linux-cifs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH][CIFS] avoid signed integer overflow in calculating blocks
@ 2021-08-12  4:30 Steve French
  0 siblings, 0 replies; only message in thread
From: Steve French @ 2021-08-12  4:30 UTC (permalink / raw)
  To: CIFS

[-- Attachment #1: Type: text/plain, Size: 1118 bytes --]

xfstest generic/525 can generate the following warning:

 UBSAN: signed-integer-overflow in fs/cifs/file.c:2644:31
 9223372036854775807 + 511 cannot be represented in type 'long long int'

 Call Trace:
  dump_stack+0x8d/0xb5
  ubsan_epilogue+0x5/0x50
  handle_overflow+0xa3/0xb0
  cifs_write_end+0x424/0x440 [cifs]
  generic_perform_write+0xef/0x190

due to overflowing loff_t (a signed 64 bit) when it is rounded up
to calculate number of 512 byte blocks in a file

Signed-off-by: Steve French <stfrench@microsoft.com>
---
 fs/cifs/file.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index 0166f39f1888..3cc17871471a 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -2641,7 +2641,8 @@ static int cifs_write_end(struct file *file,
struct address_space *mapping,
  spin_lock(&inode->i_lock);
  if (pos > inode->i_size) {
  i_size_write(inode, pos);
- inode->i_blocks = (512 - 1 + pos) >> 9;
+ /* round up to block boundary, avoid overflow loff_t */
+ inode->i_blocks = ((__u64)pos + (512 - 1)) >> 9;
  }
  spin_unlock(&inode->i_lock);
  }

-- 
Thanks,

Steve

[-- Attachment #2: 0001-cifs-avoid-signed-integer-overflow-in-calculating-bl.patch --]
[-- Type: text/x-patch, Size: 1351 bytes --]

From 293c266e57d4cc14f4b96aaff7a088ef8f1d0878 Mon Sep 17 00:00:00 2001
From: Steve French <stfrench@microsoft.com>
Date: Wed, 11 Aug 2021 23:23:02 -0500
Subject: [PATCH] cifs: avoid signed integer overflow in calculating blocks

xfstest generic/525 can generate the following warning:

 UBSAN: signed-integer-overflow in fs/cifs/file.c:2644:31
 9223372036854775807 + 511 cannot be represented in type 'long long int'

 Call Trace:
  dump_stack+0x8d/0xb5
  ubsan_epilogue+0x5/0x50
  handle_overflow+0xa3/0xb0
  cifs_write_end+0x424/0x440 [cifs]
  generic_perform_write+0xef/0x190

due to overflowing loff_t (a signed 64 bit) when it is rounded up
to calculate number of 512 byte blocks in a file

Signed-off-by: Steve French <stfrench@microsoft.com>
---
 fs/cifs/file.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index 0166f39f1888..3cc17871471a 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -2641,7 +2641,8 @@ static int cifs_write_end(struct file *file, struct address_space *mapping,
 		spin_lock(&inode->i_lock);
 		if (pos > inode->i_size) {
 			i_size_write(inode, pos);
-			inode->i_blocks = (512 - 1 + pos) >> 9;
+			/* round up to block boundary, avoid overflow loff_t */
+			inode->i_blocks = ((__u64)pos + (512 - 1)) >> 9;
 		}
 		spin_unlock(&inode->i_lock);
 	}
-- 
2.30.2


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2021-08-12  4:31 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-12  4:30 [PATCH][CIFS] avoid signed integer overflow in calculating blocks Steve French

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).