]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 79dd3f1)
block: validate pi_offset integrity limit
authorCaleb Sander Mateos <csander@purestorage.com>
Wed, 17 Dec 2025 05:34:35 +0000 (22:34 -0700)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 17 Jan 2026 15:35:33 +0000 (16:35 +0100)
[ Upstream commit ccb8a3c08adf8121e2afb8e704f007ce99324d79 ]

The PI tuple must be contained within the metadata value, so validate
that pi_offset + pi_tuple_size <= metadata_size. This guards against
block drivers that report invalid pi_offset values.

Signed-off-by: Caleb Sander Mateos <csander@purestorage.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
block/blk-settings.c patch | blob | blame | history

diff --git a/block/blk-settings.c b/block/blk-settings.c
index d74b13ec8e548ca1b972e9a5c53af9c402e0798a..f2c1940fe6f1aedbe1e6cdb5511d8d541b332263 100644 (file)
--- a/block/blk-settings.c
+++ b/block/blk-settings.c
@@ -148,10 +148,9 @@ static int blk_validate_integrity_limits(struct queue_limits *lim)
                return -EINVAL;
        }
 
-       if (bi->pi_tuple_size > bi->metadata_size) {
-               pr_warn("pi_tuple_size (%u) exceeds metadata_size (%u)\n",
-                        bi->pi_tuple_size,
-                        bi->metadata_size);
+       if (bi->pi_offset + bi->pi_tuple_size > bi->metadata_size) {
+               pr_warn("pi_offset (%u) + pi_tuple_size (%u) exceeds metadata_size (%u)\n",
+                       bi->pi_offset, bi->pi_tuple_size, bi->metadata_size);
                return -EINVAL;
        }
 
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git