Re: [PATCH v3 1/4] scsi: sd: reject invalid pr_read_keys() num_keys values

[Christoph Hellwig]

On Mon, Dec 01, 2025 at 04:43:26PM -0500, Stefan Hajnoczi wrote:
> +	/*
> +	 * Each reservation key takes 8 bytes and there is an 8-byte header
> +	 * before the reservation key list. The total size must fit into the
> +	 * 16-bit ALLOCATION LENGTH field.
> +	 */
> +	if (check_mul_overflow(num_keys, 8, &data_len) ||
> +	    check_add_overflow(data_len, 8, &data_len) ||

Using data_len for the throw away key size is a little confusing,
but then again I guess compared to all the surrounding code that's
harmless :)

So:

Reviewed-by: Christoph Hellwig <hch@xxxxxx>