]> git.ipfire.org Git - thirdparty/kernel/linux.git/commitdiff
projects / thirdparty / kernel / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c9b5645)
block: validate pi_offset integrity limit
authorCaleb Sander Mateos <csander@purestorage.com>
Wed, 17 Dec 2025 05:34:35 +0000 (22:34 -0700)
committerJens Axboe <axboe@kernel.dk>
Thu, 18 Dec 2025 16:51:49 +0000 (09:51 -0700)
The PI tuple must be contained within the metadata value, so validate
that pi_offset + pi_tuple_size <= metadata_size. This guards against
block drivers that report invalid pi_offset values.

Signed-off-by: Caleb Sander Mateos <csander@purestorage.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
block/blk-settings.c patch | blob | blame | history

diff --git a/block/blk-settings.c b/block/blk-settings.c
index 51401f08ce05bed14f2031e033bab8342ca70559..d138abc973bba0a56ca8a994322069205ae5af95 100644 (file)
--- a/block/blk-settings.c
+++ b/block/blk-settings.c
@@ -161,10 +161,9 @@ static int blk_validate_integrity_limits(struct queue_limits *lim)
                return -EINVAL;
        }
 
-       if (bi->pi_tuple_size > bi->metadata_size) {
-               pr_warn("pi_tuple_size (%u) exceeds metadata_size (%u)\n",
-                        bi->pi_tuple_size,
-                        bi->metadata_size);
+       if (bi->pi_offset + bi->pi_tuple_size > bi->metadata_size) {
+               pr_warn("pi_offset (%u) + pi_tuple_size (%u) exceeds metadata_size (%u)\n",
+                       bi->pi_offset, bi->pi_tuple_size, bi->metadata_size);
                return -EINVAL;
        }
 
A mirror of Linus' kernel repository