coly Li <colyli@suse.de>	2019-02-09 12:53:01 +0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-04-27 09:33:51 +0200
commit	97f00d95dfb02f5d6689f74f11ce0df5ce1fa526 (patch)
tree	dbf1d52b32303b9a72879142d84b65008925d969 /drivers/md/bcache
parent	d775179e00cdc6fed4c33fef92dcfb24a797e39e (diff)