From: Sergey Shtylyov Date: Mon, 8 Dec 2025 20:15:04 +0000 (+0300) Subject: NFSv4: limit lease period in nfs4_set_lease_period() X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e29a3e61eef6b6c2e60bc1872e9da3bcdbc46c17;p=thirdparty%2Flinux.git NFSv4: limit lease period in nfs4_set_lease_period() In nfs4_set_lease_period(), the passed 32-bit lease period in seconds is multiplied by HZ -- that might overflow before being implicitly cast to *unsigned long* (32/64-bit type), while initializing the lease variable. Cap the lease period at MAX_LEASE_PERIOD (#define'd to 1 hour for now), before multipying to avoid such overflow... Found by Linux Verification Center (linuxtesting.org) with the Svace static analysis tool. Signed-off-by: Sergey Shtylyov Suggested-by: Trond Myklebust Signed-off-by: Anna Schumaker --- diff --git a/fs/nfs/nfs4renewd.c b/fs/nfs/nfs4renewd.c index 043b2de8d416c..30065df1482e5 100644 --- a/fs/nfs/nfs4renewd.c +++ b/fs/nfs/nfs4renewd.c @@ -133,6 +133,8 @@ nfs4_kill_renewd(struct nfs_client *clp) cancel_delayed_work_sync(&clp->cl_renewd); } +#define MAX_LEASE_PERIOD (60 * 60) /* 1 hour */ + /** * nfs4_set_lease_period - Sets the lease period on a nfs_client * @@ -141,7 +143,13 @@ nfs4_kill_renewd(struct nfs_client *clp) */ void nfs4_set_lease_period(struct nfs_client *clp, u32 period) { - unsigned long lease = period * HZ; + unsigned long lease; + + /* Limit the lease period */ + if (period < MAX_LEASE_PERIOD) + lease = period * HZ; + else + lease = MAX_LEASE_PERIOD * HZ; spin_lock(&clp->cl_lock); clp->cl_lease_time = lease;