NVMe: check for integer overflow in nvme_map_user_pages() - asmadeus/linux.git

diff options

author	Dan Carpenter <dan.carpenter@oracle.com>	2013-05-13 17:59:50 +0300
committer	Matthew Wilcox <matthew.r.wilcox@intel.com>	2013-05-17 09:11:03 -0400
commit	5460fc03105fbed01fe27aa572d9f65bb410a61d (patch)
tree	0e4e62a7fe314ceaa89a7966ef7c2d770686d361 /fs/hugetlbfs
parent	5be37bf9c17ffad0590a4044dbb110fe08066923 (diff)

NVMe: check for integer overflow in nvme_map_user_pages()

You need to have CAP_SYS_ADMIN to trigger this overflow but it makes the static checkers complain so we should fix it. The worry is that "length" comes from copy_from_user() so we need to check that "length + offset" can't overflow. I also changed the min_t() cast to be unsigned instead of signed. Now that we cap "length" to INT_MAX it doesn't make a difference, but it's a little easier for reviewers to know that large values aren't cast to negative. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Matthew Wilcox <matthew.r.wilcox@intel.com>

Diffstat (limited to 'fs/hugetlbfs')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: