On Wed, Jul 15, 2026 at 8:29 AM Samuel Moelius
<[email protected]> wrote:
>
> invalidate_cblocks parses cache block numbers with sscanf() and then
> stores them in the narrower dm_cblock_t type.  Values larger than the
> cblock representation are truncated before invalidation, so a request
> for one cache block can invalidate a different block.
>
> Checking the parsed value after sscanf() is not sufficient because
> sscanf() does not reliably reject values beyond U64_MAX before storing
> into the destination.  Such inputs can still be converted to a wrapped
> u64 value and then pass a later range check.
>
> Split ranges in place and parse each single value or range endpoint
> directly with kstrtouint() instead.  This rejects malformed values and
> values that do not fit in dm_cblock_t before they can be converted to
> cblock values.  The existing range validation continues to reject empty
> or out-of-cache ranges, including the single-value U32_MAX case whose
> exclusive end wraps to zero.
>
> Assisted-by: Codex:gpt-5.5-cyber-preview
> Signed-off-by: Samuel Moelius <[email protected]>

Reviewed-by: Ming-Hung Tsai <[email protected]>


Reply via email to