From: David Howells <dhowells@redhat.com>
To: viro@ZenIV.linux.org.uk
Cc: dhowells@redhat.com, linux-fsdevel@vger.kernel.org,
linux-afs@lists.infradead.org, linux-kernel@vger.kernel.org
Subject: [PATCH 18/27] afs: Fix the maths in afs_fs_store_data()
Date: Thu, 09 Mar 2017 18:57:53 +0000 [thread overview]
Message-ID: <148908587311.16794.6013864468303097820.stgit@warthog.procyon.org.uk> (raw)
In-Reply-To: <148908574888.16794.14109877851518811944.stgit@warthog.procyon.org.uk>
afs_fs_store_data() works out of the size of the write it's going to make,
but it uses 32-bit unsigned subtraction in one place that gets
automatically cast to loff_t.
However, if to < offset, then the number goes negative, but as the result
isn't signed, this doesn't get sign-extended to 64-bits when placed in a
loff_t.
Fix by casting the operands to loff_t.
Signed-off-by: David Howells <dhowells@redhat.com>
---
fs/afs/fsclient.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/afs/fsclient.c b/fs/afs/fsclient.c
index 0778c5b6b59b..d9234b767287 100644
--- a/fs/afs/fsclient.c
+++ b/fs/afs/fsclient.c
@@ -1236,7 +1236,7 @@ int afs_fs_store_data(struct afs_server *server, struct afs_writeback *wb,
_enter(",%x,{%x:%u},,",
key_serial(wb->key), vnode->fid.vid, vnode->fid.vnode);
- size = to - offset;
+ size = (loff_t)to - (loff_t)offset;
if (first != last)
size += (loff_t)(last - first) << PAGE_SHIFT;
pos = (loff_t)first << PAGE_SHIFT;
next prev parent reply other threads:[~2017-03-09 18:58 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-09 18:55 [PATCH 01/27] afs: Fix missing put_page() David Howells
2017-03-09 18:55 ` [PATCH 02/27] afs: Fix page overput in afs_fill_page() David Howells
2017-03-09 18:56 ` [PATCH 03/27] afs: Populate group ID from vnode status David Howells
2017-03-09 18:56 ` [PATCH 04/27] afs: Adjust mode bits processing David Howells
2017-03-09 18:56 ` [PATCH 05/27] afs: Deal with an empty callback array David Howells
2017-03-09 18:56 ` [PATCH 06/27] afs: Handle better the server returning excess or short data David Howells
2017-03-09 18:56 ` [PATCH 07/27] afs: Kill struct afs_read::pg_offset David Howells
2017-03-09 18:56 ` [PATCH 08/27] afs: Handle a short write to an AFS page David Howells
2017-03-09 18:56 ` [PATCH 09/27] afs: Flush outstanding writes when an fd is closed David Howells
2017-03-09 18:56 ` [PATCH 10/27] afs: Distinguish mountpoints from symlinks by file mode alone David Howells
2017-03-09 18:57 ` [PATCH 11/27] afs: inode: Replace rcu_assign_pointer() with RCU_INIT_POINTER() David Howells
2017-03-09 18:57 ` [PATCH 12/27] afs: security: " David Howells
2017-03-09 18:57 ` [PATCH 13/27] afs: Migrate vlocation fields to 64-bit David Howells
2017-03-09 18:57 ` [PATCH 14/27] afs: Prevent callback expiry timer overflow David Howells
2017-03-09 18:57 ` [PATCH 15/27] afs: Fix AFS read bug David Howells
2017-03-09 18:57 ` [PATCH 16/27] afs: Make struct afs_read::remain 64-bit David Howells
2017-03-09 18:57 ` [PATCH 17/27] afs: Use a bvec rather than a kvec in afs_send_pages() David Howells
2017-03-09 18:57 ` David Howells [this message]
2017-03-09 18:58 ` [PATCH 19/27] afs: Invalid op ID should abort with RXGEN_OPCODE David Howells
2017-03-09 18:58 ` [PATCH 20/27] afs: Better abort and net error handling David Howells
2017-03-09 18:58 ` [PATCH 21/27] afs: Populate and use client modification time David Howells
2017-03-09 18:58 ` [PATCH 22/27] afs: Don't set PG_error on local EINTR or ENOMEM when filling a page David Howells
2017-03-09 18:58 ` [PATCH 23/27] afs: Fix page leak in afs_write_begin() David Howells
2017-03-09 18:58 ` [PATCH 24/27] afs: afs_fsync() does two flushes, one of which is redundant David Howells
2017-03-09 18:58 ` [PATCH 25/27] afs: Fix afs_kill_pages() David Howells
2017-03-09 18:58 ` [PATCH 26/27] afs: Fix an off-by-one error in afs_send_pages() David Howells
2017-03-09 18:58 ` [PATCH 27/27] afs: Fix abort on signal while waiting for call completion David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=148908587311.16794.6013864468303097820.stgit@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=linux-afs@lists.infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.