LU-9862 lov: Correct bounds checking

While Dan Carpenter ran his smatch tool against the lustre code
base he encountered the following static checker warning:

lustre/lov/lov_ea.c:207 lsm_unpackmd_common()
warn: signed overflow undefined. 'min_stripe_maxbytes * stripe_count < min_stripe_maxbytes'

The current code doesn't properly handle the potential overflow
with the min_stripe_maxbytes * stripe_count. This fixes the
overflow detection for maxbytes in lsme_unpack().

Change-Id: I34646df3d59cadcb42a4defb58e16cb840acc99
Fixes: 3ddcf5b4a138 ("LU-7890 lov: Ensure correct operation for large object sizes")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Nathaniel Clark <nclark@whamcloud.com>
Reviewed-on: https://review.whamcloud.com/28484
Tested-by: jenkins <devops@whamcloud.com>
Reviewed-by: Patrick Farrell <pfarrell@whamcloud.com>
Reviewed-by: Petros Koutoupis <pkoutoupis@cray.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

diff --git a/lustre/lov/lov_ea.c b/lustre/lov/lov_ea.c
index 54f7936..55c5b80 100644 (file)
--- a/lustre/lov/lov_ea.c
+++ b/lustre/lov/lov_ea.c
@@ -269,15 +269,16 @@ lsme_unpack(struct lov_obd *lov, struct lov_mds_md *lmm, size_t buf_size,
        if (min_stripe_maxbytes == 0)
                min_stripe_maxbytes = LUSTRE_EXT3_STRIPE_MAXBYTES;
 
-       lov_bytes = min_stripe_maxbytes * stripe_count;
+       if (stripe_count == 0)
+               lov_bytes = min_stripe_maxbytes;
+       else if (min_stripe_maxbytes <= LLONG_MAX / stripe_count)
+               lov_bytes = min_stripe_maxbytes * stripe_count;
+       else
+               lov_bytes = MAX_LFS_FILESIZE;
 
 out_dom:
-       if (maxbytes) {
-               if (lov_bytes < min_stripe_maxbytes) /* handle overflow */
-                       *maxbytes = MAX_LFS_FILESIZE;
-               else
-                       *maxbytes = lov_bytes;
-       }
+       if (maxbytes)
+               *maxbytes = min_t(loff_t, lov_bytes, MAX_LFS_FILESIZE);
 
        return lsme;