NFSv4: limit lease period in nfs4_set_lease_period()

In nfs4_set_lease_period(), the passed 32-bit lease period in seconds is
multiplied by HZ -- that might overflow before being implicitly cast to
*unsigned long* (32/64-bit type), while initializing the lease variable.
Cap the lease period at MAX_LEASE_PERIOD (#define'd to 1 hour for now),
before multipying to avoid such overflow...

Found by Linux Verification Center (linuxtesting.org) with the Svace static
analysis tool.

Signed-off-by: Sergey Shtylyov <s.shtylyov@omp.ru>
Suggested-by: Trond Myklebust <trondmy@kernel.org>
Signed-off-by: Anna Schumaker <anna.schumaker@oracle.com>

diff --git a/fs/nfs/nfs4renewd.c b/fs/nfs/nfs4renewd.c
index 043b2de8d416c690122235fc0a030d0939fb6059..30065df1482e5f1be6eb5942dab5df7d65ea86ff 100644 (file)
--- a/fs/nfs/nfs4renewd.c
+++ b/fs/nfs/nfs4renewd.c
@@ -133,6 +133,8 @@ nfs4_kill_renewd(struct nfs_client *clp)
        cancel_delayed_work_sync(&clp->cl_renewd);
 }
 
+#define MAX_LEASE_PERIOD (60 * 60)     /* 1 hour */
+
 /**
  * nfs4_set_lease_period - Sets the lease period on a nfs_client
  *
@@ -141,7 +143,13 @@ nfs4_kill_renewd(struct nfs_client *clp)
  */
 void nfs4_set_lease_period(struct nfs_client *clp, u32 period)
 {
-       unsigned long lease = period * HZ;
+       unsigned long lease;
+
+       /* Limit the lease period */
+       if (period < MAX_LEASE_PERIOD)
+               lease = period * HZ;
+       else
+               lease = MAX_LEASE_PERIOD * HZ;
 
        spin_lock(&clp->cl_lock);
        clp->cl_lease_time = lease;