On Wed, Jul 15, 2026 at 8:29 AM Samuel Moelius <[email protected]> wrote: > > invalidate_cblocks parses cache block numbers with sscanf() and then > stores them in the narrower dm_cblock_t type. Values larger than the > cblock representation are truncated before invalidation, so a request > for one cache block can invalidate a different block. > > Checking the parsed value after sscanf() is not sufficient because > sscanf() does not reliably reject values beyond U64_MAX before storing > into the destination. Such inputs can still be converted to a wrapped > u64 value and then pass a later range check. > > Split ranges in place and parse each single value or range endpoint > directly with kstrtouint() instead. This rejects malformed values and > values that do not fit in dm_cblock_t before they can be converted to > cblock values. The existing range validation continues to reject empty > or out-of-cache ranges, including the single-value U32_MAX case whose > exclusive end wraps to zero. > > Assisted-by: Codex:gpt-5.5-cyber-preview > Signed-off-by: Samuel Moelius <[email protected]>
Reviewed-by: Ming-Hung Tsai <[email protected]>

