NFSv4: limit lease period in nfs4_set_lease_period()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

In nfs4_set_lease_period(), the passed 32-bit lease period in seconds is
multiplied by HZ -- that might overflow before being implicitly cast to
*unsigned long* (32/64-bit type), while initializing the lease variable.
Cap the lease period at MAX_LEASE_PERIOD (#define'd to 1 hour for now),
before multipying to avoid such overflow...

Found by Linux Verification Center (linuxtesting.org) with the Svace static
analysis tool.

Signed-off-by: Sergey Shtylyov <s.shtylyov@omp.ru>
Suggested-by: Trond Myklebust <trondmy@kernel.org>
Signed-off-by: Anna Schumaker <anna.schumaker@oracle.com>

authored by

Sergey Shtylyov and committed by

Anna Schumaker 1 month ago e29a3e61 3d57c44e

+9 -1

1 changed file

expand all

nfs

nfs4renewd.c

+9 -1

fs/nfs/nfs4renewd.c

··· 133 133 cancel_delayed_work_sync(&clp->cl_renewd); 134 134 } 135 135 136 + #define MAX_LEASE_PERIOD (60 * 60) /* 1 hour */ 137 + 136 138 /** 137 139 * nfs4_set_lease_period - Sets the lease period on a nfs_client 138 140 * ··· 143 141 */ 144 142 void nfs4_set_lease_period(struct nfs_client *clp, u32 period) 145 143 { 146 - unsigned long lease = period * HZ; 144 + unsigned long lease; 145 + 146 + /* Limit the lease period */ 147 + if (period < MAX_LEASE_PERIOD) 148 + lease = period * HZ; 149 + else 150 + lease = MAX_LEASE_PERIOD * HZ; 147 151 148 152 spin_lock(&clp->cl_lock); 149 153 clp->cl_lease_time = lease;